4f1cc7e0b7
New read-only command that shows everything Claude Code actually loads for a given repo — plugins, skills, MCP servers, hooks, CLAUDE.md cascade — with source attribution (user/project/plugin) and rough token estimates. Helps identify candidates for disabling without guessing. Added: - scanners/lib/active-config-reader.mjs — pure async helper: readActiveConfig, detectGitRoot, walkClaudeMdCascade, readClaudeJsonProjectSlice (longest-prefix matching for .claude.json projects), enumeratePlugins, enumerateSkills, readActiveHooks, readActiveMcpServers, estimateTokens (markdown 4 c/tok, json 3.5 c/tok, frontmatter cap 150 tokens, item flat 15) - scanners/whats-active.mjs — thin CLI shim: --json, --output-file, --verbose, --suggest-disables - commands/whats-active.md — renders tables via Read tool; honors UX rules - tests/lib/active-config-reader.test.mjs — 36 tests, all green (integration fixture built in tmpdir with fake HOME, .claude.json prefix matching, plugin discovery, hook/MCP merge from all scopes) Verified: - Performance budget: <2s wall-clock (smoke test: 102ms on real repo) - Token estimates within ±20% of hand-computed values - Read-only: no writeFile/mkdir/unlink in production code - Self-audit: Plugin Health scanner reports 0 findings (Grade A) - Full test suite: 522 tests, 512 pass (10 pre-existing conflict-detector failures on main — unrelated to this change, reproducible on clean HEAD) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
9 KiB
9 KiB
| name | description | argument-hint | allowed-tools | model |
|---|---|---|---|---|
| config-audit | Claude Code Configuration Intelligence - audit, analyze, and optimize your configuration | [posture|feature-gap|fix|rollback|plan|implement|help|discover|analyze|interview|drift|plugin-health|whats-active|status|cleanup] | Read, Write, Glob, Grep, Bash, Agent, AskUserQuestion | opus |
Config-Audit: Claude Code Configuration Intelligence
Analyze, report on, and optimize your Claude Code configuration.
Router Logic
If a subcommand is provided, route to it:
posture→/config-audit:posturefeature-gap→/config-audit:feature-gapfix→/config-audit:fixrollback→/config-audit:rollbackplan→/config-audit:planimplement→/config-audit:implementhelp→/config-audit:helpdiscover→/config-audit:discoveranalyze→/config-audit:analyzeinterview→/config-audit:interviewdrift→/config-audit:driftplugin-health→/config-audit:plugin-healthwhats-active→/config-audit:whats-activestatus→/config-audit:statuscleanup→/config-audit:cleanup
If a scope override is provided (current, repo, home, full), use it as the scope type (see Scope Resolution below).
If no subcommand and no scope override: run the default audit (see below).
UX Rules (MANDATORY — apply to every step)
- Narrate before acting. Before each step, tell the user what you're about to do and why, in plain language.
- Never show raw output. All scanner Bash commands MUST use
--output-file <path>AND2>/dev/null. The user should NEVER see JSON, stderr progress lines, or exit codes. - Handle exit codes silently. Append
; echo $?to scanner commands. Exit codes 0/1/2 are all expected (PASS/WARNING/FAIL). Only exit code 3 is a real error — tell user: "Scanner encountered an unexpected error. Try/config-audit posturefor a quick check instead." - Explain, don't dump. When presenting findings, add plain-language context. "Grade B" alone means nothing — say "Grade B — your CLAUDE.md files are well-structured with minor improvements possible."
- Separate signal from noise. If findings exist in
tests/fixtures/orexamples/directories, count them separately and exclude from the main count: "Found 37 findings (66 additional in test fixtures, excluded)." - Context-sensitive next steps. Don't just list commands — explain what each does and why the user might want it based on their specific results.
Default Audit (no arguments)
Step 1: Auto-detect scope and greet the user
If the user provided a scope override (/config-audit full, /config-audit repo, etc.), use that.
Otherwise, auto-detect:
- Run
git rev-parse --show-toplevel 2>/dev/nullvia Bash - If it succeeds and pwd is inside the repo → repo scope (use the git root path)
- If pwd is
$HOME→ home scope - Otherwise → current directory scope
Show the user what's happening:
## Config-Audit
Analyzing your Claude Code configuration...
**Scope:** {Repository|Home directory|Current directory} — `{path}`
**What this checks:** CLAUDE.md quality, settings validation, hook safety, rules correctness, MCP server config, import chains, conflicts, and feature coverage.
Step 2: Initialize session
- Generate session ID:
YYYYMMDD_HHmmssformat - Create session directory and findings subdirectory:
mkdir -p ~/.claude/config-audit/sessions/{session-id}/findings
This is a silent infrastructure step — do NOT show output to the user.
Step 3: Run scanners and posture assessment
Tell the user: "Running 8 configuration scanners..."
