From 4811e8c73bebb7d5300dd706efe9ff34a1173302 Mon Sep 17 00:00:00 2001 From: cjp Date: Mon, 23 Mar 2026 11:48:31 +0800 Subject: [PATCH 01/23] docs(zh-CN): add prune command translation --- docs/project-overview.zh-CN.md | 391 +++++++++++++++++++++++++++++++++ 1 file changed, 391 insertions(+) create mode 100644 docs/project-overview.zh-CN.md diff --git a/docs/project-overview.zh-CN.md b/docs/project-overview.zh-CN.md new file mode 100644 index 00000000..9023f445 --- /dev/null +++ b/docs/project-overview.zh-CN.md @@ -0,0 +1,391 @@ +# Everything Claude Code 项目分析 + +## 项目定位 + +这个仓库本质上不是一个“业务应用”,而是一套给 AI 编码代理使用的“工程化运行时 + 能力分发包”。它把提示词、子代理定义、技能库、命令库、hooks、规则、安装器、状态管理、测试与跨平台适配整合在一起,目标是把 Claude Code、Codex、Cursor、OpenCode 这类 agent harness 调教成更稳定、更可控、更像资深工程师的工作流系统。 + +从仓库里的实际内容看,它当前是一个成熟的产品化分发仓库,而不是零散配置集合:有 `25` 个 agents、`57` 个 commands、`108` 个 skills、完整的 hook runtime、选择性安装 manifest、CLI、SQLite 状态查询命令,以及测试与校验链。核心说明在 [README.md](../README.md)、[package.json](../package.json)、[AGENTS.md](../AGENTS.md)。 + +## 它到底在做什么 + +它做的事可以概括成 5 层: + +### 1. 规则层 + +把团队/个人想让 AI 始终遵守的工程规范固化下来,比如 TDD、80% 覆盖率、安全检查、immutability、Git 工作流、性能与上下文管理。这部分在 `rules/` 下面,按 `common + language packs` 组织。 + +### 2. 能力层 + +把不同任务拆成可复用能力单元。 + +- `agents/` 是“角色型子代理”,例如 planner、architect、security-reviewer、code-reviewer、build-error-resolver。 +- `skills/` 是“方法论/领域知识包”,例如 TDD、verification-loop、frontend-patterns、market-research、deep-research、security-review、frontend-slides、x-api 等。 + +### 3. 交互层 + +把常用工作流做成斜杠命令。比如 `/plan`、`/tdd`、`/code-review`、`/verify`、`/quality-gate`、`/loop-start`、`/model-route`、`/sessions`、`/harness-audit`。这部分在 `commands/`。 + +### 4. 自动化运行时 + +通过 hooks 在会话开始、编辑文件、运行命令、会话结束等时机自动触发行为,例如: + +- 加载上下文 +- 保存 session +- 建议 compact +- 格式化代码 +- TypeScript 检查 +- `console.log` 检查 +- 质量门禁 +- 成本跟踪 +- 从会话中提取可学习模式 + +配置在 `hooks/hooks.json`,实现主要在 `scripts/hooks/`。 + +### 5. 安装与适配层 + +它不是只服务 Claude Code,而是做了多平台适配: + +- `.claude-plugin/` 面向 Claude Code 插件 +- `.codex/` 面向 Codex +- `.cursor/` 面向 Cursor +- `.opencode/` 面向 OpenCode + +安装不是硬编码复制,而是 manifest 驱动的 profile/module/component 选择性安装,见: + +- `manifests/install-profiles.json` +- `manifests/install-components.json` +- `manifests/install-modules.json` + +## 主要功能 + +按功能看,这个项目覆盖面非常广: + +- `工程开发工作流` + 规划、TDD、代码评审、构建修复、E2E、覆盖率、重构清理、文档更新、质量门禁。 +- `多语言支持` + TypeScript、Python、Go、Java、Kotlin、Rust、Perl、PHP、Swift、C++ 等都有规则或技能包。 +- `安全能力` + 安全 reviewer、security-review skill、安全扫描、输入校验、secret 管理、提交前检查。 +- `上下文与记忆管理` + SessionStart/Stop hooks、pre-compact、strategic compact、持续学习、instinct import/export/evolve。 +- `多代理编排` + worktree/tmux orchestration、multi-plan、multi-execute、loop-start、loop-status、PM2 工作流。 +- `研究与内容能力` + deep-research、market-research、article-writing、investor-materials、investor-outreach、crosspost、x-api。 +- `媒体与文档能力` + frontend-slides、fal-ai-media、video-editing、visa-doc-translate、document-processing 类技能。 +- `运行状态与诊断` + `ecc` CLI 支持 `install/plan/list-installed/doctor/repair/status/sessions/session-inspect/uninstall`。 + +## 这个仓库的实际架构 + +你可以把它理解成下面这条链路: + +用户请求 +→ 命令或 AGENTS 指令触发 +→ 选择合适 agent / skill / rule +→ hooks 在关键时机做自动检查与状态保存 +→ scripts 负责真正执行安装、审计、诊断、状态查询 +→ 不同平台目录把同一套能力映射到 Claude / Codex / Cursor / OpenCode + +这也是为什么它看起来像“文档很多”,但其实不是文档仓库。Markdown 只是配置载体,真正的产品能力来自: + +- 结构化规则 +- 可组合技能 +- 自动化 hooks +- 安装与运行时脚本 +- 测试和校验链 + +## 最值得注意的几个特点 + +- 它强调“agent-first”,不是单 agent 直接硬做,而是主动委派给 planner、reviewer、security-reviewer 等角色。 +- 它强调“research-first”和“verification-first”,不是只生成代码,还要求验证、评审、学习、沉淀。 +- 它已经从 Claude Code 配置包,演化成“AI agent harness performance system”。 +- 它支持“按需安装”,不是所有用户都要装全量能力。 +- 它把“经验”产品化了:把作者长期使用中总结的流程,固化成规则、命令、hook 和技能。 + +## 适合什么人用 + +最适合这几类人: + +- 想把 Claude Code / Codex / Cursor 调成稳定工程助手的个人开发者 +- 想给团队统一 AI 编码规范和工作流的技术负责人 +- 需要多语言、多框架、多工具链支持的工程团队 +- 想做 AI agent orchestration、持续学习、自动质量门禁的人 + +## 一句话总结 + +这个项目是在做一套“给 AI 编码代理装上的工程操作系统”。它不是帮你开发某个业务功能,而是帮你把 AI 开发这件事本身标准化、自动化、可复用、可审计。 + +## AI 代码正确性保障与自动化测试 + +这个项目保证“AI 生成代码正确”的方式,不是靠某一个单点机制,而是靠一整套分层校验体系。核心思路是:先用规则约束 AI 的行为,再用 hooks 做即时检查,再用命令触发系统性验证,最后用测试和覆盖率把这些机制本身也测住。 + +先说结论:它并不能“数学上保证” AI 代码一定正确,但它把常见错误尽量前移、自动化、制度化了。也就是说,它主要保证的是“高概率正确 + 尽早暴露问题 + 可重复验证”,而不是一次生成就绝对无误。 + +### 一、它如何保证 AI 代码更靠谱 + +#### 1. 规则约束 + +仓库把 TDD 设成默认工作方式,明确要求先写测试,再写实现,再验证覆盖率,最低 80%。这不是建议,而是写进规则和 skill 的硬约束。也就是说,AI 理想状态下不是“先瞎写代码再补测试”,而是按 RED → GREEN → REFACTOR 的节奏工作。 + +#### 2. 任务分工 + +它鼓励把任务分给专门 agent,比如: + +- `tdd-guide` 负责测试优先 +- `code-reviewer` 负责改完后的质量检查 +- `security-reviewer` 负责敏感逻辑 +- `build-error-resolver` 负责构建和类型问题 + +这能降低一个 agent 同时负责“写代码、判断自己对不对、审查自己”的自我偏差。 + +#### 3. Hooks 即时纠偏 + +只要 AI 编辑文件,hooks 就会在后台做一些轻量但高频的自动检查,尽量在错误扩散前拦住。 + +#### 4. 人工触发的深度验证 + +比如 `/verify`、`/quality-gate`、`/test-coverage`、`/eval`,这些命令要求 AI 在关键节点主动跑构建、类型检查、lint、测试、覆盖率、安全扫描、差异审查。 + +#### 5. 项目自身也被测试 + +这个仓库不只是要求别人测试,它自己的 hook、安装器、manifest、命令和适配逻辑都有自动化测试和 CI 校验。 + +### 二、具体自动化机制有哪些 + +#### 1. TDD 机制 + +TDD 是第一道“正确性”防线。它要求: + +- 先写测试 +- 先运行并确认测试失败 +- 再写最小实现让测试通过 +- 再重构 +- 最后检查覆盖率是否达到 80%+ + +它强调三类测试都需要: + +- 单元测试:函数、组件、工具方法 +- 集成测试:API、数据库、服务交互 +- E2E 测试:关键用户路径 + +这意味着它不是只关心“代码能跑”,而是要求对行为、边界条件、错误路径都建立测试样例。 + +#### 2. 编辑后的自动 hook 检查 + +这是最接近“实时守门员”的部分。 + +- `post-edit-format` + 文件编辑后自动格式化 JS/TS,支持 Biome 或 Prettier。 +- `post-edit-typecheck` + 编辑 `.ts/.tsx` 后自动找最近的 `tsconfig.json`,跑 `tsc --noEmit`,并尽量只过滤出和当前文件相关的错误。 +- `quality-gate` + 编辑后跑轻量质量门禁。对不同语言用不同工具: + - JS/TS/JSON/MD 走 Biome 或 Prettier + - Go 走 `gofmt` + - Python 走 `ruff format` +- `check-console-log` + 每次响应结束时检查已修改的 JS/TS 文件里是否残留 `console.log`。 + +这一层解决的是“写完马上出问题”的场景,比如格式错、类型错、调试语句没删掉。 + +#### 3. 系统化验证命令 + +最核心的是 `/verify`。它要求按顺序做: + +1. Build Check +2. Type Check +3. Lint Check +4. Test Suite +5. Security / Secrets / `console.log` 审计 +6. Git diff 审查 + +这里的关键点不是“有这些命令”,而是顺序。比如 build 都不过,就不应该继续往下假装验证通过。 + +另外还有两个辅助命令: + +- `/quality-gate` + 按路径或项目范围手动执行质量管线,适合在 hook 之外主动检查。 +- `/test-coverage` + 专门做覆盖率分析,找出低于 80% 的文件,并按缺口补测试。 + +这说明它不把“测试通过”当成终点,还要求你看覆盖率盲区。 + +#### 4. Eval 机制 + +这是更偏 AI 工程的方法,不只是传统代码测试。 + +它引入几类概念: + +- `Capability eval` + AI 是否具备某个新能力 +- `Regression eval` + 新改动是否破坏旧行为 +- `pass@1 / pass@3 / pass^3` + 用来评估 AI 在多次尝试中的稳定性 + +这和普通单元测试不同。普通测试是“代码对不对”,eval 更像“AI 工作流整体是否稳定地产出对的结果”。 + +#### 5. 会话级持续学习与回放 + +这不是直接验证代码是否正确,但它能减少 AI 因“失忆”导致的错误重复。 + +- `session-start` + 会话开始时加载上次 session 摘要、已学习技能、项目类型等上下文。 +- `session-end` + 每次 Stop 时从 transcript 中提取用户请求、用过的工具、修改过的文件,写入 session 文件。 +- `evaluate-session` + 会话结束时判断这次对话里有没有可抽取的稳定模式,供后续沉淀成 skill。 + +这层对“正确性”的贡献是减少上下文断裂、避免同类错误反复出现。 + +### 三、这个仓库自己做了哪些自动化测试 + +这部分很关键。因为如果这些 hooks、命令、安装器本身不可靠,那整套“保障正确性”的系统就是空的。 + +当前仓库有 50+ 个测试文件,覆盖范围很广,测试类别大致分为: + +- `hooks 测试` + 覆盖 quality-gate、evaluate-session、auto-tmux-dev、hook flags 等行为。 +- `安装与配置测试` + 覆盖 install-plan、install-apply、manifest、install-state 等逻辑。 +- `CLI 和脚本测试` + 覆盖 `ecc`、`harness-audit`、`doctor`、`repair`、`session-inspect` 等命令。 +- `底层库测试` + 覆盖 formatter 解析、包管理器检测、项目类型识别、状态存储等基础能力。 +- `集成级测试` + 验证 hooks 和整体链路在组合情况下是否按预期工作。 + +### 四、除了业务测试,还有“结构正确性”校验 + +这个项目还有一类很实用的自动化:不是测业务逻辑,而是测仓库里的“配置资产”有没有坏掉。也就是 agents、commands、skills、rules、hooks 这些内容是否仍然有效。 + +`npm test` 里会先跑一串 validator,再跑测试,包括: + +- `validate-agents.js` + 检查 agent Markdown 是否有 frontmatter、必需字段、合法模型值。 +- `validate-commands.js` + 检查命令文档非空,以及引用的 command / agent / skill 是否存在。 +- `validate-rules.js` + 检查所有 rule 文件是否非空可读。 +- `validate-skills.js` + 检查每个技能目录是否有 `SKILL.md`。 +- `validate-hooks.js` + 检查 `hooks/hooks.json` 的 schema、事件名、matcher、hook 类型和字段是否合法。 + +这类测试很重要,因为 ECC 本身大量依赖 Markdown 和 JSON 配置文件。少一个字段、拼错一个 agent 名称,普通代码单测未必能及时发现,但 validator 能直接拦住。 + +### 五、覆盖率是怎么要求的 + +它明确要求 80%+ 覆盖率,这既出现在规则里,也出现在 npm 脚本里。 + +`package.json` 中的 `coverage` 脚本使用 `c8`,并设置了硬阈值: + +- lines 80 +- functions 80 +- branches 80 +- statements 80 + +也就是说,不是“跑个 coverage 看看”,而是没到门槛就失败。 + +### 六、它能保证“用户项目里的代码正确”到什么程度 + +这里要区分两件事: + +#### 1. ECC 仓库自身 + +它自己的 hooks、命令、安装器、适配层,是有自动化测试和覆盖率门槛的。 + +#### 2. 用户正在开发的业务项目 + +ECC 并不会天然知道你的业务逻辑是否正确。它做的是提供一套强制工作流,让 AI 去: + +- 先写测试 +- 跑构建、类型、lint、测试 +- 看 coverage +- 做 diff review +- 做安全检查 +- 必要时做 eval + +所以它对用户项目的保障,本质上是“把正确性验证流程自动化和制度化”,而不是“替代业务测试”。 + +换句话说,它更像质量系统,而不是万能判题器。 + +### 七、这套体系的优点和边界 + +优点很明确: + +- 错误暴露得更早,尤其是格式、类型、调试残留这种低级问题 +- AI 不容易跳过测试和验证步骤 +- 支持回归验证,不只是“这次能跑” +- 对复杂 agent 工作流有 eval 思维,不只盯着代码编译通过 +- 这个系统本身也被测试,不是空口宣言 + +但边界也很明确: + +- 它不能自动理解你的业务需求是否“真正满足用户意图” +- 没有业务测试数据时,它无法凭空证明正确性 +- 某些 hook 是“提醒/警告型”,不是强阻断 +- 很多质量检查依赖目标项目本身配置了 `build`、`lint`、`test`、`tsc`、formatter 等工具链 + +### 一句话总结 + +这个项目保证 AI 代码“更正确”的核心,不是靠单次生成更聪明,而是靠“测试优先 + 编辑后即时检查 + 提交前系统验证 + 覆盖率门槛 + eval + 仓库自身被充分测试”的组合拳。 + +## 自动化测试与验证方法总表 + +下表汇总了这个项目中主要的自动化测试与验证方法。这里的“测试”不仅包括传统单元测试,也包括构建检查、类型检查、质量门禁、配置校验、回归评估等自动化验证手段,因为 ECC 的目标本来就不是只测代码函数,而是保障整套 AI 工程流程的正确性。 + +| 什么测试 | 测试的方法 | 为什么要做这个测试 | 能解决什么问题 | +|---|---|---|---| +| 单元测试 | 对单个函数、工具方法、组件逻辑编写独立测试,用最小输入输出断言行为 | 最小粒度验证功能正确性,是发现逻辑错误最快的手段 | 解决函数实现错误、边界条件遗漏、重构后回归问题 | +| 集成测试 | 测 API、数据库、服务交互、模块间协作,验证请求到响应或服务到服务的完整链路 | 很多错误不在单个函数,而在模块之间的拼接处 | 解决接口联调失败、数据库交互错误、服务调用顺序问题 | +| E2E 测试 | 用 Playwright 等浏览器自动化测试关键用户流程 | 最终用户看到的是完整流程,不是单个函数 | 解决页面流程跑不通、按钮可点但业务不成功、前后端联通失败 | +| TDD 红绿重构测试 | 先写失败测试,再写最小实现让其通过,最后重构并保持测试为绿 | 强制 AI 先定义正确行为,再写实现,降低拍脑袋写代码的概率 | 解决“先写代码后补测试”导致的伪验证、需求理解偏差 | +| Build Check | 执行项目构建命令,先确认能完整 build | 如果项目连构建都过不了,其他验证意义很小 | 解决打包失败、缺依赖、构建配置错误、语法级阻断问题 | +| Type Check | 执行 `tsc --noEmit`、`pyright` 等类型检查 | AI 很容易写出语法正确但类型不一致的代码 | 解决类型不匹配、参数传错、返回值不符合约定的问题 | +| Lint Check | 执行 ESLint、Ruff 等静态检查 | 代码不仅要能跑,还要符合项目约定和最佳实践 | 解决潜在坏味道、危险写法、风格不一致、简单逻辑疏漏 | +| 覆盖率检查 | 用 `c8`、Vitest/Jest 覆盖率、pytest-cov 等统计并设置 80% 门槛 | 测试通过不等于测得充分,需要知道哪些代码根本没被触达 | 解决测试盲区、分支未覆盖、表面通过但风险仍高的问题 | +| `/verify` 全量验证 | 按固定顺序执行 build、types、lint、tests、安全检查、diff review | 需要一个统一、可复用的“提交前体检流程” | 解决只做局部检查、漏掉关键验证步骤的问题 | +| `/quality-gate` 质量门禁 | 对文件或项目范围手动执行格式、lint、类型等质量检查 | hook 是自动触发的,但需要人工随时重跑统一质量管线 | 解决改动较多时遗漏局部错误、需要集中复查的问题 | +| `/test-coverage` 覆盖率补强 | 分析低覆盖文件,定位缺失测试并补齐 | 覆盖率不足时,仅看总体数字不够,需要知道缺口在哪 | 解决“知道不够测,但不知道该补哪”的问题 | +| `/eval` 能力/回归评估 | 定义 capability eval 和 regression eval,并记录 pass@k | AI 工程中很多问题不是普通单测能完全表达的 | 解决 prompt/agent 变化后的能力退化、稳定性不足问题 | +| Capability Eval | 为一个新能力定义成功标准并自动检查是否达成 | AI 需要被验证“会不会做这件事”,而不只是“代码能不能跑” | 解决新增能力不可度量、结果模糊、是否达标难判断的问题 | +| Regression Eval | 为已有能力定义基线,更新后重新验证 | 新功能上线最常见的风险是破坏旧功能 | 解决历史行为被破坏、升级后退化、版本回归问题 | +| pass@k / pass^k 评估 | 多次尝试统计成功率和稳定性 | AI 输出存在波动,单次成功不能说明真正可靠 | 解决“偶尔成功但不稳定”的假可靠问题 | +| 编辑后自动格式化 | `post-edit-format` 在文件编辑后自动运行 Biome/Prettier | 很多低级问题不该等到人工发现 | 解决格式漂移、代码风格不统一、格式导致的 review 噪音 | +| 编辑后自动类型检查 | `post-edit-typecheck` 在编辑 TS 文件后自动执行局部类型检查 | 越早看到类型错误,修复成本越低 | 解决刚编辑完就引入的类型错误,避免后续扩散 | +| 编辑后自动质量门禁 | `quality-gate` 按文件类型执行 Biome/Prettier/gofmt/ruff | 需要低延迟的自动化守门,尽快把错误暴露给 AI | 解决语言级格式/质量问题,减少提交前集中爆炸 | +| `console.log` 审计 | Stop hook 自动扫描修改文件中的调试输出 | AI 和人类一样,都会忘删临时调试代码 | 解决调试日志残留、噪音输出、生产代码不干净的问题 | +| 安全扫描 | 搜索 secrets、危险模式,必要时配合安全 skill / reviewer | AI 生成代码时常会忽视 secrets、输入验证等安全问题 | 解决密钥泄漏、明显安全疏漏、调试信息暴露问题 | +| Git diff 审查 | 自动查看变更文件和 diff 范围 | 仅看最终代码不够,需要知道到底改了什么 | 解决误改文件、无关改动混入、遗漏清理的问题 | +| Session Start / End 验证链 | 会话开始加载上下文,会话结束提取摘要、记录变更和工具使用 | AI 的错误很多来自上下文断裂,而不是实现能力本身 | 解决跨会话失忆、重复犯错、接手历史任务时上下文缺失 | +| 持续学习评估 | `evaluate-session` 根据会话长度和内容判断是否可提炼模式 | 好的解决方案应沉淀成可复用能力,而不是每次重学 | 解决经验无法积累、同类问题重复探索的问题 | +| Hook 配置校验 | `validate-hooks.js` 校验 `hooks.json` schema、事件、字段、hook 类型 | hook 是自动化核心,配置一坏,整套机制就失效 | 解决 hook 配置拼写错误、事件名错误、字段不合法的问题 | +| Agent 配置校验 | `validate-agents.js` 校验 agent frontmatter、必填字段、模型合法性 | agent 定义是编排基础,损坏后会直接影响 AI 工作流 | 解决 agent 元数据缺失、配置非法、引用失败的问题 | +| Command 文档校验 | `validate-commands.js` 检查命令文档非空,且引用的 command/agent/skill 存在 | 命令是用户入口,文档失真会导致执行流程错误 | 解决命令引用失效、文档和真实能力脱节的问题 | +| Skill 结构校验 | `validate-skills.js` 校验每个技能目录都存在 `SKILL.md` | skill 是核心知识单元,结构必须稳定 | 解决 skill 缺失、目录不完整、安装后不可用的问题 | +| Rule 文件校验 | `validate-rules.js` 检查规则文件是否可读且非空 | 规则是 AI 行为约束基础,空文件等于失效 | 解决规则丢失、空规则、安装后行为退化的问题 | +| 安装器测试 | 测 `install-plan`、`install-apply`、manifest、install-state 等逻辑 | 安装层错误会让整个系统装不对、装不全、装错位置 | 解决 selective install 失效、路径错误、状态记录异常 | +| CLI 测试 | 测 `ecc`、`doctor`、`repair`、`harness-audit`、`sessions` 等脚本 | CLI 是用户直接操作系统的入口,必须可靠 | 解决命令行参数解析错误、输出不符合预期、功能失效 | +| Hook 脚本测试 | 对 `quality-gate`、`evaluate-session`、`auto-tmux-dev` 等脚本做独立测试 | hook 运行频率高,任何错误都会被快速放大 | 解决 hook 误报、漏报、跨平台行为不一致的问题 | +| 集成级 hook 测试 | 将多个 hook 或相关脚本组合起来验证完整链路 | 单个模块正确,不代表组合后仍然正确 | 解决组合行为异常、事件触发顺序错误、整体链路不通的问题 | +| 状态存储测试 | 测 session aliases、state store、install state 等持久化逻辑 | ECC 很依赖状态记录来支持连续工作 | 解决状态写坏、会话恢复失败、安装状态漂移的问题 | +| 工具解析测试 | 测 formatter 检测、包管理器检测、项目类型识别等基础能力 | 自动化链路依赖环境探测,探测错了后续全错 | 解决检测错误导致执行了错误工具、走错工作流的问题 | +| Harness 审计 | `harness-audit` 检查仓库在工具覆盖、上下文效率、质量门禁等维度是否达标 | 需要从系统层面评估一个 AI harness 是否“配齐了” | 解决功能缺失、能力不完整、质量体系不闭环的问题 | + +### 如何理解这张表 + +这张表里的方法可以分成四组: + +- `开发前与开发中` + TDD、单元测试、集成测试、E2E、编辑后 hooks。 +- `提交前与交付前` + `/verify`、`/quality-gate`、覆盖率、安全扫描、diff review。 +- `AI 工程专项` + `/eval`、Capability Eval、Regression Eval、pass@k、持续学习。 +- `ECC 自身质量` + validators、hook tests、CLI tests、install tests、state/store tests、harness audit。 + +也就是说,这个项目不是只在“代码写完以后”才测,而是把测试和验证铺在了整个 AI 开发生命周期里。 From e22cb57718e0514783534e744a36b28b61d12554 Mon Sep 17 00:00:00 2001 From: cjp Date: Mon, 23 Mar 2026 13:41:59 +0800 Subject: [PATCH 02/23] docs(zh-CN): add prune command translation --- docs/project-overview.zh-CN.md | 391 --------------------------------- docs/zh-CN/commands/prune.md | 31 +++ 2 files changed, 31 insertions(+), 391 deletions(-) delete mode 100644 docs/project-overview.zh-CN.md create mode 100644 docs/zh-CN/commands/prune.md diff --git a/docs/project-overview.zh-CN.md b/docs/project-overview.zh-CN.md deleted file mode 100644 index 9023f445..00000000 --- a/docs/project-overview.zh-CN.md +++ /dev/null @@ -1,391 +0,0 @@ -# Everything Claude Code 项目分析 - -## 项目定位 - -这个仓库本质上不是一个“业务应用”,而是一套给 AI 编码代理使用的“工程化运行时 + 能力分发包”。它把提示词、子代理定义、技能库、命令库、hooks、规则、安装器、状态管理、测试与跨平台适配整合在一起,目标是把 Claude Code、Codex、Cursor、OpenCode 这类 agent harness 调教成更稳定、更可控、更像资深工程师的工作流系统。 - -从仓库里的实际内容看,它当前是一个成熟的产品化分发仓库,而不是零散配置集合:有 `25` 个 agents、`57` 个 commands、`108` 个 skills、完整的 hook runtime、选择性安装 manifest、CLI、SQLite 状态查询命令,以及测试与校验链。核心说明在 [README.md](../README.md)、[package.json](../package.json)、[AGENTS.md](../AGENTS.md)。 - -## 它到底在做什么 - -它做的事可以概括成 5 层: - -### 1. 规则层 - -把团队/个人想让 AI 始终遵守的工程规范固化下来,比如 TDD、80% 覆盖率、安全检查、immutability、Git 工作流、性能与上下文管理。这部分在 `rules/` 下面,按 `common + language packs` 组织。 - -### 2. 能力层 - -把不同任务拆成可复用能力单元。 - -- `agents/` 是“角色型子代理”,例如 planner、architect、security-reviewer、code-reviewer、build-error-resolver。 -- `skills/` 是“方法论/领域知识包”,例如 TDD、verification-loop、frontend-patterns、market-research、deep-research、security-review、frontend-slides、x-api 等。 - -### 3. 交互层 - -把常用工作流做成斜杠命令。比如 `/plan`、`/tdd`、`/code-review`、`/verify`、`/quality-gate`、`/loop-start`、`/model-route`、`/sessions`、`/harness-audit`。这部分在 `commands/`。 - -### 4. 自动化运行时 - -通过 hooks 在会话开始、编辑文件、运行命令、会话结束等时机自动触发行为,例如: - -- 加载上下文 -- 保存 session -- 建议 compact -- 格式化代码 -- TypeScript 检查 -- `console.log` 检查 -- 质量门禁 -- 成本跟踪 -- 从会话中提取可学习模式 - -配置在 `hooks/hooks.json`,实现主要在 `scripts/hooks/`。 - -### 5. 安装与适配层 - -它不是只服务 Claude Code,而是做了多平台适配: - -- `.claude-plugin/` 面向 Claude Code 插件 -- `.codex/` 面向 Codex -- `.cursor/` 面向 Cursor -- `.opencode/` 面向 OpenCode - -安装不是硬编码复制,而是 manifest 驱动的 profile/module/component 选择性安装,见: - -- `manifests/install-profiles.json` -- `manifests/install-components.json` -- `manifests/install-modules.json` - -## 主要功能 - -按功能看,这个项目覆盖面非常广: - -- `工程开发工作流` - 规划、TDD、代码评审、构建修复、E2E、覆盖率、重构清理、文档更新、质量门禁。 -- `多语言支持` - TypeScript、Python、Go、Java、Kotlin、Rust、Perl、PHP、Swift、C++ 等都有规则或技能包。 -- `安全能力` - 安全 reviewer、security-review skill、安全扫描、输入校验、secret 管理、提交前检查。 -- `上下文与记忆管理` - SessionStart/Stop hooks、pre-compact、strategic compact、持续学习、instinct import/export/evolve。 -- `多代理编排` - worktree/tmux orchestration、multi-plan、multi-execute、loop-start、loop-status、PM2 工作流。 -- `研究与内容能力` - deep-research、market-research、article-writing、investor-materials、investor-outreach、crosspost、x-api。 -- `媒体与文档能力` - frontend-slides、fal-ai-media、video-editing、visa-doc-translate、document-processing 类技能。 -- `运行状态与诊断` - `ecc` CLI 支持 `install/plan/list-installed/doctor/repair/status/sessions/session-inspect/uninstall`。 - -## 这个仓库的实际架构 - -你可以把它理解成下面这条链路: - -用户请求 -→ 命令或 AGENTS 指令触发 -→ 选择合适 agent / skill / rule -→ hooks 在关键时机做自动检查与状态保存 -→ scripts 负责真正执行安装、审计、诊断、状态查询 -→ 不同平台目录把同一套能力映射到 Claude / Codex / Cursor / OpenCode - -这也是为什么它看起来像“文档很多”,但其实不是文档仓库。Markdown 只是配置载体,真正的产品能力来自: - -- 结构化规则 -- 可组合技能 -- 自动化 hooks -- 安装与运行时脚本 -- 测试和校验链 - -## 最值得注意的几个特点 - -- 它强调“agent-first”,不是单 agent 直接硬做,而是主动委派给 planner、reviewer、security-reviewer 等角色。 -- 它强调“research-first”和“verification-first”,不是只生成代码,还要求验证、评审、学习、沉淀。 -- 它已经从 Claude Code 配置包,演化成“AI agent harness performance system”。 -- 它支持“按需安装”,不是所有用户都要装全量能力。 -- 它把“经验”产品化了:把作者长期使用中总结的流程,固化成规则、命令、hook 和技能。 - -## 适合什么人用 - -最适合这几类人: - -- 想把 Claude Code / Codex / Cursor 调成稳定工程助手的个人开发者 -- 想给团队统一 AI 编码规范和工作流的技术负责人 -- 需要多语言、多框架、多工具链支持的工程团队 -- 想做 AI agent orchestration、持续学习、自动质量门禁的人 - -## 一句话总结 - -这个项目是在做一套“给 AI 编码代理装上的工程操作系统”。它不是帮你开发某个业务功能,而是帮你把 AI 开发这件事本身标准化、自动化、可复用、可审计。 - -## AI 代码正确性保障与自动化测试 - -这个项目保证“AI 生成代码正确”的方式,不是靠某一个单点机制,而是靠一整套分层校验体系。核心思路是:先用规则约束 AI 的行为,再用 hooks 做即时检查,再用命令触发系统性验证,最后用测试和覆盖率把这些机制本身也测住。 - -先说结论:它并不能“数学上保证” AI 代码一定正确,但它把常见错误尽量前移、自动化、制度化了。也就是说,它主要保证的是“高概率正确 + 尽早暴露问题 + 可重复验证”,而不是一次生成就绝对无误。 - -### 一、它如何保证 AI 代码更靠谱 - -#### 1. 规则约束 - -仓库把 TDD 设成默认工作方式,明确要求先写测试,再写实现,再验证覆盖率,最低 80%。这不是建议,而是写进规则和 skill 的硬约束。也就是说,AI 理想状态下不是“先瞎写代码再补测试”,而是按 RED → GREEN → REFACTOR 的节奏工作。 - -#### 2. 任务分工 - -它鼓励把任务分给专门 agent,比如: - -- `tdd-guide` 负责测试优先 -- `code-reviewer` 负责改完后的质量检查 -- `security-reviewer` 负责敏感逻辑 -- `build-error-resolver` 负责构建和类型问题 - -这能降低一个 agent 同时负责“写代码、判断自己对不对、审查自己”的自我偏差。 - -#### 3. Hooks 即时纠偏 - -只要 AI 编辑文件,hooks 就会在后台做一些轻量但高频的自动检查,尽量在错误扩散前拦住。 - -#### 4. 人工触发的深度验证 - -比如 `/verify`、`/quality-gate`、`/test-coverage`、`/eval`,这些命令要求 AI 在关键节点主动跑构建、类型检查、lint、测试、覆盖率、安全扫描、差异审查。 - -#### 5. 项目自身也被测试 - -这个仓库不只是要求别人测试,它自己的 hook、安装器、manifest、命令和适配逻辑都有自动化测试和 CI 校验。 - -### 二、具体自动化机制有哪些 - -#### 1. TDD 机制 - -TDD 是第一道“正确性”防线。它要求: - -- 先写测试 -- 先运行并确认测试失败 -- 再写最小实现让测试通过 -- 再重构 -- 最后检查覆盖率是否达到 80%+ - -它强调三类测试都需要: - -- 单元测试:函数、组件、工具方法 -- 集成测试:API、数据库、服务交互 -- E2E 测试:关键用户路径 - -这意味着它不是只关心“代码能跑”,而是要求对行为、边界条件、错误路径都建立测试样例。 - -#### 2. 编辑后的自动 hook 检查 - -这是最接近“实时守门员”的部分。 - -- `post-edit-format` - 文件编辑后自动格式化 JS/TS,支持 Biome 或 Prettier。 -- `post-edit-typecheck` - 编辑 `.ts/.tsx` 后自动找最近的 `tsconfig.json`,跑 `tsc --noEmit`,并尽量只过滤出和当前文件相关的错误。 -- `quality-gate` - 编辑后跑轻量质量门禁。对不同语言用不同工具: - - JS/TS/JSON/MD 走 Biome 或 Prettier - - Go 走 `gofmt` - - Python 走 `ruff format` -- `check-console-log` - 每次响应结束时检查已修改的 JS/TS 文件里是否残留 `console.log`。 - -这一层解决的是“写完马上出问题”的场景,比如格式错、类型错、调试语句没删掉。 - -#### 3. 系统化验证命令 - -最核心的是 `/verify`。它要求按顺序做: - -1. Build Check -2. Type Check -3. Lint Check -4. Test Suite -5. Security / Secrets / `console.log` 审计 -6. Git diff 审查 - -这里的关键点不是“有这些命令”,而是顺序。比如 build 都不过,就不应该继续往下假装验证通过。 - -另外还有两个辅助命令: - -- `/quality-gate` - 按路径或项目范围手动执行质量管线,适合在 hook 之外主动检查。 -- `/test-coverage` - 专门做覆盖率分析,找出低于 80% 的文件,并按缺口补测试。 - -这说明它不把“测试通过”当成终点,还要求你看覆盖率盲区。 - -#### 4. Eval 机制 - -这是更偏 AI 工程的方法,不只是传统代码测试。 - -它引入几类概念: - -- `Capability eval` - AI 是否具备某个新能力 -- `Regression eval` - 新改动是否破坏旧行为 -- `pass@1 / pass@3 / pass^3` - 用来评估 AI 在多次尝试中的稳定性 - -这和普通单元测试不同。普通测试是“代码对不对”,eval 更像“AI 工作流整体是否稳定地产出对的结果”。 - -#### 5. 会话级持续学习与回放 - -这不是直接验证代码是否正确,但它能减少 AI 因“失忆”导致的错误重复。 - -- `session-start` - 会话开始时加载上次 session 摘要、已学习技能、项目类型等上下文。 -- `session-end` - 每次 Stop 时从 transcript 中提取用户请求、用过的工具、修改过的文件,写入 session 文件。 -- `evaluate-session` - 会话结束时判断这次对话里有没有可抽取的稳定模式,供后续沉淀成 skill。 - -这层对“正确性”的贡献是减少上下文断裂、避免同类错误反复出现。 - -### 三、这个仓库自己做了哪些自动化测试 - -这部分很关键。因为如果这些 hooks、命令、安装器本身不可靠,那整套“保障正确性”的系统就是空的。 - -当前仓库有 50+ 个测试文件,覆盖范围很广,测试类别大致分为: - -- `hooks 测试` - 覆盖 quality-gate、evaluate-session、auto-tmux-dev、hook flags 等行为。 -- `安装与配置测试` - 覆盖 install-plan、install-apply、manifest、install-state 等逻辑。 -- `CLI 和脚本测试` - 覆盖 `ecc`、`harness-audit`、`doctor`、`repair`、`session-inspect` 等命令。 -- `底层库测试` - 覆盖 formatter 解析、包管理器检测、项目类型识别、状态存储等基础能力。 -- `集成级测试` - 验证 hooks 和整体链路在组合情况下是否按预期工作。 - -### 四、除了业务测试,还有“结构正确性”校验 - -这个项目还有一类很实用的自动化:不是测业务逻辑,而是测仓库里的“配置资产”有没有坏掉。也就是 agents、commands、skills、rules、hooks 这些内容是否仍然有效。 - -`npm test` 里会先跑一串 validator,再跑测试,包括: - -- `validate-agents.js` - 检查 agent Markdown 是否有 frontmatter、必需字段、合法模型值。 -- `validate-commands.js` - 检查命令文档非空,以及引用的 command / agent / skill 是否存在。 -- `validate-rules.js` - 检查所有 rule 文件是否非空可读。 -- `validate-skills.js` - 检查每个技能目录是否有 `SKILL.md`。 -- `validate-hooks.js` - 检查 `hooks/hooks.json` 的 schema、事件名、matcher、hook 类型和字段是否合法。 - -这类测试很重要,因为 ECC 本身大量依赖 Markdown 和 JSON 配置文件。少一个字段、拼错一个 agent 名称,普通代码单测未必能及时发现,但 validator 能直接拦住。 - -### 五、覆盖率是怎么要求的 - -它明确要求 80%+ 覆盖率,这既出现在规则里,也出现在 npm 脚本里。 - -`package.json` 中的 `coverage` 脚本使用 `c8`,并设置了硬阈值: - -- lines 80 -- functions 80 -- branches 80 -- statements 80 - -也就是说,不是“跑个 coverage 看看”,而是没到门槛就失败。 - -### 六、它能保证“用户项目里的代码正确”到什么程度 - -这里要区分两件事: - -#### 1. ECC 仓库自身 - -它自己的 hooks、命令、安装器、适配层,是有自动化测试和覆盖率门槛的。 - -#### 2. 用户正在开发的业务项目 - -ECC 并不会天然知道你的业务逻辑是否正确。它做的是提供一套强制工作流,让 AI 去: - -- 先写测试 -- 跑构建、类型、lint、测试 -- 看 coverage -- 做 diff review -- 做安全检查 -- 必要时做 eval - -所以它对用户项目的保障,本质上是“把正确性验证流程自动化和制度化”,而不是“替代业务测试”。 - -换句话说,它更像质量系统,而不是万能判题器。 - -### 七、这套体系的优点和边界 - -优点很明确: - -- 错误暴露得更早,尤其是格式、类型、调试残留这种低级问题 -- AI 不容易跳过测试和验证步骤 -- 支持回归验证,不只是“这次能跑” -- 对复杂 agent 工作流有 eval 思维,不只盯着代码编译通过 -- 这个系统本身也被测试,不是空口宣言 - -但边界也很明确: - -- 它不能自动理解你的业务需求是否“真正满足用户意图” -- 没有业务测试数据时,它无法凭空证明正确性 -- 某些 hook 是“提醒/警告型”,不是强阻断 -- 很多质量检查依赖目标项目本身配置了 `build`、`lint`、`test`、`tsc`、formatter 等工具链 - -### 一句话总结 - -这个项目保证 AI 代码“更正确”的核心,不是靠单次生成更聪明,而是靠“测试优先 + 编辑后即时检查 + 提交前系统验证 + 覆盖率门槛 + eval + 仓库自身被充分测试”的组合拳。 - -## 自动化测试与验证方法总表 - -下表汇总了这个项目中主要的自动化测试与验证方法。这里的“测试”不仅包括传统单元测试,也包括构建检查、类型检查、质量门禁、配置校验、回归评估等自动化验证手段,因为 ECC 的目标本来就不是只测代码函数,而是保障整套 AI 工程流程的正确性。 - -| 什么测试 | 测试的方法 | 为什么要做这个测试 | 能解决什么问题 | -|---|---|---|---| -| 单元测试 | 对单个函数、工具方法、组件逻辑编写独立测试,用最小输入输出断言行为 | 最小粒度验证功能正确性,是发现逻辑错误最快的手段 | 解决函数实现错误、边界条件遗漏、重构后回归问题 | -| 集成测试 | 测 API、数据库、服务交互、模块间协作,验证请求到响应或服务到服务的完整链路 | 很多错误不在单个函数,而在模块之间的拼接处 | 解决接口联调失败、数据库交互错误、服务调用顺序问题 | -| E2E 测试 | 用 Playwright 等浏览器自动化测试关键用户流程 | 最终用户看到的是完整流程,不是单个函数 | 解决页面流程跑不通、按钮可点但业务不成功、前后端联通失败 | -| TDD 红绿重构测试 | 先写失败测试,再写最小实现让其通过,最后重构并保持测试为绿 | 强制 AI 先定义正确行为,再写实现,降低拍脑袋写代码的概率 | 解决“先写代码后补测试”导致的伪验证、需求理解偏差 | -| Build Check | 执行项目构建命令,先确认能完整 build | 如果项目连构建都过不了,其他验证意义很小 | 解决打包失败、缺依赖、构建配置错误、语法级阻断问题 | -| Type Check | 执行 `tsc --noEmit`、`pyright` 等类型检查 | AI 很容易写出语法正确但类型不一致的代码 | 解决类型不匹配、参数传错、返回值不符合约定的问题 | -| Lint Check | 执行 ESLint、Ruff 等静态检查 | 代码不仅要能跑,还要符合项目约定和最佳实践 | 解决潜在坏味道、危险写法、风格不一致、简单逻辑疏漏 | -| 覆盖率检查 | 用 `c8`、Vitest/Jest 覆盖率、pytest-cov 等统计并设置 80% 门槛 | 测试通过不等于测得充分,需要知道哪些代码根本没被触达 | 解决测试盲区、分支未覆盖、表面通过但风险仍高的问题 | -| `/verify` 全量验证 | 按固定顺序执行 build、types、lint、tests、安全检查、diff review | 需要一个统一、可复用的“提交前体检流程” | 解决只做局部检查、漏掉关键验证步骤的问题 | -| `/quality-gate` 质量门禁 | 对文件或项目范围手动执行格式、lint、类型等质量检查 | hook 是自动触发的,但需要人工随时重跑统一质量管线 | 解决改动较多时遗漏局部错误、需要集中复查的问题 | -| `/test-coverage` 覆盖率补强 | 分析低覆盖文件,定位缺失测试并补齐 | 覆盖率不足时,仅看总体数字不够,需要知道缺口在哪 | 解决“知道不够测,但不知道该补哪”的问题 | -| `/eval` 能力/回归评估 | 定义 capability eval 和 regression eval,并记录 pass@k | AI 工程中很多问题不是普通单测能完全表达的 | 解决 prompt/agent 变化后的能力退化、稳定性不足问题 | -| Capability Eval | 为一个新能力定义成功标准并自动检查是否达成 | AI 需要被验证“会不会做这件事”,而不只是“代码能不能跑” | 解决新增能力不可度量、结果模糊、是否达标难判断的问题 | -| Regression Eval | 为已有能力定义基线,更新后重新验证 | 新功能上线最常见的风险是破坏旧功能 | 解决历史行为被破坏、升级后退化、版本回归问题 | -| pass@k / pass^k 评估 | 多次尝试统计成功率和稳定性 | AI 输出存在波动,单次成功不能说明真正可靠 | 解决“偶尔成功但不稳定”的假可靠问题 | -| 编辑后自动格式化 | `post-edit-format` 在文件编辑后自动运行 Biome/Prettier | 很多低级问题不该等到人工发现 | 解决格式漂移、代码风格不统一、格式导致的 review 噪音 | -| 编辑后自动类型检查 | `post-edit-typecheck` 在编辑 TS 文件后自动执行局部类型检查 | 越早看到类型错误,修复成本越低 | 解决刚编辑完就引入的类型错误,避免后续扩散 | -| 编辑后自动质量门禁 | `quality-gate` 按文件类型执行 Biome/Prettier/gofmt/ruff | 需要低延迟的自动化守门,尽快把错误暴露给 AI | 解决语言级格式/质量问题,减少提交前集中爆炸 | -| `console.log` 审计 | Stop hook 自动扫描修改文件中的调试输出 | AI 和人类一样,都会忘删临时调试代码 | 解决调试日志残留、噪音输出、生产代码不干净的问题 | -| 安全扫描 | 搜索 secrets、危险模式,必要时配合安全 skill / reviewer | AI 生成代码时常会忽视 secrets、输入验证等安全问题 | 解决密钥泄漏、明显安全疏漏、调试信息暴露问题 | -| Git diff 审查 | 自动查看变更文件和 diff 范围 | 仅看最终代码不够,需要知道到底改了什么 | 解决误改文件、无关改动混入、遗漏清理的问题 | -| Session Start / End 验证链 | 会话开始加载上下文,会话结束提取摘要、记录变更和工具使用 | AI 的错误很多来自上下文断裂,而不是实现能力本身 | 解决跨会话失忆、重复犯错、接手历史任务时上下文缺失 | -| 持续学习评估 | `evaluate-session` 根据会话长度和内容判断是否可提炼模式 | 好的解决方案应沉淀成可复用能力,而不是每次重学 | 解决经验无法积累、同类问题重复探索的问题 | -| Hook 配置校验 | `validate-hooks.js` 校验 `hooks.json` schema、事件、字段、hook 类型 | hook 是自动化核心,配置一坏,整套机制就失效 | 解决 hook 配置拼写错误、事件名错误、字段不合法的问题 | -| Agent 配置校验 | `validate-agents.js` 校验 agent frontmatter、必填字段、模型合法性 | agent 定义是编排基础,损坏后会直接影响 AI 工作流 | 解决 agent 元数据缺失、配置非法、引用失败的问题 | -| Command 文档校验 | `validate-commands.js` 检查命令文档非空,且引用的 command/agent/skill 存在 | 命令是用户入口,文档失真会导致执行流程错误 | 解决命令引用失效、文档和真实能力脱节的问题 | -| Skill 结构校验 | `validate-skills.js` 校验每个技能目录都存在 `SKILL.md` | skill 是核心知识单元,结构必须稳定 | 解决 skill 缺失、目录不完整、安装后不可用的问题 | -| Rule 文件校验 | `validate-rules.js` 检查规则文件是否可读且非空 | 规则是 AI 行为约束基础,空文件等于失效 | 解决规则丢失、空规则、安装后行为退化的问题 | -| 安装器测试 | 测 `install-plan`、`install-apply`、manifest、install-state 等逻辑 | 安装层错误会让整个系统装不对、装不全、装错位置 | 解决 selective install 失效、路径错误、状态记录异常 | -| CLI 测试 | 测 `ecc`、`doctor`、`repair`、`harness-audit`、`sessions` 等脚本 | CLI 是用户直接操作系统的入口,必须可靠 | 解决命令行参数解析错误、输出不符合预期、功能失效 | -| Hook 脚本测试 | 对 `quality-gate`、`evaluate-session`、`auto-tmux-dev` 等脚本做独立测试 | hook 运行频率高,任何错误都会被快速放大 | 解决 hook 误报、漏报、跨平台行为不一致的问题 | -| 集成级 hook 测试 | 将多个 hook 或相关脚本组合起来验证完整链路 | 单个模块正确,不代表组合后仍然正确 | 解决组合行为异常、事件触发顺序错误、整体链路不通的问题 | -| 状态存储测试 | 测 session aliases、state store、install state 等持久化逻辑 | ECC 很依赖状态记录来支持连续工作 | 解决状态写坏、会话恢复失败、安装状态漂移的问题 | -| 工具解析测试 | 测 formatter 检测、包管理器检测、项目类型识别等基础能力 | 自动化链路依赖环境探测,探测错了后续全错 | 解决检测错误导致执行了错误工具、走错工作流的问题 | -| Harness 审计 | `harness-audit` 检查仓库在工具覆盖、上下文效率、质量门禁等维度是否达标 | 需要从系统层面评估一个 AI harness 是否“配齐了” | 解决功能缺失、能力不完整、质量体系不闭环的问题 | - -### 如何理解这张表 - -这张表里的方法可以分成四组: - -- `开发前与开发中` - TDD、单元测试、集成测试、E2E、编辑后 hooks。 -- `提交前与交付前` - `/verify`、`/quality-gate`、覆盖率、安全扫描、diff review。 -- `AI 工程专项` - `/eval`、Capability Eval、Regression Eval、pass@k、持续学习。 -- `ECC 自身质量` - validators、hook tests、CLI tests、install tests、state/store tests、harness audit。 - -也就是说,这个项目不是只在“代码写完以后”才测,而是把测试和验证铺在了整个 AI 开发生命周期里。 diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md new file mode 100644 index 00000000..8d9d5a67 --- /dev/null +++ b/docs/zh-CN/commands/prune.md @@ -0,0 +1,31 @@ +--- +name: prune +description: 删除超过 30 天且从未被提升的待处理 instinct +command: true +--- + +# 清理待处理 Instinct + +删除那些由系统自动生成、但从未经过审查或提升的过期待处理 instinct。 + +## 实现 + +使用插件根目录路径运行 instinct CLI: + +```bash +python3 "${CLAUDE_PLUGIN_ROOT}/skills/continuous-learning-v2/scripts/instinct-cli.py" prune +``` + +或者当 `CLAUDE_PLUGIN_ROOT` 未设置时(手动安装): + +```bash +python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune +``` + +## 使用方法 + +``` +/prune # 删除超过 30 天的 instinct +/prune --max-age 60 # 自定义年龄阈值(天) +/prune --dry-run # 仅预览,不实际删除 +``` From f3cf808814dabfe49c0cadfaab57fd71df763c47 Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:53:35 +0800 Subject: [PATCH 03/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 8d9d5a67..1b68bb2a 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -1,5 +1,5 @@ --- -name: prune +description: 删除超过 30 天且从未被提升的待处理本能 description: 删除超过 30 天且从未被提升的待处理 instinct command: true --- From aed18eb5710374bf55fe7dd6e1dcd5ebe35d0ed4 Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:53:48 +0800 Subject: [PATCH 04/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 1b68bb2a..d5018423 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -4,9 +4,9 @@ description: 删除超过 30 天且从未被提升的待处理 instinct command: true --- -# 清理待处理 Instinct +# 清理待处理本能 -删除那些由系统自动生成、但从未经过审查或提升的过期待处理 instinct。 +删除那些由系统自动生成、但从未经过审查或提升的过期待处理本能。 ## 实现 From d016e68ceeab4a6254c768420912bafca635506f Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:53:57 +0800 Subject: [PATCH 05/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index d5018423..2ee7d6bf 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -22,7 +22,7 @@ python3 "${CLAUDE_PLUGIN_ROOT}/skills/continuous-learning-v2/scripts/instinct-cl python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune ``` -## 使用方法 +## 用法 ``` /prune # 删除超过 30 天的 instinct From ec921e52024d3fb46cd2b1d538288e2fde880c33 Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:54:04 +0800 Subject: [PATCH 06/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 2ee7d6bf..2d760493 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -25,7 +25,7 @@ python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune ## 用法 ``` -/prune # 删除超过 30 天的 instinct +/prune # 删除超过 30 天的本能 /prune --max-age 60 # 自定义年龄阈值(天) /prune --dry-run # 仅预览,不实际删除 ``` From d6061cf93702330f8ebdba867bc3d63625431090 Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:58:34 +0800 Subject: [PATCH 07/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 2d760493..0cad613f 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -1,6 +1,5 @@ --- description: 删除超过 30 天且从未被提升的待处理本能 -description: 删除超过 30 天且从未被提升的待处理 instinct command: true --- From 6af7ca1afc349eb0d4028f8703a2634d3b90db92 Mon Sep 17 00:00:00 2001 From: cjp <61693165+694344851@users.noreply.github.com> Date: Mon, 23 Mar 2026 13:58:44 +0800 Subject: [PATCH 08/23] Update docs/zh-CN/commands/prune.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- docs/zh-CN/commands/prune.