@vyuhlabs/dxkit 2.9.2 → 2.9.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +68 -0
- package/README.md +20 -9
- package/dist/analyzers/developer/gather.d.ts +16 -0
- package/dist/analyzers/developer/gather.d.ts.map +1 -1
- package/dist/analyzers/developer/gather.js +2 -0
- package/dist/analyzers/developer/gather.js.map +1 -1
- package/dist/analyzers/developer/ownership.d.ts +86 -0
- package/dist/analyzers/developer/ownership.d.ts.map +1 -0
- package/dist/analyzers/developer/ownership.js +180 -0
- package/dist/analyzers/developer/ownership.js.map +1 -0
- package/dist/analyzers/quality/detailed.d.ts +5 -1
- package/dist/analyzers/quality/detailed.d.ts.map +1 -1
- package/dist/analyzers/quality/detailed.js +30 -29
- package/dist/analyzers/quality/detailed.js.map +1 -1
- package/dist/analyzers/security/detailed.d.ts +7 -1
- package/dist/analyzers/security/detailed.d.ts.map +1 -1
- package/dist/analyzers/security/detailed.js +31 -15
- package/dist/analyzers/security/detailed.js.map +1 -1
- package/dist/analyzers/tests/actions.d.ts +18 -1
- package/dist/analyzers/tests/actions.d.ts.map +1 -1
- package/dist/analyzers/tests/actions.js +37 -1
- package/dist/analyzers/tests/actions.js.map +1 -1
- package/dist/analyzers/tests/detailed.d.ts +5 -1
- package/dist/analyzers/tests/detailed.d.ts.map +1 -1
- package/dist/analyzers/tests/detailed.js +42 -23
- package/dist/analyzers/tests/detailed.js.map +1 -1
- package/dist/analyzers/tests/types.d.ts +10 -0
- package/dist/analyzers/tests/types.d.ts.map +1 -1
- package/dist/attribution/attribute.d.ts +57 -0
- package/dist/attribution/attribute.d.ts.map +1 -0
- package/dist/attribution/attribute.js +149 -0
- package/dist/attribution/attribute.js.map +1 -0
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +53 -5
- package/dist/cli.js.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +12 -0
- package/dist/generator.js.map +1 -1
- package/dist/reviewers-cli.d.ts +57 -0
- package/dist/reviewers-cli.d.ts.map +1 -0
- package/dist/reviewers-cli.js +263 -0
- package/dist/reviewers-cli.js.map +1 -0
- package/package.json +1 -1
- package/templates/.claude/skills/dxkit-action/SKILL.md +42 -1
- package/templates/.claude/skills/dxkit-docs/SKILL.md +2 -0
- package/templates/.claude/skills/dxkit-feature/SKILL.md +14 -3
- package/templates/.claude/skills/dxkit-init/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-onboard/SKILL.md +2 -2
- package/templates/.claude/skills/dxkit-pr/SKILL.md +163 -0
- package/templates/.claude/skills/dxkit-reports/SKILL.md +1 -1
- package/templates/.claude/skills/dxkit-test/SKILL.md +130 -0
- package/templates/.claude/skills/dxkit-update/SKILL.md +4 -0
- package/templates/AGENTS.md.template +9 -3
- package/templates/CLAUDE.md.template +9 -3
|
@@ -0,0 +1,130 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: dxkit-test
|
|
3
|
+
description: Write the tests a repo is missing — read the test-gaps report (blast-radius-weighted), orient on what the untested code actually does via the graph, then write real tests that close the highest-risk gaps and move the Tests score without coverage theater. Use when the user says "write tests", "add tests for this module", "improve the test coverage / Tests score", "close the test gaps", "cover the untested files", or after a health report flags Testing.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# dxkit-test
|
|
7
|
+
|
|
8
|
+
This skill closes the gap `dxkit-action` doesn't: it **writes** the missing
|
|
9
|
+
tests rather than fixing flagged findings. It is the testing mirror of
|
|
10
|
+
`dxkit-docs` — same shape, different dimension. It's built around one hard
|
|
11
|
+
constraint: a test that doesn't actually exercise behavior (an empty `expect(true)`,
|
|
12
|
+
a snapshot of nothing, a call with no assertion) raises the coverage number
|
|
13
|
+
while proving nothing. The whole point of this skill is tests that are
|
|
14
|
+
**grounded in real behavior** and **catch real regressions** — not coverage
|
|
15
|
+
theater.
