npm - claude-code-workflow - Versions diffs - 6.3.22 → 6.3.24 - Mend

claude-code-workflow 6.3.22 → 6.3.24

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/.claude/skills/code-reviewer/SKILL.md DELETED Viewed

@@ -1,308 +0,0 @@
----
-name: code-reviewer
-description: Comprehensive code review skill for identifying security vulnerabilities and best practices violations. Triggers on "code review", "review code", "security audit", "代码审查".
-allowed-tools: Read, Glob, Grep, mcp__ace-tool__search_context, mcp__ccw-tools__smart_search
----
-# Code Reviewer
-Comprehensive code review skill for identifying security vulnerabilities and best practices violations.
-## Architecture Overview
-```
-┌─────────────────────────────────────────────────────────────────┐
-│  Code Reviewer Workflow                                          │
-├─────────────────────────────────────────────────────────────────┤
-│                                                                  │
-│  Phase 1: Code Discovery     → 发现待审查的代码文件              │
-│           & Scoping              - 根据语言/框架识别文件          │
-│           ↓                      - 设置审查范围和优先级           │
-│                                                                  │
-│  Phase 2: Security           → 安全漏洞扫描                      │
-│           Analysis               - OWASP Top 10 检查             │
-│           ↓                      - 常见漏洞模式识别               │
-│                                  - 敏感数据泄露检查               │
-│                                                                  │
-│  Phase 3: Best Practices     → 最佳实践审查                      │
-│           Review                 - 代码质量检查                  │
-│           ↓                      - 性能优化建议                   │
-│                                  - 可维护性评估                  │
-│                                                                  │
-│  Phase 4: Report             → 生成审查报告                      │
-│           Generation             - 按严重程度分类问题             │
-│                                  - 提供修复建议和示例             │
-│                                  - 生成可追踪的修复清单           │
-│                                                                  │
-└─────────────────────────────────────────────────────────────────┘
-```
-## Features
-### Security Analysis
-- **OWASP Top 10 Coverage**
-  - Injection vulnerabilities (SQL, Command, LDAP)
-  - Authentication & authorization bypass
-  - Sensitive data exposure
-  - XML External Entities (XXE)
-  - Broken access control
-  - Security misconfiguration
-  - Cross-Site Scripting (XSS)
-  - Insecure deserialization
-  - Components with known vulnerabilities
-  - Insufficient logging & monitoring
-- **Language-Specific Checks**
-  - JavaScript/TypeScript: prototype pollution, eval usage
-  - Python: pickle vulnerabilities, command injection
-  - Java: deserialization, path traversal
-  - Go: race conditions, memory leaks
-### Best Practices Review
-- **Code Quality**
-  - Naming conventions
-  - Function complexity (cyclomatic complexity)
-  - Code duplication
-  - Dead code detection
-- **Performance**
-  - N+1 queries
-  - Inefficient algorithms
-  - Memory leaks
-  - Resource cleanup
-- **Maintainability**
-  - Documentation quality
-  - Test coverage
-  - Error handling patterns
-  - Dependency management
-## Usage
-### Basic Review
-```bash
-# Review entire codebase
-/code-reviewer
-# Review specific directory
-/code-reviewer --scope src/auth
-# Focus on security only
-/code-reviewer --focus security
