Skip to main content
lustra.

Reference

18 commands.

Grouped by where they belong in the lifecycle. Each runs the actual tool, then triages the output instead of trusting it.

Day one

Assess / Start

I inherited this. What is actually in here?

audit

/lustra audit

One graded health report across legal risk, supply chain, reliability, maintainability, and bus factor. Pass, concerns, or fail.

baseline

/lustra baseline

Scaffold guardrail configs for the detected stack: linter, formatter, type-checker, tests, CI, .gitignore, license.

While building

Iterate

Is this diff sound before it lands?

review

/lustra review

Structured review of a diff or path. Off-by-one, error paths, async bugs, null-safety, and the slop tools miss.

types

/lustra types

Type-checker triage. Runs tsc, mypy, go vet, cargo check. Catches the any and @ts-ignore that silenced the error instead of fixing it.

tests

/lustra tests

Runs the suite, reports coverage on the diff, and flags tests that pass while asserting nothing.

analyze

/lustra analyze

Linter findings plus the AI-slop smells no rule catches: dead abstractions, useless try/catch, impossible guards.

format

/lustra format

Formatting drift, fixed mechanically with nothing else touched. Drifted files listed for approval, then written.

Before ship

Polish

What breaks in production that nobody saw?

security

/lustra security src/api

Exploitable defects: hardcoded secrets, SQL and shell injection, broken authorization, unsafe deserialization, vulnerable deps.

license

/lustra license

Dependency license compatibility and IP risk. Copyleft contamination and incompatible licenses, surfaced before legal does.

deadcode

/lustra deadcode

Unused files, exports, and dependencies. Confirmed before deletion, never guessed.

deps

/lustra deps

Dependency health: outdated, deprecated, duplicated. Risk-ranked Safe / Review / Major / Replace, handing deletion to deadcode, vulnerabilities to security, and majors to migrate.

design

/lustra design

Design quality of a module: god objects, leaky one-caller abstractions, import cycles, inverted dependencies. SOLID for OO stacks, cohesion and coupling for the rest.

observability

/lustra observability

Logging good enough to diagnose a production failure from the outside: swallowed errors, missing context, secrets in logs, uninstrumented critical paths.

perf

/lustra perf

Performance smells: N+1 queries, synchronous IO on hot paths, unbounded growth, repeated work, bundle bloat.

docs

/lustra docs

Documentation drift and the public API surface nobody documented.

Ongoing

Maintain

Is the pipeline still gating anything?

migrate

/lustra migrate

One major dependency upgrade, isolated and verified. Reads the breaking changes, runs the codemod, applies as a single reviewable change, runs the suite.

ci

/lustra ci

Pipeline soundness: real gates instead of green theater, CI security, reproducibility.

structure

/lustra structure

Detect the stack, judge structure against that stack's conventions, then report or reorganize files and imports.