claudex-setup 1.11.0 → 1.13.0

package/CHANGELOG.md

@@ -15,6 +15,24 @@
 - README and docs now reflect snapshot artifacts, governance export, and the Claude-native skill path
 - packaged content and public-facing counts are now aligned with the current CLAUDEX state
 
+## [1.13.0] - 2026-04-03
+
+### Added
+- 10 new checks (74→84): project description, directory structure, multiple hook types, stop-failure hook, skill paths, MCP env config, gitignore local settings, .env.example, package scripts, type checking
+- 15 new tests (58→73): history/compare/trend, new checks structure, CLI commands, deny depth, negative instructions, --require flag
+- All references updated to 74→84 checks
+
+## [1.12.0] - 2026-04-03
+
+### Added
+- 12 new checks (62→74): test coverage, agent tool restrictions, auto-memory, sandbox, deny rule depth, git attribution, effort level, snapshot history, worktree, negative instructions, output style, CI variants
+- 8 new stacks (22→30): Deno, Bun, Elixir, Astro, Remix, NestJS, Laravel, .NET
+- Deeper domain detection: llamaindex, crewai, autogen, ollama for AI/ML; paypal, square, adyen, medusa for ecommerce; chromatic, style-dictionary for design; capacitor, ionic for mobile
+
+### Fixed
+- `githubActionsOrCI` check used non-existent `ctx.hasFile()` — now uses `ctx.fileContent()`
+- `.NET` stack detection no longer uses glob patterns
+
 ## [1.11.0] - 2026-04-03
 
 ### Added

package/README.md

@@ -1,6 +1,6 @@
 # claudex-setup
 
-> Score your repo's Claude Code setup against 62 checks. See what's missing, apply only what you approve with rollback, and benchmark the impact — without breaking existing config.
+> Score your repo's Claude Code setup against 84 checks. See what's missing, apply only what you approve with rollback, and benchmark the impact — without breaking existing config.
 
 [![npm version](https://img.shields.io/npm/v/claudex-setup)](https://www.npmjs.com/package/claudex-setup)
 [![npm downloads](https://img.shields.io/npm/dm/claudex-setup)](https://www.npmjs.com/package/claudex-setup)
@@ -89,7 +89,7 @@ Most common gaps found: missing secrets protection, no deny rules, no mermaid di
       design: none (0/2)
      devops: none (0/4)
 
-  29/62 checks passing
+  29/84 checks passing
   Next command: npx claudex-setup setup
 ```
 
@@ -105,7 +105,7 @@ That prints a compact top-3 quick scan with one clear next command.
 
 | Command | What it does |
 |---------|-------------|
-| `npx claudex-setup` | **Discover** - Score 0-100 against 62 checks |
+| `npx claudex-setup` | **Discover** - Score 0-100 against 84 checks |
 | `npx claudex-setup discover` | **Discover** - Alias for audit mode |
 | `npx claudex-setup setup` | **Starter** - Smart CLAUDE.md + hooks + commands + agents |
 | `npx claudex-setup starter` | **Starter** - Alias for setup mode |
@@ -305,7 +305,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - uses: DnaFin/claudex-setup@v1.11.0
+      - uses: DnaFin/claudex-setup@v1.13.0
         with:
           threshold: 50
 ```

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claudex-setup",
-  "version": "1.11.0",
+  "version": "1.13.0",
   "description": "Score your repo's Claude Code setup against 62 checks. See gaps, apply fixes selectively with rollback, govern hooks and permissions, and benchmark impact — without breaking existing config.",
   "main": "src/index.js",
   "bin": {

package/src/domain-packs.js

@@ -231,6 +231,7 @@ function detectDomainPacks(ctx, stacks, assets = null) {
 
   // Mobile detection
   const isMobile = deps['react-native'] || deps.expo || deps.flutter ||
+    deps['@capacitor/core'] || deps['@ionic/angular'] || deps['@ionic/react'] ||
     ctx.files.includes('Podfile') || ctx.files.includes('build.gradle') ||
     ctx.files.includes('build.gradle.kts') || ctx.hasDir('ios') || ctx.hasDir('android');
   if (isMobile) {
@@ -257,7 +258,9 @@ function detectDomainPacks(ctx, stacks, assets = null) {
 
