Stats
Actions
Tags
From pwdev-code
Query the audit trail database for events, decisions, artifacts, and statistics. Export full PDF report.
How this command is triggered — by the user, by Claude, or both
Slash command
/pwdev-code:audit [summary | events | decisions | artifacts | stats | export | query <SQL>]The summary Claude sees in its command listing — used to decide when to auto-load this command
# /pwdev-code:audit — Audit Trail Query ## Role Utility command that queries the SQLite audit database (`.planning/pwdev-audit.db`) and presents results in readable format. ## Pre-check 1. Read `.planning/config.json` — if `audit` is not `true`, stop with: - PT-BR: `Trilha de auditoria nao esta ativada. Execute /pwdev-code:init para habilitar.` - EN: `Audit trail is not enabled. Run /pwdev-code:init to enable it.` 2. Check if database exists: If NOT_FOUND, stop with: - PT-BR: `Banco de auditoria nao encontrado em .planning/pwdev-audit.db` - EN: `Audit database not fou...
Utility command that queries the SQLite audit database (.planning/pwdev-audit.db) and presents results in readable format.
Read .planning/config.json — if audit is not true, stop with:
Trilha de auditoria nao esta ativada. Execute /pwdev-code:init para habilitar.Audit trail is not enabled. Run /pwdev-code:init to enable it.Check if database exists:
[ -f ".planning/pwdev-audit.db" ] || echo "NOT_FOUND"
If NOT_FOUND, stop with:
Banco de auditoria nao encontrado em .planning/pwdev-audit.dbAudit database not found at .planning/pwdev-audit.dbVerify sqlite3 is available:
command -v sqlite3 >/dev/null 2>&1 || echo "NO_SQLITE3"
If NO_SQLITE3, stop with:
sqlite3 nao encontrado. Instale o SQLite para usar este comando.sqlite3 not found. Install SQLite to use this command.Read .planning/config.json for the lang field (pt-BR or en).
If set, use it silently. If not set, detect from $ARGUMENTS or ask:
"Em qual idioma deseja seguir? / Which language would you like to use? 1. Portugues (PT-BR) 2. English (EN)"
Save choice to .planning/config.json (merge, do not overwrite other fields).
All subsequent output follows the resolved language. Technical terms stay in English.
Parse $ARGUMENTS to determine the sub-command:
| Argument | Action |
|---|---|
(empty) or summary | Go to STEP 2 — Summary Dashboard |
events | Go to STEP 3 — Event Log |
decisions | Go to STEP 4 — Decision Log |
artifacts | Go to STEP 5 — Artifact Tracker |
stats | Go to STEP 6 — Statistics |
export | Go to STEP 7 — Export PDF Report |
query <SQL> | Go to STEP 8 — Custom Query |
If unrecognized, show help:
## /pwdev-code:audit
Available sub-commands:
summary — Dashboard with key metrics and recent activity (default)
events — Full event log with filters
decisions — All architectural/product decisions with rationale
artifacts — Files tracked by the framework
stats — Command frequency, durations, phase distribution
export — Generate a full PDF audit report
query <SQL> — Run a custom SQL query against the audit database
Examples:
/pwdev-code:audit
/pwdev-code:audit events
/pwdev-code:audit decisions
/pwdev-code:audit stats
/pwdev-code:audit export
/pwdev-code:audit query "SELECT * FROM events WHERE action='failed'"
Run the following queries:
# Total events
sqlite3 .planning/pwdev-audit.db "SELECT COUNT(*) FROM events;"
# Events by action
sqlite3 .planning/pwdev-audit.db "SELECT action, COUNT(*) as count FROM events GROUP BY action ORDER BY count DESC;"
# Last 10 events
sqlite3 -header -column .planning/pwdev-audit.db "SELECT timestamp, plugin, command, agent, action, target FROM events ORDER BY timestamp DESC LIMIT 10;"
