15 commands.

One graded health report across legal risk, supply chain, reliability, maintainability, and bus factor. Pass, concerns, or fail.

Scaffold guardrail configs for the detected stack: linter, formatter, type-checker, tests, CI, .gitignore, license.

Structured review of a diff or path. Off-by-one, error paths, async bugs, null-safety, and the slop tools miss.

Type-checker triage. Runs tsc, mypy, go vet, cargo check. Catches the any and @ts-ignore that silenced the error instead of fixing it.

Runs the suite, reports coverage on the diff, and flags tests that pass while asserting nothing.

ESLint findings plus the AI-slop smells no rule catches: dead abstractions, useless try/catch, impossible guards.

Fix formatting drift. Mechanical, always safe, applied without asking.

Exploitable defects: hardcoded secrets, SQL and shell injection, broken authorization, unsafe deserialization, vulnerable deps.

Dependency license compatibility and IP risk. Copyleft contamination and incompatible licenses, surfaced before legal does.

Unused files, exports, and dependencies. Confirmed before deletion, never guessed.

Dependency health: outdated, deprecated, duplicated, unused. Grouped Safe / Review / Major / Remove / Replace with a fix policy per group.

Performance smells: N+1 queries, synchronous IO on hot paths, unbounded growth, repeated work, bundle bloat.

Documentation drift and the public API surface nobody documented.

Pipeline soundness: real gates instead of green theater, CI security, reproducibility.

Detect the stack, judge structure against that stack's conventions, then report or reorganize files and imports.