lite-kits 0.1.0__py3-none-any.whl → 0.1.1__py3-none-any.whl

lite_kits/kits/project/README.md

@@ -2,7 +2,7 @@
 
 **Status**: ✅ Recommended (Default)
 
-Essential project-level utilities and enhancements for vanilla spec-kit. Includes agent orientation, code review, quality checks, and enhanced feature creation scripts.
+Essential project-level utilities and enhancements for vanilla spec-kit. Includes agent orientation, quality checks, and enhanced feature creation scripts.
 
 ## What It Adds
 
@@ -11,7 +11,6 @@ Essential project-level utilities and enhancements for vanilla spec-kit. Include
 | Command | Claude Code | GitHub Copilot | Description |
 |---------|-------------|----------------|-------------|
 | `/orient` | ✅ | ✅ | Agent orientation protocol (most essential!) |
-| `/review` | 🚧 | 🚧 | Code review helper |
 | `/audit` | 🚧 | 🚧 | Security & quality audit |
 | `/stats` | 🚧 | 🚧 | Project statistics |
 
@@ -41,12 +40,10 @@ lite-kits install -Kit project
 your-project/
 ├── .claude/commands/              # If Claude Code detected
 │   ├── orient.md                  # ✅ Essential!
-│   ├── review.md                  # 🚧 Coming Soon
 │   ├── audit.md                   # 🚧 Coming Soon
 │   └── stats.md                   # 🚧 Coming Soon
 ├── .github/prompts/               # If GitHub Copilot detected
 │   ├── orient.prompt.md           # ✅ Essential!
-│   ├── review.prompt.md           # 🚧 Coming Soon
 │   ├── audit.prompt.md            # 🚧 Coming Soon
 │   └── stats.prompt.md            # 🚧 Coming Soon
 └── .specify/scripts/              # Enhanced vanilla scripts
@@ -102,19 +99,6 @@ your-project/
 
 ---
 
-### `/review` - Code Review (Coming Soon)
-
-**Purpose**: Review code changes against project constitution and best practices.
-
-**What it will do**:
-- Check staged changes against constitution principles
-- Identify common code smells
-- Suggest improvements
-- Verify test coverage
-- Check documentation completeness
-
----
-
 ### `/audit` - Security & Quality Audit (Coming Soon)
 
 **Purpose**: Scan for security issues and quality problems.
@@ -180,11 +164,11 @@ your-project/
 
 ### Team with Multiple Agents
 **Install**: `--recommended` + `--kit=multiagent`
-**Use**: `/orient` + `/review` before committing
+**Use**: `/orient` at start of every session
 
 ### Security-Focused Project
 **Install**: `--recommended`
-**Use**: `/audit` regularly, `/review` on every change
+**Use**: `/audit` regularly for security scans
 
 ### Custom Workflow Needs
 **Install**: `--kit=project`
@@ -206,7 +190,7 @@ No configuration needed - works out of the box.
 
 **None** - project-kit is standalone.
 
-**Note**: multiagent-kit recommends project-kit for `/review` and best practices.
+**Note**: Works great with git-kit for complete workflow automation.
 
