@booklib/skills 1.6.0 → 1.7.0

package/benchmark/order-processing.original.js

@@ -1,158 +0,0 @@
-// order processing thing
-// ORIGINAL — intentionally bad code. Do not use in production.
-
-var db = require('./db')
-var mailer = require('./mailer')
-
-var discount = 0.1
-var TAX = 0.23
-var items = []
-var total = 0
-var usr = null
-
-function process(o, u, pay, s) {
-    usr = u
-    if (u != null) {
-        if (u.active == true) {
-            if (o != null) {
-                if (o.items != null && o.items.length > 0) {
-                    var t = 0
-                    for (var i = 0; i < o.items.length; i++) {
-                        var item = o.items[i]
-                        if (item.qty > 0) {
-                            if (item.price > 0) {
-                                t = t + (item.qty * item.price)
-                                items.push(item)
-                            }
-                        }
-                    }
-                    if (u.type == "premium") {
-                        t = t - (t * 0.1)
-                    }
-                    if (u.type == "vip") {
-                        t = t - (t * 0.2)
-                    }
-                    if (u.type == "staff") {
-                        t = t - (t * 0.5)
-                    }
-                    total = t + (t * TAX)
-                    if (pay == "card") {
-                        var res = chargeCard(u.card, total)
-                        if (res == true) {
-                            var q = "INSERT INTO orders VALUES ('" + o.id + "', '" + u.id + "', " + total + ", 'paid')"
-                            db.query(q)
-                            mailer.send(u.email, "Order confirmed", "ur order is confirmed lol total: " + total)
-                            s.orders++
-                            s.revenue = s.revenue + total
-                            return true
-                        } else {
-                            return false
-                        }
-                    }
-                    if (pay == "paypal") {
-                        var res2 = chargePaypal(u.paypal, total)
-                        if (res2 == true) {
-                            var q2 = "INSERT INTO orders VALUES ('" + o.id + "', '" + u.id + "', " + total + ", 'paid')"
-                            db.query(q2)
-                            mailer.send(u.email, "Order confirmed", "ur order is confirmed lol total: " + total)
-                            s.orders++
-                            s.revenue = s.revenue + total
-                            return true
-                        } else {
-                            return false
-                        }
-                    }
-                    if (pay == "crypto") {
-                        // TODO: implement this someday
-                        return false
-                    }
-                } else {
-                    return false
-                }
-            } else {
-                return false
-            }
-        } else {
-            return false
-        }
-    } else {
-        return false
-    }
-}
-
-function chargeCard(card, amt) {
-    // just assume it works
-    console.log("charging card " + card + " for " + amt)
-    return true
-}
-
-function chargePaypal(pp, amt) {
-    console.log("paypal " + pp + " " + amt)
-    return true
-}
-
-// get user orders
-function getOrds(uid) {
-    var q = "SELECT * FROM orders WHERE user_id = '" + uid + "'"
-    return db.query(q)
-}
-
-// cancel
-function cancel(oid, uid, rsn) {
-    var q = "SELECT * FROM orders WHERE id = '" + oid + "'"
-    var ord = db.query(q)
-    if (ord != null) {
-        if (ord.user_id == uid) {
-            if (ord.status != "cancelled") {
-                if (ord.status != "shipped") {
-                    if (ord.status != "delivered") {
-                        var q2 = "UPDATE orders SET status = 'cancelled', reason = '" + rsn + "' WHERE id = '" + oid + "'"
-                        db.query(q2)
-                        mailer.send(usr.email, "Cancelled", "ok cancelled")
-                        return true
-                    } else {
-                        return false
-                    }
-                } else {
-                    return false
-                }
-            } else {
-                return false
-            }
-        }
-    }
-    return false
-}
-
