npm - claude-code-workflow - Versions diffs - 6.3.23 → 6.3.25 - Mend

claude-code-workflow 6.3.23 → 6.3.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/.claude/skills/code-reviewer/README.md DELETED Viewed

@@ -1,340 +0,0 @@
-# Code Reviewer Skill
-A comprehensive code review skill for identifying security vulnerabilities and best practices violations.
-## Overview
-The **code-reviewer** skill provides automated code review capabilities covering:
-- **Security Analysis**: OWASP Top 10, CWE Top 25, language-specific vulnerabilities
-- **Code Quality**: Naming conventions, complexity, duplication, dead code
-- **Performance**: N+1 queries, inefficient algorithms, memory leaks
-- **Maintainability**: Documentation, test coverage, dependency health
-## Quick Start
-### Basic Usage
-```bash
-# Review entire codebase
-/code-reviewer
-# Review specific directory
-/code-reviewer --scope src/auth
-# Focus on security only
-/code-reviewer --focus security
-# Focus on best practices only
-/code-reviewer --focus best-practices
-```
-### Advanced Options
-```bash
-# Review with custom severity threshold
-/code-reviewer --severity critical,high
-# Review specific file types
-/code-reviewer --languages typescript,python
-# Generate detailed report
-/code-reviewer --report-level detailed
-# Resume from previous session
-/code-reviewer --resume
-```
-## Features
-### Security Analysis
-✅ **OWASP Top 10 2021 Coverage**
-- Injection vulnerabilities (SQL, Command, XSS)
-- Authentication & authorization flaws
-- Sensitive data exposure
-- Security misconfiguration
-- And more...
-✅ **CWE Top 25 Coverage**
-- Cross-site scripting (CWE-79)
-- SQL injection (CWE-89)
-- Command injection (CWE-78)
-- Input validation (CWE-20)
-- And more...
-✅ **Language-Specific Checks**
-- JavaScript/TypeScript: prototype pollution, eval usage
-- Python: pickle vulnerabilities, command injection
-- Java: deserialization, XXE
-- Go: race conditions, memory leaks
-### Best Practices Review
-✅ **Code Quality**
-- Naming convention compliance
-- Cyclomatic complexity analysis
-- Code duplication detection
-- Dead code identification
-✅ **Performance**
-- N+1 query detection
-- Inefficient algorithm patterns
-- Memory leak detection
-- Resource cleanup verification
-✅ **Maintainability**
-- Documentation coverage
-- Test coverage analysis
-- Dependency health check
-- Error handling review
-## Output
-The skill generates comprehensive reports in `.code-review/` directory:
-```
-.code-review/
-├── inventory.json              # File inventory with metadata
-├── security-findings.json      # Security vulnerabilities
-├── best-practices-findings.json # Best practices violations
-├── summary.json                # Summary statistics
-├── REPORT.md                   # Comprehensive markdown report
-└── FIX-CHECKLIST.md           # Actionable fix checklist
-```
-### Report Contents
-**REPORT.md** includes:
-- Executive summary with risk assessment
-- Quality scores (Security, Code Quality, Performance, Maintainability)
-- Detailed findings organized by severity
-- Code examples with fix recommendations
-- Action plan prioritized by urgency
-- Compliance status (PCI DSS, HIPAA, GDPR, SOC 2)
-**FIX-CHECKLIST.md** provides:
-- Checklist format for tracking fixes
-- Organized by severity (Critical → Low)
-- Effort estimates for each issue
-- Priority assignments
-## Configuration
-Create `.code-reviewer.json` in project root:
-```json
-{
-  "scope": {
-    "include": ["src/**/*", "lib/**/*"],
-    "exclude": ["**/*.test.ts", "**/*.spec.ts", "**/node_modules/**"]
-  },
-  "security": {
-    "enabled": true,
-    "checks": ["owasp-top-10", "cwe-top-25"],
-    "severity_threshold": "medium"
-  },
-  "best_practices": {
-    "enabled": true,
-    "code_quality": true,
-    "performance": true,
-    "maintainability": true
-  },
-  "reporting": {
-    "format": "markdown",
-    "output_path": ".code-review/",
-    "include_snippets": true,
-    "include_fixes": true
-  }
-}
-```
-## Workflow
-### Phase 1: Code Discovery
-- Discover and categorize code files
-- Extract metadata (LOC, complexity, framework)
-- Prioritize files (Critical, High, Medium, Low)
-### Phase 2: Security Analysis
-- Scan for OWASP Top 10 vulnerabilities
-- Check CWE Top 25 weaknesses
-- Apply language-specific security patterns
-- Generate security findings
-### Phase 3: Best Practices Review
-- Analyze code quality issues
-- Detect performance problems
-- Assess maintainability concerns
-- Generate best practices findings
-### Phase 4: Report Generation
-- Consolidate all findings
-- Calculate quality scores
-- Generate comprehensive reports
-- Create actionable checklists
-## Integration
-### Pre-commit Hook
-Block commits with critical/high issues:
-```bash
-#!/bin/bash
-# .git/hooks/pre-commit
-staged_files=$(git diff --cached --name-only --diff-filter=ACMR)
-ccw run code-reviewer --scope "$staged_files" --severity critical,high
-if [ $? -ne 0 ]; then
-  echo "❌ Code review found critical/high issues. Commit aborted."
