claudex-setup 1.3.0 → 1.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/bin/cli.js +6 -0
  2. package/package.json +1 -1
  3. package/src/audit.js +12 -1
  4. package/src/setup.js +98 -6
package/bin/cli.js CHANGED
@@ -49,6 +49,12 @@ async function main() {
49
49
  dir: process.cwd()
50
50
  };
51
51
 
52
+ if (!require('fs').existsSync(options.dir)) {
53
+ console.error(`\n Error: Directory not found: ${options.dir}`);
54
+ console.error(' Run claudex-setup from inside your project directory.\n');
55
+ process.exit(1);
56
+ }
57
+
52
58
  try {
53
59
  if (command === 'badge') {
54
60
  const { getBadgeMarkdown } = require('../src/badge');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "claudex-setup",
3
- "version": "1.3.0",
3
+ "version": "1.5.0",
4
4
  "description": "Audit and optimize any project for Claude Code. Powered by 1107 verified techniques.",
5
5
  "main": "src/index.js",
6
6
  "bin": {
package/src/audit.js CHANGED
@@ -97,7 +97,18 @@ async function audit(options) {
97
97
  }
98
98
 
99
99
  if (options.json) {
100
- console.log(JSON.stringify({ score, stacks, passed: passed.length, failed: failed.length, results }, null, 2));
100
+ const { version } = require('../package.json');
101
+ console.log(JSON.stringify({
102
+ version,
103
+ timestamp: new Date().toISOString(),
104
+ score,
105
+ stacks,
106
+ passed: passed.length,
107
+ failed: failed.length,
108
+ skipped: skipped.length,
109
+ checkCount: applicable.length,
110
+ results
111
+ }, null, 2));
101
112
  return { score, passed: passed.length, failed: failed.length, stacks, results };
102
113
  }
103
114
 
package/src/setup.js CHANGED
@@ -29,8 +29,7 @@ function detectScripts(ctx) {
29
29
  // Helper: detect key dependencies and generate guidelines
30
30
  // ============================================================
31
31
  function detectDependencies(ctx) {
32
- const pkg = ctx.jsonFile('package.json');
33
- if (!pkg) return [];
32
+ const pkg = ctx.jsonFile('package.json') || {};
34
33
  const allDeps = { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) };
35
34
  const guidelines = [];
36
35
 
@@ -153,6 +152,66 @@ function detectDependencies(ctx) {
153
152
  if (reqTxt.includes('redis')) {
154
153
  guidelines.push('- Redis is available for caching and task queues');
155
154
  }
155
+ if (reqTxt.includes('langchain')) {
156
+ guidelines.push('- Use LangChain for chain/agent orchestration. Define chains in chains/ directory');
157
+ }
158
+ if (reqTxt.includes('openai')) {
159
+ guidelines.push('- OpenAI SDK available. Use structured outputs where possible');
160
+ }
161
+ if (reqTxt.includes('anthropic')) {
162
+ guidelines.push('- Anthropic SDK available. Prefer Claude for complex reasoning tasks');
163
+ }
164
+ if (reqTxt.includes('chromadb')) {
165
+ guidelines.push('- Use ChromaDB for local vector storage. Persist collections to disk');
166
+ }
167
+ if (reqTxt.includes('pinecone')) {
168
+ guidelines.push('- Use Pinecone for production vector search. Define index schemas upfront');
169
+ }
170
+ if (reqTxt.includes('mlflow')) {
171
+ guidelines.push('- Use MLflow for experiment tracking. Log all model parameters and metrics');
172
+ }
173
+ if (reqTxt.includes('wandb')) {
174
+ guidelines.push('- Use Weights & Biases for experiment tracking and visualization');
175
+ }
176
+ if (reqTxt.includes('transformers')) {
177
+ guidelines.push('- HuggingFace Transformers available. Use AutoModel/AutoTokenizer for loading');
178
+ }
179
+
180
+ // JS AI/ML/Cloud deps
181
+ if (allDeps['@anthropic-ai/sdk']) {
182
+ guidelines.push('- Anthropic SDK configured. Use Messages API with structured tool_use for agents');
183
+ }
184
+ if (allDeps['openai']) {
185
+ guidelines.push('- OpenAI SDK available. Use structured outputs and function calling');
186
+ }
187
+ if (allDeps['@modelcontextprotocol/sdk']) {
188
+ guidelines.push('- MCP SDK available. Build MCP servers with stdio transport');
189
+ }
190
+ if (allDeps['langchain'] || allDeps['@langchain/core']) {
191
+ guidelines.push('- LangChain available. Use LCEL for chain composition');
192
+ }
193
+ if (allDeps['@aws-sdk/client-s3'] || allDeps['@aws-sdk/client-dynamodb']) {
194
+ guidelines.push('- AWS SDK v3 configured. Use modular imports, not aws-sdk v2');
195
+ }
196
+ if (allDeps['@aws-cdk/aws-lambda'] || allDeps['aws-cdk-lib']) {
197
+ guidelines.push('- AWS CDK available. Define stacks in lib/, constructs as separate classes');
198
+ }
199
+
200
+ // Security middleware
201
+ if (allDeps['express-rate-limit']) {
202
+ guidelines.push('- Rate limiting configured. Apply to auth endpoints. Set appropriate windowMs and max values');
203
+ }
204
+ if (allDeps['hpp']) {
205
+ guidelines.push('- HPP (HTTP Parameter Pollution) protection enabled');
206
+ }
207
+ if (allDeps['csurf']) {
208
+ guidelines.push('- CSRF protection enabled. Ensure tokens are included in all state-changing requests');
209
+ }
210
+
211
+ // AWS Lambda
212
+ if (allDeps['@aws-sdk/client-lambda'] || allDeps['@aws-cdk/aws-lambda'] || allDeps['aws-cdk-lib']) {
213
+ guidelines.push('- Lambda handlers: keep cold start fast, use layers for deps, set appropriate memory/timeout');
214
+ }
156
215
 
