code-hardcode-audit

# Code Hardcode Audit

## When to Use This Skill

Use this skill when the user mentions:

- "hardcoded values", "hardcodes", "magic numbers"
- "constant detection", "find constants"
- "duplicate constants", "DRY violations"
- "code audit", "hardcode audit"
- "PLR2004", "semgrep", "jscpd", "gitleaks"
- "secret scanning", "leaked secrets", "API keys"
- "passwords in code", "credential leaks"

## Quick Start

```bash
# Full audit (all tools, both outputs)
uv run --script scripts/audit_hardcodes.py -- src/

# Python magic numbers only (fastest)
uv run --script scripts/run_ruff_plr.py -- src/

# Pattern-based detection (URLs, ports, paths)
uv run --script scripts/run_semgrep.py -- src/

# Copy-paste detection
uv run --script scripts/run_jscpd.py -- src/

# Secret scanning (API keys, tokens, passwords)
uv run --script scripts/run_gitleaks.py -- src/
```

## Tool Overview

| Tool             | Detection Focus                 | Language Support | Speed  |
| ---------------- | ------------------------------- | ---------------- | ------ |
| **Ruff PLR2004** | Magic value comparisons         | Python           | Fast   |
| **Semgrep**      | URLs, ports, paths, credentials | Multi-language   | Medium |
| **jscpd**        | Duplicate code blocks           | Multi-language   | Slow   |
| **gitleaks**     | Secrets, API keys, passwords    | Any (file-based) | Fast   |

## Output Formats

### JSON (--output json)

```json
{
  "summary": {
    "total_findings": 42,
    "by_tool": { "ruff": 15, "semgrep": 20, "jscpd": 7 },
    "by_severity": { "high": 5, "medium": 25, "low": 12 }
  },
  "findings": [
    {
      "id": "MAGIC-001",
      "tool": "ruff",
      "rule": "PLR2004",
      "file": "src/config.py",
      "line": 42,
      "column": 8,
      "message": "Magic value used in comparison: 8123",
      "severity": "medium",
      "suggested_fix": "Extract to named constant"
    }
  ],
  "refactoring_plan": [
    {
      "priority": 1,
      "action": "Create constants/ports.py",