-  exit 1
-fi
-```
-### CI/CD Integration
-```yaml
-# .github/workflows/code-review.yml
-name: Code Review
-on: [pull_request]
-jobs:
-  review:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Run Code Review
-        run: |
-          ccw run code-reviewer --report-level detailed
-          ccw report upload .code-review/report.md
-```
-## Examples
-### Example 1: Security-Focused Review
-```bash
-# Review authentication module for security issues
-/code-reviewer --scope src/auth --focus security --severity critical,high
-```
-**Output**: Security findings with OWASP/CWE mappings and fix recommendations
-### Example 2: Performance Review
-```bash
-# Review API endpoints for performance issues
-/code-reviewer --scope src/api --focus best-practices --check performance
-```
-**Output**: N+1 queries, inefficient algorithms, memory leak detections
-### Example 3: Full Project Audit
-```bash
-# Comprehensive review of entire codebase
-/code-reviewer --report-level detailed --output .code-review/audit-2024-01.md
-```
-**Output**: Complete audit with all findings, scores, and action plan
-## Compliance Support
-The skill maps findings to compliance requirements:
-- **PCI DSS**: Requirement 6.5 (Common coding vulnerabilities)
-- **HIPAA**: Technical safeguards and access controls
-- **GDPR**: Article 32 (Security of processing)
-- **SOC 2**: Security controls and monitoring
-## Architecture
-### Execution Mode
-**Sequential** - Fixed phase order for systematic review:
-1. Code Discovery → 2. Security Analysis → 3. Best Practices → 4. Report Generation
-### Tools Used
-- `mcp__ace-tool__search_context` - Semantic code search
-- `mcp__ccw-tools__smart_search` - Pattern matching
-- `Read` - File content access
-- `Write` - Report generation
-## Quality Standards
-### Scoring System
-```
-Overall Score = (
-  Security Score × 0.4 +
-  Code Quality Score × 0.25 +
-  Performance Score × 0.2 +
-  Maintainability Score × 0.15
-)
-```
-### Score Ranges
-- **A (90-100)**: Excellent - Production ready
-- **B (80-89)**: Good - Minor improvements needed
-- **C (70-79)**: Acceptable - Some issues to address
-- **D (60-69)**: Poor - Significant improvements required
-- **F (0-59)**: Failing - Major issues, not production ready
-## Troubleshooting
-### Large Codebase
-If review takes too long:
-```bash
-# Review in batches
-/code-reviewer --scope src/module-1
-/code-reviewer --scope src/module-2 --resume
-# Or use parallel execution
-/code-reviewer --parallel 4
-```
-### False Positives
-Configure suppressions in `.code-reviewer.json`:
-```json
-{
-  "suppressions": {
-    "security": {
-      "sql-injection": {
-        "paths": ["src/legacy/**/*"],
-        "reason": "Legacy code, scheduled for refactor"
-      }
-    }
-  }
-}
-```
-## File Structure
-```
-.claude/skills/code-reviewer/
-├── SKILL.md                    # Main skill documentation
-├── README.md                   # This file
-├── phases/
-│   ├── 01-code-discovery.md
-│   ├── 02-security-analysis.md
-│   ├── 03-best-practices-review.md
-│   └── 04-report-generation.md
-├── specs/
-│   ├── security-requirements.md
-│   ├── best-practices-requirements.md
-│   └── quality-standards.md
-└── templates/
-    ├── security-finding.md
-    ├── best-practice-finding.md
-    └── report-template.md
-```
-## Version
-**v1.0.0** - Initial release
-## License
-MIT License

package/.claude/skills/code-reviewer/SKILL.md DELETED Viewed

@@ -1,308 +0,0 @@
----
-name: code-reviewer
-description: Comprehensive code review skill for identifying security vulnerabilities and best practices violations. Triggers on "code review", "review code", "security audit", "代码审查".