157
216
  return guidelines;
158
217
  }
@@ -328,7 +387,14 @@ function getFrameworkInstructions(stacks) {
328
387
  - Prefer Server Components by default; add 'use client' only when needed
329
388
  - Use next/image for images, next/link for navigation
330
389
  - API routes go in app/api/ (App Router) or pages/api/ (Pages Router)
331
- - Use loading.tsx, error.tsx, and not-found.tsx for route-level UX`);
390
+ - Use loading.tsx, error.tsx, and not-found.tsx for route-level UX
391
+
392
+ ### Next.js App Router
393
+ - Default to Server Components. Add 'use client' only when needed (hooks, events, browser APIs)
394
+ - Use Server Actions for mutations. Validate with Zod, call revalidatePath after writes
395
+ - Route handlers in app/api/ export named functions: GET, POST, PUT, DELETE
396
+ - Use loading.tsx, error.tsx, not-found.tsx for route-level UI states
397
+ - Middleware in middleware.ts for auth checks, redirects, headers`);
332
398
  } else if (stackKeys.includes('react')) {
333
399
  sections.push(`### React
334
400
  - Use functional components with hooks exclusively
@@ -401,7 +467,10 @@ function getFrameworkInstructions(stacks) {
401
467
  - Handle all errors explicitly — never ignore err returns
402
468
  - Use context.Context for cancellation and timeouts
403
469
  - Prefer table-driven tests
404
- - Run \`go vet\` and \`golangci-lint\` before committing`);
470
+ - Run \`go vet\` and \`golangci-lint\` before committing
471
+ - If using gRPC: define .proto files in proto/ or pkg/proto, generate with protoc
472
+ - If Makefile exists: use make targets for build/test/lint
473
+ - Organize: cmd/ for entry points, internal/ for private packages, pkg/ for public`);
405
474
  }
406
475
 
407
476
  if (stackKeys.includes('terraform')) {
@@ -410,7 +479,10 @@ function getFrameworkInstructions(stacks) {
410
479
  - Always run \`terraform plan\` before \`terraform apply\`
411
480
  - Store state remotely (S3 + DynamoDB, or Terraform Cloud)
412
481
  - Use variables.tf for all configurable values
413
- - Tag all resources consistently`);
482
+ - Tag all resources consistently
483
+ - If using Helm: define charts in charts/ or helm/, use values.yaml for config
484
+ - Lock providers: always commit .terraform.lock.hcl
485
+ - Use terraform fmt before committing`);
414
486
  }
415
487
 
416
488
  const hasJS = stackKeys.some(k => ['react', 'vue', 'angular', 'nextjs', 'node', 'svelte'].includes(k));
@@ -480,10 +552,24 @@ npm run lint # or: npx eslint .`;
480
552
 
481
553
  // --- Framework-specific instructions ---
482
554
  const frameworkInstructions = getFrameworkInstructions(stacks);
483
- const stackSection = frameworkInstructions
555
+ let stackSection = frameworkInstructions
484
556
  ? `\n## Stack-Specific Guidelines\n\n${frameworkInstructions}\n`
485
557
  : '';
486
558
 
559
+ // Check for security-focused project
560
+ const pkg2 = ctx.jsonFile('package.json') || {};
561
+ const allDeps2 = { ...(pkg2.dependencies || {}), ...(pkg2.devDependencies || {}) };
562
+ const hasSecurityDeps = allDeps2['helmet'] || allDeps2['jsonwebtoken'] || allDeps2['bcrypt'] || allDeps2['passport'];
563
+ if (hasSecurityDeps) {
564
+ stackSection += '\n### Security Best Practices\n';
565
+ stackSection += '- Follow OWASP Top 10 — run /security-review regularly\n';
566
+ stackSection += '- Never log sensitive data (passwords, tokens, PII)\n';
567
+ stackSection += '- Use parameterized queries — never string concatenation for SQL\n';
568
+ stackSection += '- Set security headers via Helmet. Review CSP policy for your frontend\n';
569
+ stackSection += '- Rate limit all authentication endpoints\n';
570
+ stackSection += '- Validate and sanitize all user input at API boundaries\n';
571
+ }
572
+
487
573
  // --- TypeScript-specific additions ---
488
574
  let tsSection = '';
489
575
  if (hasTS) {
@@ -564,6 +650,12 @@ Before completing any task, confirm:
564
650
  ${verificationSteps.join('\n')}
565
651
  </verification>
566
652
 
653
+ ## Context Management
654
+ - Use /compact when context gets large (above 50% capacity)
655
+ - Prefer focused sessions — one task per conversation
656
+ - If a session gets too long, start fresh with /clear
657
+ - Use subagents for research tasks to keep main context clean
658
+
567
659
  ## Workflow
568
660
  - Verify changes with tests before committing
569
661
  - Use descriptive commit messages (why, not what)