kazuph/code-coupling-analysis
claude/skills/code-coupling-analysis/SKILL.md
Analyze code coupling using Vlad Khononov's Balanced Coupling framework. Generates interactive HTML reports with D3.js dependency graphs. Use when analyzing architecture health, identifying risky dependencies, or preparing for refactoring decisions. Language-agnostic design.
$ install --global
skillsauthnpx skillsauth add kazuph/dotfiles code-coupling-analysisInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:52 PM1.8s1 file scanned
SKILL.md
- name:
- code-coupling-analysis
- description:
- |
Coupling Analysis Skill
Analyze code coupling across three dimensions and generate actionable HTML reports.
Framework: Balanced Coupling (Vlad Khononov)
Three key dimensions determine coupling risk:
1. Integration Strength (How tightly modules connect)
| Level | Score | Detection Pattern | |-------|-------|-------------------| | Intrusive | 1.00 | Direct property access, internal state manipulation | | Functional | 0.75 | Function/component usage, hooks, methods | | Model | 0.50 | Data type imports, interfaces used as data | | Contract | 0.25 | Pure interface/type imports |
2. Distance (Where dependencies live)
| Level | Score | Detection Pattern |
|-------|-------|-------------------|
| Same Module | 0.25 | Same directory (./Component) |
| Sibling Module | 0.50 | Sibling directory (../utils) |
| Distant Module | 0.75 | Different top-level (@/contexts, ~/lib) |
| External | 1.00 | External packages (react, lodash) |
3. Volatility (Change frequency from Git history)
| Level | Score | Changes (6 months) | |-------|-------|-------------------| | Low | 0.00 | 0-2 changes | | Medium | 0.50 | 3-10 changes | | High | 1.00 | 11+ changes |
Balance Score Formula
balance = (strength × volatility) × 0.6 + |strength - (1 - distance)| × 0.4
Interpretation:
- 0.0 - 0.2: Well balanced (ideal)
- 0.2 - 0.4: Acceptable
- 0.4 - 0.6: Needs attention
- 0.6+: Risky, consider refactoring
Execution Steps
Step 1: Identify Target Directory and Language
Determine the primary language by checking for:
tsconfig.jsonor*.ts/*.tsx→ TypeScriptpyproject.tomlor*.py→ Pythongo.modor*.go→ GoCargo.tomlor*.rs→ Rustpackage.jsonwith*.js/*.jsx→ JavaScript
Step 2: Gather File List
# TypeScript/JavaScript
find . -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.jsx" \) \
-not -path "*/node_modules/*" \
-not -path "*/.git/*" \
-not -name "*.d.ts" \
-not -name "*.stories.*" \
-not -name "*.test.*" \
-not -name "*.spec.*"
# Python
find . -type f -name "*.py" \
-not -path "*/.venv/*" \
-not -path "*/venv/*" \
-not -path "*/__pycache__/*" \
-not -name "*_test.py" \
-not -name "test_*.py"
# Go
find . -type f -name "*.go" \
-not -path "*/vendor/*" \
-not -name "*_test.go"
Step 3: Extract Import Dependencies
For each source file, extract imports using language-specific patterns:
TypeScript/JavaScript:
import\s+(?:(?:\{[^}]+\}|\*\s+as\s+\w+|\w+)\s+from\s+)?['"]([^'"]+)['"]
Python:
(?:from\s+(\S+)\s+import|import\s+(\S+))
Go:
import\s+(?:\w+\s+)?["']([^"']+)["']
Step 4: Calculate Git Volatility
# Get change count for each file (last 6 months)
git log --since="6 months ago" --name-only --pretty=format: -- "*.ts" "*.tsx" | \
grep -v '^$' | sort | uniq -c | sort -rn
Step 5: Analyze Each Coupling
For each import relationship:
- Determine strength from import pattern
- Calculate distance from file paths
- Look up volatility from git history
- Compute balance score
Step 6: Generate HTML Report
The report MUST include these sections:
Summary Statistics Card
