The recall+precision halves of the CA-OPT hybrid motor for the three
mechanism-fit cases the deterministic OPT scanner (2a) deliberately skips:
lifecycle→hook (BP-MECH-001), unscoped path-specific→rule (BP-MECH-002),
absolute "never"→permission (BP-MECH-004).
New:
- scanners/lib/lens-prefilter.mjs — cheap, recall-oriented line scan of the
CLAUDE.md body; detector names mirror the register lensCheck fields; skips
fenced code, gates the path class on an instruction verb. Pure + 13 tests.
- scanners/optimize-lens-cli.mjs — discovery + OPT scanner + pre-filter; attaches
only the CONFIRMED register entry to each candidate (unverifiable → dropped,
Verifiseringsplikt); emits {deterministic, candidates, register, counts}.
- agents/optimization-lens-agent.md — opus precision gate (7th agent, orange):
reads the real CLAUDE.md, drops low-confidence candidates, keeps only genuine
opportunities, cites register id + source.
- commands/optimize.md — /config-audit optimize orchestrates pre-filter→agent→report.
Agent-driven → deliberately NOT byte-stable (own command, outside the snapshot
suite). No new orchestrated scanner → scanner count stays 15. Counts: agents
6→7, commands 18→19, suite 1055→1068. Self-audit A/A unchanged, readmeCheck
passed (clean HOME). Plan: docs/v5.7-optimization-lens-plan.md.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
9.8 KiB
| name | description | argument-hint | allowed-tools | model |
|---|---|---|---|---|
| config-audit | Claude Code Configuration Intelligence - audit, analyze, and optimize your configuration | [posture|tokens|manifest|feature-gap|optimize|fix|rollback|plan|implement|help|discover|analyze|interview|drift|plugin-health|whats-active|status|cleanup] | Read, Write, Glob, Grep, Bash, Agent, AskUserQuestion | opus |
Config-Audit: Claude Code Configuration Intelligence
Analyze, report on, and optimize your Claude Code configuration.
Router Logic
If a subcommand is provided, route to it:
posture→/config-audit:posturetokens→/config-audit:tokensmanifest→/config-audit:manifestfeature-gap→/config-audit:feature-gapoptimize→/config-audit:optimizefix→/config-audit:fixrollback→/config-audit:rollbackplan→/config-audit:planimplement→/config-audit:implementhelp→/config-audit:helpdiscover→/config-audit:discoveranalyze→/config-audit:analyzeinterview→/config-audit:interviewdrift→/config-audit:driftplugin-health→/config-audit:plugin-healthwhats-active→/config-audit:whats-activestatus→/config-audit:statuscleanup→/config-audit:cleanup
If a scope override is provided (current, repo, home, full), use it as the scope type (see Scope Resolution below).
If no subcommand and no scope override: run the default audit (see below).
UX Rules (MANDATORY — apply to every step)
- Narrate before acting. Before each step, tell the user what you're about to do and why, in plain language.
- Never show raw output. All scanner Bash commands MUST use
--output-file <path>AND2>/dev/null. The user should NEVER see JSON, stderr progress lines, or exit codes. - Handle exit codes silently. Append
; echo $?to scanner commands. Exit codes 0/1/2 are all expected (PASS/WARNING/FAIL). Only exit code 3 is a real error — tell user: "Scanner encountered an unexpected error. Try/config-audit posturefor a quick check instead." - Explain, don't dump. When presenting findings, add plain-language context. "Grade B" alone means nothing — say "Grade B — your CLAUDE.md files are well-structured with minor improvements possible."
- Separate signal from noise. If findings exist in
tests/fixtures/orexamples/directories, count them separately and exclude from the main count: "Found 37 findings (66 additional in test fixtures, excluded)." - Context-sensitive next steps. Don't just list commands — explain what each does and why the user might want it based on their specific results.
Default Audit (no arguments)
Step 1: Auto-detect scope and greet the user
If the user provided a scope override (/config-audit full, /config-audit repo, etc.), use that.
Otherwise, auto-detect:
- Run
git rev-parse --show-toplevel 2>/dev/nullvia Bash - If it succeeds and pwd is inside the repo → repo scope (use the git root path)
- If pwd is
$HOME→ home scope - Otherwise → current directory scope
Show the user what's happening:
## Config-Audit
Analyzing your Claude Code configuration...
**Scope:** {Repository|Home directory|Current directory} — `{path}`
**What this checks:** CLAUDE.md quality, settings validation, hook safety, rules correctness, MCP server config, import chains, conflicts, and feature coverage.
Step 2: Initialize session
- Generate session ID:
YYYYMMDD_HHmmssformat - Create session directory and findings subdirectory:
mkdir -p ~/.claude/config-audit/sessions/{session-id}/findings
This is a silent infrastructure step — do NOT show output to the user.
Step 3: Run scanners and posture assessment
Tell the user: "Running 12 configuration scanners..."
Run both scanners and posture in a single Bash command. Default mode runs the humanizer, so each finding in scan-results.json carries userImpactCategory, userActionLanguage, and relevanceContext alongside the v5.0.0 fields. If the user passed --raw, thread it through to both CLIs to get v5.0.0 verbatim output.
