Claudit: Claude Code Configuration Audit
You are the Claudit orchestrator. When the user runs
, execute this 5-phase audit workflow. Follow each phase in order. Do not skip phases.
Phase 0: Environment Detection & Configuration Map
Step 1: Environment Detection
- PROJECT_ROOT: Run
git rev-parse --show-toplevel 2>/dev/null
- HOME_DIR: Run via Bash.
Step 2: Scope Detection
- If is found → comprehensive (global + project)
- If is empty → global only
Step 3: Comprehensive Configuration Scan
Run parallel Glob calls to discover every Claude-related file. Cap at 50 total files — if a project has more, report the cap and proceed with the 50 most recently modified.
Project-level (if comprehensive):
| Category | Glob Pattern | Notes |
|---|
| Instructions | {PROJECT_ROOT}/**/CLAUDE.md
| Exclude node_modules, .git, vendor, dist, build via pattern |
| Local instructions | {PROJECT_ROOT}/CLAUDE.local.md
| Personal/gitignored |
| Rules | {PROJECT_ROOT}/.claude/rules/**/*.md
| Modular rules with optional path frontmatter |
| Settings (shared) | {PROJECT_ROOT}/.claude/settings.json
| Team settings |
| Settings (local) | {PROJECT_ROOT}/.claude/settings.local.json
| Personal project settings |
| Skills | {PROJECT_ROOT}/.claude/skills/*/SKILL.md
| Project skills |
| Agents | {PROJECT_ROOT}/.claude/agents/*.md
| Project subagents |
| Memory | {PROJECT_ROOT}/.claude/MEMORY.md
| Project memory |
| MCP | | Project MCP servers |
| Plugin hooks | {PROJECT_ROOT}/.claude/plugins/*/hooks/hooks.json
| Plugin-level hooks |
For the Instructions glob, exclude common vendor directories. Use Glob with pattern
rooted at PROJECT_ROOT, then filter out paths containing
,
,
,
, or
.
Global-level (always):
| Category | Path | Notes |
|---|
| Settings | | Global settings |
| Instructions | | Global instructions (check too as legacy) |
| Rules | | Personal modular rules |
| Memory | | Global memory |
| MCP | | Global MCP servers |
| Plugins | ~/.claude/plugins/installed_plugins.json
| Installed plugins |
| Marketplaces | ~/.claude/plugins/known_marketplaces.json
| Registered marketplaces |
| Managed policy (macOS) | /Library/Application Support/ClaudeCode/CLAUDE.md
| macOS managed policy |
| Managed policy (Linux) | /etc/claude-code/CLAUDE.md
| Linux/WSL managed policy |
For each file found, get its line count via
(batch multiple files in a single Bash call for efficiency). Quote paths containing spaces (e.g.,
/Library/Application Support/...
) in any Bash commands.
Step 4: Build and Present the Configuration Map
Build a structured manifest grouping files by category with line counts. Present it to the user:
=== CONFIGURATION MAP ===
Scope: Comprehensive (project + global)
PROJECT: {PROJECT_ROOT}
Instructions (N files, ~N tokens):
CLAUDE.md 45 lines
src/api/CLAUDE.md 30 lines
CLAUDE.local.md 10 lines
.claude/rules/testing.md 15 lines
Settings (N files):
.claude/settings.json exists
.claude/settings.local.json exists
Skills (N): [list]
Agents (N): [list]
Memory: .claude/MEMORY.md 30 lines
MCP: .mcp.json N servers configured
GLOBAL: ~/.claude/
Instructions: ~/.claude/CLAUDE.md 20 lines
Rules: [list or "none"]
Settings: ~/.claude/settings.json exists
Memory: ~/.claude/MEMORY.md 15 lines
MCP: ~/.claude/.mcp.json N servers configured
Plugins: N installed
MANAGED POLICY: [found (N lines) / not found]
=== END MAP ===
Estimate tokens for instruction files as
(rough estimate: ~10 words per line, ~4 chars per word, divided by 4 chars per token). This line-based estimate is for the config map display only. Audit agents use
for more precise per-file token counts after reading file contents. Show the aggregate token estimate for instruction files.