   // E-commerce detection
   const isEcommerce = deps.stripe || deps['@stripe/stripe-js'] || deps.shopify || deps['@shopify/shopify-api'] ||
-    deps.woocommerce || ctx.hasDir('products') || ctx.hasDir('checkout') || ctx.hasDir('cart');
+    deps.woocommerce || deps.paypal || deps['@paypal/react-paypal-js'] || deps.square || deps['@adyen/adyen-web'] ||
+    deps.medusa || deps.saleor ||
+    ctx.hasDir('products') || ctx.hasDir('checkout') || ctx.hasDir('cart');
   if (isEcommerce) {
     addMatch('ecommerce', [
       'Detected e-commerce dependencies or storefront structure.',
@@ -269,6 +272,8 @@ function detectDomainPacks(ctx, stacks, assets = null) {
   // AI/ML detection
   const isAiMl = deps.langchain || deps['@langchain/core'] || deps.openai || deps.anthropic ||
     deps['@anthropic-ai/sdk'] || deps.transformers || deps.torch || deps.tensorflow ||
+    deps.llamaindex || deps['llama-index'] || deps.crewai || deps.autogen ||
+    deps['@ai-sdk/core'] || deps.ollama ||
     ctx.hasDir('chains') || ctx.hasDir('agents') || ctx.hasDir('models') || ctx.hasDir('prompts');
   if (isAiMl && !hasData) {
     addMatch('ai-ml', [
@@ -292,8 +297,9 @@ function detectDomainPacks(ctx, stacks, assets = null) {
 
   // Design system detection
   const isDesignSystem = deps.storybook || deps['@storybook/react'] || deps['@storybook/vue3'] ||
+    deps.chromatic || deps['style-dictionary'] || deps['@tokens-studio/sd-transforms'] ||
     ctx.hasDir('tokens') || ctx.hasDir('design-tokens') ||
-    (ctx.hasDir('components') && ctx.hasDir('.storybook'));
+    ctx.hasDir('.storybook') || (ctx.hasDir('components') && ctx.hasDir('.storybook'));
   if (isDesignSystem) {
     addMatch('design-system', [
       'Detected design system or component library signals.',

