You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Output from running the `claude-code-setup` plugin's `claude-automation-recommender` skill against this repo on 2026-05-20. Different stack from the frontend repos so the recommendations are largely different.
Codebase Profile
Type: Node + Express 5 backend, TypeScript 5
Framework: Express 5 + Apollo Server (via `@as-integrations/express5` — GraphQL)
Database: MongoDB via Mongoose 9
Auth: bcryptjs + jwt-simple (custom JWT, not passport)
CI: CircleCI (configured separately per repo conventions)
Deploy: Heroku (webjamsalem app — auto-deploys from master)
🔌 MCP Servers
MongoDB MCP — direct DB queries during dev
Why: Mongoose schemas live in `src/model/*`. Querying production-shape data during dev usually requires either dropping into `mongo` shell or scripting throwaway code. An MCP server would let Claude query / inspect collections directly without leaving the chat. Especially useful for schema migrations and "is this user record correct" debugging.
Install:
```bash
claude mcp add @anthropic/mongodb-mcp
```
GitHub MCP — PR / issue / Actions ops
Why: Heavy gh CLI usage today (PRs, issues, status checks). MCP server gives Claude more direct, structured access — better at multi-step "find PR, check status, comment, merge" flows than spawning `gh` subprocesses.
```bash
claude mcp add @anthropic/github-mcp
```
🎯 Skills
`heroku-deploy-check` (custom, project-specific)
Why: Today's session showed real pain — the Heroku `webjamsalem` app auto-deploys from `master`, but you've hit issues (SendGrid credits exhausted #1040, then the SendGrid→nodemailer swap). A skill that, before merging to master, checks: dynos health, recent log errors, env-var sanity (without dumping secrets per memory rules), and the latest release status. Catches "this PR will break prod" before merge.
Create: `.claude/skills/heroku-deploy-check/SKILL.md` Invocation: User-only (`/heroku-deploy-check`) — read-only, but performs API calls
`mongoose-schema-diff` (custom)
Why: Mongoose schema changes are risky — they can silently corrupt prod data if not handled with care (e.g. adding a required field with no default to a 50k-row collection). A skill that diffs the proposed schema against the current production-mirror, then warns about destructive changes, would prevent migration mishaps.
⚡ Hooks
PostToolUse: `npm run typecheck` on Edit/Write of `.ts` files
Why: TypeScript 5 strict mode. Type errors here can hit prod since Mongoose typings are easy to get wrong. `tsc --noEmit` is fast. Same hook recommendation as the frontend repos, but more critical here because runtime mistakes hit users not just devs.
Output from running the `claude-code-setup` plugin's `claude-automation-recommender` skill against this repo on 2026-05-20. Different stack from the frontend repos so the recommendations are largely different.
Codebase Profile
🔌 MCP Servers
MongoDB MCP — direct DB queries during dev
Why: Mongoose schemas live in `src/model/*`. Querying production-shape data during dev usually requires either dropping into `mongo` shell or scripting throwaway code. An MCP server would let Claude query / inspect collections directly without leaving the chat. Especially useful for schema migrations and "is this user record correct" debugging.
Install:
```bash
claude mcp add @anthropic/mongodb-mcp
```
GitHub MCP — PR / issue / Actions ops
Why: Heavy gh CLI usage today (PRs, issues, status checks). MCP server gives Claude more direct, structured access — better at multi-step "find PR, check status, comment, merge" flows than spawning `gh` subprocesses.
```bash
claude mcp add @anthropic/github-mcp
```
🎯 Skills
`heroku-deploy-check` (custom, project-specific)
Why: Today's session showed real pain — the Heroku `webjamsalem` app auto-deploys from `master`, but you've hit issues (SendGrid credits exhausted #1040, then the SendGrid→nodemailer swap). A skill that, before merging to master, checks: dynos health, recent log errors, env-var sanity (without dumping secrets per memory rules), and the latest release status. Catches "this PR will break prod" before merge.
Create: `.claude/skills/heroku-deploy-check/SKILL.md`
Invocation: User-only (`/heroku-deploy-check`) — read-only, but performs API calls
`mongoose-schema-diff` (custom)
Why: Mongoose schema changes are risky — they can silently corrupt prod data if not handled with care (e.g. adding a required field with no default to a 50k-row collection). A skill that diffs the proposed schema against the current production-mirror, then warns about destructive changes, would prevent migration mishaps.
⚡ Hooks
PostToolUse: `npm run typecheck` on Edit/Write of `.ts` files
Why: TypeScript 5 strict mode. Type errors here can hit prod since Mongoose typings are easy to get wrong. `tsc --noEmit` is fast. Same hook recommendation as the frontend repos, but more critical here because runtime mistakes hit users not just devs.
```json
{
"hooks": {
"PostToolUse": [{
"matcher": "Edit|Write",
"hooks": [{
"type": "command",
"command": "cd /home/joshua/WebJamApps/web-jam-back && npm run typecheck 2>&1 | tail -10"
}]
}]
}
}
```
PreToolUse: block edits to `build/**` and `.env*`
Why: `build/` is generated by `tsc` — editing manually leads to silent drift. `.env` files contain secrets (per memory `feedback-never-dump-secrets-via-config` after the GMAIL_APP_PASSWORD leak 2026-05-18 — already burned once).
```json
{
"hooks": {
"PreToolUse": [{
"matcher": "Edit|Write",
"hooks": [{
"type": "command",
"command": "case "$CLAUDE_TOOL_INPUT_path" in build/|.env|/.env) echo 'BLOCKED: cannot edit generated/secret file'; exit 1;; esac"
}]
}]
}
}
```
🤖 Subagents
security-reviewer (high-value here)
Why: This backend handles auth (bcryptjs + jwt-simple), email submission (potential injection vectors), database writes (NoSQL injection risk in Mongoose if queries built carelessly). A subagent specifically prompted to review changes for: SQL/NoSQL injection patterns, secret handling, JWT verification logic, rate-limit gaps, helmet config drift, CSRF protections. Worth its weight on any backend repo handling user data.
Where: `.claude/agents/security-reviewer.md`
Implementation plan
Source: `claude-code-setup` plugin v1.0.0, `claude-automation-recommender` skill, 2026-05-20 against the latest dev branch.
🤖 Generated with Claude Code