@vyuhlabs/dxkit 2.9.2 → 2.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (54) hide show
  1. package/CHANGELOG.md +68 -0
  2. package/README.md +20 -9
  3. package/dist/analyzers/developer/gather.d.ts +16 -0
  4. package/dist/analyzers/developer/gather.d.ts.map +1 -1
  5. package/dist/analyzers/developer/gather.js +2 -0
  6. package/dist/analyzers/developer/gather.js.map +1 -1
  7. package/dist/analyzers/developer/ownership.d.ts +86 -0
  8. package/dist/analyzers/developer/ownership.d.ts.map +1 -0
  9. package/dist/analyzers/developer/ownership.js +180 -0
  10. package/dist/analyzers/developer/ownership.js.map +1 -0
  11. package/dist/analyzers/quality/detailed.d.ts +5 -1
  12. package/dist/analyzers/quality/detailed.d.ts.map +1 -1
  13. package/dist/analyzers/quality/detailed.js +30 -29
  14. package/dist/analyzers/quality/detailed.js.map +1 -1
  15. package/dist/analyzers/security/detailed.d.ts +7 -1
  16. package/dist/analyzers/security/detailed.d.ts.map +1 -1
  17. package/dist/analyzers/security/detailed.js +31 -15
  18. package/dist/analyzers/security/detailed.js.map +1 -1
  19. package/dist/analyzers/tests/actions.d.ts +18 -1
  20. package/dist/analyzers/tests/actions.d.ts.map +1 -1
  21. package/dist/analyzers/tests/actions.js +37 -1
  22. package/dist/analyzers/tests/actions.js.map +1 -1
  23. package/dist/analyzers/tests/detailed.d.ts +5 -1
  24. package/dist/analyzers/tests/detailed.d.ts.map +1 -1
  25. package/dist/analyzers/tests/detailed.js +42 -23
  26. package/dist/analyzers/tests/detailed.js.map +1 -1
  27. package/dist/analyzers/tests/types.d.ts +10 -0
  28. package/dist/analyzers/tests/types.d.ts.map +1 -1
  29. package/dist/attribution/attribute.d.ts +57 -0
  30. package/dist/attribution/attribute.d.ts.map +1 -0
  31. package/dist/attribution/attribute.js +149 -0
  32. package/dist/attribution/attribute.js.map +1 -0
  33. package/dist/cli.d.ts.map +1 -1
  34. package/dist/cli.js +53 -5
  35. package/dist/cli.js.map +1 -1
  36. package/dist/generator.d.ts.map +1 -1
  37. package/dist/generator.js +12 -0
  38. package/dist/generator.js.map +1 -1
  39. package/dist/reviewers-cli.d.ts +57 -0
  40. package/dist/reviewers-cli.d.ts.map +1 -0
  41. package/dist/reviewers-cli.js +263 -0
  42. package/dist/reviewers-cli.js.map +1 -0
  43. package/package.json +1 -1
  44. package/templates/.claude/skills/dxkit-action/SKILL.md +42 -1
  45. package/templates/.claude/skills/dxkit-docs/SKILL.md +2 -0
  46. package/templates/.claude/skills/dxkit-feature/SKILL.md +14 -3
  47. package/templates/.claude/skills/dxkit-init/SKILL.md +1 -1
  48. package/templates/.claude/skills/dxkit-onboard/SKILL.md +2 -2
  49. package/templates/.claude/skills/dxkit-pr/SKILL.md +163 -0
  50. package/templates/.claude/skills/dxkit-reports/SKILL.md +1 -1
  51. package/templates/.claude/skills/dxkit-test/SKILL.md +130 -0
  52. package/templates/.claude/skills/dxkit-update/SKILL.md +4 -0
  53. package/templates/AGENTS.md.template +9 -3
  54. package/templates/CLAUDE.md.template +9 -3
@@ -0,0 +1,130 @@
1
+ ---
2
+ name: dxkit-test
3
+ description: Write the tests a repo is missing — read the test-gaps report (blast-radius-weighted), orient on what the untested code actually does via the graph, then write real tests that close the highest-risk gaps and move the Tests score without coverage theater. Use when the user says "write tests", "add tests for this module", "improve the test coverage / Tests score", "close the test gaps", "cover the untested files", or after a health report flags Testing.
4
+ ---
5
+
6
+ # dxkit-test
7
+
8
+ This skill closes the gap `dxkit-action` doesn't: it **writes** the missing
9
+ tests rather than fixing flagged findings. It is the testing mirror of
10
+ `dxkit-docs` — same shape, different dimension. It's built around one hard
11
+ constraint: a test that doesn't actually exercise behavior (an empty `expect(true)`,
12
+ a snapshot of nothing, a call with no assertion) raises the coverage number
13
+ while proving nothing. The whole point of this skill is tests that are
14
+ **grounded in real behavior** and **catch real regressions** — not coverage
15
+ theater.
16
+
17
+ ## The testing loop
18
+
19
+ ```
20
+ [1] Read the gap → test-gaps: the blast-radius-weighted untested worklist
21
+ [2] Orient → graph: what the file does, who depends on it, what to assert
22
+ [3] Generate → write real tests in the repo's framework + patterns
23
+ [4] Verify → run the suite + coverage; Tests up, nothing red
24
+ [5] Guardrail → guardrail check before pushing
25
+ ```
26
+
27
+ Don't skip [2] or [4]. [2] is what makes the tests meaningful; [4] is what
28
+ proves they pass and the coverage actually moved.
29
+
30
+ ## [1] Read the gap — what's actually untested, worst-first
31
+
32
+ Run the test-gaps report with graph context so the worklist is ranked by
33
+ **blast radius** (how many files depend on each untested file), not just size:
34
+
35
+ ```bash
36
+ npx vyuh-dxkit test-gaps --detailed --graph-context
37
+ npx vyuh-dxkit test-gaps --detailed --graph-context --json | jq '.actions, .gaps[0:10]'
38
+ ```
39
+
40
+ The report partitions untested files into CRITICAL / HIGH / MEDIUM / LOW risk
41