|
|
16
|
+
|
|
17
|
+
## The testing loop
|
|
18
|
+
|
|
19
|
+
```
|
|
20
|
+
[1] Read the gap → test-gaps: the blast-radius-weighted untested worklist
|
|
21
|
+
[2] Orient → graph: what the file does, who depends on it, what to assert
|
|
22
|
+
[3] Generate → write real tests in the repo's framework + patterns
|
|
23
|
+
[4] Verify → run the suite + coverage; Tests up, nothing red
|
|
24
|
+
[5] Guardrail → guardrail check before pushing
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
Don't skip [2] or [4]. [2] is what makes the tests meaningful; [4] is what
|
|
28
|
+
proves they pass and the coverage actually moved.
|
|
29
|
+
|
|
30
|
+
## [1] Read the gap — what's actually untested, worst-first
|
|
31
|
+
|
|
32
|
+
Run the test-gaps report with graph context so the worklist is ranked by
|
|
33
|
+
**blast radius** (how many files depend on each untested file), not just size:
|
|
34
|
+
|
|
35
|
+
```bash
|
|
36
|
+
npx vyuh-dxkit test-gaps --detailed --graph-context
|
|
37
|
+
npx vyuh-dxkit test-gaps --detailed --graph-context --json | jq '.actions, .gaps[0:10]'
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
The report partitions untested files into CRITICAL / HIGH / MEDIUM / LOW risk
|
|
41
|
+
tiers, and **within each tier the most-depended-on files surface first** (the
|
|
42
|
+
`Graph context` column shows `role · N caller files`). Work top-down: a
|
|
43
|
+
30-caller untested file is a bigger liability than a 500-line leaf nothing
|
|
44
|
+
calls. The `actions` array names the top-K per tier with projected
|
|
45
|
+
score uplift — that's your queue.
|
|
46
|
+
|
|
47
|
+
A `blast radius n/a` cell means graphify couldn't resolve that language's call
|
|
48
|
+
graph (C# is the known case) — treat it as *unknown*, not "no callers," and
|
|
49
|
+
fall back to the file's role + size to judge its risk.
|
|
50
|
+
|
|
51
|
+
## [2] Orient — understand the behavior before you assert on it
|
|
52
|
+
|
|
53
|
+
A test is only as good as your understanding of what the code should do.
|
|
54
|
+
Before writing, learn the real shape from the graph (cheap, structural):
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
npx vyuh-dxkit context src/payments/refund.ts # the file's symbols, callers, callees
|
|
58
|
+
npx vyuh-dxkit explore file src/payments/refund.ts # its structural neighborhood
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
Use it to decide three things:
|
|
62
|
+
|
|
63
|
+
- **What the public contract is** — the exported symbols are what callers rely
|
|
64
|
+
on; test those, not private helpers.
|
|
65
|
+
- **What the callers expect** — the caller files (blast radius) tell you the
|
|
66
|
+
real usage shapes to cover, including the edge cases they pass.
|
|
67
|
+
- **What's risky** — error paths, branching, boundary conditions. Then **read
|
|
68
|
+
the actual code** — the graph points you at it; it doesn't replace reading
|
|
69
|
+
it.
|
|
70
|
+
|
|
71
|
+
## [3] Generate — real tests, the repo's way
|
|
72
|
+
|
|
73
|
+
- **Match the existing framework + conventions.** Detect what the repo already
|
|
74
|
+
uses (vitest/jest, pytest, go test, JUnit, RSpec, …) from the existing test
|
|
75
|
+
files and `test-gaps` output — never introduce a new test framework. Copy the
|
|
76
|
+
nearest existing test's structure, naming, fixtures, and assertion style so
|
|
77
|
+
the new tests read like the repo's.
|
|
78
|
+
- **Assert behavior, not existence.** Each test must exercise a real path and
|
|
79
|
+
assert a real outcome — return values, side effects, error handling,
|
|
80
|
+
boundaries. A test that calls a function and asserts nothing is slop.