 ---
 
@@ -226,8 +210,8 @@ lite-kits remove -Kit project
 ```
 
 Removes:
-- `.claude/commands/{orient,review,audit,stats}.md`
-- `.github/prompts/{orient,review,audit,stats}.prompt.md`
+- `.claude/commands/{orient,audit,stats}.md`
+- `.github/prompts/{orient,audit,stats}.prompt.md`
 - `.specify/scripts/{bash,powershell}/create-feature-enhanced.{sh,ps1}`
 
 ---

lite_kits/kits/project/claude/commands/audit.md

@@ -0,0 +1,143 @@
+---
+description: Perform security analysis on dependencies and code patterns
+---
+
+# Security Audit Helper
+
+**Purpose**: Quick security analysis for AI agents working on features involving authentication, data handling, or external dependencies.
+
+## Execution Steps
+
+Execute the following steps to perform a security audit:
+
+### 1. Detect Project Type and Dependencies
+
+```bash
+# Check for Python dependencies
+ls requirements.txt pyproject.toml setup.py 2>/dev/null
+
+# Check for Node.js dependencies
+ls package.json package-lock.json 2>/dev/null
+
+# Check for Rust dependencies
+ls Cargo.toml Cargo.lock 2>/dev/null
+
+# Check for Go dependencies
+ls go.mod go.sum 2>/dev/null
+```
+
+### 2. Run Dependency Vulnerability Scan
+
+**Python projects**:
+```bash
+# Check if pip-audit is available
+command -v pip-audit >/dev/null 2>&1
+
+# If available, run scan
+pip-audit
+
+# If not available, suggest installation
+echo "Install pip-audit: pip install pip-audit"
+```
+
+**Node.js projects**:
+```bash
+# npm audit is built-in
+npm audit
+
+# Or use yarn
+yarn audit
+```
+
+**Other languages**: Suggest appropriate tools (cargo audit, go list, etc.)
+
+### 3. Scan for Common Security Anti-Patterns
+
+Check source code for security issues:
+
+```bash
+# Look for potential hardcoded secrets
+grep -r "API_KEY\s*=\s*['\"]" src/ 2>/dev/null | head -5
+grep -r "PASSWORD\s*=\s*['\"]" src/ 2>/dev/null | head -5
+grep -r "SECRET\s*=\s*['\"]" src/ 2>/dev/null | head -5
+
+# Look for weak crypto patterns (Python)
+grep -r "md5\|sha1" src/ 2>/dev/null | head -5
+
+# Look for SQL injection risks
+grep -r "execute.*%\|execute.*+" src/ 2>/dev/null | head -5
+```
+
+**Common patterns to flag**:
+- Hardcoded API keys, passwords, tokens
+- Weak cryptographic algorithms (MD5, SHA1)
+- SQL string concatenation
+- Eval/exec with user input
+- Insecure file permissions
+
+### 4. Generate Concise Report
+
+Provide analysis in this format (~150 words max):
+
+```markdown
+## Security Audit
+
+**Dependencies**: N scanned, M vulnerabilities found
+
+**Vulnerabilities** (if any):
+- package-name==version: [SEVERITY] - Brief description
+- Link to advisory for details
+
+**Code Patterns** (if any):
+- file.py:line: [PATTERN] - Recommendation
+
+**Next Action**: [Fix CVE-XXXX / Update package / Review auth code]
+```
+
+## Important Notes
+
+- **Graceful fallbacks**: If audit tools not installed, do basic pattern checks only
+- **Be concise**: Target <150 words total output
+- **Prioritize**: Show highest severity issues first
+- **Avoid false positives**: Note that manual review may be needed
+- **No dependencies**: Report "No dependencies to audit" gracefully
+- **Cross-platform**: Use commands available on Windows, macOS, Linux
+
+## Edge Cases
+
+- **No dependency files**: "No dependencies found. This appears to be a dependency-free project."
+- **Tool not installed**: Provide installation command, run basic grep checks
+- **No vulnerabilities**: "✅ No known vulnerabilities found! Consider reviewing auth/data handling patterns."
+- **Too many issues**: Sample top 5, note total count
+
+## Example Output
+
+```markdown
+## Security Audit
+
+**Dependencies**: 12 scanned, 2 vulnerabilities found
+
+**Vulnerabilities**:
+- requests==2.25.0: MEDIUM - CVE-2023-32681 (Proxy-Auth header leak)
+  Update to: requests>=2.31.0
+
+**Code Patterns**:
+- src/auth.py:42: Hardcoded API key detected
+- src/db.py:103: SQL string concatenation (injection risk)
+
+**Next Action**: Update requests package, move API key to environment variables, use parameterized queries
+```
+
+```markdown
+## Security Audit
+
+**Dependencies**: pip-audit not installed
+
+**Tool Not Available**:
+Install pip-audit for vulnerability scanning:
+`pip install pip-audit`
+
+**Code Patterns**: Basic grep checks performed, no obvious issues found
+
+**Next Action**: Install pip-audit and re-run for comprehensive dependency scan
+```

lite_kits/kits/project/claude/commands/orient.md

@@ -15,19 +15,12 @@ Execute the following steps to gather orientation information:
 Check for kit marker files to determine what's installed:
 