Run both scanners and posture in a single Bash command:
node ${CLAUDE_PLUGIN_ROOT}/scanners/scan-orchestrator.mjs <target-path> --output-file ~/.claude/config-audit/sessions/{session-id}/findings/scan-results.json [--full-machine] [--global] 2>/dev/null; node ${CLAUDE_PLUGIN_ROOT}/scanners/posture.mjs <target-path> --json --output-file ~/.claude/config-audit/sessions/{session-id}/posture.json [--full-machine] [--global] 2>/dev/null; echo $?
Use --full-machine for full scope, --global for home scope. For repo and current, pass the resolved path directly.
Check the echoed exit code:
0,1, or2→ continue normally3→ tell user: "Scanner encountered an unexpected error. Try/config-audit posturefor a quick check instead." and stop.
Step 4: Analyze results
Tell the user: "Scanners complete. Preparing your results..."
Read BOTH output files using the Read tool:
~/.claude/config-audit/sessions/{session-id}/findings/scan-results.json~/.claude/config-audit/sessions/{session-id}/posture.json
Extract these metrics from the JSON:
From posture.json:
overallGrade— the health grade (A-F)opportunityCount— number of unused features detectedareas[]— per-area grades and finding counts (use only quality areas, exclude Feature Coverage)
From scan-results.json:
aggregate.total_findings— total findings (test fixture findings are already excluded automatically)fixture_findingsarray (if present) — count of findings excluded from test/example directories- Count findings by severity from
aggregate.counts(critical, high, medium, low, info) - Count findings where
autoFixable: true - Note total
files_scannedacross scanners
Step 5: Update state
Write session state (silent — no user output):
session_id: "{session-id}"
current_phase: "analyze"
completed_phases: ["discover", "analyze"]
next_phase: "plan"
updated_at: "{ISO timestamp}"
scope_type: "{repo|home|current|full}"
target_path: "{resolved path}"
Write to: ~/.claude/config-audit/sessions/{session-id}/state.yaml
Step 6: Display results
Present results using this template. Replace all placeholders with actual values. Adapt the summary sentence based on grade.
### Results
**Health: {overallGrade}** | {qualityAreaCount} areas scanned
{grade-based summary — pick ONE:}
- Grade A: "Excellent — your configuration is correct and well-maintained."
- Grade B: "Strong — your configuration is solid with minor improvements available."
- Grade C: "Decent — your configuration works but has some issues worth addressing."
- Grade D: "Needs work — several configuration issues could affect your Claude Code experience."
- Grade F: "Significant issues found — addressing these will meaningfully improve your workflow."
Scanned {files_scanned} files | {real_finding_count} findings ({severity_breakdown})
{If test_fixture_count > 0: "({test_fixture_count} additional findings in test fixtures were excluded.)"}
{If fixable_count > 0: "{fixable_count} of these can be auto-fixed."}
### Area Breakdown
| Area | Grade | Findings | |
|------|-------|----------|-|
| CLAUDE.md | {grade} | {count} | {one-phrase status} |
| Settings | {grade} | {count} | {status} |
| Hooks | {grade} | {count} | {status} |
| Rules | {grade} | {count} | {status} |
| MCP Servers | {grade} | {count} | {status} |
| Imports | {grade} | {count} | {status} |
| Conflicts | {grade} | {count} | {status} |
{For the status column, use plain language like: "Well structured", "2 minor issues", "Missing trust levels", "No issues", etc.}
{If opportunityCount > 0:}
{opportunityCount} feature opportunities available — run `/config-audit feature-gap` for context-aware recommendations.
### What you can do next
{Include only relevant options based on findings. Explain each one:}
{If fixable_count > 0:}
- **`/config-audit fix`** — Automatically fix {fixable_count} issues. Creates a backup first so you can roll back with one command.
{If real findings > fixable_count:}
- **`/config-audit plan`** — Get a prioritized action plan for the {remaining} issues that need manual attention.
{If grade is C or better:}
- **`/config-audit feature-gap`** — See which features could help your project, and implement the ones you want on the spot.
{If grade is D or F:}
- **`/config-audit fix`** should be your first step — it handles the most impactful issues automatically.
Session saved to: `~/.claude/config-audit/sessions/{session-id}/`
Scope Resolution
| Scope | What gets scanned |
|---|---|
current |
Current directory + parent CLAUDE.md files up to root + ~/.claude/ |
repo |
Git repository root + ~/.claude/ |
home |
~/.claude/ global configuration only |
full |
Everything: ~/.claude/, managed paths, all dev dirs under $HOME |
Error Handling
- If scanner fails (exit 3), tell the user in plain language and suggest
/config-audit postureas fallback - If path doesn't exist, tell the user: "That path doesn't exist. Run
/config-auditwithout arguments to auto-detect." - If git command fails for auto-detect, silently fall back to
currentscope - If no CLAUDE.md found anywhere, explain: "No CLAUDE.md found. This is the main configuration file for Claude Code — creating one is the single highest-impact thing you can do. Run
/config-audit feature-gapto see what's recommended."