@tinkcarlos/skillora 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/.temp-skill-index.md +245 -0
- package/.claude/skills/SKILL.md +264 -0
- package/.claude/skills/api-scaffolding/SKILL.md +431 -0
- package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
- package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
- package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
- package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
- package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
- package/.claude/skills/api-testing-observability/SKILL.md +583 -0
- package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
- package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
- package/.claude/skills/brainstorming/SKILL.md +283 -0
- package/.claude/skills/bug-fixing/SKILL.md +382 -0
- package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
- package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
- package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
- package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
- package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
- package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
- package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
- package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
- package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
- package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
- package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
- package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
- package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
- package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
- package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
- package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
- package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
- package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
- package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
- package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
- package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
- package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
- package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
- package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
- package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
- package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
- package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
- package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
- package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
- package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
- package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
- package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
- package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
- package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
- package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
- package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
- package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
- package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
- package/.claude/skills/code-review/SKILL.md +535 -0
- package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
- package/.claude/skills/code-review/references/automated-analysis.md +456 -0
- package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
- package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
- package/.claude/skills/code-review/references/backend-review.md +868 -0
- package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
- package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
- package/.claude/skills/code-review/references/common-patterns.md +321 -0
- package/.claude/skills/code-review/references/configuration-review.md +425 -0
- package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
- package/.claude/skills/code-review/references/database-review.md +298 -0
- package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
- package/.claude/skills/code-review/references/external-standards.md +51 -0
- package/.claude/skills/code-review/references/feature-review.md +329 -0
- package/.claude/skills/code-review/references/file-review-template.md +326 -0
- package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
- package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
- package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
- package/.claude/skills/code-review/references/frontend-review.md +783 -0
- package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
- package/.claude/skills/code-review/references/fullstack-review.md +477 -0
- package/.claude/skills/code-review/references/functional-completeness.md +386 -0
- package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
- package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
- package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
- package/.claude/skills/code-review/references/iteration-review.md +264 -0
- package/.claude/skills/code-review/references/job-review.md +335 -0
- package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
- package/.claude/skills/code-review/references/logic-completeness.md +535 -0
- package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
- package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
- package/.claude/skills/code-review/references/new-project-review.md +226 -0
- package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
- package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
- package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
- package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
- package/.claude/skills/code-review/references/python-patterns.md +494 -0
- package/.claude/skills/code-review/references/rca-techniques.md +362 -0
- package/.claude/skills/code-review/references/report-template.md +430 -0
- package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
- package/.claude/skills/code-review/references/review-dimensions.md +311 -0
- package/.claude/skills/code-review/references/review-guide.md +202 -0
- package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
- package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
- package/.claude/skills/code-review/references/review-record-template.md +195 -0
- package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
- package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
- package/.claude/skills/containerization/SKILL.md +313 -0
- package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
- package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
- package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
- package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
- package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
- package/.claude/skills/frontend-design/LICENSE.txt +177 -0
- package/.claude/skills/frontend-design/SKILL.md +587 -0
- package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
- package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
- package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
- package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
- package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
- package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
- package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
- package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
- package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
- package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
- package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
- package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
- package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
- package/.claude/skills/fullstack-developer/SKILL.md +512 -0
- package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
- package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
- package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
- package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
- package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
- package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
- package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
- package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
- package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
- package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
- package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
- package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
- package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
- package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
- package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
- package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
- package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
- package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
- package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
- package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
- package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
- package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
- package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
- package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
- package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
- package/.claude/skills/performance-optimization/SKILL.md +250 -0
- package/.claude/skills/product-requirements/SKILL.md +357 -0
- package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
- package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
- package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
- package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
- package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
- package/.claude/skills/product-requirements/references/external-standards.md +62 -0
- package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
- package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
- package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
- package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
- package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
- package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
- package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
- package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
- package/.claude/skills/react-best-practices/SKILL.md +198 -0
- package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
- package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
- package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
- package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
- package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
- package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
- package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
- package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
- package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
- package/.claude/skills/security-audit/SKILL.md +226 -0
- package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
- package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
- package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
- package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
- package/.claude/skills/shared-references/skill-call-graph.md +230 -0
- package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
- package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
- package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
- package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
- package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
- package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
- package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
- package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
- package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
- package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
- package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
- package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
- package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
- package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
- package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
- package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
- package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
- package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
- package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
- package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
- package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
- package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
- package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
- package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
- package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
- package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
- package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
- package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
- package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
- package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
- package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
- package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
- package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
- package/.claude/skills/test-driven-development/SKILL.md +246 -0
- package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
- package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
- package/.claude/skills/using-skillstack/SKILL.md +127 -0
- package/.claude/skills/vercel-deploy/SKILL.md +166 -0
- package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
- package/.claude/skills/verification-before-completion/SKILL.md +305 -0
- package/.claude/skills/writing-plans/SKILL.md +259 -0
- package/README.md +69 -0
- package/bin/cli.js +468 -0
- package/lib/init.js +333 -0
- package/package.json +29 -0
|
@@ -0,0 +1,456 @@
|
|
|
1
|
+
# Automated Code Analysis Guide
|
|
2
|
+
|
|
3
|
+
> Maximize bug discovery rate through automated tools and scripts.