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 0cad613f..6bbae496 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -28,3 +28,8 @@ python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune /prune --max-age 60 # 自定义年龄阈值(天) /prune --dry-run # 仅预览,不实际删除 ``` +--- +name: prune +description: 删除超过 30 天且从未被提升的待处理本能 +command: true +--- From f7d589ce21467023e9d3b8da0efa346583ba1d05 Mon Sep 17 00:00:00 2001 From: up2itnow0822 <220628848+up2itnow0822@users.noreply.github.com> Date: Tue, 24 Mar 2026 12:24:25 -0500 Subject: [PATCH 09/23] feat: add agent-payment-x402 skill for autonomous agent payments Adds a skill for x402 payment execution with MCP integration: - Per-task and per-session spending controls - Non-custodial wallet management (ERC-4337) - Pairs with mcp-server-patterns and cost-aware-llm-pipeline skills - Production reference: merged into NVIDIA NeMo Agent Toolkit (PR #17) - npm package: agentwallet-sdk --- skills/agent-payment-x402/SKILL.md | 83 ++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) create mode 100644 skills/agent-payment-x402/SKILL.md diff --git a/skills/agent-payment-x402/SKILL.md b/skills/agent-payment-x402/SKILL.md new file mode 100644 index 00000000..0dab98d0 --- /dev/null +++ b/skills/agent-payment-x402/SKILL.md @@ -0,0 +1,83 @@ +--- +name: agent-payment-x402 +description: Add x402 payment execution to AI agents — per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents need to pay for APIs, services, or other agents. +origin: community +--- + +# Agent Payment Execution (x402) + +Enable AI agents to make autonomous payments with built-in spending controls. Uses the x402 HTTP payment protocol and MCP tools so agents can pay for external services, APIs, or other agents without custodial risk. + +## When to Use + +Use when: your agent needs to pay for an API call, purchase a service, settle with another agent, enforce per-task spending limits, or manage a non-custodial wallet. Pairs naturally with cost-aware-llm-pipeline and mcp-server-patterns skills. + +## Core Concepts + +### x402 Protocol +x402 extends HTTP 402 (Payment Required) into a machine-negotiable flow. When a server returns `402`, the agent's payment tool automatically negotiates price, checks budget, signs a transaction, and retries — no human in the loop. + +### Spending Controls +Every payment tool call enforces a `SpendingPolicy`: +- **Per-task budget** — max spend for a single agent action +- **Per-session budget** — cumulative limit across an entire session +- **Allowlisted recipients** — restrict which addresses/services the agent can pay +- **Rate limits** — max transactions per minute/hour + +### Non-Custodial Wallets +Agents hold their own keys via ERC-4337 smart accounts. The orchestrator sets policy; the agent can only spend within bounds. No pooled funds, no custodial risk. + +## MCP Integration + +The payment layer exposes standard MCP tools that slot into any Claude Code or agent harness setup: + +```json +{ + "mcpServers": { + "agentpay": { + "command": "npx", + "args": ["-y", "agentwallet-sdk"] + } + } +} +``` + +### Available Tools + +| Tool | Purpose | +|------|---------| +| `get_balance` | Check agent wallet balance | +| `send_payment` | Send payment to address or ENS | +| `check_spending` | Query remaining budget | +| `set_policy` | Configure spending limits | +| `list_transactions` | Audit trail of all payments | + +## Example: Pay-Per-API-Call Agent + +```typescript +// In your CLAUDE.md or agent config: +// 1. Add agentpay MCP server (see above) +// 2. Set spending policy in your skill/hook: + +// Hook: pre-tool check +if (toolName === "web_search" && apiCost > 0) { + const budget = await mcp.call("agentpay", "check_spending"); + if (budget.remaining < apiCost) { + return { error: "Budget exceeded for this task" }; + } +} +``` + +## Best Practices + +- **Set budgets before delegation**: When spawning sub-agents, attach a SpendingPolicy. Never give an agent unlimited spend. +- **Audit trails**: Use `list_transactions` in post-task hooks to log what was spent and why. +- **Fail closed**: If the payment tool is unreachable, block the paid action — don't fall back to unmetered access. +- **Pair with security-review**: Payment tools are high-privilege. Apply the same scrutiny as shell access. +- **Test with testnets first**: Use Base Sepolia for development; switch to Base mainnet for production. + +## Production Reference + +- **npm**: [`agentwallet-sdk`](https://www.npmjs.com/package/agentwallet-sdk) +- **Merged into NVIDIA NeMo Agent Toolkit**: [PR #17](https://github.com/NVIDIA/NeMo-Agent-Toolkit-Examples/pull/17) — x402 payment tool for NVIDIA's agent examples +- **Protocol spec**: [x402.org](https://x402.org) From e57ad5c33d5203cddda975a08827ef4f9ad67d2c Mon Sep 17 00:00:00 2001 From: up2itnow0822 <220628848+up2itnow0822@users.noreply.github.com> Date: Tue, 24 Mar 2026 15:25:14 -0500 Subject: [PATCH 10/23] fix: address all automated review feedback on code example Security model: - Remove set_policy from agent-callable tools table; document as orchestrator-only to prevent self-privilege escalation - Pin agentwallet-sdk@6.0.0 in MCP config with pre-install guidance (npx without -y hangs in non-interactive MCP startup) - Whitelist only required env vars (PATH, NODE_ENV, WALLET_PRIVATE_KEY) instead of forwarding entire process.env to subprocess Code example (complete rewrite): - Add StdioClientTransport import and client.connect() for runnable code - Wrap in async main() for CJS/ESM compatibility (top-level await) - Verify set_policy result via isError before delegating - Five distinct fail-closed error paths in preToolCheck: 1. Invalid apiCost input (NaN/Infinity bypass prevention) 2. Transport/connectivity failure 3. Tool-level error (isError: true, e.g., auth failure) 4. Unexpected response format (missing/non-finite remaining) 5. Budget exceeded (clear amounts in message) - Use Number.isFinite() for both apiCost and remaining validation Documentation: - Rename headings per CONTRIBUTING.md format - Replace broken mcp-server-patterns cross-ref with security-review - Add 'Pin your dependencies' to Best Practices - Add security note about supply-chain risk --- skills/agent-payment-x402/SKILL.md | 126 +++++++++++++++++++++++++---- 1 file changed, 109 insertions(+), 17 deletions(-) diff --git a/skills/agent-payment-x402/SKILL.md b/skills/agent-payment-x402/SKILL.md index 0dab98d0..c90d505d 100644 --- a/skills/agent-payment-x402/SKILL.md +++ b/skills/agent-payment-x402/SKILL.md @@ -10,9 +10,9 @@ Enable AI agents to make autonomous payments with built-in spending controls. Us ## When to Use -Use when: your agent needs to pay for an API call, purchase a service, settle with another agent, enforce per-task spending limits, or manage a non-custodial wallet. Pairs naturally with cost-aware-llm-pipeline and mcp-server-patterns skills. +Use when: your agent needs to pay for an API call, purchase a service, settle with another agent, enforce per-task spending limits, or manage a non-custodial wallet. Pairs naturally with cost-aware-llm-pipeline and security-review skills. -## Core Concepts +## How It Works ### x402 Protocol x402 extends HTTP 402 (Payment Required) into a machine-negotiable flow. When a server returns `402`, the agent's payment tool automatically negotiates price, checks budget, signs a transaction, and retries — no human in the loop. @@ -25,52 +25,144 @@ Every payment tool call enforces a `SpendingPolicy`: - **Rate limits** — max transactions per minute/hour ### Non-Custodial Wallets -Agents hold their own keys via ERC-4337 smart accounts. The orchestrator sets policy; the agent can only spend within bounds. No pooled funds, no custodial risk. +Agents hold their own keys via ERC-4337 smart accounts. The orchestrator sets policy before delegation; the agent can only spend within bounds. No pooled funds, no custodial risk. ## MCP Integration -The payment layer exposes standard MCP tools that slot into any Claude Code or agent harness setup: +The payment layer exposes standard MCP tools that slot into any Claude Code or agent harness setup. + +> **Security note**: Always pin the package version. This tool manages private keys — unpinned `npx` installs introduce supply-chain risk. ```json { "mcpServers": { "agentpay": { "command": "npx", - "args": ["-y", "agentwallet-sdk"] + "args": ["agentwallet-sdk@6.0.0"] } } } ``` -### Available Tools +### Available Tools (agent-callable) | Tool | Purpose | |------|---------| | `get_balance` | Check agent wallet balance | | `send_payment` | Send payment to address or ENS | | `check_spending` | Query remaining budget | -| `set_policy` | Configure spending limits | | `list_transactions` | Audit trail of all payments | -## Example: Pay-Per-API-Call Agent +> **Note**: Spending policy is set by the **orchestrator** before delegating to the agent — not by the agent itself. This prevents agents from escalating their own spending limits. Configure policy via `set_policy` in your orchestration layer or pre-task hook, never as an agent-callable tool. + +## Examples + +### Budget enforcement in an MCP client + +When building an orchestrator that calls the agentpay MCP server, enforce budgets before dispatching paid tool calls. + +> **Prerequisites**: Install the package before adding the MCP config — `npx` without `-y` will prompt for confirmation in non-interactive environments, causing the server to hang: `npm install -g agentwallet-sdk@6.0.0` ```typescript -// In your CLAUDE.md or agent config: -// 1. Add agentpay MCP server (see above) -// 2. Set spending policy in your skill/hook: +import { Client } from "@modelcontextprotocol/sdk/client/index.js"; +import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js"; -// Hook: pre-tool check -if (toolName === "web_search" && apiCost > 0) { - const budget = await mcp.call("agentpay", "check_spending"); - if (budget.remaining < apiCost) { - return { error: "Budget exceeded for this task" }; +async function main() { + // 1. Validate credentials before constructing the transport. + // A missing key must fail immediately — never let the subprocess start without auth. + const walletKey = process.env.WALLET_PRIVATE_KEY; + if (!walletKey) { + throw new Error("WALLET_PRIVATE_KEY is not set — refusing to start payment server"); + } + + // Connect to the agentpay MCP server via stdio transport. + // Whitelist only the env vars the server needs — never forward all of process.env + // to a third-party subprocess that manages private keys. + const transport = new StdioClientTransport({ + command: "npx", + args: ["agentwallet-sdk@6.0.0"], + env: { + PATH: process.env.PATH ?? "", + NODE_ENV: process.env.NODE_ENV ?? "production", + WALLET_PRIVATE_KEY: walletKey, + }, + }); + const agentpay = new Client({ name: "orchestrator", version: "1.0.0" }); + await agentpay.connect(transport); + + // 2. Set spending policy before delegating to the agent. + // Always verify success — a silent failure means no controls are active. + const policyResult = await agentpay.callTool({ + name: "set_policy", + arguments: { + per_task_budget: 0.50, + per_session_budget: 5.00, + allowlisted_recipients: ["api.example.com"], + }, + }); + if (policyResult.isError) { + throw new Error( + `Failed to set spending policy — do not delegate: ${JSON.stringify(policyResult.content)}` + ); + } + + // 3. Use preToolCheck before any paid action + await preToolCheck(agentpay, 0.01); +} + +// Pre-tool hook: fail-closed budget enforcement with four distinct error paths. +async function preToolCheck(agentpay: Client, apiCost: number): Promise { + // Path 1: Reject invalid input (NaN/Infinity bypass the < comparison) + if (!Number.isFinite(apiCost) || apiCost < 0) { + throw new Error(`Invalid apiCost: ${apiCost} — action blocked`); + } + + // Path 2: Transport/connectivity failure + let result; + try { + result = await agentpay.callTool({ name: "check_spending" }); + } catch (err) { + throw new Error(`Payment service unreachable — action blocked: ${err}`); + } + + // Path 3: Tool returned an error (e.g., auth failure, wallet not initialised) + if (result.isError) { + throw new Error( + `check_spending failed — action blocked: ${JSON.stringify(result.content)}` + ); + } + + // Path 4: Parse and validate the response shape + let remaining: number; + try { + const parsed = JSON.parse( + (result.content as Array<{ text: string }>)[0].text + ); + if (!Number.isFinite(parsed?.remaining)) { + throw new TypeError("missing or non-finite 'remaining' field"); + } + remaining = parsed.remaining; + } catch (err) { + throw new Error( + `check_spending returned unexpected format — action blocked: ${err}` + ); + } + + // Path 5: Budget exceeded + if (remaining < apiCost) { + throw new Error( + `Budget exceeded: need $${apiCost} but only $${remaining} remaining` + ); } } + +main().catch(console.error); ``` ## Best Practices -- **Set budgets before delegation**: When spawning sub-agents, attach a SpendingPolicy. Never give an agent unlimited spend. +- **Set budgets before delegation**: When spawning sub-agents, attach a SpendingPolicy via your orchestration layer. Never give an agent unlimited spend. +- **Pin your dependencies**: Always specify an exact version in your MCP config (e.g., `agentwallet-sdk@6.0.0`). Verify package integrity before deploying to production. - **Audit trails**: Use `list_transactions` in post-task hooks to log what was spent and why. - **Fail closed**: If the payment tool is unreachable, block the paid action — don't fall back to unmetered access. - **Pair with security-review**: Payment tools are high-privilege. Apply the same scrutiny as shell access. From 95a1435f61407973059f504ba0436e036ae0b2ac Mon Sep 17 00:00:00 2001 From: AI Agent Economy <220628848+up2itnow0822@users.noreply.github.com> Date: Tue, 24 Mar 2026 15:43:59 -0500 Subject: [PATCH 11/23] Update skills/agent-payment-x402/SKILL.md Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com> --- skills/agent-payment-x402/SKILL.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/skills/agent-payment-x402/SKILL.md b/skills/agent-payment-x402/SKILL.md index c90d505d..08319c63 100644 --- a/skills/agent-payment-x402/SKILL.md +++ b/skills/agent-payment-x402/SKILL.md @@ -156,7 +156,10 @@ async function preToolCheck(agentpay: Client, apiCost: number): Promise { } } -main().catch(console.error); +main().catch((err) => { + console.error(err); + process.exitCode = 1; +}); ``` ## Best Practices From 3fbfd7f7ff910d89f36475d73b657b7d3e680d66 Mon Sep 17 00:00:00 2001 From: xingzihai <1315258019@qq.com> Date: Wed, 25 Mar 2026 17:05:02 +0000 Subject: [PATCH 12/23] feat: Add git-workflow skill Add comprehensive Git workflow skill covering: - Branching strategies (GitHub Flow, Trunk-Based, GitFlow) - Conventional commits format and best practices - Merge vs rebase with clear guidance - Pull request workflow and templates - Conflict resolution strategies - Branch management and naming conventions - Release management with semantic versioning - Git configuration and useful aliases - Common workflows and anti-patterns This skill helps developers and teams establish consistent Git practices for collaborative development. --- skills/git-workflow/SKILL.md | 716 +++++++++++++++++++++++++++++++++++ 1 file changed, 716 insertions(+) create mode 100644 skills/git-workflow/SKILL.md diff --git a/skills/git-workflow/SKILL.md b/skills/git-workflow/SKILL.md new file mode 100644 index 00000000..d57f51d3 --- /dev/null +++ b/skills/git-workflow/SKILL.md @@ -0,0 +1,716 @@ +--- +name: git-workflow +description: Git workflow patterns including branching strategies, commit conventions, merge vs rebase, conflict resolution, and collaborative development best practices for teams of all sizes. +origin: ECC +--- + +# Git Workflow Patterns + +Best practices for Git version control, branching strategies, and collaborative development. + +## When to Activate + +- Setting up Git workflow for a new project +- Deciding on branching strategy (GitFlow, trunk-based, GitHub flow) +- Writing commit messages and PR descriptions +- Resolving merge conflicts +- Managing releases and version tags +- Onboarding new team members to Git practices + +## Branching Strategies + +### GitHub Flow (Simple, Recommended for Most) + +Best for continuous deployment and small-to-medium teams. + +``` +main (protected, always deployable) + │ + ├── feature/user-auth → PR → merge to main + ├── feature/payment-flow → PR → merge to main + └── fix/login-bug → PR → merge to main +``` + +**Rules:** +- `main` is always deployable +- Create feature branches from `main` +- Open Pull Request when ready for review +- After approval and CI passes, merge to `main` +- Deploy immediately after merge + +### Trunk-Based Development (High-Velocity Teams) + +Best for teams with strong CI/CD and feature flags. + +``` +main (trunk) + │ + ├── short-lived feature (1-2 days max) + ├── short-lived feature + └── short-lived feature +``` + +**Rules:** +- Everyone commits to `main` or very short-lived branches +- Feature flags hide incomplete work +- CI must pass before merge +- Deploy multiple times per day + +### GitFlow (Complex, Release-Cycle Driven) + +Best for scheduled releases and enterprise projects. + +``` +main (production releases) + │ + └── develop (integration branch) + │ + ├── feature/user-auth + ├── feature/payment + │ + ├── release/1.0.0 → merge to main and develop + │ + └── hotfix/critical → merge to main and develop +``` + +**Rules:** +- `main` contains production-ready code only +- `develop` is the integration branch +- Feature branches from `develop`, merge back to `develop` +- Release branches from `develop`, merge to `main` and `develop` +- Hotfix branches from `main`, merge to both `main` and `develop` + +### When to Use Which + +| Strategy | Team Size | Release Cadence | Best For | +|----------|-----------|-----------------|----------| +| GitHub Flow | Any | Continuous | SaaS, web apps, startups | +| Trunk-Based | 5+ experienced | Multiple/day | High-velocity teams, feature flags | +| GitFlow | 10+ | Scheduled | Enterprise, regulated industries | + +## Commit Messages + +### Conventional Commits Format + +``` +(): + +[optional body] + +[optional footer(s)] +``` + +### Types + +| Type | Use For | Example | +|------|---------|---------| +| `feat` | New feature | `feat(auth): add OAuth2 login` | +| `fix` | Bug fix | `fix(api): handle null response in user endpoint` | +| `docs` | Documentation | `docs(readme): update installation instructions` | +| `style` | Formatting, no code change | `style: fix indentation in login component` | +| `refactor` | Code refactoring | `refactor(db): extract connection pool to module` | +| `test` | Adding/updating tests | `test(auth): add unit tests for token validation` | +| `chore` | Maintenance tasks | `chore(deps): update dependencies` | +| `perf` | Performance improvement | `perf(query): add index to users table` | +| `ci` | CI/CD changes | `ci: add PostgreSQL service to test workflow` | +| `revert` | Revert previous commit | `revert: revert "feat(auth): add OAuth2 login"` | + +### Good vs Bad Examples + +``` +# BAD: Vague, no context +git commit -m "fixed stuff" +git commit -m "updates" +git commit -m "WIP" + +# GOOD: Clear, specific, explains why +git commit -m "fix(api): retry requests on 503 Service Unavailable + +The external API occasionally returns 503 errors during peak hours. +Added exponential backoff retry logic with max 3 attempts. + +Closes #123" +``` + +### Commit Message Template + +Create `.gitmessage` in repo root: + +``` +# (): +# +# Types: feat, fix, docs, style, refactor, test, chore, perf, ci, revert +# Scope: api, ui, db, auth, etc. +# Subject: imperative mood, no period, max 50 chars +# +# [optional body] - explain why, not what +# [optional footer] - Breaking changes, closes #issue +``` + +Enable with: `git config commit.template .gitmessage` + +## Merge vs Rebase + +### Merge (Preserves History) + +```bash +# Creates a merge commit +git checkout main +git merge feature/user-auth + +# Result: +# * merge commit +# |\ +# | * feature commits +# |/ +# * main commits +``` + +**Use when:** +- Merging feature branches into `main` +- You want to preserve exact history +- Multiple people worked on the branch +- The branch has been pushed and others may have based work on it + +### Rebase (Linear History) + +```bash +# Rewrites feature commits onto target branch +git checkout feature/user-auth +git rebase main + +# Result: +# * feature commits (rewritten) +# * main commits +``` + +**Use when:** +- Updating your local feature branch with latest `main` +- You want a linear, clean history +- The branch is local-only (not pushed) +- You're the only one working on the branch + +### Rebase Workflow + +```bash +# Update feature branch with latest main (before PR) +git checkout feature/user-auth +git fetch origin +git rebase origin/main + +# Fix any conflicts +# Tests should still pass + +# Force push (only if you're the only contributor) +git push --force-with-lease origin feature/user-auth +``` + +### When NOT to Rebase + +``` +# NEVER rebase branches that: +- Have been pushed to a shared repository +- Other people have based work on +- Are protected branches (main, develop) +- Are already merged + +# Why: Rebase rewrites history, breaking others' work +``` + +## Pull Request Workflow + +### PR Title Format + +``` +(): + +Examples: +feat(auth): add SSO support for enterprise users +fix(api): resolve race condition in order processing +docs(api): add OpenAPI specification for v2 endpoints +``` + +### PR Description Template + +```markdown +## What + +Brief description of what this PR does. + +## Why + +Explain the motivation and context. + +## How + +Key implementation details worth highlighting. + +## Testing + +- [ ] Unit tests added/updated +- [ ] Integration tests added/updated +- [ ] Manual testing performed + +## Screenshots (if applicable) + +Before/after screenshots for UI changes. + +## Checklist + +- [ ] Code follows project style guidelines +- [ ] Self-review completed +- [ ] Comments added for complex logic +- [ ] Documentation updated +- [ ] No new warnings introduced +- [ ] Tests pass locally +- [ ] Related issues linked + +Closes #123 +``` + +### Code Review Checklist + +**For Reviewers:** + +- [ ] Does the code solve the stated problem? +- [ ] Are there any edge cases not handled? +- [ ] Is the code readable and maintainable? +- [ ] Are there sufficient tests? +- [ ] Are there security concerns? +- [ ] Is the commit history clean (squashed if needed)? + +**For Authors:** + +- [ ] Self-review completed before requesting review +- [ ] CI passes (tests, lint, typecheck) +- [ ] PR size is reasonable (<500 lines ideal) +- [ ] Related to a single feature/fix +- [ ] Description clearly explains the change + +## Conflict Resolution + +### Identify Conflicts + +```bash +# Check for conflicts before merge +git checkout main +git merge feature/user-auth --no-commit --no-ff + +# If conflicts, Git will show: +# CONFLICT (content): Merge conflict in src/auth/login.ts +# Automatic merge failed; fix conflicts and then commit the result. +``` + +### Resolve Conflicts + +```bash +# See conflicted files +git status + +# View conflict markers in file +# <<<<<<< HEAD +# content from main +# ======= +# content from feature branch +# >>>>>>> feature/user-auth + +# Option 1: Manual resolution +# Edit file, remove markers, keep correct content + +# Option 2: Use merge tool +git mergetool + +# Option 3: Accept one side +git checkout --ours src/auth/login.ts # Keep main version +git checkout --theirs src/auth/login.ts # Keep feature version + +# After resolving, stage and commit +git add src/auth/login.ts +git commit +``` + +### Conflict Prevention Strategies + +```bash +# 1. Keep feature branches small and short-lived +# 2. Rebase frequently onto main +git checkout feature/user-auth +git fetch origin +git rebase origin/main + +# 3. Communicate with team about touching shared files +# 4. Use feature flags instead of long-lived branches +# 5. Review and merge PRs promptly +``` + +## Branch Management + +### Naming Conventions + +``` +# Feature branches +feature/user-authentication +feature/JIRA-123-payment-integration + +# Bug fixes +fix/login-redirect-loop +fix/456-null-pointer-exception + +# Hotfixes (production issues) +hotfix/critical-security-patch +hotfix/database-connection-leak + +# Releases +release/1.2.0 +release/2024-01-hotfix + +# Experiments/POCs +experiment/new-caching-strategy +poc/graphql-migration +``` + +### Branch Cleanup + +```bash +# Delete local branches that are merged +git branch --merged main | grep -v "^\*\|main" | xargs -n 1 git branch -d + +# Delete remote-tracking references for deleted remote branches +git fetch -p + +# Delete local branch +git branch -d feature/user-auth # Safe delete (only if merged) +git branch -D feature/user-auth # Force delete + +# Delete remote branch +git push origin --delete feature/user-auth +``` + +### Stash Workflow + +```bash +# Save work in progress +git stash push -m "WIP: user authentication" + +# List stashes +git stash list + +# Apply most recent stash +git stash pop + +# Apply specific stash +git stash apply stash@{2} + +# Drop stash +git stash drop stash@{0} +``` + +## Release Management + +### Semantic Versioning + +``` +MAJOR.MINOR.PATCH + +MAJOR: Breaking changes +MINOR: New features, backward compatible +PATCH: Bug fixes, backward compatible + +Examples: +1.0.0 → 1.0.1 (patch: bug fix) +1.0.1 → 1.1.0 (minor: new feature) +1.1.0 → 2.0.0 (major: breaking change) +``` + +### Creating Releases + +```bash +# Create annotated tag +git tag -a v1.2.0 -m "Release v1.2.0 + +Features: +- Add user authentication +- Implement password reset + +Fixes: +- Resolve login redirect issue + +Breaking Changes: +- None" + +# Push tag to remote +git push origin v1.2.0 + +# List tags +git tag -l + +# Delete tag +git tag -d v1.2.0 +git push origin --delete v1.2.0 +``` + +### Changelog Generation + +```bash +# Generate changelog from commits +git log v1.1.0..v1.2.0 --oneline --no-merges + +# Or use conventional-changelog +npx conventional-changelog -i CHANGELOG.md -s +``` + +## Git Configuration + +### Essential Configs + +```bash +# User identity +git config --global user.name "Your Name" +git config --global user.email "your@email.com" + +# Default branch name +git config --global init.defaultBranch main + +# Pull behavior (rebase instead of merge) +git config --global pull.rebase true + +# Push behavior (push current branch only) +git config --global push.default current + +# Auto-correct typos +git config --global help.autocorrect 1 + +# Better diff algorithm +git config --global diff.algorithm histogram + +# Color output +git config --global color.ui auto +``` + +### Useful Aliases + +```bash +# Add to ~/.gitconfig +[alias] + co = checkout + br = branch + ci = commit + st = status + unstage = reset HEAD -- + last = log -1 HEAD + visual = log --oneline --graph --all + amend = commit --amend --no-edit + wip = commit -m "WIP" + undo = reset --soft HEAD~1 + contributors = shortlog -sn +``` + +### Gitignore Patterns + +```gitignore +# Dependencies +node_modules/ +vendor/ + +# Build outputs +dist/ +build/ +*.o +*.exe + +# Environment files +.env +.env.local +.env.*.local + +# IDE +.idea/ +.vscode/ +*.swp +*.swo + +# OS files +.DS_Store +Thumbs.db + +# Logs +*.log +logs/ + +# Test coverage +coverage/ + +# Cache +.cache/ +*.tsbuildinfo +``` + +## Common Workflows + +### Starting a New Feature + +```bash +# 1. Update main branch +git checkout main +git pull origin main + +# 2. Create feature branch +git checkout -b feature/user-auth + +# 3. Make changes and commit +git add . +git commit -m "feat(auth): implement OAuth2 login" + +# 4. Push to remote +git push -u origin feature/user-auth + +# 5. Create Pull Request on GitHub/GitLab +``` + +### Updating a PR with New Changes + +```bash +# 1. Make additional changes +git add . +git commit -m "feat(auth): add error handling" + +# 2. Push updates +git push origin feature/user-auth +``` + +### Syncing Fork with Upstream + +```bash +# 1. Add upstream remote (once) +git remote add upstream https://github.com/original/repo.git + +# 2. Fetch upstream +git fetch upstream + +# 3. Merge upstream/main into your main +git checkout main +git merge upstream/main + +# 4. Push to your fork +git push origin main +``` + +### Undoing Mistakes + +```bash +# Undo last commit (keep changes) +git reset --soft HEAD~1 + +# Undo last commit (discard changes) +git reset --hard HEAD~1 + +# Undo last commit pushed to remote +git revert HEAD +git push origin main + +# Undo specific file changes +git checkout HEAD -- path/to/file + +# Fix last commit message +git commit --amend -m "New message" + +# Add forgotten file to last commit +git add forgotten-file +git commit --amend --no-edit +``` + +## Git Hooks + +### Pre-Commit Hook + +```bash +#!/bin/bash +# .git/hooks/pre-commit + +# Run linting +npm run lint || exit 1 + +# Run tests +npm test || exit 1 + +# Check for secrets +if git diff --cached | grep -E '(password|api_key|secret)'; then + echo "Possible secret detected. Commit aborted." + exit 1 +fi +``` + +### Pre-Push Hook + +```bash +#!/bin/bash +# .git/hooks/pre-push + +# Run full test suite +npm run test:all || exit 1 + +# Check for console.log statements +if git diff origin/main | grep -E 'console\.log'; then + echo "Remove console.log statements before pushing." + exit 1 +fi +``` + +## Anti-Patterns + +``` +# BAD: Committing directly to main +git checkout main +git commit -m "fix bug" + +# GOOD: Use feature branches and PRs + +# BAD: Committing secrets +git add .env # Contains API keys + +# GOOD: Add to .gitignore, use environment variables + +# BAD: Giant PRs (1000+ lines) +# GOOD: Break into smaller, focused PRs + +# BAD: "Update" commit messages +git commit -m "update" +git commit -m "fix" + +# GOOD: Descriptive messages +git commit -m "fix(auth): resolve redirect loop after login" + +# BAD: Rewriting public history +git push --force origin main + +# GOOD: Use revert for public branches +git revert HEAD + +# BAD: Long-lived feature branches (weeks/months) +# GOOD: Keep branches short (days), rebase frequently + +# BAD: Committing generated files +git add dist/ +git add node_modules/ + +# GOOD: Add to .gitignore +``` + +## Quick Reference + +| Task | Command | +|------|---------| +| Create branch | `git checkout -b feature/name` | +| Switch branch | `git checkout branch-name` | +| Delete branch | `git branch -d branch-name` | +| Merge branch | `git merge branch-name` | +| Rebase branch | `git rebase main` | +| View history | `git log --oneline --graph` | +| View changes | `git diff` | +| Stage changes | `git add .