awesome-slash 2.6.0 → 2.7.0

package/.claude-plugin/marketplace.json

@@ -1,7 +1,7 @@
 {
   "name": "awesome-slash",
   "description": "Professional-grade slash commands for Claude Code with cross-platform support (OpenCode, Codex CLI)",
-  "version": "2.6.0",
+  "version": "2.7.0",
   "owner": {
     "name": "Avi Fenesh",
     "url": "https://github.com/avifenesh"
@@ -13,42 +13,42 @@
       "name": "next-task",
       "source": "./plugins/next-task",
       "description": "Master workflow orchestrator: autonomous workflow with model optimization (opus/sonnet/haiku), two-file state management, workflow enforcement gates, 14 specialist agents",
-      "version": "2.6.0",
+      "version": "2.7.0",
       "category": "productivity"
     },
     {
       "name": "ship",
       "source": "./plugins/ship",
       "description": "Complete PR workflow: commit to production, skips review when called from next-task, removes task from registry on cleanup, automatic rollback",
-      "version": "2.6.0",
+      "version": "2.7.0",
       "category": "deployment"
     },
     {
       "name": "deslop-around",
       "source": "./plugins/deslop-around",
-      "description": "AI slop cleanup with minimal diffs and behavior preservation",
-      "version": "2.6.0",
+      "description": "3-phase AI slop detection: regex patterns (HIGH), multi-pass analyzers (MEDIUM), CLI tools (LOW)",
+      "version": "2.7.0",
       "category": "development"
     },
     {
       "name": "project-review",
       "source": "./plugins/project-review",
       "description": "Multi-agent iterative code review until zero issues remain",
-      "version": "2.6.0",
+      "version": "2.7.0",
       "category": "development"
     },
     {
       "name": "reality-check",
       "source": "./plugins/reality-check",
       "description": "Deep repository analysis to realign project plans with code reality - detects drift, gaps, and creates prioritized reconstruction plans",
-      "version": "2.6.0",
+      "version": "2.7.0",
       "category": "productivity"
     }
   ],
   "mcpServer": {
     "name": "awesome-slash",
     "source": "./mcp-server",
-    "description": "MCP server for cross-platform integration (OpenCode, Codex CLI)",
-    "tools": ["workflow_status", "workflow_start", "workflow_resume", "workflow_abort", "task_discover", "review_code"]
+    "description": "Cross-platform MCP server with 3-phase slop detection pipeline",
+    "tools": ["workflow_status", "workflow_start", "workflow_resume", "workflow_abort", "task_discover", "review_code", "slop_detect"]
   }
 }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "awesome-slash",
-  "version": "2.6.0",
+  "version": "2.7.0",
   "description": "Professional-grade slash commands for Claude Code with cross-platform support",
   "author": {
     "name": "Avi Fenesh",