package/src/techniques.js

@@ -946,6 +946,310 @@ const TECHNIQUES = {
     template: null
   },
 
+  // --- New checks: testing depth ---
+  testCoverage: {
+    id: 2010,
+    name: 'Test coverage or strategy mentioned',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /coverage|test.*strateg|e2e|integration test|unit test/i.test(md);
+    },
+    impact: 'medium', rating: 3, category: 'quality',
+    fix: 'Mention your testing strategy in CLAUDE.md (unit, integration, E2E, coverage targets).',
+    template: null
+  },
+
+  // --- New checks: agent depth ---
+  agentHasAllowedTools: {
+    id: 2011,
+    name: 'At least one agent restricts tools',
+    check: (ctx) => {
+      if (!ctx.hasDir('.claude/agents')) return null;
+      const files = ctx.dirFiles('.claude/agents');
+      if (files.length === 0) return null;
+      for (const f of files) {
+        const content = ctx.fileContent(`.claude/agents/${f}`) || '';
+        if (/tools:\s*\[/.test(content)) return true;
+      }
+      return false;
+    },
+    impact: 'medium', rating: 3, category: 'workflow',
+    fix: 'Add a tools restriction to agent frontmatter (e.g. tools: [Read, Grep]) for safer delegation.',
+    template: null
+  },
+
+  // --- New checks: memory / auto-memory ---
+  autoMemoryAwareness: {
+    id: 2012,
+    name: 'Auto-memory or memory management mentioned',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /auto.?memory|memory.*manage|remember|persistent.*context/i.test(md);
+    },
+    impact: 'low', rating: 3, category: 'memory',
+    fix: 'Claude Code supports auto-memory for cross-session learning. Mention your memory strategy if relevant.',
+    template: null
+  },
+
+  // --- New checks: sandbox / security depth ---
+  sandboxAwareness: {
+    id: 2013,
+    name: 'Sandbox or isolation mentioned',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      const settings = ctx.jsonFile('.claude/settings.json') || {};
+      return /sandbox|isolat/i.test(md) || !!settings.sandbox;
+    },
+    impact: 'medium', rating: 3, category: 'security',
+    fix: 'Claude Code supports sandboxed command execution. Consider enabling it for untrusted operations.',
+    template: null
+  },
+
+  denyRulesDepth: {
+    id: 2014,
+    name: 'Deny rules cover 3+ patterns',
+    check: (ctx) => {
+      const shared = ctx.jsonFile('.claude/settings.json');
+      const local = ctx.jsonFile('.claude/settings.local.json');
+      const deny = (shared?.permissions?.deny || []).concat(local?.permissions?.deny || []);
+      return deny.length >= 3;
+    },
+    impact: 'high', rating: 4, category: 'security',
+    fix: 'Add at least 3 deny rules: rm -rf, force-push, and .env reads. More patterns = safer Claude.',
+    template: null
+  },
+
+  // --- New checks: git depth ---
+  gitAttributionDecision: {
+    id: 2015,
+    name: 'Git attribution configured',
+    check: (ctx) => {
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      const local = ctx.jsonFile('.claude/settings.local.json') || {};
+      return shared.attribution !== undefined || local.attribution !== undefined ||
+             shared.includeCoAuthoredBy !== undefined || local.includeCoAuthoredBy !== undefined;
+    },
+    impact: 'low', rating: 3, category: 'git',
+    fix: 'Decide on git attribution: set attribution.commit or includeCoAuthoredBy in settings.',
+    template: null
+  },
+
+  // --- New checks: performance ---
+  effortLevelConfigured: {
+    id: 2016,
+    name: 'Effort level or thinking configuration',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      const local = ctx.jsonFile('.claude/settings.local.json') || {};
+      return /effort|thinking/i.test(md) || shared.effortLevel || local.effortLevel ||
+             shared.alwaysThinkingEnabled !== undefined || local.alwaysThinkingEnabled !== undefined;
+    },
+    impact: 'low', rating: 3, category: 'performance',
+    fix: 'Configure effortLevel or mention thinking strategy in CLAUDE.md for task-appropriate reasoning depth.',
+    template: null
+  },
+
+  // --- New checks: workflow depth ---
+  hasSnapshotHistory: {
+    id: 2017,
+    name: 'Audit snapshot history exists',
+    check: (ctx) => {
+      return !!ctx.fileContent('.claude/claudex-setup/snapshots/index.json');
