npm - autoworkflow - Versions diffs - 3.1.1 → 3.1.3 - Mend

autoworkflow 3.1.1 → 3.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/.claude/commands/audit.md +151 -70
package/package.json +1 -1

package/.claude/commands/audit.md CHANGED Viewed

@@ -1,10 +1,11 @@
 # /audit - Audit Command
-Run UI enforcement and circular dependency checks.
+Run code quality, security, and architecture audits.
 ## Trigger
 - User invokes `/audit`
 - User invokes `/audit project` (full project scan)
+- User invokes `/audit [feature]` (audit specific feature)
 - **AUTOMATIC:** When BLUEPRINT.md is missing at session start
 - Or: Automatically after VERIFY phase (for features)
 - Or: Part of audit_loop
@@ -16,12 +17,127 @@ Per `system/router.md`, audit is required for:
 - `perf` - Performance changes
 ## Arguments
-- `/audit` - Run standard UI + cycle checks
-- `/audit project` - Full project scan (generates/updates BLUEPRINT.md)
+- `/audit` - Run standard checks (UI + cycles)
+- `/audit project` - Full project scan (generates BLUEPRINT.md)
+- `/audit [feature name]` - Deep audit of specific feature
 ---
-## Mode 1: Project Audit (Full Scan)
+## Audit Types
+### Type 1: Feature Audit (`/audit [feature]`)
+Deep code review of a specific feature. Check for:
+**Security:**
+- [ ] Authentication/authorization on all endpoints
+- [ ] CSRF protection on POST/PUT/DELETE
+- [ ] Input validation (length, type, format)
+- [ ] SQL injection prevention (parameterized queries)
+- [ ] XSS prevention (output encoding)
+- [ ] Sensitive data exposure
+**Code Quality:**
+- [ ] Error handling and logging
+- [ ] Consistent response formats
+- [ ] No hardcoded values (use constants/config)
+- [ ] No TODO/FIXME comments
+- [ ] No console.log/debug statements
+**Architecture:**
+- [ ] Follows existing patterns
+- [ ] No circular dependencies
+- [ ] Proper separation of concerns
+**Feature Completeness (AI Analysis):**
+Claude analyzes the code itself to determine what's missing. No BLUEPRINT needed.
+| If You Find... | Check For... |
+|----------------|--------------|
+| API endpoint | Frontend component that calls it |
+| Form component | Validation, error states, loading state, success feedback |
+| CRUD operations | All 4 operations? Delete confirmation modal? |
+| Auth-protected route | Auth check? Redirect on unauthorized? |
+| Data fetching | Loading skeleton? Error state? Empty state? Retry? |
+| User action | Optimistic UI? Rollback on failure? Toast feedback? |
+| List/table | Pagination? Search/filter? Sort? Empty state? |
+| File upload | Progress indicator? Size/type validation? Error handling? |
+| Modal/dialog | Close on escape? Click outside to close? Focus trap? |
+| Navigation | Active state? Mobile menu? Breadcrumbs where needed? |
+**Completeness Score:**
+```
+Feature: [Name]
+├── Backend:  ✅ API exists
+├── Frontend: ✅ UI calls API
+├── States:   ⚠️ Missing error handling
+├── UX:       ⚠️ No loading indicator
+└── Score:    75% complete
+Missing for 100%:
+1. Add error boundary around component
+2. Add loading skeleton during fetch
+3. Add empty state for no results
+```
+### Output Format (Feature Audit):
+```
+## Audit Report: [Feature Name]
+### Files Reviewed
+| File | Lines | Purpose |
+|------|-------|---------|
+| [file] | [count] | [purpose] |
+### Status: [PASS/PASS with recommendations/FAIL]
+### Strengths
+| Item | Location | Status |
+|------|----------|--------|
+| [good thing] | [where] | ✅ |
+### Issues Found
+| Severity | Issue | Location | Recommendation |
+|----------|-------|----------|----------------|
+| 🔴 High | [issue] | [where] | [fix] |
+| 🟡 Medium | [issue] | [where] | [fix] |
+| 🟢 Low | [issue] | [where] | [fix] |
+| ℹ️ Info | [issue] | [where] | [fix] |
+---
+## 🔧 Suggested Fixes
+Based on the issues found, I recommend:
+1. **[Issue 1]** - [Detailed fix description]
+   - File: [path]
+   - Change: [what to change]
+2. **[Issue 2]** - [Detailed fix description]
+   - File: [path]
+   - Change: [what to change]
+---
+**Should I implement these fixes?**
+- `yes` - Fix all issues
+- `high only` - Fix only high/medium severity
+- `1, 2, 4` - Fix specific issues by number
+- `no` - Skip fixes, proceed to next audit
+```
+**IMPORTANT:** When issues are found:
+1. ALWAYS offer to fix them
+2. WAIT for user approval
+3. Implement approved fixes
+4. Re-run audit to verify
+5. ONLY THEN ask about next feature
+---
+### Type 2: Project Audit (`/audit project`)
