@sylix/coworker 2.0.11 → 2.0.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/commands/slash/config.d.ts.map +1 -1
- package/dist/commands/slash/config.js +22 -4
- package/dist/commands/slash/config.js.map +1 -1
- package/dist/core/CoWorkerAgent.d.ts.map +1 -1
- package/dist/core/CoWorkerAgent.js +6 -3
- package/dist/core/CoWorkerAgent.js.map +1 -1
- package/dist/skills/defaults/accessibility/screen-reader-testing.md +545 -0
- package/dist/skills/defaults/accessibility/wcag-audit-patterns.md +555 -0
- package/dist/skills/defaults/ai-ml/rag.md +276 -0
- package/dist/skills/defaults/backend-development/api-design-principles.md +528 -0
- package/dist/skills/defaults/backend-development/api-design.md +285 -0
- package/dist/skills/defaults/backend-development/architecture-patterns.md +494 -0
- package/dist/skills/defaults/backend-development/async-python.md +237 -0
- package/dist/skills/defaults/backend-development/auth-implementation-patterns.md +638 -0
- package/dist/skills/defaults/backend-development/bazel-build-optimization.md +387 -0
- package/dist/skills/defaults/backend-development/billing-automation/SKILL.md +566 -0
- package/dist/skills/defaults/backend-development/code-review-excellence.md +538 -0
- package/dist/skills/defaults/backend-development/cqrs-implementation.md +554 -0
- package/dist/skills/defaults/backend-development/database-design.md +305 -0
- package/dist/skills/defaults/backend-development/debugging-strategies.md +536 -0
- package/dist/skills/defaults/backend-development/e2e-testing-patterns.md +544 -0
- package/dist/skills/defaults/backend-development/error-handling-patterns.md +641 -0
- package/dist/skills/defaults/backend-development/fastapi-templates.md +559 -0
- package/dist/skills/defaults/backend-development/fastapi.md +309 -0
- package/dist/skills/defaults/backend-development/git-advanced-workflows.md +405 -0
- package/dist/skills/defaults/backend-development/microservices-patterns.md +595 -0
- package/dist/skills/defaults/backend-development/microservices.md +284 -0
- package/dist/skills/defaults/backend-development/monorepo-management.md +623 -0
- package/dist/skills/defaults/backend-development/nodejs-backend-patterns.md +1048 -0
- package/dist/skills/defaults/backend-development/nx-workspace-patterns.md +457 -0
- package/dist/skills/defaults/backend-development/paypal-integration/SKILL.md +478 -0
- package/dist/skills/defaults/backend-development/pci-compliance/SKILL.md +480 -0
- package/dist/skills/defaults/backend-development/python-anti-patterns.md +349 -0
- package/dist/skills/defaults/backend-development/python-background-jobs.md +364 -0
- package/dist/skills/defaults/backend-development/python-code-style.md +360 -0
- package/dist/skills/defaults/backend-development/python-configuration.md +368 -0
- package/dist/skills/defaults/backend-development/python-design-patterns.md +296 -0
- package/dist/skills/defaults/backend-development/python-error-handling.md +323 -0
- package/dist/skills/defaults/backend-development/python-packaging.md +887 -0
- package/dist/skills/defaults/backend-development/python-performance-optimization.md +874 -0
- package/dist/skills/defaults/backend-development/python-project-structure.md +252 -0
- package/dist/skills/defaults/backend-development/python-resilience.md +376 -0
- package/dist/skills/defaults/backend-development/python-resource-management.md +421 -0
- package/dist/skills/defaults/backend-development/python-type-safety.md +428 -0
- package/dist/skills/defaults/backend-development/sql-optimization-patterns.md +509 -0
- package/dist/skills/defaults/backend-development/stripe-integration/SKILL.md +522 -0
- package/dist/skills/defaults/backend-development/turborepo-caching.md +376 -0
- package/dist/skills/defaults/blockchain/defi-protocol-templates.md +430 -0
- package/dist/skills/defaults/blockchain/nft-standards.md +364 -0
- package/dist/skills/defaults/blockchain/solidity-security.md +514 -0
- package/dist/skills/defaults/blockchain/web3-testing.md +360 -0
- package/dist/skills/defaults/business/competitive-landscape/SKILL.md +527 -0
- package/dist/skills/defaults/business/market-sizing-analysis/SKILL.md +451 -0
- package/dist/skills/defaults/business/startup-financial-modeling/SKILL.md +494 -0
- package/dist/skills/defaults/business/startup-metrics-framework/SKILL.md +564 -0
