claudex-setup 1.10.2 → 1.11.0

package/content/claude-native-integration.md

@@ -0,0 +1,64 @@
+# Using claudex-setup from inside Claude Code
+
+## Skill: Audit Repo
+
+Add this to `.claude/skills/audit-repo.md` in any project:
+
+```markdown
+---
+name: audit-repo
+description: Run claudex-setup audit on the current project and show score + top gaps
+---
+
+Run `npx claudex-setup --json` on the current project directory.
+Parse the JSON output and present:
+1. Score X/100
+2. Top 3 critical/high gaps with fix descriptions
+3. Suggest next command based on score
+
+$ARGUMENTS — optional: --lite for quick scan
+```
+
+## Hook: Auto-audit on SessionStart
+
+Add to `.claude/settings.json`:
+
+```json
+{
+  "hooks": {
+    "SessionStart": [
+      {
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node -e \"try{const r=require('child_process').execSync('npx claudex-setup --json 2>/dev/null',{timeout:15000}).toString();const d=JSON.parse(r);if(d.score<50)console.log(JSON.stringify({systemMessage:'⚠️ Claude Code setup score: '+d.score+'/100. Consider running: npx claudex-setup --lite'}))}catch(e){console.log('{}')}\"",
+            "timeout": 20,
+            "statusMessage": "Checking Claude Code setup..."
+          }
+        ]
+      }
+    ]
+  }
+}
+```
+
+## Agent: Setup Advisor
+
+Add to `.claude/agents/setup-advisor.md`:
+
+```markdown
+---
+name: setup-advisor
+description: Analyzes Claude Code setup and recommends improvements
+tools: [Bash, Read, Glob, Grep]
+model: haiku
+maxTurns: 10
+---
+
+You are a Claude Code setup advisor.
+
+1. Run `npx claudex-setup augment --json` on the current project
+2. Analyze gaps and strengths
+3. Recommend top 5 improvements with rationale
+4. If user approves, guide them through applying changes
+```

package/content/devto-article.json

@@ -0,0 +1,9 @@
+{
+  "article": {
+    "title": "Your Claude Code project scores 10/100. Here's how to fix it in 60 seconds.",
+    "published": false,
+    "tags": ["claude", "ai", "productivity", "devtools"],
+    "series": "Claude Code Optimization",
+    "body_markdown": "After cataloging **1,107 Claude Code entries** and verifying **948 with real evidence**, I found that most projects use barely 10% of what's available.\n\nI built a CLI that scores your project:\n\n```bash\nnpx claudex-setup\n```\n\nMost projects score **10-20 out of 100**. After running setup, they jump to **70+**.\n\n## The Top 10 Things You're Missing\n\n### 1. CLAUDE.md (Critical)\n\nClaude reads this file at the start of every session. Without it, Claude doesn't know your build commands, code style, or project rules.\n\nOur tool generates a smart CLAUDE.md that detects your framework, TypeScript config, and creates a Mermaid architecture diagram automatically.\n\n### 2. Mermaid Architecture Diagrams (73% Token Savings)\n\nA Mermaid diagram in CLAUDE.md gives Claude your project structure in a fraction of the tokens that prose requires.\n\n### 3. Hooks > CLAUDE.md Rules (100% vs 80%)\n\nCLAUDE.md instructions are advisory (~80% compliance). Hooks are deterministic (100%). Auto-lint after every edit. Every time.\n\n### 4. Custom Commands\n\nStop typing the same prompts. Create `/test`, `/deploy`, `/review` in `.claude/commands/`.\n\n### 5. Verification Loops (The #1 Best Practice)\n\n> *This is the single highest-leverage thing you can do.* — Anthropic Best Practices\n\nClaude performs dramatically better when it can verify its own work.\n\n### 6. XML Tags (30% Quality Boost)\n\nUse `<constraints>`, `<validation>` in CLAUDE.md for unambiguous instructions.\n\n### 7. Secrets Protection\n\nClaude Code loads `.env` automatically. Add deny rules to prevent reading sensitive files.\n\n### 8. /security-review\n\nBuilt-in OWASP Top 10 scanning. Most people don't know this command exists.\n\n### 9. Custom Agents\n\nSpecialized subagents: security-reviewer, test-writer in `.claude/agents/`.\n\n### 10. Skills (On-Demand Knowledge)\n\nReusable skills package expertise that Claude can load on demand.\n\n## Try It Now\n\n```bash\nnpx claudex-setup --lite       # Quick scan\nnpx claudex-setup              # Full audit\nnpx claudex-setup --snapshot   # Save evidence artifact\nnpx claudex-setup governance --out governance.md\n```\n\nFree, open source, zero dependencies.\n\n**GitHub:** [github.com/DnaFin/claudex-setup](https://github.com/DnaFin/claudex-setup)\n**npm:** [npmjs.com/package/claudex-setup](https://www.npmjs.com/package/claudex-setup)\n\n---\n\n*Built from a research catalog of 1,107 Claude Code entries, 948 verified with evidence.*"
+  }
+}

