[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-1102":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":9,"language":9,"languages":9,"totalLinesOfCode":9,"stars":10,"forks":11,"watchers":12,"openIssues":13,"contributorsCount":14,"subscribersCount":14,"size":14,"stars1d":15,"stars7d":16,"stars30d":17,"stars90d":14,"forks30d":14,"starsTrendScore":18,"compositeScore":19,"rankGlobal":9,"rankLanguage":9,"license":9,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":9,"pushedAt":9,"updatedAt":24,"readmeContent":25,"aiSummary":26,"trendingCount":14,"starSnapshotCount":14,"syncStatus":27,"lastSyncTime":28,"discoverSource":29},1102,"tech-debt-skill","ksimback\u002Ftech-debt-skill","ksimback","Claude Code skill that produces a thorough, file-cited tech debt audit of an entire codebase",null,511,30,366,1,0,8,10,39,24,8.47,false,"main",true,[],"2026-06-12 02:00:23","# tech-debt-audit\n\nA Claude Code skill that produces a thorough, citable tech debt audit of your entire codebase — not a generic best-practices checklist.\n\n```\n\u002Ftech-debt-audit\n```\n\nThat's the whole interface. Run it in any repo, get back `TECH_DEBT_AUDIT.md` with file-cited findings, severity, effort estimates, and a ranked list of what to actually fix.\n\n## Why this exists\n\nLLM-generated code reviews fail in a predictable way: they pattern-match against generic heuristics, surface obvious findings without grounding them in the actual code, and produce comprehensive-feeling output that nobody acts on. The result is a tab nobody opens twice.\n\nThis skill is opinionated about avoiding that failure mode. Three design choices do most of the work:\n\n**Forced orientation before judgment.** The protocol requires the model to read the manifest, map the directory structure, analyze git churn, and write a mental model of the architecture *before* it forms any opinions. Phase 1 isn't optional. Findings without context are vibes.\n\n**File:line citations on every finding.** A finding without a citation is unfalsifiable, and unfalsifiable findings don't get fixed. The skill rejects vague claims like \"the code generally...\" and requires `path\u002Fto\u002Ffile.ext:LINE` on every concrete finding.\n\n**A required \"looks bad but is actually fine\" section.** This is the single biggest separator between a real audit and a checklist regurgitation. Forcing the model to surface calls it considered making and chose not to is what catches shallow analysis. If that section comes back empty, the audit didn't look hard enough.\n\nThe skill also explicitly forbids recommending rewrites, forbids padding categories with filler, and produces a persistent artifact (`TECH_DEBT_AUDIT.md`) you can commit and track over time.\n\n## Why not the built-in Claude Code skills?\n\nClaude Code ships several skills that touch this space. None of them do what a debt audit needs to do.\n\n| Built-in | What it does | Why it's not a debt audit |\n|----------|--------------|----------------------------|\n| `\u002Freview` | PR-style code review of changes | Diff-scoped. Useful before merging a branch, not useful when you've inherited 80k LOC and want to know what's rotten. |\n| `\u002Fsimplify` | Reduces over-engineered code in a specific area | Tactical, not architectural. Doesn't survey, doesn't cite, doesn't produce an artifact. |\n| `\u002Fdebug` | Targets a specific failure or unexpected behavior | Reactive. You point it at a known problem; an audit's job is to *find* the problems. |\n| `\u002Floop`, `\u002Fbatch` | Workflow primitives for repeated or grouped tasks | Orchestration, not analysis. |\n\nWhat this skill adds:\n\n- **Whole-repo scope** across the nine dimensions that actually matter for debt: architectural decay, consistency rot, type & contract debt, test debt, dep & config debt, performance & resource hygiene, error handling & observability, security hygiene, and documentation drift.\n- **Multi-tool grounding.** Detects the stack and runs the right tools — `npm audit`, `knip`, `madge`, `depcheck` for TS\u002FJS; `pip-audit`, `ruff`, `vulture`, `pydeps` for Python; `cargo audit`, `cargo udeps`, `cargo machete` for Rust; `govulncheck`, `staticcheck`, `golangci-lint` for Go — and folds the findings into the report.\n- **Subagent dispatch for large repos.** For codebases over ~50k LOC, the protocol parallelizes across modules so the main agent doesn't run out of context window before Phase 3.\n- **Persistent, citable artifact.** `TECH_DEBT_AUDIT.md` lives in your repo. You can commit it, review it in PRs, link to specific findings.\n- **Repeat-run mode.** On subsequent runs, resolved findings are marked `RESOLVED`, stale ones are updated, and new ones are tagged `NEW`. The audit becomes a living document.\n\n## Installation\n\nPersonal install (available across all your projects):\n\n```bash\nmkdir -p ~\u002F.claude\u002Fskills\u002Ftech-debt-audit\n```\n\n```bash\ncurl -o ~\u002F.claude\u002Fskills\u002Ftech-debt-audit\u002FSKILL.md https:\u002F\u002Fraw.githubusercontent.com\u002Fksimback\u002Ftech-debt-skill\u002Fmain\u002FSKILL.md\n```\n\nProject-only install (just this repo):\n\n```bash\nmkdir -p .claude\u002Fskills\u002Ftech-debt-audit && curl -o .claude\u002Fskills\u002Ftech-debt-audit\u002FSKILL.md https:\u002F\u002Fraw.githubusercontent.com\u002Fksimback\u002Ftech-debt-skill\u002Fmain\u002FSKILL.md\n```\n\nVerify it's available:\n\n```bash\nclaude --print \"\u002Fskills\" | grep tech-debt-audit\n```\n\n## Usage\n\nIn Claude Code, in the repo you want audited:\n\n```\n\u002Ftech-debt-audit\n```\n\nThat's it. Output goes to `TECH_DEBT_AUDIT.md` in the repo root. First run takes 5–20 minutes depending on repo size. Subsequent runs in repeat-run mode are faster because the existing audit is used as a baseline.