claudex-setup 1.0.1 → 1.2.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claudex-setup",
-  "version": "1.0.1",
+  "version": "1.2.0",
   "description": "Audit and optimize any project for Claude Code. Powered by 1107 verified techniques.",
   "main": "src/index.js",
   "bin": {

package/src/audit.js

@@ -61,17 +61,35 @@ async function audit(options) {
     });
   }
 
-  const passed = results.filter(r => r.passed);
-  const failed = results.filter(r => !r.passed);
+  // null = not applicable (skip), true = pass, false = fail
+  const applicable = results.filter(r => r.passed !== null);
+  const skipped = results.filter(r => r.passed === null);
+  const passed = applicable.filter(r => r.passed);
+  const failed = applicable.filter(r => !r.passed);
   const critical = failed.filter(r => r.impact === 'critical');
   const high = failed.filter(r => r.impact === 'high');
   const medium = failed.filter(r => r.impact === 'medium');
 
-  // Calculate score
+  // Calculate score only from applicable checks
   const weights = { critical: 15, high: 10, medium: 5 };
-  const maxScore = results.reduce((sum, r) => sum + (weights[r.impact] || 5), 0);
+  const maxScore = applicable.reduce((sum, r) => sum + (weights[r.impact] || 5), 0);
   const earnedScore = passed.reduce((sum, r) => sum + (weights[r.impact] || 5), 0);
-  const score = Math.round((earnedScore / maxScore) * 100);
+  const score = maxScore > 0 ? Math.round((earnedScore / maxScore) * 100) : 0;
+
+  // Detect scaffolded vs organic: if CLAUDE.md contains our version stamp, some checks
+  // are passing because WE generated them, not the user
+  const claudeMd = ctx.fileContent('CLAUDE.md') || '';
+  const isScaffolded = claudeMd.includes('Generated by claudex-setup') ||
+    claudeMd.includes('claudex-setup');
+  // Scaffolded checks: things our setup creates (CLAUDE.md, hooks, commands, agents, rules, skills)
+  const scaffoldedKeys = new Set(['claudeMd', 'mermaidArchitecture', 'verificationLoop',
+    'hooks', 'customCommands', 'multipleCommands', 'agents', 'pathRules', 'multipleRules',
+    'skills', 'hooksConfigured', 'preToolUseHook', 'postToolUseHook', 'fewShotExamples',
+    'constraintBlocks', 'xmlTags']);
+  const organicPassed = passed.filter(r => !scaffoldedKeys.has(r.key));
+  const scaffoldedPassed = passed.filter(r => scaffoldedKeys.has(r.key));
+  const organicEarned = organicPassed.reduce((sum, r) => sum + (weights[r.impact] || 5), 0);
+  const organicScore = maxScore > 0 ? Math.round((organicEarned / maxScore) * 100) : 0;
 
   // Silent mode: skip all output, just return result
   if (silent) {
@@ -97,6 +115,9 @@ async function audit(options) {
 
   // Score
   console.log(`  ${progressBar(score)} ${colorize(`${score}/100`, 'bold')}`);
+  if (isScaffolded && scaffoldedPassed.length > 0) {
+    console.log(colorize(`  Organic: ${organicScore}/100 (without claudex-setup generated files)`, 'dim'));
+  }
   console.log('');
 
   // Passed
@@ -153,7 +174,7 @@ async function audit(options) {
 
   // Summary
   console.log(colorize('  ─────────────────────────────────────', 'dim'));
-  console.log(`  ${colorize(`${passed.length}/${results.length}`, 'bold')} checks passing`);
+  console.log(`  ${colorize(`${passed.length}/${applicable.length}`, 'bold')} checks passing${skipped.length > 0 ? colorize(` (${skipped.length} not applicable)`, 'dim') : ''}`);
 
   if (failed.length > 0) {
     console.log(`  Run ${colorize('npx claudex-setup setup', 'bold')} to fix automatically`);