- package/dist/skills/defaults/business/team-composition-analysis.md +437 -0
- package/dist/skills/defaults/compliance/employment-contract-templates/SKILL.md +527 -0
- package/dist/skills/defaults/compliance/gdpr-data-handling/SKILL.md +630 -0
- package/dist/skills/defaults/data-engineering/airflow-dag-patterns.md +436 -0
- package/dist/skills/defaults/data-engineering/airflow.md +519 -0
- package/dist/skills/defaults/data-engineering/data-quality.md +583 -0
- package/dist/skills/defaults/data-engineering/dbt-transformation-patterns.md +482 -0
- package/dist/skills/defaults/data-engineering/dbt.md +556 -0
- package/dist/skills/defaults/data-engineering/ml-pipeline-workflow/SKILL.md +247 -0
- package/dist/skills/defaults/data-engineering/spark-optimization.md +348 -0
- package/dist/skills/defaults/data-engineering/spark.md +411 -0
- package/dist/skills/defaults/database/postgresql.md +202 -0
- package/dist/skills/defaults/debugging/systematic-debugging.md +249 -0
- package/dist/skills/defaults/devops/architecture-decision-records.md +448 -0
- package/dist/skills/defaults/devops/changelog-automation.md +580 -0
- package/dist/skills/defaults/devops/cicd.md +314 -0
- package/dist/skills/defaults/devops/cloud.md +263 -0
- package/dist/skills/defaults/devops/code-review-excellence.md +299 -0
- package/dist/skills/defaults/devops/cost-optimization.md +295 -0
- package/dist/skills/defaults/devops/deployment-pipeline-design.md +356 -0
- package/dist/skills/defaults/devops/docker.md +281 -0
- package/dist/skills/defaults/devops/git-workflows.md +205 -0
- package/dist/skills/defaults/devops/github-actions.md +311 -0
- package/dist/skills/defaults/devops/gitlab-ci-patterns.md +266 -0
- package/dist/skills/defaults/devops/hybrid-cloud-networking.md +241 -0
- package/dist/skills/defaults/devops/istio-traffic-management.md +327 -0
- package/dist/skills/defaults/devops/kubernetes.md +339 -0
- package/dist/skills/defaults/devops/linkerd-patterns.md +311 -0
- package/dist/skills/defaults/devops/multi-cloud-architecture.md +181 -0
- package/dist/skills/defaults/devops/observability.md +243 -0
- package/dist/skills/defaults/devops/openapi-spec-generation.md +1024 -0
- package/dist/skills/defaults/devops/postmortem-writing.md +396 -0
- package/dist/skills/defaults/devops/prometheus-configuration.md +265 -0
- package/dist/skills/defaults/devops/secrets-management.md +341 -0
- package/dist/skills/defaults/devops/service-mesh-observability.md +385 -0
- package/dist/skills/defaults/devops/terraform-module-library.md +244 -0
- package/dist/skills/defaults/finance/backtesting-frameworks/SKILL.md +663 -0
- package/dist/skills/defaults/finance/risk-metrics-calculation/SKILL.md +557 -0
- package/dist/skills/defaults/frontend/accessibility-compliance.md +420 -0
- package/dist/skills/defaults/frontend/design-system-patterns.md +337 -0
- package/dist/skills/defaults/frontend/interaction-design.md +327 -0
- package/dist/skills/defaults/frontend/javascript.md +311 -0
- package/dist/skills/defaults/frontend/modern-javascript-patterns.md +927 -0
- package/dist/skills/defaults/frontend/react-native-design.md +440 -0
- package/dist/skills/defaults/frontend/react.md +345 -0
- package/dist/skills/defaults/frontend/responsive-design.md +472 -0
- package/dist/skills/defaults/frontend/tailwind-design-system.md +337 -0
- package/dist/skills/defaults/frontend/typescript-advanced-types.md +724 -0
- package/dist/skills/defaults/frontend/typescript.md +334 -0
- package/dist/skills/defaults/frontend/visual-design-foundations.md +326 -0
- package/dist/skills/defaults/frontend/web-component-design.md +279 -0
- package/dist/skills/defaults/game-development/godot-gdscript-patterns.md +188 -0
- package/dist/skills/defaults/game-development/unity-ecs-patterns.md +594 -0
- package/dist/skills/defaults/kubernetes/gitops-workflow.md +285 -0
- package/dist/skills/defaults/kubernetes/gitops.md +280 -0
- package/dist/skills/defaults/kubernetes/helm-chart-scaffolding.md +553 -0
- package/dist/skills/defaults/kubernetes/helm.md +343 -0
- package/dist/skills/defaults/kubernetes/k8s-manifest-generator.md +501 -0
- package/dist/skills/defaults/kubernetes/k8s-security-policies.md +342 -0
- package/dist/skills/defaults/kubernetes/manifests.md +330 -0
