elias/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-06-13 23:03:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(skills): add codehealth-mcp skill and CodeScene MCP config (#2077)

Browse Source 
* feat(skills): add codehealth-mcp skill and CodeScene MCP config

* docs(skills): add When to Use, How It Works, and Examples sections

* docs(skills): clarify MCP opt-in, data boundaries, and offline behavior

Address security review on PR #2077: no bundled credentials, document what
tools read locally, failure behavior when MCP is unavailable, and README
wording that Code Health MCP is optional and not enabled by default.

Co-authored-by: Cursor <cursoragent@cursor.com>

---------

Co-authored-by: adnasalk-notus <adna.salkovic@notus.hr>
Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
Adna Salković 2026-06-07 07:26:54 +02:00 committed by GitHub
parent 154d0c7de9
commit 07812091aa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 176 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -608,6 +608,7 @@ ECC/
| |-- perl-testing/ # Perl TDD with Test2::V0, prove, Devel::Cover (NEW) | |-- perl-testing/ # Perl TDD with Test2::V0, prove, Devel::Cover (NEW)
| |-- autonomous-loops/ # Autonomous loop patterns: sequential pipelines, PR loops, DAG orchestration (NEW) | |-- autonomous-loops/ # Autonomous loop patterns: sequential pipelines, PR loops, DAG orchestration (NEW)
| |-- plankton-code-quality/ # Write-time code quality enforcement with Plankton hooks (NEW) | |-- plankton-code-quality/ # Write-time code quality enforcement with Plankton hooks (NEW)
| |-- codehealth-mcp/ # Optional CodeScene Code Health MCP skill (opt-in; not enabled by default) (NEW)
| |
|-- commands/ # Maintained slash-entry compatibility; prefer skills/ |-- commands/ # Maintained slash-entry compatibility; prefer skills/
| |-- plan.md # /plan - Implementation planning | |-- plan.md # /plan - Implementation planning
@ -1348,6 +1349,7 @@ Canonical Anthropic skills such as `claude-api`, `frontend-design`, and `skill-c
| brand-voice | Source-derived writing style profiles from real content | | brand-voice | Source-derived writing style profiles from real content |
| bun-runtime | Bun as runtime, package manager, bundler, and test runner | | bun-runtime | Bun as runtime, package manager, bundler, and test runner |
| coding-standards | Universal coding standards | | coding-standards | Universal coding standards |
| codehealth-mcp | Optional — Code Health MCP (opt-in server + token); structural review and commit/PR gates |
| content-engine | Platform-native social content and repurposing | | content-engine | Platform-native social content and repurposing |
| crosspost | Multi-platform content distribution across X, LinkedIn, Threads | | crosspost | Multi-platform content distribution across X, LinkedIn, Threads |
| deep-research | Multi-source research with synthesis and source attribution | | deep-research | Multi-source research with synthesis and source attribution |

8
mcp-configs/mcp-servers.json
View File

@ -109,6 +109,14 @@
"args": ["-y", "@upstash/context7-mcp@latest"], "args": ["-y", "@upstash/context7-mcp@latest"],
"description": "Live documentation lookup — use with /docs command and documentation-lookup skill (resolve-library-id, query-docs)." "description": "Live documentation lookup — use with /docs command and documentation-lookup skill (resolve-library-id, query-docs)."
}, },
"codescene": {
"command": "npx",
"args": ["-y", "@codescene/codehealth-mcp"],
"env": {
"CS_ACCESS_TOKEN": "YOUR_CS_ACCESS_TOKEN_HERE"
},
"description": "Optional. CodeScene Code Health MCP (community skill: codehealth-mcp). Not enabled by default — copy only if you opt in. Requires your own CS_ACCESS_TOKEN (no bundled credentials). See skills/codehealth-mcp/SKILL.md for data boundaries and failure behavior."
},
"magic": { "magic": {
"command": "npx", "command": "npx",
"args": ["-y", "@magicuidesign/mcp@latest"], "args": ["-y", "@magicuidesign/mcp@latest"],

