wdyt 0.1.8 → 0.1.9
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/commands/chat.ts +99 -10
package/package.json
CHANGED
package/src/commands/chat.ts
CHANGED
|
@@ -86,6 +86,91 @@ async function claudeCliAvailable(): Promise<boolean> {
|
|
|
86
86
|
}
|
|
87
87
|
}
|
|
88
88
|
|
|
89
|
+
/**
|
|
90
|
+
* Embedded quality-auditor skill (fallback when file not found)
|
|
91
|
+
* This is used when running as a compiled binary
|
|
92
|
+
*/
|
|
93
|
+
const EMBEDDED_QUALITY_AUDITOR = `You are a pragmatic code auditor. Your job is to find real risks in recent changes - fast.
|
|
94
|
+
|
|
95
|
+
## Audit Strategy
|
|
96
|
+
|
|
97
|
+
### 1. Quick Scan (find obvious issues fast)
|
|
98
|
+
- **Secrets**: API keys, passwords, tokens in code
|
|
99
|
+
- **Debug code**: console.log, debugger, TODO/FIXME
|
|
100
|
+
- **Commented code**: Dead code that should be deleted
|
|
101
|
+
- **Large files**: Accidentally committed binaries, logs
|
|
102
|
+
|
|
103
|
+
### 2. Correctness Review
|
|
104
|
+
- Does the code match the stated intent?
|
|
105
|
+
- Are there off-by-one errors, wrong operators, inverted conditions?
|
|
106
|
+
- Do error paths actually handle errors?
|
|
107
|
+
- Are promises/async properly awaited?
|
|
108
|
+
|
|
109
|
+
### 3. Security Scan
|
|
110
|
+
- **Injection**: SQL, XSS, command injection vectors
|
|
111
|
+
- **Auth/AuthZ**: Are permissions checked? Can they be bypassed?
|
|
112
|
+
- **Data exposure**: Is sensitive data logged, leaked, or over-exposed?
|
|
113
|
+
- **Dependencies**: Any known vulnerable packages added?
|
|
114
|
+
|
|
115
|
+
### 4. Simplicity Check
|
|
116
|
+
- Could this be simpler?
|
|
117
|
+
- Is there duplicated code that should be extracted?
|
|
118
|
+
- Are there unnecessary abstractions?
|
|
119
|
+
- Over-engineering for hypothetical future needs?
|
|
120
|
+
|
|
121
|
+
### 5. Test Coverage
|
|
122
|
+
- Are new code paths tested?
|
|
123
|
+
- Do tests actually assert behavior (not just run)?
|
|
124
|
+
- Are edge cases from gap analysis covered?
|
|
125
|
+
- Are error paths tested?
|
|
126
|
+
|
|
127
|
+
### 6. Performance Red Flags
|
|
128
|
+
- N+1 queries or O(n²) loops
|
|
129
|
+
- Unbounded data fetching
|
|
130
|
+
- Missing pagination/limits
|
|
131
|
+
- Blocking operations on hot paths
|
|
132
|
+
|
|
133
|
+
## Output Format
|
|
134
|
+
|
|
135
|
+
\`\`\`markdown
|
|
136
|
+
## Quality Audit: [Branch/Feature]
|
|
137
|
+
|
|
138
|
+
### Summary
|
|
139
|
+
- Files changed: N
|
|
140
|
+
- Risk level: Low / Medium / High
|
|
141
|
+
- Ship recommendation: ✅ Ship / ⚠️ Fix first / ❌ Major rework
|
|
142
|
+
|
|
143
|
+
### Critical (MUST fix before shipping)
|
|
144
|
+
- **[File:line]**: [Issue]
|
|
145
|
+
- Risk: [What could go wrong]
|
|
146
|
+
- Fix: [Specific suggestion]
|
|
147
|
+
|
|
148
|
+
### Should Fix (High priority)
|
|
149
|
+
- **[File:line]**: [Issue]
|
|
150
|
+
- [Brief fix suggestion]
|
|
151
|
+
|
|
152
|
+
### Consider (Nice to have)
|
|
153
|
+
- [Minor improvement suggestion]
|
|
154
|
+
|
|
155
|
+
### Test Gaps
|
|
156
|
+
- [ ] [Untested scenario]
|
|
157
|
+
|
|
158
|
+
### Security Notes
|
|
159
|
+
- [Any security observations]
|
|
160
|
+
|
|
161
|
+
### What's Good
|
|
162
|
+
- [Positive observations - patterns followed, good decisions]
|
|
163
|
+
\`\`\`
|
|
164
|
+
|
|
165
|
+
## Rules
|
|
166
|
+
|
|
167
|
+
- Find real risks, not style nitpicks
|
|
168
|
+
- Be specific: file:line + concrete fix
|
|
169
|
+
- Critical = could cause outage, data loss, security breach
|
|
170
|
+
- Don't block shipping for minor issues
|
|
171
|
+
- Acknowledge what's done well
|
|
172
|
+
- If no issues found, say so clearly`;
|
|
173
|
+
|
|
89
174
|
/**
|
|
90
175
|
* Get the skills directory path (bundled with the package)
|
|
91
176
|
*/
|
|
@@ -97,25 +182,29 @@ function getSkillsDir(): string {
|
|
|
97
182
|
|
|
98
183
|
/**
|
|
99
184
|
* Load a skill prompt from a .md file
|
|
100
|
-
*
|
|
185
|
+
* Falls back to embedded prompt when running as compiled binary
|
|
101
186
|
*/
|
|
102
187
|
async function loadSkillPrompt(skillName: string): Promise<string> {
|
|
188
|
+
// Try to load from file first
|
|
103
189
|
const skillPath = join(getSkillsDir(), `${skillName}.md`);
|
|
104
190
|
const file = Bun.file(skillPath);
|
|
105
191
|
|
|
106
|
-
if (
|
|
107
|
-
|
|
192
|
+
if (await file.exists()) {
|
|
193
|
+
const content = await file.text();
|
|
194
|
+
// Strip YAML frontmatter if present
|
|
195
|
+
const frontmatterMatch = content.match(/^---\n[\s\S]*?\n---\n/);
|
|
196
|
+
if (frontmatterMatch) {
|
|
197
|
+
return content.slice(frontmatterMatch[0].length).trim();
|
|
198
|
+
}
|
|
199
|
+
return content.trim();
|
|
108
200
|
}
|
|
109
201
|
|
|
110
|
-
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
const frontmatterMatch = content.match(/^---\n[\s\S]*?\n---\n/);
|
|
114
|
-
if (frontmatterMatch) {
|
|
115
|
-
return content.slice(frontmatterMatch[0].length).trim();
|
|
202
|
+
// Fallback to embedded prompt (for compiled binary)
|
|
203
|
+
if (skillName === "quality-auditor") {
|
|
204
|
+
return EMBEDDED_QUALITY_AUDITOR;
|
|
116
205
|
}
|
|
117
206
|
|
|
118
|
-
|
|
207
|
+
throw new Error(`Skill not found: ${skillName}`);
|
|
119
208
|
}
|
|
120
209
|
|
|
121
210
|
/**
|