@vyuhlabs/dxkit 2.9.2 → 2.9.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/README.md +11 -9
- package/dist/analyzers/tests/actions.d.ts +18 -1
- package/dist/analyzers/tests/actions.d.ts.map +1 -1
- package/dist/analyzers/tests/actions.js +37 -1
- package/dist/analyzers/tests/actions.js.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +15 -3
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +10 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +12 -0
- package/dist/generator.js.map +1 -1
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +40 -1
- package/templates/.claude/skills/dxkit-docs/SKILL.md +2 -0
- package/templates/.claude/skills/dxkit-feature/SKILL.md +14 -3
- package/templates/.claude/skills/dxkit-init/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-onboard/SKILL.md +2 -2
- package/templates/.claude/skills/dxkit-pr/SKILL.md +142 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-test/SKILL.md +130 -0
- package/templates/.claude/skills/dxkit-update/SKILL.md +4 -0
- package/templates/AGENTS.md.template +9 -3
- package/templates/CLAUDE.md.template +9 -3
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,42 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.9.3] - 2026-06-09
|
|
11
|
+
|
|
12
|
+
### Targetable fix loop + test generation
|
|
13
|
+
|
|
14
|
+
A workflow-depth release: make the fix loop targetable, add the test-writing
|
|
15
|
+
skill the suite was missing, and surface the riskiest test gaps first. Almost
|
|
16
|
+
entirely agent-skill + docs work; one contained, flag-gated analyzer change.
|
|
17
|
+
|
|
18
|
+
- **Scoped fixes.** `dxkit-action` can burn down one category at a time —
|
|
19
|
+
dependency/BOM vulnerabilities, security, code quality, tests, or docs. It
|
|
20
|
+
runs the report that partitions that dimension and works only that worklist,
|
|
21
|
+
with the usual severity → reachability → blast-radius prioritization applied
|
|
22
|
+
within the scope. Tests/docs scopes hand off to `dxkit-test` / `dxkit-docs`.
|
|
23
|
+
- **New `dxkit-test` skill** — the testing mirror of `dxkit-docs`. Reads the
|
|
24
|
+
test-gaps worklist, orients on real behavior via the code graph, and writes
|
|
25
|
+
meaningful tests that close the highest-risk gaps and move the Tests score
|
|
26
|
+
without coverage theater (real assertions, the repo's framework, the suite +
|
|
27
|
+
coverage run to prove it).
|
|
28
|
+
- **Test-gap blast-radius weighting.** With a code graph present
|
|
29
|
+
(`test-gaps --graph-context`), the untested-file worklist is ranked within
|
|
30
|
+
each risk tier by how many files depend on each one — the most-depended-on
|
|
31
|
+
gaps surface first instead of just the largest by line count. Ordering only;
|
|
32
|
+
the Tests score is unchanged (it derives from the tier counts). Files the
|
|
33
|
+
graph can't resolve fall back to line-count ranking and are never dropped.
|
|
34
|
+
- **New `dxkit-pr` skill** — opens a pull request with a title + body grounded
|
|
35
|
+
in the branch's real commits and diff (features, fixes, findings closed),
|
|
36
|
+
the dxkit signals a reviewer needs (guardrail verdict, allowlist activity,
|
|
37
|
+
score deltas), and a checklist tailored to the actual change. `dxkit-feature`
|
|
38
|
+
now offers to write tests for a newly built surface (on confirmation) and
|
|
39
|
+
hands off to `dxkit-test`.
|
|
40
|
+
- **Docs + roadmap refresh.** Every doc surface updated for the current skill
|
|
41
|
+
set; the roadmap records why deep-SAST (code-path) reachability is deferred —
|
|
42
|
+
it needs interprocedural taint analysis dxkit can't do natively (semgrep is
|
|
43
|
+
intraprocedural; the call graph is too sparse), so the realistic path is
|
|
44
|
+
surfacing an ingested engine's reachability rather than computing our own.
|
|
45
|
+
|
|
10
46
|
## [2.9.2] - 2026-06-09
|
|
11
47
|
|
|
12
48
|
### Allowlist lifecycle + Snyk credential ergonomics
|
package/README.md
CHANGED
|
@@ -184,15 +184,17 @@ Orphaned annotations become their own findings. The TypeScript `@ts-expect-error
|
|
|
184
184
|
|
|
185
185
|
dxkit ships a suite of Claude Code skills under `.claude/skills/dxkit-*`. They wrap the CLI in conversational flows:
|
|
186
186
|
|
|
187
|
-
| Skill | What it does
|
|
188
|
-
| --------------------------------------------------------------------------------------------------------- |
|
|
189
|
-
| `dxkit-onboard` | Walks a customer through the full first-install journey
|
|
190
|
-
| `dxkit-reports` | Runs analyzers and explains the output
|
|
191
|
-
| `dxkit-action` | Reads a report, prioritizes findings, plans and runs fixes, re-verifies
|
|
192
|
-
| `dxkit-ingest` | Brings external SAST findings (Snyk Code, CodeQL, SARIF) into dxkit
|
|
193
|
-
| `dxkit-fix` | Repairs a broken install from doctor output
|
|
194
|
-
| `dxkit-allowlist` | Manages the suppression lifecycle: audit, remove, prune, export to Snyk
|
|
195
|
-
| `dxkit-
|
|
187
|
+
| Skill | What it does |
|
|
188
|
+
| --------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------- |
|
|
189
|
+
| `dxkit-onboard` | Walks a customer through the full first-install journey |
|
|
190
|
+
| `dxkit-reports` | Runs analyzers and explains the output |
|
|
191
|
+
| `dxkit-action` | Reads a report, prioritizes findings, plans and runs fixes, re-verifies |
|
|
192
|
+
| `dxkit-ingest` | Brings external SAST findings (Snyk Code, CodeQL, SARIF) into dxkit |
|
|
193
|
+
| `dxkit-fix` | Repairs a broken install from doctor output |
|
|
194
|
+
| `dxkit-allowlist` | Manages the suppression lifecycle: audit, remove, prune, export to Snyk |
|
|
195
|
+
| `dxkit-test` | Writes the missing tests to close gaps + raise the Tests score |
|
|
196
|
+
| `dxkit-pr` | Opens a PR with a diff-grounded body + dxkit signals + reviewer checklist |
|
|
197
|
+
| `dxkit-feature`, `dxkit-docs`, `dxkit-hooks`, `dxkit-config`, `dxkit-learn`, `dxkit-update`, `dxkit-init` | Focused flows |
|
|
196
198
|
|
|
197
199
|
`AGENTS.md` (the open standard read by Codex, Cursor, Aider, and others) also ships in every install. The skill flows are Claude Code-specific today; the AGENTS.md context is portable.
|
|
198
200
|
|
|
@@ -1,6 +1,23 @@
|
|
|
1
1
|
import { RemediationAction } from '../remediation';
|
|
2
|
-
import { TestGapsReport } from './types';
|
|
2
|
+
import { TestGapsReport, SourceFile } from './types';
|
|
3
3
|
import { TestGapsCounts } from './scoring';
|
|
4
|
+
import { type DetailedGraphContext } from '../../explore/finding-context';
|
|
5
|
+
/**
|
|
6
|
+
* Re-rank the test-gap worklist by code-graph blast radius so the
|
|
7
|
+
* most-depended-on untested files surface first WITHIN their risk tier.
|
|
8
|
+
* Pure function — it receives the pre-built graph context (CLAUDE.md
|
|
9
|
+
* Rule 12: analyzers never load the graph themselves) and never touches
|
|
10
|
+
* the Tests score (which comes from summary counts, not gap order).
|
|
11
|
+
*
|
|
12
|
+
* Blast radius is stamped only when the file is in the graph AND the
|
|
13
|
+
* language's call graph is reliable — an untrustworthy `0` from a
|
|
14
|
+
* language graphify can't resolve (e.g. C#) is treated as UNKNOWN, not
|
|
15
|
+
* a leaf. Within a tier: known higher-blast first, then by LOC. Files
|
|
16
|
+
* the graph couldn't resolve keep their LOC rank after the
|
|
17
|
+
* graph-confirmed high-impact ones — they're re-ordered, never dropped
|
|
18
|
+
* and never labelled "safe."
|
|
19
|
+
*/
|
|
20
|
+
export declare function weightGapsByBlastRadius(gaps: ReadonlyArray<SourceFile>, graphContext: DetailedGraphContext): SourceFile[];
|
|
4
21
|
export declare function countsFromReport(report: TestGapsReport): TestGapsCounts;
|
|
5
22
|
export declare function buildTestGapsActions(report: TestGapsReport): RemediationAction<TestGapsCounts>[];
|
|
6
23
|
//# sourceMappingURL=actions.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/actions.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,
|
|
1
|
+
{"version":3,"file":"actions.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/actions.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,iBAAiB,EAAE,MAAM,gBAAgB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,UAAU,EAAY,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,OAAO,EAAe,KAAK,oBAAoB,EAAE,MAAM,+BAA+B,CAAC;AAIvF;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,uBAAuB,CACrC,IAAI,EAAE,aAAa,CAAC,UAAU,CAAC,EAC/B,YAAY,EAAE,oBAAoB,GACjC,UAAU,EAAE,CAcd;AAED,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,cAAc,GAAG,cAAc,CAUvE;AAwCD,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,cAAc,GAAG,iBAAiB,CAAC,cAAc,CAAC,EAAE,CAoChG"}
|
|
@@ -1,7 +1,43 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.weightGapsByBlastRadius = weightGapsByBlastRadius;
|
|
3
4
|
exports.countsFromReport = countsFromReport;
|
|
4
5
|
exports.buildTestGapsActions = buildTestGapsActions;
|
|
6
|
+
const finding_context_1 = require("../../explore/finding-context");
|
|
7
|
+
const TIER_RANK = { critical: 0, high: 1, medium: 2, low: 3 };
|
|
8
|
+
/**
|
|
9
|
+
* Re-rank the test-gap worklist by code-graph blast radius so the
|
|
10
|
+
* most-depended-on untested files surface first WITHIN their risk tier.