- Total files analyzed
- Total couplings found
- Average strength, distance, volatility
- Overall balance score with color indicator
Most Frequently Changed Files
- Top 10 files by change count
- Badge indicating volatility level (High/Medium/Low)
Two-Column Layout
Left Column:
-
Risky Couplings (score ≥ 0.4) with:
- Score badge
- Volatility indicator
- Strength type
- File path → dependency path
- Warning box explaining WHY it's risky
- Action box with specific refactoring suggestions
-
Well-Balanced Couplings (score < 0.2) with:
- Score badge
- Pattern explanation
Right Column:
- D3.js Force-Directed Dependency Graph:
- Nodes colored by volatility (red=high, yellow=medium, green=low)
- Node size by dependency count
- Edges showing coupling relationships
- Filters for strength and volatility
- Zoom and pan support
Legend Section
- Strength levels with scores
- Distance levels with scores
- Balance score interpretation guide
Step 7: Provide "So What?" Context
Every metric MUST include explanatory text:
BAD (raw numbers only):
Average Strength: 0.74
GOOD (with context):
Average Strength: 0.74
→ Component usage is central (Functional level)
→ Most dependencies are function/hook calls, not loose contracts
Output Location
Save the HTML report to:
<project-root>/coupling-analysis.html
Or if analyzing a specific package:
<package-dir>/coupling-analysis.html
Example Insights to Include
For AuthContext-like patterns (high volatility + many dependents):
⚠️ Warning: AuthContextは16回変更されており、12以上のファイルから依存されています。
変更のたびに広範囲に影響が及ぶリスクがあります。
💡 Action:
- 認証状態(isAuthenticated)と認証操作(signIn/signOut)を分離検討
- 状態のみのuseAuthStateと操作のみのuseAuthActionsに分割
- カスタムフックで必要な部分だけを公開
Anti-Patterns to Detect
- God Module: Single file with 10+ dependents AND high volatility
- Shotgun Surgery: One change requires modifying many files
- Distant Intrusive: High strength (0.75+) combined with high distance (0.75+)
- Volatile Core: Core utilities with 10+ changes in 6 months
Report Quality Checklist
- [ ] Two-column responsive layout
- [ ] D3.js interactive graph with filters
- [ ] Every metric has "So What?" explanation
- [ ] Risky couplings have Warning + Action boxes
- [ ] Color-coded badges (red/yellow/green)
- [ ] Dark theme (GitHub-style)
- [ ] Japanese explanations for Japanese codebases
- [ ] Mobile-responsive design
Related Skills
kazuph/xurl
tools
VerifiedTrustedCommunity
X (Twitter) API read-only CLI. Bookmarks retrieval, tweet search, engagement analytics (likes/RT aggregation), mentions, user lookup. Use when: reading X bookmarks, searching tweets, aggregating likes/retweets, checking mentions, looking up users. Triggers: bookmark, bookmarks, X search, Twitter search, likes count, RT count, engagement, tweet analytics.
15SKILL.mdUpdated Apr 19, 2026
kazuph/unit-test-tatsujin
testing
VerifiedTrustedCommunity
単体テスト方針の要約。Kiro流で使うときは本文を必ず参照・展開する。
15SKILL.mdUpdated Apr 19, 2026
kazuph/tmux-pane-commander
tools
VerifiedTrustedCommunity
Send prompts to other AI CLIs (Codex, Claude Code) running in sibling tmux panes and receive results back. Use this skill when the user asks to send a question or task to Codex or another Claude Code instance in a tmux pane. Handles pane discovery, CLI startup if needed, prompt delivery with proper Enter timing, delivery verification, and result return via tmux send-keys.
15SKILL.mdUpdated Apr 19, 2026
kazuph/takt
data-ai
VerifiedTrustedCommunity
TAKT ピースエンジン。Agent Team を使ったマルチエージェントオーケストレーション。ピースYAMLワークフローに従ってマルチエージェントを実行する。
15SKILL.mdUpdated Apr 16, 2026