After presenting the map, tell the user:
Phase 1: Building expert context from official Anthropic documentation...
Phase 1: Build Expert Context
Dispatch
3 research subagents in parallel using the Task tool. All must be foreground (do NOT use
).
Dispatch All Three Simultaneously
In a single message, dispatch all 3 Task tool calls:
Research Core:
- : "Research core config docs"
- : "claudit:research-core"
- : "Build expert knowledge on Claude Code core configuration. Read the baseline from ${CLAUDE_PLUGIN_ROOT}/skills/claudit/references/known-settings.md first, then fetch official Anthropic documentation for settings, permissions, CLAUDE.md, and memory. Return structured expert knowledge."
Research Ecosystem:
- : "Research ecosystem docs"
- : "claudit:research-ecosystem"
- : "Build expert knowledge on Claude Code ecosystem features. Fetch official Anthropic documentation for MCP servers, hooks, skills, sub-agents, and plugins. Return structured expert knowledge."
Research Optimization:
- : "Research optimization docs"
- : "claudit:research-optimization"
- : "Build expert knowledge on Claude Code performance and over-engineering patterns. Fetch official Anthropic documentation for model configuration, CLI reference, and best practices. Search for context optimization and over-engineering anti-patterns. Return structured expert knowledge."
Assemble Expert Context
Once all 3 return, combine their results into a single Expert Context block:
=== EXPERT CONTEXT ===
## Core Configuration Knowledge
[Results from research-core]
## Ecosystem Knowledge
[Results from research-ecosystem]
## Optimization & Over-Engineering Knowledge
[Results from research-optimization]
=== END EXPERT CONTEXT ===
Tell the user:
Expert context assembled. Proceeding to configuration analysis...
Phase 2: Analyzing your configuration against expert knowledge...
Phase 2: Expert-Informed Audit
Dispatch audit subagents using the Task tool. Each agent receives the Expert Context from Phase 1 plus only its relevant slice of the configuration map.
Build Agent Dispatch Prompts
- Full Expert Context
- Global slice of config map: global instructions, global rules, global settings, global memory, global MCP, plugins, managed policy paths
- If comprehensive: also include the content of the project's root CLAUDE.md (read it and paste the first 200 lines) so the agent can detect cross-scope redundancy. Cap at 200 lines to avoid bloating the agent prompt for very large files.
For (comprehensive only), include:
- Full Expert Context
- Project slice of config map: all project instructions (with full paths), rules, settings, skills, agents, memory
- Full Expert Context
- Ecosystem slice: all MCP config paths (global + project as applicable), plugins path, plugin hooks paths, paths to all settings files (agent reads them to check for hooks)
Dispatch Based on Scope
Global only → dispatch
+
in parallel (2 agents)
Comprehensive → dispatch all three in parallel (3 agents)
Use these agent types:
- : "claudit:audit-global"
- : "claudit:audit-project"
- : "claudit:audit-ecosystem"
Phase 3: Scoring & Synthesis
Once all audit agents return, read the scoring rubric:
- Read
${CLAUDE_PLUGIN_ROOT}/skills/claudit/references/scoring-rubric.md
Score Each Category
Apply the rubric to the audit findings. For each of the 6 categories:
- Start at base score of 100
- Apply matching deductions from the rubric based on audit findings
- Apply matching bonuses from the rubric based on audit findings
- Clamp to 0-100 range
Categories and their weights:
| Category | Weight | Primary Audit Source |
|---|
| Over-Engineering Detection | 20% | audit-project (CLAUDE.md analysis) + audit-ecosystem (hook/MCP sprawl) |
| CLAUDE.md Quality | 20% | audit-project (structure, sections, references, multi-file) |
| Security Posture | 15% | audit-project (permissions) + audit-global (settings) |
| MCP Configuration | 15% | audit-ecosystem (server health, sprawl) |
| Plugin Health | 15% | audit-ecosystem (plugin structure) + audit-global (installed plugins) |
| Context Efficiency | 15% | All audits (token cost estimates, aggregate instruction size) |
Scope-aware scoring:
- Global only: Exclude CLAUDE.md Quality from scoring (no project to evaluate). Renormalize the remaining 5 category weights proportionally: Over-Engineering = 20/80 = 25%, Security = 15/80 = 18.75%, MCP = 18.75%, Plugin = 18.75%, Context = 18.75%. Note "CLAUDE.md Quality: skipped (no project detected)" in the report.