-allowed-tools: Read, Glob, Grep, mcp__ace-tool__search_context, mcp__ccw-tools__smart_search
----
-# Code Reviewer
-Comprehensive code review skill for identifying security vulnerabilities and best practices violations.
-## Architecture Overview
-```
-┌─────────────────────────────────────────────────────────────────┐
-│  Code Reviewer Workflow                                          │
-├─────────────────────────────────────────────────────────────────┤
-│                                                                  │
-│  Phase 1: Code Discovery     → 发现待审查的代码文件              │
-│           & Scoping              - 根据语言/框架识别文件          │
-│           ↓                      - 设置审查范围和优先级           │
-│                                                                  │
-│  Phase 2: Security           → 安全漏洞扫描                      │
-│           Analysis               - OWASP Top 10 检查             │
-│           ↓                      - 常见漏洞模式识别               │
-│                                  - 敏感数据泄露检查               │
-│                                                                  │
-│  Phase 3: Best Practices     → 最佳实践审查                      │
-│           Review                 - 代码质量检查                  │
-│           ↓                      - 性能优化建议                   │
-│                                  - 可维护性评估                  │
-│                                                                  │
-│  Phase 4: Report             → 生成审查报告                      │
-│           Generation             - 按严重程度分类问题             │
-│                                  - 提供修复建议和示例             │
-│                                  - 生成可追踪的修复清单           │
-│                                                                  │
-└─────────────────────────────────────────────────────────────────┘
-```
-## Features
-### Security Analysis
-- **OWASP Top 10 Coverage**
-  - Injection vulnerabilities (SQL, Command, LDAP)
-  - Authentication & authorization bypass
-  - Sensitive data exposure
-  - XML External Entities (XXE)
-  - Broken access control
-  - Security misconfiguration
-  - Cross-Site Scripting (XSS)
-  - Insecure deserialization
-  - Components with known vulnerabilities
-  - Insufficient logging & monitoring
-- **Language-Specific Checks**
-  - JavaScript/TypeScript: prototype pollution, eval usage
-  - Python: pickle vulnerabilities, command injection
-  - Java: deserialization, path traversal
-  - Go: race conditions, memory leaks
-### Best Practices Review
-- **Code Quality**
-  - Naming conventions
-  - Function complexity (cyclomatic complexity)
-  - Code duplication
-  - Dead code detection
-- **Performance**
-  - N+1 queries
-  - Inefficient algorithms
-  - Memory leaks
-  - Resource cleanup
-- **Maintainability**
-  - Documentation quality
-  - Test coverage
-  - Error handling patterns
-  - Dependency management
-## Usage
-### Basic Review
-```bash
-# Review entire codebase
-/code-reviewer
-# Review specific directory
-/code-reviewer --scope src/auth
-# Focus on security only
-/code-reviewer --focus security
-# Focus on best practices only
-/code-reviewer --focus best-practices
-```
-### Advanced Options
-```bash
-# Review with custom severity threshold
-/code-reviewer --severity critical,high
-# Review specific file types
-/code-reviewer --languages typescript,python
-# Generate detailed report with code snippets
-/code-reviewer --report-level detailed
-# Resume from previous session
-/code-reviewer --resume
-```
-## Configuration
-Create `.code-reviewer.json` in project root:
-```json
-{
-  "scope": {
-    "include": ["src/**/*", "lib/**/*"],
-    "exclude": ["**/*.test.ts", "**/*.spec.ts", "**/node_modules/**"]
-  },
-  "security": {
-    "enabled": true,
-    "checks": ["owasp-top-10", "cwe-top-25"],
-    "severity_threshold": "medium"
-  },
-  "best_practices": {
-    "enabled": true,
-    "code_quality": true,
-    "performance": true,
-    "maintainability": true
-  },
-  "reporting": {
-    "format": "markdown",
-    "output_path": ".code-review/",
-    "include_snippets": true,
-    "include_fixes": true
-  }
-}
-```
-## Output
-### Review Report Structure
-```markdown
-# Code Review Report
-## Executive Summary
-- Total Issues: 42
-- Critical: 3
-- High: 8
-- Medium: 15
-- Low: 16
-## Security Findings
-### [CRITICAL] SQL Injection in User Query
-**File**: src/auth/user-service.ts:145
-**Issue**: Unsanitized user input in SQL query
-**Fix**: Use parameterized queries
-Code Snippet:
-\`\`\`typescript
-// ❌ Vulnerable
-const query = `SELECT * FROM users WHERE username = '${username}'`;
-// ✅ Fixed
-const query = 'SELECT * FROM users WHERE username = ?';
-db.execute(query, [username]);
-\`\`\`
-## Best Practices Findings
-### [MEDIUM] High Cyclomatic Complexity
-**File**: src/utils/validator.ts:78
-**Issue**: Function has complexity score of 15 (threshold: 10)
-**Fix**: Break into smaller functions
-...