` or `git add -p` | +| Commit | `git commit -m "message"` | +| Push | `git push origin branch-name` | +| Pull | `git pull origin branch-name` | +| Stash | `git stash push -m "message"` | +| Undo last commit | `git reset --soft HEAD~1` | +| Revert commit | `git revert HEAD` | \ No newline at end of file From dc92b5c62b2a691e9c5b97ebe6f104696bea5083 Mon Sep 17 00:00:00 2001 From: xingzihai <1315258019@qq.com> Date: Wed, 25 Mar 2026 17:24:31 +0000 Subject: [PATCH 13/23] feat: Add performance-optimizer agent for code performance analysis and optimization --- agents/performance-optimizer.md | 445 ++++++++++++++++++++++++++++++++ 1 file changed, 445 insertions(+) create mode 100644 agents/performance-optimizer.md diff --git a/agents/performance-optimizer.md b/agents/performance-optimizer.md new file mode 100644 index 00000000..663a1891 --- /dev/null +++ b/agents/performance-optimizer.md @@ -0,0 +1,445 @@ +--- +name: performance-optimizer +description: Performance analysis and optimization specialist. Use PROACTIVELY for identifying bottlenecks, optimizing slow code, reducing bundle sizes, and improving runtime performance. Profiling, memory leaks, render optimization, and algorithmic improvements. +tools: ["Read", "Write", "Edit", "Bash", "Grep", "Glob"] +model: sonnet +--- + +# Performance Optimizer + +You are an expert performance specialist focused on identifying bottlenecks and optimizing application speed, memory usage, and efficiency. Your mission is to make code faster, lighter, and more responsive. + +## Core Responsibilities + +1. **Performance Profiling** — Identify slow code paths, memory leaks, and bottlenecks +2. **Bundle Optimization** — Reduce JavaScript bundle sizes, lazy loading, code splitting +3. **Runtime Optimization** — Improve algorithmic efficiency, reduce unnecessary computations +4. **React/Rendering Optimization** — Prevent unnecessary re-renders, optimize component trees +5. **Database & Network** — Optimize queries, reduce API calls, implement caching +6. **Memory Management** — Detect leaks, optimize memory usage, cleanup resources + +## Analysis Commands + +```bash +# Bundle analysis +npx bundle-analyzer +npx source-map-explorer build/static/js/*.js + +# Lighthouse performance audit +npx lighthouse https://your-app.com --view + +# Node.js profiling +node --prof your-app.js +node --prof-process isolate-*.log + +# Memory analysis +node --inspect your-app.js # Then use Chrome DevTools + +# React profiling (in browser) +# React DevTools > Profiler tab + +# Network analysis +npx webpack-bundle-analyzer +``` + +## Performance Review Workflow + +### 1. Identify Performance Issues + +**Critical Performance Indicators:** + +| Metric | Target | Action if Exceeded | +|--------|--------|-------------------| +| First Contentful Paint | < 1.8s | Optimize critical path, inline critical CSS | +| Largest Contentful Paint | < 2.5s | Lazy load images, optimize server response | +| Time to Interactive | < 3.8s | Code splitting, reduce JavaScript | +| Cumulative Layout Shift | < 0.1 | Reserve space for images, avoid layout thrashing | +| Total Blocking Time | < 200ms | Break up long tasks, use web workers | +| Bundle Size (gzipped) | < 200KB | Tree shaking, lazy loading, code splitting | + +### 2. Algorithmic Analysis + +Check for inefficient algorithms: + +| Pattern | Complexity | Better Alternative | +|---------|------------|-------------------| +| Nested loops on same data | O(n²) | Use Map/Set for O(1) lookups | +| Repeated array searches | O(n) per search | Convert to Map for O(1) | +| Sorting inside loop | O(n² log n) | Sort once outside loop | +| String concatenation in loop | O(n²) | Use array.join() | +| Deep cloning large objects | O(n) each time | Use shallow copy or immer | +| Recursion without memoization | O(2^n) | Add memoization | + +```typescript +// BAD: O(n²) - searching array in loop +for (const user of users) { + const posts = allPosts.filter(p => p.userId === user.id); // O(n) per user +} + +// GOOD: O(n) - group once with Map +const postsByUser = new Map(); +for (const post of allPosts) { + const userPosts = postsByUser.get(post.userId) || []; + userPosts.push(post); + postsByUser.set(post.userId, userPosts); +} +// Now O(1) lookup per user +``` + +### 3. React Performance Optimization + +**Common React Anti-patterns:** + +```tsx +// BAD: Inline function creation in render + + +// GOOD: Stable callback with useCallback +const handleButtonClick = useCallback(() => handleClick(id), [id]); + + +// BAD: Object creation in render + + +// GOOD: Stable object reference +const style = useMemo(() => ({ color: 'red' }), []); + + +// BAD: Expensive computation on every render +const sortedItems = items.sort((a, b) => a.name.localeCompare(b.name)); + +// GOOD: Memoize expensive computations +const sortedItems = useMemo( + () => items.sort((a, b) => a.name.localeCompare(b.name)), + [items] +); + +// BAD: List without keys or with index +{items.map((item, index) => )} + +// GOOD: Stable unique keys +{items.map(item => )} +``` + +**React Performance Checklist:** + +- [ ] `useMemo` for expensive computations +- [ ] `useCallback` for functions passed to children +- [ ] `React.memo` for frequently re-rendered components +- [ ] Proper dependency arrays in hooks +- [ ] Virtualization for long lists (react-window, react-virtualized) +- [ ] Lazy loading for heavy components (`React.lazy`) +- [ ] Code splitting at route level + +### 4. Bundle Size Optimization + +**Bundle Analysis Checklist:** + +```bash +# Analyze bundle composition +npx webpack-bundle-analyzer build/static/js/*.js + +# Check for duplicate dependencies +npx duplicate-package-checker-analyzer + +# Find largest files +du -sh node_modules/* | sort -hr | head -20 +``` + +**Optimization Strategies:** + +| Issue | Solution | +|-------|----------| +| Large vendor bundle | Tree shaking, smaller alternatives | +| Duplicate code | Extract to shared module | +| Unused exports | Remove dead code with knip | +| Moment.js | Use date-fns or dayjs (smaller) | +| Lodash | Use lodash-es or native methods | +| Large icons library | Import only needed icons | + +```javascript +// BAD: Import entire library +import _ from 'lodash'; +import moment from 'moment'; + +// GOOD: Import only what you need +import debounce from 'lodash/debounce'; +import { format, addDays } from 'date-fns'; + +// Or use lodash-es with tree shaking +import { debounce, throttle } from 'lodash-es'; +``` + +### 5. Database & Query Optimization + +**Query Optimization Patterns:** + +```sql +-- BAD: Select all columns +SELECT * FROM users WHERE active = true; + +-- GOOD: Select only needed columns +SELECT id, name, email FROM users WHERE active = true; + +-- BAD: N+1 queries (in application loop) +-- 1 query for users, then N queries for each user's orders + +-- GOOD: Single query with JOIN or batch fetch +SELECT u.*, o.id as order_id, o.total +FROM users u +LEFT JOIN orders o ON u.id = o.user_id +WHERE u.active = true; + +-- Add index for frequently queried columns +CREATE INDEX idx_users_active ON users(active); +CREATE INDEX idx_orders_user_id ON orders(user_id); +``` + +**Database Performance Checklist:** + +- [ ] Indexes on frequently queried columns +- [ ] Composite indexes for multi-column queries +- [ ] Avoid SELECT * in production code +- [ ] Use connection pooling +- [ ] Implement query result caching +- [ ] Use pagination for large result sets +- [ ] Monitor slow query logs + +### 6. Network & API Optimization + +**Network Optimization Strategies:** + +```typescript +// BAD: Multiple sequential requests +const user = await fetchUser(id); +const posts = await fetchPosts(user.id); +const comments = await fetchComments(posts[0].id); + +// GOOD: Parallel requests when independent +const [user, posts] = await Promise.all([ + fetchUser(id), + fetchPosts(id) +]); + +// GOOD: Batch requests when possible +const results = await batchFetch(['user1', 'user2', 'user3']); + +// Implement request caching +const fetchWithCache = async (url: string, ttl = 300000) => { + const cached = cache.get(url); + if (cached) return cached; + + const data = await fetch(url).then(r => r.json()); + cache.set(url, data, ttl); + return data; +}; + +// Debounce rapid API calls +const debouncedSearch = debounce(async (query: string) => { + const results = await searchAPI(query); + setResults(results); +}, 300); +``` + +**Network Optimization Checklist:** + +- [ ] Parallel independent requests with `Promise.all` +- [ ] Implement request caching +- [ ] Debounce rapid-fire requests +- [ ] Use streaming for large responses +- [ ] Implement pagination for large datasets +- [ ] Use GraphQL or API batching to reduce requests +- [ ] Enable compression (gzip/brotli) on server + +### 7. Memory Leak Detection + +**Common Memory Leak Patterns:** + +```typescript +// BAD: Event listener without cleanup +useEffect(() => { + window.addEventListener('resize', handleResize); + // Missing cleanup! +}, []); + +// GOOD: Clean up event listeners +useEffect(() => { + window.addEventListener('resize', handleResize); + return () => window.removeEventListener('resize', handleResize); +}, []); + +// BAD: Timer without cleanup +useEffect(() => { + setInterval(() => pollData(), 1000); + // Missing cleanup! +}, []); + +// GOOD: Clean up timers +useEffect(() => { + const interval = setInterval(() => pollData(), 1000); + return () => clearInterval(interval); +}, []); + +// BAD: Holding references in closures +const Component = () => { + const largeData = useLargeData(); + useEffect(() => { + eventEmitter.on('update', () => { + console.log(largeData); // Closure keeps reference + }); + }, [largeData]); +}; + +// GOOD: Use refs or proper dependencies +const largeDataRef = useRef(largeData); +useEffect(() => { + largeDataRef.current = largeData; +}, [largeData]); + +useEffect(() => { + eventEmitter.on('update', () => { + console.log(largeDataRef.current); + }); + return () => eventEmitter.off('update'); +}, []); +``` + +**Memory Leak Detection:** + +```bash +# Chrome DevTools Memory tab: +# 1. Take heap snapshot +# 2. Perform action +# 3. Take another snapshot +# 4. Compare to find objects that shouldn't exist +# 5. Look for detached DOM nodes, event listeners, closures + +# Node.js memory debugging +node --inspect app.js +# Open chrome://inspect +# Take heap snapshots and compare +``` + +## Performance Testing + +### Lighthouse Audits + +```bash +# Run full lighthouse audit +npx lighthouse https://your-app.com --view --preset=desktop + +# CI mode for automated checks +npx lighthouse https://your-app.com --output=json --output-path=./lighthouse.json + +# Check specific metrics +npx lighthouse https://your-app.com --only-categories=performance +``` + +### Performance Budgets + +```json +// package.json +{ + "bundlesize": [ + { + "path": "./build/static/js/*.js", + "maxSize": "200 kB" + } + ] +} +``` + +### Web Vitals Monitoring + +```typescript +// Track Core Web Vitals +import { getCLS, getFID, getLCP, getFCP, getTTFB } from 'web-vitals'; + +getCLS(console.log); // Cumulative Layout Shift +getFID(console.log); // First Input Delay +getLCP(console.log); // Largest Contentful Paint +getFCP(console.log); // First Contentful Paint +getTTFB(console.log); // Time to First Byte +``` + +## Performance Report Template + +```markdown +# Performance Audit Report + +## Executive Summary +- **Overall Score**: X/100 +- **Critical Issues**: X +- **Recommendations**: X + +## Bundle Analysis +| Metric | Current | Target | Status | +|--------|---------|--------|--------| +| Total Size (gzip) | XXX KB | < 200 KB | ⚠️ | +| Main Bundle | XXX KB | < 100 KB | ✅ | +| Vendor Bundle | XXX KB | < 150 KB | ⚠️ | + +## Web Vitals +| Metric | Current | Target | Status | +|--------|---------|--------|--------| +| LCP | X.Xs | < 2.5s | ✅ | +| FID | XXms | < 100ms | ✅ | +| CLS | X.XX | < 0.1 | ⚠️ | + +## Critical Issues + +### 1. [Issue Title] +**File**: path/to/file.ts:42 +**Impact**: High - Causes XXXms delay +**Fix**: [Description of fix] + +```typescript +// Before (slow) +const slowCode = ...; + +// After (optimized) +const fastCode = ...; +``` + +### 2. [Issue Title] +... + +## Recommendations +1. [Priority recommendation] +2. [Priority recommendation] +3. [Priority recommendation] + +## Estimated Impact +- Bundle size reduction: XX KB (XX%) +- LCP improvement: XXms +- Time to Interactive improvement: XXms +``` + +## When to Run + +**ALWAYS:** Before major releases, after adding new features, when users report slowness, during performance regression testing. + +**IMMEDIATELY:** Lighthouse score drops, bundle size increases >10%, memory usage grows, slow page loads. + +## Red Flags - Act Immediately + +| Issue | Action | +|-------|--------| +| Bundle > 500KB gzip | Code split, lazy load, tree shake | +| LCP > 4s | Optimize critical path, preload resources | +| Memory usage growing | Check for leaks, review useEffect cleanup | +| CPU spikes | Profile with Chrome DevTools | +| Database query > 1s | Add index, optimize query, cache results | + +## Success Metrics + +- Lighthouse performance score > 90 +- All Core Web Vitals in "good" range +- Bundle size under budget +- No memory leaks detected +- Test suite still passing +- No performance regressions + +--- + +**Remember**: Performance is a feature. Users notice speed. Every 100ms of improvement matters. Optimize for the 90th percentile, not the average. \ No newline at end of file From b44ba7096ffbe45569050ed9feb21f547a40d1e2 Mon Sep 17 00:00:00 2001 From: xingzihai <1315258019@qq.com> Date: Thu, 26 Mar 2026 00:28:26 +0000 Subject: [PATCH 14/23] feat(hooks): add pre-commit quality check hook - Add pre-bash-commit-quality.js hook script - Runs quality checks before git commit commands: - Lints staged files (ESLint, Pylint, golint) - Validates commit message format (conventional commits) - Detects console.log/debugger statements - Warns about TODO/FIXME without issue references - Detects potential hardcoded secrets - Updates hooks.json with new hook configuration - Updates README.md with hook documentation Cross-platform (Windows, macOS, Linux) --- hooks/README.md | 1 + hooks/hooks.json | 10 + scripts/hooks/pre-bash-commit-quality.js | 374 +++++++++++++++++++++++ 3 files changed, 385 insertions(+) create mode 100644 scripts/hooks/pre-bash-commit-quality.js diff --git a/hooks/README.md b/hooks/README.md index e3d50e51..0355b4d7 100644 --- a/hooks/README.md +++ b/hooks/README.md @@ -23,6 +23,7 @@ User request → Claude picks a tool → PreToolUse hook runs → Tool executes | **Dev server blocker** | `Bash` | Blocks `npm run dev` etc. outside tmux — ensures log access | 2 (blocks) | | **Tmux reminder** | `Bash` | Suggests tmux for long-running commands (npm test, cargo build, docker) | 0 (warns) | | **Git push reminder** | `Bash` | Reminds to review changes before `git push` | 0 (warns) | +| **Pre-commit quality check** | `Bash` | Runs quality checks before `git commit`: lints staged files, validates commit message format, detects console.log/debugger/secrets | 2 (blocks critical) / 0 (warns) | | **Doc file warning** | `Write` | Warns about non-standard `.md`/`.txt` files (allows README, CLAUDE, CONTRIBUTING, CHANGELOG, LICENSE, SKILL, docs/, skills/); cross-platform path handling | 0 (warns) | | **Strategic compact** | `Edit\|Write` | Suggests manual `/compact` at logical intervals (every ~50 tool calls) | 0 (warns) | | **InsAIts security monitor (opt-in)** | `Bash\|Write\|Edit\|MultiEdit` | Optional security scan for high-signal tool inputs. Disabled unless `ECC_ENABLE_INSAITS=1`. Blocks on critical findings, warns on non-critical, and writes audit log to `.insaits_audit_session.jsonl`. Requires `pip install insa-its`. [Details](../scripts/hooks/insaits-security-monitor.py) | 2 (blocks critical) / 0 (warns) | diff --git a/hooks/hooks.json b/hooks/hooks.json index 8610b512..64abd73b 100644 --- a/hooks/hooks.json +++ b/hooks/hooks.json @@ -42,6 +42,16 @@ ], "description": "Reminder before git push to review changes" }, + { + "matcher": "Bash", + "hooks": [ + { + "type": "command", + "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:bash:commit-quality\" \"scripts/hooks/pre-bash-commit-quality.js\" \"strict\"" + } + ], + "description": "Pre-commit quality check: lint staged files, validate commit message format, detect console.log/debugger/secrets before committing" + }, { "matcher": "Write", "hooks": [ diff --git a/scripts/hooks/pre-bash-commit-quality.js b/scripts/hooks/pre-bash-commit-quality.js new file mode 100644 index 00000000..4d48e510 --- /dev/null +++ b/scripts/hooks/pre-bash-commit-quality.js @@ -0,0 +1,374 @@ +#!/usr/bin/env node +/** + * PreToolUse Hook: Pre-commit Quality Check + * + * Runs quality checks before git commit commands: + * - Detects staged files + * - Runs linter on staged files (if available) + * - Checks for common issues (console.log, TODO, etc.) + * - Validates commit message format (if provided) + * + * Cross-platform (Windows, macOS, Linux) + * + * Exit codes: + * 0 - Success (allow commit) + * 2 - Block commit (quality issues found) + */ + +const { execSync, spawnSync } = require('child_process'); +const path = require('path'); +const fs = require('fs'); + +const MAX_STDIN = 1024 * 1024; // 1MB limit + +/** + * Detect staged files for commit + * @returns {string[]} Array of staged file paths + */ +function getStagedFiles() { + try { + const output = execSync('git diff --cached --name-only --diff-filter=ACMR', { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'] + }); + return output.trim().split('\n').filter(f => f.length > 0); + } catch { + return []; + } +} + +/** + * Check if a file should be quality-checked + * @param {string} filePath + * @returns {boolean} + */ +function shouldCheckFile(filePath) { + const checkableExtensions = ['.js', '.jsx', '.ts', '.tsx', '.py', '.go', '.rs']; + return checkableExtensions.some(ext => filePath.endsWith(ext)); +} + +/** + * Find issues in file content + * @param {string} filePath + * @returns {object[]} Array of issues found + */ +function findFileIssues(filePath) { + const issues = []; + + try { + const content = fs.readFileSync(filePath, 'utf8'); + const lines = content.split('\n'); + + lines.forEach((line, index) => { + const lineNum = index + 1; + + // Check for console.log + if (line.includes('console.log') && !line.trim().startsWith('//') && !line.trim().startsWith('*')) { + issues.push({ + type: 'console.log', + message: `console.log found at line ${lineNum}`, + line: lineNum, + severity: 'warning' + }); + } + + // Check for debugger statements + if (/\bdebugger\b/.test(line) && !line.trim().startsWith('//')) { + issues.push({ + type: 'debugger', + message: `debugger statement at line ${lineNum}`, + line: lineNum, + severity: 'error' + }); + } + + // Check for TODO/FIXME without issue reference + const todoMatch = line.match(/\/\/\s*(TODO|FIXME):?\s*(.+)/); + if (todoMatch && !todoMatch[2].match(/#\d+|issue/i)) { + issues.push({ + type: 'todo', + message: `TODO/FIXME without issue reference at line ${lineNum}: "${todoMatch[2].trim()}"`, + line: lineNum, + severity: 'info' + }); + } + + // Check for hardcoded secrets (basic patterns) + const secretPatterns = [ + { pattern: /sk-[a-zA-Z0-9]{20,}/, name: 'OpenAI API key' }, + { pattern: /ghp_[a-zA-Z0-9]{36}/, name: 'GitHub PAT' }, + { pattern: /AKIA[A-Z0-9]{16}/, name: 'AWS Access Key' }, + { pattern: /api[_-]?key\s*[=:]\s*['"][^'"]+['"]/i, name: 'API key' } + ]; + + for (const { pattern, name } of secretPatterns) { + if (pattern.test(line)) { + issues.push({ + type: 'secret', + message: `Potential ${name} exposed at line ${lineNum}`, + line: lineNum, + severity: 'error' + }); + } + } + }); + } catch { + // File not readable, skip + } + + return issues; +} + +/** + * Validate commit message format + * @param {string} command + * @returns {object|null} Validation result or null if no message to validate + */ +function validateCommitMessage(command) { + // Extract commit message from command + const messageMatch = command.match(/(?:-m|--message)[=\s]+["']?([^"']+)["']?/); + if (!messageMatch) return null; + + const message = messageMatch[1]; + const issues = []; + + // Check conventional commit format + const conventionalCommit = /^(feat|fix|docs|style|refactor|test|chore|build|ci|perf|revert)(\(.+\))?:\s*.+/; + if (!conventionalCommit.test(message)) { + issues.push({ + type: 'format', + message: 'Commit message does not follow conventional commit format', + suggestion: 'Use format: type(scope): description (e.g., "feat(auth): add login flow")' + }); + } + + // Check message length + if (message.length > 72) { + issues.push({ + type: 'length', + message: `Commit message too long (${message.length} chars, max 72)`, + suggestion: 'Keep the first line under 72 characters' + }); + } + + // Check for lowercase first letter (conventional) + if (message.charAt(0) === message.charAt(0).toUpperCase() && conventionalCommit.test(message)) { + const afterColon = message.split(':')[1]; + if (afterColon && afterColon.trim().charAt(0) === afterColon.trim().charAt(0).toUpperCase()) { + issues.push({ + type: 'capitalization', + message: 'Subject should start with lowercase after type', + suggestion: 'Use lowercase for the first letter of the subject' + }); + } + } + + // Check for trailing period + if (message.endsWith('.')) { + issues.push({ + type: 'punctuation', + message: 'Commit message should not end with a period', + suggestion: 'Remove the trailing period' + }); + } + + return { message, issues }; +} + +/** + * Run linter on staged files + * @param {string[]} files + * @returns {object} Lint results + */ +function runLinter(files) { + const jsFiles = files.filter(f => /\.(js|jsx|ts|tsx)$/.test(f)); + const pyFiles = files.filter(f => f.endsWith('.py')); + const goFiles = files.filter(f => f.endsWith('.go')); + + const results = { + eslint: null, + pylint: null, + golint: null + }; + + // Run ESLint if available + if (jsFiles.length > 0) { + try { + const eslintPath = path.join(process.cwd(), 'node_modules', '.bin', 'eslint'); + if (fs.existsSync(eslintPath)) { + const result = spawnSync(eslintPath, ['--format', 'compact', ...jsFiles], { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'], + timeout: 30000 + }); + results.eslint = { + success: result.status === 0, + output: result.stdout || result.stderr + }; + } + } catch { + // ESLint not available + } + } + + // Run Pylint if available + if (pyFiles.length > 0) { + try { + const result = spawnSync('pylint', ['--output-format=text', ...pyFiles], { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'], + timeout: 30000 + }); + results.pylint = { + success: result.status === 0, + output: result.stdout || result.stderr + }; + } catch { + // Pylint not available + } + } + + // Run golint if available + if (goFiles.length > 0) { + try { + const result = spawnSync('golint', goFiles, { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'], + timeout: 30000 + }); + results.golint = { + success: !result.stdout || result.stdout.trim() === '', + output: result.stdout + }; + } catch { + // golint not available + } + } + + return results; +} + +/** + * Core logic — exported for direct invocation + * @param {string} rawInput - Raw JSON string from stdin + * @returns {string} The original input (pass-through) + */ +function run(rawInput) { + try { + const input = JSON.parse(rawInput); + const command = input.tool_input?.command || ''; + + // Only run for git commit commands + if (!command.includes('git commit')) { + return rawInput; + } + + // Check if this is an amend (skip checks for amends to avoid blocking) + if (command.includes('--amend')) { + return rawInput; + } + + const issues = []; + const warnings = []; + + // Get staged files + const stagedFiles = getStagedFiles(); + + if (stagedFiles.length === 0) { + console.error('[Hook] No staged files found. Use "git add" to stage files first.'); + return rawInput; + } + + console.error(`[Hook] Checking ${stagedFiles.length} staged file(s)...`); + + // Check each staged file + const filesToCheck = stagedFiles.filter(shouldCheckFile); + let totalIssues = 0; + let errorCount = 0; + + for (const file of filesToCheck) { + const fileIssues = findFileIssues(file); + if (fileIssues.length > 0) { + console.error(`\n📁 ${file}`); + for (const issue of fileIssues) { + const icon = issue.severity === 'error' ? '❌' : issue.severity === 'warning' ? '⚠️' : 'ℹ️'; + console.error(` ${icon} Line ${issue.line}: ${issue.message}`); + totalIssues++; + if (issue.severity === 'error') errorCount++; + } + } + } + + // Validate commit message if provided + const messageValidation = validateCommitMessage(command); + if (messageValidation && messageValidation.issues.length > 0) { + console.error('\n📝 Commit Message Issues:'); + for (const issue of messageValidation.issues) { + console.error(` ⚠️ ${issue.message}`); + if (issue.suggestion) { + console.error(` 💡 ${issue.suggestion}`); + } + } + } + + // Run linter + const lintResults = runLinter(filesToCheck); + + if (lintResults.eslint && !lintResults.eslint.success) { + console.error('\n🔍 ESLint Issues:'); + console.error(lintResults.eslint.output); + } + + if (lintResults.pylint && !lintResults.pylint.success) { + console.error('\n🔍 Pylint Issues:'); + console.error(lintResults.pylint.output); + } + + if (lintResults.golint && !lintResults.golint.success) { + console.error('\n🔍 golint Issues:'); + console.error(lintResults.golint.output); + } + + // Summary + if (totalIssues > 0) { + console.error(`\n📊 Summary: ${totalIssues} issue(s) found (${errorCount} error(s), ${totalIssues - errorCount} warning(s))`); + + if (errorCount > 0) { + console.error('\n[Hook] ❌ Commit blocked due to critical issues. Fix them before committing.'); + process.exit(2); + } else { + console.error('\n[Hook] ⚠️ Warnings found. Consider fixing them, but commit is allowed.'); + console.error('[Hook] To bypass these checks, use: git commit --no-verify'); + } + } else { + console.error('\n[Hook] ✅ All checks passed!'); + } + + } catch (error) { + console.error(`[Hook] Error: ${error.message}`); + // Non-blocking on error + } + + return rawInput; +} + +// ── stdin entry point ──────────────────────────────────────────── +if (require.main === module) { + let data = ''; + process.stdin.setEncoding('utf8'); + + process.stdin.on('data', chunk => { + if (data.length < MAX_STDIN) { + const remaining = MAX_STDIN - data.length; + data += chunk.substring(0, remaining); + } + }); + + process.stdin.on('end', () => { + data = run(data); + process.stdout.write(data); + process.exit(0); + }); +} + +module.exports = { run }; \ No newline at end of file From 63737544a18ae01273b8dacd3d578757df8d05e8 Mon Sep 17 00:00:00 2001 From: "Dr. Keyur Patel" Date: Fri, 27 Mar 2026 03:17:49 +0000 Subject: [PATCH 15/23] feat: add healthcare domain skills and agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New skills: - healthcare-emr-patterns: EMR/EHR encounter workflows, smart templates, medication safety, clinical UI patterns - healthcare-phi-compliance: PHI/PII protection patterns, RLS templates, leak vector checklist, audit trail patterns - healthcare-cdss-patterns: Drug interaction checking, dose validation, clinical scoring (NEWS2/qSOFA), alert severity - healthcare-eval-harness: Patient safety CI/CD gate — CDSS accuracy, PHI exposure, data integrity, clinical workflows New agent: - healthcare-reviewer: Clinical safety reviewer for CDSS accuracy, PHI compliance, medical data integrity All patterns are generalized and framework-agnostic. Applicable to any health-tech stack. Origin: Health1 Super Speciality Hospitals, Ahmedabad, India. --- agents/healthcare-reviewer.md | 83 ++++++++ skills/healthcare-cdss-patterns/SKILL.md | 239 ++++++++++++++++++++++ skills/healthcare-emr-patterns/SKILL.md | 139 +++++++++++++ skills/healthcare-eval-harness/SKILL.md | 169 +++++++++++++++ skills/healthcare-phi-compliance/SKILL.md | 185 +++++++++++++++++ 5 files changed, 815 insertions(+) create mode 100644 agents/healthcare-reviewer.md create mode 100644 skills/healthcare-cdss-patterns/SKILL.md create mode 100644 skills/healthcare-emr-patterns/SKILL.md create mode 100644 skills/healthcare-eval-harness/SKILL.md create mode 100644 skills/healthcare-phi-compliance/SKILL.md diff --git a/agents/healthcare-reviewer.md b/agents/healthcare-reviewer.md new file mode 100644 index 00000000..94e84bcf --- /dev/null +++ b/agents/healthcare-reviewer.md @@ -0,0 +1,83 @@ +--- +name: healthcare-reviewer +description: Reviews healthcare application code for clinical safety, CDSS accuracy, PHI compliance, and medical data integrity. Specialized for EMR/EHR, clinical decision support, and health information systems. +tools: ["Read", "Grep", "Glob"] +model: opus +--- + +# Healthcare Reviewer — Clinical Safety & PHI Compliance + +You are a clinical informatics reviewer for healthcare software. Patient safety is your top priority. You review code for clinical accuracy, data protection, and regulatory compliance. + +## Your Responsibilities + +1. **CDSS accuracy** — Verify drug interaction logic, dose validation rules, and clinical scoring implementations match published medical standards +2. **PHI/PII protection** — Scan for patient data exposure in logs, errors, responses, URLs, and client storage +3. **Clinical data integrity** — Ensure audit trails, locked records, and cascade protection +4. **Medical data correctness** — Verify ICD-10/SNOMED mappings, lab reference ranges, and drug database entries +5. **Integration compliance** — Validate HL7/FHIR message handling and error recovery + +## Critical Checks + +### CDSS Engine + +- [ ] All drug interaction pairs produce correct alerts (both directions) +- [ ] Dose validation rules fire on out-of-range values +- [ ] Clinical scoring matches published specification (NEWS2 = Royal College of Physicians, qSOFA = Sepsis-3) +- [ ] No false negatives (missed interaction = patient safety event) +- [ ] Malformed inputs produce errors, NOT silent passes + +### PHI Protection + +- [ ] No patient data in `console.log`, `console.error`, or error messages +- [ ] No PHI in URL parameters or query strings +- [ ] No PHI in browser localStorage/sessionStorage +- [ ] No `service_role` key in client-side code +- [ ] RLS enabled on all tables with patient data +- [ ] Cross-facility data isolation verified + +### Clinical Workflow + +- [ ] Encounter lock prevents edits (addendum only) +- [ ] Audit trail entry on every create/read/update/delete of clinical data +- [ ] Critical alerts are non-dismissable (not toast notifications) +- [ ] Override reasons logged when clinician proceeds past critical alert +- [ ] Red flag symptoms trigger visible alerts + +### Data Integrity + +- [ ] No CASCADE DELETE on patient records +- [ ] Concurrent edit detection (optimistic locking or conflict resolution) +- [ ] No orphaned records across clinical tables +- [ ] Timestamps use consistent timezone + +## Output Format + +``` +## Healthcare Review: [module/feature] + +### Patient Safety Impact: [CRITICAL / HIGH / MEDIUM / LOW / NONE] + +### Clinical Accuracy +- CDSS: [checks passed/failed] +- Drug DB: [verified/issues] +- Scoring: [matches spec/deviates] + +### PHI Compliance +- Exposure vectors checked: [list] +- Issues found: [list or none] + +### Issues +1. [PATIENT SAFETY / CLINICAL / PHI / TECHNICAL] Description + - Impact: [potential harm or exposure] + - Fix: [required change] + +### Verdict: [SAFE TO DEPLOY / NEEDS FIXES / BLOCK — PATIENT SAFETY RISK] +``` + +## Rules + +- When in doubt about clinical accuracy, flag as NEEDS REVIEW — never approve uncertain clinical logic +- A single missed drug interaction is worse than a hundred false alarms +- PHI exposure is always CRITICAL severity, regardless of how small the leak +- Never approve code that silently catches CDSS errors diff --git a/skills/healthcare-cdss-patterns/SKILL.md b/skills/healthcare-cdss-patterns/SKILL.md new file mode 100644 index 00000000..00863466 --- /dev/null +++ b/skills/healthcare-cdss-patterns/SKILL.md @@ -0,0 +1,239 @@ +--- +name: healthcare-cdss-patterns +description: Clinical Decision Support System (CDSS) development patterns. Drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), alert severity classification, and integration into EMR workflows. +origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel +version: "1.0.0" +observe: "PostToolUse" +feedback: "manual" +rollback: "git revert" +--- + +# Healthcare CDSS Development Patterns + +Patterns for building Clinical Decision Support Systems that integrate into EMR workflows. CDSS modules are patient safety critical — zero tolerance for false negatives. + +## When to Activate + +- Implementing drug interaction checking +- Building dose validation engines +- Implementing clinical scoring systems (NEWS2, qSOFA, APACHE, GCS) +- Designing alert systems for abnormal clinical values +- Building medication order entry with safety checks +- Integrating lab result interpretation with clinical context + +## Architecture + +``` +EMR UI + ↓ (user enters data) +CDSS Engine (pure functions, no side effects) + ├── Drug Interaction Checker + ├── Dose Validator + ├── Clinical Scoring (NEWS2, qSOFA, etc.) + └── Alert Classifier + ↓ (returns alerts) +EMR UI (displays alerts inline, blocks if critical) +``` + +**Key principle:** The CDSS engine should be a pure function library with zero side effects. Input clinical data, output alerts. This makes it fully testable. + +## Drug Interaction Checking + +### Data Model + +```typescript +interface DrugInteractionPair { + drugA: string; // generic name + drugB: string; // generic name + severity: 'critical' | 'major' | 'minor'; + mechanism: string; // e.g., "CYP3A4 inhibition" + clinicalEffect: string; // e.g., "Increased bleeding risk" + recommendation: string; // e.g., "Avoid combination" or "Monitor INR closely" +} + +interface InteractionAlert { + severity: 'critical' | 'major' | 'minor'; + pair: [string, string]; + message: string; + recommendation: string; +} +``` + +### Implementation Pattern + +```typescript +function checkInteractions( + newDrug: string, + currentMedications: string[], + allergyList: string[] +): InteractionAlert[] { + const alerts: InteractionAlert[] = []; + + // Check drug-drug interactions + for (const current of currentMedications) { + const interaction = findInteraction(newDrug, current); + if (interaction) { + alerts.push({ + severity: interaction.severity, + pair: [newDrug, current], + message: interaction.clinicalEffect, + recommendation: interaction.recommendation + }); + } + } + + // Check drug-allergy interactions + for (const allergy of allergyList) { + if (isCrossReactive(newDrug, allergy)) { + alerts.push({ + severity: 'critical', + pair: [newDrug, allergy], + message: `Cross-reactivity with documented allergy: ${allergy}`, + recommendation: 'Do not prescribe without allergy consultation' + }); + } + } + + // Sort by severity (critical first) + return alerts.sort((a, b) => + severityOrder(a.severity) - severityOrder(b.severity) + ); +} +``` + +### Interaction pairs must be bidirectional + +If Drug A interacts with Drug B, then Drug B interacts with Drug A. Store once, check both directions. + +## Dose Validation + +```typescript +interface DoseValidationResult { + valid: boolean; + message: string; + suggestedRange: { min: number; max: number; unit: string }; + factors: string[]; // what was considered (weight, age, renal function) +} + +function validateDose( + drug: string, + dose: number, + route: 'oral' | 'iv' | 'im' | 'sc' | 'topical', + patientWeight?: number, + patientAge?: number, + renalFunction?: number // eGFR +): DoseValidationResult { + const rules = getDoseRules(drug, route); + if (!rules) return { valid: true, message: 'No validation rules available', suggestedRange: null, factors: [] }; + + // Weight-based dosing + if (rules.weightBased && patientWeight) { + const maxDose = rules.maxPerKg * patientWeight; + if (dose > maxDose) { + return { + valid: false, + message: `Dose ${dose}${rules.unit} exceeds max ${maxDose}${rules.unit} for ${patientWeight}kg patient`, + suggestedRange: { min: rules.minPerKg * patientWeight, max: maxDose, unit: rules.unit }, + factors: ['weight'] + }; + } + } + + // Absolute max dose + if (dose > rules.absoluteMax) { + return { + valid: false, + message: `Dose ${dose}${rules.unit} exceeds absolute max ${rules.absoluteMax}${rules.unit}`, + suggestedRange: { min: rules.typicalMin, max: rules.absoluteMax, unit: rules.unit }, + factors: ['absolute_max'] + }; + } + + return { valid: true, message: 'Within range', suggestedRange: { min: rules.typicalMin, max: rules.typicalMax, unit: rules.unit }, factors: [] }; +} +``` + +## Clinical Scoring: NEWS2 + +National Early Warning Score 2 — standardized assessment of acute illness severity: + +```typescript +interface NEWS2Input { + respiratoryRate: number; + oxygenSaturation: number; + supplementalOxygen: boolean; + temperature: number; + systolicBP: number; + heartRate: number; + consciousness: 'alert' | 'voice' | 'pain' | 'unresponsive'; +} + +interface NEWS2Result { + total: number; // 0-20 + risk: 'low' | 'low-medium' | 'medium' | 'high'; + components: Record; + escalation: string; // recommended clinical action +} +``` + +Scoring tables must match the Royal College of Physicians NEWS2 specification exactly. Any deviation is a patient safety issue. + +## Alert Severity and UI Behavior + +| Severity | UI Behavior | Clinician Action Required | +|----------|-------------|--------------------------| +| Critical | Block action. Non-dismissable modal. Red. | Must document override reason to proceed | +| Major | Warning banner inline. Orange. | Must acknowledge before proceeding | +| Minor | Info note inline. Yellow. | Awareness only, no action required | + +**Rules:** +- Critical alerts must NEVER be auto-dismissed +- Critical alerts must NEVER be toast notifications +- Override reasons must be stored in the audit trail +- Alert fatigue is real — only use critical for genuinely dangerous situations + +## Testing CDSS (Zero Tolerance for False Negatives) + +```typescript +describe('CDSS — Patient Safety', () => { + // Every known interaction pair MUST fire + INTERACTION_PAIRS.forEach(({ drugA, drugB, severity }) => { + it(`detects ${drugA} + ${drugB} (${severity})`, () => { + const alerts = checkInteractions(drugA, [drugB], []); + expect(alerts.length).toBeGreaterThan(0); + expect(alerts[0].severity).toBe(severity); + }); + + // Bidirectional check + it(`detects ${drugB} + ${drugA} (reverse)`, () => { + const alerts = checkInteractions(drugB, [drugA], []); + expect(alerts.length).toBeGreaterThan(0); + }); + }); + + // Dose validation + DOSE_RULES.forEach((rule) => { + it(`validates ${rule.drug}: ${rule.scenario}`, () => { + const result = validateDose(rule.drug, rule.dose, rule.route, rule.weight, rule.age); + expect(result.valid).toBe(rule.expectedValid); + }); + }); + + // No silent failures + it('handles malformed drug data gracefully', () => { + expect(() => checkInteractions('', [], [])).not.toThrow(); + expect(() => checkInteractions(null as any, [], [])).not.toThrow(); + }); +}); +``` + +**Pass criteria: 100%.** A single missed interaction is a patient safety event. + +## Anti-Patterns + +- ❌ Making CDSS checks optional or skippable without documented reason +- ❌ Implementing interaction checks as toast notifications +- ❌ Using `any` types for drug or clinical data +- ❌ Hardcoding interaction pairs instead of using a maintainable data structure +- ❌ Testing with mocked data only (must test with real drug names) +- ❌ Silently catching errors in CDSS engine (must surface failures loudly) diff --git a/skills/healthcare-emr-patterns/SKILL.md b/skills/healthcare-emr-patterns/SKILL.md new file mode 100644 index 00000000..a9cc79df --- /dev/null +++ b/skills/healthcare-emr-patterns/SKILL.md @@ -0,0 +1,139 @@ +--- +name: healthcare-emr-patterns +description: EMR/EHR development patterns for healthcare applications. Clinical safety, encounter workflows, prescription generation, clinical decision support integration, and accessibility-first UI for medical data entry. +origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel +version: "1.0.0" +observe: "PostToolUse" +feedback: "manual" +rollback: "git revert" +--- + +# Healthcare EMR Development Patterns + +Patterns for building Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems. Prioritizes patient safety, clinical accuracy, and practitioner efficiency. + +## When to Activate + +- Building patient encounter workflows (complaint → exam → diagnosis → prescription) +- Implementing clinical note-taking (structured + free text + voice-to-text) +- Designing prescription/medication modules with drug interaction checking +- Integrating Clinical Decision Support Systems (CDSS) +- Building lab result displays with reference range highlighting +- Implementing audit trails for clinical data +- Designing healthcare-accessible UIs for clinical data entry + +## Core Principles + +### 1. Patient Safety First + +Every design decision must be evaluated against: "Could this harm a patient?" + +- Drug interactions MUST alert, not silently pass +- Abnormal lab values MUST be visually flagged +- Critical vitals MUST trigger escalation workflows +- No clinical data modification without audit trail + +### 2. Single-Page Encounter Flow + +Clinical encounters should flow vertically on a single page — no tab switching during patient interaction: + +``` +Patient Header (sticky — always visible) +├── Demographics, allergies, active medications +│ +Encounter Flow (vertical scroll) +├── 1. Chief Complaint (structured templates + free text) +├── 2. History of Present Illness +├── 3. Physical Examination (system-wise) +├── 4. Vitals (auto-trigger clinical scoring) +├── 5. Diagnosis (ICD-10/SNOMED search) +├── 6. Medications (drug DB + interaction check) +├── 7. Investigations (lab/radiology orders) +├── 8. Plan & Follow-up +└── 9. Sign / Lock / Print +``` + +### 3. Smart Template System + +Build templates for common presentations: + +```typescript +interface ClinicalTemplate { + id: string; + name: string; // e.g., "Chest Pain" + chips: string[]; // clickable symptom chips + requiredFields: string[]; // mandatory data points + redFlags: string[]; // triggers non-dismissable alert + icdSuggestions: string[]; // pre-mapped diagnosis codes +} +``` + +**Red flags** in any template must trigger a visible, non-dismissable alert — NOT a toast notification. + +### 4. Medication Safety Pattern + +``` +User selects drug + → Check current medications for interactions + → Check encounter medications for interactions + → Check patient allergies + → Validate dose against weight/age/renal function + → Display alerts (critical = block, major = require override reason) + → Log override reason if clinician proceeds +``` + +Critical interactions should **block prescribing by default**. The clinician must explicitly override with a documented reason. + +### 5. Locked Encounter Pattern + +Once a clinical encounter is signed: +- No edits allowed — only addendum +- Addendum is a new record linked to the original +- Both original and addendum appear in the patient timeline +- Audit trail captures who signed, when, and any addenda + +## UI Patterns for Clinical Data + +### Vitals Display + +- Current values with normal range highlighting (green/yellow/red) +- Trend arrows comparing to previous measurement +- Clinical scoring auto-calculated (NEWS2, qSOFA, MEWS) +- Scoring result displayed inline with escalation guidance + +### Lab Results Display + +- Normal range highlighting with institution-specific ranges +- Previous value comparison (trend) +- Critical values flagged with non-dismissable alert +- Timestamp of collection and analysis +- Pending orders shown with expected turnaround + +### Prescription PDF + +- One-click generation +- Patient demographics, allergies, diagnosis +- Drug name (generic + brand), dose, route, frequency, duration +- Clinician signature block +- QR code linking to digital record (optional) + +## Accessibility for Healthcare + +Healthcare UIs have stricter accessibility requirements than typical web apps: + +- **4.5:1 minimum contrast** (WCAG AA) — clinicians work in varied lighting +- **Large touch targets** (44x44px minimum) — for gloved/rushed interaction +- **Keyboard navigation** — for power users entering data rapidly +- **No color-only indicators** — always pair color with text/icon (colorblind clinicians) +- **Screen reader labels** on all form fields — for voice-assisted data entry +- **No auto-dismissing toasts** for clinical alerts — clinician must actively acknowledge + +## Anti-Patterns + +- ❌ Storing clinical data in browser localStorage +- ❌ Silent failures in drug interaction checking +- ❌ Dismissable toasts for critical clinical alerts +- ❌ Tab-based encounter UIs that fragment the clinical workflow +- ❌ Allowing edits to signed/locked encounters +- ❌ Displaying clinical data without audit trail +- ❌ Using `any` type for clinical data structures diff --git a/skills/healthcare-eval-harness/SKILL.md b/skills/healthcare-eval-harness/SKILL.md new file mode 100644 index 00000000..e65cd23d --- /dev/null +++ b/skills/healthcare-eval-harness/SKILL.md @@ -0,0 +1,169 @@ +--- +name: healthcare-eval-harness +description: Patient safety evaluation harness for healthcare application deployments. Automated test suites for CDSS accuracy, PHI exposure, clinical workflow integrity, and integration compliance. Blocks deployments on safety failures. +origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel +version: "1.0.0" +observe: "PostToolUse" +feedback: "manual" +rollback: "git revert" +--- + +# Healthcare Eval Harness — Patient Safety Verification + +Automated verification system for healthcare application deployments. A single CRITICAL failure blocks deployment. Patient safety is non-negotiable. + +## When to Activate + +- Before any deployment of EMR/EHR applications +- After modifying CDSS logic (drug interactions, dose validation, scoring) +- After changing database schemas that touch patient data +- After modifying authentication or access control +- During CI/CD pipeline configuration for healthcare apps +- After resolving merge conflicts in clinical modules + +## Eval Categories + +### 1. CDSS Accuracy (CRITICAL — 100% required) + +Tests all clinical decision support logic: + +- Drug interaction pairs: every known pair must fire an alert +- Dose validation: out-of-range doses must be flagged +- Clinical scoring: results must match published specifications +- No false negatives: a missed alert is a patient safety event +- No silent failures: malformed input must error, not silently pass + +```bash +npx jest --testPathPattern='tests/cdss' --bail --ci +``` + +### 2. PHI Exposure (CRITICAL — 100% required) + +Tests for protected health information leaks: + +- API error responses contain no PHI +- Console output contains no patient data +- URL parameters contain no PHI +- Browser storage contains no PHI +- Cross-facility data isolation works (multi-tenant) +- Unauthenticated requests return zero patient rows +- Service role keys absent from client bundles + +```bash +npx jest --testPathPattern='tests/security/phi' --bail --ci +``` + +### 3. Data Integrity (CRITICAL — 100% required) + +Tests for clinical data safety: + +- Locked encounters cannot be modified +- Audit trail entries exist for every write operation +- Cascade deletes are blocked on patient records +- Concurrent edits trigger conflict resolution +- No orphaned records across related tables + +```bash +npx jest --testPathPattern='tests/data-integrity' --bail --ci +``` + +### 4. Clinical Workflow (HIGH — 95%+ required) + +Tests end-to-end clinical workflows: + +- Complete encounter flow (complaint → exam → diagnosis → Rx → lock) +- Template rendering and submission for all clinical templates +- Medication set population and interaction checking +- Drug/diagnosis search functionality +- Prescription PDF generation +- Red flag alert triggering + +```bash +npx jest --testPathPattern='tests/clinical' --ci +``` + +### 5. Integration Compliance (HIGH — 95%+ required) + +Tests external system integrations: + +- HL7 message parsing (v2.x) +- FHIR resource validation (if applicable) +- Lab result mapping to correct patients +- Malformed message handling (no crashes) + +```bash +npx jest --testPathPattern='tests/integration' --ci +``` + +## CI/CD Integration + +### GitHub Actions Example + +```yaml +name: Healthcare Safety Gate +on: [push, pull_request] + +jobs: + safety-gate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: '20' + - run: npm ci + + # CRITICAL gates — must pass 100% + - name: CDSS Accuracy + run: npx jest --testPathPattern='tests/cdss' --bail --ci + + - name: PHI Exposure Check + run: npx jest --testPathPattern='tests/security/phi' --bail --ci + + - name: Data Integrity + run: npx jest --testPathPattern='tests/data-integrity' --bail --ci + + # HIGH gates — must pass 95%+ + - name: Clinical Workflows + run: npx jest --testPathPattern='tests/clinical' --ci + + - name: Integration Compliance + run: npx jest --testPathPattern='tests/integration' --ci +``` + +## Pass/Fail Matrix + +| Category | Threshold | On Failure | +|----------|-----------|------------| +| CDSS Accuracy | 100% | **BLOCK deployment** | +| PHI Exposure | 100% | **BLOCK deployment** | +| Data Integrity | 100% | **BLOCK deployment** | +| Clinical Workflow | 95%+ | WARN, allow with review | +| Integration | 95%+ | WARN, allow with review | + +## Eval Report Format + +``` +## Healthcare Eval: [date] [commit] + +### Patient Safety: PASS / FAIL + +| Category | Tests | Pass | Fail | Status | +|----------|-------|------|------|--------| +| CDSS Accuracy | N | N | 0 | PASS | +| PHI Exposure | N | N | 0 | PASS | +| Data Integrity | N | N | 0 | PASS | +| Clinical Workflow | N | N | N | 95%+ | +| Integration | N | N | N | 95%+ | + +### Coverage: X% (target: 80%+) +### Verdict: SAFE TO DEPLOY / BLOCKED +``` + +## Anti-Patterns + +- ❌ Skipping CDSS tests "because they passed last time" +- ❌ Setting CRITICAL thresholds below 100% +- ❌ Using `--no-bail` on CRITICAL test suites +- ❌ Mocking the CDSS engine in integration tests (must test real logic) +- ❌ Allowing deployments when safety gate is red diff --git a/skills/healthcare-phi-compliance/SKILL.md b/skills/healthcare-phi-compliance/SKILL.md new file mode 100644 index 00000000..b84de1c6 --- /dev/null +++ b/skills/healthcare-phi-compliance/SKILL.md @@ -0,0 +1,185 @@ +--- +name: healthcare-phi-compliance +description: Protected Health Information (PHI) and Personally Identifiable Information (PII) compliance patterns for healthcare applications. Covers data classification, access control, audit trails, encryption, and common leak vectors. +origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel +version: "1.0.0" +observe: "PostToolUse" +feedback: "manual" +rollback: "git revert" +--- + +# Healthcare PHI/PII Compliance Patterns + +Patterns for protecting patient data, clinician data, and financial data in healthcare applications. Applicable to HIPAA (US), DISHA (India), GDPR (EU), and general healthcare data protection. + +## When to Activate + +- Building any feature that touches patient records +- Implementing access control or authentication for clinical systems +- Designing database schemas for healthcare data +- Building APIs that return patient or clinician data +- Implementing audit trails or logging +- Reviewing code for data exposure vulnerabilities +- Setting up Row-Level Security (RLS) for multi-tenant healthcare systems + +## Data Classification + +### PHI (Protected Health Information) + +Any data that can identify a patient AND relates to their health: + +- Patient name, date of birth, address, phone, email +- National ID numbers (SSN, Aadhaar, NHS number) +- Medical record numbers +- Diagnoses, medications, lab results, imaging +- Insurance policy and claim details +- Appointment and admission records +- Any combination of the above + +### PII (Personally Identifiable Information) + +Non-patient sensitive data in healthcare systems: + +- Clinician/staff personal details +- Doctor fee structures and payout amounts +- Employee salary and bank details +- Vendor payment information + +## Access Control Patterns + +### Row-Level Security (Supabase/PostgreSQL) + +```sql +-- Enable RLS on every PHI table +ALTER TABLE patients ENABLE ROW LEVEL SECURITY; + +-- Scope access by facility/centre +CREATE POLICY "staff_read_own_facility" + ON patients FOR SELECT + TO authenticated + USING ( + facility_id IN ( + SELECT facility_id FROM staff_assignments + WHERE user_id = auth.uid() + AND role IN ('doctor', 'nurse', 'lab_tech', 'admin') + ) + ); + +-- Audit log: insert-only (no updates, no deletes) +CREATE POLICY "audit_insert_only" + ON audit_log FOR INSERT + TO authenticated + WITH CHECK (user_id = auth.uid()); + +CREATE POLICY "audit_no_modify" ON audit_log FOR UPDATE USING (false); +CREATE POLICY "audit_no_delete" ON audit_log FOR DELETE USING (false); +``` + +### API Authentication + +- Every API route handling PHI MUST require authentication +- Use short-lived tokens (JWT with 15-min expiry for clinical sessions) +- Implement session timeout (auto-logout after inactivity) +- Log every PHI access with user ID, timestamp, and resource accessed + +## Common Leak Vectors (Check Every Deployment) + +### 1. Error Messages + +```typescript +// ❌ BAD — leaks PHI in error +throw new Error(`Patient ${patient.name} not found in ${patient.facility}`); + +// ✅ GOOD — generic error, log details server-side +logger.error('Patient lookup failed', { patientId, facilityId }); +throw new Error('Record not found'); +``` + +### 2. Console Output + +```typescript +// ❌ BAD +console.log('Processing patient:', patient); + +// ✅ GOOD +console.log('Processing patient:', patient.id); // ID only +``` + +### 3. URL Parameters + +``` +❌ /patients?name=John+Doe&dob=1990-01-01 +✅ /patients/uuid-here (lookup by opaque ID) +``` + +### 4. Browser Storage + +```typescript +// ❌ NEVER store PHI in localStorage/sessionStorage +localStorage.setItem('currentPatient', JSON.stringify(patient)); + +// ✅ Keep PHI in memory only, fetch on demand +const [patient, setPatient] = useState(null); +``` + +### 5. Service Role Keys + +```typescript +// ❌ NEVER use service_role key in client-side code +const supabase = createClient(url, SUPABASE_SERVICE_ROLE_KEY); + +// ✅ ALWAYS use anon key — let RLS enforce access +const supabase = createClient(url, SUPABASE_ANON_KEY); +``` + +### 6. Logs and Monitoring + +- Never log full patient records +- Log patient IDs, not names +- Sanitize stack traces before sending to error tracking services +- Ensure log storage itself is access-controlled + +## Audit Trail Requirements + +Every PHI access or modification must be logged: + +```typescript +interface AuditEntry { + timestamp: string; + user_id: string; + patient_id: string; + action: 'create' | 'read' | 'update' | 'delete' | 'print' | 'export'; + resource_type: string; + resource_id: string; + changes?: { before: object; after: object }; // for updates + ip_address: string; + session_id: string; +} +``` + +## Database Schema Tagging + +Mark PHI/PII columns at the schema level so automated tools can identify them: + +```sql +COMMENT ON COLUMN patients.name IS 'PHI: patient_name'; +COMMENT ON COLUMN patients.dob IS 'PHI: date_of_birth'; +COMMENT ON COLUMN patients.aadhaar IS 'PHI: national_id'; +COMMENT ON COLUMN doctor_payouts.amount IS 'PII: financial'; +COMMENT ON COLUMN employees.salary IS 'PII: financial'; +``` + +## Deployment Checklist + +Before every deployment of a healthcare application: + +- [ ] No PHI in error messages or stack traces +- [ ] No PHI in console.log/console.error +- [ ] No PHI in URL parameters +- [ ] No PHI in browser storage +- [ ] No service_role key in client code +- [ ] RLS enabled on all PHI/PII tables +- [ ] Audit trail for all data modifications +- [ ] Session timeout configured +- [ ] API authentication on all PHI endpoints +- [ ] Cross-facility data isolation verified From e3f2bda9fcdb12fd9d7059a8d746e0af4cdc8ee9 Mon Sep 17 00:00:00 2001 From: "Dr. Keyur Patel" Date: Fri, 27 Mar 2026 03:54:20 +0000 Subject: [PATCH 16/23] fix: address all CodeRabbit + Cubic review comments on PR #955 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CodeRabbit fixes (6 comments): - All 4 skills: renamed 'When to Activate' → 'When to Use', added 'How It Works' and 'Examples' sections - CDSS: DoseValidationResult.suggestedRange now typed as '| null' - PHI: hyphenated 'Non-patient-sensitive' Cubic fixes (7 issues): - P1: CDSS weight-based check now BLOCKS when weight missing (was false-negative pass) - P1: EMR medication safety clarified — critical = hard block, override requires documented reason - P1: PHI logging guidance clarified — use opaque UUIDs only, not medical record numbers - P2: CDSS validateDose now uses age and renal function params (ageAdjusted, renalAdjusted rules) - P2: Eval CI example now enforces 95% threshold with jq + bc calculation - P2: Eval CI example now includes --coverage --coverageThreshold on CDSS suite - P2: CDSS suggestedRange null type fixed (same as CodeRabbit) --- skills/healthcare-cdss-patterns/SKILL.md | 216 +++++++++++----------- skills/healthcare-emr-patterns/SKILL.md | 127 +++++++------ skills/healthcare-eval-harness/SKILL.md | 165 +++++++++-------- skills/healthcare-phi-compliance/SKILL.md | 203 +++++++++----------- 4 files changed, 356 insertions(+), 355 deletions(-) diff --git a/skills/healthcare-cdss-patterns/SKILL.md b/skills/healthcare-cdss-patterns/SKILL.md index 00863466..0cb991fd 100644 --- a/skills/healthcare-cdss-patterns/SKILL.md +++ b/skills/healthcare-cdss-patterns/SKILL.md @@ -12,7 +12,7 @@ rollback: "git revert" Patterns for building Clinical Decision Support Systems that integrate into EMR workflows. CDSS modules are patient safety critical — zero tolerance for false negatives. -## When to Activate +## When to Use - Implementing drug interaction checking - Building dose validation engines @@ -21,7 +21,15 @@ Patterns for building Clinical Decision Support Systems that integrate into EMR - Building medication order entry with safety checks - Integrating lab result interpretation with clinical context -## Architecture +## How It Works + +The CDSS engine is a **pure function library with zero side effects**. Input clinical data, output alerts. This makes it fully testable. + +Three primary modules: + +1. **`checkInteractions(newDrug, currentMeds, allergies)`** — Checks a new drug against current medications and known allergies. Returns severity-sorted `InteractionAlert[]`. Uses `DrugInteractionPair` data model. +2. **`validateDose(drug, dose, route, weight, age, renalFunction)`** — Validates a prescribed dose against weight-based, age-adjusted, and renal-adjusted rules. Returns `DoseValidationResult`. +3. **`calculateNEWS2(vitals)`** — National Early Warning Score 2 from `NEWS2Input`. Returns `NEWS2Result` with total score, risk level, and escalation guidance. ``` EMR UI @@ -35,84 +43,52 @@ CDSS Engine (pure functions, no side effects) EMR UI (displays alerts inline, blocks if critical) ``` -**Key principle:** The CDSS engine should be a pure function library with zero side effects. Input clinical data, output alerts. This makes it fully testable. - -## Drug Interaction Checking - -### Data Model +### Drug Interaction Checking ```typescript interface DrugInteractionPair { drugA: string; // generic name drugB: string; // generic name severity: 'critical' | 'major' | 'minor'; - mechanism: string; // e.g., "CYP3A4 inhibition" - clinicalEffect: string; // e.g., "Increased bleeding risk" - recommendation: string; // e.g., "Avoid combination" or "Monitor INR closely" -} - -interface InteractionAlert { - severity: 'critical' | 'major' | 'minor'; - pair: [string, string]; - message: string; + mechanism: string; + clinicalEffect: string; recommendation: string; } -``` -### Implementation Pattern - -```typescript function checkInteractions( newDrug: string, currentMedications: string[], allergyList: string[] ): InteractionAlert[] { const alerts: InteractionAlert[] = []; - - // Check drug-drug interactions for (const current of currentMedications) { const interaction = findInteraction(newDrug, current); if (interaction) { - alerts.push({ - severity: interaction.severity, - pair: [newDrug, current], - message: interaction.clinicalEffect, - recommendation: interaction.recommendation - }); + alerts.push({ severity: interaction.severity, pair: [newDrug, current], + message: interaction.clinicalEffect, recommendation: interaction.recommendation }); } } - - // Check drug-allergy interactions for (const allergy of allergyList) { if (isCrossReactive(newDrug, allergy)) { - alerts.push({ - severity: 'critical', - pair: [newDrug, allergy], + alerts.push({ severity: 'critical', pair: [newDrug, allergy], message: `Cross-reactivity with documented allergy: ${allergy}`, - recommendation: 'Do not prescribe without allergy consultation' - }); + recommendation: 'Do not prescribe without allergy consultation' }); } } - - // Sort by severity (critical first) - return alerts.sort((a, b) => - severityOrder(a.severity) - severityOrder(b.severity) - ); + return alerts.sort((a, b) => severityOrder(a.severity) - severityOrder(b.severity)); } ``` -### Interaction pairs must be bidirectional +Interaction pairs must be **bidirectional**: if Drug A interacts with Drug B, then Drug B interacts with Drug A. -If Drug A interacts with Drug B, then Drug B interacts with Drug A. Store once, check both directions. - -## Dose Validation +### Dose Validation ```typescript interface DoseValidationResult { valid: boolean; message: string; - suggestedRange: { min: number; max: number; unit: string }; - factors: string[]; // what was considered (weight, age, renal function) + suggestedRange: { min: number; max: number; unit: string } | null; + factors: string[]; } function validateDose( @@ -121,64 +97,76 @@ function validateDose( route: 'oral' | 'iv' | 'im' | 'sc' | 'topical', patientWeight?: number, patientAge?: number, - renalFunction?: number // eGFR + renalFunction?: number ): DoseValidationResult { const rules = getDoseRules(drug, route); if (!rules) return { valid: true, message: 'No validation rules available', suggestedRange: null, factors: [] }; + const factors: string[] = []; - // Weight-based dosing - if (rules.weightBased && patientWeight) { + // SAFETY: if rules require weight but weight missing, BLOCK (not pass) + if (rules.weightBased) { + if (!patientWeight || patientWeight <= 0) { + return { valid: false, message: `Weight required for ${drug} (mg/kg drug)`, + suggestedRange: null, factors: ['weight_missing'] }; + } + factors.push('weight'); const maxDose = rules.maxPerKg * patientWeight; if (dose > maxDose) { - return { - valid: false, - message: `Dose ${dose}${rules.unit} exceeds max ${maxDose}${rules.unit} for ${patientWeight}kg patient`, - suggestedRange: { min: rules.minPerKg * patientWeight, max: maxDose, unit: rules.unit }, - factors: ['weight'] - }; + return { valid: false, message: `Dose exceeds max for ${patientWeight}kg`, + suggestedRange: { min: rules.minPerKg * patientWeight, max: maxDose, unit: rules.unit }, factors }; } } - // Absolute max dose - if (dose > rules.absoluteMax) { - return { - valid: false, - message: `Dose ${dose}${rules.unit} exceeds absolute max ${rules.absoluteMax}${rules.unit}`, - suggestedRange: { min: rules.typicalMin, max: rules.absoluteMax, unit: rules.unit }, - factors: ['absolute_max'] - }; + // Age-based adjustment (when rules define age brackets and age is provided) + if (rules.ageAdjusted && patientAge !== undefined) { + factors.push('age'); + const ageMax = rules.getAgeAdjustedMax(patientAge); + if (dose > ageMax) { + return { valid: false, message: `Exceeds age-adjusted max for ${patientAge}yr`, + suggestedRange: { min: rules.typicalMin, max: ageMax, unit: rules.unit }, factors }; + } } - return { valid: true, message: 'Within range', suggestedRange: { min: rules.typicalMin, max: rules.typicalMax, unit: rules.unit }, factors: [] }; + // Renal adjustment (when rules define eGFR brackets and eGFR is provided) + if (rules.renalAdjusted && renalFunction !