5bf500e1a8
Reconcile README/CLAUDE.md/commands/agents to filesystem truth ahead of v5.0.0 release. Self-audit --check-readme now passes (counts: scanners 12, commands 18, tests 635, knowledge 8, agents 6, hooks 4). Self-audit (scanners/self-audit.mjs): - Exclude plugin-health-scanner.mjs from countScannerShape (it is a "standalone" scanner per README/CLAUDE.md taxonomy; orchestrated scanners stay at 12) - countTestCases: spawn `node --test` and parse the `tests N` line so the badge reflects test cases (635), not test files (36). countTestFiles kept as fallback when subprocess fails. README.md: - Badges: scanners 9→12, commands 17→18, tests 543→635 - Body counts updated: 8 quality scanners → 12 deterministic scanners; 8 quality areas → 10 (incl. Plugin Hygiene from N6); 9 Node.js scanners → 12 - Scanner table extended with CPS / DIS / COL rows; TOK row reflects the v5 Pattern E/F/N1 expansion (sonnet-era removed) - CLI table adds manifest, whats-active, --accurate-tokens, --with-telemetry-recipe - Knowledge table adds opus-4.7-patterns.md and cache-telemetry-recipe.md - Scanner Lib table notes WEIGHTS export, severity-weighted scoring, tokenizer-api - Action Engines table adds manifest.mjs, whats-active.mjs, token-hotspots-cli.mjs - Test count text 486→635, file count 27→36 (12 lib + 23 scanner + 1 hook) - Tokens command: 4-pattern phrasing → 6 patterns + --accurate-tokens - Adds /config-audit manifest and /config-audit whats-active to command tables CLAUDE.md: - Posture row: 8 → 10 quality areas - Tokens row: 4 patterns (incl. sonnet-era) → 6 patterns + --accurate-tokens - Adds /config-audit manifest entry - Scanner table: TOK description rewritten; CPS, DIS, COL rows added - Scanner Lib table: tokenizer-api.mjs added; v5 annotations on severity, output, scoring, active-config-reader - Action Engines table: manifest.mjs added; token-hotspots-cli.mjs flags expanded - Knowledge table: cache-telemetry-recipe.md added; configuration-best-practices notes Opus-4.7 cache-stability rewrite - Finding ID examples extended with CA-TOK-005, CA-CPS-001, CA-DIS-001, CA-COL-001 - Test count text 543→635, file count 31→36 commands/help.md: tokens/manifest added to Core commands/posture.md: 8 → 10 quality areas commands/config-audit.md: argument-hint adds tokens/manifest; router adds tokens and manifest; "Running 8 configuration scanners" → 12 agents/feature-gap-agent.md: 8 → 10 quality areas No production code paths changed beyond self-audit's badge-counting heuristic. All 635 tests still green. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
9.9 KiB
9.9 KiB
Config-Audit Plugin
Claude Code Configuration Intelligence — know if your configuration is correct, find what could improve it, fix it automatically.
What this plugin does
Analyzes and optimizes Claude Code configuration across three pillars:
- Health — Deterministic scanners verify correctness, consistency, and completeness
- Opportunities — Context-aware recommendations for features that could benefit your project
- Action — Auto-fix with backup/rollback
Commands
Core (just run /config-audit to get started)
| Command | Description |
|---|---|
/config-audit |
Full audit with auto-scope detection (no setup needed) |
/config-audit posture |
Quick health scorecard (A-F grades, 10 quality areas incl. Token Efficiency, Plugin Hygiene) |
/config-audit tokens |
Opus-4.7-aware token hotspots (6 patterns: cache-breaking, redundant perms, deep imports, oversized cascade, bloated SKILL.md desc, MCP tool-schema budget) — optional --accurate-tokens API calibration, --with-telemetry-recipe cache-hit recipe pointer |
/config-audit manifest |
Ranked table of every system-prompt token source (CLAUDE.md, plugins, skills, MCP, hooks) sorted by estimated tokens |
/config-audit feature-gap |
Context-aware feature recommendations grouped by impact |
/config-audit fix |
Auto-fix deterministic issues with backup + verification |
/config-audit rollback |
Restore configuration from backup |
/config-audit plan |
Create action plan from audit findings |
/config-audit implement |
Execute plan with backups + auto-verify |
/config-audit help |
Show all commands |
Additional
| Command | Description |
|---|---|
/config-audit drift |
Compare current config against saved baseline |
/config-audit plugin-health |
Audit plugin structure, frontmatter, cross-plugin coherence |
/config-audit whats-active |
Read-only inventory of plugins, skills, MCP, hooks, CLAUDE.md active for a repo (with token estimates) |
/config-audit discover |
Run discovery phase only |
/config-audit analyze |
Run analysis phase only |
/config-audit interview |
Gather user preferences (opt-in) |
/config-audit status |
Show current session state |
/config-audit cleanup |
Clean up old sessions |
Agents
| Agent | Role | Model | Color | Tools |
|---|---|---|---|---|
| scanner-agent | Find config files | sonnet | cyan | Read, Glob, Grep, Write |
| analyzer-agent | Generate report | sonnet | blue | Read, Glob, Grep, Write |
| planner-agent | Create action plan | opus | yellow | Read, Glob, Write |
| implementer-agent | Execute changes | sonnet | magenta | Read, Write, Edit, Bash, Glob |
| verifier-agent | Verify results | sonnet | purple | Read, Glob, Grep |
| feature-gap-agent | Context-aware feature recommendations | opus | green | Read, Glob, Grep, Write |
Deterministic Scanners
Node.js scanners (zero external dependencies), run via node scanners/scan-orchestrator.mjs <path>.