package/src/setup.js

@@ -25,6 +25,92 @@ function detectScripts(ctx) {
   return found;
 }
 
+// ============================================================
+// Helper: detect key dependencies and generate guidelines
+// ============================================================
+function detectDependencies(ctx) {
+  const pkg = ctx.jsonFile('package.json');
+  if (!pkg) return [];
+  const allDeps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
+  const guidelines = [];
+
+  // Data fetching
+  if (allDeps['@tanstack/react-query']) {
+    guidelines.push('- Use React Query (TanStack Query) for all server data fetching — never raw useEffect + fetch');
+    guidelines.push('- Define query keys as constants. Invalidate related queries after mutations');
+  }
+  if (allDeps['swr']) {
+    guidelines.push('- Use SWR for data fetching with automatic revalidation');
+  }
+
+  // Validation
+  if (allDeps['zod']) {
+    guidelines.push('- Use Zod for all input validation and type inference (z.infer<typeof schema>)');
+    guidelines.push('- Define schemas in a shared location. Use .parse() at API boundaries');
+  }
+
+  // ORM / Database
+  if (allDeps['prisma'] || allDeps['@prisma/client']) {
+    guidelines.push('- Use Prisma for all database operations. Run `npx prisma generate` after schema changes');
+    guidelines.push('- Never write raw SQL unless Prisma cannot express the query');
+  }
+  if (allDeps['drizzle-orm']) {
+    guidelines.push('- Use Drizzle ORM for database operations. Schema-first approach');
+  }
+  if (allDeps['mongoose']) {
+    guidelines.push('- Use Mongoose for MongoDB operations. Define schemas with validation');
+  }
+
+  // Auth
+  if (allDeps['next-auth'] || allDeps['@auth/core']) {
+    guidelines.push('- Use NextAuth.js for authentication. Access session via auth() in Server Components');
+  }
+  if (allDeps['clerk'] || allDeps['@clerk/nextjs']) {
+    guidelines.push('- Use Clerk for authentication. Protect routes with middleware');
+  }
+
+  // State management
+  if (allDeps['zustand']) {
+    guidelines.push('- Use Zustand for client state. Keep stores small and focused');
+  }
+  if (allDeps['@reduxjs/toolkit']) {
+    guidelines.push('- Use Redux Toolkit for state management. Use createSlice and RTK Query');
+  }
+
+  // Styling
+  if (allDeps['tailwindcss']) {
+    guidelines.push('- Use Tailwind CSS for all styling. Avoid inline styles and CSS modules');
+  }
+  if (allDeps['styled-components'] || allDeps['@emotion/react']) {
+    guidelines.push('- Use CSS-in-JS for component styling. Colocate styles with components');
+  }
+
+  // Testing
+  if (allDeps['vitest']) {
+    guidelines.push('- Use Vitest for testing. Colocate test files with source (*.test.ts)');
+  }
+  if (allDeps['jest']) {
+    guidelines.push('- Use Jest for testing. Follow existing test patterns in the codebase');
+  }
+  if (allDeps['playwright'] || allDeps['@playwright/test']) {
+    guidelines.push('- Use Playwright for E2E tests. Keep tests in tests/ or e2e/');
+  }
+
+  // Python
+  const reqTxt = ctx.fileContent('requirements.txt') || '';
+  if (reqTxt.includes('sqlalchemy')) {
+    guidelines.push('- Use SQLAlchemy for all database operations');
+  }
+  if (reqTxt.includes('pydantic')) {
+    guidelines.push('- Use Pydantic for data validation and serialization');
+  }
+  if (reqTxt.includes('pytest')) {
+    guidelines.push('- Use pytest for testing. Run with `python -m pytest`');
+  }
+
+  return guidelines;
+}
+
 // ============================================================
 // Helper: detect main directories
 // ============================================================
@@ -356,6 +442,13 @@ npm run lint         # or: npx eslint .`;
       }
     }
 