# Total decisions
sqlite3 .planning/pwdev-audit.db "SELECT COUNT(*) FROM decisions;"
# Active artifacts count
sqlite3 .planning/pwdev-audit.db "SELECT COUNT(*) FROM artifacts WHERE status='active';"
# Failed commands (if any)
sqlite3 -header -column .planning/pwdev-audit.db "SELECT timestamp, plugin, command, detail FROM events WHERE action='failed' ORDER BY timestamp DESC LIMIT 5;"
# Config changes count
sqlite3 .planning/pwdev-audit.db "SELECT COUNT(*) FROM config_changes;"
Present as:
## Audit Trail — Summary
**Total events:** N | **Decisions:** N | **Active artifacts:** N | **Config changes:** N
### Events by Action
| Action | Count |
|--------|-------|
| completed | N |
| started | N |
| ... | ... |
### Last 10 Events
| Timestamp | Plugin | Command | Agent | Action | Target |
|-----------|--------|---------|-------|--------|--------|
| ... | ... | ... | ... | ... | ... |
### Failed Commands (last 5)
[None | table]
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT id, timestamp, plugin, command, agent, model, phase, action, target,
SUBSTR(detail, 1, 80) as detail_preview
FROM events
ORDER BY timestamp DESC
LIMIT 50;
"
Present as a formatted table. If there are more than 50 events, note:
Mostrando os 50 eventos mais recentes. Use /pwdev-code:audit query para consultas customizadas.Showing the 50 most recent events. Use /pwdev-code:audit query for custom queries.sqlite3 -header -column .planning/pwdev-audit.db "
SELECT d.id, d.timestamp, d.phase, d.decision, d.rationale,
d.alternatives, CASE d.reversible WHEN 1 THEN 'Yes' ELSE 'No' END as reversible
FROM decisions d
ORDER BY d.timestamp DESC;
"
Present as:
## Decisions
| # | Timestamp | Phase | Decision | Rationale | Alternatives | Reversible |
|---|-----------|-------|----------|-----------|--------------|------------|
| ... | ... | ... | ... | ... | ... | ... |
If no decisions, note:
Nenhuma decisao registrada na trilha de auditoria.No decisions recorded in the audit trail.# Active artifacts grouped by type
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT type, COUNT(*) as count
FROM artifacts
WHERE status='active'
GROUP BY type
ORDER BY count DESC;
"
# Full artifact list
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT id, path, type, phase, status, created_at, archived_at
FROM artifacts
ORDER BY created_at DESC;
"
Present as:
## Artifacts
### By Type
| Type | Count |
|------|-------|
| ... | ... |
### All Artifacts
| Path | Type | Phase | Status | Created | Archived |
|------|------|-------|--------|---------|----------|
| ... | ... | ... | ... | ... | ... |
# Command frequency
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT command, COUNT(*) as runs
FROM events
WHERE action='completed'
GROUP BY command
ORDER BY runs DESC;
"
# Average duration per command (when available)
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT command, COUNT(*) as runs,
ROUND(AVG(duration_ms)/1000.0, 1) as avg_sec,
ROUND(MIN(duration_ms)/1000.0, 1) as min_sec,
ROUND(MAX(duration_ms)/1000.0, 1) as max_sec
FROM events
WHERE duration_ms IS NOT NULL AND action='completed'
GROUP BY command
ORDER BY avg_sec DESC;
"
# Events by phase
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT phase, COUNT(*) as count
FROM events
WHERE phase IS NOT NULL
GROUP BY phase
ORDER BY count DESC;
"
# Events by plugin
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT plugin, COUNT(*) as count
FROM events
GROUP BY plugin
ORDER BY count DESC;
"
# Activity timeline (events per day, last 14 days)
sqlite3 -header -column .planning/pwdev-audit.db "
SELECT DATE(timestamp) as day, COUNT(*) as events