 ```bash
-# Initialize kit detection variables
-PROJECT_KIT=false
-GIT_KIT=false
-MULTIAGENT_KIT=false
-
-# Check for project-kit markers
-[ -f .claude/commands/review.md ] && PROJECT_KIT=true
-
-# Check for git-kit markers
-[ -f .claude/commands/commit.md ] && GIT_KIT=true
-
-# Check for multiagent-kit markers
-[ -f .specify/memory/pr-workflow-guide.md ] && MULTIAGENT_KIT=true
+# Check all kits in one command
+KITS_INSTALLED=""
+[ -f .claude/commands/orient.md ] && KITS_INSTALLED="${KITS_INSTALLED}project "
+[ -f .claude/commands/commit.md ] && KITS_INSTALLED="${KITS_INSTALLED}git "
+[ -f .specify/memory/pr-workflow-guide.md ] && KITS_INSTALLED="${KITS_INSTALLED}multiagent "
+KITS_INSTALLED="${KITS_INSTALLED:-vanilla only}"
 ```
 
 ### 2. Determine Agent Role
@@ -58,17 +51,11 @@ Extract:
 ### 4. Check Git State
 
 ```bash
-# Current branch
-git branch --show-current
-
-# Recent commits (last 5)
-git log --oneline -5
-
-# Uncommitted changes
-git status --short
-
-# Untracked files count
-git ls-files --others --exclude-standard | wc -l
+# Efficient single-command git status check
+# Get branch, recent commits, and changes in one go
+CURRENT_BRANCH=$(git branch --show-current 2>/dev/null || echo "(not in git repo)")
+RECENT_COMMITS=$(git log --oneline -3 2>/dev/null | head -1 || echo "(no commits)")
+CHANGES=$(git status --short 2>/dev/null | wc -l || echo "0")
 ```
 
 ### 5. Check Active Work
@@ -76,29 +63,25 @@ git ls-files --others --exclude-standard | wc -l
 Look for active feature work:
 
 ```bash
-# List specs directories
-ls -1d specs/*/ 2>/dev/null | tail -3
-
-# Check for current spec/plan/tasks
-CURRENT_BRANCH=$(git branch --show-current)
-if [[ "$CURRENT_BRANCH" =~ ^[0-9]+ ]]; then
-  SPEC_DIR="specs/$CURRENT_BRANCH"
-  [ -f "$SPEC_DIR/spec.md" ] && echo "✓ Spec exists"
-  [ -f "$SPEC_DIR/plan.md" ] && echo "✓ Plan exists"
-  [ -f "$SPEC_DIR/tasks.md" ] && echo "✓ Tasks exist"
+# Check if current branch matches a spec directory
+if [[ "$CURRENT_BRANCH" =~ ^[0-9]+ ]] || [[ "$CURRENT_BRANCH" =~ ^dev/[0-9]+ ]]; then
+  # Extract spec number from branch name
+  SPEC_NUM=$(echo "$CURRENT_BRANCH" | grep -oE '[0-9]+' | head -1)
+  SPEC_DIR="specs/$SPEC_NUM-*"
+  # Check for spec files efficiently
+  SPEC_FILES=$(ls -1 $SPEC_DIR/{spec,plan,tasks}.md 2>/dev/null | wc -l)
 fi
 ```
 
 ### 6. Check Multi-Agent Coordination (if multiagent-kit installed)
 
-If `MULTIAGENT_KIT=true`:
-
 ```bash
-# Check for active sessions
-find specs/*/collaboration/active/sessions/ -name "*.md" 2>/dev/null | wc -l
-
-# Check for pending handoffs
-find specs/*/collaboration/active/decisions/ -name "handoff-*.md" 2>/dev/null | head -1
+# Only check if multiagent kit is installed
+if [[ "$KITS_INSTALLED" == *"multiagent"* ]]; then
+  # Efficient check for collaboration activity
+  ACTIVE_SESSIONS=$(find specs/*/collaboration/active/sessions/ -name "*.md" 2>/dev/null | wc -l)
+  PENDING_HANDOFF=$(find specs/*/collaboration/active/decisions/ -name "handoff-*.md" 2>/dev/null | head -1)
+fi
 ```
 
 ### 7. Generate Concise Output
@@ -108,15 +91,15 @@ Provide a **concise summary** (~150 words max) in this format:
 ```
 ## Orientation Complete
 
-**Installed Kits**: [list detected kits or "vanilla only"]
+**Installed Kits**: [KITS_INSTALLED]
 