|
|
4
|
+
|
|
5
|
+
## Table of Contents
|
|
6
|
+
|
|
7
|
+
- [Impact Scope Auto-Analysis](#impact-scope-auto-analysis)
|
|
8
|
+
- [Dependency Graph Auto-Generation](#dependency-graph-auto-generation)
|
|
9
|
+
- [Full-Stack Scan Scripts](#full-stack-scan-scripts)
|
|
10
|
+
- [CI/CD Integration](#cicd-integration)
|
|
11
|
+
|
|
12
|
+
---
|
|
13
|
+
|
|
14
|
+
## Impact Scope Auto-Analysis
|
|
15
|
+
|
|
16
|
+
### One-Click Impact Scope Analysis Script
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
#!/bin/bash
|
|
20
|
+
# impact-analyzer.sh - Auto-analyze code change impact scope
|
|
21
|
+
|
|
22
|
+
TARGET_FILE=$1
|
|
23
|
+
echo "=== Analyzing file: $TARGET_FILE ==="
|
|
24
|
+
|
|
25
|
+
echo ""
|
|
26
|
+
echo "=== Layer 0: File itself ==="
|
|
27
|
+
echo "Line count: $(wc -l < $TARGET_FILE)"
|
|
28
|
+
echo "Functions/Classes:"
|
|
29
|
+
grep -n "^def \|^class \|^async def " $TARGET_FILE
|
|
30
|
+
|
|
31
|
+
echo ""
|
|
32
|
+
echo "=== Layer 1: Direct callers ==="
|
|
33
|
+
BASENAME=$(basename $TARGET_FILE .py)
|
|
34
|
+
grep -rn "from.*$BASENAME import\|import $BASENAME" --include="*.py" | head -20
|
|
35
|
+
|
|
36
|
+
echo ""
|
|
37
|
+
echo "=== Layer 2: Indirect callers (trace Layer 1 callers) ==="
|
|
38
|
+
for caller in $(grep -l "from.*$BASENAME import\|import $BASENAME" --include="*.py" -r); do
|
|
39
|
+
caller_base=$(basename $caller .py)
|
|
40
|
+
echo "--- $caller called by: ---"
|
|
41
|
+
grep -rn "from.*$caller_base import\|import $caller_base" --include="*.py" | head -5
|
|
42
|
+
done
|
|
43
|
+
|
|
44
|
+
echo ""
|
|
45
|
+
echo "=== Layer 3: Router/API layer ==="
|
|
46
|
+
grep -rn "@router\|@app\." --include="*.py" -l | xargs grep -l "$BASENAME" 2>/dev/null
|
|
47
|
+
|
|
48
|
+
echo ""
|
|
49
|
+
echo "=== Layer 4: Frontend calls ==="
|
|
50
|
+
# Search API calls
|
|
51
|
+
FUNC_NAMES=$(grep -oP "def \K[a-z_]+" $TARGET_FILE | tr '\n' '|' | sed 's/|$//')
|
|
52
|
+
grep -rn "$FUNC_NAMES" --include="*.ts" --include="*.tsx" 2>/dev/null | head -10
|
|
53
|
+
|
|
54
|
+
echo ""
|
|
55
|
+
echo "=== Layer 5: Test coverage ==="
|
|
56
|
+
grep -rn "$BASENAME" --include="*test*.py" --include="*spec*.ts" | head -10
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
### Python Dependency Analysis
|
|
60
|
+
|
|
61
|
+
```bash
|
|
62
|
+
# Install tools
|
|
63
|
+
pip install pydeps pipdeptree
|
|
64
|
+
|
|
65
|
+
# Generate module dependency graph
|
|
66
|
+
pydeps src/services/chat_service.py --max-bacon 3 -o deps.svg
|
|
67
|
+
|
|
68
|
+
# View package dependency tree
|
|
69
|
+
pipdeptree --packages your-package
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
### TypeScript/JavaScript Dependency Analysis
|
