11 KiB
11 KiB
Bulletproof React Auditor Skill
Comprehensive audit tool for React/TypeScript codebases based on Bulletproof React architecture principles
An Anthropic Skill that analyzes React applications for architectural issues, component anti-patterns, state management problems, and generates prioritized migration plans for adopting Bulletproof React patterns.
Features
- Progressive Disclosure: Three-phase analysis (Discovery → Deep Analysis → Migration Plan)
- React-Specific: Tailored for React 16.8+ (hooks-based applications)
- Comprehensive Analysis:
- Project Structure (feature-based vs flat)
- Component Architecture (colocation, composition, size)
- State Management (appropriate tools for each state type)
- API Layer (centralized, type-safe patterns)
- Testing Strategy (testing trophy compliance)
- Styling Patterns (component libraries, utility CSS)
- Error Handling (boundaries, interceptors, tracking)
- Performance (code splitting, memoization, optimization)
- Security (authentication, authorization, XSS prevention)
- Standards Compliance (ESLint, TypeScript, naming conventions)
- Multiple Report Formats: Markdown, JSON, migration roadmaps
- Prioritized Migration Plans: P0-P3 severity with effort estimates
- ASCII Structure Diagrams: Visual before/after comparisons
- Industry Standards: Based on Bulletproof React best practices
Installation
Option 1: Claude Code (Recommended)
- Clone or copy the
bulletproof-react-auditordirectory to your Claude skills directory - Ensure Python 3.8+ is installed
- No additional dependencies required (uses Python standard library)
Option 2: Manual Installation
cd ~/.claude/skills
git clone https://github.com/your-org/bulletproof-react-auditor.git
Usage with Claude Code
Basic Audit
Audit this React codebase using the bulletproof-react-auditor skill.
Structure-Focused Audit
Run a structure audit on this React app against Bulletproof React patterns.
Generate Migration Plan
Audit this React app and generate a migration plan to Bulletproof React architecture.
Custom Scope
Audit this React codebase focusing on:
- Project structure and feature organization
- Component architecture patterns
- State management approach
Direct Script Usage
# Full audit with Markdown report
python scripts/audit_engine.py /path/to/react-app --output audit.md
# Structure-focused audit
python scripts/audit_engine.py /path/to/react-app --scope structure,components --output report.md
# Generate migration plan
python scripts/audit_engine.py /path/to/react-app --migration-plan --output migration.md
# JSON output for CI/CD integration
python scripts/audit_engine.py /path/to/react-app --format json --output audit.json
# Quick health check only (Phase 1)
python scripts/audit_engine.py /path/to/react-app --phase quick
Output Formats
Markdown (Default)
Human-readable report with:
- ASCII structure diagrams (before/after)
- Detailed findings with code examples
- Step-by-step migration guidance
- Suitable for PRs, documentation, team reviews
JSON
Machine-readable format for CI/CD integration:
{
"summary": {
"compliance_score": 72,
"grade": "C",
"critical_issues": 3,
"migration_effort_days": 15
},
"findings": [...],
"metrics": {...},
"migration_plan": [...]
}
Migration Plan
Prioritized roadmap with:
- P0-P3 priority levels
- Effort estimates per task
- Dependency chains
- Before/after code examples
- ADR templates
Audit Criteria
The skill audits based on 10 Bulletproof React categories:
1. Project Structure
- Feature-based organization (80%+ code in features/)
- Unidirectional dependencies (shared → features → app)
- No cross-feature imports
- Proper feature boundaries
2. Component Architecture
- Component colocation (near usage)
- Limited props (< 7-10 per component)
- No large components (< 300 LOC)
- No nested render functions
- Proper abstraction (identify repetition first)
3. State Management
- Appropriate tool for each state type
- Local state preferred over global
- Server cache separated (React Query/SWR)
- Form state managed (React Hook Form)
- URL state utilized
4. API Layer
- Centralized API client
- Type-safe request declarations
- Colocated in features/
- Data fetching hooks
- Error handling
5. Testing Strategy
- Testing trophy (70% integration, 20% unit, 10% E2E)
- Semantic queries (getByRole preferred)
- User behavior testing (not implementation)
- 80%+ coverage on critical paths
6. Styling Patterns
- Consistent approach (component library or utility CSS)
- Colocated styles
- Design system usage
7. Error Handling
- API error interceptors
- Multiple error boundaries
- Error tracking service
- User-friendly messages
8. Performance
- Code splitting at routes
- Memoization patterns
- State localization
- Image optimization
- Bundle size monitoring
9. Security
- JWT with HttpOnly cookies
- Authorization (RBAC/PBAC)
- Input sanitization
- XSS prevention
10. Standards Compliance
- ESLint configured
- TypeScript strict mode
- Prettier setup
- Git hooks (Husky)
- Absolute imports
- Kebab-case naming
See reference/audit_criteria.md for complete checklist.