-# Focus on best practices only
-/code-reviewer --focus best-practices
-```
-### Advanced Options
-```bash
-# Review with custom severity threshold
-/code-reviewer --severity critical,high
-# Review specific file types
-/code-reviewer --languages typescript,python
-# Generate detailed report with code snippets
-/code-reviewer --report-level detailed
-# Resume from previous session
-/code-reviewer --resume
-```
-## Configuration
-Create `.code-reviewer.json` in project root:
-```json
-{
-  "scope": {
-    "include": ["src/**/*", "lib/**/*"],
-    "exclude": ["**/*.test.ts", "**/*.spec.ts", "**/node_modules/**"]
-  },
-  "security": {
-    "enabled": true,
-    "checks": ["owasp-top-10", "cwe-top-25"],
-    "severity_threshold": "medium"
-  },
-  "best_practices": {
-    "enabled": true,
-    "code_quality": true,
-    "performance": true,
-    "maintainability": true
-  },
-  "reporting": {
-    "format": "markdown",
-    "output_path": ".code-review/",
-    "include_snippets": true,
-    "include_fixes": true
-  }
-}
-```
-## Output
-### Review Report Structure
-```markdown
-# Code Review Report
-## Executive Summary
-- Total Issues: 42
-- Critical: 3
-- High: 8
-- Medium: 15
-- Low: 16
-## Security Findings
-### [CRITICAL] SQL Injection in User Query
-**File**: src/auth/user-service.ts:145
-**Issue**: Unsanitized user input in SQL query
-**Fix**: Use parameterized queries
-Code Snippet:
-\`\`\`typescript
-// ❌ Vulnerable
-const query = `SELECT * FROM users WHERE username = '${username}'`;
-// ✅ Fixed
-const query = 'SELECT * FROM users WHERE username = ?';
-db.execute(query, [username]);
-\`\`\`
-## Best Practices Findings
-### [MEDIUM] High Cyclomatic Complexity
-**File**: src/utils/validator.ts:78
-**Issue**: Function has complexity score of 15 (threshold: 10)
-**Fix**: Break into smaller functions
-...
-```
-## Phase Documentation
-| Phase | Description | Output |
-|-------|-------------|--------|
-| [01-code-discovery.md](phases/01-code-discovery.md) | Discover and categorize code files | File inventory with metadata |
-| [02-security-analysis.md](phases/02-security-analysis.md) | Analyze security vulnerabilities | Security findings list |
-| [03-best-practices-review.md](phases/03-best-practices-review.md) | Review code quality and practices | Best practices findings |
-| [04-report-generation.md](phases/04-report-generation.md) | Generate comprehensive report | Markdown report |
-## Specifications
-- [specs/security-requirements.md](specs/security-requirements.md) - Security check specifications
-- [specs/best-practices-requirements.md](specs/best-practices-requirements.md) - Best practices standards
-- [specs/quality-standards.md](specs/quality-standards.md) - Overall quality standards
-- [specs/severity-classification.md](specs/severity-classification.md) - Issue severity criteria
-## Templates
-- [templates/security-finding.md](templates/security-finding.md) - Security finding template
-- [templates/best-practice-finding.md](templates/best-practice-finding.md) - Best practice finding template
-- [templates/report-template.md](templates/report-template.md) - Final report template
-## Integration with Development Workflow
-### Pre-commit Hook
-```bash
-#!/bin/bash
-# .git/hooks/pre-commit
-# Run code review on staged files
-staged_files=$(git diff --cached --name-only --diff-filter=ACMR)
-ccw run code-reviewer --scope "$staged_files" --severity critical,high
-if [ $? -ne 0 ]; then
-  echo "❌ Code review found critical/high issues. Commit aborted."