package/CHANGELOG.md

@@ -5,18 +5,164 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [Unreleased]
+## [2.7.0] - 2026-01-22
+
+### Added
+- **GitHub Issue Progress Comments** - Workflow now documents decisions and progress in issue comments (#95)
+  - Task discoverer posts "Workflow Started" comment when selecting a GitHub issue
+  - Planning agent posts plan summary to issue for documentation
+  - /ship posts completion comment and auto-closes issue on successful merge
+  - All comments include relevant context (policy config, plan summary, PR link, merge SHA)
+  - Auto-close uses `--reason completed` flag
+
+- **Slop Detection Pipeline Architecture** - 3-phase detection pipeline with certainty-tagged findings (#107, #116)
+  - **Phase 1** (always runs): Built-in regex patterns + multi-pass analyzers
+  - **Phase 2** (optional): CLI tool integration (jscpd, madge, escomplex) - if available
+  - **Phase 3**: LLM handoff with structured findings via `formatHandoffPrompt()`
+  - Certainty levels: HIGH (regex), MEDIUM (multi-pass), LOW (CLI tools)
+  - Thoroughness levels: quick (regex only), normal (+multi-pass), deep (+CLI)
+  - Mode inheritance from deslop-around: report (analyze only) vs apply (fix issues)
+  - New `runPipeline()` function in lib/patterns/pipeline.js
+  - New `formatHandoffPrompt()` for token-efficient LLM handoff (compact output grouped by certainty)
+  - New lib/patterns/cli-enhancers.js for optional tool detection
+  - Graceful degradation when CLI tools not installed
+
+- **Buzzword Inflation Detection** - New project-level analyzer for `/deslop-around` command (#113)
+  - Detects quality claims in documentation without supporting code evidence
+  - 6 buzzword categories: production, enterprise, security, scale, reliability, completeness
+  - Each category has specific evidence patterns to validate claims:
+    - Production: tests, error handling, logging
+    - Security: auth, validation, encryption
+    - Scale: async patterns, caching, connection pooling
+    - Enterprise: auth, audit logs, rate limiting
+    - Reliability: tests, coverage, error handling
+    - Completeness: edge case handling, documentation
+  - Distinguishes positive claims ("is production-ready") from aspirational ("TODO: make secure")
+  - Claims without sufficient evidence (default: 2 matches) are flagged as violations
+  - Severity `high`, autoFix `flag` (cannot auto-fix documentation claims)
+  - New `analyzeBuzzwordInflation()` function in slop-analyzers.js
+  - Comprehensive test suite with 50+ test cases
+
+- **Verbosity Detection** - New patterns for `/deslop-around` command to detect AI-generated verbose code
+  - `verbosity_preambles` - AI preamble phrases in comments (e.g., "Certainly!", "I'd be happy to help")
+  - `verbosity_buzzwords` - Marketing buzzwords that obscure meaning (e.g., "synergize", "paradigm shift", "game-changing")
+    - Excludes standard SE terminology like "leverage", "utilize", "orchestrate"
+  - `verbosity_hedging` - Hedging language in comments (e.g., "perhaps", "might be", "should work", "I think")
+  - `verbosity_ratio` - Multi-pass analyzer for excessive inline comments (>2:1 comment-to-code ratio)
+  - Multi-language support for comment detection (JavaScript, Python, Rust, Go)
+  - New `analyzeVerbosityRatio()` function in slop-analyzers.js
+
+- **Over-Engineering Metrics Detection** - New project-level analysis for `/deslop-around` command
+  - Detects three signals of over-engineering (the #1 AI slop indicator):
+    - File proliferation: >20 files per export
+    - Code density: >500 lines per export
+    - Directory depth: >4 levels in src/
+  - Multi-language support: JavaScript/TypeScript, Rust, Go, Python
+  - Export detection via standard entry points (index.js, lib.rs, __init__.py, etc.)
+  - Returns metrics with violations and severity (HIGH/MEDIUM/OK)
+  - New `analyzeOverEngineering()` function in slop-analyzers.js
+  - Severity `high`, autoFix `flag` (cannot auto-fix architectural issues)
+- **Generic Naming Detection** - New patterns for `/deslop-around` command to flag overly generic variable names
+  - JavaScript/TypeScript: `const/let/var data`, `result`, `item`, `temp`, `value`, `response`, etc.
+  - Python: Generic assignments (excludes for-in loop variables)
+  - Rust: `let`/`let mut` with generic names
+  - Go: Short declarations (`:=`) with generic names
+  - Severity `low` (advisory), autoFix `flag` (requires semantic understanding to rename)
+  - Test files excluded to prevent false positives
+- **Doc/Code Ratio Detection** - New `doc_code_ratio_js` pattern flags JSDoc blocks that are disproportionately longer than the functions they document (threshold: 3x function length)
+  - Uses multi-pass analysis to compute actual doc/code ratio
+  - Skips tiny functions (< 3 lines) to avoid false positives