- package/dist/skills/defaults/kubernetes/security.md +337 -0
- package/dist/skills/defaults/llm-application/embedding-strategies.md +608 -0
- package/dist/skills/defaults/llm-application/hybrid-search-implementation.md +570 -0
- package/dist/skills/defaults/llm-application/hybrid-search.md +570 -0
- package/dist/skills/defaults/llm-application/langchain-architecture.md +666 -0
- package/dist/skills/defaults/llm-application/langchain.md +259 -0
- package/dist/skills/defaults/llm-application/llm-evaluation.md +695 -0
- package/dist/skills/defaults/llm-application/prompt-engineering-patterns.md +449 -0
- package/dist/skills/defaults/llm-application/prompt-engineering.md +219 -0
- package/dist/skills/defaults/llm-application/rag-implementation.md +434 -0
- package/dist/skills/defaults/llm-application/similarity-search-patterns.md +560 -0
- package/dist/skills/defaults/llm-application/similarity-search.md +560 -0
- package/dist/skills/defaults/llm-application/vector-index-tuning.md +523 -0
- package/dist/skills/defaults/mobile/mobile-android-design.md +440 -0
- package/dist/skills/defaults/mobile/mobile-ios-design.md +266 -0
- package/dist/skills/defaults/monitoring/distributed-tracing.md +436 -0
- package/dist/skills/defaults/monitoring/grafana-dashboards.md +370 -0
- package/dist/skills/defaults/monitoring/prometheus-configuration.md +379 -0
- package/dist/skills/defaults/monitoring/slo-implementation.md +323 -0
- package/dist/skills/defaults/refactoring/code-refactoring.md +349 -0
- package/dist/skills/defaults/security/anti-reversing-techniques/SKILL.md +559 -0
- package/dist/skills/defaults/security/auditor.md +168 -0
- package/dist/skills/defaults/security/binary-analysis-patterns/SKILL.md +438 -0
- package/dist/skills/defaults/security/memory-forensics/SKILL.md +483 -0
- package/dist/skills/defaults/security/mtls-configuration.md +349 -0
- package/dist/skills/defaults/security/protocol-reverse-engineering/SKILL.md +520 -0
- package/dist/skills/defaults/security/sast-configuration.md +182 -0
- package/dist/skills/defaults/security/security.md +313 -0
- package/dist/skills/defaults/security/stride-analysis.md +273 -0
- package/dist/skills/defaults/security/threat-mitigation-mapping.md +290 -0
- package/dist/skills/defaults/systems/bash-defensive-patterns/SKILL.md +539 -0
- package/dist/skills/defaults/systems/bats-testing-patterns/SKILL.md +631 -0
- package/dist/skills/defaults/systems/go-concurrency-patterns.md +657 -0
- package/dist/skills/defaults/systems/memory-safety-patterns.md +605 -0
- package/dist/skills/defaults/systems/rust-async-patterns.md +519 -0
- package/dist/skills/defaults/systems/shellcheck-configuration/SKILL.md +456 -0
- package/dist/skills/defaults/team-collaboration/multi-reviewer-patterns.md +126 -0
- package/dist/skills/defaults/team-collaboration/parallel-feature-development.md +151 -0
- package/dist/skills/defaults/testing/javascript-testing-patterns.md +1021 -0
- package/dist/skills/defaults/testing/python-testing-patterns.md +351 -0
- package/dist/skills/defaults/testing/testing.md +332 -0
- package/dist/skills/defaults/workflows/context-driven-development.md +384 -0
- package/dist/skills/defaults/workflows/track-management.md +592 -0
- package/dist/skills/defaults/workflows/workflow-patterns.md +622 -0
- package/dist/skills/index.d.ts +11 -0
- package/dist/skills/index.d.ts.map +1 -0
- package/dist/skills/index.js +129 -0
- package/dist/skills/index.js.map +1 -0
- package/dist/utils/character.js +4 -4
- package/dist/utils/character.js.map +1 -1
- package/dist/utils/inputbar.d.ts.map +1 -1
- package/dist/utils/inputbar.js +7 -0
- package/dist/utils/inputbar.js.map +1 -1
- package/package.json +1 -1
|
@@ -0,0 +1,456 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: shellcheck-configuration
|
|
3
|
+
description: Master ShellCheck static analysis configuration and usage for shell script quality. Use when setting up linting infrastructure, fixing code issues, or ensuring script portability.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# ShellCheck Configuration and Static Analysis
|
|
7
|
+
|
|
8
|
+
Comprehensive guidance for configuring and using ShellCheck to improve shell script quality, catch common pitfalls, and enforce best practices through static code analysis.