== undefined) { + factors.push('renal'); + const renalMax = rules.getRenalAdjustedMax(renalFunction); + if (dose > renalMax) { + return { valid: false, message: `Exceeds renal-adjusted max for eGFR ${renalFunction}`, + suggestedRange: { min: rules.typicalMin, max: renalMax, unit: rules.unit }, factors }; + } + } + + // Absolute max + if (dose > rules.absoluteMax) { + return { valid: false, message: `Exceeds absolute max ${rules.absoluteMax}${rules.unit}`, + suggestedRange: { min: rules.typicalMin, max: rules.absoluteMax, unit: rules.unit }, + factors: [...factors, 'absolute_max'] }; + } + return { valid: true, message: 'Within range', + suggestedRange: { min: rules.typicalMin, max: rules.typicalMax, unit: rules.unit }, factors }; } ``` -## Clinical Scoring: NEWS2 - -National Early Warning Score 2 — standardized assessment of acute illness severity: +### Clinical Scoring: NEWS2 ```typescript interface NEWS2Input { - respiratoryRate: number; - oxygenSaturation: number; - supplementalOxygen: boolean; - temperature: number; - systolicBP: number; - heartRate: number; + respiratoryRate: number; oxygenSaturation: number; supplementalOxygen: boolean; + temperature: number; systolicBP: number; heartRate: number; consciousness: 'alert' | 'voice' | 'pain' | 'unresponsive'; } - interface NEWS2Result { total: number; // 0-20 risk: 'low' | 'low-medium' | 'medium' | 'high'; components: Record; - escalation: string; // recommended clinical action + escalation: string; } ``` -Scoring tables must match the Royal College of Physicians NEWS2 specification exactly. Any deviation is a patient safety issue. +Scoring tables must match the Royal College of Physicians specification exactly. -## Alert Severity and UI Behavior +### Alert Severity and UI Behavior | Severity | UI Behavior | Clinician Action Required | |----------|-------------|--------------------------| @@ -186,54 +174,74 @@ Scoring tables must match the Royal College of Physicians NEWS2 specification ex | Major | Warning banner inline. Orange. | Must acknowledge before proceeding | | Minor | Info note inline. Yellow. | Awareness only, no action required | -**Rules:** -- Critical alerts must NEVER be auto-dismissed -- Critical alerts must NEVER be toast notifications -- Override reasons must be stored in the audit trail -- Alert fatigue is real — only use critical for genuinely dangerous situations +Critical alerts must NEVER be auto-dismissed or implemented as toast notifications. Override reasons must be stored in the audit trail. -## Testing CDSS (Zero Tolerance for False Negatives) +### Testing CDSS (Zero Tolerance for False Negatives) ```typescript describe('CDSS — Patient Safety', () => { - // Every known interaction pair MUST fire INTERACTION_PAIRS.forEach(({ drugA, drugB, severity }) => { it(`detects ${drugA} + ${drugB} (${severity})`, () => { const alerts = checkInteractions(drugA, [drugB], []); expect(alerts.length).toBeGreaterThan(0); expect(alerts[0].severity).toBe(severity); }); - - // Bidirectional check it(`detects ${drugB} + ${drugA} (reverse)`, () => { const alerts = checkInteractions(drugB, [drugA], []); expect(alerts.length).toBeGreaterThan(0); }); }); - - // Dose validation - DOSE_RULES.forEach((rule) => { - it(`validates ${rule.drug}: ${rule.scenario}`, () => { - const result = validateDose(rule.drug, rule.dose, rule.route, rule.weight, rule.age); - expect(result.valid).toBe(rule.expectedValid); - }); + it('blocks mg/kg drug when weight is missing', () => { + const result = validateDose('gentamicin', 300, 'iv'); + expect(result.valid).toBe(false); + expect(result.factors).toContain('weight_missing'); }); - - // No silent failures it('handles malformed drug data gracefully', () => { expect(() => checkInteractions('', [], [])).not.toThrow(); - expect(() => checkInteractions(null as any, [], [])).not.toThrow(); }); }); ``` -**Pass criteria: 100%.** A single missed interaction is a patient safety event. +Pass criteria: 100%. A single missed interaction is a patient safety event. -## Anti-Patterns +### Anti-Patterns -- ❌ Making CDSS checks optional or skippable without documented reason -- ❌ Implementing interaction checks as toast notifications -- ❌ Using `any` types for drug or clinical data -- ❌ Hardcoding interaction pairs instead of using a maintainable data structure -- ❌ Testing with mocked data only (must test with real drug names) -- ❌ Silently catching errors in CDSS engine (must surface failures loudly) +- Making CDSS checks optional or skippable without documented reason +- Implementing interaction checks as toast notifications +- Using `any` types for drug or clinical data +- Hardcoding interaction pairs instead of using a maintainable data structure +- Silently catching errors in CDSS engine (must surface failures loudly) +- Skipping weight-based validation when weight is not available (must block, not pass) + +## Examples + +### Example 1: Drug Interaction Check + +```typescript +const alerts = checkInteractions('warfarin', ['aspirin', 'metformin'], ['penicillin']); +// [{ severity: 'critical', pair: ['warfarin', 'aspirin'], +// message: 'Increased bleeding risk', recommendation: 'Avoid combination' }] +``` + +### Example 2: Dose Validation + +```typescript +const ok = validateDose('paracetamol', 1000, 'oral', 70, 45); +// { valid: true, suggestedRange: { min: 500, max: 4000, unit: 'mg' } } + +const bad = validateDose('paracetamol', 5000, 'oral', 70, 45); +// { valid: false, message: 'Exceeds absolute max 4000mg' } + +const noWeight = validateDose('gentamicin', 300, 'iv'); +// { valid: false, factors: ['weight_missing'] } +``` + +### Example 3: NEWS2 Scoring + +```typescript +const result = calculateNEWS2({ + respiratoryRate: 24, oxygenSaturation: 93, supplementalOxygen: true, + temperature: 38.5, systolicBP: 100, heartRate: 110, consciousness: 'voice' +}); +// { total: 13, risk: 'high', escalation: 'Urgent clinical review. Consider ICU.' } +``` diff --git a/skills/healthcare-emr-patterns/SKILL.md b/skills/healthcare-emr-patterns/SKILL.md index a9cc79df..59ac0fd8 100644 --- a/skills/healthcare-emr-patterns/SKILL.md +++ b/skills/healthcare-emr-patterns/SKILL.md @@ -12,9 +12,9 @@ rollback: "git revert" Patterns for building Electronic Medical Record (EMR) and Electronic Health Record (EHR) systems. Prioritizes patient safety, clinical accuracy, and practitioner efficiency. -## When to Activate +## When to Use -- Building patient encounter workflows (complaint → exam → diagnosis → prescription) +- Building patient encounter workflows (complaint, exam, diagnosis, prescription) - Implementing clinical note-taking (structured + free text + voice-to-text) - Designing prescription/medication modules with drug interaction checking - Integrating Clinical Decision Support Systems (CDSS) @@ -22,9 +22,9 @@ Patterns for building Electronic Medical Record (EMR) and Electronic Health Reco - Implementing audit trails for clinical data - Designing healthcare-accessible UIs for clinical data entry -## Core Principles +## How It Works -### 1. Patient Safety First +### Patient Safety First Every design decision must be evaluated against: "Could this harm a patient?" @@ -33,9 +33,9 @@ Every design decision must be evaluated against: "Could this harm a patient?" - Critical vitals MUST trigger escalation workflows - No clinical data modification without audit trail -### 2. Single-Page Encounter Flow +### Single-Page Encounter Flow -Clinical encounters should flow vertically on a single page — no tab switching during patient interaction: +Clinical encounters should flow vertically on a single page — no tab switching: ``` Patient Header (sticky — always visible) @@ -53,9 +53,7 @@ Encounter Flow (vertical scroll) └── 9. Sign / Lock / Print ``` -### 3. Smart Template System - -Build templates for common presentations: +### Smart Template System ```typescript interface ClinicalTemplate { @@ -68,9 +66,9 @@ interface ClinicalTemplate { } ``` -**Red flags** in any template must trigger a visible, non-dismissable alert — NOT a toast notification. +Red flags in any template must trigger a visible, non-dismissable alert — NOT a toast notification. -### 4. Medication Safety Pattern +### Medication Safety Pattern ``` User selects drug @@ -78,62 +76,87 @@ User selects drug → Check encounter medications for interactions → Check patient allergies → Validate dose against weight/age/renal function - → Display alerts (critical = block, major = require override reason) - → Log override reason if clinician proceeds + → If CRITICAL interaction: BLOCK prescribing entirely + → Clinician must document override reason to proceed past a block + → If MAJOR interaction: display warning, require acknowledgment + → Log all alerts and override reasons in audit trail ``` -Critical interactions should **block prescribing by default**. The clinician must explicitly override with a documented reason. +Critical interactions **block prescribing by default**. The clinician must explicitly override with a documented reason stored in the audit trail. The system never silently allows a critical interaction. -### 5. Locked Encounter Pattern +### Locked Encounter Pattern Once a clinical encounter is signed: -- No edits allowed — only addendum -- Addendum is a new record linked to the original +- No edits allowed — only an addendum (a separate linked record) - Both original and addendum appear in the patient timeline -- Audit trail captures who signed, when, and any addenda +- Audit trail captures who signed, when, and any addendum records -## UI Patterns for Clinical Data +### UI Patterns for Clinical Data -### Vitals Display +**Vitals Display:** Current values with normal range highlighting (green/yellow/red), trend arrows vs previous, clinical scoring auto-calculated (NEWS2, qSOFA), escalation guidance inline. -- Current values with normal range highlighting (green/yellow/red) -- Trend arrows comparing to previous measurement -- Clinical scoring auto-calculated (NEWS2, qSOFA, MEWS) -- Scoring result displayed inline with escalation guidance +**Lab Results Display:** Normal range highlighting, previous value comparison, critical values with non-dismissable alert, collection/analysis timestamps, pending orders with expected turnaround. -### Lab Results Display +**Prescription PDF:** One-click generation with patient demographics, allergies, diagnosis, drug details (generic + brand, dose, route, frequency, duration), clinician signature block. -- Normal range highlighting with institution-specific ranges -- Previous value comparison (trend) -- Critical values flagged with non-dismissable alert -- Timestamp of collection and analysis -- Pending orders shown with expected turnaround +### Accessibility for Healthcare -### Prescription PDF +Healthcare UIs have stricter requirements than typical web apps: +- 4.5:1 minimum contrast (WCAG AA) — clinicians work in varied lighting +- Large touch targets (44x44px minimum) — for gloved/rushed interaction +- Keyboard navigation — for power users entering data rapidly +- No color-only indicators — always pair color with text/icon (colorblind clinicians) +- Screen reader labels on all form fields +- No auto-dismissing toasts for clinical alerts — clinician must actively acknowledge -- One-click generation -- Patient demographics, allergies, diagnosis -- Drug name (generic + brand), dose, route, frequency, duration -- Clinician signature block -- QR code linking to digital record (optional) +### Anti-Patterns -## Accessibility for Healthcare +- Storing clinical data in browser localStorage +- Silent failures in drug interaction checking +- Dismissable toasts for critical clinical alerts +- Tab-based encounter UIs that fragment the clinical workflow +- Allowing edits to signed/locked encounters +- Displaying clinical data without audit trail +- Using `any` type for clinical data structures -Healthcare UIs have stricter accessibility requirements than typical web apps: +## Examples -- **4.5:1 minimum contrast** (WCAG AA) — clinicians work in varied lighting -- **Large touch targets** (44x44px minimum) — for gloved/rushed interaction -- **Keyboard navigation** — for power users entering data rapidly -- **No color-only indicators** — always pair color with text/icon (colorblind clinicians) -- **Screen reader labels** on all form fields — for voice-assisted data entry -- **No auto-dismissing toasts** for clinical alerts — clinician must actively acknowledge +### Example 1: Patient Encounter Flow -## Anti-Patterns +``` +Doctor opens encounter for Patient #4521 + → Sticky header shows: "Rajesh M, 58M, Allergies: Penicillin, Active Meds: Metformin 500mg" + → Chief Complaint: selects "Chest Pain" template + → Clicks chips: "substernal", "radiating to left arm", "crushing" + → Red flag "crushing substernal chest pain" triggers non-dismissable alert + → Examination: CVS system — "S1 S2 normal, no murmur" + → Vitals: HR 110, BP 90/60, SpO2 94% + → NEWS2 auto-calculates: score 8, risk HIGH, escalation alert shown + → Diagnosis: searches "ACS" → selects ICD-10 I21.9 + → Medications: selects Aspirin 300mg + → CDSS checks against Metformin: no interaction + → Signs encounter → locked, addendum-only from this point +``` -- ❌ Storing clinical data in browser localStorage -- ❌ Silent failures in drug interaction checking -- ❌ Dismissable toasts for critical clinical alerts -- ❌ Tab-based encounter UIs that fragment the clinical workflow -- ❌ Allowing edits to signed/locked encounters -- ❌ Displaying clinical data without audit trail -- ❌ Using `any` type for clinical data structures +### Example 2: Medication Safety Workflow + +``` +Doctor prescribes Warfarin for Patient #4521 + → CDSS detects: Warfarin + Aspirin = CRITICAL interaction + → UI: red non-dismissable modal blocks prescribing + → Doctor clicks "Override with reason" + → Types: "Benefits outweigh risks — monitored INR protocol" + → Override reason + alert stored in audit trail + → Prescription proceeds with documented override +``` + +### Example 3: Locked Encounter + Addendum + +``` +Encounter #E-2024-0891 signed by Dr. Shah at 14:30 + → All fields locked — no edit buttons visible + → "Add Addendum" button available + → Dr. Shah clicks addendum, adds: "Lab results received — Troponin elevated" + → New record E-2024-0891-A1 linked to original + → Timeline shows both: original encounter + addendum with timestamps +``` diff --git a/skills/healthcare-eval-harness/SKILL.md b/skills/healthcare-eval-harness/SKILL.md index e65cd23d..b901bb47 100644 --- a/skills/healthcare-eval-harness/SKILL.md +++ b/skills/healthcare-eval-harness/SKILL.md @@ -12,7 +12,7 @@ rollback: "git revert" Automated verification system for healthcare application deployments. A single CRITICAL failure blocks deployment. Patient safety is non-negotiable. -## When to Activate +## When to Use - Before any deployment of EMR/EHR applications - After modifying CDSS logic (drug interactions, dose validation, scoring) @@ -21,83 +21,65 @@ Automated verification system for healthcare application deployments. A single C - During CI/CD pipeline configuration for healthcare apps - After resolving merge conflicts in clinical modules -## Eval Categories +## How It Works -### 1. CDSS Accuracy (CRITICAL — 100% required) +The eval harness runs five test categories in order. The first three (CDSS Accuracy, PHI Exposure, Data Integrity) are CRITICAL gates requiring 100% pass rate — a single failure blocks deployment. The remaining two (Clinical Workflow, Integration) are HIGH gates requiring 95%+ pass rate. -Tests all clinical decision support logic: +Each category maps to a Jest test path pattern. The CI pipeline runs CRITICAL gates with `--bail` (stop on first failure) and enforces coverage thresholds with `--coverage --coverageThreshold`. -- Drug interaction pairs: every known pair must fire an alert -- Dose validation: out-of-range doses must be flagged -- Clinical scoring: results must match published specifications -- No false negatives: a missed alert is a patient safety event -- No silent failures: malformed input must error, not silently pass +### Eval Categories + +**1. CDSS Accuracy (CRITICAL — 100% required)** + +Tests all clinical decision support logic: drug interaction pairs (both directions), dose validation rules, clinical scoring vs published specs, no false negatives, no silent failures. ```bash -npx jest --testPathPattern='tests/cdss' --bail --ci +npx jest --testPathPattern='tests/cdss' --bail --ci --coverage ``` -### 2. PHI Exposure (CRITICAL — 100% required) +**2. PHI Exposure (CRITICAL — 100% required)** -Tests for protected health information leaks: - -- API error responses contain no PHI -- Console output contains no patient data -- URL parameters contain no PHI -- Browser storage contains no PHI -- Cross-facility data isolation works (multi-tenant) -- Unauthenticated requests return zero patient rows -- Service role keys absent from client bundles +Tests for protected health information leaks: API error responses, console output, URL parameters, browser storage, cross-facility isolation, unauthenticated access, service role key absence. ```bash npx jest --testPathPattern='tests/security/phi' --bail --ci ``` -### 3. Data Integrity (CRITICAL — 100% required) +**3. Data Integrity (CRITICAL — 100% required)** -Tests for clinical data safety: - -- Locked encounters cannot be modified -- Audit trail entries exist for every write operation -- Cascade deletes are blocked on patient records -- Concurrent edits trigger conflict resolution -- No orphaned records across related tables +Tests clinical data safety: locked encounters, audit trail entries, cascade delete protection, concurrent edit handling, no orphaned records. ```bash npx jest --testPathPattern='tests/data-integrity' --bail --ci ``` -### 4. Clinical Workflow (HIGH — 95%+ required) +**4. Clinical Workflow (HIGH — 95%+ required)** -Tests end-to-end clinical workflows: - -- Complete encounter flow (complaint → exam → diagnosis → Rx → lock) -- Template rendering and submission for all clinical templates -- Medication set population and interaction checking -- Drug/diagnosis search functionality -- Prescription PDF generation -- Red flag alert triggering +Tests end-to-end flows: encounter lifecycle, template rendering, medication sets, drug/diagnosis search, prescription PDF, red flag alerts. ```bash -npx jest --testPathPattern='tests/clinical' --ci +npx jest --testPathPattern='tests/clinical' --ci 2>&1 | node scripts/check-pass-rate.js 95 ``` -### 5. Integration Compliance (HIGH — 95%+ required) +**5. Integration Compliance (HIGH — 95%+ required)** -Tests external system integrations: - -- HL7 message parsing (v2.x) -- FHIR resource validation (if applicable) -- Lab result mapping to correct patients -- Malformed message handling (no crashes) +Tests external systems: HL7 message parsing (v2.x), FHIR validation, lab result mapping, malformed message handling. ```bash -npx jest --testPathPattern='tests/integration' --ci +npx jest --testPathPattern='tests/integration' --ci 2>&1 | node scripts/check-pass-rate.js 95 ``` -## CI/CD Integration +### Pass/Fail Matrix -### GitHub Actions Example +| Category | Threshold | On Failure | +|----------|-----------|------------| +| CDSS Accuracy | 100% | **BLOCK deployment** | +| PHI Exposure | 100% | **BLOCK deployment** | +| Data Integrity | 100% | **BLOCK deployment** | +| Clinical Workflow | 95%+ | WARN, allow with review | +| Integration | 95%+ | WARN, allow with review | + +### CI/CD Integration ```yaml name: Healthcare Safety Gate @@ -113,9 +95,9 @@ jobs: node-version: '20' - run: npm ci - # CRITICAL gates — must pass 100% + # CRITICAL gates — 100% required, bail on first failure - name: CDSS Accuracy - run: npx jest --testPathPattern='tests/cdss' --bail --ci + run: npx jest --testPathPattern='tests/cdss' --bail --ci --coverage --coverageThreshold='{"global":{"branches":80,"functions":80,"lines":80}}' - name: PHI Exposure Check run: npx jest --testPathPattern='tests/security/phi' --bail --ci @@ -123,47 +105,72 @@ jobs: - name: Data Integrity run: npx jest --testPathPattern='tests/data-integrity' --bail --ci - # HIGH gates — must pass 95%+ + # HIGH gates — 95%+ required, custom threshold check - name: Clinical Workflows - run: npx jest --testPathPattern='tests/clinical' --ci + run: | + RESULT=$(npx jest --testPathPattern='tests/clinical' --ci --json 2>/dev/null) + PASSED=$(echo $RESULT | jq '.numPassedTests') + TOTAL=$(echo $RESULT | jq '.numTotalTests') + RATE=$(echo "scale=2; $PASSED * 100 / $TOTAL" | bc) + echo "Pass rate: ${RATE}%" + if (( $(echo "$RATE < 95" | bc -l) )); then + echo "::warning::Clinical workflow pass rate ${RATE}% below 95% threshold" + fi - name: Integration Compliance - run: npx jest --testPathPattern='tests/integration' --ci + run: | + RESULT=$(npx jest --testPathPattern='tests/integration' --ci --json 2>/dev/null) + PASSED=$(echo $RESULT | jq '.numPassedTests') + TOTAL=$(echo $RESULT | jq '.numTotalTests') + RATE=$(echo "scale=2; $PASSED * 100 / $TOTAL" | bc) + echo "Pass rate: ${RATE}%" + if (( $(echo "$RATE < 95" | bc -l) )); then + echo "::warning::Integration pass rate ${RATE}% below 95% threshold" + fi ``` -## Pass/Fail Matrix +### Anti-Patterns -| Category | Threshold | On Failure | -|----------|-----------|------------| -| CDSS Accuracy | 100% | **BLOCK deployment** | -| PHI Exposure | 100% | **BLOCK deployment** | -| Data Integrity | 100% | **BLOCK deployment** | -| Clinical Workflow | 95%+ | WARN, allow with review | -| Integration | 95%+ | WARN, allow with review | +- Skipping CDSS tests "because they passed last time" +- Setting CRITICAL thresholds below 100% +- Using `--no-bail` on CRITICAL test suites +- Mocking the CDSS engine in integration tests (must test real logic) +- Allowing deployments when safety gate is red +- Running tests without `--coverage` on CDSS suites -## Eval Report Format +## Examples + +### Example 1: Run All Critical Gates Locally + +```bash +npx jest --testPathPattern='tests/cdss' --bail --ci --coverage && \ +npx jest --testPathPattern='tests/security/phi' --bail --ci && \ +npx jest --testPathPattern='tests/data-integrity' --bail --ci +``` + +### Example 2: Check HIGH Gate Pass Rate + +```bash +npx jest --testPathPattern='tests/clinical' --ci --json | \ + jq '{passed: .numPassedTests, total: .numTotalTests, rate: (.numPassedTests/.numTotalTests*100)}' +# Expected: { "passed": 21, "total": 22, "rate": 95.45 } +``` + +### Example 3: Eval Report ``` -## Healthcare Eval: [date] [commit] +## Healthcare Eval: 2026-03-27 [commit abc1234] -### Patient Safety: PASS / FAIL +### Patient Safety: PASS | Category | Tests | Pass | Fail | Status | |----------|-------|------|------|--------| -| CDSS Accuracy | N | N | 0 | PASS | -| PHI Exposure | N | N | 0 | PASS | -| Data Integrity | N | N | 0 | PASS | -| Clinical Workflow | N | N | N | 95%+ | -| Integration | N | N | N | 95%+ | +| CDSS Accuracy | 39 | 39 | 0 | PASS | +| PHI Exposure | 8 | 8 | 0 | PASS | +| Data Integrity | 12 | 12 | 0 | PASS | +| Clinical Workflow | 22 | 21 | 1 | 95.5% PASS | +| Integration | 6 | 6 | 0 | PASS | -### Coverage: X% (target: 80%+) -### Verdict: SAFE TO DEPLOY / BLOCKED +### Coverage: 84% (target: 80%+) +### Verdict: SAFE TO DEPLOY ``` - -## Anti-Patterns - -- ❌ Skipping CDSS tests "because they passed last time" -- ❌ Setting CRITICAL thresholds below 100% -- ❌ Using `--no-bail` on CRITICAL test suites -- ❌ Mocking the CDSS engine in integration tests (must test real logic) -- ❌ Allowing deployments when safety gate is red diff --git a/skills/healthcare-phi-compliance/SKILL.md b/skills/healthcare-phi-compliance/SKILL.md index b84de1c6..ddd1eb2e 100644 --- a/skills/healthcare-phi-compliance/SKILL.md +++ b/skills/healthcare-phi-compliance/SKILL.md @@ -12,7 +12,7 @@ rollback: "git revert" Patterns for protecting patient data, clinician data, and financial data in healthcare applications. Applicable to HIPAA (US), DISHA (India), GDPR (EU), and general healthcare data protection. -## When to Activate +## When to Use - Building any feature that touches patient records - Implementing access control or authentication for clinical systems @@ -22,124 +22,37 @@ Patterns for protecting patient data, clinician data, and financial data in heal - Reviewing code for data exposure vulnerabilities - Setting up Row-Level Security (RLS) for multi-tenant healthcare systems -## Data Classification +## How It Works -### PHI (Protected Health Information) +Healthcare data protection operates on three layers: **classification** (what is sensitive), **access control** (who can see it), and **audit** (who did see it). -Any data that can identify a patient AND relates to their health: +### Data Classification -- Patient name, date of birth, address, phone, email -- National ID numbers (SSN, Aadhaar, NHS number) -- Medical record numbers -- Diagnoses, medications, lab results, imaging -- Insurance policy and claim details -- Appointment and admission records -- Any combination of the above +**PHI (Protected Health Information)** — any data that can identify a patient AND relates to their health: patient name, date of birth, address, phone, email, national ID numbers (SSN, Aadhaar, NHS number), medical record numbers, diagnoses, medications, lab results, imaging, insurance policy and claim details, appointment and admission records, or any combination of the above. -### PII (Personally Identifiable Information) +**PII (Non-patient-sensitive data)** in healthcare systems: clinician/staff personal details, doctor fee structures and payout amounts, employee salary and bank details, vendor payment information. -Non-patient sensitive data in healthcare systems: - -- Clinician/staff personal details -- Doctor fee structures and payout amounts -- Employee salary and bank details -- Vendor payment information - -## Access Control Patterns - -### Row-Level Security (Supabase/PostgreSQL) +### Access Control: Row-Level Security ```sql --- Enable RLS on every PHI table ALTER TABLE patients ENABLE ROW LEVEL SECURITY; --- Scope access by facility/centre +-- Scope access by facility CREATE POLICY "staff_read_own_facility" - ON patients FOR SELECT - TO authenticated - USING ( - facility_id IN ( - SELECT facility_id FROM staff_assignments - WHERE user_id = auth.uid() - AND role IN ('doctor', 'nurse', 'lab_tech', 'admin') - ) - ); - --- Audit log: insert-only (no updates, no deletes) -CREATE POLICY "audit_insert_only" - ON audit_log FOR INSERT - TO authenticated - WITH CHECK (user_id = auth.uid()); + ON patients FOR SELECT TO authenticated + USING (facility_id IN ( + SELECT facility_id FROM staff_assignments + WHERE user_id = auth.uid() AND role IN ('doctor','nurse','lab_tech','admin') + )); +-- Audit log: insert-only (tamper-proof) +CREATE POLICY "audit_insert_only" ON audit_log FOR INSERT + TO authenticated WITH CHECK (user_id = auth.uid()); CREATE POLICY "audit_no_modify" ON audit_log FOR UPDATE USING (false); CREATE POLICY "audit_no_delete" ON audit_log FOR DELETE USING (false); ``` -### API Authentication - -- Every API route handling PHI MUST require authentication -- Use short-lived tokens (JWT with 15-min expiry for clinical sessions) -- Implement session timeout (auto-logout after inactivity) -- Log every PHI access with user ID, timestamp, and resource accessed - -## Common Leak Vectors (Check Every Deployment) - -### 1. Error Messages - -```typescript -// ❌ BAD — leaks PHI in error -throw new Error(`Patient ${patient.name} not found in ${patient.facility}`); - -// ✅ GOOD — generic error, log details server-side -logger.error('Patient lookup failed', { patientId, facilityId }); -throw new Error('Record not found'); -``` - -### 2. Console Output - -```typescript -// ❌ BAD -console.log('Processing patient:', patient); - -// ✅ GOOD -console.log('Processing patient:', patient.id); // ID only -``` - -### 3. URL Parameters - -``` -❌ /patients?name=John+Doe&dob=1990-01-01 -✅ /patients/uuid-here (lookup by opaque ID) -``` - -### 4. Browser Storage - -```typescript -// ❌ NEVER store PHI in localStorage/sessionStorage -localStorage.setItem('currentPatient', JSON.stringify(patient)); - -// ✅ Keep PHI in memory only, fetch on demand -const [patient, setPatient] = useState(null); -``` - -### 5. Service Role Keys - -```typescript -// ❌ NEVER use service_role key in client-side code -const supabase = createClient(url, SUPABASE_SERVICE_ROLE_KEY); - -// ✅ ALWAYS use anon key — let RLS enforce access -const supabase = createClient(url, SUPABASE_ANON_KEY); -``` - -### 6. Logs and Monitoring - -- Never log full patient records -- Log patient IDs, not names -- Sanitize stack traces before sending to error tracking services -- Ensure log storage itself is access-controlled - -## Audit Trail Requirements +### Audit Trail Every PHI access or modification must be logged: @@ -151,35 +64,85 @@ interface AuditEntry { action: 'create' | 'read' | 'update' | 'delete' | 'print' | 'export'; resource_type: string; resource_id: string; - changes?: { before: object; after: object }; // for updates + changes?: { before: object; after: object }; ip_address: string; session_id: string; } ``` -## Database Schema Tagging +### Common Leak Vectors -Mark PHI/PII columns at the schema level so automated tools can identify them: +**Error messages:** Never include patient-identifying data in error messages thrown to the client. Log details server-side only. + +**Console output:** Never log full patient objects. Use opaque internal record IDs (UUIDs) — not medical record numbers, national IDs, or names. + +**URL parameters:** Never put patient-identifying data in query strings or path segments that could appear in logs or browser history. Use opaque UUIDs only. + +**Browser storage:** Never store PHI in localStorage or sessionStorage. Keep PHI in memory only, fetch on demand. + +**Service role keys:** Never use the service_role key in client-side code. Always use the anon/publishable key and let RLS enforce access. + +**Logs and monitoring:** Never log full patient records. Use opaque record IDs only (not medical record numbers). Sanitize stack traces before sending to error tracking services. + +### Database Schema Tagging + +Mark PHI/PII columns at the schema level: ```sql COMMENT ON COLUMN patients.name IS 'PHI: patient_name'; COMMENT ON COLUMN patients.dob IS 'PHI: date_of_birth'; COMMENT ON COLUMN patients.aadhaar IS 'PHI: national_id'; COMMENT ON COLUMN doctor_payouts.amount IS 'PII: financial'; -COMMENT ON COLUMN employees.salary IS 'PII: financial'; ``` -## Deployment Checklist +### Deployment Checklist -Before every deployment of a healthcare application: +Before every deployment: +- No PHI in error messages or stack traces +- No PHI in console.log/console.error +- No PHI in URL parameters +- No PHI in browser storage +- No service_role key in client code +- RLS enabled on all PHI/PII tables +- Audit trail for all data modifications +- Session timeout configured +- API authentication on all PHI endpoints +- Cross-facility data isolation verified -- [ ] No PHI in error messages or stack traces -- [ ] No PHI in console.log/console.error -- [ ] No PHI in URL parameters -- [ ] No PHI in browser storage -- [ ] No service_role key in client code -- [ ] RLS enabled on all PHI/PII tables -- [ ] Audit trail for all data modifications -- [ ] Session timeout configured -- [ ] API authentication on all PHI endpoints -- [ ] Cross-facility data isolation verified +## Examples + +### Example 1: Safe vs Unsafe Error Handling + +```typescript +// BAD — leaks PHI in error +throw new Error(`Patient ${patient.name} not found in ${patient.facility}`); + +// GOOD — generic error, details logged server-side with opaque IDs only +logger.error('Patient lookup failed', { recordId: patient.id, facilityId }); +throw new Error('Record not found'); +``` + +### Example 2: RLS Policy for Multi-Facility Isolation + +```sql +-- Doctor at Facility A cannot see Facility B patients +CREATE POLICY "facility_isolation" + ON patients FOR SELECT TO authenticated + USING (facility_id IN ( + SELECT facility_id FROM staff_assignments WHERE user_id = auth.uid() + )); + +-- Test: login as doctor-facility-a, query facility-b patients +-- Expected: 0 rows returned +``` + +### Example 3: Safe Logging + +```typescript +// BAD — logs identifiable patient data +console.log('Processing patient:', patient); + +// GOOD — logs only opaque internal record ID +console.log('Processing record:', patient.id); +// Note: even patient.id should be an opaque UUID, not a medical record number +``` From 9b24bedf856f9ba41b87436d3e43e45a09ee53e4 Mon Sep 17 00:00:00 2001 From: "Dr. Keyur Patel" Date: Fri, 27 Mar 2026 04:02:44 +0000 Subject: [PATCH 17/23] =?UTF-8?q?fix:=20address=20Greptile=20review=20?