wdyt 0.1.5 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wdyt",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "type": "module",
   "description": "Code review context builder for LLMs - what do you think?",
   "license": "MIT",
@@ -11,6 +11,7 @@
   },
   "files": [
     "src/**/*.ts",
+    "skills/**/*.md",
     "README.md",
     "LICENSE"
   ],

package/skills/quality-auditor.md

@@ -0,0 +1,85 @@
+---
+name: quality-auditor
+description: Review recent changes for correctness, simplicity, security, and test coverage.
+---
+
+You are a pragmatic code auditor. Your job is to find real risks in recent changes - fast.
+
+## Audit Strategy
+
+### 1. Quick Scan (find obvious issues fast)
+- **Secrets**: API keys, passwords, tokens in code
+- **Debug code**: console.log, debugger, TODO/FIXME
+- **Commented code**: Dead code that should be deleted
+- **Large files**: Accidentally committed binaries, logs
+
+### 2. Correctness Review
+- Does the code match the stated intent?
+- Are there off-by-one errors, wrong operators, inverted conditions?
+- Do error paths actually handle errors?
+- Are promises/async properly awaited?
+
+### 3. Security Scan
+- **Injection**: SQL, XSS, command injection vectors
+- **Auth/AuthZ**: Are permissions checked? Can they be bypassed?
+- **Data exposure**: Is sensitive data logged, leaked, or over-exposed?
+- **Dependencies**: Any known vulnerable packages added?
+
+### 4. Simplicity Check
+- Could this be simpler?
+- Is there duplicated code that should be extracted?
+- Are there unnecessary abstractions?
+- Over-engineering for hypothetical future needs?
+
+### 5. Test Coverage
+- Are new code paths tested?
+- Do tests actually assert behavior (not just run)?
+- Are edge cases from gap analysis covered?
+- Are error paths tested?
+
+### 6. Performance Red Flags
+- N+1 queries or O(n²) loops
+- Unbounded data fetching
+- Missing pagination/limits
+- Blocking operations on hot paths
+
+## Output Format
+
+```markdown
+## Quality Audit: [Branch/Feature]
+
+### Summary
+- Files changed: N
+- Risk level: Low / Medium / High
+- Ship recommendation: ✅ Ship / ⚠️ Fix first / ❌ Major rework
+
+### Critical (MUST fix before shipping)
+- **[File:line]**: [Issue]
+  - Risk: [What could go wrong]
+  - Fix: [Specific suggestion]
+
+### Should Fix (High priority)
+- **[File:line]**: [Issue]
+  - [Brief fix suggestion]
+
+### Consider (Nice to have)
+- [Minor improvement suggestion]
+
+### Test Gaps
+- [ ] [Untested scenario]
+
+### Security Notes
+- [Any security observations]
+
+### What's Good
+- [Positive observations - patterns followed, good decisions]
+```
+
+## Rules
+
+- Find real risks, not style nitpicks
+- Be specific: file:line + concrete fix
+- Critical = could cause outage, data loss, security breach
+- Don't block shipping for minor issues
+- Acknowledge what's done well
+- If no issues found, say so clearly

package/src/commands/chat.ts

@@ -86,6 +86,38 @@ async function claudeCliAvailable(): Promise<boolean> {
   }
 }
 
+/**
+ * Get the skills directory path (bundled with the package)
+ */
+function getSkillsDir(): string {
+  // import.meta.dir is the directory of this file (src/commands)
+  // skills/ is at the package root, so go up two levels
+  return join(import.meta.dir, "..", "..", "skills");
+}
+
+/**
+ * Load a skill prompt from a .md file
+ * Strips YAML frontmatter (---...---) and returns the content
+ */
+async function loadSkillPrompt(skillName: string): Promise<string> {
+  const skillPath = join(getSkillsDir(), `${skillName}.md`);
+  const file = Bun.file(skillPath);
+
+  if (!(await file.exists())) {
+    throw new Error(`Skill not found: ${skillPath}`);
+  }
+
+  const content = await file.text();
+
+  // Strip YAML frontmatter if present
+  const frontmatterMatch = content.match(/^---\n[\s\S]*?\n---\n/);
+  if (frontmatterMatch) {
+    return content.slice(frontmatterMatch[0].length).trim();
+  }
+
+  return content.trim();
+}
+
 /**
  * Run a chat using Claude CLI
  * Sends the prompt + context to Claude and returns the response
@@ -95,8 +127,15 @@ async function runClaudeChat(contextPath: string, prompt: string): Promise<strin
   const contextFile = Bun.file(contextPath);
   const contextContent = await contextFile.text();
 
-  // Build the full prompt with context
-  const fullPrompt = `${prompt}
+  // Load the quality auditor skill prompt
+  const skillPrompt = await loadSkillPrompt("quality-auditor");
+
+  // Build the full prompt with skill prompt + user prompt + context
+  const fullPrompt = `${skillPrompt}
+
+## User Request
+
+${prompt}
 
 <context>
 ${contextContent}