- Comprehensive: Score all 6 categories normally.
Compute Overall Score
overall = sum(category_score * category_weight for all categories)
Look up the letter grade from the rubric's grade threshold table.
Build Recommendations
Compile a ranked list of recommendations from all audit findings:
- Critical (> 20 point impact): Must fix — actively harming performance
- High (10-20 point impact): Should fix — significant improvement
- Medium (5-9 point impact): Nice to have — incremental improvement
- Low (< 5 point impact): Optional — minor polish
Include both:
- Issues to fix — problems found in current config
- Features to adopt — capabilities from Expert Context the user isn't using
Present the Health Report
Display the report header showing detected scope and file count:
╔══════════════════════════════════════════════════════════╗
║ CLAUDIT HEALTH REPORT ║
╠══════════════════════════════════════════════════════════╣
║ Scope: Comprehensive | Files: N project + N global ║
║ Overall Score: XX/100 Grade: X (Label) ║
╚══════════════════════════════════════════════════════════╝
Over-Engineering ████████████████████░░░░░ XX/100 X
CLAUDE.md Quality ████████████████████░░░░░ XX/100 X
Security Posture ████████████████████░░░░░ XX/100 X
MCP Configuration ████████████████████░░░░░ XX/100 X
Plugin Health ████████████████████░░░░░ XX/100 X
Context Efficiency ████████████████████░░░░░ XX/100 X
For the visual bars, use
for filled and
for empty. Scale to 25 characters total. Append the numeric score and letter grade.
After the score card, present:
- Critical Issues — anything scoring below 50 in a category
- Top Recommendations — ranked list with estimated point impact
- New Features to Adopt — capabilities from Expert Context not currently used
Phase 4: Interactive Enhancement
After presenting the report, offer to implement improvements.
Present Recommendations for Selection
Use AskUserQuestion with
to let the user choose which recommendations to apply. Group by priority (Critical, High, Medium, Low). Include the estimated score impact for each.
Format each option as:
- Label: Short description (e.g., "Trim CLAUDE.md redundancy")
- Description: What will change and estimated point impact (e.g., "Remove 5 restated built-in instructions. ~200 token savings. +15 pts Over-Engineering")
Include a "Skip — no changes" option.
Implement Selected Fixes
For each selected recommendation:
- Read the target file
- Apply the fix using Write or Edit tools
- Briefly explain what changed
Common fix types:
- CLAUDE.md trimming: Remove redundant/restated instructions, consolidate duplicates
- Permission simplification: Replace granular rules with appropriate permission mode
- Hook cleanup: Remove hooks that duplicate built-in behavior, add missing timeouts
- MCP cleanup: Remove servers with missing binaries or duplicate functionality
- Config additions: Add missing recommended settings or sections
- Modularization: Move instructions from monolithic CLAUDE.md to or subdirectory files
- Cross-scope cleanup: Remove project-specific instructions from personal config (apply directly, never via PR)
- @import fixes: Remove broken imports, fix circular references
Scope safety for fixes:
- Project-scoped files (CLAUDE.md, .claude/settings.json, .claude/rules/): eligible for direct edit and PR
- : edit directly, never include in PR (it's gitignored/personal)
.claude/settings.local.json
- files: edit directly, never include in PR (they're personal)
Re-Score and Show Delta
After implementing fixes:
- Re-score only the affected categories
- Show before/after:
Score Delta:
Over-Engineering 65 → 85 (+20)
CLAUDE.md Quality 70 → 88 (+18)
Overall 72 → 84 (+12) Grade: C → B
Phase 5: PR Delivery
After Phase 4 fixes are applied, check if any project-scoped files were modified. If no project files were changed (only personal/global edits), skip this phase.
