Stats
Actions
Tags
From ai-workflow
Runs preflight code quality checks (linting, typechecking, tests) by auto-detecting configs in JavaScript/TypeScript, Python, Go, Rust, .NET projects and offers to fix issues.
How this skill is triggered — by the user, by Claude, or both
Slash command
/ai-workflow:workflow-preflightThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are running a comprehensive preflight check on this codebase. This command discovers and runs configured quality checks including type checking, linting, and tests.
You are running a comprehensive preflight check on this codebase. This command discovers and runs configured quality checks including type checking, linting, and tests.
--fix - Automatically attempt to fix issues without prompting--check-only - Only report issues, never prompt to fix--verbose - Show detailed output from all commandsUser provided: $ARGUMENTS
First, analyze the project to discover configured quality tools. Check for:
package.json - Check for scripts: lint, typecheck, type-check, tsc, test, check, validatetsconfig.json / jsconfig.json - TypeScript/JavaScript configuration.eslintrc*, eslint.config.* - ESLint configurationbiome.json, biome.jsonc - Biome configuration.prettierrc*, prettier.config.* - Prettier configurationdeno.json / deno.jsonc - Deno configuration.stylelintrc* - Stylelint configurationpyproject.toml - Check for ruff, mypy, pytest, black, isort configssetup.py / setup.cfg - Legacy Python configrequirements.txt / requirements-dev.txt - Dependenciesmypy.ini / .mypy.ini - MyPy configurationruff.toml / .ruff.toml - Ruff configurationpytest.ini / pyproject.toml [tool.pytest] - Pytest configurationtox.ini - Tox configuration*.csproj / *.fsproj / *.vbproj - .NET project files*.sln - Solution files.editorconfig - Editor configuration with .NET analyzersDirectory.Build.props - MSBuild propertiesgo.mod - Go module.golangci.yml / .golangci.yaml - GolangCI-Lint configurationCargo.toml - Check for clippy, rustfmtrustfmt.toml / .rustfmt.toml - Rustfmt configurationclippy.toml / .clippy.toml - Clippy configurationpnpm-lock.yaml / package-lock.json / yarn.lock - Dependency audit support.semgreprc.yml / .semgrep.yml / semgrep.yml / .semgrep/ - Semgrep configuration.github/workflows/*.yml - Check for semgrep CI jobs (extract config flags)eslint-plugin-security in devDependencies - ESLint security rulespackage.json scripts containing audit or semgrep - Custom security scriptsREADME.md / CONTRIBUTING.md - Check for documented security scanning commandsMakefile / makefile - Check for lint/test/check targets.pre-commit-config.yaml - Pre-commit hooksjustfile - Just command runnerPresent a summary of what was discovered:
Preflight Discovery Summary
Project Type: [Node.js / Python / .NET / Go / Rust / Multi-language]
Type Checking: [tool name] via [config file]
Linting: [tool name] via [config file]
Testing: [tool name] via [config file]
Formatting: [tool name] via [config file]
Security Scanning: [tool name(s)] via [config file/method]
Not configured: [any missing categories]
Ready to run checks?
Run the discovered checks in this order:
CRITICAL: If Semgrep was detected in discovery (CI workflows, config files, or README), you MUST run it. Do NOT skip Semgrep and report "All checks passed" without running it.
For each check, report:
Node.js/TypeScript:
npx tsc --noEmit or npm run typechecknpx eslint . --max-warnings=0 or npm run lintnpx biome check .npm test or npx jest or npx vitest runPython:
mypy . or mypy src/ruff check .pytest or python -m pytestblack --check ..NET:
dotnet build --warnaserrordotnet format --verify-no-changesdotnet testGo:
go build ./...golangci-lint rungo test ./...Rust:
cargo checkcargo clippy -- -D warningscargo testcargo fmt --checkDependency Audits (run based on detected package manager):
pnpm audit or pnpm audit:check (if script exists in package.json)npm audityarn auditpip-audit (if installed) or safety check (if installed)cargo audit (if installed)Semgrep (static analysis - MUST run if detected in CI or config):
IMPORTANT: If Semgrep is detected in CI workflows or config files, you MUST run it as part of preflight checks. Do not skip it.
Detection order:
pnpm run semgrep or npm run semgrep).semgreprc.yml, .semgrep.yml, semgrep.yml, or .semgrep/ directory.github/workflows/*.yml for semgrep jobs - extract --config flags used in CIREADME.md for documented semgrep commands - ALWAYS check this before trying generic Docker commands, as projects often document the exact command needed for their setupsemgrep CLI is available locally: semgrep --versiondocker --versionSemgrep execution:
semgrep scan --config .semgreprc.yml (or detected config)semgrep scan --config autosemgrep scan --config auto --config p/javascript --config p/typescriptDocker execution (AUTOMATIC PLATFORM DETECTION):
CRITICAL: You MUST detect the platform and use the correct command automatically. Check the platform from the environment context.