FROM events
WHERE timestamp >= datetime('now', '-14 days')
GROUP BY day
ORDER BY day DESC;
"
# Success rate
sqlite3 .planning/pwdev-audit.db "
SELECT
ROUND(100.0 * SUM(CASE WHEN action='completed' THEN 1 ELSE 0 END) / COUNT(*), 1) as success_pct,
SUM(CASE WHEN action='completed' THEN 1 ELSE 0 END) as completed,
SUM(CASE WHEN action='failed' THEN 1 ELSE 0 END) as failed
FROM events
WHERE action IN ('completed', 'failed');
"
Present as:
## Statistics
### Command Frequency
| Command | Runs |
|---------|------|
| ... | ... |
### Performance (avg duration)
| Command | Runs | Avg (s) | Min (s) | Max (s) |
|---------|------|---------|---------|---------|
| ... | ... | ... | ... | ... |
### Events by Phase
| Phase | Count |
|-------|-------|
| ... | ... |
### Events by Plugin
| Plugin | Count |
|--------|-------|
| ... | ... |
### Activity (last 14 days)
| Day | Events |
|-----|--------|
| ... | ... |
### Success Rate
**N%** (N completed / N failed)
Generate a comprehensive audit report as PDF.
command -v python3 >/dev/null 2>&1 && python3 -c "import weasyprint" 2>/dev/null && echo "WEASYPRINT_OK"
command -v python3 >/dev/null 2>&1 && python3 -c "import markdown" 2>/dev/null && echo "MARKDOWN_OK"
command -v pandoc >/dev/null 2>&1 && echo "PANDOC_OK"
command -v wkhtmltopdf >/dev/null 2>&1 && echo "WKHTMLTOPDF_OK"
Determine the PDF generation strategy based on available tools (in priority order):
pandoc availablepython3 + weasyprint + markdown availablewkhtmltopdf availableIf no PDF tool is available, inform:
Nenhuma ferramenta de PDF encontrada. Gerando relatorio em Markdown. Para PDF, instale: pandoc (recomendado), weasyprint, ou wkhtmltopdf.No PDF tool found. Generating Markdown report. For PDF, install: pandoc (recommended), weasyprint, or wkhtmltopdf.Run all queries from STEP 2 (Summary), STEP 3 (Events), STEP 4 (Decisions), STEP 5 (Artifacts), and STEP 6 (Statistics) and store results.
Additionally, collect project metadata:
# Project name (from git or directory)
basename "$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
# Current date
date +"%Y-%m-%d %H:%M"
# Total time span of audit data
sqlite3 .planning/pwdev-audit.db "SELECT MIN(timestamp) || ' to ' || MAX(timestamp) FROM events;"
# Git branch
git branch --show-current 2>/dev/null
Write the full report to .planning/audit-report.md:
# Audit Trail Report
**Project:** {project_name}
**Branch:** {branch}
**Generated:** {current_date}
**Period:** {first_event_date} to {last_event_date}
**Language:** {lang}
---
## 1. Executive Summary
- **Total events:** {count}
- **Total decisions:** {count}
- **Active artifacts:** {count}
- **Configuration changes:** {count}
- **Success rate:** {pct}% ({completed} completed / {failed} failed)
### Events by Action
| Action | Count |
|--------|-------|
{rows}
---
## 2. Activity Timeline (last 14 days)
| Day | Events |
|-----|--------|
{rows}
---
## 3. Event Log (last 50)
| # | Timestamp | Plugin | Command | Agent | Phase | Action | Target |
|---|-----------|--------|---------|-------|-------|--------|--------|
{rows}
---
## 4. Decisions
| # | Timestamp | Phase | Decision | Rationale | Alternatives | Reversible |
|---|-----------|-------|----------|-----------|--------------|------------|
{rows}
---
## 5. Artifacts
### By Type
| Type | Count |
|------|-------|
{rows}
### All Artifacts
| Path | Type | Phase | Status | Created |
|------|------|-------|--------|---------|
{rows}
---
## 6. Statistics
### Command Frequency
| Command | Runs |
|---------|------|
{rows}
### Performance
| Command | Runs | Avg (s) | Min (s) | Max (s) |
