Fdc 05 feat/parity and dx

.cursor/skills/framework-doctor/SKILL.md

@@ -14,7 +14,7 @@ metadata:
 
 Scans your frontend codebase for security, performance, correctness, and architecture issues. Auto-detects Svelte or React from `package.json`. Outputs a 0-100 score with actionable diagnostics.
 
-**Supported:** Svelte, React, Vue (Angular coming soon)
+**Supported:** Svelte, React, Vue, Angular
 
 ## IMPORTANT: Run After Making Changes
 
@@ -30,7 +30,10 @@ Scan project?
 ├─ Svelte only → npx -y @framework-doctor/svelte . --verbose --diff
 ├─ React only → npx -y @framework-doctor/react . --verbose --diff
 ├─ Vue only → npx -y @framework-doctor/vue . --verbose --diff
-├─ Flags (verbose, diff, score) → references/cli/commands.md
+├─ CI / tooling → npx -y @framework-doctor/cli . --format json -y
+├─ Watch mode → npx -y @framework-doctor/cli . --watch
+├─ Auto-fix (Svelte, React) → npx -y @framework-doctor/svelte . --fix
+├─ Flags (verbose, diff, score, format, fix, audit) → references/cli/commands.md
 └─ What gets checked → references/checks/RULE.md
 ```
 
@@ -113,14 +116,14 @@ setTimeout(refreshData, 5000);
 
 ## Reference Index
 
-| Topic                                                     | Purpose                                                       |
-| --------------------------------------------------------- | ------------------------------------------------------------- |
-| [cli/RULE.md](./references/cli/RULE.md)                   | Usage overview, unified vs framework-specific CLI             |
-| [cli/commands.md](./references/cli/commands.md)           | Flags: --verbose, --diff, --score                             |
-| [checks/RULE.md](./references/checks/RULE.md)             | What the doctor checks (security, svelte-check, knip, oxlint) |
-| [security/RULE.md](./references/security/RULE.md)         | Security patterns overview                                    |
-| [security/svelte.md](./references/security/svelte.md)     | Svelte-specific security ({@html}, javascript: URLs)          |
-| [security/patterns.md](./references/security/patterns.md) | WRONG/CORRECT patterns (eval, URLs, sanitization)             |
-| [svelte/RULE.md](./references/svelte/RULE.md)             | Svelte guidance overview                                      |
-| [svelte/migration.md](./references/svelte/migration.md)   | Svelte 5 migration ($props, $effect, {@render})               |
-| [react/RULE.md](./references/react/RULE.md)               | React guidance overview                                       |
+| Topic                                                     | Purpose                                                                      |
+| --------------------------------------------------------- | ---------------------------------------------------------------------------- |
+| [cli/RULE.md](./references/cli/RULE.md)                   | Usage overview, unified vs framework-specific CLI                            |
+| [cli/commands.md](./references/cli/commands.md)           | Flags: --verbose, --diff, --score, --format json, --watch, --fix, --no-audit |
+| [checks/RULE.md](./references/checks/RULE.md)             | What the doctor checks (security, svelte-check, knip, oxlint)                |