|
|
81
|
+
- **Cover the contract + the edges.** Happy path, the error/edge cases the
|
|
82
|
+
callers actually hit, and at least one boundary. Prioritize branches over
|
|
83
|
+
lines.
|
|
84
|
+
- **Don't fake it.** No mocking the unit under test into a tautology; no
|
|
85
|
+
asserting on a stub you wrote. Mock external boundaries (network, clock,
|
|
86
|
+
fs) the way the repo already does.
|
|
87
|
+
|
|
88
|
+
## [4] Verify — Tests up, suite green, no coverage theater
|
|
89
|
+
|
|
90
|
+
```bash
|
|
91
|
+
# Run the repo's real test command (from package.json / Makefile / etc.)
|
|
92
|
+
<the repo's test command> # e.g. npm test, pytest, go test ./...
|
|
93
|
+
|
|
94
|
+
# Re-materialize coverage + the gap report
|
|
95
|
+
npx vyuh-dxkit coverage # runs the suite to produce real line coverage
|
|
96
|
+
npx vyuh-dxkit test-gaps --detailed # the targeted gap should be gone / downgraded
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
The work is done when:
|
|
100
|
+
|
|
101
|
+
- The new tests **pass** (a failing or skipped test is not coverage).
|
|
102
|
+
- The targeted file is no longer in the gap worklist (or dropped a risk tier).
|
|
103
|
+
- `effectiveCoverage` rose from a real signal — prefer line-coverage truth
|
|
104
|
+
(`coverage`) over the filename-match heuristic; a name-matched 5-line test on
|
|
105
|
+
a 200-line file is exactly the theater this skill exists to avoid.
|
|
106
|
+
|
|
107
|
+
## [5] Guardrail — before pushing
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
npx vyuh-dxkit guardrail check
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Exit 0 = your new tests didn't introduce a net-new regression (e.g. a flaky
|
|
114
|
+
test, a slop finding in test prose). Address anything it flags before pushing.
|
|
115
|
+
|
|
116
|
+
## Scope — what NOT to test
|
|
117
|
+
|
|
118
|
+
- Don't test auto-generated, vendored, or trivial pass-through code just to
|
|
119
|
+
move the number — credit comes from covering the files that carry risk.
|
|
120
|
+
- Don't write tests you can't make pass; a `.skip` is a gap, not a closure.
|
|
121
|
+
- Don't assert on implementation details that will break on every refactor —
|
|
122
|
+
test the contract, not the internals.
|
|
123
|
+
|
|
124
|
+
## Hand-offs
|
|
125
|
+
|
|
126
|
+
- Running / interpreting the health or test-gaps report → `dxkit-reports`.
|
|
127
|
+
- A test gap surfaced as one finding inside a broader fix pass → `dxkit-action`.
|
|
128
|
+
- Testing a feature you're building → `dxkit-feature` (it offers to hand the
|
|
129
|
+
new surface here once the feature lands).
|
|
130
|
+
- Documentation gaps (the sibling generator skill) → `dxkit-docs`.
|
|
@@ -135,6 +135,10 @@ Iterate optional steps in the plan:
|
|
|
135
135
|
| "Doctor says X is broken" | `dxkit-fix` |
|
|
136
136
|
| "I want to run a report" | `dxkit-reports` |
|
|
137
137
|
| "Fix these findings" | `dxkit-action` |
|
|
138
|
+
| "Write the missing tests" | `dxkit-test` |
|
|
139
|
+
| "Write the missing docs" | `dxkit-docs` |
|
|
140
|
+
| "Manage / audit the allowlist" | `dxkit-allowlist` |
|
|
141
|
+
| "Raise the PR" | `dxkit-pr` |
|
|
138
142
|
| "Configure dxkit" | `dxkit-config` |
|
|
139
143
|
| "Set up hooks" | `dxkit-hooks` |
|
|
140
144
|
| "Explain dxkit" | `dxkit-learn` |
|
|
@@ -12,14 +12,20 @@ For agent-specific config, see the editor-specific files alongside this one —
|
|
|
12
12
|
|
|
13
13
|
This repo is managed by [`@vyuhlabs/dxkit`](https://github.com/vyuh-labs/dxkit). dxkit measures code health across 6 dimensions, captures a per-finding baseline, and gates PRs on net-new regressions.