+  - Severity `medium`, autoFix `flag` (requires manual review)
+  - New `lib/patterns/slop-analyzers.js` module for structural code analysis
+- **Issue/PR Reference Cleanup** - New `issue_pr_references` pattern flags ANY mention of issue/PR/iteration numbers in code comments as slop (e.g., `#123`, `PR #456`, `iteration 5`)
+  - Context belongs in commits and PRs, not code comments
+  - Severity `medium`, autoFix `remove` (clear slop)
+  - Excludes markdown files where issue references are appropriate
+- **File Path Reference Detection** - New `file_path_references` pattern flags file path references in comments that may become outdated (e.g., `// see auth-flow.md`)
+  - Severity `low`, autoFix `flag` (may have valid documentation purpose)
+- **Multi-Pass Pattern Helper** - New `getMultiPassPatterns()` function to retrieve patterns requiring structural analysis
+- **Placeholder Function Detection** - New patterns for `/deslop-around` command (#98)
+  - JavaScript/TypeScript: stub returns (0, true, false, null, [], {}), empty functions, throw Error("TODO")
+  - Rust: todo!(), unimplemented!(), panic!("TODO")
+  - Python: raise NotImplementedError, pass-only functions, ellipsis bodies
+  - Go: panic("TODO") placeholders
+  - Java: throw UnsupportedOperationException()
+  - All patterns have severity `high` and autoFix `flag` (requires manual review)
+  - Test files are excluded to prevent false positives
+
+- **Infrastructure-Without-Implementation Detection** - New pattern for detecting unused infrastructure components (#105)
+  - Detects infrastructure components that are configured but never used
+  - Supports JavaScript, Python, Go, and Rust
+  - Identifies unused database clients, cache connections, API clients, queue connections, event emitters
+  - Tracks usage across files to avoid false positives
+  - Excludes exported/module.exports patterns (intentional infrastructure setup files)
+  - Severity `high`, autoFix `flag` (requires manual review)
+  - New `analyzeInfrastructureWithoutImplementation()` function in slop-analyzers.js
+  - Focused test suite covering key scenarios and edge cases
+
+- **Code Smell Detection** - High-impact code smell patterns for maintainability (#106)
+  - High-certainty patterns (low false positive rate):
+    - `boolean_blindness`: Function calls with 3+ consecutive boolean params
+    - `message_chains_methods`: Long method chains (4+ calls)
+    - `message_chains_properties`: Deep property access (5+ levels)
+    - `mutable_globals_js`: let/var with UPPERCASE names in JavaScript
+    - `mutable_globals_py`: Mutable global collections in Python
+  - Multi-pass analyzers:
+    - `analyzeDeadCode()`: Unreachable code after return/throw/break/continue (JS, Python, Go, Rust)
+    - `analyzeShotgunSurgery()`: Files frequently changing together (git history analysis)
+  - Heuristic patterns (may have false positives):
+    - `feature_envy`: Method using another object 3+ times
+    - `speculative_generality_unused_params`: Underscore-prefixed params
+    - `speculative_generality_empty_interface`: Empty TypeScript interfaces
+  - All patterns have ReDoS-safe regex and comprehensive test coverage
+
+### Changed
+- **deslop-work Agent Refactor** - Rewrote from pseudo-JavaScript to explicit Bash/Read/Grep tool usage (#116)
+  - Now uses pipeline orchestrator (`runPipeline()`) instead of inline pattern matching
+  - Certainty-based decision making: HIGH (auto-fix), MEDIUM (verify context), LOW (investigate)
+  - Structured handoff via `formatHandoffPrompt()` reduces agent prompt verbosity
+  - Clearer separation: pipeline collects findings, agent makes decisions
+  - Improved maintainability with declarative tool instructions
+- **deslop-around Command** - Enhanced documentation for mode usage and pattern library (#116)
+  - Clarified report vs apply mode behavior
+  - Added references to pattern library categories
+  - Updated code smell detection section with latest patterns
+
+### Fixed
+- **findMatchingBrace** - Now skips comments to avoid breaking on quotes/apostrophes in comment text (e.g., "it's", "we're")
+- **Reality Check Output Size** - Condensed collector output to ~700 lines/~4.5k tokens (was thousands of lines)
+  - Issue/PR bodies replaced with 200-char snippets (full context not needed)
+  - Categorized issues store number + title (enough to understand without lookup)
+  - PRs include files changed for scope understanding
+  - Documentation features limited to 20, plans to 15
+  - Code structure replaced with summary stats + top-level dirs only
+  - File stats limited to top 10 extensions
+  - **Added symbol extraction** - function/class/export names per source file (up to 40 files)
+    - Helps agent verify if documented features are actually implemented
+    - Scans lib/, src/, app/, pages/, components/, utils/, services/, api/ dirs
 