+ tiers, and **within each tier the most-depended-on files surface first** (the
42
+ `Graph context` column shows `role · N caller files`). Work top-down: a
43
+ 30-caller untested file is a bigger liability than a 500-line leaf nothing
44
+ calls. The `actions` array names the top-K per tier with projected
45
+ score uplift — that's your queue.
46
+
47
+ A `blast radius n/a` cell means graphify couldn't resolve that language's call
48
+ graph (C# is the known case) — treat it as *unknown*, not "no callers," and
49
+ fall back to the file's role + size to judge its risk.
50
+
51
+ ## [2] Orient — understand the behavior before you assert on it
52
+
53
+ A test is only as good as your understanding of what the code should do.
54
+ Before writing, learn the real shape from the graph (cheap, structural):
55
+
56
+ ```bash
57
+ npx vyuh-dxkit context src/payments/refund.ts # the file's symbols, callers, callees
58
+ npx vyuh-dxkit explore file src/payments/refund.ts # its structural neighborhood
59
+ ```
60
+
61
+ Use it to decide three things:
62
+
63
+ - **What the public contract is** — the exported symbols are what callers rely
64
+ on; test those, not private helpers.
65
+ - **What the callers expect** — the caller files (blast radius) tell you the
66
+ real usage shapes to cover, including the edge cases they pass.
67
+ - **What's risky** — error paths, branching, boundary conditions. Then **read
68
+ the actual code** — the graph points you at it; it doesn't replace reading
69
+ it.
70
+
71
+ ## [3] Generate — real tests, the repo's way
72
+
73
+ - **Match the existing framework + conventions.** Detect what the repo already
74
+ uses (vitest/jest, pytest, go test, JUnit, RSpec, …) from the existing test
75
+ files and `test-gaps` output — never introduce a new test framework. Copy the
76
+ nearest existing test's structure, naming, fixtures, and assertion style so
77
+ the new tests read like the repo's.
78
+ - **Assert behavior, not existence.** Each test must exercise a real path and
79
+ assert a real outcome — return values, side effects, error handling,
80
+ boundaries. A test that calls a function and asserts nothing is slop.
81
+ - **Cover the contract + the edges.** Happy path, the error/edge cases the
82
+ callers actually hit, and at least one boundary. Prioritize branches over
83
+ lines.
84
+ - **Don't fake it.** No mocking the unit under test into a tautology; no
85
+ asserting on a stub you wrote. Mock external boundaries (network, clock,
86
+ fs) the way the repo already does.
87
+
88
+ ## [4] Verify — Tests up, suite green, no coverage theater
89
+
90
+ ```bash
91
+ # Run the repo's real test command (from package.json / Makefile / etc.)
92
+ <the repo's test command> # e.g. npm test, pytest, go test ./...
93
+
94
+ # Re-materialize coverage + the gap report
95
+ npx vyuh-dxkit coverage # runs the suite to produce real line coverage
96
+ npx vyuh-dxkit test-gaps --detailed # the targeted gap should be gone / downgraded
97
+ ```
98
+
99
+ The work is done when:
100
+
101
+ - The new tests **pass** (a failing or skipped test is not coverage).
102
+ - The targeted file is no longer in the gap worklist (or dropped a risk tier).
103
+ - `effectiveCoverage` rose from a real signal — prefer line-coverage truth
104
+ (`coverage`) over the filename-match heuristic; a name-matched 5-line test on
105
+ a 200-line file is exactly the theater this skill exists to avoid.
106
+
107
+ ## [5] Guardrail — before pushing
108
+
109
+ ```bash
110
+ npx vyuh-dxkit guardrail check
111
+ ```
112
+
113
+ Exit 0 = your new tests didn't introduce a net-new regression (e.g. a flaky
114
+ test, a slop finding in test prose). Address anything it flags before pushing.
115
+
116
+ ## Scope — what NOT to test
117
+
118
+ - Don't test auto-generated, vendored, or trivial pass-through code just to
119
+ move the number — credit comes from covering the files that carry risk.
120
+ - Don't write tests you can't make pass; a `.skip` is a gap, not a closure.
121
+ - Don't assert on implementation details that will break on every refactor —
122
+ test the contract, not the internals.
123
+
124
+ ## Hand-offs
125
+
126
+ - Running / interpreting the health or test-gaps report → `dxkit-reports`.
127
+ - A test gap surfaced as one finding inside a broader fix pass → `dxkit-action`.
128
+ - Testing a feature you're building → `dxkit-feature` (it offers to hand the
129
+ new surface here once the feature lands).
130
+ - Documentation gaps (the sibling generator skill) → `dxkit-docs`.
@@ -135,6 +135,10 @@ Iterate optional steps in the plan:
135
135
  | "Doctor says X is broken" | `dxkit-fix` |
136
136
  | "I want to run a report" | `dxkit-reports` |
137
137
  | "Fix these findings" | `dxkit-action` |
138
+ | "Write the missing tests" | `dxkit-test` |
139
+ | "Write the missing docs" | `dxkit-docs` |
140
+ | "Manage / audit the allowlist" | `dxkit-allowlist` |
141
+ | "Raise the PR" | `dxkit-pr` |
138
142
  | "Configure dxkit" | `dxkit-config` |
139
143
  | "Set up hooks" | `dxkit-hooks` |
140
144
  | "Explain dxkit" | `dxkit-learn` |
@@ -12,14 +12,20 @@ For agent-specific config, see the editor-specific files alongside this one —
12
12
 