 **I am**: [AGENT_ROLE from step 2]
 **Project**: [project name from docs]
 **Stack**: [main technologies]
-**Branch**: [current branch]
-**Recent work**: [summary of last 1-2 commits]
-**Uncommitted changes**: [count of modified files]
-**Active feature**: [current spec if on feature branch]
+**Branch**: [CURRENT_BRANCH]
+**Recent work**: [RECENT_COMMITS - just the message]
+**Uncommitted changes**: [CHANGES count]
+**Active feature**: [current spec if SPEC_FILES > 0]
 **Coordination**: [solo work / handoff pending / etc]
 
 **Next suggested action**: [based on state analysis below]

lite_kits/kits/project/claude/commands/review.md

@@ -0,0 +1,112 @@
+---
+description: Analyze code quality for uncommitted changes or recent commits
+---
+
+# Code Review Helper
+
+**Purpose**: Provide quick code quality analysis and actionable suggestions for AI agents before committing.
+
+## Execution Steps
+
+Execute the following steps to analyze code changes:
+
+### 1. Check for Uncommitted Changes
+
+```bash
+# Get status of modified and staged files
+git status --short
+```
+
+**Analyze the output**:
+- Lines starting with `M ` or `A ` = Staged files
+- Lines starting with ` M` = Modified but not staged
+- Lines starting with `??` = Untracked files
+- Lines starting with `MM` = Staged and modified again
+
+### 2. Analyze Changes
+
+If changes exist:
+```bash
+# Show unstaged changes
+git diff
+
+# Show staged changes
+git diff --cached
+```
+
+**Review each file**:
+- Check for code quality issues
+- Look for potential bugs or edge cases
+- Verify naming conventions
+- Check for TODO/FIXME comments
+
+If no changes:
+```bash
+# Suggest reviewing recent commit
+git log -1 --stat
+```
+
+### 3. Check for Linting Configuration
+
+```bash
+# Look for common linting config files
+ls .ruff.toml .pylintrc pyproject.toml .eslintrc* 2>/dev/null
+```
+
+**If linting configs found**:
+- Python: Suggest `ruff check .` or `pylint <files>`
+- JavaScript: Suggest `eslint <files>`
+- TypeScript: Suggest `tsc --noEmit`
+
+### 4. Generate Concise Output
+
+Provide analysis in this format (~150 words max):
+
+```markdown
+## Code Review
+
+**Changes**: N files modified (M staged, K unstaged)
+
+- **file1.py**: Brief assessment of changes
+- **file2.ts**: Brief assessment of changes
+- **file3.md**: Brief assessment of changes
+
+**Suggestions**:
+- Actionable suggestion 1
+- Actionable suggestion 2
+- Actionable suggestion 3
+
+**Next Action**: [Run linter / Commit changes / Review specific pattern]
+```
+
+## Important Notes
+
+- **Be concise**: Target <150 words total output
+- **Be actionable**: Every suggestion should be specific and doable
+- **Handle edge cases gracefully**:
+  - No changes → Suggest reviewing recent commits or starting new work
+  - Too many files (>20) → Sample most recently modified, note total count
+  - Binary files → Skip analysis, just report count
+  - Linter not installed → Suggest installation but don't error
+
+- **Cross-platform**: Use git commands (available everywhere)
+- **Focus on quick wins**: Highlight obvious improvements, not deep analysis
+
+## Example Output
+
+```markdown
+## Code Review
+
+**Changes**: 3 files modified (2 staged, 1 unstaged)
+
+- **src/commands/review.md**: New command template, follows /orient pattern well
+- **src/prompts/review.prompt.md**: Copilot version, mirrors Claude structure
+- **README.md**: Added /review to command list (unstaged)
+
+**Suggestions**:
+- Add example output section to both templates
+- Stage README.md with the template changes
+- Consider running spell check on documentation
+
+**Next Action**: Add examples, stage all files, then run /commit
+```

