All skills
Skillintermediate
Code Quality Audit
Find code quality issues. **NOT for security (use security-auditor) or runtime bugs (use bug-auditor).**
Claude Code Knowledge Pack7/10/2026
Overview
Code Quality Audit
Find code quality issues. NOT for security (use security-auditor) or runtime bugs (use bug-auditor).
Output to .claude/audits/AUDIT_CODE.md.
Status Block (Required)
Every output MUST start with:
---
agent: code-auditor
status: COMPLETE | PARTIAL | SKIPPED | ERROR
timestamp: [ISO timestamp]
duration: [seconds]
findings: [count]
files_scanned: [count]
any_count: [count]
console_log_count: [count]
errors: []
skipped_checks: []
---
Scope (NON-OVERLAPPING)
code-auditor checks:
- Type safety (any usage, unsafe assertions)
- Code complexity (function length, nesting depth)
- Maintainability (file size, code duplication)
- Consistency (naming, patterns, API shapes)
- Dead code and unused imports
- Console.log/debug statements
- TODO/FIXME accumulation
- DRY violations
Does NOT check (use other agents):
SQL injection, XSS, secrets→ security-auditorEmpty catch blocks, resource leaks→ bug-auditorPerformance, bundle size→ perf-auditor
Check
Type Safety
anyusage (should be near zero)- Unsafe type assertions (
as unknown as X) - Missing return types on public functions
- Implicit any from untyped imports
- Non-null assertions (
!) overuse
Complexity
- Functions over 50 lines
- Nesting over 3 levels deep
- Cyclomatic complexity > 10
- Too many parameters (>4)
- Complex conditionals
Maintainability
- God files (>500 lines)
- Duplicate logic across files
- Magic numbers/strings
- Unused exports/imports
- Dead code paths
Consistency
- Inconsistent naming conventions
- Mixed async patterns (callbacks vs promises)
- API response shape inconsistency
- Inconsistent error shapes
- Mixed import styles
Code Hygiene
- Console.log in production code
- TODO/FIXME accumulation (>20)
- Commented-out code
- Unused variables
- Debug code left in
Grep Patterns
# Type safety
grep -rn ": any\\|: any\\[\\]" src --include="*.ts" --include="*.tsx" | wc -l
grep -rn "as unknown as\\|as any" src --include="*.ts" --include="*.tsx" | head -10
grep -rn "!\\." src --include="*.ts" --include="*.tsx" | head -10
# Complexity - long files
find src -name "*.ts" -o -name "*.tsx" | xargs wc -l 2>/dev/null | sort -n | tail -10
# Code hygiene
grep -rn "console.log\\|console.debug\\|console.info" src --include="*.ts" --include="*.tsx" | wc -l
grep -rn "TODO\\|FIXME\\|HACK\\|XXX" src --include="*.ts" --include="*.tsx" | wc -l
grep -rn "// .*import\\|// .*const\\|// .*function" src --include="*.ts" --include="*.tsx" | head -10
# Consistency
grep -rn "async.*callback\\|\\.then.*async" src --include="*.ts" | head -5
# Duplicate patterns
grep -rn "email.*@.*\\." src --include="*.ts" | head -10
grep -rn "\\.test\\s*(" src --include="*.ts" | head -10
# Magic numbers
grep -rn "[^0-9a-zA-Z_][0-9]\\{3,\\}[^0-9a-zA-Z_]" src --include="*.ts" | grep -v "port\\|year\\|1000\\|status" | head -10
# Unused imports (rough check)
grep -rn "^import.*from" src --include="*.ts" | head -20
Output
# Code Quality Audit
---
agent: code-auditor
status: [COMPLETE|PARTIAL|SKIPPED]
timestamp: [ISO timestamp]
duration: [X seconds]
findings: [X]
files_scanned: [X]
any_count: [X]
console_log_count: [X]
errors: [list any errors]
skipped_checks: [list checks that couldn't run]
---
## Summary
| Category | Count |
|----------|-------|
| Type Safety | X |
| Complexity | X |
| Maintainability | X |
| Consistency | X |
| Code Hygiene | X |
## Metrics
| Metric | Value | Target | Status |
|--------|-------|--------|--------|
| `any` usage | X | < 5 | PASS/FAIL |
| console.log count | X | 0 | PASS/FAIL |
| TODO/FIXME count | X | < 20 | PASS/FAIL |
| Files > 500 lines | X | 0 | PASS/FAIL |
| Functions > 50 lines | X | 0 | PASS/FAIL |