|---------|------|---------|---------|---------|
{rows}
### Events by Phase
| Phase | Count |
|-------|-------|
{rows}
### Events by Plugin
| Plugin | Count |
|--------|-------|
{rows}
---
## 7. Failed Commands
| Timestamp | Plugin | Command | Agent | Detail |
|-----------|--------|---------|-------|--------|
{rows}
---
## 8. Configuration Change History
| Timestamp | Field | Old Value | New Value | Changed By |
|-----------|-------|-----------|-----------|------------|
{rows}
---
*Report generated by /pwdev-code:audit export*
Based on the available tool detected in STEP 7.1:
Option 1 — pandoc:
pandoc .planning/audit-report.md \
-o .planning/audit-report.pdf \
--pdf-engine=pdflatex \
-V geometry:margin=2cm \
-V fontsize=10pt \
-V mainfont="Inter" \
--highlight-style=tango \
2>/dev/null || \
pandoc .planning/audit-report.md \
-o .planning/audit-report.pdf \
-V geometry:margin=2cm \
-V fontsize=10pt \
2>/dev/null
If pdflatex is not available, try with wkhtmltopdf engine:
pandoc .planning/audit-report.md \
-o .planning/audit-report.pdf \
--pdf-engine=wkhtmltopdf \
2>/dev/null
Option 2 — weasyprint:
python3 -c "
import markdown, weasyprint
with open('.planning/audit-report.md', 'r') as f:
md_content = f.read()
html = markdown.markdown(md_content, extensions=['tables', 'fenced_code'])
styled_html = '''<!DOCTYPE html>
<html><head><meta charset=\"utf-8\">
<style>
body { font-family: Inter, system-ui, sans-serif; font-size: 10pt; margin: 2cm; color: #1a1a1a; line-height: 1.5; }
h1 { font-size: 20pt; border-bottom: 2px solid #333; padding-bottom: 8px; }
h2 { font-size: 14pt; color: #333; margin-top: 24px; border-bottom: 1px solid #ddd; padding-bottom: 4px; }
h3 { font-size: 11pt; color: #555; }
table { border-collapse: collapse; width: 100%; margin: 12px 0; font-size: 9pt; }
th { background: #f4f4f5; font-weight: 600; text-align: left; padding: 6px 10px; border: 1px solid #ddd; }
td { padding: 5px 10px; border: 1px solid #eee; }
tr:nth-child(even) { background: #fafafa; }
code { background: #f4f4f5; padding: 1px 4px; border-radius: 3px; font-size: 9pt; }
hr { border: none; border-top: 1px solid #eee; margin: 20px 0; }
strong { color: #111; }
</style>
</head><body>''' + html + '</body></html>'
weasyprint.HTML(string=styled_html).write_pdf('.planning/audit-report.pdf')
"
Option 3 — wkhtmltopdf:
python3 -c "
import markdown
with open('.planning/audit-report.md', 'r') as f:
md_content = f.read()
html = markdown.markdown(md_content, extensions=['tables', 'fenced_code'])
styled_html = '''<!DOCTYPE html>
<html><head><meta charset=\"utf-8\">
<style>
body { font-family: Inter, system-ui, sans-serif; font-size: 10pt; margin: 0; color: #1a1a1a; line-height: 1.5; }
h1 { font-size: 20pt; border-bottom: 2px solid #333; padding-bottom: 8px; }
h2 { font-size: 14pt; color: #333; margin-top: 24px; border-bottom: 1px solid #ddd; padding-bottom: 4px; }
table { border-collapse: collapse; width: 100%; margin: 12px 0; font-size: 9pt; }
th { background: #f4f4f5; font-weight: 600; text-align: left; padding: 6px 10px; border: 1px solid #ddd; }
td { padding: 5px 10px; border: 1px solid #eee; }
tr:nth-child(even) { background: #fafafa; }
</style>
</head><body>''' + html + '</body></html>'
with open('.planning/audit-report.html', 'w') as f:
f.write(styled_html)
" && wkhtmltopdf --quiet --margin-top 20mm --margin-bottom 20mm --margin-left 20mm --margin-right 20mm .planning/audit-report.html .planning/audit-report.pdf && rm -f .planning/audit-report.html
Fallback — Markdown only:
Skip PDF generation. The .planning/audit-report.md file is still available.