+    // --- Dependency-specific guidelines ---
+    const depGuidelines = detectDependencies(ctx);
+    const depSection = depGuidelines.length > 0 ? `
+## Key Dependencies
+${depGuidelines.join('\n')}
+` : '';
+
     // --- Verification criteria based on detected commands ---
     const verificationSteps = [];
     verificationSteps.push('1. All existing tests still pass');
@@ -388,7 +481,7 @@ ${mermaid}
 ${dirDescription}
 ## Stack
 ${stackNames}
-${stackSection}${tsSection}
+${stackSection}${tsSection}${depSection}
 ## Build & Test
 \`\`\`bash
 ${buildSection}
@@ -476,38 +569,109 @@ exit 0
 `,
   }),
 
-  'commands': () => ({
-    'test.md': `Run the test suite and report results.
+  'commands': (stacks) => {
+    const stackKeys = stacks.map(s => s.key);
+    const isNext = stackKeys.includes('nextjs');
+    const isDjango = stackKeys.includes('django');
+    const isFastApi = stackKeys.includes('fastapi');
+    const isPython = stackKeys.includes('python') || isDjango || isFastApi;
+    const hasDocker = stackKeys.includes('docker');
+
+    const cmds = {};
+
+    // Test command - stack-specific
+    if (isNext) {
+      cmds['test.md'] = `Run the test suite for this Next.js project.
+
+## Steps:
+1. Run \`npm test\` (or \`npx vitest run\`)
+2. If tests fail, check for missing mocks or async issues
+3. For component tests, ensure React Testing Library patterns are used
+4. For API route tests, check request/response handling
+5. Report: total, passed, failed, coverage if available
+`;
+    } else if (isPython) {
+      cmds['test.md'] = `Run the test suite for this Python project.
+
+## Steps:
+1. Run \`python -m pytest -v\` (or the project's test command)
+2. Check for fixture issues, missing test database, or import errors
+3. If using Django: \`python manage.py test\`
+4. Report: total, passed, failed, and any tracebacks
+`;
+    } else {
+      cmds['test.md'] = `Run the test suite and report results.
 
 ## Steps:
 1. Run the project's test command
 2. If tests fail, analyze the failures
 3. Report: total, passed, failed, and any error details
-`,
-    'review.md': `Review the current changes for quality and correctness.
+`;
+    }
+
+    // Review - always generic (works well as-is)
+    cmds['review.md'] = `Review the current changes for quality and correctness.
 
 ## Steps:
 1. Run \`git diff\` to see all changes
 2. Check for: bugs, security issues, missing tests, code style
 3. Provide actionable feedback
-`,
-    'deploy.md': `Pre-deployment checklist and deployment steps.
+`;
+
+    // Deploy - stack-specific
+    if (isNext) {
+      cmds['deploy.md'] = `Pre-deployment checklist for Next.js.
+
+## Pre-deploy:
+1. Run \`git status\` — working tree must be clean
+2. Run \`npm run build\` — must succeed with no errors
+3. Run \`npm test\` — all tests pass
+4. Run \`npm run lint\` — no lint errors
+5. Check for \`console.log\` in production code
+6. Verify environment variables are set in deployment platform
+
+## Deploy:
+1. If Vercel: \`git push\` triggers auto-deploy
+2. If self-hosted: \`npm run build && npm start\`
+3. Verify: check /api/health or main page loads
+4. Tag: \`git tag -a vX.Y.Z -m "Release vX.Y.Z"\`
+`;
+    } else if (hasDocker) {
+      cmds['deploy.md'] = `Pre-deployment checklist with Docker.
+
+## Pre-deploy:
+1. Run \`git status\` — working tree must be clean
+2. Run full test suite — all tests pass
+3. Run \`docker build -t app .\` — must succeed
+4. Run \`docker run app\` locally — smoke test
+
+## Deploy:
+1. Build: \`docker build -t registry/app:latest .\`
+2. Push: \`docker push registry/app:latest\`
+3. Deploy to target environment
+4. Verify health endpoint responds
+5. Tag: \`git tag -a vX.Y.Z -m "Release vX.Y.Z"\`
+`;
+    } else {
+      cmds['deploy.md'] = `Pre-deployment checklist.
 