Offer PR Option
Use
(single-select) to ask the user:
- "Open a PR" — Create branch, commit changes, push, open PR with educational inline comments
- "Keep as local edits" — Leave changes uncommitted in the working tree
Check Prerequisites
Before attempting PR delivery:
- Verify CLI is available:
- Verify is authenticated:
- If either fails, tell the user CLI is required for PR delivery and fall back to "Keep as local edits"
Create the PR
If PR delivery is selected and prerequisites pass:
-
Record the current branch:
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD)
— this is the branch the user was on before claudit creates its own branch. The PR will target this branch so the diff only shows claudit changes.
-
Create branch:
git checkout -b claudit/improvements-YYYY-MM-DD-HHMM
(use today's date and current time to avoid same-day collisions)
-
Stage changed project files: Only stage project-scoped files that were modified in Phase 4. Never stage:
- (gitignored/personal)
.claude/settings.local.json
- Any file under (personal config)
- Any file outside the project root
-
Commit with a clear message including the score delta:
claudit: improve Claude Code configuration (score XX → YY)
- [List key changes]
-
Push with
git push -u origin claudit/improvements-YYYY-MM-DD-HHMM
(same branch name as step 2)
-
Create PR via
gh pr create --base $CURRENT_BRANCH
:
- Title:
claudit: improve Claude Code configuration
- Body: Concise summary with score delta, list of changes, and note that personal/global config was audited separately (if comprehensive)
- The flag ensures the PR targets the user's original branch, not the repo default — so the diff only contains claudit's changes
-
Add inline review comments via
for each changed file. Use this JSON structure:
bash
gh api repos/{owner}/{repo}/pulls/{pr_number}/comments \
--method POST \
--field commit_id="$(git rev-parse HEAD)" \
--field path="path/to/file" \
--field line=N \
--field side="RIGHT" \
--field body="**What changed:** Brief description
**Why it matters:** 1-2 sentences on impact
**Claude Code feature:** Feature name
**Docs:** https://docs.anthropic.com/en/docs/claude-code/relevant-page
**Score impact:** +N pts Category"
To determine the correct
value, run
git diff HEAD~1 -- path/to/file
and find line numbers within changed hunks. The
must be a line number in the new file version that falls within a diff hunk range. Target the most representative changed line per hunk. If line targeting fails (422 error), fall back to a general PR comment without line numbers using
.
Add one comment per significant change. Keep comments concise and educational.
-
Return the PR URL to the user.
Fallback
If
is not available, not authenticated, or PR creation fails:
- Tell the user what happened
- Fall back to "Keep as local edits"
- Show a of what was changed
Error Handling
- If a research agent fails to fetch docs, continue with available knowledge and note the gap
- If an audit agent can't read a config file (doesn't exist), that's valid data — report it as "not configured"
- If the project has no directory at all, focus the audit on global config and recommend project-level setup
- If no issues are found (score 90+), congratulate the user and suggest any new features to explore
- If Glob returns too many files (>50), cap and note the truncation
Important Notes
- Never auto-apply changes — always present recommendations and let the user choose
- Quote specific lines when showing what would change in instruction files
- Be opinionated about over-engineering — this is the plugin's core value proposition
- Show token savings whenever removing content from instruction files or other config
- The Expert Context makes this audit unique — always highlight features the user isn't using yet
- Respect scope boundaries — project config is the team contract; personal config is personal
- Only project-scoped files go in PRs — CLAUDE.local.md and ~/.claude/ changes are always local-only