+| [security/RULE.md](./references/security/RULE.md)         | Security patterns overview                                                   |
+| [security/svelte.md](./references/security/svelte.md)     | Svelte-specific security ({@html}, javascript: URLs)                         |
+| [security/patterns.md](./references/security/patterns.md) | WRONG/CORRECT patterns (eval, URLs, sanitization)                            |
+| [svelte/RULE.md](./references/svelte/RULE.md)             | Svelte guidance overview                                                     |
+| [svelte/migration.md](./references/svelte/migration.md)   | Svelte 5 migration ($props, $effect, {@render})                              |
+| [react/RULE.md](./references/react/RULE.md)               | React guidance overview                                                      |

.cursor/skills/framework-doctor/references/cli/RULE.md

@@ -32,4 +32,4 @@ npx -y @framework-doctor/react .
 
 ## Flags
 
-See [commands.md](./commands.md) for --verbose, --diff, --score, and other options.
+See [commands.md](./commands.md) for --verbose, --diff, --score, --format json, --watch, --fix, --no-audit, and other options.

.cursor/skills/framework-doctor/references/cli/commands.md

@@ -2,21 +2,31 @@
 
 ## Common Flags
 
-| Flag            | Description                              | Example                                             |
-| --------------- | ---------------------------------------- | --------------------------------------------------- |
-| `--verbose`     | Show file-level details per rule         | `npx -y @framework-doctor/cli . --verbose`          |
-| `--diff`        | Scan only changed files (vs base branch) | `npx -y @framework-doctor/cli . --diff`             |
-| `--diff <base>` | Scan only changed files vs specific base | `npx -y @framework-doctor/cli . --diff origin/main` |
-| `--score`       | Output only the score (no details)       | `npx -y @framework-doctor/cli . --score`            |
+| Flag            | Description                               | Example                                             |
+| --------------- | ----------------------------------------- | --------------------------------------------------- |
+| `--verbose`     | Show file-level details per rule          | `npx -y @framework-doctor/cli . --verbose`          |
+| `--diff`        | Scan only changed files (vs base branch)  | `npx -y @framework-doctor/cli . --diff`             |
+| `--diff <base>` | Scan only changed files vs specific base  | `npx -y @framework-doctor/cli . --diff origin/main` |
+| `--score`       | Output only the score (no details)        | `npx -y @framework-doctor/cli . --score`            |
+| `--format json` | Machine-readable JSON output (CI/tooling) | `npx -y @framework-doctor/cli . --format json -y`   |
+| `--watch`       | Re-scan on file changes                   | `npx -y @framework-doctor/cli . --watch`            |
+| `--fix`         | Auto-fix lint issues (Svelte, React)      | `npx -y @framework-doctor/svelte . --fix`           |
+| `--no-audit`    | Skip dependency vulnerability audit       | `npx -y @framework-doctor/cli . --no-audit`         |
 
 ## Recommended Usage
 