package/content/launch-posts.md

@@ -0,0 +1,160 @@
+# Launch Posts — Ready to Publish
+
+## Post 1: Reddit r/ClaudeAI
+
+**Title:** I built a tool that audits your project for Claude Code optimization — scores you 0-100
+
+**Body:**
+After cataloging 1,107 Claude Code entries and verifying 948 of them with evidence, I built a CLI that checks if your project is actually set up to get the most out of Claude Code.
+
+Most projects score around 10-20/100. After running setup, they jump to 70+.
+
+```
+npx claudex-setup
+```
+
+It checks for: CLAUDE.md, hooks, custom commands, skills, agents, Mermaid diagrams, XML tags, path rules, MCP config, permissions, and more.
+
+Then `npx claudex-setup setup` auto-creates everything that's missing, tailored to your stack (React, Python, TypeScript, etc).
+
+Zero dependencies. No API keys. Runs entirely local.
+
+GitHub: https://github.com/DnaFin/claudex-setup
+
+Would love feedback!
+
+---
+
+## Post 2: Reddit r/ChatGPTCoding
+
+**Title:** Your Claude Code project is probably running at 10% efficiency. Here's how to check.
+
+**Body:**
+I spent weeks cataloging every Claude Code feature, technique, and best practice — 1,107 total, 948 verified with real evidence.
+
+Turns out most projects are missing basic stuff that makes a huge difference:
+- No CLAUDE.md (Claude doesn't know your project conventions)
+- No hooks (no auto-lint, no auto-test)
+- No custom commands (repeating the same prompts manually)
+- No Mermaid diagrams (wasting 73% more tokens on prose descriptions)
+
+Built a quick checker:
+```
+npx claudex-setup
+```
+
+Scores your project 0-100, tells you exactly what to fix, and can auto-apply everything.
+
+Free, open source, zero dependencies: https://github.com/DnaFin/claudex-setup
+
+---
+
+## Post 3: Dev.to Article
+
+**Title:** 1,107 Claude Code Entries: What I Learned Building the Most Comprehensive Catalog
+
+**Body (excerpt):**
+I set out to catalog every single Claude Code capability, technique, and best practice. After repeated research cycles, I have 1,107 entries — 948 verified with real evidence.
+
+Here are the top 10 things most developers are missing:
+
+1. **CLAUDE.md** — Claude reads this at the start of every session. Without it, Claude doesn't know your build commands, code style, or project rules.
+
+2. **Mermaid diagrams** — A Mermaid architecture diagram saves 73% tokens compared to describing your project in prose.
+
+3. **Hooks** — Auto-lint after every edit. Auto-test before every commit. Hooks fire 100% of the time, CLAUDE.md rules fire ~80%.
+
+4. **Custom commands** — `/test`, `/deploy`, `/review` — package your repeated workflows.
+
+5. **Verification loops** — Tell Claude how to verify its own work. Include test commands in CLAUDE.md.
+
+6. **Path-specific rules** — Different conventions for frontend vs backend files.
+
+7. **XML tags** — `<constraints>`, `<validation>` in CLAUDE.md = unambiguous instructions.
+
+8. **Custom agents** — Security reviewer, test writer — specialized subagents for focused tasks.
+
+9. **Skills** — Domain-specific workflows that load on demand, not every session.
+
+10. **MCP servers** — Connect Claude to your database, ticket system, Slack.
+
+I packaged this into a CLI that checks your project:
+```
+npx claudex-setup
+```
+
+Full catalog: https://github.com/DnaFin/claudex-setup
+
+---
+
+## Post 4: Twitter/X Thread
+
+**Tweet 1:**
+I cataloged 1,107 Claude Code entries and verified 948 of them with evidence.
+
+Most projects use less than 5% of what Claude Code can do.
+
+Here's a free tool that checks your project and tells you exactly what's missing:
+
+npx claudex-setup
+
+Thread 🧵👇
+
+**Tweet 2:**
+The #1 thing you're probably missing: CLAUDE.md
+
+It's a file Claude reads at the start of every session. Without it, Claude doesn't know your:
+- Build commands
+- Code style
+- Testing framework
+- Project architecture
+
+Takes 2 minutes to create. Impact: massive.
+
+**Tweet 3:**
+#2: Mermaid diagrams in CLAUDE.md
+
+A few hundred tokens of Mermaid syntax conveys what takes thousands of tokens in prose.
+
+73% token savings = faster responses, lower cost, better context.
+
+**Tweet 4:**
+#3: Hooks > CLAUDE.md rules
+
+CLAUDE.md instructions = ~80% compliance
+Hooks = 100% enforcement
+
+Auto-lint after edits. Block commits without tests. Prevent force-push.
+
+Hooks are deterministic. Instructions are advisory.
+
+**Tweet 5:**
+Want to check your project in 10 seconds?
+
+npx claudex-setup
+
+Scores 0-100. Shows what's missing. Auto-fixes with `setup`.
+
+Free. Open source. Zero dependencies.
+
+https://github.com/DnaFin/claudex-setup
+
+---
+
+## Post 5: Hacker News (Show HN)
+
+**Title:** Show HN: claudex-setup – Audit any project for Claude Code optimization (1,107 entries)
+
+**Body:**
+I built a CLI tool that scores your project against Claude Code best practices.
+
+After researching 1,107 entries (948 verified with evidence), most projects score 10-20 out of 100 because they're missing basic optimizations like CLAUDE.md files, hooks, custom commands, and architecture diagrams.
+
+npx claudex-setup → audit (0-100 score)
+npx claudex-setup setup → auto-fix
+
+Detects your stack (React, Python, TS, Rust, Go, etc) and tailors recommendations.
+
+Zero dependencies, no API keys, runs locally.
+
+https://github.com/DnaFin/claudex-setup