+    },
+    impact: 'low', rating: 3, category: 'workflow',
+    fix: 'Run `npx claudex-setup --snapshot` to start tracking your setup score over time.',
+    template: null
+  },
+
+  worktreeAwareness: {
+    id: 2018,
+    name: 'Worktree or parallel sessions mentioned',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      return /worktree|parallel.*session/i.test(md) || !!shared.worktree;
+    },
+    impact: 'low', rating: 3, category: 'features',
+    fix: 'Claude Code supports git worktrees for parallel isolated sessions. Mention if relevant.',
+    template: null
+  },
+
+  // --- New checks: prompting depth ---
+  negativeInstructions: {
+    id: 2019,
+    name: 'CLAUDE.md includes "do not" instructions',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /do not|don't|never|avoid|must not/i.test(md);
+    },
+    impact: 'medium', rating: 4, category: 'prompting',
+    fix: 'Add explicit "do not" rules to CLAUDE.md. Negative constraints reduce common mistakes.',
+    template: null
+  },
+
+  outputStyleGuidance: {
+    id: 2020,
+    name: 'CLAUDE.md includes output or style guidance',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /style|format|convention|naming|pattern|prefer/i.test(md);
+    },
+    impact: 'medium', rating: 3, category: 'prompting',
+    fix: 'Add coding style and naming conventions to CLAUDE.md so Claude matches your project patterns.',
+    template: null
+  },
+
+  // --- New checks: devops depth ---
+  githubActionsOrCI: {
+    id: 2021,
+    name: 'GitHub Actions or CI configured',
+    check: (ctx) => {
+      return ctx.hasDir('.github/workflows') || !!ctx.fileContent('.circleci/config.yml') ||
+             !!ctx.fileContent('.gitlab-ci.yml') || !!ctx.fileContent('Jenkinsfile') ||
+             !!ctx.fileContent('.travis.yml') || !!ctx.fileContent('bitbucket-pipelines.yml');
+    },
+    impact: 'medium', rating: 3, category: 'devops',
+    fix: 'Add CI pipeline for automated testing. Claude Code has a GitHub Action for audit gates.',
+    template: null
+  },
+
+  // --- New checks: depth round 2 ---
+  projectDescriptionInClaudeMd: {
+    id: 2022,
+    name: 'CLAUDE.md describes what the project does',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /what.*does|overview|purpose|about|description|project.*is/i.test(md) && md.length > 100;
+    },
+    impact: 'high', rating: 4, category: 'memory',
+    fix: 'Start CLAUDE.md with a clear project description. Claude needs to know what your project does.',
+    template: null
+  },
+
+  directoryStructureInClaudeMd: {
+    id: 2023,
+    name: 'CLAUDE.md documents directory structure',
+    check: (ctx) => {
+      const md = ctx.fileContent('CLAUDE.md') || '';
+      return /src\/|app\/|lib\/|structure|director|folder/i.test(md);
+    },
+    impact: 'medium', rating: 4, category: 'memory',
+    fix: 'Document your directory structure in CLAUDE.md so Claude navigates your codebase efficiently.',
+    template: null
+  },
+
+  multipleHookTypes: {
+    id: 2024,
+    name: '2+ hook event types configured',
+    check: (ctx) => {
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      const local = ctx.jsonFile('.claude/settings.local.json') || {};
+      const hooks = { ...(shared.hooks || {}), ...(local.hooks || {}) };
+      return Object.keys(hooks).length >= 2;
+    },
+    impact: 'medium', rating: 3, category: 'automation',
+    fix: 'Add at least 2 hook types (e.g. PostToolUse for linting + SessionStart for initialization).',
+    template: null
+  },
+
+  stopFailureHook: {
+    id: 2025,
+    name: 'StopFailure or error handling hook',
+    check: (ctx) => {
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      const local = ctx.jsonFile('.claude/settings.local.json') || {};
+      return !!(shared.hooks?.StopFailure || shared.hooks?.Stop || local.hooks?.StopFailure || local.hooks?.Stop);
+    },
+    impact: 'low', rating: 3, category: 'automation',
+    fix: 'Add a StopFailure hook to log errors for debugging. Helps track why Claude stops unexpectedly.',
+    template: null
+  },
+
+  skillUsesPaths: {
+    id: 2026,
+    name: 'At least one skill uses paths for scoping',
+    check: (ctx) => {
+      if (!ctx.hasDir('.claude/skills')) return null;