-// stats thing used everywhere
-var stats = {
-    orders: 0,
-    revenue: 0,
-    cancelled: 0
-}
-
-function getStats() {
-    return eval("stats")
-}
-
-// some random util shoved in here
-function formatMoney(n) {
-    return "$" + Math.round(n * 100) / 100
-}
-
-// also does refunds i guess
-function refund(oid) {
-    var q = "SELECT * FROM orders WHERE id = '" + oid + "'"
-    var ord = db.query(q)
-    if (ord.status == "paid") {
-        // refund the money somehow
-        console.log("refunding " + ord.total)
-        var q2 = "UPDATE orders SET status = 'refunded' WHERE id = '" + oid + "'"
-        db.query(q2)
-        stats.revenue = stats.revenue - ord.total
-        stats.cancelled++
-        mailer.send(usr.email, "Refund", "u got ur money back: " + formatMoney(ord.total))
-    }
-}
-
-module.exports = { process, getOrds, cancel, getStats, refund }

package/benchmark/order-processing.pr-toolkit.js

@@ -1,181 +0,0 @@
-// code-after-native.js
-// Rewritten applying all findings from: pr-review-toolkit:code-reviewer
-// Fixes applied (by issue #):
-//  #1  Parameterised queries — no SQL injection
-//  #2  eval("stats") → return stats
-//  #3  No module-level mutable state — all state is local or injected
-//  #4  items array removed from module scope
-//  #5  null check before ord.status in refund()
-//  #6  Card data not logged to console (PCI)
-//  #7  Unknown payment method throws, not silently returns undefined
-//  #8  Shared finalizeOrder() — no duplicated block
-//  #9  discount variable removed; named constants used
-//  #10 === / !== throughout, no loose equality
-//  #11/#12 cancel/refund look up user email from order, not global usr
-//  #13 Single stats object — no two-object inconsistency
-//  #14 cancel() updates stats.cancelled on success
-//  #15 try/catch around db and mailer calls
-//  #16 const/let throughout, no var
-//  #17 Descriptive parameter names
-
-'use strict';
-
-const db     = require('./db');
-const mailer = require('./mailer');
-
-const TAX_RATE          = 0.23;
-const DISCOUNT_PREMIUM  = 0.10;
-const DISCOUNT_VIP      = 0.20;
-const DISCOUNT_STAFF    = 0.50;
-const NON_CANCELLABLE   = ['cancelled', 'shipped', 'delivered'];
-
-// Module-level stats — single source of truth (#13)
-const stats = { orders: 0, revenue: 0, cancelled: 0 };
-
-// ─── Public API ──────────────────────────────────────────────────────────────
-
-// Renamed from process() — avoids shadowing Node's global `process` (#17, #13)
-async function placeOrder(order, user, paymentMethod, statsRef) {
-  // Guard clauses replace pyramid nesting (#10)
-  if (!user || !user.active) return false;
-  if (!order || !order.items || order.items.length === 0) return false;
-
-  // Local variables — no module-level state (#3, #4)
-  const validItems = order.items.filter(item => item.qty > 0 && item.price > 0);
-  if (validItems.length === 0) return false;
-
-  let subtotal = validItems.reduce((sum, item) => sum + item.qty * item.price, 0);
-
-  // Named constants replace magic numbers (#9)
-  if (user.type === 'premium') subtotal *= (1 - DISCOUNT_PREMIUM);
-  else if (user.type === 'vip') subtotal *= (1 - DISCOUNT_VIP);
-  else if (user.type === 'staff') subtotal *= (1 - DISCOUNT_STAFF);
-
-  const total = subtotal * (1 + TAX_RATE);
-
-  // Dispatch — unknown method throws, not silently undefined (#7)
-  const charged = await chargePayment(paymentMethod, user, total);
-  if (!charged) return false;
-
-  // Shared confirmation — duplicated block eliminated (#8)
-  await finalizeOrder(order, user, total, statsRef || stats);
-  return true;
-}
-
-async function getOrders(userId) {
-  // Parameterised query (#1)
-  return db.query('SELECT * FROM orders WHERE user_id = $1', [userId]);
-}
-
-async function cancelOrder(orderId, userId, reason) {
-  try {
-    // Parameterised (#1)
-    const order = await db.query('SELECT * FROM orders WHERE id = $1', [orderId]);
-
-    // Null check (#5); strict equality (#10)
-    if (!order) return false;
-    if (order.user_id !== userId) return false;
-    if (NON_CANCELLABLE.includes(order.status)) return false;
-
-    await db.query(
-      'UPDATE orders SET status = $1, reason = $2 WHERE id = $3',
-      ['cancelled', reason, orderId],
-    );
-
-    // Use order's own email — not global usr (#11)
-    mailer.send(order.user_email, 'Order cancelled', 'Your order has been cancelled.');
-
-    // Stats update on cancel (#14)