-## Pre-deploy checks:
+## Pre-deploy:
 1. Run \`git status\` — working tree must be clean
 2. Run full test suite — all tests must pass
-3. Run linter — no errors allowed
-4. Check for TODO/FIXME/HACK comments in changed files
-5. Verify no secrets in staged changes (\`git diff --cached\`)
-
-## Deploy steps:
-1. Confirm target environment (staging vs production)
-2. Review the diff since last deploy tag
-3. Run the deployment command
-4. Verify deployment succeeded (health check / smoke test)
-5. Tag the release: \`git tag -a vX.Y.Z -m "Release vX.Y.Z"\`
-`,
-    'fix.md': `Fix the issue described: $ARGUMENTS
+3. Run linter — no errors
+4. Verify no secrets in staged changes
+5. Review diff since last deploy
+
+## Deploy:
+1. Confirm target environment
+2. Run deployment command
+3. Verify deployment (health check)
+4. Tag: \`git tag -a vX.Y.Z -m "Release vX.Y.Z"\`
+`;
+    }
+
+    // Fix - always generic with $ARGUMENTS
+    cmds['fix.md'] = `Fix the issue described: $ARGUMENTS
 
 ## Steps:
 1. Understand the issue — read relevant code and error messages
@@ -516,8 +680,32 @@ exit 0
 4. Write or update tests to cover the fix
 5. Run the full test suite to verify no regressions
 6. Summarize what was wrong and how the fix addresses it
-`,
-  }),
+`;
+
+    // Stack-specific bonus commands
+    if (isNext) {
+      cmds['check-build.md'] = `Run Next.js build check without deploying.
+
+1. Run \`npx next build\`
+2. Check for: TypeScript errors, missing pages, broken imports
+3. Verify no "Dynamic server usage" errors in static pages
+4. Report build output size and any warnings
+`;
+    }
+
+    if (isPython && (isDjango || isFastApi)) {
+      cmds['migrate.md'] = `Run database migrations safely.
+
+1. Check current migration status${isDjango ? ': `python manage.py showmigrations`' : ''}
+2. Create new migration if schema changed${isDjango ? ': `python manage.py makemigrations`' : ''}
+3. Review the generated migration file
+4. Apply: ${isDjango ? '`python manage.py migrate`' : '`alembic upgrade head`'}
+5. Verify: check that the app starts and queries work
+`;
+    }
+
+    return cmds;
+  },
 
   'skills': () => ({
     'fix-issue/SKILL.md': `---

package/src/techniques.js

@@ -92,7 +92,7 @@ const TECHNIQUES = {
   },
 
   testCommand: {
-    id: 93,
+    id: 93001,
     name: 'CLAUDE.md contains a test command',
     check: (ctx) => {
       const md = ctx.fileContent('CLAUDE.md') || '';
@@ -106,7 +106,7 @@ const TECHNIQUES = {
   },
 
   lintCommand: {
-    id: 93,
+    id: 93002,
     name: 'CLAUDE.md contains a lint command',
     check: (ctx) => {
       const md = ctx.fileContent('CLAUDE.md') || '';
@@ -120,7 +120,7 @@ const TECHNIQUES = {
   },
 
   buildCommand: {
-    id: 93,
+    id: 93003,
     name: 'CLAUDE.md contains a build command',
     check: (ctx) => {
       const md = ctx.fileContent('CLAUDE.md') || '';
@@ -167,7 +167,7 @@ const TECHNIQUES = {
   },
 