|
|
9
|
+
|
|
10
|
+
## When to Use This Skill
|
|
11
|
+
|
|
12
|
+
- Setting up linting for shell scripts in CI/CD pipelines
|
|
13
|
+
- Analyzing existing shell scripts for issues
|
|
14
|
+
- Understanding ShellCheck error codes and warnings
|
|
15
|
+
- Configuring ShellCheck for specific project requirements
|
|
16
|
+
- Integrating ShellCheck into development workflows
|
|
17
|
+
- Suppressing false positives and configuring rule sets
|
|
18
|
+
- Enforcing consistent code quality standards
|
|
19
|
+
- Migrating scripts to meet quality gates
|
|
20
|
+
|
|
21
|
+
## ShellCheck Fundamentals
|
|
22
|
+
|
|
23
|
+
### What is ShellCheck?
|
|
24
|
+
|
|
25
|
+
ShellCheck is a static analysis tool that analyzes shell scripts and detects problematic patterns. It supports:
|
|
26
|
+
|
|
27
|
+
- Bash, sh, dash, ksh, and other POSIX shells
|
|
28
|
+
- Over 100 different warnings and errors
|
|
29
|
+
- Configuration for target shell and flags
|
|
30
|
+
- Integration with editors and CI/CD systems
|
|
31
|
+
|
|
32
|
+
### Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
# macOS with Homebrew
|
|
36
|
+
brew install shellcheck
|
|
37
|
+
|
|
38
|
+
# Ubuntu/Debian
|
|
39
|
+
apt-get install shellcheck
|
|
40
|
+
|
|
41
|
+
# From source
|
|
42
|
+
git clone https://github.com/koalaman/shellcheck.git
|
|
43
|
+
cd shellcheck
|
|
44
|
+
make build
|
|
45
|
+
make install
|
|
46
|
+
|
|
47
|
+
# Verify installation
|
|
48
|
+
shellcheck --version
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
## Configuration Files
|
|
52
|
+
|
|
53
|
+
### .shellcheckrc (Project Level)
|
|
54
|
+
|
|
55
|
+
Create `.shellcheckrc` in your project root:
|
|
56
|
+
|
|
57
|
+
```
|
|
58
|
+
# Specify target shell
|
|
59
|
+
shell=bash
|
|
60
|
+
|
|
61
|
+
# Enable optional checks
|
|
62
|
+
enable=avoid-nullary-conditions
|
|
63
|
+
enable=require-variable-braces
|
|
64
|
+
|
|
65
|
+
# Disable specific warnings
|
|
66
|
+
disable=SC1091
|
|
67
|
+
disable=SC2086
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
### Environment Variables
|
|
71
|
+
|
|
72
|
+
```bash
|
|
73
|
+
# Set default shell target
|
|
74
|
+
export SHELLCHECK_SHELL=bash
|
|
75
|
+
|
|
76
|
+
# Enable strict mode
|
|
77
|
+
export SHELLCHECK_STRICT=true
|
|
78
|
+
|
|
79
|
+
# Specify configuration file location
|
|
80
|
+
export SHELLCHECK_CONFIG=~/.shellcheckrc
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
## Common ShellCheck Error Codes
|
|
84
|
+
|
|
85
|
+
### SC1000-1099: Parser Errors
|
|
86
|
+
|
|
87
|
+
```bash
|
|
88
|
+
# SC1004: Backslash continuation not followed by newline
|
|
89
|
+
echo hello\
|
|
90
|
+
world # Error - needs line continuation
|
|
91
|
+
|
|
92
|
+
# SC1008: Invalid data for operator `=='
|
|
93
|
+
if [[ $var = "value" ]]; then # Space before ==
|
|
94
|
+
true
|
|
95
|
+
fi
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
### SC2000-2099: Shell Issues
|
|
99
|
+
|
|
100
|
+
```bash
|
|
101
|
+
# SC2009: Consider using pgrep or pidof instead of grep|grep
|
|
102
|
+
ps aux | grep -v grep | grep myprocess # Use pgrep instead
|
|
103
|
+
|
|
104
|
+
# SC2012: Use `ls` only for viewing. Use `find` for reliable output
|
|
105
|
+
for file in $(ls -la) # Better: use find or globbing
|
|
106
|
+
|
|
107
|
+
# SC2015: Avoid using && and || instead of if-then-else
|
|
108
|
+
[[ -f "$file" ]] && echo "found" || echo "not found" # Less clear
|
|
109
|
+
|
|
110
|
+
# SC2016: Expressions don't expand in single quotes
|
|
111
|
+
echo '$VAR' # Literal $VAR, not variable expansion
|
|
112
|
+
|
|
113
|
+
# SC2026: This word is non-standard. Set POSIXLY_CORRECT
|
|
114
|
+
# when using with scripts for other shells
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
### SC2100-2199: Quoting Issues
|
|
118
|
+
|
|
119
|
+
```bash
|
|
120
|
+
# SC2086: Double quote to prevent globbing and word splitting
|
|
121
|
+
for i in $list; do # Should be: for i in $list or for i in "$list"
|
|
122