Check if PDF was generated:
[ -f ".planning/audit-report.pdf" ] && echo "PDF_OK" || echo "PDF_FAIL"
If PDF_OK:
Relatorio de auditoria gerado com sucesso:Audit report generated successfully: - PDF: .planning/audit-report.pdf
- Markdown: .planning/audit-report.md
If PDF_FAIL (but Markdown exists):
Falha ao gerar PDF. Relatorio disponivel em Markdown: .planning/audit-report.mdPDF generation failed. Report available as Markdown: .planning/audit-report.mdEnsure both files are in .gitignore:
if ! grep -q "audit-report" .gitignore 2>/dev/null; then
echo -e "\n# Audit reports (not versioned)\n.planning/audit-report.md\n.planning/audit-report.pdf" >> .gitignore
fi
Extract the SQL from $ARGUMENTS after query .
Safety rules:
SELECT statements. If the query starts with INSERT, UPDATE, DELETE, DROP, ALTER, CREATE, or PRAGMA, reject with:
Apenas consultas SELECT sao permitidas. O banco de auditoria e somente leitura.Only SELECT queries are allowed. The audit database is read-only.Execute:
sqlite3 -header -column .planning/pwdev-audit.db "<USER_SQL>"
Present the raw result in a formatted table. If the query fails, show the SQLite error message.
### Tables: events, decisions, artifacts, config_changes
**events columns:** id, timestamp, session_id, plugin, command, agent, model, phase, action, target, detail, duration_ms
**decisions columns:** id, event_id, timestamp, phase, decision, rationale, alternatives, reversible
**artifacts columns:** id, event_id, path, type, phase, status, created_at, archived_at
**config_changes columns:** id, timestamp, field, old_value, new_value, changed_by
After presenting results, log this query:
[ -f ".planning/pwdev-audit.db" ] && sqlite3 .planning/pwdev-audit.db "INSERT INTO events (plugin, command, action, detail) VALUES ('pwdev-code', 'audit', 'completed', '{\"sub_command\": \"$SUB_COMMAND\"}');" 2>/dev/null
npx claudepluginhub pwdev-solucoes/pwdev-claude-marketplace --plugin pwdev-code/auditLogs and labels agent interactions (prompts, responses, tool calls) to an append-only JSONL file. Subcommands: record and label.
/auditAudits UI code against design system for spacing, depth, color, and pattern violations. Reports file-specific issues and suggestions. Supports path argument or defaults to common UI paths.
/auditAudits an existing asset for on-page SEO, content quality (CORE-EEAT), technical SEO, AI-visibility/GEO readiness, and domain authority. Also supports --full, --tech, --visibility, --authority, and --competitors flags.
/auditPerforms security audit of codebase for dependency vulnerabilities, secrets, OWASP Top 10, input validation, auth issues, and misconfigs. Outputs findings report by severity with fixes and references.
/auditRuns a heavy-weight security and safety audit on Rust projects using os-checker tools. Checks for CVEs, unsafe code issues, undefined behavior, and concurrency bugs. Supports security, safety, concurrency, and full audit modes.
/auditPerforms security audit on codebase or specified target, checking dependency vulnerabilities, auth, input validation, data exposure, configs, and secrets. Outputs prioritized findings with remediation steps.