|
|
11
|
+
* Pure function — it receives the pre-built graph context (CLAUDE.md
|
|
12
|
+
* Rule 12: analyzers never load the graph themselves) and never touches
|
|
13
|
+
* the Tests score (which comes from summary counts, not gap order).
|
|
14
|
+
*
|
|
15
|
+
* Blast radius is stamped only when the file is in the graph AND the
|
|
16
|
+
* language's call graph is reliable — an untrustworthy `0` from a
|
|
17
|
+
* language graphify can't resolve (e.g. C#) is treated as UNKNOWN, not
|
|
18
|
+
* a leaf. Within a tier: known higher-blast first, then by LOC. Files
|
|
19
|
+
* the graph couldn't resolve keep their LOC rank after the
|
|
20
|
+
* graph-confirmed high-impact ones — they're re-ordered, never dropped
|
|
21
|
+
* and never labelled "safe."
|
|
22
|
+
*/
|
|
23
|
+
function weightGapsByBlastRadius(gaps, graphContext) {
|
|
24
|
+
const stamped = gaps.map((g) => {
|
|
25
|
+
const ctx = graphContext.contexts[(0, finding_context_1.locationKey)(g.path)];
|
|
26
|
+
const reliable = ctx?.found && ctx.callGraphReliability !== 'unreliable';
|
|
27
|
+
if (!reliable)
|
|
28
|
+
return { ...g };
|
|
29
|
+
return { ...g, blastRadius: ctx.blastRadius.callerFiles };
|
|
30
|
+
});
|
|
31
|
+
return stamped.sort((a, b) => {
|
|
32
|
+
if (TIER_RANK[a.risk] !== TIER_RANK[b.risk])
|
|
33
|
+
return TIER_RANK[a.risk] - TIER_RANK[b.risk];
|
|
34
|
+
const ba = a.blastRadius ?? -1;
|
|
35
|
+
const bb = b.blastRadius ?? -1;
|
|
36
|
+
if (ba !== bb)
|
|
37
|
+
return bb - ba;
|
|
38
|
+
return b.lines - a.lines;
|
|
39
|
+
});
|
|
40
|
+
}
|
|
5
41
|
function countsFromReport(report) {
|
|
6
42
|
const s = report.summary;
|
|
7
43
|
return {
|
|
@@ -36,7 +72,7 @@ function testTierAction(report, tier, topK) {
|
|
|
36
72
|
return {
|
|
37
73
|
id: `tests.add-${tier}-${tierFiles.length}`,
|
|
38
74
|
title: `Add tests for top ${tierFiles.length} ${tier.toUpperCase()}-risk untested file${tierFiles.length === 1 ? '' : 's'}`,
|
|
39
|
-
rationale: `These ${tier} files carry the largest untested risk. Start with the largest by LOC.`,
|
|
75
|
+
rationale: `These ${tier} files carry the largest untested risk. Start with the most-depended-on (highest blast radius), then the largest by LOC.`,
|
|
40
76
|
evidence: tierFiles.map(fileToEvidence),
|
|
41
77
|
patch: (c) => ({
|
|
42
78
|
...c,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../../src/analyzers/tests/actions.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"actions.js","sourceRoot":"","sources":["../../../src/analyzers/tests/actions.ts"],"names":[],"mappings":";;AA0BA,0DAiBC;AAED,4CAUC;AAwCD,oDAoCC;AA5HD,mEAAuF;AAEvF,MAAM,SAAS,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAExF;;;;;;;;;;;;;;GAcG;AACH,SAAgB,uBAAuB,CACrC,IAA+B,EAC/B,YAAkC;IAElC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE;QAC7B,MAAM,GAAG,GAAG,YAAY,CAAC,QAAQ,CAAC,IAAA,6BAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,GAAG,EAAE,KAAK,IAAI,GAAG,CAAC,oBAAoB,KAAK,YAAY,CAAC;QACzE,IAAI,CAAC,QAAQ;YAAE,OAAO,EAAE,GAAG,CAAC,EAAE,CAAC;QAC/B,OAAO,EAAE,GAAG,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,CAAC,WAAW,EAAE,CAAC;IAC5D,CAAC,CAAC,CAAC;IACH,OAAO,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;QAC3B,IAAI,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC;YAAE,OAAO,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC;QAC1F,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;QAC/B,MAAM,EAAE,GAAG,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;QAC/B,IAAI,EAAE,KAAK,EAAE;YAAE,OAAO,EAAE,GAAG,EAAE,CAAC;QAC9B,OAAO,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAgB,gBAAgB,CAAC,MAAsB;IACrD,MAAM,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC;IACzB,OAAO;QACL,gBAAgB,EAAE,CAAC,CAAC,gBAAgB;QACpC,YAAY,EAAE,CAAC,CAAC,YAAY;QAC5B,cAAc,EAAE,CAAC,CAAC,cAAc;QAChC,WAAW,EAAE,CAAC,CAAC,WAAW;QAC1B,YAAY,EAAE,CAAC,CAAC,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM;QAChD,iBAAiB,EAAE,CAAC,CAAC,iBAAiB;KACvC,CAAC;AACJ,CAAC;AAED,SAAS,cAAc,CAAC,CAAa;IACnC,OAAO;QACL,IAAI,EAAE,CAAC,CAAC,IAAI;QACZ,IAAI,EAAE,YAAY,CAAC,CAAC,IAAI,EAAE;QAC1B,IAAI,EAAE,MAAM;QACZ,OAAO,EAAE,GAAG,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,KAAK,aAAa,CAAC,CAAC,IAAI,CAAC,WAAW,EAAE,OAAO;KACvE,CAAC;AACJ,CAAC;AAED,MAAM,SAAS,GAA2C;IACxD,QAAQ,EAAE,kBAAkB;IAC5B,IAAI,EAAE,cAAc;IACpB,MAAM,EAAE,gBAAgB;IACxB,GAAG,EAAE,aAAa;CACnB,CAAC;AAEF,2DAA2D;AAC3D,SAAS,cAAc,CACrB,MAAsB,EACtB,IAAc,EACd,IAAY;IAEZ,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;IAC5E,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,IAAI,CAAC;IACxC,MAAM,GAAG,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC;IAC5B,OAAO;QACL,EAAE,EAAE,aAAa,IAAI,IAAI,SAAS,CAAC,MAAM,EAAE;QAC3C,KAAK,EAAE,qBAAqB,SAAS,CAAC,MAAM,IAAI,IAAI,CAAC,WAAW,EAAE,sBAAsB,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;QAC3H,SAAS,EAAE,SAAS,IAAI,0HAA0H;QAClJ,QAAQ,EAAE,SAAS,CAAC,GAAG,CAAC,cAAc,CAAC;QACvC,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YACb,GAAG,CAAC;YACJ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,MAAM,CAAC;YAC7C,YAAY,EAAE,CAAC,CAAC,YAAY,GAAG,SAAS,CAAC,MAAM;SAChD,CAAC;KACH,CAAC;AACJ,CAAC;AAED,SAAgB,oBAAoB,CAAC,MAAsB;IACzD,MAAM,OAAO,GAAwC,EAAE,CAAC;IAExD,+DAA+D;IAC/D,IAAI,MAAM,CAAC,OAAO,CAAC,iBAAiB,GAAG,CAAC,EAAE,CAAC;QACzC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,MAAM,KAAK,eAAe,CAAC,CAAC;QAC/E,OAAO,CAAC,IAAI,CAAC;YACX,EAAE,EAAE,6BAA6B;YACjC,KAAK,EAAE,WAAW,SAAS,CAAC,MAAM,2BAA2B,SAAS,CAAC,MAAM,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE;YAChG,SAAS,EACP,0GAA0G;YAC5G,QAAQ,EAAE,SAAS,CAAC,GAAG,CACrB,CAAC,CAAC,EAAY,EAAE,CAAC,CAAC;gBAChB,IAAI,EAAE,CAAC,CAAC,IAAI;gBACZ,IAAI,EAAE,oBAAoB;gBAC1B,IAAI,EAAE,MAAM;gBACZ,OAAO,EAAE,uDAAuD,CAAC,CAAC,SAAS,IAAI,SAAS,GAAG;aAC5F,CAAC,CACH;YACD,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,iBAAiB,EAAE,CAAC,EAAE,CAAC;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,2DAA2D;IAC3D,MAAM,KAAK,GAA8B;QACvC,CAAC,UAAU,EAAE,CAAC,CAAC;QACf,CAAC,MAAM,EAAE,EAAE,CAAC;QACZ,CAAC,QAAQ,EAAE,EAAE,CAAC;QACd,CAAC,KAAK,EAAE,EAAE,CAAC;KACZ,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,cAAc,CAAC,MAAM,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC;YAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACzB,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detailed.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAwB,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAQ,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAuB,MAAM,WAAW,CAAC;AAEhE,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,+BAA+B,CAAC;AAEvC,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7C;;;;OAIG;IACH,YAAY,CAAC,EAAE,oBAAoB,CAAC;CACrC;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,cAAc,EACtB,YAAY,CAAC,EAAE,oBAAoB,GAClC,sBAAsB,
|
|
1
|
+
{"version":3,"file":"detailed.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":"AAAA;;GAEG;AACH,OAAO,EAAE,cAAc,EAAwB,MAAM,SAAS,CAAC;AAC/D,OAAO,EAAE,YAAY,EAAQ,MAAM,gBAAgB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAuB,MAAM,WAAW,CAAC;AAEhE,OAAO,EAIL,KAAK,oBAAoB,EAC1B,MAAM,+BAA+B,CAAC;AAEvC,MAAM,WAAW,sBAAuB,SAAQ,cAAc;IAC5D,aAAa,EAAE,MAAM,CAAC;IACtB,aAAa,EAAE,MAAM,CAAC;IACtB,OAAO,EAAE,KAAK,CAAC,YAAY,CAAC,cAAc,CAAC,CAAC,CAAC;IAC7C;;;;OAIG;IACH,YAAY,CAAC,EAAE,oBAAoB,CAAC;CACrC;AAED,wBAAgB,qBAAqB,CACnC,MAAM,EAAE,cAAc,EACtB,YAAY,CAAC,EAAE,oBAAoB,GAClC,sBAAsB,CAiBxB;AAID,wBAAgB,8BAA8B,CAC5C,QAAQ,EAAE,sBAAsB,EAChC,OAAO,EAAE,MAAM,GACd,MAAM,CA8HR"}
|
|
@@ -9,9 +9,16 @@ const tools_unavailable_prose_1 = require("../tools/tools-unavailable-prose");
|
|
|
9
9
|
const finding_context_1 = require("../../explore/finding-context");
|
|
10
10
|
function buildTestGapsDetailed(report, graphContext) {
|
|
11
11
|
const counts = (0, actions_1.countsFromReport)(report);
|
|
12
|
-
|
|
12
|
+
// When a graph is present, re-rank the gap worklist by blast radius so
|
|
13
|
+
// the most-depended-on untested files surface first (within tier). This
|
|
14
|
+
// re-orders only — `counts` (and therefore the score) come from the
|
|
15
|
+
// summary, untouched by gap order.
