agent/pkg/lib/task/dependency-audit.yaml

name: Dependency Audit
description: Find code that rolls its own instead of using framework packages
category: audit

variables:
  focus:
    description: Specific area to focus on (e.g. filesystem, logging, process management)
    required: false

guidelines:
  - Check imports for stdlib usage where a core package exists
  - The framework packages are the canonical implementations
  - Flag but don't fix — report only

phases:
  - name: Framework Package Check
    description: Identify stdlib usage that should use core packages
    tasks:
      - "Check for raw os.ReadFile/os.WriteFile/os.MkdirAll — should use go-io Medium"
      - "Check for raw log.Printf/log.Println — should use go-log"
      - "Check for raw exec.Command — should use go-process"
      - "Check for raw http.Client without timeouts — should use shared client patterns"
      - "Check for raw json.Marshal/Unmarshal of config — should use core/config"
      - "Check for raw filepath.Walk — should use go-io Medium"

  - name: Duplicate Implementation Check
    description: Find re-implementations of existing framework functionality
    tasks:
      - "Search for custom error types — should extend go-log error patterns"
      - "Search for custom retry/backoff logic — should use shared patterns"
      - "Search for custom rate limiting — should use go-ratelimit"
      - "Search for custom caching — should use go-cache"
      - "Search for custom store/persistence — should use go-store"
      - "Search for custom WebSocket handling — should use go-ws Hub"

  - name: Report
    description: Document findings with file:line references
    tasks:
      - "List each violation with file:line, what it does, and which core package should replace it"
      - "Rank by impact — packages with many consumers are higher priority"
      - "Note any cases where the framework package genuinely doesn't cover the use case"
feat(templates): add 5 audit templates for self-healing codebase New scan templates: - dependency-audit: find code rolling its own vs using framework - dead-code: unreachable functions, unused exports, orphaned files - test-gaps: untested functions, missing error path coverage - api-consistency: endpoint naming, response shapes, error formats - doc-sync: documentation vs code drift Co-Authored-By: Virgil <virgil@lethean.io> 2026-03-15 18:33:52 +00:00			`name: Dependency Audit`
			`description: Find code that rolls its own instead of using framework packages`
			`category: audit`

			`variables:`
			`focus:`
			`description: Specific area to focus on (e.g. filesystem, logging, process management)`
			`required: false`

			`guidelines:`
			`- Check imports for stdlib usage where a core package exists`
			`- The framework packages are the canonical implementations`
			`- Flag but don't fix — report only`

			`phases:`
			`- name: Framework Package Check`
			`description: Identify stdlib usage that should use core packages`
			`tasks:`
			`- "Check for raw os.ReadFile/os.WriteFile/os.MkdirAll — should use go-io Medium"`
			`- "Check for raw log.Printf/log.Println — should use go-log"`
			`- "Check for raw exec.Command — should use go-process"`
			`- "Check for raw http.Client without timeouts — should use shared client patterns"`
			`- "Check for raw json.Marshal/Unmarshal of config — should use core/config"`
			`- "Check for raw filepath.Walk — should use go-io Medium"`

			`- name: Duplicate Implementation Check`
			`description: Find re-implementations of existing framework functionality`
			`tasks:`
			`- "Search for custom error types — should extend go-log error patterns"`
			`- "Search for custom retry/backoff logic — should use shared patterns"`
			`- "Search for custom rate limiting — should use go-ratelimit"`
			`- "Search for custom caching — should use go-cache"`
			`- "Search for custom store/persistence — should use go-store"`
			`- "Search for custom WebSocket handling — should use go-ws Hub"`

			`- name: Report`
			`description: Document findings with file:line references`
			`tasks:`
			`- "List each violation with file:line, what it does, and which core package should replace it"`
			`- "Rank by impact — packages with many consumers are higher priority"`
			`- "Note any cases where the framework package genuinely doesn't cover the use case"`