config-audit/CLAUDE.md
Kjell Tore Guttormsen 96e32df87b docs(claude-md): trim project CLAUDE.md to invariants (−662 always-tok)
The plugin's own CLAUDE.md is loaded every turn while working in this repo
(measured 2,178 always-loaded tokens via `manifest`, the largest slice of the
2,745-tok project delta). Much of it was reference-grade prose that duplicates
README.md, `/config-audit help`, and docs/ — verbose per-command feature lists,
the full plain-language-output spec, the session-dir ASCII tree — none of which
is invariant for working on the plugin.

Trimmed to what is invariant: command names + one-line purpose, the agent /
hook tables (model/color/tools, script/event), finding-ID format, enforced
.claude/rules conventions, coding style, test command, gotchas. Detail now
points to README / docs/. Also dropped two stale badge-duplicate figures that
had already rotted (the README badge owns them): "18 commands" (now 21) and
"1279 tests / 72 files" (now 1344) — removed rather than re-pinned so they
can't go stale again.

Measured: CLAUDE.md 134->102 lines, 8844->6170 B, 2,178->1,516 tok (-30%);
config-audit project always-delta 2,745->2,083 tok (-24%). Full suite 1344/0;
frozen v5.0.0 + SC-5 + default-output snapshots byte-stable (no scanner/snapshot
reads this repo's CLAUDE.md). Docs-only — no version bump, no catalog ref change.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01683eAqVecv9VZfQzL8CQ9h
2026-06-29 08:32:44 +02:00

6 KiB

Config-Audit Plugin

Claude Code Configuration Intelligence — know if your config is correct, find what could improve it, fix it automatically. Three pillars: Health (deterministic scanners), Opportunities (context-aware recommendations), Action (auto-fix with backup/rollback).

Per-command flags, patterns, and feature lists live in README.md and /config-audit help. This file carries what's invariant for working on the plugin.

Commands

Core (just run /config-audit to get started)

Command Description
/config-audit Full audit with auto-scope detection
/config-audit posture A-F health scorecard (10 quality areas)
/config-audit tokens Prompt-cache-aware token hotspots, each tagged with its load pattern; cache-aware
/config-audit manifest Ranked table of every token source + always-loaded subtotal
/config-audit feature-gap Context-aware feature recommendations grouped by impact
/config-audit optimize Mechanism-fit lens (procedure→skill, lifecycle→hook, path→rule, never→permission). Agent-driven, not byte-stable
/config-audit fix Auto-fix deterministic issues with backup + verification
/config-audit rollback Restore configuration from backup
/config-audit plan Create action plan from findings
/config-audit implement Execute plan with backups + auto-verify
/config-audit help Show all commands

Additional

Command Description
/config-audit drift Compare current config against saved baseline
/config-audit plugin-health Audit plugin structure, frontmatter, cross-plugin coherence
/config-audit whats-active Read-only inventory of active plugins/skills/MCP/hooks/CLAUDE.md (with token estimates)
/config-audit knowledge-refresh Refresh the best-practices register (stale check + web poll). Human-approved writes; not byte-stable
/config-audit campaign Machine-wide audit ledger + token bill across repos. Human-approved writes; not byte-stable
/config-audit discover Run discovery phase only
/config-audit analyze Run analysis phase only
/config-audit interview Gather user preferences (opt-in)
/config-audit status Show current session state
/config-audit cleanup Clean up old sessions

Agents

Agent Role Model Color Tools
scanner-agent Find config files sonnet cyan Read, Glob, Grep, Write
analyzer-agent Generate report sonnet blue Read, Glob, Grep, Write
planner-agent Create action plan opus yellow Read, Glob, Write
implementer-agent Execute changes sonnet magenta Read, Write, Edit, Bash, Glob
verifier-agent Verify results sonnet purple Read, Glob, Grep
feature-gap-agent Feature recommendations opus green Read, Glob, Grep, Write
optimization-lens-agent Mechanism-fit precision gate opus orange Read, Glob, Grep, Write

Hooks

Event Script Purpose
PreToolUse auto-backup-config.mjs Backup config files before Edit/Write
PostToolUse post-edit-verify.mjs Verify after Edit/Write, block on new critical/high
SessionStart session-start.mjs Check for active (unfinished) sessions
Stop stop-session-reminder.mjs Remind about current session phase

Reference docs (read on demand)

  • docs/scanner-internals.md — scanner inventory, lib modules, action engines, knowledge base, per-scanner/per-block implementation notes (design rationale, primary-source verification, byte-stability lessons)
  • docs/humanizer.md — plain-language output (v5.1.0), humanizer vocabularies, output modes

Plain-Language Output (v5.1.0)

Default output of all commands routes through humanizeEnvelope (lib/humanizer.mjs), decorating each finding with userImpactCategory, userActionLanguage, and relevanceContext. --raw and --json bypass the humanizer for byte-stable v5.0.0 output. Full detail: docs/humanizer.md.

Suppressions

Create .config-audit-ignore at project root — one exact ID or glob per line (CA-SET-003, CA-GAP-*). Suppressed findings are tracked in the envelope's suppressed_findings for audit trail. Disable with --no-suppress.

Architecture

Workflow: /config-audit → discover + analyze (auto) → plan → implement → verify. Auto-detects scope from git context; override with full|repo|home|current; --delta for incremental. Session state lives under ~/.claude/config-audit/sessions/{id}/ (scope.yaml, discovery.json, state.yaml, findings/, analysis-report.md, action-plan.md, backups/, implementation-log.md).

Finding ID format: CA-{SCANNER}-{NNN} — e.g. CA-CML-001, CA-SET-003, CA-HKV-002, CA-RUL-005, CA-TOK-005, CA-CPS-001, CA-SKL-001, CA-OST-001, CA-OPT-001, CA-AGT-001.

Conventions

Enforced conventions live in .claude/rules/ (auto-loaded as project instructions):

  • ux-rules.md — output/narration/formatting for all commands (never dump raw JSON, narrate before each step, space-separated command suggestions)
  • command-development.md — required command frontmatter + plugin:action naming
  • agent-development.md — agent frontmatter + "when to use" conventions
  • state-management.md — update state.yaml after every workflow phase

Coding style: scanners are zero-dependency Node ESM; new findings use the CA-{SCANNER}-{NNN} ID format; byte-stable CLIs are verified against frozen tests/snapshots/v5.0.0/ baselines.

Testing

node --test 'tests/**/*.test.mjs'

Test fixtures in tests/fixtures/. Per-scanner and per-build-block implementation notes (design rationale, primary-source verification, byte-stability lessons) live in docs/scanner-internals.mdImplementation notes.

Gotchas

  • Session directories accumulate — use /config-audit cleanup to manage
  • Scanners run on Node.js ≥ 18 (uses node:test, node:fs/promises)
  • Plugin CLAUDE.md files in node_modules should be excluded via scope