|
73
|
+
|
|
74
|
+
```bash
|
|
75
|
+
# Install madge
|
|
76
|
+
npm install -g madge
|
|
77
|
+
|
|
78
|
+
# Generate dependency graph
|
|
79
|
+
madge --image deps.svg src/
|
|
80
|
+
|
|
81
|
+
# Detect circular dependencies
|
|
82
|
+
madge --circular src/
|
|
83
|
+
|
|
84
|
+
# Generate dependencies for specific file
|
|
85
|
+
madge --image chat-deps.svg src/services/chatService.ts
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Dependency Graph Auto-Generation
|
|
91
|
+
|
|
92
|
+
### Mermaid Dependency Graph Generator
|
|
93
|
+
|
|
94
|
+
```python
|
|
95
|
+
#!/usr/bin/env python3
|
|
96
|
+
# generate_dep_graph.py - Auto-generate Mermaid dependency graph
|
|
97
|
+
|
|
98
|
+
import os
|
|
99
|
+
import re
|
|
100
|
+
import sys
|
|
101
|
+
from pathlib import Path
|
|
102
|
+
|
|
103
|
+
def extract_imports(file_path):
|
|
104
|
+
"""Extract imports from Python file"""
|
|
105
|
+
imports = []
|
|
106
|
+
with open(file_path, 'r', encoding='utf-8') as f:
|
|
107
|
+
for line in f:
|
|
108
|
+
# from x import y
|
|
109
|
+
match = re.match(r'from\s+\.?([a-zA-Z_][a-zA-Z0-9_\.]*)\s+import', line)
|
|
110
|
+
if match:
|
|
111
|
+
imports.append(match.group(1))
|
|
112
|
+
# import x
|
|
113
|
+
match = re.match(r'import\s+([a-zA-Z_][a-zA-Z0-9_\.]*)', line)
|
|
114
|
+
if match:
|
|
115
|
+
imports.append(match.group(1))
|
|
116
|
+
return imports
|
|
117
|
+
|
|
118
|
+
def generate_mermaid(directory, target_module=None):
|
|
119
|
+
"""Generate Mermaid dependency graph"""
|
|
120
|
+
deps = {}
|
|
121
|
+
|
|
122
|
+
for py_file in Path(directory).rglob('*.py'):
|
|
123
|
+
module_name = py_file.stem
|
|
124
|
+
if module_name.startswith('__'):
|
|
125
|
+
continue
|
|
126
|
+
imports = extract_imports(py_file)
|
|
127
|
+
deps[module_name] = imports
|
|
128
|
+
|
|
129
|
+
# Generate Mermaid
|
|
130
|
+
print("```mermaid")
|
|
131
|
+
print("graph TD")
|
|
132
|
+
|
|
133
|
+
for module, imports in deps.items():
|
|
134
|
+
for imp in imports:
|
|
135
|
+
imp_base = imp.split('.')[-1]
|
|
136
|
+
if imp_base in deps: # Only show internal dependencies
|
|
137
|
+
print(f" {module} --> {imp_base}")
|
|
138
|
+
|
|
139
|
+
print("```")
|
|
140
|
+
|
|
141
|
+
if __name__ == "__main__":
|
|
142
|
+
directory = sys.argv[1] if len(sys.argv) > 1 else "src"
|
|
143
|
+
generate_mermaid(directory)
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
### Call Graph Generation
|
|
147
|
+
|
|
148
|
+
```bash
|
|
149
|
+
# Using pycallgraph (Python)
|
|
150
|
+
pip install pycallgraph2
|
|
151
|
+
pycallgraph graphviz -- ./your_script.py
|
|
152
|
+
|
|
153
|
+
# Using py-call-graph to generate JSON
|
|
154
|
+