 ```bash
 # Full scan with details
 npx -y @framework-doctor/cli . --verbose --diff
+
+# CI: machine-readable output
+npx -y @framework-doctor/cli . --format json -y
+
+# Development: watch and re-scan on changes
+npx -y @framework-doctor/cli . --watch
 ```
 
-Use `--diff` to speed up scans by only checking changed files. Use `--verbose` to see which files trigger each rule.
+Use `--diff` to speed up scans by only checking changed files. Use `--verbose` to see which files trigger each rule. Use `--format json` for CI or scripted parsing.
 
 ## Exit Codes
 

.github/workflows/framework-doctor-scan.yml

@@ -0,0 +1,42 @@
+name: Framework Doctor Scan
+
+on:
+  workflow_call:
+    inputs:
+      directory:
+        type: string
+        description: 'Project directory to scan'
+        required: false
+        default: '.'
+      fail-on-low-score:
+        type: string
+        description: 'Fail if score below threshold'
+        required: false
+        default: 'false'
+      score-threshold:
+        type: string
+        description: 'Minimum score when fail-on-low-score is true'
+        required: false
+        default: '0'
+      post-to-pr:
+        type: string
+        description: 'Post score to PR comment'
+        required: false
+        default: 'false'
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      pull-requests: write
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Run Framework Doctor
+        uses: pitis/framework-doctor@main
+        with:
+          directory: ${{ inputs.directory }}
+          fail-on-low-score: ${{ inputs.fail-on-low-score }}
+          score-threshold: ${{ inputs.score-threshold }}
+          post-to-pr: ${{ inputs.post-to-pr }}

.github/workflows/framework-doctor.yml

@@ -0,0 +1,33 @@
+name: Framework Doctor
+
+on:
+  push:
+    branches: [main, master]
+  workflow_dispatch:
+
+jobs:
+  scan-examples:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        example: [svelte/demo-app, react/demo-app, vue/demo-app, angular/demo-app]
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: pnpm/action-setup@v4
+        with:
+          version: 10
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'pnpm'
+
+      - name: Install dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build
+        run: pnpm build
+
+      - name: Run Framework Doctor (${{ matrix.example }})
+        run: pnpm exec framework-doctor examples/${{ matrix.example }} --format json -y

README.md

@@ -41,19 +41,23 @@ See [examples/README.md](examples/README.md) for more demo projects and commands
 
 - `npx -y @framework-doctor/cli .` - auto-detect framework and run the right doctor
 - `npx -y @framework-doctor/cli ./path/to/project` - scan a specific project directory
+- `npx -y @framework-doctor/cli . --watch` - re-scan on file changes
 
 **React (direct):**
 
 - `npx -y @framework-doctor/react .` - run a full scan
 - `npx -y @framework-doctor/react ./path/to/project` - scan a specific project directory
 - `npx -y @framework-doctor/react . --verbose` - include file and line details
 - `npx -y @framework-doctor/react . --score` - print only the numeric score (CI-friendly)
+- `npx -y @framework-doctor/react . --format json` - machine-readable output
+- `npx -y @framework-doctor/react . --fix` - auto-fix lint issues
 
 **Vue (direct):**
 
 - `npx -y @framework-doctor/vue .` - run a full scan
 - `npx -y @framework-doctor/vue . --verbose` - include file and line details
 - `npx -y @framework-doctor/vue . --score` - print only the numeric score (CI-friendly)
+- `npx -y @framework-doctor/vue . --format json` - machine-readable output
 - `npx -y @framework-doctor/vue . --diff main` - scan only files changed against `main`.
 - `npx -y @framework-doctor/vue . --project web` - select a specific workspace package.
 
@@ -63,6 +67,8 @@ See [examples/README.md](examples/README.md) for more demo projects and commands
 - `npx -y @framework-doctor/svelte ./path/to/project` - scan a specific project directory
 - `npx -y @framework-doctor/svelte . --verbose` - include file and line details.
 - `npx -y @framework-doctor/svelte . --score` - print only the numeric score (CI-friendly).
+- `npx -y @framework-doctor/svelte . --format json` - machine-readable output.
+- `npx -y @framework-doctor/svelte . --fix` - auto-fix JS/TS lint issues.
 - `npx -y @framework-doctor/svelte . --no-js-ts-lint` - only run Svelte checks (skip JS/TS linting).
 - `npx -y @framework-doctor/svelte . --diff main` - scan only files changed against `main`.
 - `npx -y @framework-doctor/svelte . --project web` - select a specific workspace package.
@@ -73,6 +79,7 @@ See [examples/README.md](examples/README.md) for more demo projects and commands
 - `npx -y @framework-doctor/angular ./path/to/project` - scan a specific project directory
 - `npx -y @framework-doctor/angular . --verbose` - include file and line details
 - `npx -y @framework-doctor/angular . --score` - print only the numeric score (CI-friendly)
+- `npx -y @framework-doctor/angular . --format json` - machine-readable output
 - `npx -y @framework-doctor/angular . --diff main` - scan only files changed against `main`
 - `npx -y @framework-doctor/angular . --project my-app` - select a specific workspace project
 
@@ -88,6 +95,9 @@ Options:
   --no-lint           skip lint diagnostics
   --no-js-ts-lint     skip JavaScript/TypeScript lint diagnostics
   --no-dead-code      skip dead code detection
+  --no-audit          skip dependency vulnerability audit
+  --fix               auto-fix lint issues where possible
+  --format <format>   output format: text or json
   --verbose           show file details per rule
   --score             output only the score
   -y, --yes           skip prompts
@@ -98,9 +108,11 @@ Options:
   -h, --help          display help for command
 ```
 