= =?UTF-8?q?=E2=80=94=20frontmatter,=20CI=20safety,=20null=20guards?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Greptile fixes: - Removed non-standard YAML frontmatter fields (observe, feedback, rollback) from all 4 skills — only name, description, origin, version per CONTRIBUTING.md - Added null guard to checkInteractions implementation (was missing despite test) - CI: replaced 2>/dev/null with 2>&1 (was silencing safety-critical errors) - CI: quoted $RESULT variable (was breaking jq on JSON with spaces) - CI: added division-by-zero guard when test suite is empty - CI: added note that Jest is reference implementation, thresholds are framework-agnostic --- skills/healthcare-cdss-patterns/SKILL.md | 4 +-- skills/healthcare-emr-patterns/SKILL.md | 3 --- skills/healthcare-eval-harness/SKILL.md | 32 ++++++++++++++--------- skills/healthcare-phi-compliance/SKILL.md | 3 --- 4 files changed, 20 insertions(+), 22 deletions(-) diff --git a/skills/healthcare-cdss-patterns/SKILL.md b/skills/healthcare-cdss-patterns/SKILL.md index 0cb991fd..818db026 100644 --- a/skills/healthcare-cdss-patterns/SKILL.md +++ b/skills/healthcare-cdss-patterns/SKILL.md @@ -3,9 +3,6 @@ name: healthcare-cdss-patterns description: Clinical Decision Support System (CDSS) development patterns. Drug interaction checking, dose validation, clinical scoring (NEWS2, qSOFA), alert severity classification, and integration into EMR workflows. origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel version: "1.0.0" -observe: "PostToolUse" -feedback: "manual" -rollback: "git revert" --- # Healthcare CDSS Development Patterns @@ -60,6 +57,7 @@ function checkInteractions( currentMedications: string[], allergyList: string[] ): InteractionAlert[] { + if (!newDrug) return []; const alerts: InteractionAlert[] = []; for (const current of currentMedications) { const interaction = findInteraction(newDrug, current); diff --git a/skills/healthcare-emr-patterns/SKILL.md b/skills/healthcare-emr-patterns/SKILL.md index 59ac0fd8..af004d70 100644 --- a/skills/healthcare-emr-patterns/SKILL.md +++ b/skills/healthcare-emr-patterns/SKILL.md @@ -3,9 +3,6 @@ name: healthcare-emr-patterns description: EMR/EHR development patterns for healthcare applications. Clinical safety, encounter workflows, prescription generation, clinical decision support integration, and accessibility-first UI for medical data entry. origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel version: "1.0.0" -observe: "PostToolUse" -feedback: "manual" -rollback: "git revert" --- # Healthcare EMR Development Patterns diff --git a/skills/healthcare-eval-harness/SKILL.md b/skills/healthcare-eval-harness/SKILL.md index b901bb47..d13193c6 100644 --- a/skills/healthcare-eval-harness/SKILL.md +++ b/skills/healthcare-eval-harness/SKILL.md @@ -3,15 +3,14 @@ name: healthcare-eval-harness description: Patient safety evaluation harness for healthcare application deployments. Automated test suites for CDSS accuracy, PHI exposure, clinical workflow integrity, and integration compliance. Blocks deployments on safety failures. origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel version: "1.0.0" -observe: "PostToolUse" -feedback: "manual" -rollback: "git revert" --- # Healthcare Eval Harness — Patient Safety Verification Automated verification system for healthcare application deployments. A single CRITICAL failure blocks deployment. Patient safety is non-negotiable. +> **Note:** Examples use Jest as the reference test runner. Adapt commands for your framework (Vitest, pytest, PHPUnit, etc.) — the test categories and pass thresholds are framework-agnostic. + ## When to Use - Before any deployment of EMR/EHR applications @@ -106,26 +105,33 @@ jobs: run: npx jest --testPathPattern='tests/data-integrity' --bail --ci # HIGH gates — 95%+ required, custom threshold check + # HIGH gates — 95%+ required - name: Clinical Workflows run: | - RESULT=$(npx jest --testPathPattern='tests/clinical' --ci --json 2>/dev/null) - PASSED=$(echo $RESULT | jq '.numPassedTests') - TOTAL=$(echo $RESULT | jq '.numTotalTests') + RESULT=$(npx jest --testPathPattern='tests/clinical' --ci --json 2>&1) || true + TOTAL=$(echo "$RESULT" | jq '.numTotalTests // 0') + PASSED=$(echo "$RESULT" | jq '.numPassedTests // 0') + if [ "$TOTAL" -eq 0 ]; then + echo "::error::No clinical tests found"; exit 1 + fi RATE=$(echo "scale=2; $PASSED * 100 / $TOTAL" | bc) - echo "Pass rate: ${RATE}%" + echo "Pass rate: ${RATE}% ($PASSED/$TOTAL)" if (( $(echo "$RATE < 95" | bc -l) )); then - echo "::warning::Clinical workflow pass rate ${RATE}% below 95% threshold" + echo "::warning::Clinical pass rate ${RATE}% below 95%" fi - name: Integration Compliance run: | - RESULT=$(npx jest --testPathPattern='tests/integration' --ci --json 2>/dev/null) - PASSED=$(echo $RESULT | jq '.numPassedTests') - TOTAL=$(echo $RESULT | jq '.numTotalTests') + RESULT=$(npx jest --testPathPattern='tests/integration' --ci --json 2>&1) || true + TOTAL=$(echo "$RESULT" | jq '.numTotalTests // 0') + PASSED=$(echo "$RESULT" | jq '.numPassedTests // 0') + if [ "$TOTAL" -eq 0 ]; then + echo "::error::No integration tests found"; exit 1 + fi RATE=$(echo "scale=2; $PASSED * 100 / $TOTAL" | bc) - echo "Pass rate: ${RATE}%" + echo "Pass rate: ${RATE}% ($PASSED/$TOTAL)" if (( $(echo "$RATE < 95" | bc -l) )); then - echo "::warning::Integration pass rate ${RATE}% below 95% threshold" + echo "::warning::Integration pass rate ${RATE}% below 95%" fi ``` diff --git a/skills/healthcare-phi-compliance/SKILL.md b/skills/healthcare-phi-compliance/SKILL.md index ddd1eb2e..d8822185 100644 --- a/skills/healthcare-phi-compliance/SKILL.md +++ b/skills/healthcare-phi-compliance/SKILL.md @@ -3,9 +3,6 @@ name: healthcare-phi-compliance description: Protected Health Information (PHI) and Personally Identifiable Information (PII) compliance patterns for healthcare applications. Covers data classification, access control, audit trails, encryption, and common leak vectors. origin: Health1 Super Speciality Hospitals — contributed by Dr. Keyur Patel version: "1.0.0" -observe: "PostToolUse" -feedback: "manual" -rollback: "git revert" --- # Healthcare PHI/PII Compliance Patterns From 1e226ba55690ecccddca9bd5e17ed2abe5ca9941 Mon Sep 17 00:00:00 2001 From: Sreedhara GS Date: Fri, 27 Mar 2026 16:30:39 +0900 Subject: [PATCH 18/23] =?UTF-8?q?feat(skill):=20ck=20=E2=80=94=20context-k?= =?UTF-8?q?eeper=20v2,=20persistent=20per-project=20memory?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds the ck (Context Keeper) skill — deterministic Node.js scripts that give Claude Code persistent, per-project memory across sessions. Architecture: - commands/ — 8 Node.js scripts handle all command logic (init, save, resume, info, list, forget, migrate, shared). Claude calls scripts and displays output — no LLM interpretation of command logic. - hooks/session-start.mjs — injects ~100 token compact summary on session start (not kilobytes). Detects unsaved sessions, git activity since last save, goal mismatch vs CLAUDE.md. - context.json as source of truth — CONTEXT.md is generated from it. Full session history, session IDs, git activity per save. Commands: /ck:init /ck:save /ck:resume /ck:info /ck:list /ck:forget /ck:migrate Source: https://github.com/sreedhargs89/context-keeper Co-Authored-By: Claude Sonnet 4.6 --- skills/ck/SKILL.md | 147 ++++++++++++ skills/ck/commands/forget.mjs | 44 ++++ skills/ck/commands/info.mjs | 24 ++ skills/ck/commands/init.mjs | 143 +++++++++++ skills/ck/commands/list.mjs | 41 ++++ skills/ck/commands/migrate.mjs | 198 +++++++++++++++ skills/ck/commands/resume.mjs | 41 ++++ skills/ck/commands/save.mjs | 210 ++++++++++++++++ skills/ck/commands/shared.mjs | 384 ++++++++++++++++++++++++++++++ skills/ck/hooks/session-start.mjs | 217 +++++++++++++++++ 10 files changed, 1449 insertions(+) create mode 100644 skills/ck/SKILL.md create mode 100644 skills/ck/commands/forget.mjs create mode 100644 skills/ck/commands/info.mjs create mode 100644 skills/ck/commands/init.mjs create mode 100644 skills/ck/commands/list.mjs create mode 100644 skills/ck/commands/migrate.mjs create mode 100644 skills/ck/commands/resume.mjs create mode 100644 skills/ck/commands/save.mjs create mode 100644 skills/ck/commands/shared.mjs create mode 100644 skills/ck/hooks/session-start.mjs diff --git a/skills/ck/SKILL.md b/skills/ck/SKILL.md new file mode 100644 index 00000000..a5f0adf2 --- /dev/null +++ b/skills/ck/SKILL.md @@ -0,0 +1,147 @@ +--- +name: ck +description: Persistent per-project memory for Claude Code. Auto-loads project context on session start, tracks sessions with git activity, and writes to native memory. Commands run deterministic Node.js scripts — behavior is consistent across model versions. +origin: community +version: 2.0.0 +author: sreedhargs89 +repo: https://github.com/sreedhargs89/context-keeper +--- + +# ck — Context Keeper + +You are the **Context Keeper** assistant. When the user invokes any `/ck:*` command, +run the corresponding Node.js script and present its stdout to the user verbatim. +Scripts live at: `~/.claude/skills/ck/commands/` (expand `~` with `$HOME`). + +--- + +## Data Layout + +``` +~/.claude/ck/ +├── projects.json ← path → {name, contextDir, lastUpdated} +└── contexts// + ├── context.json ← SOURCE OF TRUTH (structured JSON, v2) + └── CONTEXT.md ← generated view — do not hand-edit +``` + +--- + +## Commands + +### `/ck:init` — Register a Project +```bash +node "$HOME/.claude/skills/ck/commands/init.mjs" +``` +The script outputs JSON with auto-detected info. Present it as a confirmation draft: +``` +Here's what I found — confirm or edit anything: +Project: +Description: +Stack: +Goal: +Do-nots: +Repo: +``` +Wait for user approval. Apply any edits. Then pipe confirmed JSON to save.mjs --init: +```bash +echo '' | node "$HOME/.claude/skills/ck/commands/save.mjs" --init +``` +Confirmed JSON schema: `{"name":"...","path":"...","description":"...","stack":["..."],"goal":"...","constraints":["..."],"repo":"..." }` + +--- + +### `/ck:save` — Save Session State +**This is the only command requiring LLM analysis.** Analyze the current conversation: +- `summary`: one sentence, max 10 words, what was accomplished +- `leftOff`: what was actively being worked on (specific file/feature/bug) +- `nextSteps`: ordered array of concrete next steps +- `decisions`: array of `{what, why}` for decisions made this session +- `blockers`: array of current blockers (empty array if none) +- `goal`: updated goal string **only if it changed this session**, else omit + +Show a draft summary to the user: `"Session: '' — save this? (yes / edit)"` +Wait for confirmation. Then pipe to save.mjs: +```bash +echo '' | node "$HOME/.claude/skills/ck/commands/save.mjs" +``` +JSON schema (exact): `{"summary":"...","leftOff":"...","nextSteps":["..."],"decisions":[{"what":"...","why":"..."}],"blockers":["..."]}` +Display the script's stdout confirmation verbatim. + +--- + +### `/ck:resume [name|number]` — Full Briefing +```bash +node "$HOME/.claude/skills/ck/commands/resume.mjs" [arg] +``` +Display output verbatim. Then ask: "Continue from here? Or has anything changed?" +If user reports changes → run `/ck:save` immediately. + +--- + +### `/ck:info [name|number]` — Quick Snapshot +```bash +node "$HOME/.claude/skills/ck/commands/info.mjs" [arg] +``` +Display output verbatim. No follow-up question. + +--- + +### `/ck:list` — Portfolio View +```bash +node "$HOME/.claude/skills/ck/commands/list.mjs" +``` +Display output verbatim. If user replies with a number or name → run `/ck:resume`. + +--- + +### `/ck:forget [name|number]` — Remove a Project +First resolve the project name (run `/ck:list` if needed). +Ask: `"This will permanently delete context for ''. Are you sure? (yes/no)"` +If yes: +```bash +node "$HOME/.claude/skills/ck/commands/forget.mjs" [name] +``` +Display confirmation verbatim. + +--- + +### `/ck:migrate` — Convert v1 Data to v2 +```bash +node "$HOME/.claude/skills/ck/commands/migrate.mjs" +``` +For a dry run first: +```bash +node "$HOME/.claude/skills/ck/commands/migrate.mjs" --dry-run +``` +Display output verbatim. Migrates all v1 CONTEXT.md + meta.json files to v2 context.json. +Originals are backed up as `meta.json.v1-backup` — nothing is deleted. + +--- + +## SessionStart Hook + +The hook at `~/.claude/skills/ck/hooks/session-start.mjs` must be registered in +`~/.claude/settings.json` to auto-load project context on session start: + +```json +{ + "hooks": { + "SessionStart": [ + { "hooks": [{ "type": "command", "command": "node \"~/.claude/skills/ck/hooks/session-start.mjs\"" }] } + ] + } +} +``` + +The hook injects ~100 tokens per session (compact 5-line summary). It also detects +unsaved sessions, git activity since last save, and goal mismatches vs CLAUDE.md. + +--- + +## Rules +- Always expand `~` as `$HOME` in Bash calls. +- Commands are case-insensitive: `/CK:SAVE`, `/ck:save`, `/Ck:Save` all work. +- If a script exits with code 1, display its stdout as an error message. +- Never edit `context.json` or `CONTEXT.md` directly — always use the scripts. +- If `projects.json` is malformed, tell the user and offer to reset it to `{}`. diff --git a/skills/ck/commands/forget.mjs b/skills/ck/commands/forget.mjs new file mode 100644 index 00000000..8b88c776 --- /dev/null +++ b/skills/ck/commands/forget.mjs @@ -0,0 +1,44 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * forget.mjs — remove a project's context and registry entry + * + * Usage: node forget.mjs [name|number] + * stdout: confirmation or error + * exit 0: success exit 1: not found + * + * Note: SKILL.md instructs Claude to ask "Are you sure?" before calling this script. + * This script is the "do it" step — no confirmation prompt here. + */ + +import { rmSync } from 'fs'; +import { resolve } from 'path'; +import { resolveContext, readProjects, writeProjects, CONTEXTS_DIR } from './shared.mjs'; + +const arg = process.argv[2]; +const cwd = process.env.PWD || process.cwd(); + +const resolved = resolveContext(arg, cwd); +if (!resolved) { + const hint = arg ? `No project matching "${arg}".` : 'This directory is not registered.'; + console.log(`${hint}`); + process.exit(1); +} + +const { name, contextDir, projectPath } = resolved; + +// Remove context directory +const contextDirPath = resolve(CONTEXTS_DIR, contextDir); +try { + rmSync(contextDirPath, { recursive: true, force: true }); +} catch (e) { + console.log(`ck: could not remove context directory — ${e.message}`); + process.exit(1); +} + +// Remove from projects.json +const projects = readProjects(); +delete projects[projectPath]; +writeProjects(projects); + +console.log(`✓ Context for '${name}' removed.`); diff --git a/skills/ck/commands/info.mjs b/skills/ck/commands/info.mjs new file mode 100644 index 00000000..5ca86ac7 --- /dev/null +++ b/skills/ck/commands/info.mjs @@ -0,0 +1,24 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * info.mjs — quick read-only context snapshot + * + * Usage: node info.mjs [name|number] + * stdout: compact info block + * exit 0: success exit 1: not found + */ + +import { resolveContext, renderInfoBlock } from './shared.mjs'; + +const arg = process.argv[2]; +const cwd = process.env.PWD || process.cwd(); + +const resolved = resolveContext(arg, cwd); +if (!resolved) { + const hint = arg ? `No project matching "${arg}".` : 'This directory is not registered.'; + console.log(`${hint} Run /ck:init to register it.`); + process.exit(1); +} + +console.log(''); +console.log(renderInfoBlock(resolved.context)); diff --git a/skills/ck/commands/init.mjs b/skills/ck/commands/init.mjs new file mode 100644 index 00000000..ef8e647b --- /dev/null +++ b/skills/ck/commands/init.mjs @@ -0,0 +1,143 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * init.mjs — auto-detect project info and output JSON for Claude to confirm + * + * Usage: node init.mjs + * stdout: JSON with auto-detected project info + * exit 0: success exit 1: error + */ + +import { readFileSync, existsSync } from 'fs'; +import { resolve } from 'path'; +import { readProjects } from './shared.mjs'; + +const cwd = process.env.PWD || process.cwd(); +const projects = readProjects(); + +const output = { + path: cwd, + name: null, + description: null, + stack: [], + goal: null, + constraints: [], + repo: null, + alreadyRegistered: !!projects[cwd], +}; + +function readFile(filename) { + const p = resolve(cwd, filename); + if (!existsSync(p)) return null; + try { return readFileSync(p, 'utf8'); } catch { return null; } +} + +function extractSection(md, heading) { + const re = new RegExp(`## ${heading}\\n([\\s\\S]*?)(?=\\n## |$)`); + const m = md.match(re); + return m ? m[1].trim() : null; +} + +// ── package.json ────────────────────────────────────────────────────────────── +const pkg = readFile('package.json'); +if (pkg) { + try { + const parsed = JSON.parse(pkg); + if (parsed.name && !output.name) output.name = parsed.name; + if (parsed.description && !output.description) output.description = parsed.description; + + // Detect stack from dependencies + const deps = Object.keys({ ...(parsed.dependencies || {}), ...(parsed.devDependencies || {}) }); + const stackMap = { + next: 'Next.js', react: 'React', vue: 'Vue', svelte: 'Svelte', astro: 'Astro', + express: 'Express', fastify: 'Fastify', hono: 'Hono', nestjs: 'NestJS', + typescript: 'TypeScript', prisma: 'Prisma', drizzle: 'Drizzle', + '@neondatabase/serverless': 'Neon', '@upstash/redis': 'Upstash Redis', + '@clerk/nextjs': 'Clerk', stripe: 'Stripe', tailwindcss: 'Tailwind CSS', + }; + for (const [dep, label] of Object.entries(stackMap)) { + if (deps.includes(dep) && !output.stack.includes(label)) { + output.stack.push(label); + } + } + if (deps.includes('typescript') || existsSync(resolve(cwd, 'tsconfig.json'))) { + if (!output.stack.includes('TypeScript')) output.stack.push('TypeScript'); + } + } catch { /* malformed package.json */ } +} + +// ── go.mod ──────────────────────────────────────────────────────────────────── +const goMod = readFile('go.mod'); +if (goMod) { + if (!output.stack.includes('Go')) output.stack.push('Go'); + const modName = goMod.match(/^module\s+(\S+)/m)?.[1]; + if (modName && !output.name) output.name = modName.split('/').pop(); +} + +// ── Cargo.toml ──────────────────────────────────────────────────────────────── +const cargo = readFile('Cargo.toml'); +if (cargo) { + if (!output.stack.includes('Rust')) output.stack.push('Rust'); + const crateName = cargo.match(/^name\s*=\s*"(.+?)"/m)?.[1]; + if (crateName && !output.name) output.name = crateName; +} + +// ── pyproject.toml ──────────────────────────────────────────────────────────── +const pyproject = readFile('pyproject.toml'); +if (pyproject) { + if (!output.stack.includes('Python')) output.stack.push('Python'); + const pyName = pyproject.match(/^name\s*=\s*"(.+?)"/m)?.[1]; + if (pyName && !output.name) output.name = pyName; +} + +// ── .git/config (repo URL) ──────────────────────────────────────────────────── +const gitConfig = readFile('.git/config'); +if (gitConfig) { + const repoMatch = gitConfig.match(/url\s*=\s*(.+)/); + if (repoMatch) output.repo = repoMatch[1].trim(); +} + +// ── CLAUDE.md ───────────────────────────────────────────────────────────────── +const claudeMd = readFile('CLAUDE.md'); +if (claudeMd) { + const goal = extractSection(claudeMd, 'Current Goal'); + if (goal && !output.goal) output.goal = goal.split('\n')[0].trim(); + + const doNot = extractSection(claudeMd, 'Do Not Do'); + if (doNot) { + const bullets = doNot.split('\n') + .filter(l => /^[-*]\s+/.test(l)) + .map(l => l.replace(/^[-*]\s+/, '').trim()); + output.constraints = bullets; + } + + const stack = extractSection(claudeMd, 'Tech Stack'); + if (stack && output.stack.length === 0) { + output.stack = stack.split(/[,\n]/).map(s => s.replace(/^[-*]\s+/, '').trim()).filter(Boolean); + } + + // Description from first section or "What This Is" + const whatItIs = extractSection(claudeMd, 'What This Is') || extractSection(claudeMd, 'About'); + if (whatItIs && !output.description) output.description = whatItIs.split('\n')[0].trim(); +} + +// ── README.md (description fallback) ───────────────────────────────────────── +const readme = readFile('README.md'); +if (readme && !output.description) { + // First non-header, non-badge, non-empty paragraph + const lines = readme.split('\n'); + for (const line of lines) { + const trimmed = line.trim(); + if (trimmed && !trimmed.startsWith('#') && !trimmed.startsWith('!') && !trimmed.startsWith('>') && !trimmed.startsWith('[') && trimmed !== '---' && trimmed !== '___') { + output.description = trimmed.slice(0, 120); + break; + } + } +} + +// ── Name fallback: directory name ───────────────────────────────────────────── +if (!output.name) { + output.name = cwd.split('/').pop().toLowerCase().replace(/\s+/g, '-'); +} + +console.log(JSON.stringify(output, null, 2)); diff --git a/skills/ck/commands/list.mjs b/skills/ck/commands/list.mjs new file mode 100644 index 00000000..c4cd04e2 --- /dev/null +++ b/skills/ck/commands/list.mjs @@ -0,0 +1,41 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * list.mjs — portfolio view of all registered projects + * + * Usage: node list.mjs + * stdout: ASCII table of all projects + prompt to resume + * exit 0: success exit 1: no projects + */ + +import { readProjects, loadContext, today, CONTEXTS_DIR } from './shared.mjs'; +import { renderListTable } from './shared.mjs'; + +const cwd = process.env.PWD || process.cwd(); +const projects = readProjects(); +const entries = Object.entries(projects); + +if (entries.length === 0) { + console.log('No projects registered. Run /ck:init to get started.'); + process.exit(1); +} + +// Build enriched list sorted alphabetically by contextDir +const enriched = entries + .map(([path, info]) => { + const context = loadContext(info.contextDir); + return { + name: info.name, + contextDir: info.contextDir, + path, + context, + lastUpdated: info.lastUpdated, + }; + }) + .sort((a, b) => a.contextDir.localeCompare(b.contextDir)); + +const table = renderListTable(enriched, cwd, today()); +console.log(''); +console.log(table); +console.log(''); +console.log('Resume which? (number or name)'); diff --git a/skills/ck/commands/migrate.mjs b/skills/ck/commands/migrate.mjs new file mode 100644 index 00000000..d4966fa8 --- /dev/null +++ b/skills/ck/commands/migrate.mjs @@ -0,0 +1,198 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * migrate.mjs — convert v1 (CONTEXT.md + meta.json) to v2 (context.json) + * + * Usage: + * node migrate.mjs — migrate all v1 projects + * node migrate.mjs --dry-run — preview without writing + * + * Safe: backs up meta.json to meta.json.v1-backup, never deletes data. + * exit 0: success exit 1: error + */ + +import { readFileSync, writeFileSync, existsSync, renameSync } from 'fs'; +import { resolve } from 'path'; +import { readProjects, writeProjects, saveContext, today, shortId, CONTEXTS_DIR } from './shared.mjs'; + +const isDryRun = process.argv.includes('--dry-run'); + +if (isDryRun) { + console.log('ck migrate — DRY RUN (no files will be written)\n'); +} + +// ── v1 markdown parsers ─────────────────────────────────────────────────────── + +function extractSection(md, heading) { + const re = new RegExp(`## ${heading}\\n([\\s\\S]*?)(?=\\n## |$)`); + const m = md.match(re); + return m ? m[1].trim() : null; +} + +function parseBullets(text) { + if (!text) return []; + return text.split('\n') + .filter(l => /^[-*\d]\s/.test(l.trim())) + .map(l => l.replace(/^[-*\d]+\.?\s+/, '').trim()) + .filter(Boolean); +} + +function parseDecisionsTable(text) { + if (!text) return []; + const rows = []; + for (const line of text.split('\n')) { + if (!line.startsWith('|') || line.match(/^[|\s-]+$/)) continue; + const cols = line.split('|').map(c => c.trim()).filter((c, i) => i > 0 && i < 4); + if (cols.length >= 1 && !cols[0].startsWith('Decision') && !cols[0].startsWith('_')) { + rows.push({ what: cols[0] || '', why: cols[1] || '', date: cols[2] || '' }); + } + } + return rows; +} + +/** + * Parse "Where I Left Off" which in v1 can be: + * - Simple bullet list + * - Multi-session blocks: "Session N (date):\n- bullet\n" + * Returns array of session-like objects {date?, leftOff} + */ +function parseLeftOff(text) { + if (!text) return [{ leftOff: null }]; + + // Detect multi-session format: "Session N ..." + const sessionBlocks = text.split(/(?=Session \d+)/); + if (sessionBlocks.length > 1) { + return sessionBlocks + .filter(b => b.trim()) + .map(block => { + const dateMatch = block.match(/\((\d{4}-\d{2}-\d{2})\)/); + const bullets = parseBullets(block); + return { + date: dateMatch?.[1] || null, + leftOff: bullets.length ? bullets.join('\n') : block.replace(/^Session \d+.*\n/, '').trim(), + }; + }); + } + + // Simple format + const bullets = parseBullets(text); + return [{ leftOff: bullets.length ? bullets.join('\n') : text.trim() }]; +} + +// ── Main migration ───────────────────────────────────────────────────────────── + +const projects = readProjects(); +let migrated = 0; +let skipped = 0; +let errors = 0; + +for (const [projectPath, info] of Object.entries(projects)) { + const contextDir = info.contextDir; + const contextDirPath = resolve(CONTEXTS_DIR, contextDir); + const contextJsonPath = resolve(contextDirPath, 'context.json'); + const contextMdPath = resolve(contextDirPath, 'CONTEXT.md'); + const metaPath = resolve(contextDirPath, 'meta.json'); + + // Already v2 + if (existsSync(contextJsonPath)) { + try { + const existing = JSON.parse(readFileSync(contextJsonPath, 'utf8')); + if (existing.version === 2) { + console.log(` ✓ ${contextDir} — already v2, skipping`); + skipped++; + continue; + } + } catch { /* fall through to migrate */ } + } + + console.log(`\n → Migrating: ${contextDir}`); + + try { + // Read v1 files + const contextMd = existsSync(contextMdPath) ? readFileSync(contextMdPath, 'utf8') : ''; + let meta = {}; + if (existsSync(metaPath)) { + try { meta = JSON.parse(readFileSync(metaPath, 'utf8')); } catch {} + } + + // Extract fields from CONTEXT.md + const description = extractSection(contextMd, 'What This Is') || extractSection(contextMd, 'About') || null; + const stackRaw = extractSection(contextMd, 'Tech Stack') || ''; + const stack = stackRaw.split(/[,\n]/).map(s => s.replace(/^[-*]\s+/, '').trim()).filter(Boolean); + const goal = (extractSection(contextMd, 'Current Goal') || '').split('\n')[0].trim() || null; + const constraintRaw = extractSection(contextMd, 'Do Not Do') || ''; + const constraints = parseBullets(constraintRaw); + const decisionsRaw = extractSection(contextMd, 'Decisions Made') || ''; + const decisions = parseDecisionsTable(decisionsRaw); + const nextStepsRaw = extractSection(contextMd, 'Next Steps') || ''; + const nextSteps = parseBullets(nextStepsRaw); + const blockersRaw = extractSection(contextMd, 'Blockers') || ''; + const blockers = parseBullets(blockersRaw).filter(b => b.toLowerCase() !== 'none'); + const leftOffRaw = extractSection(contextMd, 'Where I Left Off') || ''; + const leftOffParsed = parseLeftOff(leftOffRaw); + + // Build sessions from parsed left-off blocks (may be multiple) + const sessions = leftOffParsed.map((lo, idx) => ({ + id: idx === leftOffParsed.length - 1 && meta.lastSessionId + ? meta.lastSessionId.slice(0, 8) + : shortId(), + date: lo.date || meta.lastUpdated || today(), + summary: idx === leftOffParsed.length - 1 + ? (meta.lastSessionSummary || 'Migrated from v1') + : `Session ${idx + 1} (migrated)`, + leftOff: lo.leftOff, + nextSteps: idx === leftOffParsed.length - 1 ? nextSteps : [], + decisions: idx === leftOffParsed.length - 1 ? decisions : [], + blockers: idx === leftOffParsed.length - 1 ? blockers : [], + })); + + const context = { + version: 2, + name: contextDir, + path: meta.path || projectPath, + description, + stack, + goal, + constraints, + repo: meta.repo || null, + createdAt: meta.lastUpdated || today(), + sessions, + }; + + if (isDryRun) { + console.log(` description: ${description?.slice(0, 60) || '(none)'}`); + console.log(` stack: ${stack.join(', ') || '(none)'}`); + console.log(` goal: ${goal?.slice(0, 60) || '(none)'}`); + console.log(` sessions: ${sessions.length}`); + console.log(` decisions: ${decisions.length}`); + console.log(` nextSteps: ${nextSteps.length}`); + migrated++; + continue; + } + + // Backup meta.json + if (existsSync(metaPath)) { + renameSync(metaPath, resolve(contextDirPath, 'meta.json.v1-backup')); + } + + // Write context.json + regenerated CONTEXT.md + saveContext(contextDir, context); + + // Update projects.json entry + projects[projectPath].lastUpdated = today(); + + console.log(` ✓ Migrated — ${sessions.length} session(s), ${decisions.length} decision(s)`); + migrated++; + } catch (e) { + console.log(` ✗ Error: ${e.message}`); + errors++; + } +} + +if (!isDryRun && migrated > 0) { + writeProjects(projects); +} + +console.log(`\nck migrate: ${migrated} migrated, ${skipped} already v2, ${errors} errors`); +if (isDryRun) console.log('Run without --dry-run to apply.'); +if (errors > 0) process.exit(1); diff --git a/skills/ck/commands/resume.mjs b/skills/ck/commands/resume.mjs new file mode 100644 index 00000000..b384fcd8 --- /dev/null +++ b/skills/ck/commands/resume.mjs @@ -0,0 +1,41 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * resume.mjs — full project briefing + * + * Usage: node resume.mjs [name|number] + * stdout: bordered briefing box + * exit 0: success exit 1: not found + */ + +import { resolveContext, renderBriefingBox } from './shared.mjs'; +import { execSync } from 'child_process'; + +const arg = process.argv[2]; +const cwd = process.env.PWD || process.cwd(); + +const resolved = resolveContext(arg, cwd); +if (!resolved) { + const hint = arg ? `No project matching "${arg}".` : 'This directory is not registered.'; + console.log(`${hint} Run /ck:init to register it.`); + process.exit(1); +} + +const { context, projectPath } = resolved; + +// Attempt to cd to the project path +if (projectPath && projectPath !== cwd) { + try { + const exists = execSync(`test -d "${projectPath}" && echo yes || echo no`, { + stdio: 'pipe', encoding: 'utf8', timeout: 2000, + }).trim(); + if (exists === 'yes') { + console.log(`→ cd ${projectPath}`); + } else { + console.log(`⚠ Path not found: ${projectPath}`); + } + } catch { /* non-fatal */ } +} + +console.log(''); +console.log(renderBriefingBox(context)); diff --git a/skills/ck/commands/save.mjs b/skills/ck/commands/save.mjs new file mode 100644 index 00000000..522e7848 --- /dev/null +++ b/skills/ck/commands/save.mjs @@ -0,0 +1,210 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * save.mjs — write session data to context.json, regenerate CONTEXT.md, + * and write a native memory entry. + * + * Usage (regular save): + * echo '' | node save.mjs + * JSON schema: { summary, leftOff, nextSteps[], decisions[{what,why}], blockers[], goal? } + * + * Usage (init — first registration): + * echo '' | node save.mjs --init + * JSON schema: { name, path, description, stack[], goal, constraints[], repo? } + * + * stdout: confirmation message + * exit 0: success exit 1: error + */ + +import { readFileSync, mkdirSync, writeFileSync } from 'fs'; +import { resolve } from 'path'; +import { + readProjects, writeProjects, loadContext, saveContext, + today, shortId, gitSummary, nativeMemoryDir, encodeProjectPath, + CONTEXTS_DIR, CURRENT_SESSION, +} from './shared.mjs'; + +const isInit = process.argv.includes('--init'); +const cwd = process.env.PWD || process.cwd(); + +// ── Read JSON from stdin ────────────────────────────────────────────────────── +let input; +try { + const raw = readFileSync(0, 'utf8').trim(); + if (!raw) throw new Error('empty stdin'); + input = JSON.parse(raw); +} catch (e) { + console.error(`ck save: invalid JSON on stdin — ${e.message}`); + console.log('Expected schema (save): {"summary":"...","leftOff":"...","nextSteps":["..."],"decisions":[{"what":"...","why":"..."