-    stats.cancelled++;
-    stats.revenue -= order.total;
-
-    return true;
-  } catch (err) {
-    // Error handling (#15)
-    console.error('cancelOrder failed:', err.message);
-    return false;
-  }
-}
-
-async function refundOrder(orderId) {
-  try {
-    const order = await db.query('SELECT * FROM orders WHERE id = $1', [orderId]);
-
-    // Null check added — was missing, caused TypeError crash (#5)
-    if (!order) return false;
-    if (order.status !== 'paid') return false;
-
-    await db.query(
-      'UPDATE orders SET status = $1 WHERE id = $2',
-      ['refunded', orderId],
-    );
-
-    stats.revenue  -= order.total;
-    stats.cancelled++;
-
-    // Use order's own email — not global usr (#12)
-    mailer.send(
-      order.user_email,
-      'Refund processed',
-      `Your refund of ${formatMoney(order.total)} is on its way.`,
-    );
-
-    return true;
-  } catch (err) {
-    console.error('refundOrder failed:', err.message);
-    return false;
-  }
-}
-
-function getStats() {
-  return { ...stats };   // eval("stats") → just return the object (#2); defensive copy (#13)
-}
-
-// ─── Private helpers ─────────────────────────────────────────────────────────
-
-async function chargePayment(method, user, total) {
-  if (method === 'card')   return chargeCard(user.card, total);
-  if (method === 'paypal') return chargePaypal(user.paypal, total);
-  if (method === 'crypto') throw new Error('Crypto payments are not yet supported');
-  // Unknown method throws — no silent undefined return (#7)
-  throw new Error(`Unknown payment method: ${method}`);
-}
-
-// Shared — eliminates the duplicated card/paypal block (#8)
-async function finalizeOrder(order, user, total, statsRef) {
-  // Parameterised INSERT (#1)
-  await db.query(
-    'INSERT INTO orders (id, user_id, total, status) VALUES ($1, $2, $3, $4)',
-    [order.id, user.id, total, 'paid'],
-  );
-  mailer.send(
-    user.email,
-    'Order confirmed',
-    `Your order has been confirmed. Total: ${formatMoney(total)}`,
-  );
-  statsRef.orders++;
-  statsRef.revenue += total;
-}
-
-function chargeCard(cardToken, amount) {
-  // Do NOT log card details — PCI-DSS (#6)
-  console.log(`Charging card (ending ...${String(cardToken).slice(-4)}) for ${formatMoney(amount)}`);
-  return true; // TODO: integrate real payment gateway
-}
-
-function chargePaypal(account, amount) {
-  console.log(`Charging PayPal ${account} for ${formatMoney(amount)}`);
-  return true; // TODO: integrate PayPal SDK
-}
-
-function formatMoney(amount) {
-  return `$${(Math.round(amount * 100) / 100).toFixed(2)}`;
-}
-
-module.exports = {
-  placeOrder,
-  getOrders,
-  cancelOrder,
-  refundOrder,
-  getStats,
-};

package/benchmark/order-processing.skill-router.js

@@ -1,271 +0,0 @@
-// code-after-custom.js
-// Rewritten applying: clean-code-reviewer + design-patterns (via skill-router)
-//
-// Patterns applied (design-patterns skill):
-//   Strategy  — payment methods (GoF: encapsulate interchangeable algorithms)
-//   Strategy  — discount tiers  (GoF: data-driven, open for extension)
-//   State     — order lifecycle (GoF: each status owns its valid transitions)
-//   Singleton — stats           (GoF: deliberate, clean, no accidental shared state)
-//   Observer  — side effects    (GoF: email/stats decoupled from business logic)
-//   Facade    — module API      (GoF: single clean surface, internals hidden)
-//   Template Method — validation (GoF: fixed skeleton, variable steps)
-//
-// Principles applied (clean-code-reviewer skill):
-//   N1/N2  — intention-revealing names at the right abstraction level
-//   F1/F2  — small functions, one responsibility each
-//   G5     — DRY: no duplicated confirmation block
-//   G25    — named constants, no magic numbers
-//   G23    — data-driven lookup, not if-chain
-//   G28    — encapsulated predicates
-//   G30    — functions do one thing
-//   Ch.7   — throw with context, never silent return false
-//   G4     — parameterised queries, no eval, no safety overrides
-
-'use strict';
-
-const db     = require('./db');
-const mailer = require('./mailer');
-
-// ─── Constants ────────────────────────────────────────────────────────────────
-
-const TAX_RATE = 0.23;
-
-// Strategy: discount tiers — add a new tier here, nothing else changes (G23, G25)
-const DISCOUNT_BY_TIER = Object.freeze({
-  standard: 0,
-  premium:  0.10,
-  vip:      0.20,
-  staff:    0.50,
-});
-