-React doctor options: `--no-lint`, `--no-dead-code`, `--verbose`, `--score`, `--no-analytics`, `--project`, `--diff`, `--offline`. See [packages/react-doctor/README.md](packages/react-doctor/README.md).
+React doctor options: `--no-lint`, `--no-dead-code`, `--no-audit`, `--fix`, `--format json`, `--verbose`, `--score`, `--no-analytics`, `--project`, `--diff`, `--offline`. See [packages/react-doctor/README.md](packages/react-doctor/README.md).
 
-Angular doctor options: `--no-lint`, `--no-dead-code`, `--verbose`, `--score`, `--no-analytics`, `--project`, `--diff`, `--offline`. See [packages/angular-doctor/README.md](packages/angular-doctor/README.md).
+Vue doctor options: `--no-lint`, `--no-dead-code`, `--no-audit`, `--format json`, `--verbose`, `--score`, `--no-analytics`, `--project`, `--diff`, `--offline`. See [packages/vue-doctor/README.md](packages/vue-doctor/README.md).
+
+Angular doctor options: `--no-lint`, `--no-dead-code`, `--no-audit`, `--format json`, `--verbose`, `--score`, `--no-analytics`, `--project`, `--diff`, `--offline`. See [packages/angular-doctor/README.md](packages/angular-doctor/README.md).
 
 ## Security checks
 
@@ -120,7 +132,27 @@ The doctors optionally send anonymous usage data when you opt in. Data is stored
 
 ## Configuration
 
-Create `svelte-doctor.config.json`:
+### Unified config (`framework-doctor.config.json`)
+
+Shared config for monorepos with multiple frameworks. Supports top-level shared options and framework sections:
+
+```json
+{
+  "ignore": {
+    "files": ["src/generated/**"]
+  },
+  "verbose": false,
+  "analytics": true,
+  "svelteDoctor": { "jsTsLint": false },
+  "reactDoctor": { "lint": true },
+  "vueDoctor": {},
+  "angularDoctor": {}
+}
+```
+
+### Framework-specific config
+
+Create `svelte-doctor.config.json` (or `vue-doctor.config.json`, etc.):
 
 ```json
 {
@@ -131,6 +163,7 @@ Create `svelte-doctor.config.json`:
   "lint": true,
   "jsTsLint": true,
   "deadCode": true,
+  "audit": true,
   "verbose": false,
   "diff": false,
   "analytics": true
@@ -146,3 +179,57 @@ Or use `package.json`:
   }
 }
 ```
+
+Framework-specific config overrides the unified config.
+
+## Machine-readable output
+
+Use `--format json` for CI or tooling integration:
+
+```bash
+npx -y @framework-doctor/cli . --format json -y
+```
+
+Output includes: `doctor`, `version`, `diagnostics`, `scoreResult`, `totalFilesScanned`, `elapsedMilliseconds`, `skippedChecks`.
+
+## Watch mode
+
+Re-scan on file changes during development:
+
+```bash
+npx -y @framework-doctor/cli . --watch
+```
+
+## Dependency audit
+
+By default, the doctor runs `pnpm audit` and reports high or critical vulnerabilities. Use `--no-audit` to skip.
+
+## GitHub Action
+
+Add Framework Doctor to your CI. Other projects can use the action or reusable workflow on their PRs:
+
+**Action** (checkout required beforehand):
+
+```yaml
+- uses: actions/checkout@v4
+- uses: pitis/framework-doctor@main
+  with:
+    directory: .
+    fail-on-low-score: 'true'
+    score-threshold: '80'
+    post-to-pr: 'true'
+```
+
+**Reusable workflow** (checks out repo, runs `npx @framework-doctor/cli .`):
+
+```yaml
+jobs:
+  framework-doctor:
+    uses: pitis/framework-doctor/.github/workflows/framework-doctor-scan.yml@main
+    with:
+      post-to-pr: 'true'
+      fail-on-low-score: 'true'
+      score-threshold: '80'
+```
+
+Options: `directory`, `fail-on-low-score`, `score-threshold`, `post-to-pr`.