|
|
16
|
+
const weighted = graphContext
|
|
17
|
+
? { ...report, gaps: (0, actions_1.weightGapsByBlastRadius)(report.gaps, graphContext) }
|
|
18
|
+
: report;
|
|
19
|
+
const actions = (0, remediation_1.rank)((0, actions_1.buildTestGapsActions)(weighted), counts, scoring_1.scoreTestGapsCounts);
|
|
13
20
|
return {
|
|
14
|
-
...
|
|
21
|
+
...weighted,
|
|
15
22
|
schemaVersion: '11',
|
|
16
23
|
coverageScore: (0, scoring_1.scoreTestGapsCounts)(counts).score,
|
|
17
24
|
actions,
|
|
@@ -91,7 +98,12 @@ function formatTestGapsDetailedMarkdown(detailed, elapsed) {
|
|
|
91
98
|
L.push((0, finding_context_1.graphContextProvenanceLine)(gc));
|
|
92
99
|
L.push('');
|
|
93
100
|
}
|
|
94
|
-
|
|
101
|
+
// Within a tier, prefer higher blast radius (most-depended-on first)
|
|
102
|
+
// when the graph stamped it, falling back to LOC. Mirrors the worklist
|
|
103
|
+
// ranking so the table and the actions agree on ordering.
|
|
104
|
+
const sorted = [...detailed.gaps].sort((a, b) => TIER_ORDER[a.risk] - TIER_ORDER[b.risk] ||
|
|
105
|
+
(b.blastRadius ?? -1) - (a.blastRadius ?? -1) ||
|
|
106
|
+
b.lines - a.lines);
|
|
95
107
|
const grouped = {
|
|
96
108
|
critical: [],
|
|
97
109
|
high: [],
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":";;AA2BA,
|
|
1
|
+
{"version":3,"file":"detailed.js","sourceRoot":"","sources":["../../../src/analyzers/tests/detailed.ts"],"names":[],"mappings":";;AA2BA,sDAoBC;AAID,wEAiIC;AAhLD,gDAAoD;AACpD,uCAA4F;AAC5F,uCAAgE;AAChE,8EAA+E;AAC/E,mEAKuC;AAcvC,SAAgB,qBAAqB,CACnC,MAAsB,EACtB,YAAmC;IAEnC,MAAM,MAAM,GAAG,IAAA,0BAAgB,EAAC,MAAM,CAAC,CAAC;IACxC,uEAAuE;IACvE,wEAAwE;IACxE,oEAAoE;IACpE,mCAAmC;IACnC,MAAM,QAAQ,GAAG,YAAY;QAC3B,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,IAAA,iCAAuB,EAAC,MAAM,CAAC,IAAI,EAAE,YAAY,CAAC,EAAE;QACzE,CAAC,CAAC,MAAM,CAAC;IACX,MAAM,OAAO,GAAG,IAAA,kBAAI,EAAC,IAAA,8BAAoB,EAAC,QAAQ,CAAC,EAAE,MAAM,EAAE,6BAAmB,CAAC,CAAC;IAClF,OAAO;QACL,GAAG,QAAQ;QACX,aAAa,EAAE,IAAI;QACnB,aAAa,EAAE,IAAA,6BAAmB,EAAC,MAAM,CAAC,CAAC,KAAK;QAChD,OAAO;QACP,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAC1C,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,GAA6B,EAAE,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC;AAEzF,SAAgB,8BAA8B,CAC5C,QAAgC,EAChC,OAAe;IAEf,MAAM,CAAC,GAAa,EAAE,CAAC;IACvB,MAAM,CAAC,GAAG,QAAQ,CAAC,OAAO,CAAC;IAE3B,CAAC,CAAC,IAAI,CAAC,gCAAgC,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,aAAa,QAAQ,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC,CAAC,IAAI,CAAC,eAAe,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,SAAS,GAAG,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,iBAAiB,GAAG,CAAC,CAAC;IAC1D,CAAC,CAAC,IAAI,CAAC,4BAA4B,QAAQ,CAAC,aAAa,MAAM,CAAC,CAAC;IACjE,CAAC,CAAC,IAAI,CAAC,uBAAuB,QAAQ,CAAC,aAAa,EAAE,CAAC,CAAC;IACxD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IACrB,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAC7B,CAAC,CAAC,IAAI,CACJ,kBAAkB,CAAC,CAAC,SAAS,aAAa,CAAC,CAAC,eAAe,oBAAoB,CAAC,CAAC,iBAAiB,KAAK,CACxG,CAAC;IACF,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAC9C,CAAC,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,gBAAgB,IAAI,CAAC,CAAC;IAC1D,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,YAAY,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC,cAAc,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC;IAChD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,UAAU;IACV,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;IACjC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,IAAI,QAAQ,CAAC,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAClC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;IAC9B,CAAC;SAAM,CAAC;QACN,CAAC,CAAC,IAAI,CAAC,kEAAkE,CAAC,CAAC;QAC3E,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,CAAC,CAAC,IAAI,CAAC,sCAAsC,CAAC,CAAC;QAC/C,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE;YAChC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,KAAK,OAAO,CAAC,CAAC,UAAU,MAAM,CAAC,CAAC,cAAc,QAAQ,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QACH,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,KAAK,MAAM,CAAC,IAAI,QAAQ,CAAC,OAAO,EAAE,CAAC;YACjC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,MAAM,CAAC,CAAC,UAAU,GAAG,CAAC,CAAC;YAC5C,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACX,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC;YAChC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,aAAa,MAAM,CAAC,CAAC;YACjD,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,cAAc,MAAM,CAAC,CAAC;YACnD,IAAI,CAAC,CAAC,SAAS;gBAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;YACrD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;gBACtB,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;gBACvB,KAAK,MAAM,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;oBACxC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;gBACvD,CAAC;gBACD,IAAI,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE;oBAAE,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,OAAO,CAAC,CAAC;YACjF,CAAC;YACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACb,CAAC;IACH,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,8BAA8B;IAC9B,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;IACnC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,MAAM,EAAE,GAAG,QAAQ,CAAC,YAAY,CAAC;IACjC,IAAI,EAAE,EAAE,CAAC;QACP,CAAC,CAAC,IAAI,CAAC,IAAA,4CAA0B,EAAC,EAAE,CAAC,CAAC,CAAC;QACvC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,qEAAqE;IACrE,uEAAuE;IACvE,0DAA0D;IAC1D,MAAM,MAAM,GAAiB,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,IAAI,CAClD,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC;QACvC,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,WAAW,IAAI,CAAC,CAAC,CAAC;QAC7C,CAAC,CAAC,KAAK,GAAG,CAAC,CAAC,KAAK,CACpB,CAAC;IACF,MAAM,OAAO,GAAmC;QAC9C,QAAQ,EAAE,EAAE;QACZ,IAAI,EAAE,EAAE;QACR,MAAM,EAAE,EAAE;QACV,GAAG,EAAE,EAAE;KACR,CAAC;IACF,KAAK,MAAM,CAAC,IAAI,MAAM;QAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAEhD,KAAK,MAAM,IAAI,IAAI,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,KAAK,CAAe,EAAE,CAAC;QACvE,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;QAC5B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,SAAS;QACjC,CAAC,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,EAAE,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC;QACtD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QACX,IAAI,EAAE,EAAE,CAAC;YACP,CAAC,CAAC,IAAI,CAAC,yCAAyC,CAAC,CAAC;YAClD,CAAC,CAAC,IAAI,CAAC,0CAA0C,CAAC,CAAC;YACnD,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBACnC,MAAM,GAAG,GAAG,EAAE,CAAC,QAAQ,CAAC,IAAA,6BAAW,EAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC7C,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,MAAM,IAAA,wCAAsB,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACxF,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,CAAC,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,MAAM,GAAG,EAAE,eAAe,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YAClC,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YAClC,KAAK,MAAM,CAAC,IAAI,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC;gBACnC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,IAAI,QAAQ,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC;YACvD,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,GAAG,EAAE;gBAAE,CAAC,CAAC,IAAI,CAAC,WAAW,KAAK,CAAC,MAAM,GAAG,EAAE,aAAa,CAAC,CAAC;QAC3E,CAAC;QACD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACb,CAAC;IACD,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACd,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAEX,CAAC,CAAC,IAAI,CAAC,mBAAmB,QAAQ,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC3D,CAAC,CAAC,IAAI,CAAC,GAAG,IAAA,qDAA2B,EAAC,QAAQ,CAAC,gBAAgB,CAAC,CAAC,CAAC;IAClE,CAAC,CAAC,IAAI,CAAC,sBAAsB,OAAO,GAAG,CAAC,CAAC;IACzC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACX,CAAC,CAAC,IAAI,CACJ,gGAAgG,CACjG,CAAC;IACF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AACtB,CAAC"}
|
|
@@ -24,6 +24,16 @@ export interface SourceFile {
|
|
|
24
24
|
type: string;
|
|
25
25
|
risk: RiskTier;
|
|
26
26
|
hasMatchingTest: boolean;
|
|
27
|
+
/**
|
|
28
|
+
* Caller-file count from the code graph — how many files depend on
|
|
29
|
+
* this one (its blast radius). Stamped only when a graph is present
|
|
30
|
+
* AND the language's call graph is reliable (so an untrustworthy `0`
|
|
31
|
+
* from a language graphify can't resolve, e.g. C#, never masquerades
|
|
32
|
+
* as a leaf). Absent ⇒ unknown, NOT zero. Used to weight the test-gap
|
|
33
|
+
* worklist so the most-depended-on untested files surface first;
|
|
34
|
+
* never affects the Tests score (that comes from summary counts).
|
|
35
|
+
*/
|
|
36
|
+
blastRadius?: number;
|
|
27
37
|
}
|
|
28
38
|
/**
|
|
29
39
|
* Where the `effectiveCoverage` number came from.
