Fase 4 Items 2+3 (CC 2.1.114→181 gap-review). New orchestrated scanner `skill-listing-scanner.mjs` (prefix SKL) flags every active skill whose description exceeds the verified 1,536-char listing cap (CC 2.1.105, changelog L1502). Past the cap, Claude Code silently truncates the description the model reads to route skill invocation — dropping the trigger phrases at the tail. HOME-scoped over all user + plugin skills via enumerateSkills (COL is the model). - CA-SKL-001 (medium): description > 1,536 chars. Remediation folds in Item 2(b) — recommends disableBundledSkills + skillOverrides + trimming (designvalg A: no standalone GAP-check, which would fire for nearly everyone). - Designvalg B: v1 ships the verified cap ONLY. The aggregate 2%-of-context listing budget is deferred — it needs a context-window assumption that would turn a verified fact into a guess (would carry a CALIBRATION_NOTE if added). - Choice C: recognize the skillOverrides settings key (CC 2.1.129) in KNOWN_KEYS. Left OUT of TYPE_CHECKS — the value is a per-skill object (off/user-invocable-only/name-only), not a string; a 'string' check (as the plan sketched) would create a NEW false positive. Verify-first deviation. Registration: scan-orchestrator (13th scanner), humanizer (SKL → 'Wasted tokens' + static/_default translations), scoring SCANNER_AREA_MAP (→ Token Efficiency; no 11th area), README badge 12→13, CLAUDE.md (finding-id + test-count), docs/scanner-internals.md, gap-matrix + plan status notes. Snapshots reseeded hermetically (SEED_SNAPSHOT/UPDATE_SNAPSHOT): SKL entry with 0 findings in empty HOME, scanners_ok 11→12, claudeMdEstimatedTokens bump from the CLAUDE.md edits flowing through the cascade. Contamination grep clean. Suite 868/868 (856 baseline + 11 SKL + 1 skillOverrides). RED→GREEN logged per cycle. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01Ter3E2JSi1Khgmuf2kady8
5.7 KiB
Config-Audit Plugin
Claude Code Configuration Intelligence — know if your configuration is correct, find what could improve it, fix it automatically.
What this plugin does
Analyzes and optimizes Claude Code configuration across three pillars:
- Health — Deterministic scanners verify correctness, consistency, and completeness
- Opportunities — Context-aware recommendations for features that could benefit your project
- Action — Auto-fix with backup/rollback
Commands
Core (just run /config-audit to get started)
| Command | Description |
|---|---|
/config-audit |
Full audit with auto-scope detection (no setup needed) |
/config-audit posture |
Quick health scorecard (A-F grades, 10 quality areas incl. Token Efficiency, Plugin Hygiene) |
/config-audit tokens |
prompt-cache-aware token hotspots (6 patterns: cache-breaking, redundant perms, deep imports, oversized cascade, bloated SKILL.md desc, MCP tool-schema budget) — optional --accurate-tokens API calibration, --with-telemetry-recipe cache-hit recipe pointer |
/config-audit manifest |
Ranked table of every system-prompt token source (CLAUDE.md, plugins, skills, MCP, hooks) sorted by estimated tokens |
/config-audit feature-gap |
Context-aware feature recommendations grouped by impact |
/config-audit fix |
Auto-fix deterministic issues with backup + verification |
/config-audit rollback |
Restore configuration from backup |
/config-audit plan |
Create action plan from audit findings |
/config-audit implement |
Execute plan with backups + auto-verify |
/config-audit help |
Show all commands |
Additional
| Command | Description |
|---|---|
/config-audit drift |
Compare current config against saved baseline |
/config-audit plugin-health |
Audit plugin structure, frontmatter, cross-plugin coherence |
/config-audit whats-active |
Read-only inventory of plugins, skills, MCP, hooks, CLAUDE.md active for a repo (with token estimates) |
/config-audit discover |
Run discovery phase only |
/config-audit analyze |
Run analysis phase only |
/config-audit interview |
Gather user preferences (opt-in) |
/config-audit status |
Show current session state |
/config-audit cleanup |
Clean up old sessions |
Agents
| Agent | Role | Model | Color | Tools |
|---|---|---|---|---|
| scanner-agent | Find config files | sonnet | cyan | Read, Glob, Grep, Write |
| analyzer-agent | Generate report | sonnet | blue | Read, Glob, Grep, Write |
| planner-agent | Create action plan | opus | yellow | Read, Glob, Write |
| implementer-agent | Execute changes | sonnet | magenta | Read, Write, Edit, Bash, Glob |
| verifier-agent | Verify results | sonnet | purple | Read, Glob, Grep |
| feature-gap-agent | Context-aware feature recommendations | opus | green | Read, Glob, Grep, Write |
Hooks
| Event | Script | Purpose |
|---|---|---|
| PreToolUse | auto-backup-config.mjs |
Auto-backup config files before Edit/Write |
| PostToolUse | post-edit-verify.mjs |
Verify config files after Edit/Write, block on new critical/high |
| SessionStart | session-start.mjs |
Checks for active (unfinished) sessions |
| Stop | stop-session-reminder.mjs |
Reminds about current session phase |
Reference docs (read on demand)
- Scanner inventory, lib modules, action engines, knowledge base:
docs/scanner-internals.md - Plain-language output (v5.1.0), humanizer vocabularies, output modes:
docs/humanizer.md
Plain-Language Output (v5.1.0) — summary
Default output of all 18 commands routes through humanizeEnvelope from lib/humanizer.mjs. Findings get three decorated fields:
userImpactCategory— Configuration mistake / Conflict / Wasted tokens / Dead config / Missed opportunityuserActionLanguage— Fix this now / Fix soon / Fix when convenient / Optional cleanup / FYI (derived from severity)relevanceContext—affects-everyone(default) /affects-this-machine-only(*.local.*files) /test-fixture-no-impact
--raw bypasses the humanizer for byte-stable v5.0.0 output. --json is also byte-stable. Full detail and Wave 5 lessons: docs/humanizer.md.
Suppressions
Create .config-audit-ignore at project root to suppress known findings:
CA-SET-003 # Exact ID
CA-GAP-* # Glob pattern (all GAP findings)
Suppressed findings tracked in envelope's suppressed_findings for audit trail. Disable with --no-suppress.
Architecture
Workflow
/config-audit → discover + analyze (auto) → plan → implement → verify
Default: auto-detects scope from git context. Override with /config-audit full|repo|home|current. Delta mode: --delta (incremental).
Session Directory
~/.claude/config-audit/sessions/{session-id}/
├── scope.yaml, discovery.json, state.yaml
├── findings/, analysis-report.md, action-plan.md
├── backups/, implementation-log.md
└── interview.md (if interview run)
Finding ID Format
CA-{SCANNER}-{NNN} — e.g. CA-CML-001, CA-SET-003, CA-HKV-002, CA-RUL-005, CA-TOK-005, CA-CPS-001, CA-DIS-001, CA-COL-001, CA-SKL-001
Testing
node --test 'tests/**/*.test.mjs'
868 tests across 55 test files (16 lib + 29 scanner + 1 hook + 1 agent + 3 commands + 1 knowledge + 4 top-level). Test fixtures in tests/fixtures/. Top-level humanizer tests: json-backcompat.test.mjs, raw-backcompat.test.mjs, scenario-read-test.test.mjs, snapshot-default-output.test.mjs.
Gotchas
- Session directories accumulate — use
/config-audit cleanupto manage - Scanners run on Node.js >= 18 (uses node:test, node:fs/promises)
- Plugin CLAUDE.md files in node_modules should be excluded via scope