Auditing WoW Addons
Expert guidance for comprehensive addon quality analysis.
Related Commands
- •c-audit - Full audit workflow
- •c-clean - Dead code cleanup
- •c-lint - Syntax and style
- •c-review - Full review (includes audit)
MCP Tools
| Task | MCP Tool |
|---|---|
| Security Analysis | addon.security(addon="MyAddon") |
| Complexity Analysis | addon.complexity(addon="MyAddon") |
| Deprecation Scan | addon.deprecations(addon="MyAddon") |
| Dead Code Detection | addon.deadcode(addon="MyAddon") |
Capabilities
- •Security Analysis — Combat lockdown, secret values, taint, unsafe eval
- •Complexity Analysis — Deep nesting, long functions, magic numbers, duplicates
- •Deprecation Scanning — 100+ deprecated APIs with migration paths
- •Dead Code Detection — Unused functions, orphaned files, dead exports
Analysis Categories
Security (addon.security)
| Category | Description | Severity |
|---|---|---|
combat_violation | Protected API without InCombatLockdown() guard | Error |
secret_leak | Logging/storing secret values (12.0+) | Error |
taint_risk | Unsafe global modifications | Warning |
unsafe_eval | loadstring/RunScript with variable input | Warning |
addon_comm | Unvalidated message parsing | Info |
Complexity (addon.complexity)
| Category | Threshold | Description |
|---|---|---|
deep_nesting | > 5 levels | Excessive if/for/while nesting |
long_function | > 100 lines | Functions too long to understand |
long_file | > 500 lines | Files that should be split |
magic_number | pattern-based | Unexplained numeric literals |
duplicate_code | > 10 lines | Near-identical code blocks |
Deprecations (addon.deprecations)
| Category | Example APIs | Since |
|---|---|---|
addons | GetAddOnInfo → C_AddOns.GetAddOnInfo | 11.0 |
spells | GetSpellInfo → C_Spell.GetSpellInfo | 11.0 |
items | GetItemInfo → C_Item.GetItemInfo | 11.0 |
containers | GetContainerItemInfo → C_Container | 10.0 |
unit | UnitHealth (returns secret for enemies) | 12.0 |
Dead Code (addon.deadcode)
| Category | Description |
|---|---|
unused_function | Functions defined but never called |
orphaned_file | Lua files not in TOC |
dead_export | Exported values never used |
unused_library | Libraries in Libs/ never used |
Workflow
Quick Audit
code
1. addon.security → Critical issues (combat, secrets) 2. addon.deprecations (min_severity=error) → Breaking changes 3. Report critical findings
Full Audit
code
1. addon.security → All security issues 2. addon.complexity → All maintainability issues 3. addon.deprecations → All deprecated APIs 4. addon.deadcode → All dead code 5. Comprehensive report with priority order
Interpreting Results
Priority Order
- •
Critical (Fix immediately):
- •Combat lockdown violations (will cause bugs)
- •Secret value leaks (12.0+ breaking)
- •Deprecated APIs with
severity: error
- •
High (Fix before release):
- •Taint risks
- •Deprecated APIs with
severity: warning - •Orphaned files
- •
Medium (Fix when convenient):
- •Deep nesting (maintainability)
- •Long functions
- •Magic numbers
- •
Low (Consider fixing):
- •Code duplicates
- •Suspicious dead code
Best Practices
- •Run before release — Catch breaking changes early
- •Start with critical — Security and deprecations first
- •Filter by severity — Use
include_suspicious=falsefor focused results - •Check 12.0 readiness — Secret value APIs are breaking changes
- •Review complexity — High complexity = high bug risk