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,QAAQ,GAAG,eAAe,GAAG,OAAO,GAAG,aAAa,CAAC;IAC7D,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd;;;;;;;;;;OAUG;IACH,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,QAAQ,CAAC;IACf,eAAe,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/analyzers/tests/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,MAAM,QAAQ,GAAG,UAAU,GAAG,MAAM,GAAG,QAAQ,GAAG,KAAK,CAAC;AAE9D,MAAM,WAAW,QAAQ;IACvB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,QAAQ,GAAG,eAAe,GAAG,OAAO,GAAG,aAAa,CAAC;IAC7D,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,UAAU;IACzB,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,CAAC;IACd;;;;;;;;;;OAUG;IACH,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,QAAQ,CAAC;IACf,eAAe,EAAE,OAAO,CAAC;IACzB;;;;;;;;OAQG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,cAAc,IAAI,sBAAsB,EAAE,MAAM,mBAAmB,CAAC;AAElF,MAAM,MAAM,cAAc,GACtB,sBAAsB,GACtB,gBAAgB,GAChB,cAAc,CAAC;AAEnB;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,MAAM,gBAAgB,GAAG,eAAe,GAAG,cAAc,GAAG,gBAAgB,CAAC;AAEnF,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE;QACP,SAAS,EAAE,MAAM,CAAC;QAClB,eAAe,EAAE,MAAM,CAAC;QACxB,iBAAiB,EAAE,MAAM,CAAC;QAC1B;;;;WAIG;QACH,iBAAiB,EAAE,MAAM,CAAC;QAC1B,iDAAiD;QACjD,cAAc,EAAE,cAAc,CAAC;QAC/B;;;;WAIG;QACH,gBAAgB,EAAE,gBAAgB,CAAC;QACnC,gEAAgE;QAChE,kBAAkB,CAAC,EAAE,MAAM,CAAC;QAC5B,WAAW,EAAE,MAAM,CAAC;QACpB,gBAAgB,EAAE,MAAM,CAAC;QACzB,YAAY,EAAE,MAAM,CAAC;QACrB,cAAc,EAAE,MAAM,CAAC;QACvB,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,SAAS,EAAE,QAAQ,EAAE,CAAC;IACtB,IAAI,EAAE,UAAU,EAAE,CAAC;IACnB,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,gBAAgB,EAAE,MAAM,EAAE,CAAC;CAC5B"}
|
package/dist/generator.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;
|
|
1
|
+
{"version":3,"file":"generator.d.ts","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,QAAQ,EAAE,MAAM,SAAS,CAAC;AAoJnE,UAAU,cAAc;IACtB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,OAAO,EAAE,MAAM,EAAE,CAAC;IAClB,WAAW,EAAE,MAAM,EAAE,CAAC;IACtB,QAAQ,EAAE,QAAQ,CAAC;CACpB;AAED,wBAAsB,QAAQ,CAC5B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,cAAc,EACtB,IAAI,EAAE,cAAc,EACpB,KAAK,EAAE,OAAO,EACd,OAAO,UAAQ,EACf,eAAe,UAAQ,GACtB,OAAO,CAAC,cAAc,CAAC,CAmHzB"}
|
package/dist/generator.js
CHANGED
|
@@ -159,6 +159,18 @@ const DXKIT_SKILLS = [
|
|
|
159
159
|
// `.snyk` policy. The fix-vs-suppress decision + the `add` path stay
|
|
160
160
|
// in dxkit-action; this owns everything after an entry exists.
|
|
161
161
|
'dxkit-allowlist',
|
|
162
|
+
// dxkit-test: test-generation surface, the testing mirror of
|
|
163
|
+
// dxkit-docs. Reads the blast-radius-weighted test-gaps worklist,
|
|
164
|
+
// orients on real behavior via the graph, and writes meaningful tests
|
|
165
|
+
// that close the highest-risk gaps + move the Tests score without
|
|
166
|
+
// coverage theater. dxkit-action triages WHETHER to test; this WRITES.
|
|
167
|
+
'dxkit-test',
|
|
168
|
+
// dxkit-pr: opens a pull request with a title + body grounded in the
|
|
169
|
+
// branch's real commits/diff (features, fixes, findings closed) plus
|
|
170
|
+
// the dxkit signals (guardrail verdict, allowlist activity, score
|
|
171
|
+
// deltas) and a tailored reviewer checklist. The close of the
|
|
172
|
+
// dxkit-feature / dxkit-action loop.
|
|
173
|
+
'dxkit-pr',
|
|
162
174
|
];
|
|
163
175
|
async function generate(targetDir, config, mode, force, _noScan = false, withDxkitAgents = false) {
|
|
164
176
|
const variables = (0, constants_1.buildVariables)(config);
|
package/dist/generator.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"generator.js","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"generator.js","sourceRoot":"","sources":["../src/generator.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AA6JA,4BA0HC;AAvRD,uCAAyB;AACzB,2CAA6B;AAE7B,2CAAuE;AACvE,uDAAoD;AACpD,mCAAsD;AACtD,2CAAuD;AACvD,iDAAmC;AAEnC,SAAS,eAAe;IACtB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,WAAW,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,YAAY,CAAC,YAAoB;IACxC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,EAAE,YAAY,CAAC,CAAC;IAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,MAAM,IAAI,KAAK,CAAC,uBAAuB,YAAY,EAAE,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,SAAS,iBAAiB,CAAC,MAAsB;IAC/C,MAAM,KAAK,GAAa;QACtB,oBAAoB;QACpB,kBAAkB;QAClB,iBAAiB;QACjB,oBAAoB;QACpB,wBAAwB;QACxB,wCAAwC;QACxC,oBAAoB;KACrB,CAAC;IACF,KAAK,MAAM,IAAI,IAAI,IAAA,oCAAwB,EAAC,MAAM,CAAC,EAAE,CAAC;QACpD,IAAI,IAAI,CAAC,WAAW;YAAE,KAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,WAAW,CAAC,CAAC;IACxD,CAAC;IAED,OAAO,CACL,IAAI,CAAC,SAAS,CACZ;QACE,OAAO,EAAE,wDAAwD;QACjE,WAAW,EAAE;YACX,KAAK,EAAE,KAAK;YACZ,IAAI,EAAE,EAAE;SACT;QACD,6DAA6D;QAC7D,0DAA0D;QAC1D,+DAA+D;QAC/D,6DAA6D;QAC7D,2DAA2D;QAC3D,0DAA0D;QAC1D,KAAK,EAAE;YACL,UAAU,EAAE;gBACV;oBACE,OAAO,EAAE,WAAW;oBACpB,KAAK,EAAE;wBACL;4BACE,IAAI,EAAE,SAAS;4BACf,OAAO,EAAE,6BAA6B;yBACvC;qBACF;iBACF;aACF;SACF;KACF,EACD,IAAI,EACJ,CAAC,CACF,GAAG,IAAI,CACT,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,YAAY,GAAG;IACnB,aAAa;IACb,YAAY;IACZ,cAAc;IACd,aAAa;IACb,eAAe;IACf,cAAc;IACd,uDAAuD;IACvD,mEAAmE;IACnE,mEAAmE;IACnE,kCAAkC;IAClC,WAAW;IACX,+DAA+D;IAC/D,gEAAgE;IAChE,gEAAgE;IAChE,6BAA6B;IAC7B,cAAc;IACd,+DAA+D;IAC/D,+DAA+D;IAC/D,mEAAmE;IACnE,gEAAgE;IAChE,eAAe;IACf,mEAAmE;IACnE,mEAAmE;IACnE,qEAAqE;IACrE,+DAA+D;IAC/D,6DAA6D;IAC7D,eAAe;IACf,+DAA+D;IAC/D,gEAAgE;IAChE,kEAAkE;IAClE,6DAA6D;IAC7D,yCAAyC;IACzC,YAAY;IACZ,iEAAiE;IACjE,gEAAgE;IAChE,mEAAmE;IACnE,mEAAmE;IACnE,uEAAuE;IACvE,cAAc;IACd,kEAAkE;IAClE,kEAAkE;IAClE,qEAAqE;IACrE,qEAAqE;IACrE,+DAA+D;IAC/D,iBAAiB;IACjB,6DAA6D;IAC7D,kEAAkE;IAClE,sEAAsE;IACtE,kEAAkE;IAClE,uEAAuE;IACvE,YAAY;IACZ,qEAAqE;IACrE,qEAAqE;IACrE,kEAAkE;IAClE,8DAA8D;IAC9D,qCAAqC;IACrC,UAAU;CACF,CAAC;AASJ,KAAK,UAAU,QAAQ,CAC5B,SAAiB,EACjB,MAAsB,EACtB,IAAoB,EACpB,KAAc,EACd,OAAO,GAAG,KAAK,EACf,eAAe,GAAG,KAAK;IAEvB,MAAM,SAAS,GAAG,IAAA,0BAAc,EAAC,MAAM,CAAC,CAAC;IACzC,MAAM,UAAU,GAAG,IAAA,2BAAe,EAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,YAAY,GAAG,eAAe,EAAE,CAAC;IAEvC,MAAM,MAAM,GAAmB;QAC7B,OAAO,EAAE,EAAE;QACX,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,QAAQ,EAAE;YACR,OAAO,EAAE,mBAAO;YAChB,IAAI;YACJ,WAAW,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACrC,MAAM;YACN,KAAK,EAAE,EAAE;SACV;KACF,CAAC;IAEF,MAAM,IAAI,GAAG,CAAC,QAAiB,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC,KAAK,EAAE,CAAC,CAAC;IAEhF,SAAS,KAAK,CACZ,UAAkB,EAClB,OAAsB,EACtB,WAAmB,EACnB,QAAiB;QAEjB,MAAM,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QACjD,IAAI,WAAW,KAAK,SAAS;YAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACnD,IAAI,WAAW,KAAK,SAAS;YAAE,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;aACxD,IAAI,WAAW,KAAK,aAAa;YAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAErE,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG;YAC3B,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,IAAA,cAAM,EAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI;YACxD,QAAQ;SACT,CAAC;IACJ,CAAC;IAED,KAAK,UAAU,aAAa,CAAC,YAAoB,EAAE,SAAiB,EAAE,QAAQ,GAAG,KAAK;QACpF,MAAM,GAAG,GAAG,YAAY,CAAC,YAAY,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,IAAA,iCAAe,EAAC,GAAG,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;QAC9D,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,MAAM,IAAA,iBAAS,EAAC,UAAU,EAAE,SAAS,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QACnE,KAAK,CAAC,UAAU,EAAE,SAAS,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IAED,SAAS,UAAU,CAAC,YAAoB,EAAE,SAAiB,EAAE,QAAQ,GAAG,KAAK;QAC3E,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,YAAY,CAAC,CAAC;QACtD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC;YAAE,OAAO;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QACnD,MAAM,GAAG,GAAG,IAAA,gBAAQ,EAAC,OAAO,EAAE,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QACpE,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE,GAAG,EAAE,QAAQ,CAAC,CAAC;IAC5C,CAAC;IAED,IAAI,eAAe,EAAE,CAAC;QACpB,MAAM,CAAC,MAAM,CAAC,gCAAgC,CAAC,CAAC;QAEhD,2DAA2D;QAC3D,kEAAkE;QAClE,6DAA6D;QAC7D,MAAM,aAAa,CAAC,oBAAoB,EAAE,WAAW,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE5B,kEAAkE;QAClE,6DAA6D;QAC7D,gEAAgE;QAChE,wBAAwB;QACxB,MAAM,aAAa,CAAC,oBAAoB,EAAE,WAAW,CAAC,CAAC;QACvD,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAE5B,mEAAmE;QACnE,mEAAmE;QACnE,kBAAkB;QAClB,MAAM,eAAe,GAAG,iBAAiB,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,SAAS,EAAE,eAAe,CAAC,CAAC;QACtE,MAAM,WAAW,GAAG,MAAM,IAAA,iBAAS,EAAC,YAAY,EAAE,eAAe,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;QAChF,KAAK,CAAC,YAAY,EAAE,eAAe,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAExC,iEAAiE;QACjE,kEAAkE;QAClE,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,YAAY,EAAE,CAAC;YACjC,UAAU,CAAC,kBAAkB,KAAK,WAAW,EAAE,kBAAkB,KAAK,WAAW,CAAC,CAAC;QACrF,CAAC;QACD,MAAM,CAAC,OAAO,CAAC,wBAAwB,CAAC,CAAC;QAEzC,6DAA6D;QAC7D,+DAA+D;QAC/D,qBAAqB;QACrB,KAAK,MAAM,IAAI,IAAI,IAAA,oCAAwB,EAAC,MAAM,CAAC,EAAE,CAAC;YACpD,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,UAAU,CAAC,iBAAiB,IAAI,CAAC,QAAQ,EAAE,EAAE,iBAAiB,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;YACjF,CAAC;QACH,CAAC;QACD,wDAAwD;QACxD,iEAAiE;QACjE,0DAA0D;QAC1D,qCAAqC;QACrC,IAAI,UAAU,CAAC,SAAS;YAAE,UAAU,CAAC,yBAAyB,EAAE,yBAAyB,CAAC,CAAC;QAC3F,IAAI,MAAM,CAAC,SAAS,KAAK,UAAU;YACjC,UAAU,CAAC,2BAA2B,EAAE,2BAA2B,CAAC,CAAC;QACvE,IAAI,MAAM,CAAC,SAAS,KAAK,SAAS;YAChC,UAAU,CAAC,0BAA0B,EAAE,0BAA0B,CAAC,CAAC;QACrE,MAAM,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;IACnC,CAAC;IAED,oEAAoE;IACpE,kEAAkE;IAClE,cAAc;IACd,MAAM,eAAe,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IACxE,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,eAAe,EAAE,OAAO,CAAC,CAAC;IAErF,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
---
|
|
2
2
|
name: dxkit-action
|
|
3
|
-
description: Read a dxkit report and execute fixes — prioritize findings by severity, plan the fix sequence, run the fix, verify the score moved, re-baseline if appropriate. Use when the user says "fix these findings", "act on the health report", "close out these vulnerabilities", or after dxkit-reports has surfaced something concrete.
|
|
3
|
+
description: Read a dxkit report and execute fixes — prioritize findings by severity, plan the fix sequence, run the fix, verify the score moved, re-baseline if appropriate. Supports a SCOPED pass to burn down one category at a time (dependency/BOM vulnerabilities, security, code quality, tests, docs). Use when the user says "fix these findings", "act on the health report", "close out these vulnerabilities", "just fix the dependency vulns", "only the security findings", or after dxkit-reports has surfaced something concrete.
|
|
4
4
|
---
|
|
5
5
|
|
|
6
6
|
# dxkit-action
|
|
@@ -28,6 +28,38 @@ npx vyuh-dxkit vulnerabilities --detailed --graph-context # or test-gaps / qua
|
|
|
28
28
|
|
|
29
29
|
`--graph-context` adds a "Graph context" column (the module a finding lives in + its blast radius — how many files call into it) so you can plan the fix without separately discovering structure. It's a structural HINT, not ground truth — read "Graph context" below for how to use it safely.
|
|
30
30
|
|
|
31
|
+
## Scoped fix — fix one category at a time
|
|
32
|
+
|
|
33
|
+
Often the user doesn't want "fix everything" — they want to burn down **one
|
|
34
|
+
category**: "just the dependency vulns", "only the security findings", "the
|
|
35
|
+
code-quality stuff." Honor that. A scoped pass keeps the change reviewable and
|
|
36
|
+
lets the team sequence the work.
|
|
37
|
+
|
|
38
|
+
When the user names a scope (or you propose one), run the report that already
|
|
39
|
+
partitions that dimension and work **only** that worklist — prioritization
|
|
40
|
+
(severity → reachability → blast radius) still applies, but within the scope:
|
|
41
|
+
|
|
42
|
+
| Scope the user asks for | Run | Findings in scope | Notes / hand-off |
|
|
43
|
+
|---|---|---|---|
|
|
44
|
+
| "dependency / BOM vulnerabilities" | `npx vyuh-dxkit bom` (or `vulnerabilities --detailed`) | `dep-vuln` | upgrade-first; see "Dependency vulnerability" below |
|
|
45
|
+
| "security" | `npx vyuh-dxkit vulnerabilities --detailed --graph-context` | code-SAST, secrets, dep-vuln | reachable findings first (the report orders them); secrets always top |
|
|
46
|
+
| "code quality" | `npx vyuh-dxkit quality --detailed --graph-context` | duplication, slop, lint, complexity | see "Slop / code-pattern finding" below |
|
|
47
|
+
| "tests" / "coverage" | `npx vyuh-dxkit test-gaps --detailed --graph-context` | test-gap | hand off to **dxkit-test** for a real test-writing push |
|
|
48
|
+
| "documentation" | `npx vyuh-dxkit health --detailed` (Documentation) | doc-gap | hand off to **dxkit-docs** |
|
|
49
|
+
|
|
50
|
+
Rules for a scoped pass:
|
|
51
|
+
|
|
52
|
+
- **Stay in the lane.** If the user said "just deps," don't also start fixing
|
|
53
|
+
SAST findings you notice — surface them ("I also see 3 HIGH SAST findings;
|
|
54
|
+
want a separate pass?") but don't expand scope unasked.
|
|
55
|
+
- **Tests / docs scopes are hand-offs, not inline work.** Closing test gaps or
|
|
56
|
+
writing docs is a dedicated loop — route to `dxkit-test` / `dxkit-docs`
|
|
57
|
+
rather than half-doing it here.
|
|
58
|
+
- **Verify within the scope.** Step [5] re-runs the scope's own report; the
|
|
59
|
+
scoped dimension should move and nothing else should regress (guardrail).
|
|
60
|
+
|
|
61
|
+
Without a named scope, work the full **Priority order** below.