-  exit 1
-fi
-```
-### CI/CD Integration
-```yaml
-# .github/workflows/code-review.yml
-name: Code Review
-on: [pull_request]
-jobs:
-  review:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Run Code Review
-        run: |
-          ccw run code-reviewer --report-level detailed
-          ccw report upload .code-review/report.md
-```
-## Examples
-### Example 1: Security-Focused Review
-```bash
-# Review authentication module for security issues
-/code-reviewer --scope src/auth --focus security --severity critical,high
-```
-### Example 2: Performance Review
-```bash
-# Review API endpoints for performance issues
-/code-reviewer --scope src/api --focus best-practices --check performance
-```
-### Example 3: Full Project Audit
-```bash
-# Comprehensive review of entire codebase
-/code-reviewer --report-level detailed --output .code-review/audit-2024-01.md
-```
-## Troubleshooting
-### Large Codebase
-If review takes too long:
-```bash
-# Review in batches
-/code-reviewer --scope src/module-1
-/code-reviewer --scope src/module-2 --resume
-# Or use parallel execution
-/code-reviewer --parallel 4
-```
-### False Positives
-Configure suppressions in `.code-reviewer.json`:
-```json
-{
-  "suppressions": {
-    "security": {
-      "sql-injection": {
-        "paths": ["src/legacy/**/*"],
-        "reason": "Legacy code, scheduled for refactor"
-      }
-    }
-  }
-}
-```
-## Roadmap
-- [ ] AI-powered vulnerability detection
-- [ ] Integration with popular security scanners (Snyk, SonarQube)
-- [ ] Automated fix suggestions with diffs
-- [ ] IDE plugins for real-time feedback
-- [ ] Custom rule engine for organization-specific policies
-## License
-MIT License - See LICENSE file for details

package/.claude/skills/code-reviewer/phases/01-code-discovery.md DELETED Viewed

@@ -1,246 +0,0 @@
-# Phase 1: Code Discovery & Scoping
-## Objective
-Discover and categorize all code files within the specified scope, preparing them for security analysis and best practices review.
-## Input
-- **User Arguments**:
-  - `--scope`: Directory or file patterns (default: entire project)
-  - `--languages`: Specific languages to review (e.g., typescript, python, java)
-  - `--exclude`: Patterns to exclude (e.g., test files, node_modules)
-- **Configuration**: `.code-reviewer.json` (if exists)
-## Process
-### Step 1: Load Configuration
-```javascript
-// Check for project-level configuration
-const configPath = path.join(projectRoot, '.code-reviewer.json');
-const config = fileExists(configPath)
-  ? JSON.parse(readFile(configPath))
-  : getDefaultConfig();
-// Merge user arguments with config
-const scope = args.scope || config.scope.include;
-const exclude = args.exclude || config.scope.exclude;
-const languages = args.languages || config.languages || 'auto';
-```
-### Step 2: Discover Files
-Use MCP tools for efficient file discovery:
-```javascript
-// Use smart_search for file discovery
-const files = await mcp__ccw_tools__smart_search({
-  action: "find_files",
-  pattern: scope,
-  includeHidden: false
-});
-// Apply exclusion patterns
-const filteredFiles = files.filter(file => {
-  return !exclude.some(pattern => minimatch(file, pattern));
-});
-```
-### Step 3: Categorize Files
-Categorize files by:
-- **Language/Framework**: TypeScript, Python, Java, Go, etc.
-- **File Type**: Source, config, test, build
-- **Priority**: Critical (auth, payment), High (API), Medium (utils), Low (docs)
-```javascript
-const inventory = {
-  critical: {
-    auth: ['src/auth/login.ts', 'src/auth/jwt.ts'],
-    payment: ['src/payment/stripe.ts'],
-  },
-  high: {
-    api: ['src/api/users.ts', 'src/api/orders.ts'],
-    database: ['src/db/queries.ts'],
-  },
-  medium: {
-    utils: ['src/utils/validator.ts'],
-    services: ['src/services/*.ts'],
-  },
-  low: {
-    types: ['src/types/*.ts'],
-  }
-};
-```
-### Step 4: Extract Metadata
-For each file, extract:
-- **Lines of Code (LOC)**
-- **Complexity Indicators**: Function count, class count
-- **Dependencies**: Import statements
-- **Framework Detection**: Express, React, Django, etc.