|
+
echo "$i"
|
|
123
|
+
done
|
|
124
|
+
|
|
125
|
+
# SC2115: Literal tilde in path not expanded. Use $HOME instead
|
|
126
|
+
~/.bashrc # In strings, use "$HOME/.bashrc"
|
|
127
|
+
|
|
128
|
+
# SC2181: Check exit code directly with `if`, not indirectly in a list
|
|
129
|
+
some_command
|
|
130
|
+
if [ $? -eq 0 ]; then # Better: if some_command; then
|
|
131
|
+
|
|
132
|
+
# SC2206: Quote to prevent word splitting or set IFS
|
|
133
|
+
array=( $items ) # Should use: array=( $items )
|
|
134
|
+
```
|
|
135
|
+
|
|
136
|
+
### SC3000-3999: POSIX Compliance Issues
|
|
137
|
+
|
|
138
|
+
```bash
|
|
139
|
+
# SC3010: In POSIX sh, use 'case' instead of 'cond && foo'
|
|
140
|
+
[[ $var == "value" ]] && do_something # Not POSIX
|
|
141
|
+
|
|
142
|
+
# SC3043: In POSIX sh, use 'local' is undefined
|
|
143
|
+
function my_func() {
|
|
144
|
+
local var=value # Not POSIX in some shells
|
|
145
|
+
}
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
## Practical Configuration Examples
|
|
149
|
+
|
|
150
|
+
### Minimal Configuration (Strict POSIX)
|
|
151
|
+
|
|
152
|
+
```bash
|
|
153
|
+
#!/bin/bash
|
|
154
|
+
# Configure for maximum portability
|
|
155
|
+
|
|
156
|
+
shellcheck \
|
|
157
|
+
--shell=sh \
|
|
158
|
+
--external-sources \
|
|
159
|
+
--check-sourced \
|
|
160
|
+
script.sh
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
### Development Configuration (Bash with Relaxed Rules)
|
|
164
|
+
|
|
165
|
+
```bash
|
|
166
|
+
#!/bin/bash
|
|
167
|
+
# Configure for Bash development
|
|
168
|
+
|
|
169
|
+
shellcheck \
|
|
170
|
+
--shell=bash \
|
|
171
|
+
--exclude=SC1091,SC2119 \
|
|
172
|
+
--enable=all \
|
|
173
|
+
script.sh
|
|
174
|
+
```
|
|
175
|
+
|
|
176
|
+
### CI/CD Integration Configuration
|
|
177
|
+
|
|
178
|
+
```bash
|
|
179
|
+
#!/bin/bash
|
|
180
|
+
set -Eeuo pipefail
|
|
181
|
+
|
|
182
|
+
# Analyze all shell scripts and fail on issues
|
|
183
|
+
find . -type f -name "*.sh" | while read -r script; do
|
|
184
|
+
echo "Checking: $script"
|
|
185
|
+
shellcheck \
|
|
186
|
+
--shell=bash \
|
|
187
|
+
--format=gcc \
|
|
188
|
+
--exclude=SC1091 \
|
|
189
|
+
"$script" || exit 1
|
|
190
|
+
done
|
|
191
|
+
```
|
|
192
|
+
|
|
193
|
+
### .shellcheckrc for Project
|
|
194
|
+
|
|
195
|
+
```
|
|
196
|
+
# Shell dialect to analyze against
|
|
197
|
+
shell=bash
|
|
198
|
+
|
|
199
|
+
# Enable optional checks
|
|
200
|
+
enable=avoid-nullary-conditions,require-variable-braces,check-unassigned-uppercase
|
|
201
|
+
|
|
202
|
+
# Disable specific warnings
|
|
203
|
+
# SC1091: Not following sourced files (many false positives)
|
|
204
|
+
disable=SC1091
|
|
205
|
+
|
|
206
|
+
# SC2119: Use function_name instead of function_name -- (arguments)
|
|
207
|
+
disable=SC2119
|
|
208
|
+
|
|
209
|
+
# External files to source for context
|
|
210
|
+
external-sources=true
|
|
211
|
+
```
|
|
212
|
+
|
|
213
|
+
## Integration Patterns
|
|
214
|
+
|
|
215
|
+
### Pre-commit Hook Configuration
|
|
216
|
+
|
|
217
|
+
```bash
|
|
218
|
+
#!/bin/bash
|
|
219
|
+
# .git/hooks/pre-commit
|
|
220
|
+
|
|
221
|
+
#!/bin/bash
|
|
222
|
+
set -e
|
|
223
|
+
|
|
224
|
+
# Find all shell scripts changed in this commit
|
|
225
|
+
git diff --cached --name-only | grep '\.sh$' | while read -r script; do
|
|
226
|
+
echo "Linting: $script"
|
|
227
|
+
|
|
228
|
+
if ! shellcheck "$script"; then
|
|
229
|
+
echo "ShellCheck failed on $script"
|
|
230
|
+
exit 1
|
|
231
|
+
fi
|
|
232
|
+
done
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
### GitHub Actions Workflow
|
|
236
|
+
|
|
237
|
+
```yaml
|
|
238
|
+
name: ShellCheck
|
|
239
|
+
|
|
240
|
+
on: [push, pull_request]
|
|
241
|
+
|
|
242
|
+
jobs:
|
|
243
|
+
shellcheck:
|
|
244
|
+
runs-on: ubuntu-latest
|
|
245
|
+
|
|
246
|
+
steps:
|
|
247
|
+
- uses: actions/checkout@v3
|
|
248
|
+
|
|
249
|
+
- name: Run ShellCheck
|
|
250
|
+
run: |
|
|
251
|
+
sudo apt-get install shellcheck
|
|
252
|
+