package/content/pilot-rollout-kit.md

@@ -0,0 +1,30 @@
+# Pilot Rollout Kit
+
+## Suggested pilot shape
+
+1. Choose 1-2 repos with active owners and low blast radius.
+2. Run `discover`, `suggest-only`, and `governance` before any write flow.
+3. Pick one permission profile and document why it fits the pilot.
+4. Run `benchmark` to capture a baseline and expected value.
+5. Use `plan` and selective `apply` for the first write batch.
+
+## Approval checklist
+
+- Engineering owner approves scope.
+- Security owner approves permission profile and hooks.
+- Pilot owner records success metrics.
+- Rollback expectations are documented before apply.
+
+## Success metrics
+
+- readiness score delta
+- organic score delta
+- number of proposal bundles accepted
+- rollback-free apply rate
+- time to first useful Claude workflow
+
+## Rollback expectations
+
+- every apply run must produce a rollback artifact
+- rejected starter artifacts are deleted using the rollback manifest
+- rollback decisions are logged in the activity trail

package/content/release-checklist.md

@@ -0,0 +1,31 @@
+# claudex-setup Release Checklist
+
+Use this before tagging or publishing a release.
+
+## Code And Packaging
+
+- bump `package.json` version intentionally
+- update `CHANGELOG.md` with the shipped changes
+- run `npm test`
+- run `npm pack --dry-run`
+
+## Product Surface Consistency
+
+- verify `README.md` reflects the current CLI surface
+- verify `docs/index.html` reflects the current CLI surface
+- verify new flags and commands appear in `--help`
+- verify proof numbers and public claims match the current state
+
+## Trust And Governance
+
+- run `npx claudex-setup --snapshot` on the repo itself
+- run `npx claudex-setup governance --out governance.md`
+- verify MCP package names and env preflight behavior for changed packs
+- verify no recommendation regressions on known scenarios
+
+## Release Readiness
+
+- confirm npm publish target and account are correct
+- confirm git branch / commit matches the intended release
+- confirm any new templates or content files are included in the package
+- capture one final note about what changed and what still remains intentionally deferred