 ## [2.6.0] - 2026-01-20
 
 ### Added
 - **CLI Installer** - `npm install -g awesome-slash@latest && awesome-slash`
   - Multi-select: choose one or more platforms (Claude Code, OpenCode, Codex)
-  - Configures MCP servers and plugins automatically
+  - Uses npm package files directly (no git clone)
+  - Claude Code: Uses GitHub marketplace for plugin installation
+  - OpenCode: Copies commands to `~/.opencode/commands/awesome-slash/`
+  - Codex: Copies prompts to `~/.codex/prompts/` (uses prompts system, not skills)
+  - Configures MCP servers automatically for OpenCode and Codex
   - Update: `npm update -g awesome-slash`
-  - Remove: `npm uninstall -g awesome-slash`
+  - Remove: `npm uninstall -g awesome-slash && awesome-slash --remove`
 - **Automated Release Workflow** - GitHub Actions workflow for npm publish with provenance
 
+### Fixed
+- **CLI Installer** - Multiple fixes for cross-platform installation
+  - Fixed OpenCode command path to `~/.opencode/commands/awesome-slash/`
+  - Fixed Codex to use proper skills format with `SKILL.md` (name + description)
+  - Fixed MCP server dependency installation
+  - Cleans up deprecated files and old wrong locations on install/update
+  - Added all 7 skills: next-task, ship, deslop-around, project-review, reality-check-scan, delivery-approval, update-docs-around
+
 ### Changed
 - **Reality Check Architectural Refactor** - Replaced 4 LLM agents with JS collectors + single Opus call (#97)
   - New `lib/reality-check/collectors.js` handles all data collection with pure JavaScript
@@ -25,16 +171,20 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - Enhanced `plan-synthesizer.md` to receive raw data and perform deep semantic analysis
   - ~77% token reduction for reality-check scans
   - Command flags replace interactive settings: `--sources`, `--depth`, `--output`, `--file`
+- **Package Size** - Reduced npm package size by excluding adapters and dev scripts
 
 ### Breaking Changes
 - `.claude/reality-check.local.md` settings file is no longer used
 - Use command flags instead: `/reality-check:scan --sources github,docs --depth quick`
+- `/reality-check:set` command removed (use flags instead)
 
 ### Removed
 - `plugins/reality-check/agents/issue-scanner.md`
 - `plugins/reality-check/agents/doc-analyzer.md`
 - `plugins/reality-check/agents/code-explorer.md`
 - `plugins/reality-check/lib/state/reality-check-state.js`
+- `plugins/reality-check/commands/set.md` (use command flags instead)
+- `adapters/` and `scripts/install/` from npm package (CLI handles installation)
 
 ## [2.5.1] - 2026-01-19
 

package/README.md

@@ -6,7 +6,7 @@ A cross-platform plugin providing powerful, zero-configuration slash commands fo
 