python -m trace --trackcalls your_script.py
|
|
155
|
+
```
|
|
156
|
+
|
|
157
|
+
---
|
|
158
|
+
|
|
159
|
+
## Full-Stack Scan Scripts
|
|
160
|
+
|
|
161
|
+
### Complete Code Review Scan Script
|
|
162
|
+
|
|
163
|
+
```bash
|
|
164
|
+
#!/bin/bash
|
|
165
|
+
# full-stack-scan.sh - Full-stack code review auto scanner
|
|
166
|
+
|
|
167
|
+
set -e
|
|
168
|
+
|
|
169
|
+
echo "╔════════════════════════════════════════════════════════╗"
|
|
170
|
+
echo "║ Full-Stack Code Review Auto Scanner v1.0 ║"
|
|
171
|
+
echo "╚════════════════════════════════════════════════════════╝"
|
|
172
|
+
|
|
173
|
+
# Color definitions
|
|
174
|
+
RED='\033[0;31m'
|
|
175
|
+
GREEN='\033[0;32m'
|
|
176
|
+
YELLOW='\033[1;33m'
|
|
177
|
+
NC='\033[0m' # No Color
|
|
178
|
+
|
|
179
|
+
# ==================== Backend Scan ====================
|
|
180
|
+
echo ""
|
|
181
|
+
echo "━━━━━━━━━━━━━━━━ Backend Scan ━━━━━━━━━━━━━━━━"
|
|
182
|
+
|
|
183
|
+
if [ -f "pyproject.toml" ] || [ -f "requirements.txt" ]; then
|
|
184
|
+
echo -e "${YELLOW}[Python project detected]${NC}"
|
|
185
|
+
|
|
186
|
+
echo ""
|
|
187
|
+
echo "📋 1. Static Analysis (pylint + flake8)"
|
|
188
|
+
pylint src/ --output-format=colorized --disable=C0114,C0115,C0116 2>/dev/null || true
|
|
189
|
+
flake8 src/ --count --show-source --statistics || true
|
|
190
|
+
|
|
191
|
+
echo ""
|
|
192
|
+
echo "🔒 2. Security Scan (bandit)"
|
|
193
|
+
bandit -r src/ -ll 2>/dev/null || true
|
|
194
|
+
|
|
195
|
+
echo ""
|
|
196
|
+
echo "📊 3. Type Check (mypy)"
|
|
197
|
+
mypy src/ --ignore-missing-imports 2>/dev/null || true
|
|
198
|
+
|
|
199
|
+
echo ""
|
|
200
|
+
echo "🧪 4. Test Coverage"
|
|
201
|
+
pytest --cov=src --cov-report=term-missing --cov-fail-under=80 2>/dev/null || echo "Tests not configured or failed"
|
|
202
|
+
fi
|
|
203
|
+
|
|
204
|
+
if [ -f "package.json" ] && [ -d "backend" ]; then
|
|
205
|
+
echo -e "${YELLOW}[Node.js backend detected]${NC}"
|
|
206
|
+
|
|
207
|
+
echo ""
|
|
208
|
+
echo "📋 ESLint Check"
|
|
209
|
+
npx eslint backend/ --max-warnings 0 || true
|
|
210
|
+
|
|
211
|
+
echo ""
|
|
212
|
+
echo "📊 TypeScript Type Check"
|
|
213
|
+
npx tsc --noEmit -p backend/tsconfig.json || true
|
|
214
|
+
|
|
215
|
+
echo ""
|
|
216
|
+
echo "🔒 Security Vulnerability Check"
|
|
217
|
+
npm audit || true
|
|
218
|
+
fi
|
|
219
|
+
|
|
220
|
+
# ==================== Frontend Scan ====================
|
|
221
|
+
echo ""
|
|
222
|
+
echo "━━━━━━━━━━━━━━━━ Frontend Scan ━━━━━━━━━━━━━━━━"
|
|
223
|
+
|
|
224
|
+
if [ -d "frontend" ] || [ -d "src/components" ]; then
|
|
225
|
+
echo -e "${YELLOW}[Frontend project detected]${NC}"
|
|
226
|
+
|
|
227
|
+
echo ""
|
|
228
|
+