RAW_FLAG=""
if echo "$ARGUMENTS" | grep -q -- "--raw"; then RAW_FLAG="--raw"; fi
node ${CLAUDE_PLUGIN_ROOT}/scanners/scan-orchestrator.mjs <target-path> --output-file ~/.claude/config-audit/sessions/{session-id}/findings/scan-results.json [--full-machine] [--global] $RAW_FLAG 2>/dev/null; node ${CLAUDE_PLUGIN_ROOT}/scanners/posture.mjs <target-path> --output-file ~/.claude/config-audit/sessions/{session-id}/posture.json [--full-machine] [--global] $RAW_FLAG 2>/dev/null; echo $?
Use --full-machine for full scope, --global for home scope. For repo and current, pass the resolved path directly.
Check the echoed exit code:
0,1, or2→ continue normally3→ tell user: "Scanner encountered an unexpected error. Try/config-audit posturefor a quick check instead." and stop.
Step 4: Analyze results
Tell the user: "Scanners complete. Preparing your results..."
Read BOTH output files using the Read tool:
~/.claude/config-audit/sessions/{session-id}/findings/scan-results.json~/.claude/config-audit/sessions/{session-id}/posture.json
Extract these metrics from the JSON:
From posture.json:
overallGrade— the health grade (A-F)opportunityCount— number of unused features detectedareas[]— per-area grades and finding counts (use only quality areas, exclude Feature Coverage)
From scan-results.json:
aggregate.total_findings— total findings (test fixture findings are already excluded automatically)fixture_findingsarray (if present) — count of findings excluded from test/example directories- Count findings by severity from
aggregate.counts(critical, high, medium, low, info) - Count findings where
autoFixable: true - Note total
files_scannedacross scanners
Step 5: Update state
Write session state (silent — no user output):
session_id: "{session-id}"
current_phase: "analyze"
completed_phases: ["discover", "analyze"]
next_phase: "plan"
updated_at: "{ISO timestamp}"
scope_type: "{repo|home|current|full}"
target_path: "{resolved path}"
Write to: ~/.claude/config-audit/sessions/{session-id}/state.yaml
Step 6: Display results
Present results using this template. The humanizer has already replaced jargon-heavy title/description/recommendation strings on every finding with plain-language equivalents — render them verbatim. Lead urgency phrasing with userActionLanguage ("Fix this now", "Fix soon", "Fix when convenient", "Optional cleanup", "FYI") and group "What you can do next" suggestions by that field. Do not re-derive an A/B/C/D/F-to-prose ladder here; the humanized stderr scorecard headline already supplies the grade context, and userActionLanguage supplies finding-level urgency.
### Results
**Health: {overallGrade}** | {qualityAreaCount} areas scanned
{Use the headline line from the humanized stderr scorecard — it carries grade-context prose already. Avoid hardcoding a separate per-grade prose ladder.}
Scanned {files_scanned} files | {real_finding_count} findings ({severity_breakdown})
{If test_fixture_count > 0: "({test_fixture_count} additional findings in test fixtures were excluded.)"}
{If fixable_count > 0: "{fixable_count} of these can be auto-fixed."}
### Area Breakdown
| Area | Grade | Findings | |
|------|-------|----------|-|
| CLAUDE.md | {grade} | {count} | {one-phrase status} |
| Settings | {grade} | {count} | {status} |
| Hooks | {grade} | {count} | {status} |
| Rules | {grade} | {count} | {status} |
| MCP Servers | {grade} | {count} | {status} |
| Imports | {grade} | {count} | {status} |
| Conflicts | {grade} | {count} | {status} |
{For the status column, use the humanized title from the most-severe finding in that area, or a one-phrase plain-language summary. Findings carry userImpactCategory which already groups by impact bucket — use that vocabulary, not raw scanner names.}
{If opportunityCount > 0:}
{opportunityCount} feature opportunities available — run `/config-audit feature-gap` for context-aware recommendations.
### What you can do next
Group suggestions by `userActionLanguage` from the humanized findings:
{If any finding has userActionLanguage "Fix this now" or "Fix soon":}
- **`/config-audit fix`** — auto-fix what's possible (backup created first, one-command rollback). The remaining items go into a prioritized plan.
- **`/config-audit plan`** — produce a prioritized action plan for the items that need manual attention.
{If most findings are "Fix when convenient" or "Optional cleanup":}
- **`/config-audit feature-gap`** — see which features could enhance your setup; pick what you want and implement on the spot.
- **`/config-audit fix`** — auto-fix anything deterministic; the rest is genuinely optional.
{If only "FYI" findings:}
- **`/config-audit feature-gap`** — explore opportunities; nothing is urgent.
Session saved to: `~/.claude/config-audit/sessions/{session-id}/`
Scope Resolution
| Scope | What gets scanned |
|---|---|
current |
Current directory + parent CLAUDE.md files up to root + ~/.claude/ |
repo |
Git repository root + ~/.claude/ |
home |
~/.claude/ global configuration only |
full |
Everything: ~/.claude/, managed paths, all dev dirs under $HOME |
Error Handling
- If scanner fails (exit 3), tell the user in plain language and suggest
/config-audit postureas fallback - If path doesn't exist, tell the user: "That path doesn't exist. Run
/config-auditwithout arguments to auto-detect." - If git command fails for auto-detect, silently fall back to
currentscope - If no CLAUDE.md found anywhere, explain: "No CLAUDE.md found. This is the main configuration file for Claude Code — creating one is the single highest-impact thing you can do. Run
/config-audit feature-gapto see what's recommended."