}],"blockers":["..."]}'); + console.log('Expected schema (--init): {"name":"...","path":"...","description":"...","stack":["..."],"goal":"...","constraints":["..."]}'); + process.exit(1); +} + +// ───────────────────────────────────────────────────────────────────────────── +// INIT MODE: first-time project registration +// ───────────────────────────────────────────────────────────────────────────── +if (isInit) { + const { name, path: projectPath, description, stack, goal, constraints, repo } = input; + + if (!name || !projectPath) { + console.log('ck init: name and path are required.'); + process.exit(1); + } + + const projects = readProjects(); + + // Derive contextDir (lowercase, spaces→dashes, deduplicate) + let contextDir = name.toLowerCase().replace(/\s+/g, '-').replace(/[^a-z0-9-]/g, ''); + let suffix = 2; + const existingDirs = Object.values(projects).map(p => p.contextDir); + while (existingDirs.includes(contextDir) && projects[projectPath]?.contextDir !== contextDir) { + contextDir = `${contextDir.replace(/-\d+$/, '')}-${suffix++}`; + } + + const context = { + version: 2, + name: contextDir, + displayName: name, + path: projectPath, + description: description || null, + stack: Array.isArray(stack) ? stack : (stack ? [stack] : []), + goal: goal || null, + constraints: Array.isArray(constraints) ? constraints : [], + repo: repo || null, + createdAt: today(), + sessions: [], + }; + + saveContext(contextDir, context); + + // Update projects.json + projects[projectPath] = { + name: contextDir, + contextDir, + lastUpdated: today(), + }; + writeProjects(projects); + + console.log(`✓ Project '${contextDir}' registered.`); + console.log(` Use /ck:save to save session state and /ck:resume to reload it next time.`); + process.exit(0); +} + +// ───────────────────────────────────────────────────────────────────────────── +// SAVE MODE: record a session +// ───────────────────────────────────────────────────────────────────────────── +const projects = readProjects(); +const projectEntry = projects[cwd]; + +if (!projectEntry) { + console.log("This project isn't registered yet. Run /ck:init first."); + process.exit(1); +} + +const { contextDir } = projectEntry; +let context = loadContext(contextDir); + +if (!context) { + console.log(`ck: context.json not found for '${contextDir}'. The install may be corrupted.`); + process.exit(1); +} + +// Get session ID from current-session.json +let sessionId; +try { + const sess = JSON.parse(readFileSync(CURRENT_SESSION, 'utf8')); + sessionId = sess.sessionId || shortId(); +} catch { + sessionId = shortId(); +} + +// Check for duplicate (re-save of same session) +const existingIdx = context.sessions.findIndex(s => s.id === sessionId); + +const { summary, leftOff, nextSteps, decisions, blockers, goal } = input; + +// Capture git activity since the last session +const lastSessionDate = context.sessions?.[context.sessions.length - 1]?.date; +const gitActivity = gitSummary(cwd, lastSessionDate); + +const session = { + id: sessionId, + date: today(), + summary: summary || 'Session saved', + leftOff: leftOff || null, + nextSteps: Array.isArray(nextSteps) ? nextSteps : (nextSteps ? [nextSteps] : []), + decisions: Array.isArray(decisions) ? decisions : [], + blockers: Array.isArray(blockers) ? blockers.filter(Boolean) : [], + ...(gitActivity ? { gitActivity } : {}), +}; + +if (existingIdx >= 0) { + // Update existing session (re-save) + context.sessions[existingIdx] = session; +} else { + context.sessions.push(session); +} + +// Update goal if provided +if (goal && goal !== context.goal) { + context.goal = goal; +} + +// Save context.json + regenerate CONTEXT.md +saveContext(contextDir, context); + +// Update projects.json timestamp +projects[cwd].lastUpdated = today(); +writeProjects(projects); + +// ── Write to native memory ──────────────────────────────────────────────────── +try { + const memDir = nativeMemoryDir(cwd); + mkdirSync(memDir, { recursive: true }); + + const memFile = resolve(memDir, `ck_${today()}_${sessionId.slice(0, 8)}.md`); + const decisionsBlock = session.decisions.length + ? session.decisions.map(d => `- **${d.what}**: ${d.why || ''}`).join('\n') + : '- None this session'; + const nextBlock = session.nextSteps.length + ? session.nextSteps.map((s, i) => `${i + 1}. ${s}`).join('\n') + : '- None recorded'; + const blockersBlock = session.blockers.length + ? session.blockers.map(b => `- ${b}`).join('\n') + : '- None'; + + const memContent = [ + `---`, + `name: Session ${today()} — ${session.summary}`, + `description: Key decisions and outcomes from ck session ${sessionId.slice(0, 8)}`, + `type: project`, + `source: ck`, + `sessionId: ${sessionId}`, + `---`, + ``, + `# Session: ${session.summary}`, + ``, + `## Decisions`, + decisionsBlock, + ``, + `## Left Off`, + session.leftOff || '—', + ``, + `## Next Steps`, + nextBlock, + ``, + `## Blockers`, + blockersBlock, + ``, + ...(gitActivity ? [`## Git Activity`, gitActivity, ``] : []), + ].join('\n'); + + writeFileSync(memFile, memContent, 'utf8'); +} catch (e) { + // Non-fatal — native memory write failure should not block the save + process.stderr.write(`ck: warning — could not write native memory entry: ${e.message}\n`); +} + +console.log(`✓ Saved. Session: ${sessionId.slice(0, 8)}`); +if (gitActivity) console.log(` Git: ${gitActivity}`); +console.log(` See you next time.`); diff --git a/skills/ck/commands/shared.mjs b/skills/ck/commands/shared.mjs new file mode 100644 index 00000000..248b3cad --- /dev/null +++ b/skills/ck/commands/shared.mjs @@ -0,0 +1,384 @@ +/** + * ck — Context Keeper v2 + * shared.mjs — common utilities for all command scripts + * + * No external dependencies. Node.js stdlib only. + */ + +import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from 'fs'; +import { resolve, basename } from 'path'; +import { homedir } from 'os'; +import { execSync } from 'child_process'; +import { randomBytes } from 'crypto'; + +// ─── Paths ──────────────────────────────────────────────────────────────────── + +export const CK_HOME = resolve(homedir(), '.claude', 'ck'); +export const CONTEXTS_DIR = resolve(CK_HOME, 'contexts'); +export const PROJECTS_FILE = resolve(CK_HOME, 'projects.json'); +export const CURRENT_SESSION = resolve(CK_HOME, 'current-session.json'); +export const SKILL_FILE = resolve(homedir(), '.claude', 'skills', 'ck', 'SKILL.md'); + +// ─── JSON I/O ───────────────────────────────────────────────────────────────── + +export function readJson(filePath) { + try { + if (!existsSync(filePath)) return null; + return JSON.parse(readFileSync(filePath, 'utf8')); + } catch { + return null; + } +} + +export function writeJson(filePath, data) { + const dir = resolve(filePath, '..'); + mkdirSync(dir, { recursive: true }); + writeFileSync(filePath, JSON.stringify(data, null, 2) + '\n', 'utf8'); +} + +export function readProjects() { + return readJson(PROJECTS_FILE) || {}; +} + +export function writeProjects(projects) { + writeJson(PROJECTS_FILE, projects); +} + +// ─── Context I/O ────────────────────────────────────────────────────────────── + +export function contextPath(contextDir) { + return resolve(CONTEXTS_DIR, contextDir, 'context.json'); +} + +export function contextMdPath(contextDir) { + return resolve(CONTEXTS_DIR, contextDir, 'CONTEXT.md'); +} + +export function loadContext(contextDir) { + return readJson(contextPath(contextDir)); +} + +export function saveContext(contextDir, data) { + const dir = resolve(CONTEXTS_DIR, contextDir); + mkdirSync(dir, { recursive: true }); + writeJson(contextPath(contextDir), data); + writeFileSync(contextMdPath(contextDir), renderContextMd(data), 'utf8'); +} + +/** + * Resolve which project to operate on. + * @param {string|undefined} arg — undefined = cwd match, number string = alphabetical index, else name search + * @param {string} cwd + * @returns {{ name, contextDir, projectPath, context } | null} + */ +export function resolveContext(arg, cwd) { + const projects = readProjects(); + const entries = Object.entries(projects); // [path, {name, contextDir, lastUpdated}] + + if (!arg) { + // Match by cwd + const entry = projects[cwd]; + if (!entry) return null; + const context = loadContext(entry.contextDir); + if (!context) return null; + return { name: entry.name, contextDir: entry.contextDir, projectPath: cwd, context }; + } + + // Collect all contexts sorted alphabetically by contextDir + const sorted = entries + .map(([path, info]) => ({ path, ...info })) + .sort((a, b) => a.contextDir.localeCompare(b.contextDir)); + + const asNumber = parseInt(arg, 10); + if (!isNaN(asNumber) && String(asNumber) === arg) { + // Number-based lookup (1-indexed) + const item = sorted[asNumber - 1]; + if (!item) return null; + const context = loadContext(item.contextDir); + if (!context) return null; + return { name: item.name, contextDir: item.contextDir, projectPath: item.path, context }; + } + + // Name-based lookup: exact > prefix > substring (case-insensitive) + const lower = arg.toLowerCase(); + let match = + sorted.find(e => e.name.toLowerCase() === lower) || + sorted.find(e => e.name.toLowerCase().startsWith(lower)) || + sorted.find(e => e.name.toLowerCase().includes(lower)); + + if (!match) return null; + const context = loadContext(match.contextDir); + if (!context) return null; + return { name: match.name, contextDir: match.contextDir, projectPath: match.path, context }; +} + +// ─── Date helpers ───────────────────────────────────────────────────────────── + +export function today() { + return new Date().toISOString().slice(0, 10); +} + +export function daysAgoLabel(dateStr) { + if (!dateStr) return 'unknown'; + const diff = Math.floor((Date.now() - new Date(dateStr)) / 86_400_000); + if (diff === 0) return 'Today'; + if (diff === 1) return '1 day ago'; + return `${diff} days ago`; +} + +export function stalenessIcon(dateStr) { + if (!dateStr) return '○'; + const diff = Math.floor((Date.now() - new Date(dateStr)) / 86_400_000); + if (diff < 1) return '●'; + if (diff <= 5) return '◐'; + return '○'; +} + +// ─── ID generation ──────────────────────────────────────────────────────────── + +export function shortId() { + return randomBytes(4).toString('hex'); +} + +// ─── Git helpers ────────────────────────────────────────────────────────────── + +function runGit(args, cwd) { + try { + return execSync(`git -C "${cwd}" ${args}`, { + timeout: 3000, + stdio: 'pipe', + encoding: 'utf8', + }).trim(); + } catch { + return null; + } +} + +export function gitLogSince(projectPath, sinceDate) { + if (!sinceDate) return null; + return runGit(`log --oneline --since="${sinceDate}"`, projectPath); +} + +export function gitSummary(projectPath, sinceDate) { + const log = gitLogSince(projectPath, sinceDate); + if (!log) return null; + const commits = log.split('\n').filter(Boolean).length; + if (commits === 0) return null; + + // Count unique files changed across those commits + const diff = runGit(`diff --shortstat HEAD@{$(git -C "${projectPath}" rev-list --count HEAD --since="${sinceDate}")}..HEAD 2>/dev/null`, projectPath) + || runGit(`diff --shortstat HEAD~${Math.min(commits, 50)}..HEAD`, projectPath); + + if (diff) { + const filesMatch = diff.match(/(\d+) file/); + const files = filesMatch ? parseInt(filesMatch[1]) : '?'; + return `${commits} commit${commits !== 1 ? 's' : ''}, ${files} file${files !== 1 ? 's' : ''} changed`; + } + return `${commits} commit${commits !== 1 ? 's' : ''}`; +} + +// ─── Native memory path encoding ────────────────────────────────────────────── + +export function encodeProjectPath(absolutePath) { + // "/Users/sree/dev/app" -> "-Users-sree-dev-app" + return absolutePath.replace(/\//g, '-'); +} + +export function nativeMemoryDir(absolutePath) { + const encoded = encodeProjectPath(absolutePath); + return resolve(homedir(), '.claude', 'projects', encoded, 'memory'); +} + +// ─── Rendering ──────────────────────────────────────────────────────────────── + +/** Render the human-readable CONTEXT.md from context.json */ +export function renderContextMd(ctx) { + const latest = ctx.sessions?.[ctx.sessions.length - 1] || null; + const lines = [ + ``, + `# Project: ${ctx.name}`, + `> Path: ${ctx.path}`, + ]; + if (ctx.repo) lines.push(`> Repo: ${ctx.repo}`); + const sessionCount = ctx.sessions?.length || 0; + lines.push(`> Last Session: ${ctx.sessions?.[sessionCount - 1]?.date || 'never'} | Sessions: ${sessionCount}`); + lines.push(``); + lines.push(`## What This Is`); + lines.push(ctx.description || '_Not set._'); + lines.push(``); + lines.push(`## Tech Stack`); + lines.push(Array.isArray(ctx.stack) ? ctx.stack.join(', ') : (ctx.stack || '_Not set._')); + lines.push(``); + lines.push(`## Current Goal`); + lines.push(ctx.goal || '_Not set._'); + lines.push(``); + lines.push(`## Where I Left Off`); + lines.push(latest?.leftOff || '_Not yet recorded. Run /ck:save after your first session._'); + lines.push(``); + lines.push(`## Next Steps`); + if (latest?.nextSteps?.length) { + latest.nextSteps.forEach((s, i) => lines.push(`${i + 1}. ${s}`)); + } else { + lines.push(`_Not yet recorded._`); + } + lines.push(``); + lines.push(`## Blockers`); + if (latest?.blockers?.length) { + latest.blockers.forEach(b => lines.push(`- ${b}`)); + } else { + lines.push(`- None`); + } + lines.push(``); + lines.push(`## Do Not Do`); + if (ctx.constraints?.length) { + ctx.constraints.forEach(c => lines.push(`- ${c}`)); + } else { + lines.push(`- None specified`); + } + lines.push(``); + + // All decisions across sessions + const allDecisions = (ctx.sessions || []).flatMap(s => + (s.decisions || []).map(d => ({ ...d, date: s.date })) + ); + lines.push(`## Decisions Made`); + lines.push(`| Decision | Why | Date |`); + lines.push(`|----------|-----|------|`); + if (allDecisions.length) { + allDecisions.forEach(d => lines.push(`| ${d.what} | ${d.why || ''} | ${d.date || ''} |`)); + } else { + lines.push(`| _(none yet)_ | | |`); + } + lines.push(``); + + // Session history (most recent first) + if (ctx.sessions?.length > 1) { + lines.push(`## Session History`); + const reversed = [...ctx.sessions].reverse(); + reversed.forEach(s => { + lines.push(`### ${s.date} — ${s.summary || 'Session'}`); + if (s.gitActivity) lines.push(`_${s.gitActivity}_`); + if (s.leftOff) lines.push(`**Left off:** ${s.leftOff}`); + }); + lines.push(``); + } + + return lines.join('\n'); +} + +/** Render the bordered briefing box used by /ck:resume */ +export function renderBriefingBox(ctx, meta = {}) { + const latest = ctx.sessions?.[ctx.sessions.length - 1] || {}; + const W = 57; + const pad = (str, w) => { + const s = String(str || ''); + return s.length > w ? s.slice(0, w - 1) + '…' : s.padEnd(w); + }; + const row = (label, value) => `│ ${label} → ${pad(value, W - label.length - 7)}│`; + + const when = daysAgoLabel(ctx.sessions?.[ctx.sessions.length - 1]?.date); + const sessions = ctx.sessions?.length || 0; + const shortSessId = latest.id?.slice(0, 8) || null; + + const lines = [ + `┌${'─'.repeat(W)}┐`, + `│ RESUMING: ${pad(ctx.name, W - 12)}│`, + `│ Last session: ${pad(`${when} | Sessions: ${sessions}`, W - 16)}│`, + ]; + if (shortSessId) lines.push(`│ Session ID: ${pad(shortSessId, W - 14)}│`); + lines.push(`├${'─'.repeat(W)}┤`); + lines.push(row('WHAT IT IS', ctx.description || '—')); + lines.push(row('STACK ', Array.isArray(ctx.stack) ? ctx.stack.join(', ') : (ctx.stack || '—'))); + lines.push(row('PATH ', ctx.path)); + if (ctx.repo) lines.push(row('REPO ', ctx.repo)); + lines.push(row('GOAL ', ctx.goal || '—')); + lines.push(`├${'─'.repeat(W)}┤`); + lines.push(`│ WHERE I LEFT OFF${' '.repeat(W - 18)}│`); + const leftOffLines = (latest.leftOff || '—').split('\n').filter(Boolean); + leftOffLines.forEach(l => lines.push(`│ • ${pad(l, W - 7)}│`)); + lines.push(`├${'─'.repeat(W)}┤`); + lines.push(`│ NEXT STEPS${' '.repeat(W - 12)}│`); + const steps = latest.nextSteps || []; + if (steps.length) { + steps.forEach((s, i) => lines.push(`│ ${i + 1}. ${pad(s, W - 8)}│`)); + } else { + lines.push(`│ —${' '.repeat(W - 5)}│`); + } + const blockers = latest.blockers?.length ? latest.blockers.join(', ') : 'None'; + lines.push(`│ BLOCKERS → ${pad(blockers, W - 13)}│`); + if (latest.gitActivity) { + lines.push(`│ GIT → ${pad(latest.gitActivity, W - 13)}│`); + } + lines.push(`└${'─'.repeat(W)}┘`); + return lines.join('\n'); +} + +/** Render compact info block used by /ck:info */ +export function renderInfoBlock(ctx) { + const latest = ctx.sessions?.[ctx.sessions.length - 1] || {}; + const sep = '─'.repeat(44); + const lines = [ + `ck: ${ctx.name}`, + sep, + ]; + lines.push(`PATH ${ctx.path}`); + if (ctx.repo) lines.push(`REPO ${ctx.repo}`); + if (latest.id) lines.push(`SESSION ${latest.id.slice(0, 8)}`); + lines.push(`GOAL ${ctx.goal || '—'}`); + lines.push(sep); + lines.push(`WHERE I LEFT OFF`); + (latest.leftOff || '—').split('\n').filter(Boolean).forEach(l => lines.push(` • ${l}`)); + lines.push(`NEXT STEPS`); + (latest.nextSteps || []).forEach((s, i) => lines.push(` ${i + 1}. ${s}`)); + if (!latest.nextSteps?.length) lines.push(` —`); + lines.push(`BLOCKERS`); + if (latest.blockers?.length) { + latest.blockers.forEach(b => lines.push(` • ${b}`)); + } else { + lines.push(` • None`); + } + return lines.join('\n'); +} + +/** Render ASCII list table used by /ck:list */ +export function renderListTable(entries, cwd, todayStr) { + // entries: [{name, contextDir, path, context, lastUpdated}] + // Sorted alphabetically by contextDir before calling + const rows = entries.map((e, i) => { + const isHere = e.path === cwd; + const latest = e.context?.sessions?.[e.context.sessions.length - 1] || {}; + const when = daysAgoLabel(latest.date); + const icon = stalenessIcon(latest.date); + const statusLabel = icon === '●' ? '● Active' : icon === '◐' ? '◐ Warm' : '○ Stale'; + const sessId = latest.id ? latest.id.slice(0, 8) : '—'; + const summary = (latest.summary || '—').slice(0, 34); + const displayName = (e.name + (isHere ? ' <-' : '')).slice(0, 18); + return { + num: String(i + 1), + name: displayName, + status: statusLabel, + when: when.slice(0, 10), + sessId, + summary, + }; + }); + + const cols = { + num: Math.max(1, ...rows.map(r => r.num.length)), + name: Math.max(7, ...rows.map(r => r.name.length)), + status: Math.max(6, ...rows.map(r => r.status.length)), + when: Math.max(9, ...rows.map(r => r.when.length)), + sessId: Math.max(7, ...rows.map(r => r.sessId.length)), + summary: Math.max(12, ...rows.map(r => r.summary.length)), + }; + + const hr = `+${'-'.repeat(cols.num + 2)}+${'-'.repeat(cols.name + 2)}+${'-'.repeat(cols.status + 2)}+${'-'.repeat(cols.when + 2)}+${'-'.repeat(cols.sessId + 2)}+${'-'.repeat(cols.summary + 2)}+`; + const cell = (val, width) => ` ${val.padEnd(width)} `; + const headerRow = `|${cell('#', cols.num)}|${cell('Project', cols.name)}|${cell('Status', cols.status)}|${cell('Last Seen', cols.when)}|${cell('Session', cols.sessId)}|${cell('Last Summary', cols.summary)}|`; + + const dataRows = rows.map(r => + `|${cell(r.num, cols.num)}|${cell(r.name, cols.name)}|${cell(r.status, cols.status)}|${cell(r.when, cols.when)}|${cell(r.sessId, cols.sessId)}|${cell(r.summary, cols.summary)}|` + ); + + return [hr, headerRow, hr, ...dataRows, hr].join('\n'); +} diff --git a/skills/ck/hooks/session-start.mjs b/skills/ck/hooks/session-start.mjs new file mode 100644 index 00000000..e1743d65 --- /dev/null +++ b/skills/ck/hooks/session-start.mjs @@ -0,0 +1,217 @@ +#!/usr/bin/env node +/** + * ck — Context Keeper v2 + * session-start.mjs — inject compact project context on session start. + * + * Injects ~100 tokens (not ~2,500 like v1). + * SKILL.md is injected separately (still small at ~50 lines). + * + * Features: + * - Compact 5-line summary for registered projects + * - Unsaved session detection → "Last session wasn't saved. Run /ck:save." + * - Git activity since last session + * - Goal mismatch detection vs CLAUDE.md + * - Mini portfolio for unregistered directories + */ + +import { readFileSync, writeFileSync, existsSync } from 'fs'; +import { resolve } from 'path'; +import { homedir } from 'os'; +import { execSync } from 'child_process'; + +const CK_HOME = resolve(homedir(), '.claude', 'ck'); +const PROJECTS_FILE = resolve(CK_HOME, 'projects.json'); +const CURRENT_SESSION = resolve(CK_HOME, 'current-session.json'); +const SKILL_FILE = resolve(homedir(), '.claude', 'skills', 'ck', 'SKILL.md'); + +// ─── Helpers ────────────────────────────────────────────────────────────────── + +function readJson(p) { + try { return JSON.parse(readFileSync(p, 'utf8')); } catch { return null; } +} + +function daysAgo(dateStr) { + if (!dateStr) return 'unknown'; + const diff = Math.floor((Date.now() - new Date(dateStr)) / 86_400_000); + if (diff === 0) return 'today'; + if (diff === 1) return '1 day ago'; + return `${diff} days ago`; +} + +function stalenessIcon(dateStr) { + if (!dateStr) return '○'; + const diff = Math.floor((Date.now() - new Date(dateStr)) / 86_400_000); + return diff < 1 ? '●' : diff <= 5 ? '◐' : '○'; +} + +function gitLogSince(projectPath, sinceDate) { + if (!sinceDate || !existsSync(resolve(projectPath, '.git'))) return null; + try { + const result = execSync(`git -C "${projectPath}" log --oneline --since="${sinceDate}"`, { + timeout: 3000, stdio: 'pipe', encoding: 'utf8', + }).trim(); + const commits = result.split('\n').filter(Boolean).length; + return commits > 0 ? `${commits} commit${commits !== 1 ? 's' : ''} since last session` : null; + } catch { return null; } +} + +function extractClaudeMdGoal(projectPath) { + const p = resolve(projectPath, 'CLAUDE.md'); + if (!existsSync(p)) return null; + try { + const md = readFileSync(p, 'utf8'); + const m = md.match(/## Current Goal\n([\s\S]*?)(?=\n## |$)/); + return m ? m[1].trim().split('\n')[0].trim() : null; + } catch { return null; } +} + +// ─── Session ID from stdin ──────────────────────────────────────────────────── + +function readSessionId() { + try { + const raw = readFileSync(0, 'utf8'); + return JSON.parse(raw).session_id || null; + } catch { return null; } +} + +// ─── Main ───────────────────────────────────────────────────────────────────── + +function main() { + const cwd = process.env.PWD || process.cwd(); + const sessionId = readSessionId(); + + // Load skill (always inject — now only ~50 lines) + const skill = existsSync(SKILL_FILE) ? readFileSync(SKILL_FILE, 'utf8') : ''; + + const projects = readJson(PROJECTS_FILE) || {}; + const entry = projects[cwd]; + + // Write current-session.json + try { + writeFileSync(CURRENT_SESSION, JSON.stringify({ + sessionId, + projectPath: cwd, + projectName: entry?.name || null, + startedAt: new Date().toISOString(), + }, null, 2), 'utf8'); + } catch { /* non-fatal */ } + + const parts = []; + if (skill) parts.push(skill); + + // ── REGISTERED PROJECT ──────────────────────────────────────────────────── + if (entry?.contextDir) { + const contextFile = resolve(CK_HOME, 'contexts', entry.contextDir, 'context.json'); + const context = readJson(contextFile); + + if (context) { + const latest = context.sessions?.[context.sessions.length - 1] || {}; + const sessionDate = latest.date || context.createdAt; + const sessionCount = context.sessions?.length || 0; + + // ── Compact summary block (~100 tokens) ────────────────────────────── + const summaryLines = [ + `ck: ${context.name} | ${daysAgo(sessionDate)} | ${sessionCount} session${sessionCount !== 1 ? 's' : ''}`, + `Goal: ${context.goal || '—'}`, + latest.leftOff ? `Left off: ${latest.leftOff.split('\n')[0]}` : null, + latest.nextSteps?.length ? `Next: ${latest.nextSteps.slice(0, 2).join(' · ')}` : null, + ].filter(Boolean); + + // ── Unsaved session detection ───────────────────────────────────────── + const prevSession = readJson(CURRENT_SESSION); + if (prevSession?.sessionId && prevSession.sessionId !== sessionId) { + // Check if previous session ID exists in sessions array + const alreadySaved = context.sessions?.some(s => s.id === prevSession.sessionId); + if (!alreadySaved) { + summaryLines.push(`⚠ Last session wasn't saved — run /ck:save to capture it`); + } + } + + // ── Git activity ────────────────────────────────────────────────────── + const gitLine = gitLogSince(cwd, sessionDate); + if (gitLine) summaryLines.push(`Git: ${gitLine}`); + + // ── Goal mismatch detection ─────────────────────────────────────────── + const claudeMdGoal = extractClaudeMdGoal(cwd); + if (claudeMdGoal && context.goal && + claudeMdGoal.toLowerCase().trim() !== context.goal.toLowerCase().trim()) { + summaryLines.push(`⚠ Goal mismatch — ck: "${context.goal.slice(0, 40)}" · CLAUDE.md: "${claudeMdGoal.slice(0, 40)}"`); + summaryLines.push(` Run /ck:save with updated goal to sync`); + } + + parts.push([ + `---`, + `## ck: ${context.name}`, + ``, + summaryLines.join('\n'), + ].join('\n')); + + // Instruct Claude to display compact briefing at session start + parts.push([ + `---`, + `## ck: SESSION START`, + ``, + `IMPORTANT: Display the following as your FIRST message, verbatim:`, + ``, + '```', + summaryLines.join('\n'), + '```', + ``, + `After the block, add one line: "Ready — what are we working on?"`, + `If you see ⚠ warnings above, mention them briefly after the block.`, + ].join('\n')); + + return parts; + } + } + + // ── NOT IN A REGISTERED PROJECT ──────────────────────────────────────────── + const entries = Object.entries(projects); + if (entries.length === 0) return parts; + + // Load and sort by most recent + const recent = entries + .map(([path, info]) => { + const ctx = readJson(resolve(CK_HOME, 'contexts', info.contextDir, 'context.json')); + const latest = ctx?.sessions?.[ctx.sessions.length - 1] || {}; + return { name: info.name, path, lastDate: latest.date || '', summary: latest.summary || '—', ctx }; + }) + .sort((a, b) => (b.lastDate > a.lastDate ? 1 : -1)) + .slice(0, 3); + + const miniRows = recent.map(p => { + const icon = stalenessIcon(p.lastDate); + const when = daysAgo(p.lastDate); + const name = p.name.padEnd(16).slice(0, 16); + const whenStr = when.padEnd(12).slice(0, 12); + const summary = p.summary.slice(0, 32); + return ` ${name} ${icon} ${whenStr} ${summary}`; + }); + + const miniStatus = [ + `ck — recent projects:`, + ` ${'PROJECT'.padEnd(16)} S ${'LAST SEEN'.padEnd(12)} LAST SESSION`, + ` ${'─'.repeat(68)}`, + ...miniRows, + ``, + `Run /ck:list · /ck:resume · /ck:init to register this folder`, + ].join('\n'); + + parts.push([ + `---`, + `## ck: SESSION START`, + ``, + `IMPORTANT: Display the following as your FIRST message, verbatim:`, + ``, + '```', + miniStatus, + '```', + ].join('\n')); + + return parts; +} + +const parts = main(); +if (parts.length > 0) { + console.log(JSON.stringify({ additionalContext: parts.join('\n\n---\n\n') })); +} From 17f6f9509031fa1c9ce6724c3c0ca6b1d8c90ad0 Mon Sep 17 00:00:00 2001 From: Sreedhara GS Date: Fri, 27 Mar 2026 16:44:11 +0900 Subject: [PATCH 19/23] fix(ck): address Greptile + CodeRabbit review bugs - Fix read-after-write in session-start.mjs: read prevSession BEFORE overwriting current-session.json so unsaved-session detection fires - Fix shell injection in resume.mjs: replace execSync shell string with fs.existsSync for directory existence check - Fix shell injection in shared.mjs gitSummary: replace nested \$(git ...) subshell with a separate runGit() call to get rev count - Fix displayName never shown: render functions now use ctx.displayName ?? ctx.name so user-supplied names show instead of the slug - Fix renderListTable: uses context.displayName ?? entry.name - Fix init.mjs: use path.basename() instead of cwd.split('/').pop() - Fix save.mjs confirmation: show original name, not contextDir slug Co-Authored-By: Claude Sonnet 4.6 --- skills/ck/commands/init.mjs | 4 ++-- skills/ck/commands/resume.mjs | 17 ++++++----------- skills/ck/commands/save.mjs | 2 +- skills/ck/commands/shared.mjs | 15 ++++++++------- skills/ck/hooks/session-start.mjs | 9 ++++++--- 5 files changed, 23 insertions(+), 24 deletions(-) diff --git a/skills/ck/commands/init.mjs b/skills/ck/commands/init.mjs index ef8e647b..fd25bf2d 100644 --- a/skills/ck/commands/init.mjs +++ b/skills/ck/commands/init.mjs @@ -9,7 +9,7 @@ */ import { readFileSync, existsSync } from 'fs'; -import { resolve } from 'path'; +import { resolve, basename } from 'path'; import { readProjects } from './shared.mjs'; const cwd = process.env.PWD || process.cwd(); @@ -137,7 +137,7 @@ if (readme && !output.description) { // ── Name fallback: directory name ───────────────────────────────────────────── if (!output.name) { - output.name = cwd.split('/').pop().toLowerCase().replace(/\s+/g, '-'); + output.name = basename(cwd).toLowerCase().replace(/\s+/g, '-'); } console.log(JSON.stringify(output, null, 2)); diff --git a/skills/ck/commands/resume.mjs b/skills/ck/commands/resume.mjs index b384fcd8..ccb5e313 100644 --- a/skills/ck/commands/resume.mjs +++ b/skills/ck/commands/resume.mjs @@ -8,8 +8,8 @@ * exit 0: success exit 1: not found */ +import { existsSync } from 'fs'; import { resolveContext, renderBriefingBox } from './shared.mjs'; -import { execSync } from 'child_process'; const arg = process.argv[2]; const cwd = process.env.PWD || process.cwd(); @@ -25,16 +25,11 @@ const { context, projectPath } = resolved; // Attempt to cd to the project path if (projectPath && projectPath !== cwd) { - try { - const exists = execSync(`test -d "${projectPath}" && echo yes || echo no`, { - stdio: 'pipe', encoding: 'utf8', timeout: 2000, - }).trim(); - if (exists === 'yes') { - console.log(`→ cd ${projectPath}`); - } else { - console.log(`⚠ Path not found: ${projectPath}`); - } - } catch { /* non-fatal */ } + if (existsSync(projectPath)) { + console.log(`→ cd ${projectPath}`); + } else { + console.log(`⚠ Path not found: ${projectPath}`); + } } console.log(''); diff --git a/skills/ck/commands/save.mjs b/skills/ck/commands/save.mjs index 522e7848..dc60efc4 100644 --- a/skills/ck/commands/save.mjs +++ b/skills/ck/commands/save.mjs @@ -85,7 +85,7 @@ if (isInit) { }; writeProjects(projects); - console.log(`✓ Project '${contextDir}' registered.`); + console.log(`✓ Project '${name}' registered.`); console.log(` Use /ck:save to save session state and /ck:resume to reload it next time.