echo "📋 1. ESLint + TypeScript"
|
|
229
|
+
npx eslint "frontend/**/*.{ts,tsx}" --max-warnings 0 2>/dev/null || true
|
|
230
|
+
npx tsc --noEmit 2>/dev/null || true
|
|
231
|
+
|
|
232
|
+
echo ""
|
|
233
|
+
echo "🎨 2. Stylelint (CSS)"
|
|
234
|
+
npx stylelint "frontend/**/*.{css,scss}" 2>/dev/null || echo "Stylelint not configured"
|
|
235
|
+
|
|
236
|
+
echo ""
|
|
237
|
+
echo "♿ 3. Accessibility Check"
|
|
238
|
+
echo " (Need to run axe-core or Lighthouse in browser)"
|
|
239
|
+
|
|
240
|
+
echo ""
|
|
241
|
+
echo "📦 4. Bundle Analysis"
|
|
242
|
+
if [ -f "frontend/package.json" ]; then
|
|
243
|
+
cd frontend
|
|
244
|
+
npx source-map-explorer 'dist/**/*.js' 2>/dev/null || echo "Need to build project first"
|
|
245
|
+
cd ..
|
|
246
|
+
fi
|
|
247
|
+
fi
|
|
248
|
+
|
|
249
|
+
# ==================== Hidden Bug Scan ====================
|
|
250
|
+
echo ""
|
|
251
|
+
echo "━━━━━━━━━━━━━━━━ Hidden Bug Scan ━━━━━━━━━━━━━━━━"
|
|
252
|
+
|
|
253
|
+
echo ""
|
|
254
|
+
echo "🔴 1. Data Race Detection"
|
|
255
|
+
echo "--- Singleton state modification ---"
|
|
256
|
+
grep -rn "self\.[a-z_]* = " --include="*.py" | grep -v "__init__\|# " | head -10 || echo "Not found"
|
|
257
|
+
|
|
258
|
+
echo ""
|
|
259
|
+
echo "🟠 2. Resource Leak Detection"
|
|
260
|
+
echo "--- Unclosed connections ---"
|
|
261
|
+
grep -rn "\.acquire()\|connection\(" --include="*.py" | grep -v "with\|async with" | head -5 || echo "Not found"
|
|
262
|
+
|
|
263
|
+
echo ""
|
|
264
|
+
echo "--- Uncleaned useEffect ---"
|
|
265
|
+
grep -rn "useEffect" --include="*.tsx" -A 5 | grep -B 3 "\\[\\])" | grep -v "return" | head -10 || echo "Not found"
|
|
266
|
+
|
|
267
|
+
echo ""
|
|
268
|
+
echo "🟡 3. Hardcoded Credentials Detection"
|
|
269
|
+
grep -rn "password\s*=\s*['\"]" --include="*.py" --include="*.ts" | grep -v "os.environ\|process.env\|example\|test" | head -5 || echo "Not found"
|
|
270
|
+
|
|
271
|
+
echo ""
|
|
272
|
+
echo "🔵 4. N+1 Query Detection"
|
|
273
|
+
grep -rn "for.*in.*:\s*$" --include="*.py" -A 3 | grep -E "await.*\.(get|fetch|query)" | head -5 || echo "Not found"
|
|
274
|
+
|
|
275
|
+
# ==================== Summary Report ====================
|
|
276
|
+
echo ""
|
|
277
|
+
echo "╔════════════════════════════════════════════════════════╗"
|
|
278
|
+
echo "║ Scan Complete ║"
|
|
279
|
+
echo "╚════════════════════════════════════════════════════════╝"
|
|
280
|
+
echo ""
|
|
281
|
+
echo "Recommended next steps:"
|
|
282
|
+
echo " 1. Fix all 🔴 Critical issues"
|
|
283
|
+
echo " 2. Evaluate risk of 🟠 High issues"
|
|
284
|
+
echo " 3. Run complete test suite"
|
|
285
|
+
echo " 4. Perform manual code review"
|
|
286
|
+
```
|
|
287
|
+