|
|
62
|
+
|
|
31
63
|
## Priority order
|
|
32
64
|
|
|
33
65
|
Walk findings in this order (highest to lowest):
|
|
@@ -105,6 +137,8 @@ If no patched version exists OR the upgrade breaks other constraints AND the ris
|
|
|
105
137
|
|
|
106
138
|
### Test gap
|
|
107
139
|
|
|
140
|
+
For one test gap inside a broader fix pass, close it inline:
|
|
141
|
+
|
|
108
142
|
```bash
|
|
109
143
|
# 1. Read the source file the test-gap analyzer flagged
|
|
110
144
|
# 2. Write a test that exercises the file's primary contract
|
|
@@ -116,6 +150,8 @@ npx vyuh-dxkit test-gaps
|
|
|
116
150
|
|
|
117
151
|
Don't write tests that just import the module — write tests that exercise behavior. Useless tests inflate the count but don't move the dimension.
|
|
118
152
|
|
|
153
|
+
For a dedicated push to close many gaps / raise the Tests score — reading the blast-radius-weighted worklist, orienting via the graph, writing meaningful tests in the repo's framework — hand off to the **dxkit-test** skill (the testing mirror of dxkit-docs).
|
|
154
|
+
|
|
119
155
|
### Slop / code-pattern finding
|
|
120
156
|
|
|
121
157
|
```bash
|
|
@@ -272,4 +308,7 @@ In those cases: `vyuh-dxkit allowlist add` is the right tool for per-finding dec
|
|
|
272
308
|
- For hook-related issues during a fix push → `dxkit-hooks` skill
|
|
273
309
|
- For re-running reports between fixes → `dxkit-reports` skill
|
|
274
310
|
- For broken dxkit install (hooks not firing, vyuh-dxkit not on PATH) → `dxkit-fix` skill
|
|
311
|
+
- For a dedicated test-writing push (close many gaps / raise the Tests score) → `dxkit-test` skill
|
|
312
|
+
- For generating missing documentation → `dxkit-docs` skill
|
|
313
|
+
- For raising the PR once fixes are done + guardrail-green → `dxkit-pr` skill (PR body from the diff + the guardrail/allowlist signals + a reviewer checklist)
|
|
275
314
|
- For allowlist management beyond the per-finding `add` path — auditing existing entries (including orphans after a re-baseline), removing stale fingerprints, pruning expired ones, exporting to a `.snyk`, or reviewing the team's overall suppression posture → **dxkit-allowlist** skill
|
|
@@ -146,3 +146,5 @@ npx vyuh-dxkit guardrail check
|
|
|
146
146
|
should leave the new surface documented).
|
|
147
147
|
- Slop findings outside docs (AI-generated code prose, CHANGELOG slop) →
|
|
148
148
|
`dxkit-action`'s slop recipe.
|
|
149
|
+
- Closing test gaps / raising the Tests score (the sibling generator skill) →
|
|
150
|
+
`dxkit-test`.
|
|
@@ -154,8 +154,7 @@ Exit 0 = the feature added no net-new regressions. Exit 1 = something new
|
|
|
154
154
|
appeared — **a finding you introduced.** Address it before pushing:
|
|
155
155
|
|
|
156
156
|
- A real finding in your new code → fix it now (hand off to `dxkit-action`
|
|
157
|
-
for the fix recipes — secret rotation, dep upgrade,
|
|
158
|
-
test, etc.).
|
|
157
|
+
for the fix recipes — secret rotation, dep upgrade, SAST, etc.).
|
|
159
158
|
- A genuine false positive / intentional pattern → allowlist with a typed
|
|
160
159
|
category + reason (see `dxkit-action`'s allowlisting section). Fix first;
|
|
161
160
|
allowlist second.
|
|
@@ -163,6 +162,15 @@ appeared — **a finding you introduced.** Address it before pushing:
|
|
|
163
162
|
The feature isn't done when it works — it's done when it works **and** the
|
|
164
163
|
guardrail is green.
|
|
165
164
|
|
|
165
|
+
### Offer to test the new surface
|
|
166
|
+
|
|
167
|
+
A new feature is the most common source of a fresh test gap. When step [5]'s
|
|
168
|
+
`test-gaps` shows the code you just added is untested — especially if it has
|
|
169
|
+
callers (a non-trivial blast radius) — **offer to write tests for it, and on
|
|
170
|
+
the user's confirmation hand off to `dxkit-test`** to write them grounded in
|
|
171
|
+
the behavior you just built. Keep it an offer: don't auto-generate tests the
|
|
172
|
+
user didn't ask for, but don't let a new untested surface ship silently either.
|
|
173
|
+
|
|
166
174
|
## [6] Baseline decision
|
|
167
175
|
|
|
168
176
|
| Scenario | Action |
|
|
@@ -180,7 +188,10 @@ own feature introduced.
|
|
|
180
188
|
## Hand-offs
|
|
181
189
|
|
|
182
190
|
- A finding the guardrail blocked needs fixing → `dxkit-action` (the fix-loop
|
|
183
|
-
recipes for secrets, dep-vulns, SAST
|
|
191
|
+
recipes for secrets, dep-vulns, SAST).
|
|
192
|
+
- Writing tests for the new (or any untested) surface → `dxkit-test`.
|
|
193
|
+
- Raising the PR once the feature is built + green → `dxkit-pr` (title + body
|
|
194
|
+
from the diff, dxkit signals, reviewer checklist).
|
|
184
195
|
- Re-running reports between iterations → `dxkit-reports`.
|
|
185
196
|
- Ignore-file / config edits as part of the feature → `dxkit-config`.
|
|
186
197
|
- Hook problems on the verify push → `dxkit-hooks`.
|
|
@@ -21,7 +21,7 @@ Ask the user what they want, then pick the right invocation:
|
|
|
21
21
|
|
|
22
22
|
| Flag | What it ships | Default under `--full`? |
|
|
23
23
|
|---|---|---|
|
|
24
|
-
| `--with-dxkit-agents` | The
|
|
24
|
+
| `--with-dxkit-agents` | The dxkit-* skills + AGENTS.md + CLAUDE.md shim | Yes |
|
|
25
25
|
| `--with-hooks` | `.githooks/pre-push` + postinstall activation wire-up | Yes |
|
|
26
26
|
| `--with-precommit-hook` | Adds `.githooks/pre-commit` (slow on large repos) | No (still opt-in) |
|
|
27
27
|
| `--with-devcontainer` | `.devcontainer/devcontainer.json` (per-stack features) + post-create.sh | Yes |
|
|
@@ -82,7 +82,7 @@ Before running, ASK:
|
|
|
82
82
|
|
|
83
83
|
Optional flags worth surfacing if the customer pushes back on "full":
|
|
84
84
|
|
|
85
|
-
- `--with-dxkit-agents` — just the
|
|
85
|
+
- `--with-dxkit-agents` — just the dxkit-* skills (no hooks, no CI)
|
|
86
86
|
- `--with-hooks --with-dxkit-agents` — skills + pre-push hook
|
|
87
87
|
- `--with-precommit-hook` — also pre-commit (slow on large repos)
|
|
88
88
|
|
|
@@ -262,7 +262,7 @@ When in doubt, dxkit-onboard handles the full first-install journey and delegate
|
|
|
262
262
|
```
|
|
263
263
|
✓ Fresh dxkit install complete:
|
|
264
264
|
• Binary: 2.5.X installed globally + project-local
|
|
265
|
-
• Scaffold:
|
|
265
|
+
• Scaffold: dxkit-* skills, AGENTS.md, CLAUDE.md, devcontainer, hooks, CI workflows
|
|
266
266
|
• Doctor: 14/14 (Reports + Agent DX + Operational health)
|
|
267
267
|
• Baseline: N findings locked in (or "skipped — you're triaging first")
|
|
268
268
|
• Pre-commit: yes/no (your choice)
|
|
@@ -0,0 +1,142 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dxkit-pr
|
|
3
|
+
description: Open a pull request with a title + body grounded in the branch's real commits and diff — what changed, features implemented, findings fixed — plus a reviewer checklist and the dxkit guardrail/allowlist/score signals a reviewer needs. Use when the user says "raise a PR", "open a pull request", "create the PR", "write the PR description", or after dxkit-feature / dxkit-action finishes a change and it's ready to push for review.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# dxkit-pr
|
|
7
|
+
|
|
8
|
+
This skill turns a finished branch into a **reviewable** pull request: a title
|
|
9
|
+
and body grounded in what actually changed (not a generic template), and a
|
|
10
|
+
checklist that guides the reviewer through what to verify. It's the natural
|
|
11
|
+
close of `dxkit-feature` (built something) and `dxkit-action` (fixed findings) —
|
|
12
|
+
both hand off here when the work is ready for review.
|
|
13
|
+
|
|
14
|
+
A good PR description is written from the diff, not from memory. This skill
|
|
15
|
+
reads the branch, summarizes it honestly, and attaches the dxkit signals
|
|
16
|
+
(guardrail verdict, allowlist activity, score movement) a reviewer would
|
|
17
|
+
otherwise have to reconstruct by hand.
|
|
18
|
+
|
|
19
|
+
## The PR loop
|
|
20
|
+
|
|
21
|
+
```
|
|
22
|
+
[1] Survey → branch vs base: commits, diff stat, files touched
|
|
23
|
+
[2] Classify → features / fixes / refactors / docs / findings closed
|
|
24
|
+
[3] Signals → guardrail verdict + allowlist activity + score deltas
|
|
25
|
+
[4] Draft → title + body grounded in [1]–[3] + a reviewer checklist
|
|
26
|
+
[5] Confirm → show the user the draft; open with `gh pr create` on yes
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Don't skip [5]. A PR is outward-facing — show the draft and get a yes before
|
|
30
|
+
opening it.
|
|
31
|
+
|
|
32
|
+
## [1] Survey — read the branch, don't guess
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
git fetch origin
|
|
36
|
+
BASE=origin/main # or the repo's default branch
|
|
37
|
+
git log --oneline $BASE..HEAD # every commit on this branch
|
|
38
|
+
git diff --stat $BASE...HEAD # files + churn
|
|
39
|
+
git diff $BASE...HEAD # the actual change, when you need detail
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
Read the commit messages first — on a well-kept branch they already narrate the
|
|
43
|
+
work. Use the diff to verify and fill gaps, not to re-derive everything.