find . -type f -name "*.sh" -exec shellcheck {} \;
|
|
253
|
+
```
|
|
254
|
+
|
|
255
|
+
### GitLab CI Pipeline
|
|
256
|
+
|
|
257
|
+
```yaml
|
|
258
|
+
shellcheck:
|
|
259
|
+
stage: lint
|
|
260
|
+
image: koalaman/shellcheck-alpine
|
|
261
|
+
script:
|
|
262
|
+
- find . -type f -name "*.sh" -exec shellcheck {} \;
|
|
263
|
+
allow_failure: false
|
|
264
|
+
```
|
|
265
|
+
|
|
266
|
+
## Handling ShellCheck Violations
|
|
267
|
+
|
|
268
|
+
### Suppressing Specific Warnings
|
|
269
|
+
|
|
270
|
+
```bash
|
|
271
|
+
#!/bin/bash
|
|
272
|
+
|
|
273
|
+
# Disable warning for entire line
|
|
274
|
+
# shellcheck disable=SC2086
|
|
275
|
+
for file in $(ls -la); do
|
|
276
|
+
echo "$file"
|
|
277
|
+
done
|
|
278
|
+
|
|
279
|
+
# Disable for entire script
|
|
280
|
+
# shellcheck disable=SC1091,SC2119
|
|
281
|
+
|
|
282
|
+
# Disable multiple warnings (format varies)
|
|
283
|
+
command_that_fails() {
|
|
284
|
+
# shellcheck disable=SC2015
|
|
285
|
+
[ -f "$1" ] && echo "found" || echo "not found"
|
|
286
|
+
}
|
|
287
|
+
|
|
288
|
+
# Disable specific check for source directive
|
|
289
|
+
# shellcheck source=./helper.sh
|
|
290
|
+
source helper.sh
|
|
291
|
+
```
|
|
292
|
+
|
|
293
|
+
### Common Violations and Fixes
|
|
294
|
+
|
|
295
|
+
#### SC2086: Double quote to prevent word splitting
|
|
296
|
+
|
|
297
|
+
```bash
|
|
298
|
+
# Problem
|
|
299
|
+
for i in $list; do done
|
|
300
|
+
|
|
301
|
+
# Solution
|
|
302
|
+
for i in $list; do done # If $list is already quoted, or
|
|
303
|
+
for i in "${list[@]}"; do done # If list is an array
|
|
304
|
+
```
|
|
305
|
+
|
|
306
|
+
#### SC2181: Check exit code directly
|
|
307
|
+
|
|
308
|
+
```bash
|
|
309
|
+
# Problem
|
|
310
|
+
some_command
|
|
311
|
+
if [ $? -eq 0 ]; then
|
|
312
|
+
echo "success"
|
|
313
|
+
fi
|
|
314
|
+
|
|
315
|
+
# Solution
|
|
316
|
+
if some_command; then
|
|
317
|
+
echo "success"
|
|
318
|
+
fi
|
|
319
|
+
```
|
|
320
|
+
|
|
321
|
+
#### SC2015: Use if-then instead of && ||
|
|
322
|
+
|
|
323
|
+
```bash
|
|
324
|
+
# Problem
|
|
325
|
+
[ -f "$file" ] && echo "exists" || echo "not found"
|
|
326
|
+
|
|
327
|
+
# Solution - clearer intent
|
|
328
|
+
if [ -f "$file" ]; then
|
|
329
|
+
echo "exists"
|
|
330
|
+
else
|
|
331
|
+
echo "not found"
|
|
332
|
+
fi
|
|
333
|
+
```
|
|
334
|
+
|
|
335
|
+
#### SC2016: Expressions don't expand in single quotes
|
|
336
|
+
|
|
337
|
+
```bash
|
|
338
|
+
# Problem
|
|
339
|
+
echo 'Variable value: $VAR'
|
|
340
|
+
|
|
341
|
+
# Solution
|
|
342
|
+
echo "Variable value: $VAR"
|
|
343
|
+
```
|
|
344
|
+
|
|
345
|
+
#### SC2009: Use pgrep instead of grep
|
|
346
|
+
|
|
347
|
+
```bash
|
|
348
|
+
# Problem
|
|
349
|
+
ps aux | grep -v grep | grep myprocess
|
|
350
|
+
|
|
351
|
+
# Solution
|
|
352
|
+
pgrep -f myprocess
|
|
353
|
+
```
|
|
354
|
+
|
|
355
|
+
## Performance Optimization
|
|
356
|
+
|
|
357
|
+
### Checking Multiple Files
|
|
358
|
+
|
|
359
|
+
```bash
|
|
360
|
+
#!/bin/bash
|
|
361
|
+
|
|
362
|
+
# Sequential checking
|
|
363
|
+
for script in *.sh; do
|
|
364
|
+
shellcheck "$script"
|
|
365
|
+
done
|
|
366
|
+
|
|
367
|
+
# Parallel checking (faster)
|
|
368
|
+
find . -name "*.sh" -print0 | \
|
|
369
|
+
xargs -0 -P 4 -n 1 shellcheck
|
|
370
|
+
```
|
|
371
|
+
|
|
372
|
+
### Caching Results
|
|
373
|
+
|
|
374
|
+
```bash
|
|
375
|
+
#!/bin/bash
|
|
376
|
+
|
|
377
|
+
CACHE_DIR=".shellcheck_cache"
|
|
378
|
+
mkdir -p "$CACHE_DIR"
|
|
379
|
+
|
|
380
|
+
check_script() {
|
|
381
|
+
local script="$1"
|
|
382
|
+
local hash
|
|
383
|
+
local cache_file
|
|
384
|
+
|
|
385
|
+
hash=$(sha256sum "$script" | cut -d' ' -f1)
|
|
386
|
+
cache_file="$CACHE_DIR/$hash"
|
|
387
|
+
|
|
388
|
+
if [[ ! -f "$cache_file" ]]; then
|
|
389
|
+
if shellcheck "$script" > "$cache_file" 2>&1; then
|
|
390
|
+
touch "$cache_file.ok"
|
|
391
|
+
else
|
|
392
|
+
return 1
|
|
393
|
+
fi
|
|
394
|
+
fi
|
|
395
|
+
|
|
396
|
+
[[ -f "$cache_file.ok" ]]