package/package.json

@@ -1,13 +1,14 @@
 {
   "name": "claudex-setup",
-  "version": "1.10.2",
-  "description": "Audit and improve Claude Code readiness with discover, plan, apply, governance, and benchmark workflows.",
+  "version": "1.11.0",
+  "description": "Score your repo's Claude Code setup against 62 checks. See gaps, apply fixes selectively with rollback, govern hooks and permissions, and benchmark impact — without breaking existing config.",
   "main": "src/index.js",
   "bin": {
     "claudex-setup": "bin/cli.js"
   },
   "files": [
     "bin",
+    "content",
     "src",
     "README.md",
     "CHANGELOG.md"

package/src/activity.js

@@ -1,5 +1,6 @@
 const fs = require('fs');
 const path = require('path');
+const { version } = require('../package.json');
 
 function timestampId() {
   return new Date().toISOString().replace(/[:.]/g, '-');
@@ -9,9 +10,11 @@ function ensureArtifactDirs(dir) {
   const root = path.join(dir, '.claude', 'claudex-setup');
   const activityDir = path.join(root, 'activity');
   const rollbackDir = path.join(root, 'rollbacks');
+  const snapshotDir = path.join(root, 'snapshots');
   fs.mkdirSync(activityDir, { recursive: true });
   fs.mkdirSync(rollbackDir, { recursive: true });
-  return { root, activityDir, rollbackDir };
+  fs.mkdirSync(snapshotDir, { recursive: true });
+  return { root, activityDir, rollbackDir, snapshotDir };
 }
 
 function writeJson(filePath, payload) {
@@ -53,8 +56,246 @@ function writeRollbackArtifact(dir, payload) {
   };
 }
 
