v1.16.2 candidate — Free & Open Source

Safely improve your
Claude Code setup

Audit your repo. See what's missing. Apply only what you approve — with rollback for every change. Existing config is always preserved.

$ npx @nerviq/cli Copy
No install needed. Node.js 18+. Zero dependencies. Core workflows run locally, and benchmark uses an isolated temp copy.
No-write
Discovery & audit
Selective
Apply only what you approve
Rollback
Every change is reversible
Isolated
Benchmark on temp copy
85 audit checks • 16 domain packs • 26 MCP packs • 30 stacks • Backed by 1,107 catalog entries from CLAUDEX
New here?
Start with the quick scan
Read-only. Nothing changes. See the top 3 fixes and one clear next command.
npx @nerviq/cli --lite
Need proof artifacts?
Save structured snapshots as you improve the repo
Use the same artifact path for audit, augment, benchmark, and governance evidence.
npx @nerviq/cli --snapshot

How it works

Three steps to a safer Claude Code rollout.

1

Discover

Scan the repo, score readiness, and see the highest-value next actions before changing anything.

npx @nerviq/cli
2

Plan

Export proposal bundles with file previews, rationale, risk labels, and create, patch, or manual-review classification.

npx @nerviq/cli plan
3

Apply

Apply only the proposal bundles you want and get rollback + activity artifacts for every write batch.

npx @nerviq/cli apply
Before
10
No CLAUDE.md
No hooks or automation
No slash commands
No verification loop
No architecture diagram
No secrets protection
After setup
78
Smart CLAUDE.md with Mermaid
PreToolUse + PostToolUse hooks
/test, /review, /fix, /deploy
Security reviewer agent
Stack-specific rules
XML constraints + verification

See it in action

~/my-project
$ npx @nerviq/cli

nerviq audit
═════════════════════════════════════
Detected: Node.js

██████████████████░░ 92/100

✅ Passing
CLAUDE.md project instructions
Mermaid architecture diagram
Hooks (PreToolUse + PostToolUse + SessionStart)
Custom slash commands
XML constraint blocks + few-shot examples
Secrets protection configured

⚡ Top 5 Next Actions
1. Has Dockerfile
Why: Add a Dockerfile for containerized builds and deployments.
Trace: failed-check:dockerfile | impact:medium | category:devops
Risk: low | Confidence: medium
Fix: Add a Dockerfile for containerized builds and deployments.

🔵 6 more recommendations (use --verbose)

─────────────────────────────────────
67/85 checks passing (2 not applicable)
Next command: npx @nerviq/cli augment

Pick the mode that fits your situation

Start with read-only discovery. Go deeper only when you're ready.

🔍 Audit

Score 0-100 against 85 checks. Detects framework, recommends domain packs, and surfaces a traceable Top 5 Next Actions list before any write happens.

npx @nerviq/cli

🧩 Proposal Bundles

Export plan files with rationale, file previews, diff-style output, and create, patch, or manual-review classification.

npx @nerviq/cli plan

🤖 Claude-Native Skill

Ship a first `audit-repo` skill template so teams can run nerviq from inside Claude Code, not only from a separate terminal.

.claude/skills/audit-repo

🛠️ Smart Setup

Generates CLAUDE.md from your scripts and stack, reads pyproject.toml for Python projects, creates Mermaid diagrams, and adds safer defaults.

npx @nerviq/cli setup

✅ Selective Apply

Apply only the ready proposal bundles you want. Every batch emits rollback and activity artifacts under .nerviq/.

npx @nerviq/cli apply

🛡️ Governance

Permission profiles, hook registry, domain packs, MCP packs, policy packs, and a pilot rollout kit for security-conscious teams.

npx @nerviq/cli governance

📈 Benchmark

Measure before/after impact in an isolated temp copy and export deltas, workflow evidence, and a markdown or JSON report.

npx @nerviq/cli benchmark

🔄 CI Action

GitHub Action that audits every PR. Set a minimum score threshold. Fail the build if standards drop.

uses: nerviq/nerviq@v1.16.1
More modes: interactive wizard, watch, badge, deep-review

🧙 Interactive Wizard

Step-by-step guided tour. Pick what to fix, skip what you don't need.

npx @nerviq/cli interactive

👁️ Watch Mode

Live monitoring. Re-audits on every config change in real time.

npx @nerviq/cli watch

🏅 Badge

Generate a shields.io badge for your README.

npx @nerviq/cli badge

🧠 Deep Review

AI-assisted feedback for mature setups. Requires API key and explicit opt-in.

npx @nerviq/cli deep-review

Smart CLAUDE.md generation

Not a generic template. Actually analyzes your project.

Detects your scripts

Reads package.json and includes your actual test, build, lint, and dev commands.

Framework-aware

Next.js Server Components, Django models, FastAPI Pydantic, React hooks — each gets specific guidelines.

TypeScript-aware

Detects strict mode, adds TS-specific rules. No @ts-ignore without tracking.