166
skills/codehealth-mcp/SKILL.md Normal file
View File

@ -0,0 +1,166 @@
---
name: codehealth-mcp
description: Real-time structural Code Health via CodeScene MCP — review before edits, verify score deltas after changes, gate commits and PRs. Use when reviewing code quality, refactoring, checking if AI changes degraded a file, or before commit/PR.
origin: community
---
# Code Health MCP (CodeScene)
Structural maintainability feedback for AI-assisted coding. Complements style/lint skills (`coding-standards`, `plankton-code-quality`) with **design-level** health scores and regression gates.
**Upstream:** [codescene-oss/codescene-mcp-server](https://github.com/codescene-oss/codescene-mcp-server)
**Package:** `@codescene/codehealth-mcp` (stdio via npx)
## Security and boundaries
**Opt-in (ECC):** The `codescene` block in `mcp-configs/mcp-servers.json` is a template only. ECC plugin installs do not auto-enable bundled MCP servers. Copy the entry into your config only if you want it. You can exclude it during ECC install/sync with `ECC_DISABLED_MCPS=codescene,...`.
**Credentials:** No bundled token. Set `CS_ACCESS_TOKEN` yourself (see [getting-a-personal-access-token.md](https://github.com/codescene-oss/codescene-mcp-server/blob/main/docs/getting-a-personal-access-token.md) in the upstream repo). Never commit tokens to the repo.
**What the tools read:** When invoked, tools analyze files and git state **in the local repository** you point them at (paths you pass, plus branch context for `analyze_change_set`). They do not run by themselves. For standalone mode, follow upstream privacy docs: [codescene-mcp-server README](https://github.com/codescene-oss/codescene-mcp-server#frequently-asked-questions) and [CodeScene policies](https://codescene.com/policies). Do not use this skill for secrets, credentials, or paths you do not want analyzed.
**If the MCP is unavailable (offline, bad token, server crash):** Do not invent Code Health scores. Tell the user the check was skipped. Continue only with explicit user approval. Prefer lint/tests/verification-loop for gating when MCP is down. Re-enable checks once the server connects.
## When to Use
- User asks to **review code quality**, **refactor** a file, or check if **AI changes degraded** maintainability
- Before editing a **hotspot**, legacy module, or unfamiliar file
- Before **commit** or **pull request** when you need a maintainability safeguard
- After a large agent-written diff — verify Code Health did not regress
- Pair with `verification-loop`, `tdd-workflow`, or `/quality-gate` as a structural check (not a replacement for tests/lint)
## When to Activate
Same triggers as **When to Use** above — this heading is what ECC uses for skill auto-activation.
## How It Works
### 1. Connect the MCP server
Copy the `codescene` entry from `mcp-configs/mcp-servers.json` into your harness MCP config.
**Claude Code** (`~/.claude.json``mcpServers`):
```json
"codescene": {
"command": "npx",
"args": ["-y", "@codescene/codehealth-mcp"],
"env": {
"CS_ACCESS_TOKEN": "YOUR_CS_ACCESS_TOKEN_HERE"
}
}
```
**Project-scoped:** merge the same block into `.mcp.json` at the repo root.
Token setup is documented in the upstream repo (link above). Standalone mode does not require a paid CodeScene platform account for the four tools listed below. Restart the session and confirm the `codescene` server is connected before relying on scores.
### 2. Call standalone tools only
| Tool | When to use |
|------|-------------|
| `code_health_review` | Full structural analysis **before** modifying a file |
| `code_health_score` | Quick numeric score after each change (delta check) |
| `pre_commit_code_health_safeguard` | Block commits that introduce Code Health regressions |
| `analyze_change_set` | Branch-level check **before** opening a PR |
Do **not** call platform-only tools (e.g. repository-wide technical debt hotspot lists). Do **not** reference `delta_analysis` — not available on standalone.
### 3. Interpret scores (110)
| Range | Meaning | Agent behavior |
|-------|---------|----------------|
| **9.010.0** | Green — healthy | Safer to extend; still prefer vertical slices |
| **4.08.9** | Yellow — debt | Tread carefully; no drive-by refactors |
| **1.03.9** | Red — severe debt | Narrow scope only |
### 4. Run the feedback loop
**Before touching a file**
1. Run `code_health_review` on the target path.
2. Record baseline score and listed code smells.
3. Plan the smallest change that addresses the task.
Scope by score: **below 5** — minimal diff only; **57** — no broad refactors; **above 7** — safer to refactor, still verify after each edit.
**After each change**
1. Run `code_health_score` on the same file.
2. Compare to the baseline from `code_health_review`.
3. If the score **regressed**, fix before continuing. Never mark the task done while the score is lower than when you started.
**Before every commit** — run `pre_commit_code_health_safeguard` on the repository path.
**Before a PR** — run `analyze_change_set` against the base branch (e.g. `main`).
## Examples
### Example: Flask maintainability improvement
On `pallets/flask`, an agent loop using only standalone tools:
1. `code_health_review` on a target module (baseline **4.82**)
2. Targeted refactor addressing listed smells
3. `code_health_score` after each edit
4. `pre_commit_code_health_safeguard` before commit
5. `analyze_change_set` before PR
Result: Code Health **4.82 → 9.1** (free standalone token only).
### Example: AGENTS.md enforcement block
Paste into the project `AGENTS.md` or `CLAUDE.md`:
```md
## Code Health (CodeScene MCP)
Before modifying any file: run `code_health_review`, note score and issues.
- Score below 5: problematic range — scope changes narrowly.
- Score 57: warning range — no broad refactors.
After each change: run `code_health_score` to verify delta.
- If score regressed: fix before continuing; never declare done if score dropped.
Before every commit: run `pre_commit_code_health_safeguard`.
Before PR: run `analyze_change_set`.
```
### Example: anti-patterns vs correct loop
```markdown
# BAD: Edit first, check later
[large refactor without code_health_review]
# BAD: Ignore score drop
"Tests pass" → mark task done while Code Health decreased
# BAD: Broad refactor on red-score file (below 5)
Drive-by cleanup across the module
# GOOD: review → small change → score → commit safeguard → analyze_change_set
```
## Pairing with ECC
| ECC skill / flow | Code Health MCP role |
|------------------|----------------------|
| `coding-standards` | Style/naming; Code Health = structure/complexity |
| `plankton-code-quality` | Write-time lint/format; Code Health = pre/post edit structural gate |
| `verification-loop` / `/quality-gate` | Add structural regression check before "done" |
| `security-review` | Security vs maintainability — use both when relevant |
| `tdd-workflow` | Tests pass ≠ healthy design — check score after refactors |
**Context tip:** ECC recommends keeping MCP count low. Enable `codescene` when doing substantive edits; disable when not needed.
## Related Skills
- `coding-standards` — baseline conventions
- `plankton-code-quality` — write-time lint/format hooks
- `verification-loop` — build/test/lint gate
- `tdd-workflow` — test-first development
- `security-review` — security checklist
- `documentation-lookup` — library docs via Context7 (orthogonal)