lite_kits/kits/project/claude/commands/stats.md

@@ -0,0 +1,162 @@
+---
+description: Generate concise project metrics for AI agent orientation
+---
+
+# Project Statistics
+
+**Purpose**: Provide quick project overview metrics for AI agents joining a project or assessing scope.
+
+## Execution Steps
+
+Execute the following steps to gather project statistics:
+
+### 1. Count Lines of Code
+
+**Preferred method** (if tokei installed):
+```bash
+# Check if tokei is available
+command -v tokei >/dev/null 2>&1
+
+# If available, use tokei for fast, accurate counts
+tokei --output json
+```
+
+**Fallback method** (if tokei not available):
+```bash
+# Python
+find . -name "*.py" -type f | xargs wc -l 2>/dev/null | tail -1
+
+# JavaScript/TypeScript
+find . -name "*.js" -o -name "*.ts" | xargs wc -l 2>/dev/null | tail -1
+
+# Markdown
+find . -name "*.md" -type f | xargs wc -l 2>/dev/null | tail -1
+
+# All files combined
+find . -type f -not -path "*/\.*" | xargs wc -l 2>/dev/null | tail -1
+```
+
+### 2. Count Files and Directories
+
+```bash
+# Count files (excluding hidden)
+find . -type f -not -path "*/\.*" | wc -l
+
+# Count directories (excluding hidden)
+find . -type d -not -path "*/\.*" | wc -l
+```
+
+### 3. Get Git History Summary
+
+```bash
+# Total commits
+git log --oneline | wc -l
+
+# Contributor count
+git log --format='%aN' | sort -u | wc -l
+
+# Recent activity
+git log --oneline -5
+```
+
+If not a git repository, skip this section.
+
+### 4. Check for Test Coverage
+
+Look for common coverage report files:
+```bash
+# Python coverage files
+ls .coverage coverage.xml htmlcov/ 2>/dev/null
+
+# JavaScript coverage
+ls coverage/ .nyc_output/ 2>/dev/null
+
+# If coverage files exist, try to extract percentage
+# Python: coverage report | grep TOTAL
+# JavaScript: cat coverage/coverage-summary.json
+```
+
+### 5. Generate Concise Table Output
+
+Provide stats in this format (~20 lines max):
+
+```markdown
+## Project Statistics
+
+**Code**:
+- Language1: X,XXX LOC (NN%)
+- Language2: XXX LOC (NN%)
+- Language3: XX LOC (NN%)
+
+**Structure**:
+- NN files, NN directories
+- NNN commits, N contributors
+
+**Testing**:
+- Coverage: NN% (or N/A)
+- Tests: NN files (or N/A)
+
+**Next Action**: [Explore src/ / Review tests / Check docs]
+```
+
+## Important Notes
+
+- **Be concise**: Keep output under 20 lines
+- **Use tables**: Well-formatted markdown tables or lists
+- **Handle missing tools**:
+  - No tokei → Use find/wc fallback, note "Basic LOC count"
+  - Not a git repo → Skip git section, note "No git history"
+  - No coverage → Show "N/A" gracefully
+
+- **Percentages**: Calculate language percentages from total LOC
+- **Large repos**: If >100k LOC, note "Large project" and consider sampling
+- **Speed**: Target <5 second execution time
+
+## Edge Cases
+
+- **No git repository**: Skip git section, show file/LOC stats only
+- **No test coverage reports**: Show "Coverage: N/A"
+- **Tokei not installed**: Use find/wc fallback, note in output
+- **Very large repo (1M+ LOC)**: Sample or provide high-level summary only
+- **No code files**: "Appears to be a documentation-only or data project"
+
+## Example Output
+
+```markdown
+## Project Statistics
+
+**Code**:
+- Python: 2,453 LOC (87%)
+- Markdown: 342 LOC (12%)
+- YAML: 28 LOC (1%)
+- Total: 2,823 LOC
+
+**Structure**:
+- 45 files, 12 directories
+- 127 commits, 3 contributors
+
+**Testing**:
+- Coverage: 78% (via pytest-cov)
+- Tests: 23 test files
+
+**Next Action**: Explore src/ directory to understand core modules
+```
+
+```markdown
+## Project Statistics
+
+**Code** (tokei not available, using basic count):
+- Python: ~1,200 lines
+- Markdown: ~400 lines
+- Total: ~1,600 lines (approximate)
+
+**Structure**:
+- 32 files, 8 directories
+- Not a git repository
+
+**Testing**:
+- Coverage: N/A
+- Tests: N/A
+
+**Next Action**: Check if this is a standalone library or tool
+```