-// Strategy: payment processors — add a new method here, nothing else changes
-const PAYMENT_PROCESSORS = Object.freeze({
-  card: {
-    charge(user, amount) {
-      // TODO: integrate real payment gateway
-      console.log(`Charging card (...${String(user.card).slice(-4)}) for ${formatMoney(amount)}`);
-      return true;
-    },
-  },
-  paypal: {
-    charge(user, amount) {
-      // TODO: integrate PayPal SDK
-      console.log(`Charging PayPal ${user.paypal} for ${formatMoney(amount)}`);
-      return true;
-    },
-  },
-  crypto: {
-    charge() {
-      throw new Error('Crypto payments are not yet implemented');
-    },
-  },
-});
-
-// ─── State: order lifecycle ───────────────────────────────────────────────────
-// Each state owns its own transition rules.
-// Adding a new status = adding one object. No existing guards change.
-
-const ORDER_STATES = Object.freeze({
-  pending: {
-    canCancel: () => true,
-    canRefund: () => false,
-  },
-  paid: {
-    canCancel: () => true,
-    canRefund: () => true,
-  },
-  shipped: {
-    canCancel: () => false,
-    canRefund: () => false,
-  },
-  delivered: {
-    canCancel: () => false,
-    canRefund: () => true,
-  },
-  cancelled: {
-    canCancel: () => false,
-    canRefund: () => false,
-  },
-  refunded: {
-    canCancel: () => false,
-    canRefund: () => false,
-  },
-});
-
-function getOrderState(status) {
-  const state = ORDER_STATES[status];
-  if (!state) throw new Error(`Unknown order status: ${status}`);
-  return state;
-}
-
-// ─── Singleton: stats ─────────────────────────────────────────────────────────
-// Deliberate, clean singleton. Not an accidental module-scope variable.
-
-const Stats = (() => {
-  const data = { orders: 0, revenue: 0, cancelled: 0 };
-  return {
-    recordPlaced(total)    { data.orders++; data.revenue += total; },
-    recordCancelled(total) { data.cancelled++; data.revenue -= total; },
-    recordRefunded(total)  { data.cancelled++; data.revenue -= total; },
-    snapshot()             { return { ...data }; },
-  };
-})();
-
-// ─── Observer: event bus ──────────────────────────────────────────────────────
-// Business logic emits events. Side effects (email, stats) register as listeners.
-// Adding SMS or audit log = one new listener. Core functions unchanged.
-
-const EventBus = (() => {
-  const listeners = {};
-  return {
-    on(event, fn)   { (listeners[event] = listeners[event] || []).push(fn); },
-    emit(event, payload) { (listeners[event] || []).forEach(fn => fn(payload)); },
-  };
-})();
-
-// Register observers at startup — not inside business functions
-EventBus.on('order.placed', ({ user, total }) => {
-  mailer.send(user.email, 'Order confirmed', `Your order total is ${formatMoney(total)}.`);
-  Stats.recordPlaced(total);
-});
-
-EventBus.on('order.cancelled', ({ order, total }) => {
-  mailer.send(order.user_email, 'Order cancelled', 'Your order has been cancelled.');
-  Stats.recordCancelled(total);
-});
-
-EventBus.on('order.refunded', ({ order, total }) => {
-  mailer.send(order.user_email, 'Refund processed', `Your refund of ${formatMoney(total)} is on its way.`);
-  Stats.recordRefunded(total);
-});
-
-// ─── Validation (Template Method skeleton) ────────────────────────────────────
-// Fixed skeleton: check preconditions, then run action. (G28, Ch.7)
-
-function assertActiveUser(user) {
-  if (!user)        throw new Error('user is required');
-  if (!user.active) throw new Error(`User ${user.id} is not active`);
-}
-
-function assertValidOrder(order) {
-  if (!order?.items?.length) throw new Error('order must contain at least one item');
-}
-
-function assertSupportedPayment(method) {
-  if (!PAYMENT_PROCESSORS[method]) throw new Error(`Unsupported payment method: ${method}`);
-}
-
-// ─── Calculation (F1: one responsibility each) ────────────────────────────────
-
-function calculateSubtotal(items) {
-  return items
-    .filter(item => item.qty > 0 && item.price > 0)
-    .reduce((sum, item) => sum + item.qty * item.price, 0);
-}
-
-function applyTierDiscount(amount, userTier) {
-  const rate = DISCOUNT_BY_TIER[userTier] ?? 0; // G25: named table, not magic number
-  return amount * (1 - rate);
-}
-
-function applyTax(amount) {
-  return amount * (1 + TAX_RATE);
-}
-
-// ─── Persistence ──────────────────────────────────────────────────────────────
-// Each function does one thing. Parameterised queries throughout (G4).