Posture CLI: node scanners/posture.mjs <path> [--json] [--global] [--full-machine] [--output-file path].
Scanner CLI: node scanners/scan-orchestrator.mjs <path> [--global] [--full-machine] [--no-suppress].
| Scanner | Prefix | Detects |
|---|---|---|
claude-md-linter.mjs |
CML | Structure, length, sections, @imports, duplicates, TODOs |
settings-validator.mjs |
SET | Schema, unknown/deprecated keys, type mismatches, permissions |
hook-validator.mjs |
HKV | Format, script existence, event validity, timeouts |
rules-validator.mjs |
RUL | Glob matching, orphan rules, deprecated fields, unscoped rules |
mcp-config-validator.mjs |
MCP | Server types, trust levels, env vars, unknown fields |
import-resolver.mjs |
IMP | Broken @imports, circular refs, deep chains, tilde paths |
conflict-detector.mjs |
CNF | Settings conflicts, permission contradictions, hook duplicates |
feature-gap-scanner.mjs |
GAP | 25 feature checks across 4 tiers — shown as opportunities, not grades |
token-hotspots.mjs |
TOK | Cache-breaking volatile content, redundant tool permissions, deep import chains, oversized cascade, bloated SKILL.md descriptions, MCP tool-schema budget (Opus 4.7 patterns) |
cache-prefix-scanner.mjs |
CPS | Volatile content in lines 31–150 of CLAUDE.md cascade (beyond Pattern A's top-30 window) |
disabled-in-schema-scanner.mjs |
DIS | Tools listed in BOTH permissions.deny AND permissions.allow — deny wins, allow entries are dead config |
collision-scanner.mjs |
COL | Cross-plugin skill name collisions (low); user-vs-plugin overlaps (medium); details.namespaces payload |
Scanner Lib (scanners/lib/)
| Module | Purpose |
|---|---|
severity.mjs |
Severity constants, risk scoring, verdict logic, WEIGHTS named export (v5 F3) |
output.mjs |
Finding objects (CA-XXX-NNN format), scanner results, envelope, optional details payload (v5 N6) |
file-discovery.mjs |
Config file discovery: single-path, multi-path (discoverConfigFilesMulti), full-machine (discoverFullMachinePaths) |
yaml-parser.mjs |
Frontmatter parsing, JSON parsing, @import/section extraction |
string-utils.mjs |
Line counting, truncation, similarity, key extraction |
scoring.mjs |
Severity-weighted scoreByArea (v5 F3), health scorecard, dedup-by-area (v5 N3), scoringVersion: 'v5' |
backup.mjs |
Backup creation, manifest parsing, checksum verification |
diff-engine.mjs |
Drift diffing: diffEnvelopes(), formatDiffReport() |
baseline.mjs |
Baseline save/load/list/delete for drift detection |
report-generator.mjs |
Unified markdown reports: posture, drift, plugin health |
suppression.mjs |
.config-audit-ignore parsing, finding suppression, audit trail |
active-config-reader.mjs |
Read-only inventory: readActiveConfig(), detectGitRoot(), walkClaudeMdCascade(), readClaudeJsonProjectSlice() (longest-prefix match), enumeratePlugins(), enumerateSkills(), readActiveHooks(), readActiveMcpServers() (with cache → package.json tool-count fallback), estimateTokens() (v5: 'mcp' kind = 500 + toolCount × 200) |
tokenizer-api.mjs |
Anthropic count_tokens wrapper for --accurate-tokens (v5 N5); 5s AbortController timeout, exponential 429 backoff, key masking |
Action Engines (scanners/)
| Module | Purpose |
|---|---|
fix-engine.mjs |
planFixes(), applyFixes(), verifyFixes() — 9 fix types |
rollback-engine.mjs |