+function summarizeSnapshot(snapshotKind, payload) {
+  if (snapshotKind === 'audit') {
+    return {
+      score: payload.score,
+      organicScore: payload.organicScore,
+      passed: payload.passed,
+      failed: payload.failed,
+      checkCount: payload.checkCount,
+      suggestedNextCommand: payload.suggestedNextCommand,
+      topActionKeys: Array.isArray(payload.topNextActions)
+        ? payload.topNextActions.slice(0, 3).map(item => item.key)
+        : [],
+    };
+  }
+
+  if (snapshotKind === 'augment' || snapshotKind === 'suggest-only') {
+    return {
+      score: payload.projectSummary?.score,
+      organicScore: payload.projectSummary?.organicScore,
+      maturity: payload.projectSummary?.maturity,
+      domains: payload.projectSummary?.domains || [],
+      topActionKeys: Array.isArray(payload.topNextActions)
+        ? payload.topNextActions.slice(0, 3).map(item => item.key)
+        : [],
+    };
+  }
+
+  if (snapshotKind === 'benchmark') {
+    return {
+      beforeScore: payload.before?.score,
+      afterScore: payload.after?.score,
+      scoreDelta: payload.delta?.score,
+      organicDelta: payload.delta?.organicScore,
+      decisionGuidance: payload.executiveSummary?.decisionGuidance || null,
+    };
+  }
+
+  if (snapshotKind === 'governance') {
+    return {
+      permissionProfiles: Array.isArray(payload.permissionProfiles) ? payload.permissionProfiles.length : 0,
+      hooks: Array.isArray(payload.hookRegistry) ? payload.hookRegistry.length : 0,
+      policyPacks: Array.isArray(payload.policyPacks) ? payload.policyPacks.length : 0,
+      domainPacks: Array.isArray(payload.domainPacks) ? payload.domainPacks.length : 0,
+      mcpPacks: Array.isArray(payload.mcpPacks) ? payload.mcpPacks.length : 0,
+    };
+  }
+
+  return {};
+}
+
+function updateSnapshotIndex(snapshotDir, record) {
+  const indexPath = path.join(snapshotDir, 'index.json');
+  let entries = [];
+
+  if (fs.existsSync(indexPath)) {
+    try {
+      entries = JSON.parse(fs.readFileSync(indexPath, 'utf8'));
+      if (!Array.isArray(entries)) {
+        entries = [];
+      }
+    } catch {
+      entries = [];
+    }
+  }
+
+  entries.push(record);
+  fs.writeFileSync(indexPath, JSON.stringify(entries, null, 2), 'utf8');
+}
+
+function writeSnapshotArtifact(dir, snapshotKind, payload, meta = {}) {
+  const id = timestampId();
+  const { snapshotDir } = ensureArtifactDirs(dir);
+  const filePath = path.join(snapshotDir, `${id}-${snapshotKind}.json`);
+  const summary = summarizeSnapshot(snapshotKind, payload);
+  const envelope = {
+    schemaVersion: 1,
+    artifactType: 'snapshot',
+    snapshotKind,
+    id,
+    createdAt: new Date().toISOString(),
+    generatedBy: `claudex-setup@${version}`,
+    directory: dir,
+    summary,
+    ...meta,
+    payload,
+  };
+
+  writeJson(filePath, envelope);
+
+  const record = {
+    id,
+    snapshotKind,
+    createdAt: envelope.createdAt,
+    relativePath: path.relative(dir, filePath),
+    summary,
+  };
+  updateSnapshotIndex(snapshotDir, record);
+
+  return {
+    id,
+    filePath,
+    relativePath: path.relative(dir, filePath),
+    indexPath: path.relative(dir, path.join(snapshotDir, 'index.json')),
+    summary,
+  };
+}
+
+function readSnapshotIndex(dir) {
+  const indexPath = path.join(dir, '.claude', 'claudex-setup', 'snapshots', 'index.json');
+  if (!fs.existsSync(indexPath)) return [];
+  try {
+    const entries = JSON.parse(fs.readFileSync(indexPath, 'utf8'));
+    return Array.isArray(entries) ? entries : [];
+  } catch {
+    return [];
+  }
+}
+
+function getHistory(dir, limit = 20) {
+  const entries = readSnapshotIndex(dir);
+  return entries
+    .filter(e => e.snapshotKind === 'audit')
+    .sort((a, b) => new Date(b.createdAt) - new Date(a.createdAt))
+    .slice(0, limit);
+}
+
+function compareLatest(dir) {
+  const audits = getHistory(dir, 2);
+  if (audits.length < 2) return null;
+
+  const current = audits[0];
+  const previous = audits[1];
+
+  const delta = {
+    score: (current.summary?.score || 0) - (previous.summary?.score || 0),
+    organic: (current.summary?.organicScore || 0) - (previous.summary?.organicScore || 0),
+    passed: (current.summary?.passed || 0) - (previous.summary?.passed || 0),
+  };
+
+  const regressions = [];
+  const improvements = [];
+
+  const prevKeys = new Set(previous.summary?.topActionKeys || []);
+  const currKeys = new Set(current.summary?.topActionKeys || []);
+
+  for (const key of currKeys) {
+    if (!prevKeys.has(key)) regressions.push(key);
+  }
+  for (const key of prevKeys) {
+    if (!currKeys.has(key)) improvements.push(key);
+  }
+
+  return {
+    current: { date: current.createdAt, score: current.summary?.score, passed: current.summary?.passed },
+    previous: { date: previous.createdAt, score: previous.summary?.score, passed: previous.summary?.passed },
+    delta,
+    regressions,
+    improvements,
+    trend: delta.score > 0 ? 'improving' : delta.score < 0 ? 'regressing' : 'stable',
+  };
+}
+
+function formatHistory(dir) {
+  const history = getHistory(dir, 10);
+  if (history.length === 0) return 'No snapshots found. Run `npx claudex-setup --snapshot` to save one.';
+
+  const lines = ['Score history (most recent first):', ''];
+  for (const entry of history) {
+    const date = entry.createdAt?.split('T')[0] || 'unknown';
+    const score = entry.summary?.score ?? '?';
+    const passed = entry.summary?.passed ?? '?';
+    const total = entry.summary?.checkCount ?? '?';
+    lines.push(`  ${date}  ${score}/100  (${passed}/${total} passing)`);
+  }
+
+  const comparison = compareLatest(dir);
+  if (comparison) {
+    lines.push('');
+    const sign = comparison.delta.score >= 0 ? '+' : '';
+    lines.push(`  Trend: ${comparison.trend} (${sign}${comparison.delta.score} since previous)`);
+    if (comparison.improvements.length > 0) {
+      lines.push(`  Fixed: ${comparison.improvements.join(', ')}`);
+    }
+    if (comparison.regressions.length > 0) {
+      lines.push(`  New gaps: ${comparison.regressions.join(', ')}`);
+    }
+  }
+
+  return lines.join('\n');
+}
+
+function exportTrendReport(dir) {
+  const history = getHistory(dir, 50);
+  if (history.length === 0) return null;
+
+  const comparison = compareLatest(dir);
+  const lines = [
+    '# Claude Code Setup Trend Report',
+    '',
+    `**Project:** ${path.basename(dir)}`,
+    `**Generated:** ${new Date().toISOString().split('T')[0]}`,
+    `**Snapshots:** ${history.length}`,
+    '',
+    '## Score History',
+    '',
+    '| Date | Score | Passed | Checks |',
+    '|------|-------|--------|--------|',
+  ];
+
+  for (const entry of history) {
+    const date = entry.createdAt?.split('T')[0] || '?';
+    lines.push(`| ${date} | ${entry.summary?.score ?? '?'}/100 | ${entry.summary?.passed ?? '?'} | ${entry.summary?.checkCount ?? '?'} |`);
+  }
+
+  if (comparison) {
+    lines.push('');
+    lines.push('## Latest Comparison');
+    lines.push('');
+    lines.push(`- **Previous:** ${comparison.previous.score}/100 (${comparison.previous.date?.split('T')[0]})`);
+    lines.push(`- **Current:** ${comparison.current.score}/100 (${comparison.current.date?.split('T')[0]})`);
+    lines.push(`- **Delta:** ${comparison.delta.score >= 0 ? '+' : ''}${comparison.delta.score} points`);
+    lines.push(`- **Trend:** ${comparison.trend}`);
+    if (comparison.improvements.length > 0) lines.push(`- **Fixed:** ${comparison.improvements.join(', ')}`);
+    if (comparison.regressions.length > 0) lines.push(`- **New gaps:** ${comparison.regressions.join(', ')}`);
+  }
+
+  lines.push('');
+  lines.push(`---`);
+  lines.push(`*Generated by claudex-setup v${version}*`);
+  return lines.join('\n');
+}
+
 module.exports = {
   ensureArtifactDirs,
   writeActivityArtifact,
   writeRollbackArtifact,
+  writeSnapshotArtifact,
+  readSnapshotIndex,
+  getHistory,
+  compareLatest,
+  formatHistory,
+  exportTrendReport,
 };