Severity Levels
-
Critical (P0): Fix immediately (within 24 hours)
- Security vulnerabilities, breaking architectural patterns
-
High (P1): Fix this sprint (within 2 weeks)
- Major architectural violations, significant refactoring needed
-
Medium (P2): Fix next quarter (within 3 months)
- Component design issues, state management improvements
-
Low (P3): Backlog
- Styling consistency, minor optimizations
See reference/severity_matrix.md for detailed criteria.
Migration Approach
Phase 1: Foundation (Week 1-2)
- Create feature folders structure
- Move shared utilities to proper locations
- Set up absolute imports
- Configure ESLint for architecture rules
Phase 2: Feature Extraction (Week 3-6)
- Identify feature boundaries
- Move components to features/
- Colocate API calls with features
- Extract feature-specific state
Phase 3: Refinement (Week 7-10)
- Refactor large components
- Implement proper state management
- Add error boundaries
- Optimize performance
Phase 4: Polish (Week 11-12)
- Improve test coverage
- Add documentation
- Implement remaining patterns
- Final review
Examples
See the examples/ directory for:
- Sample audit report (React app before Bulletproof)
- Complete migration plan with timeline
- Before/after structure comparisons
- Code transformation examples
Architecture
bulletproof-react-auditor/
├── SKILL.md # Skill definition (Claude loads this)
├── README.md # This file
├── scripts/
│ ├── audit_engine.py # Core orchestrator
│ ├── analyzers/ # Specialized analyzers
│ │ ├── project_structure.py # Folder organization
│ │ ├── component_architecture.py # Component patterns
│ │ ├── state_management.py # State analysis
│ │ ├── api_layer.py # API patterns
│ │ ├── testing_strategy.py # Test quality
│ │ ├── styling_patterns.py # Styling approach
│ │ ├── error_handling.py # Error boundaries
│ │ ├── performance_patterns.py # React performance
│ │ ├── security_practices.py # React security
│ │ └── standards_compliance.py # ESLint, TS, Prettier
│ ├── report_generator.py # Multi-format reports
│ └── migration_planner.py # Prioritized roadmaps
├── reference/
│ ├── bulletproof_principles.md # Complete BR guide
│ ├── audit_criteria.md # Full checklist
│ ├── severity_matrix.md # Issue prioritization
│ └── migration_patterns.md # Common refactorings
└── examples/
├── sample_audit_report.md
├── migration_plan.md
└── before_after_structure.md
Extending the Skill
Adding a New Analyzer
- Create
scripts/analyzers/your_analyzer.py - Implement
analyze(codebase_path, metadata)function - Add to
ANALYZERSdict inaudit_engine.py
Example:
def analyze(codebase_path: Path, metadata: Dict) -> List[Dict]:
"""Analyze specific Bulletproof React pattern."""
findings = []
# Your analysis logic here
findings.append({
'severity': 'high',
'category': 'your_category',
'title': 'Issue title',
'current_state': 'What exists now',
'target_state': 'Bulletproof recommendation',
'migration_steps': ['Step 1', 'Step 2'],
'effort': 'medium',
})
return findings
CI/CD Integration
GitHub Actions Example
name: Bulletproof React Audit
on: [pull_request]
jobs:
audit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Bulletproof Audit
run: |
python bulletproof-react-auditor/scripts/audit_engine.py . \
--format json \
--output audit-report.json
- name: Check Compliance Score
run: |
SCORE=$(jq '.summary.compliance_score' audit-report.json)
if [ "$SCORE" -lt 70 ]; then
echo "❌ Compliance score $SCORE below threshold (70)"
exit 1
fi
Best Practices
- Audit Before Major Refactoring: Establish baseline before starting
- Incremental Migration: Don't refactor everything at once
- Feature-by-Feature: Migrate one feature at a time
- Test Coverage First: Ensure tests before restructuring
- Team Alignment: Share Bulletproof React principles with team
- Document Decisions: Create ADRs for architectural changes
- Track Progress: Re-run audits weekly to measure improvement
Connor's Standards Integration
This skill enforces Connor's specific requirements:
- TypeScript Strict Mode: No
anytypes allowed - Test Coverage: 80%+ minimum on all code
- Testing Trophy: 70% integration, 20% unit, 10% E2E
- Modern Testing: Semantic queries (getByRole) preferred
- No Brittle Tests: Avoid testing implementation details
- Code Quality: No console.log, no
var, strict equality - Git Standards: Conventional commits, proper branch naming
Limitations
- Static analysis only (no runtime profiling)
- React 16.8+ required (hooks-based)
- Best suited for SPA/SSG patterns
- Next.js apps may have additional patterns
- Large codebases may need scoped analysis
- Does not execute tests (analyzes test files)
Version
1.0.0 - Initial release
Standards Compliance
Based on:
- Bulletproof React Official Guide
- Kent C. Dodds Testing Trophy
- React Best Practices 2024-25
- TypeScript Strict Mode Guidelines
- Connor's Development Standards
License
Apache 2.0 (example skill for demonstration)
Built with: Python 3.8+ Anthropic Skill Version: 1.0 Last Updated: 2024-10-25 Bulletproof React Version: Based on v2024 guidelines