 When `/audit project` is invoked OR when BLUEPRINT.md is missing:
@@ -31,7 +147,7 @@ When `/audit project` is invoked OR when BLUEPRINT.md is missing:
 - Just notify and run immediately
 - Only ask permission when presenting results to SAVE
-### Step 1: Scan Codebase (Single Pass)
+#### Step 1: Scan Codebase (Single Pass)
 ```bash
 # All discovery commands run ONCE
 cat package.json | grep -A 30 "dependencies"
@@ -46,7 +162,7 @@ ls -la src/
 grep -r "/api/" src/ | head -30
 ```
-### Step 2: Present Dual Updates
+#### Step 2: Present Dual Updates
 ```
 ## 🔍 Project Audit Complete
@@ -81,16 +197,16 @@ src/
 - BLUEPRINT.md → Create/update with discoveries
 ```
-### Step 3: Save After Approval
+#### Step 3: Save After Approval
 Update both files with discovered information.
 ---
-## Mode 2: Standard Audit (Default)
+### Type 3: Standard Audit (`/audit`)
-## Workflow
+Quick check for UI enforcement and circular dependencies.
-### Step 1: Run UI Enforcement
+#### Step 1: Run UI Enforcement
 ```bash
 npm run audit:ui
 ```
@@ -101,7 +217,7 @@ Check for orphan features:
 - Utilities not imported anywhere
 - Routes without page components
-### Step 2: Run Circular Dependency Check
+#### Step 2: Run Circular Dependency Check
 ```bash
 npm run audit:cycles
 ```
@@ -111,7 +227,7 @@ Check for import cycles:
 - A → B → C → A
 - Longer chains
-### Step 3: Report Results
+#### Step 3: Report Results
 **On Success:**
 ```
@@ -129,86 +245,49 @@ Check for import cycles:
 Ready to proceed to COMMIT.
 ```
-**On UI Failure:**
+**On Failure:**
 ```
 ## Audit
 | Check | Status | Details |
 |-------|--------|---------|
 | UI Enforcement | ⛔ | Orphan features found |
-| Circular Deps | ✅ | No cycles |
-### Orphan Features Detected
-**API without UI:**
-- `/api/users` - No component calls this endpoint
-**Unused Hooks:**
-- `useAuth` - Not used by any component
+| Circular Deps | ⛔ | Cycles detected |
-**Unreachable Routes:**
-- `/settings` - No navigation leads here
+### Issues Found
-**Gate Status:** `audit_gate` ⛔ BLOCKED
+[List all issues with locations]
 ---
-⛔ **BLOCKED: Cannot commit orphan features**
+## 🔧 Suggested Fixes
-Must add UI for each backend feature.
+1. **[Issue 1]** - [Fix description]
+2. **[Issue 2]** - [Fix description]
-### Required Actions
-1. Create `UserList.tsx` component for `/api/users`
-2. Use `useAuth` hook in `AuthProvider.tsx`
-3. Add navigation link to `/settings`
-Building missing UI components...
+**Should I implement these fixes?**
 ```
-**On Cycle Failure:**
-```
-## Audit
-| Check | Status | Details |
-|-------|--------|---------|
-| UI Enforcement | ✅ | No orphans |
-| Circular Deps | ⛔ | Cycles detected |
+---
-### Circular Dependencies Found
+## Critical Rule: Always Offer to Fix
-**Cycle 1:**
-```
-src/hooks/useAuth.ts
-    → src/api/auth.ts
-    → src/hooks/useAuth.ts (CYCLE)
-```
+**NEVER** just report issues and move on. The workflow is:
-**Cycle 2:**
 ```
-src/components/Button.tsx
-    → src/utils/helpers.ts
-    → src/components/Icon.tsx
-    → src/components/Button.tsx (CYCLE)
+1. AUDIT → Find issues
+2. REPORT → Show issues with severity
+3. SUGGEST → Offer specific fixes
+4. WAIT → Get user approval
+5. FIX → Implement approved fixes
+6. RE-AUDIT → Verify fixes worked
+7. THEN → Proceed to next item
 ```
-**Gate Status:** `audit_gate` ⛔ BLOCKED
+If user says "no" to fixes, log it and proceed. But ALWAYS offer.
 ---
-⛔ **BLOCKED: Cannot commit with circular dependencies**
-### Required Actions
-1. Extract shared code from `useAuth` and `auth.ts`
-2. Break Button → Icon dependency
-Resolving cycles...
-```
-### Step 4: Fix Loop (if issues)
-Per `system/loops.md`:
-- `ui_fix_loop` - Build missing UI
-- `cycle_fix_loop` - Resolve import cycles
 ## Gate
 `audit_gate` - Must pass before COMMIT for features.
@@ -223,5 +302,7 @@ npm run audit:all     # Run all audits
 See `system/loops.md#audit_loop` for loop definition.
 ## Examples
-- `/audit` - Run all audit checks
-- Automatic after verify passes (for features)
+- `/audit` - Quick UI + cycles check
+- `/audit project` - Full project scan
+- `/audit authentication` - Deep audit of auth feature
+- `/audit EntityController` - Audit specific file/class

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "autoworkflow",
-  "version": "3.1.1",
+  "version": "3.1.3",
   "description": "Automated workflow enforcement for Claude Code via hooks and system prompts",
   "type": "module",
   "bin": {