-
-async function persistOrder(order, user, total) {
-  await db.query(
-    'INSERT INTO orders (id, user_id, total, status) VALUES (?, ?, ?, ?)',
-    [order.id, user.id, total, 'paid'],
-  );
-}
-
-async function fetchOrder(orderId) {
-  const order = await db.query('SELECT * FROM orders WHERE id = ?', [orderId]);
-  if (!order) throw new Error(`Order not found: ${orderId}`);
-  return order;
-}
-
-async function persistCancellation(orderId, reason) {
-  await db.query(
-    'UPDATE orders SET status = ?, reason = ? WHERE id = ?',
-    ['cancelled', reason, orderId],
-  );
-}
-
-async function persistRefund(orderId) {
-  await db.query('UPDATE orders SET status = ? WHERE id = ?', ['refunded', orderId]);
-}
-
-// ─── Formatting ───────────────────────────────────────────────────────────────
-
-function formatMoney(amount) {
-  return new Intl.NumberFormat('en-US', { style: 'currency', currency: 'USD' }).format(amount);
-}
-
-// ─── Facade: public API ───────────────────────────────────────────────────────
-// Callers import one clean surface. All internals (strategies, state,
-// observer, singleton) are hidden and can evolve independently.
-
-async function processOrder(order, user, paymentMethod) {
-  // Template Method: validate → calculate → charge → persist → notify (via Observer)
-  assertActiveUser(user);
-  assertValidOrder(order);
-  assertSupportedPayment(paymentMethod);
-
-  const subtotal   = calculateSubtotal(order.items);
-  const discounted = applyTierDiscount(subtotal, user.type);
-  const total      = applyTax(discounted);
-
-  // Strategy pattern: dispatch to the right processor, one confirmation path
-  PAYMENT_PROCESSORS[paymentMethod].charge(user, total);
-  await persistOrder(order, user, total);
-
-  // Observer: emit event — email and stats handled by listeners, not here
-  EventBus.emit('order.placed', { user, order, total });
-}
-
-async function getUserOrders(userId) {
-  return db.query('SELECT * FROM orders WHERE user_id = ?', [userId]);
-}
-
-async function cancelOrder(orderId, userId, reason) {
-  const order = await fetchOrder(orderId);
-
-  if (order.userId !== userId) throw new Error('Order does not belong to this user');
-
-  // State pattern: the status object decides whether cancellation is legal
-  if (!getOrderState(order.status).canCancel()) {
-    throw new Error(`Order ${orderId} cannot be cancelled (status: ${order.status})`);
-  }
-
-  await persistCancellation(orderId, reason);
-  EventBus.emit('order.cancelled', { order, total: order.total });
-}
-
-async function refundOrder(orderId) {
-  const order = await fetchOrder(orderId);
-
-  // State pattern: the status object decides whether refund is legal
-  if (!getOrderState(order.status).canRefund()) {
-    throw new Error(`Order ${orderId} cannot be refunded (status: ${order.status})`);
-  }
-
-  await persistRefund(orderId);
-  EventBus.emit('order.refunded', { order, total: order.total });
-}
-
-function getStats() {
-  return Stats.snapshot(); // Singleton: clean access, defensive copy
-}
-
-// Facade export: one coherent interface
-module.exports = {
-  processOrder,
-  getUserOrders,
-  cancelOrder,
-  refundOrder,
-  getStats,
-};