package/src/analyze.js

@@ -351,7 +351,7 @@ async function analyzeProject(options) {
     },
     strengthsPreserved: toStrengths(auditResult.results),
     gapsIdentified: toGaps(auditResult.results),
-    topNextActions: auditResult.quickWins,
+    topNextActions: auditResult.topNextActions || auditResult.quickWins,
     recommendedImprovements: toRecommendations(auditResult),
     recommendedDomainPacks,
     recommendedMcpPacks,
@@ -417,7 +417,14 @@ function printAnalysis(report, options = {}) {
     console.log(c('  Top 5 Next Actions', 'magenta'));
     report.topNextActions.slice(0, 5).forEach((item, index) => {
       console.log(`  ${index + 1}. ${item.name}`);
-      console.log(c(`     ${item.fix}`, 'dim'));
+      console.log(c(`     Why: ${item.why || item.fix}`, 'dim'));
+      if (Array.isArray(item.signals) && item.signals.length > 0) {
+        console.log(c(`     Trace: ${item.signals.join(' | ')}`, 'dim'));
+      }
+      if (item.risk || item.confidence) {
+        console.log(c(`     Risk: ${item.risk || 'low'} | Confidence: ${item.confidence || 'medium'}`, 'dim'));
+      }
+      console.log(c(`     Fix: ${item.fix}`, 'dim'));
     });
     console.log('');
   }
@@ -500,7 +507,15 @@ function exportMarkdown(report) {
     lines.push('## Top Next Actions');
     lines.push('');
     report.topNextActions.slice(0, 5).forEach((item, index) => {
-      lines.push(`${index + 1}. **${item.name}** — ${item.fix}`);
+      lines.push(`${index + 1}. **${item.name}**`);
+      lines.push(`   - Why: ${item.why || item.fix}`);
+      if (Array.isArray(item.signals) && item.signals.length > 0) {
+        lines.push(`   - Trace: ${item.signals.join(' | ')}`);
+      }
+      if (item.risk || item.confidence) {
+        lines.push(`   - Risk / Confidence: ${item.risk || 'low'} / ${item.confidence || 'medium'}`);
+      }
+      lines.push(`   - Fix: ${item.fix}`);
     });
     lines.push('');
   }