// 7-category codebase health audit for StarMapper with weighted scoring and tier system. Run before major releases or architectural changes.
| Production-tested setup for Tailwind CSS v4 with shadcn/ui, Vite, and React. Use when: initializing React projects with Tailwind v4, setting up shadcn/ui, implementing dark mode, debugging CSS variable issues, fixing theme switching, migrating from Tailwind v3, or encountering color/theming problems. Covers: @theme inline pattern, CSS variable architecture, dark mode with ThemeProvider, component composition, vite.config setup, common v4 gotchas, and production-tested patterns.
Conventional commit with StarMapper scope auto-detection
Pre-PR code review for StarMapper. Analyzes recent changes for quality, security, performance, and StarMapper-specific patterns. Supports auto-fix loop and multi-agent modes.
Code duplication analysis for StarMapper using jscpd. Detects repeated patterns across geocoding helpers, GitHub API formatting, compression utils, and cache logic.
Add a StarMapper badge (world map of stargazers) to the current repo's README. Detects OWNER/REPO from git remote and inserts the HTML block in the right place.
Recherche et debug dans les logs Vercel (production/preview). Supporte la recherche par pattern, filtre par niveau d'erreur, par route API, par déploiement. Utiliser pour diagnostiquer des erreurs de production, tracer des requêtes ou analyser des crashs.
| name | source-command-tech-audit-codebase |
| description | 7-category codebase health audit for StarMapper with weighted scoring and tier system. Run before major releases or architectural changes. |
Use this skill when the user asks to run the migrated source command tech-audit-codebase.
Performs a scored health audit across 7 categories. Output: tier assessment, weighted global score, and prioritized action plan.
/tech:audit-codebase # Full audit
/tech:audit-codebase --category secrets # Single category
/tech:audit-codebase --fix # Audit + auto-fix safe issues
/tech:audit-codebase --json # JSON output for CI
Each category scored 0–10. Weighted global score:
| Category | Weight | Focus |
|---|---|---|
| Secrets & Tokens | 2x | Env vars, GitHub tokens, API keys in code |
| Security | 2x | XSS, injection, CSP headers |
| Dependencies | 1x | Outdated packages, known CVEs |
| Structure | 1.5x | File naming, import order, conventions |
| Rate Limit Safety | 2x | Nominatim delay, circuit breakers, GitHub limit checks |
| Cache Integrity | 1.5x | GeoCache keys, StargazerCache compression, DB health guards |
| Code Quality | 1x | TypeScript errors, ESLint violations, no-any, no console.log |
Global score = sum(score × weight) / sum(weights)
| Tier | Score | Status |
|---|---|---|
| 🔴 Tier 1 | 0–4 | Critical — block release |
| 🟡 Tier 2 | 5–7 | Improvement required — address within sprint |
| 🟢 Tier 3 | 8–10 | Production ready |
# Search for hardcoded secrets
grep -r "ghp_\|github_pat_\|token.*=.*['\"][a-zA-Z0-9]\{20,\}" src/ --include="*.ts" --include="*.tsx"
grep -r "jawgmap\|geoapify\|neon\.tech" src/ --include="*.ts" --include="*.tsx" | grep -v "process.env"
grep -r "GITHUB_TOKEN\|JAWGMAP\|GEOAPIFY" src/ --include="*.ts" --include="*.tsx" | grep -v "process.env"
Check: All secrets accessed via process.env.*, never hardcoded. .env.local not committed.
Score: 10 if zero hardcoded secrets. -3 per finding.
Check:
next.config.tsdangerouslySetInnerHTML without sanitizationeval() or dynamic require() in API routesScore: 10 if clean. -2 per finding.
rtk pnpm outdated
Check major outdated deps (Next.js, MapLibre, Prisma). Flag known CVEs if any.
Score: 10 if up-to-date. -1 per major outdated, -3 per CVE.
# Check for function keyword (should be arrow functions only)
grep -rn "^export function\|^ function " src/ --include="*.ts" --include="*.tsx"
# Check for interface (should be type)
grep -rn "^export interface\|^interface " src/ --include="*.ts" --include="*.tsx"
# Check for console.log left in code
grep -rn "console\.log" src/ --include="*.ts" --include="*.tsx"
# Check file naming (should be kebab-case)
find src/ -name "*.tsx" -o -name "*.ts" | grep -E "[A-Z]" | grep -v "\.d\.ts"
Score: 10 if clean. -1 per function keyword, -0.5 per interface, -0.5 per console.log.
# Nominatim calls must have delay
grep -rn "callNominatim\|nominatim\|openstreetmap" src/ --include="*.ts"
# Check for Promise.all on geocoding (forbidden)
grep -rn "Promise.all.*geocod\|geocod.*Promise.all" src/ --include="*.ts"
# GitHub rate limit check
grep -rn "X-RateLimit-Remaining\|rateLimit" src/ --include="*.ts"
Check:
X-RateLimit-Remaining before each callPromise.all() on Nominatim callsScore: 10 if all guards present. -3 per missing critical guard.
# Geocache key normalization
grep -rn "toLowerCase.*trim\|trim.*toLowerCase" src/lib/geocoder.ts
# DB health guard on writes
grep -rn "checkDbHealth\|dbHealth" src/lib/user-cache.ts
# Compression before large cache writes
grep -rn "pointsGz\|CompressionStream\|gzip" src/app/\[owner\]/\[repo\]/page.tsx 2>/dev/null || grep -rn "pointsGz\|CompressionStream\|gzip" src/app/ --include="*.tsx"
Check:
location.toLowerCase().trim()checkDbHealth() called before user-level cache writespointsGz, unmappedGz)Score: 10 if all patterns correct. -3 per missing guard.
rtk tsc
pnpm lint
Score: 10 if zero errors. -1 per TypeScript error, -0.5 per ESLint error.
## StarMapper Codebase Audit
**Date**: {date}
**Global Score**: {score}/10 — {Tier 🔴/🟡/🟢}
| Category | Score | Weight | Notes |
|----------|-------|--------|-------|
| Secrets & Tokens | X/10 | 2x | ... |
| Security | X/10 | 2x | ... |
| Dependencies | X/10 | 1x | ... |
| Structure | X/10 | 1.5x | ... |
| Rate Limit Safety | X/10 | 2x | ... |
| Cache Integrity | X/10 | 1.5x | ... |
| Code Quality | X/10 | 1x | ... |
## Critical Issues (block release)
[List of Tier 1 findings]
## Action Plan
### Quick Wins (< 1h)
1. ...
### This Sprint (2-4h)
2. ...
### Backlog
3. ...