|
|
397
|
+
}
|
|
398
|
+
|
|
399
|
+
find . -name "*.sh" | while read -r script; do
|
|
400
|
+
check_script "$script" || exit 1
|
|
401
|
+
done
|
|
402
|
+
```
|
|
403
|
+
|
|
404
|
+
## Output Formats
|
|
405
|
+
|
|
406
|
+
### Default Format
|
|
407
|
+
|
|
408
|
+
```bash
|
|
409
|
+
shellcheck script.sh
|
|
410
|
+
|
|
411
|
+
# Output:
|
|
412
|
+
# script.sh:1:3: warning: foo is referenced but not assigned. [SC2154]
|
|
413
|
+
```
|
|
414
|
+
|
|
415
|
+
### GCC Format (for CI/CD)
|
|
416
|
+
|
|
417
|
+
```bash
|
|
418
|
+
shellcheck --format=gcc script.sh
|
|
419
|
+
|
|
420
|
+
# Output:
|
|
421
|
+
# script.sh:1:3: warning: foo is referenced but not assigned.
|
|
422
|
+
```
|
|
423
|
+
|
|
424
|
+
### JSON Format (for parsing)
|
|
425
|
+
|
|
426
|
+
```bash
|
|
427
|
+
shellcheck --format=json script.sh
|
|
428
|
+
|
|
429
|
+
# Output:
|
|
430
|
+
# [{"file": "script.sh", "line": 1, "column": 3, "level": "warning", "code": 2154, "message": "..."}]
|
|
431
|
+
```
|
|
432
|
+
|
|
433
|
+
### Quiet Format
|
|
434
|
+
|
|
435
|
+
```bash
|
|
436
|
+
shellcheck --format=quiet script.sh
|
|
437
|
+
|
|
438
|
+
# Returns non-zero if issues found, no output otherwise
|
|
439
|
+
```
|
|
440
|
+
|
|
441
|
+
## Best Practices
|
|
442
|
+
|
|
443
|
+
1. **Run ShellCheck in CI/CD** - Catch issues before merging
|
|
444
|
+
2. **Configure for your target shell** - Don't analyze bash as sh
|
|
445
|
+
3. **Document exclusions** - Explain why violations are suppressed
|
|
446
|
+
4. **Address violations** - Don't just disable warnings
|
|
447
|
+
5. **Enable strict mode** - Use `--enable=all` with careful exclusions
|
|
448
|
+
6. **Update regularly** - Keep ShellCheck current for new checks
|
|
449
|
+
7. **Use pre-commit hooks** - Catch issues locally before pushing
|
|
450
|
+
8. **Integrate with editors** - Get real-time feedback during development
|
|
451
|
+
|
|
452
|
+
## Resources
|
|
453
|
+
|
|
454
|
+
- **ShellCheck GitHub**: https://github.com/koalaman/shellcheck
|
|
455
|
+
- **ShellCheck Wiki**: https://www.shellcheck.net/wiki/
|
|
456
|
+
- **Error Code Reference**: https://www.shellcheck.net/
|
|
@@ -0,0 +1,126 @@
|
|
|
1
|
+
---
|
|
2
|
+
name: multi-reviewer-patterns
|
|
3
|
+
description: Coordinate parallel code reviews across multiple quality dimensions with finding deduplication, severity calibration, and consolidated reporting. Use this skill when organizing multi-reviewer code reviews, calibrating finding severity, or consolidating review results.
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Multi-Reviewer Patterns
|
|
7
|
+
|
|
8
|
+
Patterns for coordinating parallel code reviews across multiple quality dimensions, deduplicating findings, calibrating severity, and producing consolidated reports.
