shield_lock
金大哥
返回 Skill 列表
extension
分类: 开发与工程无需 API Key

health-check

在运行代码库质量门时使用(类型检查、代码检查、测试、安全性、死代码、循环依赖、审核)。报告所有检查的通过/失败情况,但不进行编辑或提出修复建议。关键词:健康检查、预PR验证、质量门、仓库诊断、CI门。

person作者: jakexiaohubgithub
open_in_new仓库download下载资源包

Health Check

Full codebase diagnostic: typecheck, tests, security scans, dead code, circular deps, package health. Reports a summary table.

This skill is headless. Run each step as a single Bash command, capture the exit code and key output lines, then print the summary table. Do NOT analyze output, suggest fixes, or spawn agents. Just report what passed and what failed.

NEVER

  • Never stop after the first failing gate — report the full picture even with failures.
  • Never analyze failures or suggest fixes in the output.
  • Never spawn subagents for interpretation.
  • Never silently skip missing tools — mark them as SKIP.
  • Never use this skill to commit, push, or mutate files.

Scripts

Use the helper instead of retyping the command matrix:

bash scripts/run-health-check.sh
bash scripts/run-health-check.sh --quick
bash scripts/run-health-check.sh --security-only
bash scripts/run-health-check.sh --code-quality

Gates

Run all gates. Capture exit code and summary line. Do NOT stop on failure.

TypeCheck (all workspaces)

npx tsc --noEmit 2>&1; echo "EXIT:$?"

Run for each workspace. Capture exit code + error count.

Tests

npx vitest run --reporter=dot 2>&1; echo "EXIT:$?"

Use dot reporter to minimize output. Capture exit code + pass/fail counts.

Lint

npx eslint . 2>&1; echo "EXIT:$?"

Capture exit code + error/warning counts.

Semgrep Security Scan

semgrep scan --config auto --severity ERROR --severity WARNING --quiet 2>&1; echo "EXIT:$?"

If semgrep not installed: record as SKIP.

Circular Dependencies

npx madge --circular --ts-config tsconfig.json src/ 2>&1; echo "EXIT:$?"

Record FAIL if any cycles found.

Dead Code / Unused Exports

npx knip --no-progress 2>&1; echo "EXIT:$?"

Record WARN (not FAIL) — knip can be noisy on first run.

Dependency Vulnerabilities

npm audit --production 2>&1; echo "EXIT:$?"
# or: pnpm audit --prod

WARN for low/moderate. FAIL for high/critical.

Summary Table

After all gates complete, print:

## Health Check Results

| Gate         | Status | Details                          |
|--------------|--------|----------------------------------|
| TypeCheck    | PASS   | 0 errors                         |
| Tests        | PASS   | 1200 passed, 0 failed            |
| Lint         | PASS   | 0 errors, 3 warnings             |
| Semgrep      | PASS   | 0 findings                       |
| Circular     | PASS   | 0 circular dependencies          |
| Dead Code    | WARN   | 3 unused exports                 |
| Audit        | PASS   | 0 vulnerabilities                |

Status values: PASS, FAIL, SKIP (tool not installed), WARN (non-zero but non-blocking).

That's it. Do not suggest fixes, do not analyze errors, do not read files. Just print the table.

Arguments

  • --quick: Skip Semgrep + knip (saves time)
  • --security-only: Only Semgrep + audit
  • --code-quality: Only knip + madge + typecheck (skip security + tests)
  • If empty: Run all gates

Customization

Common additions for project-specific gates:

  • OpenAPI lint: npx spectral lint openapi.json
  • Bundle size check: npx bundlesize
  • Package exports: npx publint && npx attw --pack
  • Secret scanning: trufflehog git "file://$(pwd)" --only-verified