   gitIgnoreNodeModules: {
-    id: 917,
+    id: 91701,
     name: '.gitignore blocks node_modules',
     check: (ctx) => {
       const gitignore = ctx.fileContent('.gitignore') || '';
@@ -210,7 +210,7 @@ const TECHNIQUES = {
   },
 
   multipleCommands: {
-    id: 20,
+    id: 20001,
     name: '3+ slash commands for rich workflow',
     check: (ctx) => ctx.hasDir('.claude/commands') && ctx.dirFiles('.claude/commands').length >= 3,
     impact: 'medium',
@@ -221,7 +221,7 @@ const TECHNIQUES = {
   },
 
   deployCommand: {
-    id: 20,
+    id: 20002,
     name: 'Has /deploy or /release command',
     check: (ctx) => {
       if (!ctx.hasDir('.claude/commands')) return false;
@@ -236,7 +236,7 @@ const TECHNIQUES = {
   },
 
   reviewCommand: {
-    id: 20,
+    id: 20003,
     name: 'Has /review command',
     check: (ctx) => {
       if (!ctx.hasDir('.claude/commands')) return false;
@@ -262,7 +262,7 @@ const TECHNIQUES = {
   },
 
   multipleSkills: {
-    id: 21,
+    id: 2101,
     name: '2+ skills for specialization',
     check: (ctx) => ctx.hasDir('.claude/skills') && ctx.dirFiles('.claude/skills').length >= 2,
     impact: 'medium',
@@ -284,7 +284,7 @@ const TECHNIQUES = {
   },
 
   multipleAgents: {
-    id: 22,
+    id: 2201,
     name: '2+ agents for delegation',
     check: (ctx) => ctx.hasDir('.claude/agents') && ctx.dirFiles('.claude/agents').length >= 2,
     impact: 'medium',
@@ -295,7 +295,7 @@ const TECHNIQUES = {
   },
 
   multipleRules: {
-    id: 3,
+    id: 301,
     name: '2+ rules files for granular control',
     check: (ctx) => ctx.hasDir('.claude/rules') && ctx.dirFiles('.claude/rules').length >= 2,
     impact: 'medium',
@@ -324,7 +324,7 @@ const TECHNIQUES = {
   },
 
   permissionDeny: {
-    id: 24,
+    id: 2401,
     name: 'Deny rules configured in permissions',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -340,12 +340,12 @@ const TECHNIQUES = {
   },
 
   noBypassPermissions: {
-    id: 24,
+    id: 2402,
     name: 'Default mode is not bypassPermissions',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
-      if (!settings) return true; // no settings = not bypassed
-      return settings.defaultMode !== 'bypassPermissions';
+      if (!settings || !settings.permissions) return null; // no settings = skip (not applicable)
+      return settings.permissions.defaultMode !== 'bypassPermissions';
     },
     impact: 'critical',
     rating: 5,
@@ -400,7 +400,7 @@ const TECHNIQUES = {
   },
 
   hooksInSettings: {
-    id: 88,
+    id: 8801,
     name: 'Hooks configured in settings',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -415,7 +415,7 @@ const TECHNIQUES = {
   },
 
   preToolUseHook: {
-    id: 88,
+    id: 8802,
     name: 'PreToolUse hook configured',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -430,7 +430,7 @@ const TECHNIQUES = {
   },
 
   postToolUseHook: {
-    id: 88,
+    id: 8803,
     name: 'PostToolUse hook configured',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -445,7 +445,7 @@ const TECHNIQUES = {
   },
 
   sessionStartHook: {
-    id: 88,
+    id: 8804,
     name: 'SessionStart hook configured',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -478,7 +478,7 @@ const TECHNIQUES = {
   },
 
   tailwindMention: {
-    id: 1025,
+    id: 102501,
     name: 'Tailwind CSS configured',
     check: (ctx) => {
       const pkg = ctx.fileContent('package.json') || '';
@@ -508,7 +508,7 @@ const TECHNIQUES = {
   },
 
