@sisu-ai/skill-code-review 0.2.0

package/LICENSE

@@ -0,0 +1,6 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+This package is licensed under the Apache License, Version 2.0.
+See the repository root LICENSE file for the full text.

package/README.md

@@ -0,0 +1,34 @@
+# @sisu-ai/skill-code-review
+
+Structured code review skill for safety, correctness, and maintainability.
+
+Install
+
+```bash
+pnpm add @sisu-ai/skill-code-review
+```
+
+Usage
+
+Point the skills middleware directly at the installed package:
+
+```ts
+skillsMiddleware({
+  directories: ["node_modules/@sisu-ai/skill-code-review"],
+});
+```
+
+Or copy the skill into your project skills directory (explicitly configured in middleware):
+
+```bash
+mkdir -p .sisu/skills/code-review
+cp -R node_modules/@sisu-ai/skill-code-review/* .sisu/skills/code-review/
+```
+
+Resources
+
+- `resources/review-checklist.md`
+
+License
+
+Apache-2.0

package/SKILL.md

@@ -0,0 +1,51 @@
+---
+name: code-review
+description: Perform a structured code review for safety, correctness, and maintainability
+version: 0.1.0
+author: sisu
+tags: [review, quality, security, typescript]
+requires: [read_file, grep, bash]
+---
+
+# Code Review
+
+Use this skill to perform a systematic code review focused on correctness, safety, and maintainability.
+
+## Goals
+
+- Validate behavior against requirements and edge cases
+- Identify security risks and unsafe patterns
+- Ensure error handling and logging are correct
+- Check performance hotspots and unnecessary allocations
+- Confirm code aligns with SISU guidelines (explicit, composable, testable)
+
+## Review Steps
+
+1. **Scope the change**
+   - Identify files changed and related components
+   - Read relevant docs/specs/tests if available
+
+2. **Behavior & correctness**
+   - Walk through main flows and edge cases
+   - Verify invariants and error handling
+
+3. **Safety & security**
+   - Look for unsafe file access, command injection, secrets handling
+   - Validate input validation and schema enforcement
+
+4. **Performance**
+   - Check for unbounded loops or O(n^2) pitfalls
+   - Validate caching and I/O patterns
+
+5. **Tests**
+   - Ensure tests cover happy path, edge cases, invalid input, and cancellation
+
+## Output Format
+
+- **Summary**: 2–4 bullets
+- **Issues**: Prioritized list with severity and fix guidance
+- **Suggestions**: Optional refactors or follow-ups
+
+## Resources
+
+See `resources/review-checklist.md` for a detailed checklist.

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@sisu-ai/skill-code-review",
+  "version": "0.2.0",
+  "license": "Apache-2.0",
+  "type": "module",
+  "files": [
+    "SKILL.md",
+    "resources"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/finger-gun/sisu",
+    "directory": "packages/skills/skill-code-review"
+  },
+  "homepage": "https://github.com/finger-gun/sisu#readme",
+  "bugs": {
+    "url": "https://github.com/finger-gun/sisu/issues"
+  },
+  "keywords": [
+    "sisu",
+    "ai",
+    "ai-agent",
+    "agentic",
+    "skill",
+    "code-review"
+  ]
+}

package/resources/review-checklist.md

@@ -0,0 +1,31 @@
+# Code Review Checklist
+
+## Correctness
+
+- Inputs validated and schema enforced
+- Edge cases handled (empty data, nulls, malformed input)
+- Error messages are actionable and consistent
+
+## Safety & Security
+
+- No direct shell execution without validation
+- No secrets logged or stored in outputs
+- File paths sanitized and constrained
+
+## Performance
+
+- No unnecessary O(n^2) loops on hot paths
+- I/O operations are bounded and cached when appropriate
+- Avoid large in-memory buffers for streaming data
+
+## Type Safety
+
+- No `any` usage in public APIs
+- Narrowed `unknown` where needed
+- Zod schemas align with runtime behavior
+
+## Observability
+
+- Logs use ctx.log; no console.\*
+- Errors include context and cause
+- Tracing hooks preserved