feat(skills): add code-health diagnostic skill#516
Open
DaniBron wants to merge 2 commits intodavila7:mainfrom
Open
feat(skills): add code-health diagnostic skill#516DaniBron wants to merge 2 commits intodavila7:mainfrom
DaniBron wants to merge 2 commits intodavila7:mainfrom
Conversation
Combines knowledge graph topology (via graphifyy) with static quality metrics (radon + ruff) and cross-references them to produce: - Risk-weighted hotspots: degree × ln(CC+1) × (100-MI)/100 per node - Complexity contagion chains: call paths where CC compounds - Community health: per-cluster CC/MI scores with drill-downs - Main Sequence plot (SDP + SAP) per Robert C. Martin - Circular dependency detection (ADP violations) - Interactive dark-theme HTML dashboard The skill is self-contained: it builds an AST-only graph via the graphifyy Python library when no graph.json exists, so users don't need the /graphify skill as a prerequisite. If /graphify is installed, its richer semantic graph is used automatically. Dependencies (auto-installed on first run): - graphifyy (~50MB with tree-sitter parsers for 20+ languages) - radon (cyclomatic complexity, maintainability index, LOC) - ruff (lint statistics) Tested end-to-end on a fresh Python environment without any pre-installed dependencies. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
@DaniBron is attempting to deploy a commit to the Daniel Avila's projects Team on Vercel. A member of the Team first needs to authorize it. |
Contributor
Author
|
FYI the Security Audit, Vercel preview, and comment-poster failures appear to be pre-existing fork-permission issues (the actions/github-script step can't write back to a forked PR without explicit permissions: write in the workflow, and Vercel doesn't auto-deploy previews for unauthorized forks). The code itself and the audit step that produced the report both succeeded only the downstream comment-poster failed with a 403. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
4 issues found across 3 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="cli-tool/components/skills/development/code-health/scripts/crossref.py">
<violation number="1" location="cli-tool/components/skills/development/code-health/scripts/crossref.py:734">
P2: Community totals are undercounted because the filter drops valid community ID `0` by using truthiness instead of a `None` check.</violation>
<violation number="2" location="cli-tool/components/skills/development/code-health/scripts/crossref.py:901">
P2: Repository-derived strings are inserted into generated HTML/DOM without escaping, enabling HTML/JS injection in the report.</violation>
<violation number="3" location="cli-tool/components/skills/development/code-health/scripts/crossref.py:1003">
P2: `generate_html` inconsistently ignores its `results` input and re-reads architecture data from disk, which can render stale or mismatched Main Sequence/cycle sections.</violation>
</file>
<file name="cli-tool/components/skills/development/code-health/SKILL.md">
<violation number="1" location="cli-tool/components/skills/development/code-health/SKILL.md:120">
P2: Subcommand docs are contradictory (`--report` says skip Step 2 and only `html` is exemplified), creating a real risk of running the wrong crossref mode.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- Use `results` dict directly in generate_html instead of re-reading crossref.json from disk for the Main Sequence section - Fix community count undercounting community 0 (truthiness vs None check) - Escape repository-derived strings (id, label, file) before HTML insertion - Clarify --report vs --html subcommand docs; add separate bash examples Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a
code-healthskill underdevelopment/that combines knowledge graph topology with static quality metrics to produce risk-weighted diagnostics, community health scores, circular dependency detection, and a Main Sequence plot (SDP + SAP per Robert C. Martin).What it does
graphifyy)radon(CC/MI/LOC) andruff(lint stats)Self-contained
The skill works standalone — it builds an AST-only graph via the
graphifyyPython library when nograph.jsonexists, so users don't need the/graphifyskill as a prerequisite. If/graphifyis installed separately, its richer semantic graph is used automatically.Dependencies
Auto-installed on first run:
graphifyy(~50MB, brings tree-sitter parsers for 20+ languages)radon(cyclomatic complexity, maintainability index, LOC)ruff(lint statistics)The
graphifyyinstall is chunky because it bundles tree-sitter parsers. This is a known cost and is called out in the SKILL.md.Testing
Tested end-to-end on a fresh Python environment with all dependencies uninstalled. The
pip install+ AST graph build + cross-reference pipeline produces valid output.Files added
cli-tool/components/skills/development/code-health/SKILL.md(6KB — skill instructions)cli-tool/components/skills/development/code-health/LICENSE.txt(MIT)cli-tool/components/skills/development/code-health/scripts/crossref.py(87KB — cross-reference engine + HTML generator)Test plan
🤖 Generated with Claude Code
Summary by cubic
Adds a new
development/code-healthdiagnostic skill that fuses the knowledge graph with static analysis to surface risk-weighted hotspots, contagion chains, and architecture issues with an interactive HTML report. This update also fixes community counting and hardens the HTML generator.cli-tool/components/); new skill atskills/development/code-health(regeneratedocs/components.json)radon/ruff; finds cycles and Main Sequence outliers; outputscode-health-out/crossref.jsonandcode-health-out/health_report.htmlgraph.json; auto-installsgraphifyy,radon,ruff(Python 3.10+)resultsin HTML generator, fix community “0” undercount, escape ids/labels/files in HTML, clarify--reportvs--htmlwith bash examplesWritten for commit 219cdbb. Summary will update on new commits.