Package Exports
- gap-analysis
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (gap-analysis) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
gap-analysis
One-command OpenAPI contract compliance audit. Reduces full audit from 30min to 8min. 9 mechanical checks (< 5s) + parallel LLM semantic analysis.
Install
npm (recommended — one command, easy updates)
# One-time setup: configure user-level npm prefix (avoids EACCES on Linux)
npm config set prefix ~/.npm-global
echo 'export PATH=~/.npm-global/bin:$PATH' >> ~/.bashrc
source ~/.bashrc
# Install
npm install -g gap-analysis
# Update anytime
npm update -g gap-analysisLinux users:
npm install -gdefaults to/usr/lib/node_modules/which requiressudo. The one-timenpm config set prefixabove moves global installs to your home directory — no root needed.
curl (no npm required)
curl -sSL https://raw.githubusercontent.com/your-username/gap-analysis/main/install.sh | bashgit clone (private repo)
git clone git@github.com:your-username/gap-analysis.git
bash gap-analysis/install.sh
rm -rf gap-analysisAll methods install to:
~/.gap-analysis/— shell scripts, output files, version info~/.gap-analysis/templates/— project config template~/.claude/skills/gap-analysis/— Claude Code slash command
Configure
Copy the template to your project root and edit:
cp ~/.gap-analysis/templates/gap-analysis.json ./gap-analysis.json{
"openapi_file": "contracts/openapi.yaml",
"controller_dirs": ["src/modules/"],
"prisma_schema": "prisma/schema.prisma",
"api_prefix": "/v1"
}Usage
Run from your project root:
Quick pre-scan (< 5 seconds)
gap-pre-scan # npm install
# or: bash ~/.gap-analysis/scripts/pre-scan.sh # curl/git installFull pipeline (mechanical only)
gap-run-all --phase1-only # npm install
# or: bash ~/.gap-analysis/scripts/run-all.sh --phase1-onlyFull audit in Claude Code
/gap-analysisRuns the complete Contract-First cycle: pre-scan → parallel LLM agents → gap report → fix plan → TASK.json → auto-implement.
CI mode
gap-run-all --ci --phase1-only # npm install
# or: bash ~/.gap-analysis/scripts/run-all.sh --ci --phase1-onlyExit codes:
0— all checks passed, no issues found1— P0/P1 issues found (requires--ciflag)2— prerequisite failure (missing OpenAPI file, Python deps, etc.)
Self-test
Verify that gap-analysis is working correctly on your system:
gap-self-test # npm install
# or: bash ~/.gap-analysis/scripts/lib/self-test.shRuns pre-scan and validates: exit cleanly, JSON output is valid, required keys exist, no unexpected errors.
What it checks
| # | Check | Type | Phase |
|---|---|---|---|
| 1 | Endpoint path/method matching | Mechanical | 1 |
| 2 | @Roles/@Public vs OpenAPI security | Mechanical | 1 |
| 3 | camelCase naming violations | Mechanical | 1 |
| 4 | || null falsy traps (number fields) |
Mechanical | 1 |
| 5 | pageSize @Max(200) validation | Mechanical | 1 |
| 6 | @HttpCode status code mismatches | Mechanical | 1 |
| 7 | Prisma BigInt vs OpenAPI integer | Mechanical | 1 |
| 8 | @ApiTags vs OpenAPI tags | Mechanical | 1 |
| 9 | DTO required vs schema required | Mechanical | 1 |
| 10 | Response body field completeness | LLM | 2 |
| 11 | Permission level reasonability | LLM | 2 |
| 12 | Error handling consistency | LLM | 2 |
Requirements
python3+pyyaml(pip install pyyaml)bash4+git(for install)- Claude Code (for
/gap-analysisslash command)
How it works
Phase 1: pre-scan.sh (< 5 sec)
9 mechanical checks → ~/.gap-analysis/scripts/.gap-pre-scan.json
Phase 2: parallel LLM agents (2-3 min, only if Phase 1 found issues)
3 agents analyze semantics in parallel → .gap-segment-{A,B,C}.md
Phase 3: merge-reports.sh (< 1 sec)
Combine Phase 1 JSON + Phase 2 segments → docs/verifications/project-gap-{ts}.mdSupported Frameworks
| Framework | Status | Auth Detection | Validation |
|---|---|---|---|
| NestJS | ✅ Full | @Roles/@Public/@ApiBearerAuth | class-validator decorators |
| Express | ✅ Full | passport.authenticate('jwt') | Zod schemas |
| Fastify | 🔜 Planned | — | — |
| Spring Boot | 🔜 Planned | — | — |
| FastAPI | 🔜 Planned | — | — |
Supported ORMs
| ORM | Status | BigInt Detection |
|---|---|---|
| Prisma | ✅ Full | BigInt in schema.prisma |
| TypeORM | ✅ Full | @Column({ type: 'bigint' }) |
| Drizzle | ✅ Full | bigint(), pgBigInt() |
| Mongoose | ✅ Full | BigInt, Schema.Types.Long |
| SQLAlchemy | 🔜 Planned | — |
| GORM | 🔜 Planned | — |
Configuration
See gap-analysis.json for all options. Key fields:
| Field | Default | Description |
|---|---|---|
framework |
nestjs |
Backend framework |
orm |
prisma |
ORM/database layer |
validation_lib |
nestjs |
Validation library (nestjs, zod) |
route_dirs |
["backend-typescript/src/modules/"] |
Directories containing route files |
route_pattern |
*.controller.ts |
Glob pattern for route files |
dto_dirs |
["backend-typescript/src/modules/"] |
Directories containing DTO files |