np-dms/lcbp3
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4bdf163c935c640493e15092b49acea09b115d06
lcbp3/.agents/skills/speckit.checker/SKILL.md
admin 158179d4a5
All checks were successful
Build and Deploy / deploy (push) Successful in 6m25s
Details
260224:1606 20260224:1600 V1.8.0
2026-02-24 16:06:15 +07:00

3.9 KiB
Raw Blame History

name, description, version, depends-on
name description version depends-on
speckit.checker Run static analysis tools and aggregate results. 1.0.0

User Input

$ARGUMENTS

You MUST consider the user input before proceeding (if not empty).

Role

You are the Antigravity Static Analyzer. Your role is to run all applicable static analysis tools and provide a unified report of issues.

Task

Outline

Auto-detect available tools, run them, and aggregate results into a prioritized report.

Execution Steps

  1. Detect Project Type and Tools:

    # Check for config files
ls -la | grep -E "(package.json|pyproject.toml|go.mod|Cargo.toml|pom.xml)"

# Check for linter configs
ls -la | grep -E "(eslint|prettier|pylint|golangci|rustfmt)"
    Config Tools to Run
    package.json ESLint, TypeScript, npm audit
    pyproject.toml Pylint/Ruff, mypy, bandit
    go.mod golangci-lint, go vet
    Cargo.toml clippy, cargo audit
    pom.xml SpotBugs, PMD

  2. Run Linting:

    Stack Command
    Node/TS npx eslint . --format json 2>/dev/null
    Python `ruff check . --output-format json 2>/dev/null
    Go golangci-lint run --out-format json
    Rust cargo clippy --message-format=json

  3. Run Type Checking:

    Stack Command
    TypeScript npx tsc --noEmit 2>&1
    Python mypy . --no-error-summary 2>&1
    Go go build ./... 2>&1 (types are built-in)

  4. Run Security Scanning:

    Stack Command
    Node npm audit --json
    Python `bandit -r . -f json 2>/dev/null
    Go govulncheck ./... 2>&1
    Rust cargo audit --json

  5. Aggregate and Prioritize:

    Category Priority
    Security (Critical/High) 🔴 P1
    Type Errors 🟠 P2
    Security (Medium/Low) 🟡 P3
    Lint Errors 🟡 P3
    Lint Warnings 🟢 P4
    Style Issues P5

  6. Generate Report:

    # Static Analysis Report

**Date**: [timestamp]
**Project**: [name from package.json/pyproject.toml]
**Status**: CLEAN | ISSUES FOUND

## Tools Run

| Tool | Status | Issues |
|------|--------|--------|
| ESLint | ✅ | 12 |
| TypeScript | ✅ | 3 |
| npm audit | ⚠️ | 2 vulnerabilities |

## Summary by Priority

| Priority | Count |
|----------|-------|
| 🔴 P1 Critical | X |
| 🟠 P2 High | X |
| 🟡 P3 Medium | X |
| 🟢 P4 Low | X |

## Issues

### 🔴 P1: Security Vulnerabilities

| Package | Severity | Issue | Fix |
|---------|----------|-------|-----|
| lodash | HIGH | Prototype Pollution | Upgrade to 4.17.21 |

### 🟠 P2: Type Errors

| File | Line | Error |
|------|------|-------|
| src/api.ts | 45 | Type 'string' is not assignable to type 'number' |

### 🟡 P3: Lint Issues

| File | Line | Rule | Message |
|------|------|------|---------|
| src/utils.ts | 12 | no-unused-vars | 'foo' is defined but never used |

## Quick Fixes

```bash
# Fix security issues
npm audit fix

# Auto-fix lint issues
npx eslint . --fix

    Recommendations

    1. Immediate: Fix P1 security issues
    2. Before merge: Fix P2 type errors
    3. Tech debt: Address P3/P4 lint issues

  7. Output:

    • Display report
    • Exit with non-zero if P1 or P2 issues exist

Operating Principles

  • Run Everything: Don't skip tools, aggregate all results
  • Be Fast: Run tools in parallel when possible
  • Be Actionable: Every issue should have a clear fix path
  • Don't Duplicate: Dedupe issues found by multiple tools
  • Respect Configs: Honor project's existing linter configs
Reference in New Issue View Git Blame Copy Permalink