A code-hygiene skill for AI coding agents
Your AI ships
code that lies.
It runs. It looks fine. It is quietly wrong. Lustra makes your agent run the real tooling, then triage the output with judgment, so the slop never reaches main.
npx skills add breim/lustra1 skill. 15 commands. From first commit to technical due diligence.
A green pipeline that gates nothing.
Tests that pass while asserting nothing.
Error handling that swallows the error.
An any cast where the bug was.
This is what AI-assisted code looks like at scale. Not broken enough to fail. Just wrong enough to cost you later. The layer nobody looks at is the one that decides whether the work is sound.
Linters catch a slice.
The rest needs judgment on top of real tools. Here is the slice they miss, the one that compounds.
- abstractionDead abstractions: an interface with one implementation, a factory that builds one thing.
- errorsFake error handling: a try/catch that logs and rethrows, or worse, swallows.
- testsTests that run, go green, and assert nothing of consequence.
- depsDependencies nobody imports, and one with a known CVE nobody noticed.
- typesA type error made quiet with any instead of made correct.
- ciA pipeline that is green because the gate never actually ran.
How it works
It does not guess where a tool would. It runs the tool and applies judgment.
It runs the actual tools
npm audit, knip, eslint, tsc, your test runner, prettier, license-checker. Real output, not a guess about what a tool would say.
It triages the output
Filters false positives. Ranks by real risk, not severity theater. Separates what is mechanically safe from what needs a human.
It fixes, or proposes
Auto-applies only the safe changes. Everything that needs judgment arrives as a reviewable diff. No silent scope creep.
One skill, the whole lifecycle
From the first commit to technical due diligence.
The 15 commands
Each one wraps real tooling.
- /lustra auditOne graded health report across legal risk, supply chain, reliability, maintainability, and bus factor. Pass, concerns, or fail.
- /lustra baselineScaffold guardrail configs for the detected stack: linter, formatter, type-checker, tests, CI, .gitignore, license.
- /lustra reviewStructured review of a diff or path. Off-by-one, error paths, async bugs, null-safety, and the slop tools miss.
- /lustra typesType-checker triage. Runs tsc, mypy, go vet, cargo check. Catches the any and @ts-ignore that silenced the error instead of fixing it.
- /lustra testsRuns the suite, reports coverage on the diff, and flags tests that pass while asserting nothing.
- /lustra lintESLint findings plus the AI-slop smells no rule catches: dead abstractions, useless try/catch, impossible guards.
- /lustra prettierFix formatting drift. Mechanical, always safe, applied without asking.
- /lustra securityExploitable defects: hardcoded secrets, SQL and shell injection, broken authorization, unsafe deserialization, vulnerable deps.
- /lustra licenseDependency license compatibility and IP risk. Copyleft contamination and incompatible licenses, surfaced before legal does.
- /lustra deadcodeUnused files, exports, and dependencies. Confirmed before deletion, never guessed.
- /lustra libsDependency health: outdated, deprecated, duplicated, unused. Grouped Safe / Review / Major / Remove / Replace with a fix policy per group.
- /lustra perfPerformance smells: N+1 queries, synchronous IO on hot paths, unbounded growth, repeated work, bundle bloat.
- /lustra docsDocumentation drift and the public API surface nobody documented.
- /lustra ciPipeline soundness: real gates instead of green theater, CI security, reproducibility.
- /lustra structureDetect the stack, judge structure against that stack's conventions, then report or reorganize files and imports.
Install
One command. It finds your agents.
Add it through the skills CLI, or install globally and let it auto-detect every harness you already have.
npx skills add breim/lustranpm i -g lustra-cli && lustra helpAuto-detected harnesses
- Claude Code~/.claude
- Cursor~/.cursor
- Gemini CLI~/.gemini
- Codex CLI~/.codex
- VS Code Copilot~/.github
- Kiro~/.kiro
- OpenCode~/.opencode
- Qoder~/.qoder
The rules it operates under.
Surgical, not bulk
It touches only what the command targeted. No drive-by refactors riding along with a lint fix.
Confirm before it cuts
Deleting code or a dependency is proposed and confirmed, never silently decided.
Honest when blind
If a tool is missing, it says so instead of pretending the scan was complete.
Runs on your machine
A skill inside your existing harness, invoking local tooling. No service, nothing uploaded.
Questions worth asking.
Make it clean up after itself.
Free, open source, MIT licensed. It runs the tool and applies judgment, so you do not have to read every line your agent wrote.
npx skills add breim/lustra