+      const files = ctx.dirFiles('.claude/skills');
+      if (files.length === 0) return null;
+      for (const f of files) {
+        const content = ctx.fileContent(`.claude/skills/${f}`) || '';
+        if (/paths:/i.test(content)) return true;
+      }
+      return false;
+    },
+    impact: 'low', rating: 3, category: 'workflow',
+    fix: 'Add paths to skill frontmatter to scope when skills activate (e.g. paths: ["src/**/*.ts"]).',
+    template: null
+  },
+
+  mcpHasEnvConfig: {
+    id: 2027,
+    name: 'MCP servers have environment configuration',
+    check: (ctx) => {
+      const shared = ctx.jsonFile('.claude/settings.json') || {};
+      const local = ctx.jsonFile('.claude/settings.local.json') || {};
+      const mcp = ctx.jsonFile('.mcp.json') || {};
+      const allServers = { ...(shared.mcpServers || {}), ...(local.mcpServers || {}), ...(mcp.mcpServers || {}) };
+      if (Object.keys(allServers).length === 0) return null;
+      return Object.values(allServers).some(s => s.env && Object.keys(s.env).length > 0);
+    },
+    impact: 'low', rating: 3, category: 'tools',
+    fix: 'Configure environment variables for MCP servers that need authentication (e.g. GITHUB_TOKEN).',
+    template: null
+  },
+
+  gitIgnoreClaudeLocal: {
+    id: 2028,
+    name: '.gitignore excludes settings.local.json',
+    check: (ctx) => {
+      const gitignore = ctx.fileContent('.gitignore') || '';
+      return /settings\.local\.json|settings\.local/i.test(gitignore);
+    },
+    impact: 'medium', rating: 4, category: 'git',
+    fix: 'Add .claude/settings.local.json to .gitignore. Personal overrides should not be committed.',
+    template: null
+  },
+
+  envExampleExists: {
+    id: 2029,
+    name: '.env.example or .env.template exists',
+    check: (ctx) => {
+      return !!(ctx.fileContent('.env.example') || ctx.fileContent('.env.template') || ctx.fileContent('.env.sample'));
+    },
+    impact: 'low', rating: 3, category: 'hygiene',
+    fix: 'Add .env.example so new developers know which environment variables are needed.',
+    template: null
+  },
+
+  packageJsonHasScripts: {
+    id: 2030,
+    name: 'package.json has dev/test/build scripts',
+    check: (ctx) => {
+      const pkg = ctx.jsonFile('package.json');
+      if (!pkg) return null;
+      const scripts = pkg.scripts || {};
+      const has = (k) => !!scripts[k];
+      return has('test') || has('dev') || has('build') || has('start');
+    },
+    impact: 'medium', rating: 3, category: 'hygiene',
+    fix: 'Add scripts to package.json (test, dev, build). Claude uses these for verification.',
+    template: null
+  },
+
+  typeCheckingConfigured: {
+    id: 2031,
+    name: 'Type checking configured (TypeScript or similar)',
+    check: (ctx) => {
+      return !!(ctx.fileContent('tsconfig.json') || ctx.fileContent('jsconfig.json') ||
+        ctx.fileContent('pyrightconfig.json') || ctx.fileContent('mypy.ini'));
+    },
+    impact: 'medium', rating: 3, category: 'quality',
+    fix: 'Add type checking configuration. Type-safe code produces fewer Claude errors.',
+    template: null
+  },
+
   noDeprecatedPatterns: {
     id: 2009,
     name: 'No deprecated patterns detected',
@@ -992,6 +1296,14 @@ const STACKS = {
   kubernetes: { files: ['k8s', 'kubernetes', 'helm'], content: {}, label: 'Kubernetes' },
   cpp: { files: ['CMakeLists.txt', 'Makefile', '.clang-format'], content: {}, label: 'C++' },
   bazel: { files: ['BUILD', 'WORKSPACE', 'BUILD.bazel', 'WORKSPACE.bazel'], content: {}, label: 'Bazel' },
+  deno: { files: ['deno.json', 'deno.jsonc', 'deno.lock'], content: {}, label: 'Deno' },
+  bun: { files: ['bun.lockb', 'bunfig.toml'], content: {}, label: 'Bun' },
+  elixir: { files: ['mix.exs'], content: {}, label: 'Elixir' },
+  astro: { files: ['astro.config.mjs', 'astro.config.ts'], content: {}, label: 'Astro' },
+  remix: { files: ['remix.config.js', 'remix.config.ts'], content: {}, label: 'Remix' },
+  nestjs: { files: ['nest-cli.json'], content: {}, label: 'NestJS' },
+  laravel: { files: ['artisan'], content: {}, label: 'Laravel' },
+  dotnet: { files: ['global.json', 'Directory.Build.props'], content: {}, label: '.NET' },
 };
 
 module.exports = { TECHNIQUES, STACKS };