listBackups(), restoreBackup(), deleteBackup() |
fix-cli.mjs |
CLI: node fix-cli.mjs <path> [--apply] [--json] [--global] |
drift-cli.mjs |
CLI: node drift-cli.mjs <path> [--save] [--baseline name] [--json] |
whats-active.mjs |
CLI: node whats-active.mjs <path> [--json] [--verbose] [--suggest-disables] — read-only active-config inventory |
token-hotspots-cli.mjs |
CLI: node token-hotspots-cli.mjs <path> [--json] [--global] [--output-file path] [--accurate-tokens] [--with-telemetry-recipe] — Opus-4.7 token hotspots ranking with optional API calibration |
manifest.mjs |
CLI: node manifest.mjs <path> [--json] — ranked system-prompt token-source table (v5 N2) |
Standalone Scanner
| Module | Prefix | Purpose |
|---|---|---|
plugin-health-scanner.mjs |
PLH | Plugin structure, frontmatter, cross-plugin conflicts (runs independently) |
self-audit.mjs |
— | Runs all scanners + plugin health on this plugin itself |
Knowledge Base (knowledge/)
| File | Content |
|---|---|
claude-code-capabilities.md |
Feature register: 18 config surfaces, Anthropic guidance, relevance table |
configuration-best-practices.md |
Per-layer best practices (v5: Opus 4.7 cache-stability guidance replaces Sonnet-era 200-line rule) |
anti-patterns.md |
Common mistakes mapped to scanner IDs |
hook-events-reference.md |
All 26 hook events with details |
feature-evolution.md |
Feature timeline for staleness detection |
gap-closure-templates.md |
Config-specific templates for closing gaps |
opus-4.7-patterns.md |
Token-cost dynamics for Opus 4.7 era — patterns powering the TOK scanner |
cache-telemetry-recipe.md |
Manual jq recipe for verifying prompt-cache hit rate from session transcripts (v5 M7) |
Hooks
| Event | Script | Purpose |
|---|---|---|
| PreToolUse | auto-backup-config.mjs |
Auto-backup config files before Edit/Write |
| PostToolUse | post-edit-verify.mjs |
Verify config files after Edit/Write, block on new critical/high |
| SessionStart | session-start.mjs |
Checks for active (unfinished) sessions |
| Stop | stop-session-reminder.mjs |
Reminds about current session phase |
Suppressions
Create .config-audit-ignore at project root to suppress known findings:
CA-SET-003 # Exact ID
CA-GAP-* # Glob pattern (all GAP findings)
Suppressed findings tracked in envelope's suppressed_findings for audit trail. Disable with --no-suppress.
Architecture
Workflow
/config-audit → discover + analyze (auto) → plan → implement → verify
Default: auto-detects scope from git context. Override with /config-audit full|repo|home|current. Delta mode: --delta (incremental).
Session Directory
~/.claude/config-audit/sessions/{session-id}/
├── scope.yaml, discovery.json, state.yaml
├── findings/, analysis-report.md, action-plan.md
├── backups/, implementation-log.md
└── interview.md (if interview run)
Finding ID Format
CA-{SCANNER}-{NNN} — e.g. CA-CML-001, CA-SET-003, CA-HKV-002, CA-RUL-005, CA-TOK-005, CA-CPS-001, CA-DIS-001, CA-COL-001
Testing
node --test 'tests/**/*.test.mjs'
635 tests across 36 test files (12 lib + 23 scanner + 1 hook). Test fixtures in tests/fixtures/.
Gotchas
- Session directories accumulate — use
/config-audit cleanupto manage - Scanners run on Node.js >= 18 (uses node:test, node:fs/promises)
- Plugin CLAUDE.md files in node_modules should be excluded via scope