|
|
9
|
+
|
|
10
|
+
## When to Use This Skill
|
|
11
|
+
|
|
12
|
+
- Organizing a multi-dimensional code review
|
|
13
|
+
- Deciding which review dimensions to assign
|
|
14
|
+
- Deduplicating findings from multiple reviewers
|
|
15
|
+
- Calibrating severity ratings consistently
|
|
16
|
+
- Producing a consolidated review report
|
|
17
|
+
|
|
18
|
+
## Review Dimension Allocation
|
|
19
|
+
|
|
20
|
+
### Available Dimensions
|
|
21
|
+
|
|
22
|
+
| Dimension | Focus | When to Include |
|
|
23
|
+
| ----------------- | --------------------------------------- | ------------------------------------------- |
|
|
24
|
+
| **Security** | Vulnerabilities, auth, input validation | Always for code handling user input or auth |
|
|
25
|
+
| **Performance** | Query efficiency, memory, caching | When changing data access or hot paths |
|
|
26
|
+
| **Architecture** | SOLID, coupling, patterns | For structural changes or new modules |
|
|
27
|
+
| **Testing** | Coverage, quality, edge cases | When adding new functionality |
|
|
28
|
+
| **Accessibility** | WCAG, ARIA, keyboard nav | For UI/frontend changes |
|
|
29
|
+
|
|
30
|
+
### Recommended Combinations
|
|
31
|
+
|
|
32
|
+
| Scenario | Dimensions |
|
|
33
|
+
| ---------------------- | -------------------------------------------- |
|
|
34
|
+
| API endpoint changes | Security, Performance, Architecture |
|
|
35
|
+
| Frontend component | Architecture, Testing, Accessibility |
|
|
36
|
+
| Database migration | Performance, Architecture |
|
|
37
|
+
| Authentication changes | Security, Testing |
|
|
38
|
+
| Full feature review | Security, Performance, Architecture, Testing |
|
|
39
|
+
|
|
40
|
+
## Finding Deduplication
|
|
41
|
+
|
|
42
|
+
When multiple reviewers report issues at the same location:
|
|
43
|
+
|
|
44
|
+
### Merge Rules
|
|
45
|
+
|
|
46
|
+
1. **Same file:line, same issue** — Merge into one finding, credit all reviewers
|
|
47
|
+
2. **Same file:line, different issues** — Keep as separate findings
|
|
48
|
+
3. **Same issue, different locations** — Keep separate but cross-reference
|
|
49
|
+
4. **Conflicting severity** — Use the higher severity rating
|
|
50
|
+
5. **Conflicting recommendations** — Include both with reviewer attribution
|
|
51
|
+
|
|
52
|
+
### Deduplication Process
|
|
53
|
+
|
|
54
|
+
```
|
|
55
|
+
For each finding in all reviewer reports:
|
|
56
|
+
1. Check if another finding references the same file:line
|
|
57
|
+
2. If yes, check if they describe the same issue
|
|
58
|
+
3. If same issue: merge, keeping the more detailed description
|
|
59
|
+
4. If different issue: keep both, tag as "co-located"
|
|
60
|
+
5. Use highest severity among merged findings
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
## Severity Calibration
|
|
64
|
+
|
|
65
|
+
### Severity Criteria
|
|
66
|
+
|
|
67
|
+
| Severity | Impact | Likelihood | Examples |
|
|
68
|
+
| ------------ | --------------------------------------------- | ---------------------- | -------------------------------------------- |
|
|
69
|
+
| **Critical** | Data loss, security breach, complete failure | Certain or very likely | SQL injection, auth bypass, data corruption |
|
|
70
|
+
| **High** | Significant functionality impact, degradation | Likely | Memory leak, missing validation, broken flow |
|
|
71
|
+
| **Medium** | Partial impact, workaround exists | Possible | N+1 query, missing edge case, unclear error |
|
|
72
|
+
| **Low** | Minimal impact, cosmetic | Unlikely | Style issue, minor optimization, naming |
|
|
73
|
+
|
|
74
|
+
### Calibration Rules
|
|
75
|
+
|
|
76
|
+
- Security vulnerabilities exploitable by external users: always Critical or High
|
|
77
|
+
- Performance issues in hot paths: at least Medium
|
|
78
|
+
- Missing tests for critical paths: at least Medium
|
|
79
|
+
- Accessibility violations for core functionality: at least Medium
|
|
80
|
+
- Code style issues with no functional impact: Low
|
|
81
|
+
|
|
82
|
+
## Consolidated Report Template
|
|
83
|
+
|
|
84
|
+
```markdown
|
|
85
|
+
## Code Review Report
|
|
86
|
+
|
|
87
|
+
**Target**: {files/PR/directory}
|
|
88
|
+
**Reviewers**: {dimension-1}, {dimension-2}, {dimension-3}
|
|
89
|
+
**Date**: {date}
|
|
90
|
+
**Files Reviewed**: {count}
|
|
91
|
+
|
|
92
|
+
### Critical Findings ({count})
|
|
93
|
+
|
|
94
|
+
#### [CR-001] {Title}
|
|
95
|
+
|
|
96
|
+
**Location**: `{file}:{line}`
|
|
97
|
+
**Dimension**: {Security/Performance/etc.}
|
|
98
|
+
**Description**: {what was found}
|
|
99
|
+
**Impact**: {what could happen}
|
|
100
|
+
**Fix**: {recommended remediation}
|
|
101
|
+
|
|
102
|
+
### High Findings ({count})
|
|
103
|
+
|
|
104
|
+
...
|
|
105
|
+
|
|
106
|
+
### Medium Findings ({count})
|
|
107
|
+
|
|
108
|
+
...
|
|
109
|
+
|
|
110
|
+
### Low Findings ({count})
|
|
111
|
+
|
|
112
|
+
...
|
|
113
|
+
|
|
114
|
+
### Summary
|
|
115
|
+
|
|
116
|
+
| Dimension | Critical | High | Medium | Low | Total |
|
|
117
|
+
| ------------ | -------- | ----- | ------ | ----- | ------ |
|
|
118
|
+
| Security | 1 | 2 | 3 | 0 | 6 |
|
|
119
|
+
| Performance | 0 | 1 | 4 | 2 | 7 |
|
|
120
|
+
| Architecture | 0 | 0 | 2 | 3 | 5 |
|
|
121
|
+
| **Total** | **1** | **3** | **9** | **5** | **18** |
|
|
122
|
+
|
|
123
|
+
### Recommendation
|
|
124
|
+
|
|
125
|
+
{Overall assessment and prioritized action items}
|
|
126
|
+
```
|