   dockerCompose: {
-    id: 399,
+    id: 39901,
     name: 'Has docker-compose.yml',
     check: (ctx) => ctx.files.some(f => /^docker-compose\.(yml|yaml)$/i.test(f)),
     impact: 'medium',
@@ -589,7 +589,7 @@ const TECHNIQUES = {
   },
 
   editorconfig: {
-    id: 0,
+    id: 5001,
     name: 'Has .editorconfig',
     check: (ctx) => ctx.files.includes('.editorconfig'),
     impact: 'low',
@@ -600,7 +600,7 @@ const TECHNIQUES = {
   },
 
   nvmrc: {
-    id: 0,
+    id: 5002,
     name: 'Node version pinned',
     check: (ctx) => {
       if (ctx.files.includes('.nvmrc') || ctx.files.includes('.node-version')) return true;
@@ -665,7 +665,7 @@ const TECHNIQUES = {
   },
 
   multipleMcpServers: {
-    id: 18,
+    id: 1801,
     name: '2+ MCP servers for rich tooling',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
@@ -746,7 +746,7 @@ const TECHNIQUES = {
   },
 
   constraintBlocks: {
-    id: 96,
+    id: 9601,
     name: 'XML constraint blocks in CLAUDE.md',
     check: (ctx) => {
       const md = ctx.fileContent('CLAUDE.md') || '';
@@ -840,7 +840,7 @@ const TECHNIQUES = {
     name: 'Hooks use specific matchers (not catch-all)',
     check: (ctx) => {
       const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
-      if (!settings || !settings.hooks) return true; // no hooks = skip
+      if (!settings || !settings.hooks) return null; // no hooks = not applicable
       const hookStr = JSON.stringify(settings.hooks);
       // Check that hooks have matchers, not just catch-all
       return hookStr.includes('matcher');
@@ -852,28 +852,15 @@ const TECHNIQUES = {
     template: null
   },
 
-  permissionsNotBypassed: {
-    id: 2005,
-    name: 'Default mode is not bypassPermissions',
-    check: (ctx) => {
-      const settings = ctx.jsonFile('.claude/settings.local.json') || ctx.jsonFile('.claude/settings.json');
-      if (!settings || !settings.permissions) return true;
-      return settings.permissions.defaultMode !== 'bypassPermissions';
-    },
-    impact: 'high',
-    rating: 4,
-    category: 'quality-deep',
-    fix: 'bypassPermissions skips all safety checks. Use "default" or "auto" mode with targeted allow rules instead.',
-    template: null
-  },
+  // permissionsNotBypassed removed - duplicate of noBypassPermissions (#24)
 
   commandsUseArguments: {
     id: 2006,
     name: 'Commands use $ARGUMENTS for flexibility',
     check: (ctx) => {
-      if (!ctx.hasDir('.claude/commands')) return true;
+      if (!ctx.hasDir('.claude/commands')) return null; // not applicable
       const files = ctx.dirFiles('.claude/commands');
-      if (files.length === 0) return true;
+      if (files.length === 0) return null;
       // Check if at least one command uses $ARGUMENTS
       for (const f of files) {
         const content = ctx.fileContent(`.claude/commands/${f}`) || '';
@@ -892,9 +879,9 @@ const TECHNIQUES = {
     id: 2007,
     name: 'Agents have maxTurns limit',
     check: (ctx) => {
-      if (!ctx.hasDir('.claude/agents')) return true;
+      if (!ctx.hasDir('.claude/agents')) return null;
       const files = ctx.dirFiles('.claude/agents');
-      if (files.length === 0) return true;
+      if (files.length === 0) return null;
       for (const f of files) {
         const content = ctx.fileContent(`.claude/agents/${f}`) || '';
         if (!content.includes('maxTurns')) return false;