If platform is win32 (Windows): ALWAYS use MSYS_NO_PATHCONV=1 prefix for Docker commands:
MSYS_NO_PATHCONV=1 docker run --rm -v "$(pwd):/src" semgrep/semgrep semgrep scan --config auto /src
If platform is darwin (macOS) or linux: Use standard Docker command:
docker run --rm -v "$(pwd):/src" semgrep/semgrep semgrep scan --config auto /src
Why this matters on Windows: Git Bash/MSYS2 performs automatic POSIX-to-Windows path conversion. Without MSYS_NO_PATHCONV=1, the Docker volume mount /src gets incorrectly converted to C:/Program Files/Git/src, causing Semgrep to fail with "Invalid scanning root" error.
DO NOT try the command without the prefix first on Windows - use the correct platform-specific command immediately.
ESLint Security Plugin:
eslint-plugin-security is detected in devDependencies, security rules are already included in the linting stepPresent results in a clear summary:
Preflight Results
Type Checking Passed
Linting 3 errors, 2 warnings
Formatting 5 files need formatting
Security Audit 2 vulnerabilities found
Security SAST Passed (semgrep)
Tests 42 passed, 0 failed
Overall: Issues found
If issues were found AND user didn't pass --check-only:
If --fix was passed: Proceed directly to fixing without prompting.
Otherwise, ask:
Would you like me to attempt fixes?
[1] Fix all auto-fixable issues (lint --fix, format, etc.)
[2] Fix only linting issues
[3] Fix only formatting issues
[4] Show me the specific issues first
[5] Skip fixes - I'll handle it manually
Enter choice (1-5):
Wait for user input before proceeding.
When fixing:
eslint --fix, ruff --fix, prettier --write)Fix Results
Auto-fixed:
3 linting errors resolved
5 files formatted
Still needs attention:
1 type error in src/utils.ts:42
Property 'foo' does not exist on type 'Bar'
--fix was explicitly passednpm run lint over raw eslint)If a tool fails to run:
Could not run [tool]: [error message]
Suggestion: [how to install or configure]
If no quality tools are configured:
No quality tools detected in this project.
Would you like me to help set up:
[1] TypeScript type checking
[2] ESLint for linting
[3] Prettier for formatting
[4] A testing framework
[5] Skip setup
This skill provides comprehensive guidance for discovering and running code quality checks across different project types.
Preflight checks are the quality gates that verify code before commits, PRs, or deployments. They typically include:
| Check | Command | Auto-fix |
|---|---|---|
| TypeScript | npx tsc --noEmit | N/A (manual) |
| ESLint | npx eslint . | npx eslint . --fix |
| Biome | npx biome check . | npx biome check . --write |
| Prettier | npx prettier --check . | npx prettier --write . |
| Jest | npx jest | N/A |
| Vitest | npx vitest run | N/A |
Prefer npm scripts when available:
# Check package.json scripts first
npm run lint # if exists
npm run typecheck # if exists
npm run test # if exists
npm run check # often runs all checks
| Check | Command | Auto-fix |
|---|---|---|
| MyPy | mypy . | N/A (manual) |
| Ruff lint | ruff check . | ruff check . --fix |
| Ruff format | ruff format --check . | ruff format . |
| Black | black --check . | black . |
| isort | isort --check . | isort . |
| Pytest | pytest | N/A |
With pyproject.toml (modern Python):
# Check for [tool.X] sections
ruff check . && ruff format --check . # Ruff (fast, recommended)
mypy src/ # Type checking
pytest # Tests
| Check | Command | Auto-fix |
|---|---|---|
| Build | dotnet build | N/A |
| Build strict | dotnet build --warnaserror | N/A |
| Format check | dotnet format --verify-no-changes | dotnet format |
| Tests | dotnet test | N/A |
| Analyzers | Configured in .editorconfig | N/A |
.NET specific considerations:
<TreatWarningsAsErrors>true</TreatWarningsAsErrors> to .csproj<Nullable>enable</Nullable> for null safety| Check | Command | Auto-fix |
|---|---|---|
| Build | go build ./... | N/A |
| Vet | go vet ./... | N/A |
| golangci-lint | golangci-lint run | golangci-lint run --fix |
| gofmt | gofmt -l . | gofmt -w . |
| Tests | go test ./... | N/A |
| Check | Command | Auto-fix |
|---|---|---|
| Check | cargo check | N/A |
| Clippy | cargo clippy -- -D warnings | cargo clippy --fix |
| Format | cargo fmt --check | cargo fmt |
| Tests | cargo test | N/A |
| Tool | Purpose | Command |
|---|---|---|
| pnpm audit | Dependency CVE scan | pnpm audit or pnpm audit:check |
| npm audit | Dependency CVE scan | npm audit |
| yarn audit | Dependency CVE scan | yarn audit |
| eslint-plugin-security | JS/TS security patterns | Runs with ESLint |
| Semgrep | SAST scanning | semgrep scan --config auto |
| Semgrep (Docker) | SAST scanning | See platform-specific commands below |
| pip-audit | Python dependency scan | pip-audit |
| cargo-audit | Rust dependency scan | cargo audit |
IMPORTANT: If Semgrep is detected in CI workflows or config files, you MUST run it as part of preflight checks. Do not skip it.