|
|
44
|
+
|
|
45
|
+
## [2] Classify — group the change for a reviewer
|
|
46
|
+
|
|
47
|
+
Sort the commits/diff into the buckets a reviewer cares about:
|
|
48
|
+
|
|
49
|
+
- **Features** — new capability, with the entry point / surface it adds.
|
|
50
|
+
- **Fixes** — bugs or findings closed (name the finding if it came from a dxkit
|
|
51
|
+
report: rule, file, severity).
|
|
52
|
+
- **Refactors** — behavior-preserving structure changes (flag these — they're
|
|
53
|
+
where "looks big, reads safe" lives).
|
|
54
|
+
- **Docs / tests / chore** — supporting changes.
|
|
55
|
+
|
|
56
|
+
Lead the body with the *why* (the problem) and the *what* (the approach), then
|
|
57
|
+
the bucketed change list. Keep it proportional — a one-commit fix gets a short
|
|
58
|
+
body; a multi-commit feature gets sections.
|
|
59
|
+
|
|
60
|
+
## [3] Signals — attach what dxkit knows
|
|
61
|
+
|
|
62
|
+
Run the guardrail so the PR states its own verdict, and surface any suppression
|
|
63
|
+
activity a reviewer must sign off on:
|
|
64
|
+
|
|
65
|
+
```bash
|
|
66
|
+
npx vyuh-dxkit guardrail check # PASS/FAIL the PR will get in CI
|
|
67
|
+
npx vyuh-dxkit allowlist audit # any new/expiring suppressions?
|
|
68
|
+
npx vyuh-dxkit health --detailed | head -40 # score movement, if relevant
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
Put in the body:
|
|
72
|
+
|
|
73
|
+
- **Guardrail verdict** — PASS, or FAIL with the net-new findings named (a
|
|
74
|
+
reviewer should know before CI tells them).
|
|
75
|
+
- **Allowlist activity** — any suppression added on this branch, with its
|
|
76
|
+
category + reason + expiry, called out for explicit review (suppressions are
|
|
77
|
+
the highest-trust thing a reviewer approves).
|
|
78
|
+
- **Score deltas** — only when the change targeted a dimension (e.g. "Tests
|
|
79
|
+
62 → 71 after closing the auth gaps"). Don't pad with unchanged scores.
|
|
80
|
+
|
|
81
|
+
## [4] Draft — title, body, reviewer checklist
|
|
82
|
+
|
|
83
|
+
**Title** — imperative, scoped, specific. `feat(auth): add refresh-token
|
|
84
|
+
rotation`, not `Updates`. Match the repo's existing PR/commit convention
|
|
85
|
+
(check `git log` on the base branch).
|
|
86
|
+
|
|
87
|
+
**Body** — structure:
|
|
88
|
+
|
|
89
|
+
```markdown
|
|
90
|
+
## What & why
|
|
91
|
+
<the problem this solves, in 1–3 sentences>
|
|
92
|
+
|
|
93
|
+
## Changes
|
|
94
|
+
- **Feature:** …
|
|
95
|
+
- **Fix:** … (closes <finding/issue>)
|
|
96
|
+
- **Refactor:** … (behavior-preserving)
|
|
97
|
+
|
|
98
|
+
## dxkit signals
|
|
99
|
+
- Guardrail: ✅ PASS (or ❌ + the net-new findings)
|
|
100
|
+
- Allowlist: <new suppressions + reason + expiry, or "no changes">
|
|
101
|
+
- Scores: <dimension deltas, if the change targeted one>
|
|
102
|
+
|
|
103
|
+
## Reviewer checklist
|
|
104
|
+
- [ ] Change matches the description; scope isn't broader than stated
|
|
105
|
+
- [ ] <feature>: behavior verified (how to exercise it)
|
|
106
|
+
- [ ] Refactors are behavior-preserving (no silent semantic change)
|
|
107
|
+
- [ ] New/changed code is tested; test gaps addressed or noted
|
|
108
|
+
- [ ] Any allowlist suppression is justified (category + reason + expiry)
|
|
109
|
+
- [ ] No secrets/keys/tokens in the diff
|
|
110
|
+
- [ ] Docs updated if behavior or interfaces changed
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Tailor the checklist to the *actual* change — drop rows that don't apply, add
|
|
114
|
+
specific ones (a migration step, a config flag to set, a caller to re-test from
|
|
115
|
+
the blast radius). A generic checklist is noise; a targeted one guides the review.
|
|
116
|
+
|
|
117
|
+
## [5] Confirm + open
|
|
118
|
+
|
|
119
|
+
Show the user the full draft (title + body) and confirm. On yes:
|
|
120
|
+
|
|
121
|
+
```bash
|
|
122
|
+
git push -u origin HEAD # if not already pushed
|
|
123
|
+
gh pr create --base main --title "<title>" --body "<body>"
|
|
124
|
+
```
|
|
125
|
+
|
|
126
|
+
If `gh` isn't authenticated, print the title + body for the user to paste, and
|
|
127
|
+
point them at `gh auth login`. Never open a PR the user hasn't seen.
|
|
128
|
+
|
|
129
|
+
## Scope — what NOT to do
|
|
130
|
+
|
|
131
|
+
- Don't invent changes the diff doesn't show, or claim a finding is fixed
|
|
132
|
+
without having verified it (re-run the analyzer first — see `dxkit-action`).
|
|
133
|
+
- Don't open the PR before the guardrail is green, unless the user explicitly
|
|
134
|
+
wants a draft PR for early review — and then mark it draft and say so in the body.
|
|
135
|
+
- Don't restate every commit verbatim — synthesize. The commit log is one click
|
|
136
|
+
away; the body's job is the narrative + the review guidance.
|
|
137
|
+
|
|
138
|
+
## Hand-offs
|
|
139
|
+
|
|
140
|
+
- A guardrail FAIL blocking the PR → `dxkit-action` to fix the net-new findings first.
|
|
141
|
+
- Writing the feature being PR'd → `dxkit-feature`; closing test gaps it opened → `dxkit-test`.
|
|
142
|
+
- Branch-protection / required-check setup so the PR is actually gated → `dxkit-hooks` / repo settings.
|
|
@@ -103,7 +103,7 @@ Surface those three when summarizing a dep-vuln finding. The detailed JSON has t
|
|
|
103
103
|
|
|
104
104
|
## When the user wants to ACT on findings
|
|
105
105
|
|
|
106
|
-
Hand off to the `dxkit-action` skill — that's the workflow for prioritizing + fixing + re-baselining. This skill stops at "here's what's wrong."
|
|
106
|
+
Hand off to the `dxkit-action` skill — that's the workflow for prioritizing + fixing + re-baselining. This skill stops at "here's what's wrong." For a dimension-focused push, hand to the specialist generator skills instead: **dxkit-test** to close test-gaps / raise the Tests score, **dxkit-docs** to write missing documentation.
|
|
107
107
|
|
|
108
108
|
## Troubleshooting
|
|
109
109
|
|
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dxkit-test
|
|
3
|
+
description: Write the tests a repo is missing — read the test-gaps report (blast-radius-weighted), orient on what the untested code actually does via the graph, then write real tests that close the highest-risk gaps and move the Tests score without coverage theater. Use when the user says "write tests", "add tests for this module", "improve the test coverage / Tests score", "close the test gaps", "cover the untested files", or after a health report flags Testing.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# dxkit-test
|
|
7
|
+
|
|
8
|
+
This skill closes the gap `dxkit-action` doesn't: it **writes** the missing
|
|
9
|
+
tests rather than fixing flagged findings. It is the testing mirror of
|
|
10
|
+
`dxkit-docs` — same shape, different dimension. It's built around one hard
|
|
11
|
+
constraint: a test that doesn't actually exercise behavior (an empty `expect(true)`,
|
|
12
|
+
a snapshot of nothing, a call with no assertion) raises the coverage number
|
|
13
|
+
while proving nothing. The whole point of this skill is tests that are
|
|
14
|
+
**grounded in real behavior** and **catch real regressions** — not coverage
|
|
15
|
+
theater.
|
|
16
|
+
|
|
17
|
+
## The testing loop
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
[1] Read the gap → test-gaps: the blast-radius-weighted untested worklist
|
|
21
|
+
[2] Orient → graph: what the file does, who depends on it, what to assert
|
|
22
|
+
[3] Generate → write real tests in the repo's framework + patterns
|
|
23
|
+
[4] Verify → run the suite + coverage; Tests up, nothing red
|
|
24
|
+
[5] Guardrail → guardrail check before pushing
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
Don't skip [2] or [4]. [2] is what makes the tests meaningful; [4] is what
|
|
28
|
+
proves they pass and the coverage actually moved.
|
|
29
|
+
|
|
30
|
+
## [1] Read the gap — what's actually untested, worst-first
|
|
31
|
+
|
|
32
|
+
Run the test-gaps report with graph context so the worklist is ranked by
|
|
33
|
+
**blast radius** (how many files depend on each untested file), not just size:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
npx vyuh-dxkit test-gaps --detailed --graph-context
|
|
37
|
+
npx vyuh-dxkit test-gaps --detailed --graph-context --json | jq '.actions, .gaps[0:10]'
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The report partitions untested files into CRITICAL / HIGH / MEDIUM / LOW risk
|
|
41
|
+
tiers, and **within each tier the most-depended-on files surface first** (the
|
|
42
|
+
`Graph context` column shows `role · N caller files`). Work top-down: a
|
|
43
|
+
30-caller untested file is a bigger liability than a 500-line leaf nothing
|
|
44
|
+
calls. The `actions` array names the top-K per tier with projected
|
|
45
|
+
score uplift — that's your queue.
