repo-audit

Architecture review — detects god modules, layering violations, coupling issues, and computes risk scores to identify which modules need attention first. Runs in 3-5 minutes.

Test coverage analysis — assesses per-module test coverage, identifies critical untested paths, and evaluates test quality. Runs in 2-3 minutes.

Dependency analysis — builds module dependency graph, detects circular dependencies, classifies hub/orphan modules, and scans for external dependency vulnerabilities. Runs in 1-2 minutes.

Convention discovery — identifies naming patterns, error handling styles, testing approaches, and inconsistencies across your codebase. Generates a proposed CLAUDE.md. Runs in 2-3 minutes.

Fast deterministic-only scan — runs linters, type checkers, dependency audits, and pattern pre-scans without spawning LLM sub-agents. Results in 30-60 seconds.

Security-focused audit — scans for secrets, dependency vulnerabilities, injection patterns, auth issues, and OWASP Top 10 concerns. Runs in 2-3 minutes.

Full repository audit — auto-detects languages and frameworks, runs your tools, spawns specialist agents, generates audit report and task list

Use this agent when reviewing code for excessive complexity, unnecessary abstractions, god objects, and readability blockers during a repository audit. This agent should be invoked when audit triage flags files with complexity concerns. <example> Context: The audit triage flagged src/services/order-service.ts and src/core/engine.ts for deep nesting, excessive function length, and too many responsibilities. user: "Run the complexity specialist on the flagged files" assistant: "I'll launch the complexity-specialist to analyze the complexity patterns and suggest simplification strategies." <commentary> Triage found complexity concerns that need specialist-depth analysis of structural issues. </commentary> </example>

Use this agent when reviewing code for silent failures, inadequate error handling, broad catch blocks, and inappropriate fallback behavior during a repository audit. This agent should be invoked when audit triage flags files with error handling concerns. <example> Context: The audit triage flagged src/auth/oauth.ts and src/api/client.ts for broad catch blocks and fallback patterns. user: "Run the error handling specialist on the flagged files" assistant: "I'll launch the error-handling-specialist to do a deep review of the flagged error handling patterns." <commentary> Triage found concerning error handling patterns that need specialist-depth analysis. </commentary> </example>

Use this agent when reviewing code for performance issues, inefficient patterns, memory leaks, and scalability concerns during a repository audit. This agent should be invoked when audit triage flags files with performance concerns. <example> Context: The audit triage flagged src/db/queries.ts and src/api/handlers.ts for N+1 query patterns and unbounded data fetching. user: "Run the performance specialist on the flagged files" assistant: "I'll launch the performance-specialist to do a deep review of the performance patterns." <commentary> Triage found performance concerns that need specialist-depth analysis beyond static pattern matching. </commentary> </example>

Use this agent when reviewing code for security vulnerabilities, authentication flaws, injection patterns, and secrets management issues during a repository audit. This agent should be invoked when audit triage flags files with security concerns. <example> Context: The audit triage flagged src/api/auth.ts and src/db/queries.ts for potential injection and auth flow issues. user: "Run the security specialist on the flagged files" assistant: "I'll launch the security-specialist to do a deep review of the flagged security patterns." <commentary> Triage found concerning security patterns that need specialist-depth analysis beyond what static tools catch. </commentary> </example>

Use this agent when reviewing code for test coverage quality, test design issues, and missing test scenarios during a repository audit. This agent should be invoked when audit triage flags files with test quality concerns. <example> Context: The audit triage flagged tests/api/ and tests/auth/ for happy-path-only testing and over-mocking. user: "Run the test quality specialist on the flagged files" assistant: "I'll launch the test-quality-specialist to do a deep review of the test coverage and quality patterns." <commentary> Triage found test quality concerns that need specialist-depth analysis of coverage gaps and test design. </commentary> </example>

Use this agent when reviewing code for type design quality, invariant expression, encapsulation issues, and domain modeling problems during a repository audit. This agent should be invoked when audit triage flags files with type design concerns. <example> Context: The audit triage flagged src/models/user.ts and src/types/order.ts for anemic domain models and exposed mutable state. user: "Run the type design specialist on the flagged files" assistant: "I'll launch the type-design-specialist to do a deep review of the type design patterns." <commentary> Triage found type design concerns that need specialist-depth analysis of invariants and encapsulation. </commentary> </example>