\n\nTo audit only a specific subtree (useful for very large monorepos):\n\n```\n\u002Ftech-debt-audit src\u002Fpayments\n```\n\nTo get a mid-audit course correction (recommended on first run for any new codebase), interrupt after Phase 1 with:\n\n> Before Phase 2, tell me what surprised you in Phase 1 and what you want to investigate that isn't in the dimensions list.\n\nThe best findings often come from things the prompt didn't anticipate.\n\n## How it works\n\nThree phases:\n\n1. **Orient** — read the manifest, map the structure, analyze `git log` for churn, identify the largest and most-modified files (their intersection is where debt usually hides), write a mental model.\n2. **Audit** — sweep across nine dimensions using `rg`, `ast-grep`, and language-native tooling. Cite `file:line` on every finding.\n3. **Deliverable** — write `TECH_DEBT_AUDIT.md` with executive summary, mental model, findings table, top-5 priorities, quick wins, the \"looks bad but is fine\" section, and open questions.\n\nThe full protocol is in [`SKILL.md`](.\u002FSKILL.md).\n\n## What the output looks like\n\n`TECH_DEBT_AUDIT.md` has this shape:\n\n```\n## Executive summary\n- 3 Critical findings, 12 High, 31 Medium, 18 Low\n- Largest debt concentration: src\u002Fpayments\u002F* (3 of 3 Critical findings)\n- ...\n\n## Findings\n| ID   | Category            | File:Line                       | Severity | Effort | Description | Recommendation |\n| F001 | Architectural decay | src\u002Fpayments\u002Fprocessor.ts:1240  | Critical | L      | 1,400-line god class handling routing, validation, retry, and reconciliation | Extract retry and reconciliation into separate services |\n| ...\n\n## Top 5\n1. F001 — Decompose payments\u002Fprocessor.ts: ...\n\n## Quick wins\n- [ ] F042: Remove unused dep `lodash.merge` (replaced by native ...)\n- [ ] ...\n\n## Things that look bad but are actually fine\n- The deeply nested callback pattern in src\u002Flegacy\u002Fwebhooks.ts looks like a refactor target, but it preserves ordering guarantees the queue-based replacement would break. Leave it.\n- ...\n\n## Open questions for the maintainer\n- Is src\u002Fexperiments\u002F intentionally untested, or did it fall through?\n- ...\n```\n\n## Customization\n\nThe skill is designed to be forked and adapted. Common modifications:\n\n- **Add domain-specific dimensions.** The nine in Phase 2 are a starting point. Frontend repos can add accessibility; ML repos can add eval drift; LLM apps can add prompt versioning and tool-call cost; infra can add IaC drift.\n- **Tune severity thresholds.** If your codebase has a higher baseline (e.g., god files defined as >800 LOC instead of >500), edit the dimension definitions directly.\n- **Override per project.** A `.claude\u002Fskills\u002Ftech-debt-audit\u002FSKILL.md` in a specific repo overrides the global one. Useful when one project needs custom dimensions the others don't.\n- **Split into supporting files.** As `SKILL.md` grows, extract sections into sibling files (`severity-rubric.md`, `stack-tooling.md`) and reference them. Claude Code lazy-loads supporting files, keeping the main protocol tight.\n\n## Limitations\n\nThis is a static audit, not a security audit. It catches obvious security hygiene issues (hardcoded secrets, SQL injection patterns, weak crypto) but won't replace a real pen test or threat model.\n\nIt won't catch business-logic bugs. Those require domain knowledge the model doesn't have.\n\nIt can't perfectly distinguish intentional simplicity from accidental simplicity. The \"open questions\" section exists for exactly this reason — when the skill is unsure, it asks rather than asserting.\n\nFor very large repos (>200k LOC), even subagent dispatch can produce shallow results. Scope to a module or run section-by-section.\n\n## Contributing\n\nPRs welcome. Before submitting:\n\n1. Test against at least two real codebases of different stacks.\n2. If you're adding a dimension, include a justification for why it isn't covered by the existing nine.\n3. If you're tightening a rule, show a before\u002Fafter audit excerpt demonstrating the improvement.\n\nThe single design constraint: this skill must produce findings that engineers act on. Anything that pushes toward \"feels comprehensive but nothing changes\" is a regression and will be rejected.\n\n## License\n\nMIT. Use it, fork it, ship it. Attribution appreciated but not required.\n\n## Credits\n\nBuilt on the [Claude Code Agent Skills](https:\u002F\u002Fcode.claude.com\u002Fdocs\u002Fen\u002Fskills) standard.\n\nInspired by the experience of working with Claude Code on codebases that got really messy over time.\n\n","tech-debt-skill 是一个能够对整个代码库进行全面技术债务审计的Claude Code技能。它生成的技术债务报告（TECH_DEBT_AUDIT.md）不仅包含具体的文件引用、严重性评估及修复建议排序，还特别强调了通过实际代码分析而非泛泛的最佳实践检查来提供有价值的见解。该项目具有三个关键设计特点：要求模型在形成任何判断前先理解项目结构与架构；每项发现都必须附有具体到行的文件引用以确保可验证性；以及强制包含“看起来有问题但实际上没问题”的部分来区分浅层分析与深入审计。适合于需要全面了解遗留系统或大型代码库潜在问题，并希望基于详实依据进行优化改进的场景。",2,"2026-06-11 02:41:36","CREATED_QUERY"]