-```
-## Phase Documentation
-| Phase | Description | Output |
-|-------|-------------|--------|
-| [01-code-discovery.md](phases/01-code-discovery.md) | Discover and categorize code files | File inventory with metadata |
-| [02-security-analysis.md](phases/02-security-analysis.md) | Analyze security vulnerabilities | Security findings list |
-| [03-best-practices-review.md](phases/03-best-practices-review.md) | Review code quality and practices | Best practices findings |
-| [04-report-generation.md](phases/04-report-generation.md) | Generate comprehensive report | Markdown report |
-## Specifications
-- [specs/security-requirements.md](specs/security-requirements.md) - Security check specifications
-- [specs/best-practices-requirements.md](specs/best-practices-requirements.md) - Best practices standards
-- [specs/quality-standards.md](specs/quality-standards.md) - Overall quality standards
-- [specs/severity-classification.md](specs/severity-classification.md) - Issue severity criteria
-## Templates
-- [templates/security-finding.md](templates/security-finding.md) - Security finding template
-- [templates/best-practice-finding.md](templates/best-practice-finding.md) - Best practice finding template
-- [templates/report-template.md](templates/report-template.md) - Final report template
-## Integration with Development Workflow
-### Pre-commit Hook
-```bash
-#!/bin/bash
-# .git/hooks/pre-commit
-# Run code review on staged files
-staged_files=$(git diff --cached --name-only --diff-filter=ACMR)
-ccw run code-reviewer --scope "$staged_files" --severity critical,high
-if [ $? -ne 0 ]; then
-  echo "❌ Code review found critical/high issues. Commit aborted."
-  exit 1
-fi
-```
-### CI/CD Integration
-```yaml
-# .github/workflows/code-review.yml
-name: Code Review
-on: [pull_request]
-jobs:
-  review:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Run Code Review
-        run: |
-          ccw run code-reviewer --report-level detailed
-          ccw report upload .code-review/report.md
-```
-## Examples
-### Example 1: Security-Focused Review
-```bash
-# Review authentication module for security issues
-/code-reviewer --scope src/auth --focus security --severity critical,high
-```
-### Example 2: Performance Review
-```bash
-# Review API endpoints for performance issues
-/code-reviewer --scope src/api --focus best-practices --check performance
-```
-### Example 3: Full Project Audit
-```bash
-# Comprehensive review of entire codebase
-/code-reviewer --report-level detailed --output .code-review/audit-2024-01.md
-```
-## Troubleshooting
-### Large Codebase
-If review takes too long:
-```bash
-# Review in batches
-/code-reviewer --scope src/module-1
-/code-reviewer --scope src/module-2 --resume
-# Or use parallel execution
-/code-reviewer --parallel 4
-```
-### False Positives
-Configure suppressions in `.code-reviewer.json`:
-```json
-{
-  "suppressions": {
-    "security": {
-      "sql-injection": {
-        "paths": ["src/legacy/**/*"],
-        "reason": "Legacy code, scheduled for refactor"
-      }
-    }
-  }
-}
-```
-## Roadmap
-- [ ] AI-powered vulnerability detection
-- [ ] Integration with popular security scanners (Snyk, SonarQube)
-- [ ] Automated fix suggestions with diffs
-- [ ] IDE plugins for real-time feedback
-- [ ] Custom rule engine for organization-specific policies
-## License
-MIT License - See LICENSE file for details