## Critical
### CODE-001: Excessive `any` Usage
**Count:** 47 occurrences
**Files:** Multiple
**Issue:** Type safety is compromised, bugs go undetected
**Top offenders:**
- `src/lib/api.ts:23` - `response: any`
- `src/utils/helpers.ts:45` - `data: any[]`
- `src/hooks/useData.ts:12` - `params: any`
**Fix:** Replace with proper types or `unknown` with type guards
### CODE-002: God File Too Large
**File:** `src/components/Dashboard.tsx` (847 lines)
**Issue:** Too large to understand, test, or maintain
**Fix:** Split into:
- `DashboardHeader.tsx`
- `DashboardMetrics.tsx`
- `DashboardTable.tsx`
- `useDashboardData.ts`
## High
### CODE-003: Function Too Complex
**File:** `src/lib/dataProcessor.ts:145`
**Function:** `processUserData` (89 lines, 6 levels deep)
**Issue:** Too complex to test or modify safely
**Fix:** Extract logical blocks:
```typescript
// Before: one giant function
function processUserData(data) { /* 89 lines */ }
// After: composed of smaller functions
function processUserData(data) {
const validated = validateInput(data);
const normalized = normalizeData(validated);
const enriched = enrichWithDefaults(normalized);
return formatOutput(enriched);
}
CODE-004: Console.log in Production
Count: 23 occurrences Files:
src/components/Form.tsx:45-console.log('form data:', data)src/hooks/useAuth.tsx:23-console.log('user:', user)src/lib/api.ts:67-console.log('response:', res)Fix: Remove or replace with proper logging library
Medium
CODE-005: Duplicate Validation Logic
Files:
src/components/LoginForm.tsx:34src/components/RegisterForm.tsx:28src/app/api/auth/route.ts:15Issue: Same email validation in 3 places
// Duplicated in multiple files
if (!email || !email.includes('@')) { ... }
Fix: Create shared validation utility
// src/lib/validation.ts
CODE-006: Inconsistent API Response Shape
Files:
src/app/api/users/route.ts:34- Returns{ data: users }src/app/api/products/route.ts:28- Returns raw array[...]src/app/api/orders/route.ts:41- Returns{ items: orders }Fix: Standardize to consistent shape:
// Standard response shape
type ApiResponse = {
data: T;
meta?: { total: number; page: number };
error?: string;
};
CODE-007: Magic Numbers
Files:
src/lib/cache.ts:12-setTimeout(() => {}, 300000)src/utils/pagination.ts:8-const limit = 25src/hooks/useRetry.ts:15-for (let i = 0; i < 3; i++)Fix: Extract to named constants
const CACHE_TTL_MS = 5 * 60 * 1000; // 5 minutes
const DEFAULT_PAGE_SIZE = 25;
const MAX_RETRY_ATTEMPTS = 3;
Low
CODE-008: TODO/FIXME Accumulation
Count: 34 items Oldest:
src/lib/legacy.ts:12-// TODO: migrate to new API(2023-01-15)src/utils/helpers.ts:89-// FIXME: edge case(2023-03-22) Fix: Triage and address or convert to issues
CODE-009: Commented-Out Code
Files:
src/components/Header.tsx:45-67- 22 lines commented outsrc/lib/api.ts:112-125- Old implementation Fix: Remove dead code (use git for history)
CODE-010: Inconsistent Naming
Examples:
getUserDatavsfetchUservsloadUserInfoisLoadingvsloadingvsisProcessinghandleClickvsonClickvsonButtonClickFix: Establish naming conventions in CONTRIBUTING.md
Checklist
Must Fix
- Reduce
anyusage to < 5 - Remove all console.log statements
- Split files > 500 lines
- Simplify functions > 50 lines
Should Fix
- Extract duplicate logic
- Standardize API responses
- Replace magic numbers
- Address critical TODOs
Recommended
- Add lint rules for complexity
- Set up pre-commit hooks
- Document naming conventions
- Regular code review
## Execution Logging
After completing, append to `.claude/audits/EXECUTION_LOG.md`:
| [timestamp] | code-auditor | [status] | [duration] | [findings] | [errors] |
## Output Verification
Before completing:
1. Verify `.claude/audits/AUDIT_CODE.md` was created
2. Verify file has content beyond headers
3. If no issues found, write "No code quality issues detected" (not empty file)
Focus on maintainability and consistency. **Do NOT duplicate security or bug checks.**