audit
/lustra auditOne graded health report across legal risk, supply chain, reliability, maintainability, and bus factor. Pass, concerns, or fail.
Reference
Grouped by where they belong in the lifecycle. Each runs the actual tool, then triages the output instead of trusting it.
“I inherited this. What is actually in here?”
/lustra auditOne graded health report across legal risk, supply chain, reliability, maintainability, and bus factor. Pass, concerns, or fail.
/lustra baselineScaffold guardrail configs for the detected stack: linter, formatter, type-checker, tests, CI, .gitignore, license.
“Is this diff sound before it lands?”
/lustra reviewStructured review of a diff or path. Off-by-one, error paths, async bugs, null-safety, and the slop tools miss.
/lustra typesType-checker triage. Runs tsc, mypy, go vet, cargo check. Catches the any and @ts-ignore that silenced the error instead of fixing it.
/lustra testsRuns the suite, reports coverage on the diff, and flags tests that pass while asserting nothing.
/lustra analyzeLinter findings plus the AI-slop smells no rule catches: dead abstractions, useless try/catch, impossible guards.
/lustra formatFormatting drift, fixed mechanically with nothing else touched. Drifted files listed for approval, then written.
“What breaks in production that nobody saw?”
/lustra security src/apiExploitable defects: hardcoded secrets, SQL and shell injection, broken authorization, unsafe deserialization, vulnerable deps.
/lustra licenseDependency license compatibility and IP risk. Copyleft contamination and incompatible licenses, surfaced before legal does.
/lustra deadcodeUnused files, exports, and dependencies. Confirmed before deletion, never guessed.
/lustra depsDependency health: outdated, deprecated, duplicated. Risk-ranked Safe / Review / Major / Replace, handing deletion to deadcode, vulnerabilities to security, and majors to migrate.
/lustra designDesign quality of a module: god objects, leaky one-caller abstractions, import cycles, inverted dependencies. SOLID for OO stacks, cohesion and coupling for the rest.
/lustra observabilityLogging good enough to diagnose a production failure from the outside: swallowed errors, missing context, secrets in logs, uninstrumented critical paths.
/lustra perfPerformance smells: N+1 queries, synchronous IO on hot paths, unbounded growth, repeated work, bundle bloat.
/lustra docsDocumentation drift and the public API surface nobody documented.
“Is the pipeline still gating anything?”
/lustra migrateOne major dependency upgrade, isolated and verified. Reads the breaking changes, runs the codemod, applies as a single reviewable change, runs the suite.
/lustra ciPipeline soundness: real gates instead of green theater, CI security, reproducibility.
/lustra structureDetect the stack, judge structure against that stack's conventions, then report or reorganize files and imports.