-```javascript
-const metadata = files.map(file => ({
-  path: file,
-  language: detectLanguage(file),
-  loc: countLines(file),
-  complexity: estimateComplexity(file),
-  framework: detectFramework(file),
-  priority: categorizePriority(file)
-}));
-```
-## Output
-### File Inventory
-Save to `.code-review/inventory.json`:
-```json
-{
-  "scan_date": "2024-01-15T10:30:00Z",
-  "total_files": 247,
-  "by_language": {
-    "typescript": 185,
-    "python": 42,
-    "javascript": 15,
-    "go": 5
-  },
-  "by_priority": {
-    "critical": 12,
-    "high": 45,
-    "medium": 120,
-    "low": 70
-  },
-  "files": [
-    {
-      "path": "src/auth/login.ts",
-      "language": "typescript",
-      "loc": 245,
-      "functions": 8,
-      "classes": 2,
-      "priority": "critical",
-      "framework": "express",
-      "dependencies": ["bcrypt", "jsonwebtoken", "express"]
-    }
-  ]
-}
-```
-### Summary Report
-```markdown
-## Code Discovery Summary
-**Scope**: src/**/*
-**Total Files**: 247
-**Languages**: TypeScript (75%), Python (17%), JavaScript (6%), Go (2%)
-### Priority Distribution
-- Critical: 12 files (authentication, payment processing)
-- High: 45 files (API endpoints, database queries)
-- Medium: 120 files (utilities, services)
-- Low: 70 files (types, configs)
-### Key Areas Identified
-1. **Authentication Module** (src/auth/) - 12 files, 2,400 LOC
-2. **Payment Processing** (src/payment/) - 5 files, 1,200 LOC
-3. **API Layer** (src/api/) - 35 files, 5,600 LOC
-4. **Database Layer** (src/db/) - 8 files, 1,800 LOC
-**Next Phase**: Security Analysis on Critical + High priority files
-```
-## State Management
-Save phase state for potential resume:
-```json
-{
-  "phase": "01-code-discovery",
-  "status": "completed",
-  "timestamp": "2024-01-15T10:35:00Z",
-  "output": {
-    "inventory_path": ".code-review/inventory.json",
-    "total_files": 247,
-    "critical_files": 12,
-    "high_files": 45
-  }
-}
-```
-## Agent Instructions
-```markdown
-You are in Phase 1 of the Code Review workflow. Your task is to discover and categorize code files.
-**Instructions**:
-1. Use mcp__ccw_tools__smart_search with action="find_files" to discover files
-2. Apply exclusion patterns from config or arguments
-3. Categorize files by language, type, and priority
-4. Extract basic metadata (LOC, complexity indicators)
-5. Save inventory to .code-review/inventory.json
-6. Generate summary report
-7. Proceed to Phase 2 with critical + high priority files
-**Tools Available**:
-- mcp__ccw_tools__smart_search (file discovery)
-- Read (read configuration and sample files)
-- Write (save inventory and reports)
-**Output Requirements**:
-- inventory.json with complete file list and metadata
-- Summary markdown report
-- State file for phase tracking
-```
-## Error Handling
-### No Files Found
-```javascript
-if (filteredFiles.length === 0) {
-  throw new Error(`No files found matching scope: ${scope}
-  Suggestions:
-  - Check if scope pattern is correct
-  - Verify exclude patterns are not too broad
-  - Ensure project has code files in specified scope
-  `);
-}
-```
-### Large Codebase
-```javascript
-if (filteredFiles.length > 1000) {
-  console.warn(`⚠️ Large codebase detected (${filteredFiles.length} files)`);
-  console.log(`Consider using --scope to review in batches`);
-  // Offer to focus on critical/high priority only
-  const answer = await askUser("Review critical/high priority files only?");
-  if (answer === 'yes') {
-    filteredFiles = filteredFiles.filter(f =>
-      f.priority === 'critical' || f.priority === 'high'
-    );
-  }
-}
-```
-## Validation
-Before proceeding to Phase 2:
-- ✅ Inventory file created
-- ✅ At least one file categorized as critical or high priority
-- ✅ Metadata extracted for all files
-- ✅ Summary report generated
-- ✅ State saved for resume capability
-## Next Phase
-**Phase 2: Security Analysis** - Analyze critical and high priority files for security vulnerabilities using OWASP Top 10 and CWE Top 25 checks.