|
|
14
14
|
|
|
15
|
-
|
|
15
|
+
The `dxkit-*` skills are installed under `.claude/skills/` (Claude Code auto-discovers via skill frontmatter):
|
|
16
16
|
|
|
17
17
|
- **dxkit-learn** — explains dxkit concepts (baselines, dimensions, scanners)
|
|
18
|
-
- **dxkit-init** — interactive setup
|
|
18
|
+
- **dxkit-onboard** — fresh-install walkthrough; **dxkit-init** — interactive setup
|
|
19
19
|
- **dxkit-config** — edit `.dxkit-ignore`, `.vyuh-dxkit.json`, policy
|
|
20
20
|
- **dxkit-hooks** — install / troubleshoot git hooks
|
|
21
21
|
- **dxkit-reports** — run analyzers, explain output, dashboard
|
|
22
|
-
- **dxkit-action** — prioritize + fix + verify + re-baseline
|
|
22
|
+
- **dxkit-action** — prioritize + fix + verify + re-baseline (scoped to one category if asked)
|
|
23
|
+
- **dxkit-test** — write the missing tests to close gaps; **dxkit-docs** — write the missing docs
|
|
24
|
+
- **dxkit-feature** — graph-guided net-new development
|
|
25
|
+
- **dxkit-ingest** — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
|
|
26
|
+
- **dxkit-allowlist** — manage the suppression lifecycle (audit / remove / prune / export to Snyk)
|
|
27
|
+
- **dxkit-pr** — open a PR with a diff-grounded body + reviewer checklist
|
|
28
|
+
- **dxkit-update** — upgrade an existing install; **dxkit-fix** — repair a broken one
|
|
23
29
|
|
|
24
30
|
Reach for the relevant skill when working in this repo. They wrap the `vyuh-dxkit` CLI with workflow guidance.
|
|
25
31
|
|
|
@@ -6,14 +6,20 @@ Whenever Claude Code starts a session in this repo, it reads BOTH files: this on
|
|
|
6
6
|
|
|
7
7
|
## dxkit skills
|
|
8
8
|
|
|
9
|
-
|
|
9
|
+
The `dxkit-*` skills are installed under `.claude/skills/`. Claude Code auto-discovers them via their frontmatter `description` fields:
|
|
10
10
|
|
|
11
11
|
- `dxkit-learn` — explain what dxkit does, what scores mean, what scanners run
|
|
12
|
-
- `dxkit-init` —
|
|
12
|
+
- `dxkit-onboard` / `dxkit-init` — fresh-install walkthrough / `init` flag choices
|
|
13
13
|
- `dxkit-config` — edit `.dxkit-ignore` / `.vyuh-dxkit.json` / policy
|
|
14
14
|
- `dxkit-hooks` — install / troubleshoot git hooks
|
|
15
15
|
- `dxkit-reports` — run analyzers + read output
|
|
16
|
-
- `dxkit-action` — prioritize + fix + verify + re-baseline
|
|
16
|
+
- `dxkit-action` — prioritize + fix + verify + re-baseline (scoped to one category if asked)
|
|
17
|
+
- `dxkit-test` / `dxkit-docs` — write the missing tests / docs to move a dimension
|
|
18
|
+
- `dxkit-feature` — graph-guided net-new development
|
|
19
|
+
- `dxkit-ingest` — bring external SAST (Snyk Code / CodeQL / SARIF) into dxkit
|
|
20
|
+
- `dxkit-allowlist` — manage the suppression lifecycle (audit / remove / prune / export)
|
|
21
|
+
- `dxkit-pr` — open a PR with a diff-grounded body + reviewer checklist
|
|
22
|
+
- `dxkit-update` / `dxkit-fix` — upgrade / repair an install
|
|
17
23
|
|
|
18
24
|
When the user asks about dxkit concepts or wants to run an analyzer, reach for the matching skill before improvising.
|
|
19
25
|
|