Semgrep Detection Priority:
pnpm run semgrep).semgreprc.yml, .semgrep.yml, semgrep.yml, .semgrep/.github/workflows/*.yml (extract --config flags)semgrep --versionSemgrep Docker Commands (AUTOMATIC PLATFORM DETECTION):
CRITICAL: Detect the platform from environment context and use the correct command automatically.
win32): ALWAYS use MSYS_NO_PATHCONV=1 prefix:
MSYS_NO_PATHCONV=1 docker run --rm -v "$(pwd):/src" semgrep/semgrep semgrep scan --config auto /src
darwin) / Linux: Standard command:
docker run --rm -v "$(pwd):/src" semgrep/semgrep semgrep scan --config auto /src
Why MSYS_NO_PATHCONV=1 is required on Windows: Git Bash/MSYS2 auto-converts POSIX paths to Windows paths. Without this prefix, /src becomes C:/Program Files/Git/src, causing "Invalid scanning root" error. DO NOT try without the prefix first on Windows.
Check for presence of key files:
# JavaScript/TypeScript
package.json, tsconfig.json, deno.json
# Python
pyproject.toml, setup.py, requirements.txt, Pipfile
# .NET
*.csproj, *.sln, *.fsproj
# Go
go.mod
# Rust
Cargo.toml
package.json scripts (Node.js):
{
"scripts": {
"lint": "eslint .",
"typecheck": "tsc --noEmit",
"test": "vitest",
"check": "npm run lint && npm run typecheck && npm run test"
}
}
pyproject.toml (Python):
[tool.ruff]
line-length = 100
[tool.mypy]
strict = true
[tool.pytest.ini_options]
testpaths = ["tests"]
Makefile targets:
lint:
ruff check .
test:
pytest
check: lint test
Check for CI files to align local checks with CI:
.github/workflows/*.yml - GitHub Actions (also check for semgrep jobs).gitlab-ci.yml - GitLab CIazure-pipelines.yml - Azure DevOpsJenkinsfile - Jenkins.circleci/config.yml - CircleCICheck for security scanning configuration:
package.json devDependencies for eslint-plugin-securitypackage.json scripts containing audit or semgrep.semgreprc.yml, .semgrep.yml, semgrep.yml--config flags for local replication)README.md for documented security commands (often in Security sections)pnpm-lock.yaml, package-lock.json, yarn.lock) for audit supportRun checks in order of speed and feedback value:
This order provides fastest feedback on failures.
For monorepos, check for workspace configuration:
pnpm-workspace.yamllerna.jsonpackage.json with workspaces fieldCargo.toml with [workspace]Run checks at workspace root or iterate through packages.
Ensure local preflight matches CI:
# Good: Use same commands as CI
npm run lint # Same as CI step
# Avoid: Different commands locally vs CI
eslint . --max-warnings=0 # If CI uses npm run lint
Respect exit codes for CI integration:
0 - Success, no issues1 - Failure, issues found2 - Configuration errorFor faster subsequent runs:
.eslintcache with --cache flagtsconfig.tsbuildinfo with incremental: true.pytest_cachetarget/ directoryTS2339: Property 'x' does not exist on type 'Y'
-> Add property to interface or use type assertion
TS2322: Type 'X' is not assignable to type 'Y'
-> Check type definitions, may need union type
TS7006: Parameter 'x' implicitly has an 'any' type
-> Add explicit type annotation
@typescript-eslint/no-unused-vars
-> Remove unused variable or prefix with _
@typescript-eslint/no-explicit-any
-> Replace 'any' with specific type
import/order
-> Auto-fixable: eslint --fix
mypy: Incompatible return value type
-> Check return type annotation matches actual return
ruff: E501 Line too long
-> Auto-fixable or configure line-length
ruff: F401 Module imported but unused
-> Remove unused import
Preflight checks can be configured as pre-commit hooks:
.pre-commit-config.yaml:
repos:
- repo: local
hooks:
- id: preflight
name: Preflight Checks
entry: npm run check
language: system
pass_filenames: false
Husky (Node.js):
# .husky/pre-commit
npm run lint
npm run typecheck
Some scenarios where partial checks are acceptable:
--no-verify for emergency fixes (use sparingly)Always run full preflight before:
npx claudepluginhub charlesjones-dev/claude-code-plugins-dev --plugin ai-workflowRuns Semgrep scans to detect security vulnerabilities and code quality issues. Supports auto-config, security audits, OWASP Top 10, language-specific rules like Python and TypeScript, and result triage.
Pre-commit quality gate validating logic correctness, error handling, regressions, and completeness in code changes. Auto-fires before commit via cook or on large diffs.
Reviews and verifies code before merge via triage-first checks (up to 16 parallel agents). Pipeline mode verifies vs plans; general mode for PRs/branches/staged changes. Flags findings only.