|
|
288
|
+
---
|
|
289
|
+
|
|
290
|
+
## CI/CD Integration
|
|
291
|
+
|
|
292
|
+
### GitHub Actions Configuration
|
|
293
|
+
|
|
294
|
+
```yaml
|
|
295
|
+
# .github/workflows/code-review.yml
|
|
296
|
+
name: Automated Code Review
|
|
297
|
+
|
|
298
|
+
on:
|
|
299
|
+
pull_request:
|
|
300
|
+
types: [opened, synchronize]
|
|
301
|
+
|
|
302
|
+
jobs:
|
|
303
|
+
backend-scan:
|
|
304
|
+
runs-on: ubuntu-latest
|
|
305
|
+
steps:
|
|
306
|
+
- uses: actions/checkout@v4
|
|
307
|
+
|
|
308
|
+
- name: Set up Python
|
|
309
|
+
uses: actions/setup-python@v5
|
|
310
|
+
with:
|
|
311
|
+
python-version: '3.11'
|
|
312
|
+
|
|
313
|
+
- name: Install dependencies
|
|
314
|
+
run: |
|
|
315
|
+
pip install pylint flake8 bandit mypy pytest pytest-cov
|
|
316
|
+
pip install -r requirements.txt
|
|
317
|
+
|
|
318
|
+
- name: Pylint
|
|
319
|
+
run: pylint src/ --output-format=colorized --fail-under=7.0
|
|
320
|
+
continue-on-error: true
|
|
321
|
+
|
|
322
|
+
- name: Flake8
|
|
323
|
+
run: flake8 src/ --count --show-source --statistics
|
|
324
|
+
|
|
325
|
+
- name: Bandit Security Scan
|
|
326
|
+
run: bandit -r src/ -ll -f json -o bandit-report.json
|
|
327
|
+
continue-on-error: true
|
|
328
|
+
|
|
329
|
+
- name: Type Check
|
|
330
|
+
run: mypy src/ --ignore-missing-imports
|
|
331
|
+
continue-on-error: true
|
|
332
|
+
|
|
333
|
+
- name: Test Coverage
|
|
334
|
+
run: pytest --cov=src --cov-report=xml --cov-fail-under=80
|
|
335
|
+
|
|
336
|
+
frontend-scan:
|
|
337
|
+
runs-on: ubuntu-latest
|
|
338
|
+
steps:
|
|
339
|
+
- uses: actions/checkout@v4
|
|
340
|
+
|
|
341
|
+
- name: Set up Node
|
|
342
|
+
uses: actions/setup-node@v4
|
|
343
|
+
with:
|
|
344
|
+
node-version: '20'
|
|
345
|
+
|
|
346
|
+
- name: Install dependencies
|
|
347
|
+
run: cd frontend && npm ci
|
|
348
|
+
|
|
349
|
+
- name: ESLint
|
|
350
|
+
run: cd frontend && npx eslint . --max-warnings 0
|
|
351
|
+
|
|
352
|
+
- name: TypeScript Check
|
|
353
|
+
run: cd frontend && npx tsc --noEmit
|
|
354
|
+
|
|
355
|
+
- name: Test
|
|
356
|
+
run: cd frontend && npm test -- --coverage
|
|
357
|
+
|
|
358
|
+
hidden-bugs-scan:
|
|
359
|
+
runs-on: ubuntu-latest
|
|
360
|
+
steps:
|
|
361
|
+
- uses: actions/checkout@v4
|
|
362
|
+
|
|
363
|
+
- name: Check for race conditions
|
|
364
|
+
run: |
|
|
365
|
+
echo "Checking for singleton state mutations..."
|
|
366
|
+
! grep -rn "self\.[a-z_]* = " --include="*.py" | grep -v "__init__" | grep -q .
|
|
367
|
+
|
|
368
|
+
- name: Check for resource leaks
|
|
369
|
+
run: |
|
|
370
|
+
echo "Checking for unclosed connections..."
|
|
371
|
+
! grep -rn "\.acquire()" --include="*.py" | grep -v "with" | grep -q .