 [![npm](https://img.shields.io/npm/v/awesome-slash?color=red)](https://www.npmjs.com/package/awesome-slash)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
-[![Version](https://img.shields.io/badge/version-2.6.0-blue)](https://github.com/avifenesh/awesome-slash/releases)
+[![Version](https://img.shields.io/badge/version-2.7.0-blue)](https://github.com/avifenesh/awesome-slash/releases)
 [![GitHub stars](https://img.shields.io/github/stars/avifenesh/awesome-slash?style=flat&color=yellow)](https://github.com/avifenesh/awesome-slash/stargazers)
 [![Claude Code](https://img.shields.io/badge/Claude-Code%20Plugin-blue)](https://docs.anthropic.com/en/docs/claude-code)
 [![Codex CLI](https://img.shields.io/badge/Codex-CLI%20Compatible-green)](https://developers.openai.com/codex/cli)
@@ -16,6 +16,18 @@ A cross-platform plugin providing powerful, zero-configuration slash commands fo
 
 > **💡 Model Recommendation**: Using **Opus** as the main agent model produces significantly better results and follows workflow phases more tightly. While Sonnet works for simpler tasks, Opus is recommended for complex multi-step workflows.
 
+## What's New in v2.7.0
+
+- **GitHub Issue Progress Comments** - Workflow posts status updates to GitHub issues (start, plan, completion)
+- **Auto-Close Issues** - Issues automatically closed with completion comment when PR merges
+- **Deslop Enhancements** - Added infrastructure-without-implementation and buzzword inflation detection
+
+## What's New in v2.6.1
+
+- **CLI Installer Fixes** - Fixed OpenCode and Codex installation paths
+- **Codex Skills** - Proper `SKILL.md` format with `name` and `description` fields
+- **Smaller Package** - Removed adapters and dev scripts from npm package
+
 ## What's New in v2.6.0
 
 - **CLI Installer** - `npm install -g awesome-slash@latest && awesome-slash` for cross-platform setup
@@ -146,7 +158,7 @@ Ship your code from commit to production with full validation and state integrat
 
 ### `/deslop-around` - AI Slop Cleanup
 
-Remove debugging code, old TODOs, and AI slop from your codebase.
+Remove debugging code, old TODOs, and AI slop from your codebase with a 3-phase detection pipeline.
 
 ```bash
 /deslop-around                    # Report mode - analyze only
@@ -154,11 +166,31 @@ Remove debugging code, old TODOs, and AI slop from your codebase.
 /deslop-around apply src/ 10      # Fix up to 10 issues in src/
 ```
 
+**Architecture:**
+- **Phase 1** - Built-in regex patterns (HIGH certainty)
+- **Phase 2** - Multi-pass analyzers (MEDIUM certainty)
+- **Phase 3** - Optional CLI tools (LOW certainty, graceful degradation)
+  - JavaScript/TypeScript: jscpd, madge, escomplex
+  - Python: pylint, radon
+  - Go: golangci-lint
+  - Rust: clippy
+
+**Thoroughness levels:**
+- `quick` - Phase 1 only (fastest)
+- `normal` - Phase 1 + Phase 2 (default)
+- `deep` - Phase 1 + Phase 2 + Phase 3 (if tools available)
+
 **Detects:**
 - Console debugging (`console.log`, `print()`, `dbg!()`)
 - Old TODOs and commented code
 - Placeholder text, magic numbers
 - Empty catch blocks, disabled linters
+- Placeholder functions (`return 0`, `todo!()`, `raise NotImplementedError`)
+- Excessive documentation (JSDoc >3x function body)
+- Phantom references (issue/PR mentions, file path references in comments)
+- Infrastructure components configured but never used (unused DB clients, caches, API clients)
+- Code smells: boolean blindness, message chains, mutable globals, dead code, shotgun surgery
+- Buzzword inflation (quality claims without evidence)
 
 ---
 
@@ -223,7 +255,6 @@ Deep repository analysis to identify where documented plans diverge from actual
 /reality-check:scan                        # Full scan (default)
 /reality-check:scan --sources github,docs  # Specific sources
 /reality-check:scan --depth quick          # Quick scan
-/reality-check:set                         # Show available flags
 ```
 
 **Architecture:**