13
13
  This repo is managed by [`@vyuhlabs/dxkit`](https://github.com/vyuh-labs/dxkit). dxkit measures code health across 6 dimensions, captures a per-finding baseline, and gates PRs on net-new regressions.
14
14
 
15
- Six skills are installed under `.claude/skills/` (Claude Code auto-discovers via skill frontmatter):
15
+ The `dxkit-*` skills are installed under `.claude/skills/` (Claude Code auto-discovers via skill frontmatter):
16
16
 
17
17
  - **dxkit-learn** — explains dxkit concepts (baselines, dimensions, scanners)
18
- - **dxkit-init** — interactive setup walkthrough
18
+ - **dxkit-onboard** — fresh-install walkthrough; **dxkit-init** — interactive setup
19
19
  - **dxkit-config** — edit `.dxkit-ignore`, `.vyuh-dxkit.json`, policy
20
20
  - **dxkit-hooks** — install / troubleshoot git hooks
21
21
  - **dxkit-reports** — run analyzers, explain output, dashboard
22
- - **dxkit-action** — prioritize + fix + verify + re-baseline
22
+ - **dxkit-action** — prioritize + fix + verify + re-baseline (scoped to one category if asked)
23
+ - **dxkit-test** — write the missing tests to close gaps; **dxkit-docs** — write the missing docs
24
+ - **dxkit-feature** — graph-guided net-new development
25
+ - **dxkit-ingest** — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
26
+ - **dxkit-allowlist** — manage the suppression lifecycle (audit / remove / prune / export to Snyk)
27
+ - **dxkit-pr** — open a PR with a diff-grounded body + reviewer checklist
28
+ - **dxkit-update** — upgrade an existing install; **dxkit-fix** — repair a broken one
23
29
 
24
30
  Reach for the relevant skill when working in this repo. They wrap the `vyuh-dxkit` CLI with workflow guidance.
25
31
 
@@ -6,14 +6,20 @@ Whenever Claude Code starts a session in this repo, it reads BOTH files: this on
6
6
 
7
7
  ## dxkit skills
8
8
 
9
- Six dxkit-specific skills are installed under `.claude/skills/`. Claude Code auto-discovers them via their frontmatter `description` fields:
9
+ The `dxkit-*` skills are installed under `.claude/skills/`. Claude Code auto-discovers them via their frontmatter `description` fields:
10
10
 
11
11
  - `dxkit-learn` — explain what dxkit does, what scores mean, what scanners run
12
- - `dxkit-init` — walk through `vyuh-dxkit init` flag choices
12
+ - `dxkit-onboard` / `dxkit-init` — fresh-install walkthrough / `init` flag choices
13
13
  - `dxkit-config` — edit `.dxkit-ignore` / `.vyuh-dxkit.json` / policy
14
14
  - `dxkit-hooks` — install / troubleshoot git hooks
15
15
  - `dxkit-reports` — run analyzers + read output
16
- - `dxkit-action` — prioritize + fix + verify + re-baseline
16
+ - `dxkit-action` — prioritize + fix + verify + re-baseline (scoped to one category if asked)
17
+ - `dxkit-test` / `dxkit-docs` — write the missing tests / docs to move a dimension
18
+ - `dxkit-feature` — graph-guided net-new development
19
+ - `dxkit-ingest` — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
20
+ - `dxkit-allowlist` — manage the suppression lifecycle (audit / remove / prune / export)
21
+ - `dxkit-pr` — open a PR with a diff-grounded body + reviewer checklist
22
+ - `dxkit-update` / `dxkit-fix` — upgrade / repair an install
17
23
 
18
24
  When the user asks about dxkit concepts or wants to run an analyzer, reach for the matching skill before improvising.
19
25