|
|
372
|
+
|
|
373
|
+
- name: Check for hardcoded secrets
|
|
374
|
+
run: |
|
|
375
|
+
echo "Checking for hardcoded credentials..."
|
|
376
|
+
! grep -rn "password\s*=\s*['\"]" --include="*.py" | grep -v "environ\|test" | grep -q .
|
|
377
|
+
```
|
|
378
|
+
|
|
379
|
+
### Pre-commit Hooks
|
|
380
|
+
|
|
381
|
+
```yaml
|
|
382
|
+
# .pre-commit-config.yaml
|
|
383
|
+
repos:
|
|
384
|
+
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
385
|
+
rev: v4.5.0
|
|
386
|
+
hooks:
|
|
387
|
+
- id: trailing-whitespace
|
|
388
|
+
- id: end-of-file-fixer
|
|
389
|
+
- id: check-yaml
|
|
390
|
+
- id: check-added-large-files
|
|
391
|
+
- id: detect-private-key
|
|
392
|
+
|
|
393
|
+
- repo: https://github.com/psf/black
|
|
394
|
+
rev: 24.1.0
|
|
395
|
+
hooks:
|
|
396
|
+
- id: black
|
|
397
|
+
|
|
398
|
+
- repo: https://github.com/pycqa/flake8
|
|
399
|
+
rev: 7.0.0
|
|
400
|
+
hooks:
|
|
401
|
+
- id: flake8
|
|
402
|
+
|
|
403
|
+
- repo: https://github.com/pycqa/bandit
|
|
404
|
+
rev: 1.7.7
|
|
405
|
+
hooks:
|
|
406
|
+
- id: bandit
|
|
407
|
+
args: ['-ll', '-r', 'src/']
|
|
408
|
+
|
|
409
|
+
- repo: local
|
|
410
|
+
hooks:
|
|
411
|
+
- id: hidden-bug-check
|
|
412
|
+
name: Hidden Bug Check
|
|
413
|
+
entry: bash -c 'grep -rn "self\.[a-z_]* = " --include="*.py" | grep -v "__init__" && exit 1 || exit 0'
|
|
414
|
+
language: system
|
|
415
|
+
types: [python]
|
|
416
|
+
```
|
|
417
|
+
|
|
418
|
+
---
|
|
419
|
+
|
|
420
|
+
## Quick Command Reference
|
|
421
|
+
|
|
422
|
+
```bash
|
|
423
|
+
# ==================== Backend ====================
|
|
424
|
+
# Python full scan
|
|
425
|
+
pylint src/ && flake8 src/ && bandit -r src/ && mypy src/
|
|
426
|
+
|
|
427
|
+
# Go full scan
|
|
428
|
+
golangci-lint run && go vet ./... && go test -race ./...
|
|
429
|
+
|
|
430
|
+
# Node.js full scan
|
|
431
|
+
npm run lint && npm audit && npm test
|
|
432
|
+
|
|
433
|
+
# ==================== Frontend ====================
|
|
434
|
+
# React full scan
|
|
435
|
+
npx eslint . && npx tsc --noEmit && npm test -- --coverage
|
|
436
|
+
|
|
437
|
+
# ==================== Impact Analysis ====================
|
|
438
|
+
# Python dependency graph
|
|
439
|
+
pydeps src/services/chat_service.py -o deps.svg
|
|
440
|
+
|
|
441
|
+
# JS/TS dependency graph
|
|
442
|
+
madge --image deps.svg src/
|
|
443
|
+
|
|
444
|
+
# Circular dependency detection
|
|
445
|
+
madge --circular src/
|
|
446
|
+
|
|
447
|
+
# ==================== Hidden Bugs ====================
|
|
448
|
+
# Data race
|
|
449
|
+
grep -rn "self\.[a-z_]* = " --include="*.py" | grep -v "__init__"
|
|
450
|
+
|
|
451
|
+
# Resource leak
|
|
452
|
+
grep -rn "\.acquire()" --include="*.py" | grep -v "with"
|
|
453
|
+
|
|
454
|
+
# Security issue
|
|
455
|
+
grep -rn "password\s*=" --include="*.py" | grep -v "environ"
|
|
456
|
+
```
|