|
|
46
|
+
|
|
47
|
+
A `blast radius n/a` cell means graphify couldn't resolve that language's call
|
|
48
|
+
graph (C# is the known case) — treat it as *unknown*, not "no callers," and
|
|
49
|
+
fall back to the file's role + size to judge its risk.
|
|
50
|
+
|
|
51
|
+
## [2] Orient — understand the behavior before you assert on it
|
|
52
|
+
|
|
53
|
+
A test is only as good as your understanding of what the code should do.
|
|
54
|
+
Before writing, learn the real shape from the graph (cheap, structural):
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
npx vyuh-dxkit context src/payments/refund.ts # the file's symbols, callers, callees
|
|
58
|
+
npx vyuh-dxkit explore file src/payments/refund.ts # its structural neighborhood
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
Use it to decide three things:
|
|
62
|
+
|
|
63
|
+
- **What the public contract is** — the exported symbols are what callers rely
|
|
64
|
+
on; test those, not private helpers.
|
|
65
|
+
- **What the callers expect** — the caller files (blast radius) tell you the
|
|
66
|
+
real usage shapes to cover, including the edge cases they pass.
|
|
67
|
+
- **What's risky** — error paths, branching, boundary conditions. Then **read
|
|
68
|
+
the actual code** — the graph points you at it; it doesn't replace reading
|
|
69
|
+
it.
|
|
70
|
+
|
|
71
|
+
## [3] Generate — real tests, the repo's way
|
|
72
|
+
|
|
73
|
+
- **Match the existing framework + conventions.** Detect what the repo already
|
|
74
|
+
uses (vitest/jest, pytest, go test, JUnit, RSpec, …) from the existing test
|
|
75
|
+
files and `test-gaps` output — never introduce a new test framework. Copy the
|
|
76
|
+
nearest existing test's structure, naming, fixtures, and assertion style so
|
|
77
|
+
the new tests read like the repo's.
|
|
78
|
+
- **Assert behavior, not existence.** Each test must exercise a real path and
|
|
79
|
+
assert a real outcome — return values, side effects, error handling,
|
|
80
|
+
boundaries. A test that calls a function and asserts nothing is slop.
|
|
81
|
+
- **Cover the contract + the edges.** Happy path, the error/edge cases the
|
|
82
|
+
callers actually hit, and at least one boundary. Prioritize branches over
|
|
83
|
+
lines.
|
|
84
|
+
- **Don't fake it.** No mocking the unit under test into a tautology; no
|
|
85
|
+
asserting on a stub you wrote. Mock external boundaries (network, clock,
|
|
86
|
+
fs) the way the repo already does.
|
|
87
|
+
|
|
88
|
+
## [4] Verify — Tests up, suite green, no coverage theater
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
# Run the repo's real test command (from package.json / Makefile / etc.)
|
|
92
|
+
<the repo's test command> # e.g. npm test, pytest, go test ./...
|
|
93
|
+
|
|
94
|
+
# Re-materialize coverage + the gap report
|
|
95
|
+
npx vyuh-dxkit coverage # runs the suite to produce real line coverage
|
|
96
|
+
npx vyuh-dxkit test-gaps --detailed # the targeted gap should be gone / downgraded
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
The work is done when:
|
|
100
|
+
|
|
101
|
+
- The new tests **pass** (a failing or skipped test is not coverage).
|
|
102
|
+
- The targeted file is no longer in the gap worklist (or dropped a risk tier).
|
|
103
|
+
- `effectiveCoverage` rose from a real signal — prefer line-coverage truth
|
|
104
|
+
(`coverage`) over the filename-match heuristic; a name-matched 5-line test on
|
|
105
|
+
a 200-line file is exactly the theater this skill exists to avoid.
|
|
106
|
+
|
|
107
|
+
## [5] Guardrail — before pushing
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
npx vyuh-dxkit guardrail check
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Exit 0 = your new tests didn't introduce a net-new regression (e.g. a flaky
|
|
114
|
+
test, a slop finding in test prose). Address anything it flags before pushing.
|
|
115
|
+
|
|
116
|
+
## Scope — what NOT to test
|
|
117
|
+
|
|
118
|
+
- Don't test auto-generated, vendored, or trivial pass-through code just to
|
|
119
|
+
move the number — credit comes from covering the files that carry risk.
|
|
120
|
+
- Don't write tests you can't make pass; a `.skip` is a gap, not a closure.
|
|
121
|
+
- Don't assert on implementation details that will break on every refactor —
|
|
122
|
+
test the contract, not the internals.
|
|
123
|
+
|
|
124
|
+
## Hand-offs
|
|
125
|
+
|
|
126
|
+
- Running / interpreting the health or test-gaps report → `dxkit-reports`.
|
|
127
|
+
- A test gap surfaced as one finding inside a broader fix pass → `dxkit-action`.
|
|
128
|
+
- Testing a feature you're building → `dxkit-feature` (it offers to hand the
|
|
129
|
+
new surface here once the feature lands).
|
|
130
|
+
- Documentation gaps (the sibling generator skill) → `dxkit-docs`.
|
|
@@ -135,6 +135,10 @@ Iterate optional steps in the plan:
|
|
|
135
135
|
| "Doctor says X is broken" | `dxkit-fix` |
|
|
136
136
|
| "I want to run a report" | `dxkit-reports` |
|
|
137
137
|
| "Fix these findings" | `dxkit-action` |
|
|
138
|
+
| "Write the missing tests" | `dxkit-test` |
|
|
139
|
+
| "Write the missing docs" | `dxkit-docs` |
|
|
140
|
+
| "Manage / audit the allowlist" | `dxkit-allowlist` |
|
|
141
|
+
| "Raise the PR" | `dxkit-pr` |
|
|
138
142
|
| "Configure dxkit" | `dxkit-config` |
|
|
139
143
|
| "Set up hooks" | `dxkit-hooks` |
|
|
140
144
|
| "Explain dxkit" | `dxkit-learn` |
|
|
@@ -12,14 +12,20 @@ For agent-specific config, see the editor-specific files alongside this one —
|
|
|
12
12
|
|
|
13
13
|
This repo is managed by [`@vyuhlabs/dxkit`](https://github.com/vyuh-labs/dxkit). dxkit measures code health across 6 dimensions, captures a per-finding baseline, and gates PRs on net-new regressions.
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
The `dxkit-*` skills are installed under `.claude/skills/` (Claude Code auto-discovers via skill frontmatter):
|
|
16
16
|
|
|
17
17
|
- **dxkit-learn** — explains dxkit concepts (baselines, dimensions, scanners)
|
|
18
|
-
- **dxkit-init** — interactive setup
|
|
18
|
+
- **dxkit-onboard** — fresh-install walkthrough; **dxkit-init** — interactive setup
|
|
19
19
|
- **dxkit-config** — edit `.dxkit-ignore`, `.vyuh-dxkit.json`, policy
|
|
20
20
|
- **dxkit-hooks** — install / troubleshoot git hooks
|
|
21
21
|
- **dxkit-reports** — run analyzers, explain output, dashboard
|
|
22
|
-
- **dxkit-action** — prioritize + fix + verify + re-baseline
|
|
22
|
+
- **dxkit-action** — prioritize + fix + verify + re-baseline (scoped to one category if asked)
|
|
23
|
+
- **dxkit-test** — write the missing tests to close gaps; **dxkit-docs** — write the missing docs
|
|
24
|
+
- **dxkit-feature** — graph-guided net-new development
|
|
25
|
+
- **dxkit-ingest** — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
|
|
26
|
+
- **dxkit-allowlist** — manage the suppression lifecycle (audit / remove / prune / export to Snyk)
|
|
27
|
+
- **dxkit-pr** — open a PR with a diff-grounded body + reviewer checklist
|
|
28
|
+
- **dxkit-update** — upgrade an existing install; **dxkit-fix** — repair a broken one
|
|
23
29
|
|
|
24
30
|
Reach for the relevant skill when working in this repo. They wrap the `vyuh-dxkit` CLI with workflow guidance.
|
|
25
31
|
|
|
@@ -6,14 +6,20 @@ Whenever Claude Code starts a session in this repo, it reads BOTH files: this on
|
|
|
6
6
|
|
|
7
7
|
## dxkit skills
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
The `dxkit-*` skills are installed under `.claude/skills/`. Claude Code auto-discovers them via their frontmatter `description` fields:
|
|
10
10
|
|
|
11
11
|
- `dxkit-learn` — explain what dxkit does, what scores mean, what scanners run
|
|
12
|
-
- `dxkit-init` —
|
|
12
|
+
- `dxkit-onboard` / `dxkit-init` — fresh-install walkthrough / `init` flag choices
|
|
13
13
|
- `dxkit-config` — edit `.dxkit-ignore` / `.vyuh-dxkit.json` / policy
|
|
14
14
|
- `dxkit-hooks` — install / troubleshoot git hooks
|
|
15
15
|
- `dxkit-reports` — run analyzers + read output
|
|
16
|
-
- `dxkit-action` — prioritize + fix + verify + re-baseline
|
|
16
|
+
- `dxkit-action` — prioritize + fix + verify + re-baseline (scoped to one category if asked)
|
|
17
|
+
- `dxkit-test` / `dxkit-docs` — write the missing tests / docs to move a dimension
|
|
18
|
+
- `dxkit-feature` — graph-guided net-new development
|
|
19
|
+
- `dxkit-ingest` — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
|
|
20
|
+
- `dxkit-allowlist` — manage the suppression lifecycle (audit / remove / prune / export)
|
|
21
|
+
- `dxkit-pr` — open a PR with a diff-grounded body + reviewer checklist
|
|
22
|
+
- `dxkit-update` / `dxkit-fix` — upgrade / repair an install
|
|
17
23
|
|
|
18
24
|
When the user asks about dxkit concepts or wants to run an analyzer, reach for the matching skill before improvising.
|
|
19
25
|
|