Auto Mermaid diagram

Scans your directories and generates an architecture diagram. More token-efficient than prose (per Anthropic docs).

XML constraint blocks

Adds <constraints> and <verification> blocks with context-aware rules.

Verification criteria

Auto-generates a checklist based on your actual test, lint, and build commands.

85 checks across 14 categories

Every check is backed by tested research from the CLAUDEX catalog.

📋

CLAUDE.md Critical

Project instructions Claude reads every session

Verification Critical

Test/lint commands so Claude checks its own work

🔒

Secrets Protection Critical

Block .env reads, deny rules for sensitive files

Hooks High

PreToolUse + PostToolUse automation

🔷

Mermaid Diagram High

Architecture visualization. More token-efficient than prose

🏷️

XML Tags High

Structured prompts with clearer constraints and verification blocks

Commands High

Custom /test, /deploy, /review, /fix

🔍

Security Review High

Built-in OWASP Top 10 scanning

🛡️

Agents Medium

Security reviewer, test writer subagents

📐

Rules Medium

Path-specific conventions per file type

🧩

Skills Medium

On-demand domain knowledge

🔌

MCP Servers Medium

Context7, database, and API integrations

Auto-detects your stack

React Vue Angular Next.js Svelte Python Django FastAPI Node.js TypeScript Rust Go Docker Flutter Ruby Java Kotlin Swift

Real results on 4 different repos

Not demos. Real projects, real gaps found, real improvements applied.

CLAUDEX
Research engine • Python
62
before
90
+28
VTCLE
Marketing automation • FastAPI
46
before
64
+18
Social
Mobile app • React Native
40
before
48
+8
Polymiro
Prediction system • Python/Docker
35
before
48
+13
Most common gaps found: missing secrets protection, no deny rules, no mermaid diagram, no hooks in settings
Key finding: one project had settings in a non-standard format — the audit caught it immediately

Also found 2 bugs in our own tool during dogfooding. Both fixed and shipped same day. Full case studies

When NOT to use this

Honesty builds trust. Here's where this tool is not the right answer.

Don't use setup on a mature repo blindly
If your team already has a carefully crafted CLAUDE.md and .claude/ config, use audit or suggest-only first. Never overwrite a hand-built config without reviewing the proposal.
Don't trust the score as a quality metric
The score measures Claude Code setup coverage, not code quality. A 90/100 repo with bad code is still bad code. This tool improves how Claude works with your repo, not the repo itself.
Don't skip reading the generated files
Generated CLAUDE.md is a strong starting point, but a hand-written one that reflects your real conventions will always be better. Treat generated output as draft, not final.
Don't expect it to fix your code
This tool configures how Claude interacts with your project. It doesn't refactor, fix bugs, or write features. It makes Claude better at doing those things for you.

Frequently asked

Is it safe? Does it modify my code?

Audit, augment, and suggest-only are read-only. Setup creates missing Claude artifacts, and apply uses proposal bundles with rollback + activity logs. Core flows run locally; deep-review is the only opt-in mode that sends selected config to Anthropic for analysis.

How is this different from /init?

Claude Code's /init generates a basic CLAUDE.md. We go much further: 85 audit checks, smart CLAUDE.md with Mermaid diagrams, PreToolUse/PostToolUse hooks, security agents, framework-specific rules, XML constraint blocks, and verification criteria — all backed by research from the CLAUDEX catalog.

What's the real impact on productivity?

Use benchmark for the real answer on your repo. It runs a baseline audit, applies starter-safe changes in an isolated temp copy, and reports before/after deltas, workflow-evidence coverage, and a case-study style summary.

Does it work with Cursor, Codex, or other AI tools?

The audit is Claude Code-specific. However, CLAUDE.md files are recognized by many AI coding tools. The skills format was adopted as a cross-platform standard by OpenAI Codex CLI in December 2025. Hooks and agents are Claude Code-only features.

Where do the 1,107 techniques come from?

From a systematic research project covering all 73 official Claude Code documentation pages, 100+ community tools and MCP servers verified via GitHub API, Anthropic blog posts, benchmark papers, and hands-on experiments. The count includes features, techniques, patterns, tools, stats, and limitations — not all are actionable. 948 were verified with real evidence. The research is ongoing.

My project already has a good CLAUDE.md. Will this help?

Audit will still show you what else you might be missing (hooks, agents, rules, MCP config). Setup will never overwrite your existing files — it only creates what's missing. If your project is already well-configured, the tool will tell you. A hand-crafted CLAUDE.md that reflects your real conventions will always be better than a generated one.

MIT Licensed
Zero dependencies
Core flows run locally
Deep review is opt-in

Find out what you're missing.
Improve it safely.

85 checks. Read-only discovery. Proposal bundles before writes. Domain packs, MCP packs, and workflow evidence when you need deeper rollout confidence.

$ npx @nerviq/cli Copy
View on GitHub npm package