`); process.exit(0); } diff --git a/skills/ck/commands/shared.mjs b/skills/ck/commands/shared.mjs index 248b3cad..73ae6521 100644 --- a/skills/ck/commands/shared.mjs +++ b/skills/ck/commands/shared.mjs @@ -165,9 +165,10 @@ export function gitSummary(projectPath, sinceDate) { const commits = log.split('\n').filter(Boolean).length; if (commits === 0) return null; - // Count unique files changed across those commits - const diff = runGit(`diff --shortstat HEAD@{$(git -C "${projectPath}" rev-list --count HEAD --since="${sinceDate}")}..HEAD 2>/dev/null`, projectPath) - || runGit(`diff --shortstat HEAD~${Math.min(commits, 50)}..HEAD`, projectPath); + // Count unique files changed: use a separate runGit call to avoid nested shell substitution + const countStr = runGit(`rev-list --count HEAD --since="${sinceDate}"`, projectPath); + const revCount = countStr ? parseInt(countStr, 10) : commits; + const diff = runGit(`diff --shortstat HEAD~${Math.min(revCount, 50)}..HEAD`, projectPath); if (diff) { const filesMatch = diff.match(/(\d+) file/); @@ -196,7 +197,7 @@ export function renderContextMd(ctx) { const latest = ctx.sessions?.[ctx.sessions.length - 1] || null; const lines = [ ``, - `# Project: ${ctx.name}`, + `# Project: ${ctx.displayName ?? ctx.name}`, `> Path: ${ctx.path}`, ]; if (ctx.repo) lines.push(`> Repo: ${ctx.repo}`); @@ -282,7 +283,7 @@ export function renderBriefingBox(ctx, meta = {}) { const lines = [ `┌${'─'.repeat(W)}┐`, - `│ RESUMING: ${pad(ctx.name, W - 12)}│`, + `│ RESUMING: ${pad(ctx.displayName ?? ctx.name, W - 12)}│`, `│ Last session: ${pad(`${when} | Sessions: ${sessions}`, W - 16)}│`, ]; if (shortSessId) lines.push(`│ Session ID: ${pad(shortSessId, W - 14)}│`); @@ -318,7 +319,7 @@ export function renderInfoBlock(ctx) { const latest = ctx.sessions?.[ctx.sessions.length - 1] || {}; const sep = '─'.repeat(44); const lines = [ - `ck: ${ctx.name}`, + `ck: ${ctx.displayName ?? ctx.name}`, sep, ]; lines.push(`PATH ${ctx.path}`); @@ -352,7 +353,7 @@ export function renderListTable(entries, cwd, todayStr) { const statusLabel = icon === '●' ? '● Active' : icon === '◐' ? '◐ Warm' : '○ Stale'; const sessId = latest.id ? latest.id.slice(0, 8) : '—'; const summary = (latest.summary || '—').slice(0, 34); - const displayName = (e.name + (isHere ? ' <-' : '')).slice(0, 18); + const displayName = ((e.context?.displayName ?? e.name) + (isHere ? ' <-' : '')).slice(0, 18); return { num: String(i + 1), name: displayName, diff --git a/skills/ck/hooks/session-start.mjs b/skills/ck/hooks/session-start.mjs index e1743d65..10f87f23 100644 --- a/skills/ck/hooks/session-start.mjs +++ b/skills/ck/hooks/session-start.mjs @@ -86,6 +86,9 @@ function main() { const projects = readJson(PROJECTS_FILE) || {}; const entry = projects[cwd]; + // Read previous session BEFORE overwriting current-session.json + const prevSession = readJson(CURRENT_SESSION); + // Write current-session.json try { writeFileSync(CURRENT_SESSION, JSON.stringify({ @@ -108,17 +111,17 @@ function main() { const latest = context.sessions?.[context.sessions.length - 1] || {}; const sessionDate = latest.date || context.createdAt; const sessionCount = context.sessions?.length || 0; + const displayName = context.displayName ?? context.name; // ── Compact summary block (~100 tokens) ────────────────────────────── const summaryLines = [ - `ck: ${context.name} | ${daysAgo(sessionDate)} | ${sessionCount} session${sessionCount !== 1 ? 's' : ''}`, + `ck: ${displayName} | ${daysAgo(sessionDate)} | ${sessionCount} session${sessionCount !== 1 ? 's' : ''}`, `Goal: ${context.goal || '—'}`, latest.leftOff ? `Left off: ${latest.leftOff.split('\n')[0]}` : null, latest.nextSteps?.length ? `Next: ${latest.nextSteps.slice(0, 2).join(' · ')}` : null, ].filter(Boolean); // ── Unsaved session detection ───────────────────────────────────────── - const prevSession = readJson(CURRENT_SESSION); if (prevSession?.sessionId && prevSession.sessionId !== sessionId) { // Check if previous session ID exists in sessions array const alreadySaved = context.sessions?.some(s => s.id === prevSession.sessionId); @@ -141,7 +144,7 @@ function main() { parts.push([ `---`, - `## ck: ${context.name}`, + `## ck: ${displayName}`, ``, summaryLines.join('\n'), ].join('\n')); From 1e3572becff43522b2d7a3b37d37053b6738c61d Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sat, 28 Mar 2026 23:23:51 -0400 Subject: [PATCH 20/23] fix(docs): correct zh-CN prune frontmatter --- docs/zh-CN/commands/prune.md | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/docs/zh-CN/commands/prune.md b/docs/zh-CN/commands/prune.md index 6bbae496..9336187b 100644 --- a/docs/zh-CN/commands/prune.md +++ b/docs/zh-CN/commands/prune.md @@ -1,4 +1,5 @@ --- +name: prune description: 删除超过 30 天且从未被提升的待处理本能 command: true --- @@ -9,13 +10,13 @@ command: true ## 实现 -使用插件根目录路径运行 instinct CLI: +使用插件根目录路径运行本能 CLI: ```bash python3 "${CLAUDE_PLUGIN_ROOT}/skills/continuous-learning-v2/scripts/instinct-cli.py" prune ``` -或者当 `CLAUDE_PLUGIN_ROOT` 未设置时(手动安装): +或者如果 `CLAUDE_PLUGIN_ROOT` 未设置(手动安装): ```bash python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune @@ -28,8 +29,3 @@ python3 ~/.claude/skills/continuous-learning-v2/scripts/instinct-cli.py prune /prune --max-age 60 # 自定义年龄阈值(天) /prune --dry-run # 仅预览,不实际删除 ``` ---- -name: prune -description: 删除超过 30 天且从未被提升的待处理本能 -command: true ---- From 00787d68e466c838448179d42b73157bcef3c4e1 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sat, 28 Mar 2026 23:23:54 -0400 Subject: [PATCH 21/23] fix(ck): preserve display names and harden git helpers --- skills/ck/commands/save.mjs | 2 +- skills/ck/commands/shared.mjs | 14 ++++++++------ skills/ck/hooks/session-start.mjs | 14 +++++++++----- 3 files changed, 18 insertions(+), 12 deletions(-) diff --git a/skills/ck/commands/save.mjs b/skills/ck/commands/save.mjs index dc60efc4..0d25029c 100644 --- a/skills/ck/commands/save.mjs +++ b/skills/ck/commands/save.mjs @@ -79,7 +79,7 @@ if (isInit) { // Update projects.json projects[projectPath] = { - name: contextDir, + name, contextDir, lastUpdated: today(), }; diff --git a/skills/ck/commands/shared.mjs b/skills/ck/commands/shared.mjs index 73ae6521..49a36363 100644 --- a/skills/ck/commands/shared.mjs +++ b/skills/ck/commands/shared.mjs @@ -8,7 +8,7 @@ import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from 'fs'; import { resolve, basename } from 'path'; import { homedir } from 'os'; -import { execSync } from 'child_process'; +import { spawnSync } from 'child_process'; import { randomBytes } from 'crypto'; // ─── Paths ──────────────────────────────────────────────────────────────────── @@ -144,11 +144,13 @@ export function shortId() { function runGit(args, cwd) { try { - return execSync(`git -C "${cwd}" ${args}`, { + const result = spawnSync('git', ['-C', cwd, ...args], { timeout: 3000, stdio: 'pipe', encoding: 'utf8', - }).trim(); + }); + if (result.status !== 0) return null; + return result.stdout.trim(); } catch { return null; } @@ -156,7 +158,7 @@ function runGit(args, cwd) { export function gitLogSince(projectPath, sinceDate) { if (!sinceDate) return null; - return runGit(`log --oneline --since="${sinceDate}"`, projectPath); + return runGit(['log', '--oneline', `--since=${sinceDate}`], projectPath); } export function gitSummary(projectPath, sinceDate) { @@ -166,9 +168,9 @@ export function gitSummary(projectPath, sinceDate) { if (commits === 0) return null; // Count unique files changed: use a separate runGit call to avoid nested shell substitution - const countStr = runGit(`rev-list --count HEAD --since="${sinceDate}"`, projectPath); + const countStr = runGit(['rev-list', '--count', 'HEAD', `--since=${sinceDate}`], projectPath); const revCount = countStr ? parseInt(countStr, 10) : commits; - const diff = runGit(`diff --shortstat HEAD~${Math.min(revCount, 50)}..HEAD`, projectPath); + const diff = runGit(['diff', '--shortstat', `HEAD~${Math.min(revCount, 50)}..HEAD`], projectPath); if (diff) { const filesMatch = diff.match(/(\d+) file/); diff --git a/skills/ck/hooks/session-start.mjs b/skills/ck/hooks/session-start.mjs index 10f87f23..c3ecee66 100644 --- a/skills/ck/hooks/session-start.mjs +++ b/skills/ck/hooks/session-start.mjs @@ -17,7 +17,7 @@ import { readFileSync, writeFileSync, existsSync } from 'fs'; import { resolve } from 'path'; import { homedir } from 'os'; -import { execSync } from 'child_process'; +import { spawnSync } from 'child_process'; const CK_HOME = resolve(homedir(), '.claude', 'ck'); const PROJECTS_FILE = resolve(CK_HOME, 'projects.json'); @@ -47,10 +47,14 @@ function stalenessIcon(dateStr) { function gitLogSince(projectPath, sinceDate) { if (!sinceDate || !existsSync(resolve(projectPath, '.git'))) return null; try { - const result = execSync(`git -C "${projectPath}" log --oneline --since="${sinceDate}"`, { - timeout: 3000, stdio: 'pipe', encoding: 'utf8', - }).trim(); - const commits = result.split('\n').filter(Boolean).length; + const result = spawnSync( + 'git', + ['-C', projectPath, 'log', '--oneline', `--since=${sinceDate}`], + { timeout: 3000, stdio: 'pipe', encoding: 'utf8' }, + ); + if (result.status !== 0) return null; + const output = result.stdout.trim(); + const commits = output.split('\n').filter(Boolean).length; return commits > 0 ? `${commits} commit${commits !== 1 ? 's' : ''} since last session` : null; } catch { return null; } } From 9406f35fab84132616c95d9b90fae0918a86d36d Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sun, 29 Mar 2026 00:04:36 -0400 Subject: [PATCH 22/23] fix(docs): repair healthcare eval harness examples --- AGENTS.md | 6 ++-- README.md | 12 +++---- skills/healthcare-eval-harness/SKILL.md | 45 +++++++++++++++++++------ 3 files changed, 43 insertions(+), 20 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 73c34924..bdb9fe69 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,6 +1,6 @@ # Everything Claude Code (ECC) — Agent Instructions -This is a **production-ready AI coding plugin** providing 28 specialized agents, 126 skills, 60 commands, and automated hook workflows for software development. +This is a **production-ready AI coding plugin** providing 29 specialized agents, 132 skills, 60 commands, and automated hook workflows for software development. **Version:** 1.9.0 @@ -141,8 +141,8 @@ Troubleshoot failures: check test isolation → verify mocks → fix implementat ## Project Structure ``` -agents/ — 28 specialized subagents -skills/ — 126 workflow skills and domain knowledge +agents/ — 29 specialized subagents +skills/ — 132 workflow skills and domain knowledge commands/ — 60 slash commands hooks/ — Trigger-based automations rules/ — Always-follow guidelines (common + per-language) diff --git a/README.md b/README.md index f39a022f..4c076386 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ -**Language:** English | [Português (Brasil)](docs/pt-BR/README.md) | [简体中文](README.zh-CN.md) | [繁體中文](docs/zh-TW/README.md) | [日本語](docs/ja-JP/README.md) | [한국어](docs/ko-KR/README.md) - [Türkçe](docs/tr/README.md) - +**Language:** English | [Português (Brasil)](docs/pt-BR/README.md) | [简体中文](README.zh-CN.md) | [繁體中文](docs/zh-TW/README.md) | [日本語](docs/ja-JP/README.md) | [한국어](docs/ko-KR/README.md) | [Türkçe](docs/tr/README.md) # Everything Claude Code @@ -222,7 +220,7 @@ For manual install instructions see the README in the `rules/` folder. When copy /plugin list everything-claude-code@everything-claude-code ``` -✨ **That's it!** You now have access to 28 agents, 126 skills, and 60 commands. +✨ **That's it!** You now have access to 29 agents, 132 skills, and 60 commands. ### Multi-model commands require additional setup @@ -297,7 +295,7 @@ everything-claude-code/ | |-- plugin.json # Plugin metadata and component paths | |-- marketplace.json # Marketplace catalog for /plugin marketplace add | -|-- agents/ # 28 specialized subagents for delegation +|-- agents/ # 29 specialized subagents for delegation | |-- planner.md # Feature implementation planning | |-- architect.md # System design decisions | |-- tdd-guide.md # Test-driven development @@ -1111,9 +1109,9 @@ The configuration is automatically detected from `.opencode/opencode.json`. | Feature | Claude Code | OpenCode | Status | |---------|-------------|----------|--------| -| Agents | ✅ 28 agents | ✅ 12 agents | **Claude Code leads** | +| Agents | ✅ 29 agents | ✅ 12 agents | **Claude Code leads** | | Commands | ✅ 60 commands | ✅ 31 commands | **Claude Code leads** | -| Skills | ✅ 126 skills | ✅ 37 skills | **Claude Code leads** | +| Skills | ✅ 132 skills | ✅ 37 skills | **Claude Code leads** | | Hooks | ✅ 8 event types | ✅ 11 events | **OpenCode has more!** | | Rules | ✅ 29 rules | ✅ 13 instructions | **Claude Code leads** | | MCP Servers | ✅ 14 servers | ✅ Full | **Full parity** | diff --git a/skills/healthcare-eval-harness/SKILL.md b/skills/healthcare-eval-harness/SKILL.md index d13193c6..967d797e 100644 --- a/skills/healthcare-eval-harness/SKILL.md +++ b/skills/healthcare-eval-harness/SKILL.md @@ -57,7 +57,16 @@ npx jest --testPathPattern='tests/data-integrity' --bail --ci Tests end-to-end flows: encounter lifecycle, template rendering, medication sets, drug/diagnosis search, prescription PDF, red flag alerts. ```bash -npx jest --testPathPattern='tests/clinical' --ci 2>&1 | node scripts/check-pass-rate.js 95 +tmp_json=$(mktemp) +npx jest --testPathPattern='tests/clinical' --ci --json --outputFile="$tmp_json" || true +total=$(jq '.numTotalTests // 0' "$tmp_json") +passed=$(jq '.numPassedTests // 0' "$tmp_json") +if [ "$total" -eq 0 ]; then + echo "No clinical tests found" >&2 + exit 1 +fi +rate=$(echo "scale=2; $passed * 100 / $total" | bc) +echo "Clinical pass rate: ${rate}% ($passed/$total)" ``` **5. Integration Compliance (HIGH — 95%+ required)** @@ -65,7 +74,16 @@ npx jest --testPathPattern='tests/clinical' --ci 2>&1 | node scripts/check-pass- Tests external systems: HL7 message parsing (v2.x), FHIR validation, lab result mapping, malformed message handling. ```bash -npx jest --testPathPattern='tests/integration' --ci 2>&1 | node scripts/check-pass-rate.js 95 +tmp_json=$(mktemp) +npx jest --testPathPattern='tests/integration' --ci --json --outputFile="$tmp_json" || true +total=$(jq '.numTotalTests // 0' "$tmp_json") +passed=$(jq '.numPassedTests // 0' "$tmp_json") +if [ "$total" -eq 0 ]; then + echo "No integration tests found" >&2 + exit 1 +fi +rate=$(echo "scale=2; $passed * 100 / $total" | bc) +echo "Integration pass rate: ${rate}% ($passed/$total)" ``` ### Pass/Fail Matrix @@ -108,9 +126,10 @@ jobs: # HIGH gates — 95%+ required - name: Clinical Workflows run: | - RESULT=$(npx jest --testPathPattern='tests/clinical' --ci --json 2>&1) || true - TOTAL=$(echo "$RESULT" | jq '.numTotalTests // 0') - PASSED=$(echo "$RESULT" | jq '.numPassedTests // 0') + TMP_JSON=$(mktemp) + npx jest --testPathPattern='tests/clinical' --ci --json --outputFile="$TMP_JSON" || true + TOTAL=$(jq '.numTotalTests // 0' "$TMP_JSON") + PASSED=$(jq '.numPassedTests // 0' "$TMP_JSON") if [ "$TOTAL" -eq 0 ]; then echo "::error::No clinical tests found"; exit 1 fi @@ -122,9 +141,10 @@ jobs: - name: Integration Compliance run: | - RESULT=$(npx jest --testPathPattern='tests/integration' --ci --json 2>&1) || true - TOTAL=$(echo "$RESULT" | jq '.numTotalTests // 0') - PASSED=$(echo "$RESULT" | jq '.numPassedTests // 0') + TMP_JSON=$(mktemp) + npx jest --testPathPattern='tests/integration' --ci --json --outputFile="$TMP_JSON" || true + TOTAL=$(jq '.numTotalTests // 0' "$TMP_JSON") + PASSED=$(jq '.numPassedTests // 0' "$TMP_JSON") if [ "$TOTAL" -eq 0 ]; then echo "::error::No integration tests found"; exit 1 fi @@ -157,8 +177,13 @@ npx jest --testPathPattern='tests/data-integrity' --bail --ci ### Example 2: Check HIGH Gate Pass Rate ```bash -npx jest --testPathPattern='tests/clinical' --ci --json | \ - jq '{passed: .numPassedTests, total: .numTotalTests, rate: (.numPassedTests/.numTotalTests*100)}' +tmp_json=$(mktemp) +npx jest --testPathPattern='tests/clinical' --ci --json --outputFile="$tmp_json" || true +jq '{ + passed: (.numPassedTests // 0), + total: (.numTotalTests // 0), + rate: (if (.numTotalTests // 0) == 0 then 0 else ((.numPassedTests // 0) / (.numTotalTests // 1) * 100) end) +}' "$tmp_json" # Expected: { "passed": 21, "total": 22, "rate": 95.45 } ``` From 81acf0c9287478d70d7f2225939f21bd703bacb9 Mon Sep 17 00:00:00 2001 From: Affaan Mustafa Date: Sun, 29 Mar 2026 00:07:18 -0400 Subject: [PATCH 23/23] fix(hooks): make pre-commit quality checks enforce staged state --- agents/performance-optimizer.md | 17 +-- hooks/README.md | 2 +- scripts/hooks/pre-bash-commit-quality.js | 129 ++++++++++++-------- skills/git-workflow/SKILL.md | 2 +- tests/hooks/pre-bash-commit-quality.test.js | 81 ++++++++++++ 5 files changed, 172 insertions(+), 59 deletions(-) create mode 100644 tests/hooks/pre-bash-commit-quality.test.js diff --git a/agents/performance-optimizer.md b/agents/performance-optimizer.md index 663a1891..914c69a9 100644 --- a/agents/performance-optimizer.md +++ b/agents/performance-optimizer.md @@ -95,7 +95,7 @@ for (const post of allPosts) { // GOOD: Stable callback with useCallback -const handleButtonClick = useCallback(() => handleClick(id), [id]); +const handleButtonClick = useCallback(() => handleClick(id), [handleClick, id]); // BAD: Object creation in render @@ -110,7 +110,7 @@ const sortedItems = items.sort((a, b) => a.name.localeCompare(b.name)); // GOOD: Memoize expensive computations const sortedItems = useMemo( - () => items.sort((a, b) => a.name.localeCompare(b.name)), + () => [...items].sort((a, b) => a.name.localeCompare(b.name)), [items] ); @@ -297,10 +297,11 @@ useEffect(() => { }, [largeData]); useEffect(() => { - eventEmitter.on('update', () => { + const handleUpdate = () => { console.log(largeDataRef.current); - }); - return () => eventEmitter.off('update'); + }; + eventEmitter.on('update', handleUpdate); + return () => eventEmitter.off('update', handleUpdate); }, []); ``` @@ -364,7 +365,7 @@ getTTFB(console.log); // Time to First Byte ## Performance Report Template -```markdown +````markdown # Performance Audit Report ## Executive Summary @@ -413,7 +414,7 @@ const fastCode = ...; - Bundle size reduction: XX KB (XX%) - LCP improvement: XXms - Time to Interactive improvement: XXms -``` +```` ## When to Run @@ -442,4 +443,4 @@ const fastCode = ...; --- -**Remember**: Performance is a feature. Users notice speed. Every 100ms of improvement matters. Optimize for the 90th percentile, not the average. \ No newline at end of file +**Remember**: Performance is a feature. Users notice speed. Every 100ms of improvement matters. Optimize for the 90th percentile, not the average. diff --git a/hooks/README.md b/hooks/README.md index 0355b4d7..27fae0a5 100644 --- a/hooks/README.md +++ b/hooks/README.md @@ -23,7 +23,7 @@ User request → Claude picks a tool → PreToolUse hook runs → Tool executes | **Dev server blocker** | `Bash` | Blocks `npm run dev` etc. outside tmux — ensures log access | 2 (blocks) | | **Tmux reminder** | `Bash` | Suggests tmux for long-running commands (npm test, cargo build, docker) | 0 (warns) | | **Git push reminder** | `Bash` | Reminds to review changes before `git push` | 0 (warns) | -| **Pre-commit quality check** | `Bash` | Runs quality checks before `git commit`: lints staged files, validates commit message format, detects console.log/debugger/secrets | 2 (blocks critical) / 0 (warns) | +| **Pre-commit quality check** | `Bash` | Runs quality checks before `git commit`: lints staged files, validates commit message format when provided via `-m/--message`, detects console.log/debugger/secrets | 2 (blocks critical) / 0 (warns) | | **Doc file warning** | `Write` | Warns about non-standard `.md`/`.txt` files (allows README, CLAUDE, CONTRIBUTING, CHANGELOG, LICENSE, SKILL, docs/, skills/); cross-platform path handling | 0 (warns) | | **Strategic compact** | `Edit\|Write` | Suggests manual `/compact` at logical intervals (every ~50 tool calls) | 0 (warns) | | **InsAIts security monitor (opt-in)** | `Bash\|Write\|Edit\|MultiEdit` | Optional security scan for high-signal tool inputs. Disabled unless `ECC_ENABLE_INSAITS=1`. Blocks on critical findings, warns on non-critical, and writes audit log to `.insaits_audit_session.jsonl`. Requires `pip install insa-its`. [Details](../scripts/hooks/insaits-security-monitor.py) | 2 (blocks critical) / 0 (warns) | diff --git a/scripts/hooks/pre-bash-commit-quality.js b/scripts/hooks/pre-bash-commit-quality.js index 4d48e510..10e2d589 100644 --- a/scripts/hooks/pre-bash-commit-quality.js +++ b/scripts/hooks/pre-bash-commit-quality.js @@ -15,7 +15,7 @@ * 2 - Block commit (quality issues found) */ -const { execSync, spawnSync } = require('child_process'); +const { spawnSync } = require('child_process'); const path = require('path'); const fs = require('fs'); @@ -26,15 +26,25 @@ const MAX_STDIN = 1024 * 1024; // 1MB limit * @returns {string[]} Array of staged file paths */ function getStagedFiles() { - try { - const output = execSync('git diff --cached --name-only --diff-filter=ACMR', { - encoding: 'utf8', - stdio: ['pipe', 'pipe', 'pipe'] - }); - return output.trim().split('\n').filter(f => f.length > 0); - } catch { + const result = spawnSync('git', ['diff', '--cached', '--name-only', '--diff-filter=ACMR'], { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'] + }); + if (result.status !== 0) { return []; } + return result.stdout.trim().split('\n').filter(f => f.length > 0); +} + +function getStagedFileContent(filePath) { + const result = spawnSync('git', ['show', `:${filePath}`], { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'] + }); + if (result.status !== 0) { + return null; + } + return result.stdout; } /** @@ -56,7 +66,10 @@ function findFileIssues(filePath) { const issues = []; try { - const content = fs.readFileSync(filePath, 'utf8'); + const content = getStagedFileContent(filePath); + if (content == null) { + return issues; + } const lines = content.split('\n'); lines.forEach((line, index) => { @@ -152,9 +165,9 @@ function validateCommitMessage(command) { } // Check for lowercase first letter (conventional) - if (message.charAt(0) === message.charAt(0).toUpperCase() && conventionalCommit.test(message)) { + if (conventionalCommit.test(message)) { const afterColon = message.split(':')[1]; - if (afterColon && afterColon.trim().charAt(0) === afterColon.trim().charAt(0).toUpperCase()) { + if (afterColon && /^[A-Z]/.test(afterColon.trim())) { issues.push({ type: 'capitalization', message: 'Subject should start with lowercase after type', @@ -193,21 +206,18 @@ function runLinter(files) { // Run ESLint if available if (jsFiles.length > 0) { - try { - const eslintPath = path.join(process.cwd(), 'node_modules', '.bin', 'eslint'); - if (fs.existsSync(eslintPath)) { - const result = spawnSync(eslintPath, ['--format', 'compact', ...jsFiles], { - encoding: 'utf8', - stdio: ['pipe', 'pipe', 'pipe'], - timeout: 30000 - }); - results.eslint = { - success: result.status === 0, - output: result.stdout || result.stderr - }; - } - } catch { - // ESLint not available + const eslintBin = process.platform === 'win32' ? 'eslint.cmd' : 'eslint'; + const eslintPath = path.join(process.cwd(), 'node_modules', '.bin', eslintBin); + if (fs.existsSync(eslintPath)) { + const result = spawnSync(eslintPath, ['--format', 'compact', ...jsFiles], { + encoding: 'utf8', + stdio: ['pipe', 'pipe', 'pipe'], + timeout: 30000 + }); + results.eslint = { + success: result.status === 0, + output: result.stdout || result.stderr + }; } } @@ -219,10 +229,14 @@ function runLinter(files) { stdio: ['pipe', 'pipe', 'pipe'], timeout: 30000 }); - results.pylint = { - success: result.status === 0, - output: result.stdout || result.stderr - }; + if (result.error && result.error.code === 'ENOENT') { + results.pylint = null; + } else { + results.pylint = { + success: result.status === 0, + output: result.stdout || result.stderr + }; + } } catch { // Pylint not available } @@ -236,10 +250,14 @@ function runLinter(files) { stdio: ['pipe', 'pipe', 'pipe'], timeout: 30000 }); - results.golint = { - success: !result.stdout || result.stdout.trim() === '', - output: result.stdout - }; + if (result.error && result.error.code === 'ENOENT') { + results.golint = null; + } else { + results.golint = { + success: !result.stdout || result.stdout.trim() === '', + output: result.stdout + }; + } } catch { // golint not available } @@ -251,32 +269,29 @@ function runLinter(files) { /** * Core logic — exported for direct invocation * @param {string} rawInput - Raw JSON string from stdin - * @returns {string} The original input (pass-through) + * @returns {{output:string, exitCode:number}} Pass-through output and exit code */ -function run(rawInput) { +function evaluate(rawInput) { try { const input = JSON.parse(rawInput); const command = input.tool_input?.command || ''; // Only run for git commit commands if (!command.includes('git commit')) { - return rawInput; + return { output: rawInput, exitCode: 0 }; } // Check if this is an amend (skip checks for amends to avoid blocking) if (command.includes('--amend')) { - return rawInput; + return { output: rawInput, exitCode: 0 }; } - const issues = []; - const warnings = []; - // Get staged files const stagedFiles = getStagedFiles(); if (stagedFiles.length === 0) { console.error('[Hook] No staged files found. Use "git add" to stage files first.'); - return rawInput; + return { output: rawInput, exitCode: 0 }; } console.error(`[Hook] Checking ${stagedFiles.length} staged file(s)...`); @@ -285,6 +300,8 @@ function run(rawInput) { const filesToCheck = stagedFiles.filter(shouldCheckFile); let totalIssues = 0; let errorCount = 0; + let warningCount = 0; + let infoCount = 0; for (const file of filesToCheck) { const fileIssues = findFileIssues(file); @@ -295,6 +312,8 @@ function run(rawInput) { console.error(` ${icon} Line ${issue.line}: ${issue.message}`); totalIssues++; if (issue.severity === 'error') errorCount++; + if (issue.severity === 'warning') warningCount++; + if (issue.severity === 'info') infoCount++; } } } @@ -308,6 +327,8 @@ function run(rawInput) { if (issue.suggestion) { console.error(` 💡 ${issue.suggestion}`); } + totalIssues++; + warningCount++; } } @@ -317,25 +338,31 @@ function run(rawInput) { if (lintResults.eslint && !lintResults.eslint.success) { console.error('\n🔍 ESLint Issues:'); console.error(lintResults.eslint.output); + totalIssues++; + errorCount++; } if (lintResults.pylint && !lintResults.pylint.success) { console.error('\n🔍 Pylint Issues:'); console.error(lintResults.pylint.output); + totalIssues++; + errorCount++; } if (lintResults.golint && !lintResults.golint.success) { console.error('\n🔍 golint Issues:'); console.error(lintResults.golint.output); + totalIssues++; + errorCount++; } // Summary if (totalIssues > 0) { - console.error(`\n📊 Summary: ${totalIssues} issue(s) found (${errorCount} error(s), ${totalIssues - errorCount} warning(s))`); + console.error(`\n📊 Summary: ${totalIssues} issue(s) found (${errorCount} error(s), ${warningCount} warning(s), ${infoCount} info)`); if (errorCount > 0) { console.error('\n[Hook] ❌ Commit blocked due to critical issues. Fix them before committing.'); - process.exit(2); + return { output: rawInput, exitCode: 2 }; } else { console.error('\n[Hook] ⚠️ Warnings found. Consider fixing them, but commit is allowed.'); console.error('[Hook] To bypass these checks, use: git commit --no-verify'); @@ -349,7 +376,11 @@ function run(rawInput) { // Non-blocking on error } - return rawInput; + return { output: rawInput, exitCode: 0 }; +} + +function run(rawInput) { + return evaluate(rawInput).output; } // ── stdin entry point ──────────────────────────────────────────── @@ -365,10 +396,10 @@ if (require.main === module) { }); process.stdin.on('end', () => { - data = run(data); - process.stdout.write(data); - process.exit(0); + const result = evaluate(data); + process.stdout.write(result.output); + process.exit(result.exitCode); }); } -module.exports = { run }; \ No newline at end of file +module.exports = { run, evaluate }; diff --git a/skills/git-workflow/SKILL.md b/skills/git-workflow/SKILL.md index d57f51d3..8d1e2523 100644 --- a/skills/git-workflow/SKILL.md +++ b/skills/git-workflow/SKILL.md @@ -713,4 +713,4 @@ git add node_modules/ | Pull | `git pull origin branch-name` | | Stash | `git stash push -m "message"` | | Undo last commit | `git reset --soft HEAD~1` | -| Revert commit | `git revert HEAD` | \ No newline at end of file +| Revert commit | `git revert HEAD` | diff --git a/tests/hooks/pre-bash-commit-quality.test.js b/tests/hooks/pre-bash-commit-quality.test.js new file mode 100644 index 00000000..478d34d2 --- /dev/null +++ b/tests/hooks/pre-bash-commit-quality.test.js @@ -0,0 +1,81 @@ +/** + * Tests for scripts/hooks/pre-bash-commit-quality.js + * + * Run with: node tests/hooks/pre-bash-commit-quality.test.js + */ + +const assert = require('assert'); +const fs = require('fs'); +const os = require('os'); +const path = require('path'); +const { spawnSync } = require('child_process'); + +const hook = require('../../scripts/hooks/pre-bash-commit-quality'); + +function test(name, fn) { + try { + fn(); + console.log(` ✓ ${name}`); + return true; + } catch (err) { + console.log(` ✗ ${name}`); + console.log(` Error: ${err.message}`); + return false; + } +} + +function inTempRepo(fn) { + const prevCwd = process.cwd(); + const repoDir = fs.mkdtempSync(path.join(os.tmpdir(), 'pre-bash-commit-quality-')); + + try { + spawnSync('git', ['init'], { cwd: repoDir, stdio: 'pipe', encoding: 'utf8' }); + spawnSync('git', ['config', 'user.name', 'ECC Test'], { cwd: repoDir, stdio: 'pipe', encoding: 'utf8' }); + spawnSync('git', ['config', 'user.email', 'ecc@example.com'], { cwd: repoDir, stdio: 'pipe', encoding: 'utf8' }); + process.chdir(repoDir); + return fn(repoDir); + } finally { + process.chdir(prevCwd); + fs.rmSync(repoDir, { recursive: true, force: true }); + } +} + +let passed = 0; +let failed = 0; + +console.log('\nPre-Bash Commit Quality Hook Tests'); +console.log('==================================\n'); + +if (test('evaluate blocks commits when staged snapshot contains debugger', () => { + inTempRepo(repoDir => { + const filePath = path.join(repoDir, 'index.js'); + fs.writeFileSync(filePath, 'function main() {\n debugger;\n}\n', 'utf8'); + spawnSync('git', ['add', 'index.js'], { cwd: repoDir, stdio: 'pipe', encoding: 'utf8' }); + + const input = JSON.stringify({ tool_input: { command: 'git commit -m "fix: test debugger hook"' } }); + const result = hook.evaluate(input); + + assert.strictEqual(result.output, input, 'should preserve stdin payload'); + assert.strictEqual(result.exitCode, 2, 'should block commit when staged snapshot has debugger'); + }); +})) passed++; else failed++; + +if (test('evaluate inspects staged snapshot instead of newer working tree content', () => { + inTempRepo(repoDir => { + const filePath = path.join(repoDir, 'index.js'); + fs.writeFileSync(filePath, 'function main() {\n return 1;\n}\n', 'utf8'); + spawnSync('git', ['add', 'index.js'], { cwd: repoDir, stdio: 'pipe', encoding: 'utf8' }); + + // Working tree diverges after staging; hook should still inspect staged content. + fs.writeFileSync(filePath, 'function main() {\n debugger;\n return 1;\n}\n', 'utf8'); + + const input = JSON.stringify({ tool_input: { command: 'git commit -m "fix: staged snapshot only"' } }); + const result = hook.evaluate(input); + + assert.strictEqual(result.output, input, 'should preserve stdin payload'); + assert.strictEqual(result.exitCode, 0, 'should ignore unstaged debugger in working tree'); + }); +})) passed++; else failed++; + +console.log(`\nResults: Passed: ${passed}, Failed: ${failed}`); +process.exit(failed > 0 ? 1 : 0);