@tinkcarlos/skillora 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/.temp-skill-index.md +245 -0
- package/.claude/skills/SKILL.md +264 -0
- package/.claude/skills/api-scaffolding/SKILL.md +431 -0
- package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
- package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
- package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
- package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
- package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
- package/.claude/skills/api-testing-observability/SKILL.md +583 -0
- package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
- package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
- package/.claude/skills/brainstorming/SKILL.md +283 -0
- package/.claude/skills/bug-fixing/SKILL.md +382 -0
- package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
- package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
- package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
- package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
- package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
- package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
- package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
- package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
- package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
- package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
- package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
- package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
- package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
- package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
- package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
- package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
- package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
- package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
- package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
- package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
- package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
- package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
- package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
- package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
- package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
- package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
- package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
- package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
- package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
- package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
- package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
- package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
- package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
- package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
- package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
- package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
- package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
- package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
- package/.claude/skills/code-review/SKILL.md +535 -0
- package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
- package/.claude/skills/code-review/references/automated-analysis.md +456 -0
- package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
- package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
- package/.claude/skills/code-review/references/backend-review.md +868 -0
- package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
- package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
- package/.claude/skills/code-review/references/common-patterns.md +321 -0
- package/.claude/skills/code-review/references/configuration-review.md +425 -0
- package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
- package/.claude/skills/code-review/references/database-review.md +298 -0
- package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
- package/.claude/skills/code-review/references/external-standards.md +51 -0
- package/.claude/skills/code-review/references/feature-review.md +329 -0
- package/.claude/skills/code-review/references/file-review-template.md +326 -0
- package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
- package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
- package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
- package/.claude/skills/code-review/references/frontend-review.md +783 -0
- package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
- package/.claude/skills/code-review/references/fullstack-review.md +477 -0
- package/.claude/skills/code-review/references/functional-completeness.md +386 -0
- package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
- package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
- package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
- package/.claude/skills/code-review/references/iteration-review.md +264 -0
- package/.claude/skills/code-review/references/job-review.md +335 -0
- package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
- package/.claude/skills/code-review/references/logic-completeness.md +535 -0
- package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
- package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
- package/.claude/skills/code-review/references/new-project-review.md +226 -0
- package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
- package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
- package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
- package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
- package/.claude/skills/code-review/references/python-patterns.md +494 -0
- package/.claude/skills/code-review/references/rca-techniques.md +362 -0
- package/.claude/skills/code-review/references/report-template.md +430 -0
- package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
- package/.claude/skills/code-review/references/review-dimensions.md +311 -0
- package/.claude/skills/code-review/references/review-guide.md +202 -0
- package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
- package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
- package/.claude/skills/code-review/references/review-record-template.md +195 -0
- package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
- package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
- package/.claude/skills/containerization/SKILL.md +313 -0
- package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
- package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
- package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
- package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
- package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
- package/.claude/skills/frontend-design/LICENSE.txt +177 -0
- package/.claude/skills/frontend-design/SKILL.md +587 -0
- package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
- package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
- package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
- package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
- package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
- package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
- package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
- package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
- package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
- package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
- package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
- package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
- package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
- package/.claude/skills/fullstack-developer/SKILL.md +512 -0
- package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
- package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
- package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
- package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
- package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
- package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
- package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
- package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
- package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
- package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
- package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
- package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
- package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
- package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
- package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
- package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
- package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
- package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
- package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
- package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
- package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
- package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
- package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
- package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
- package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
- package/.claude/skills/performance-optimization/SKILL.md +250 -0
- package/.claude/skills/product-requirements/SKILL.md +357 -0
- package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
- package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
- package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
- package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
- package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
- package/.claude/skills/product-requirements/references/external-standards.md +62 -0
- package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
- package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
- package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
- package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
- package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
- package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
- package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
- package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
- package/.claude/skills/react-best-practices/SKILL.md +198 -0
- package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
- package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
- package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
- package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
- package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
- package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
- package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
- package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
- package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
- package/.claude/skills/security-audit/SKILL.md +226 -0
- package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
- package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
- package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
- package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
- package/.claude/skills/shared-references/skill-call-graph.md +230 -0
- package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
- package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
- package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
- package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
- package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
- package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
- package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
- package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
- package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
- package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
- package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
- package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
- package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
- package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
- package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
- package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
- package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
- package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
- package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
- package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
- package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
- package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
- package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
- package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
- package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
- package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
- package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
- package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
- package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
- package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
- package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
- package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
- package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
- package/.claude/skills/test-driven-development/SKILL.md +246 -0
- package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
- package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
- package/.claude/skills/using-skillstack/SKILL.md +127 -0
- package/.claude/skills/vercel-deploy/SKILL.md +166 -0
- package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
- package/.claude/skills/verification-before-completion/SKILL.md +305 -0
- package/.claude/skills/writing-plans/SKILL.md +259 -0
- package/README.md +69 -0
- package/bin/cli.js +468 -0
- package/lib/init.js +333 -0
- package/package.json +29 -0
|
@@ -0,0 +1,415 @@
|
|
|
1
|
+
# Backend Expert Review Guide
|
|
2
|
+
|
|
3
|
+
> 20-year experience distilled: Reliability first, data consistency, security by default.
|
|
4
|
+
|
|
5
|
+
## Table of Contents
|
|
6
|
+
|
|
7
|
+
- [Core Philosophy](#core-philosophy)
|
|
8
|
+
- [New Project Review](#new-project-review)
|
|
9
|
+
- [Version Iteration Review](#version-iteration-review)
|
|
10
|
+
- [New Feature Review](#new-feature-review)
|
|
11
|
+
- [Common Problems & Solutions](#common-problems--solutions)
|
|
12
|
+
- [Tools & Automation](#tools--automation)
|
|
13
|
+
|
|
14
|
+
---
|
|
15
|
+
|
|
16
|
+
## Core Philosophy
|
|
17
|
+
|
|
18
|
+
1. **Reliability first** — 99.99% uptime is the baseline
|
|
19
|
+
2. **Data consistency** — ACID transactions, eventual consistency patterns
|
|
20
|
+
3. **Security by default** — OWASP Top 10 prevention mandatory
|
|
21
|
+
4. **Horizontal scalability** — Stateless services, proper caching
|
|
22
|
+
5. **Observability** — If you can't measure it, you can't fix it
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
26
|
+
## New Project Review
|
|
27
|
+
|
|
28
|
+
### Architecture Checklist
|
|
29
|
+
|
|
30
|
+
| Aspect | What to Verify | Red Flags |
|
|
31
|
+
|--------|----------------|-----------|
|
|
32
|
+
| **Service Design** | Proper layering, separation of concerns | God services, circular deps |
|
|
33
|
+
| **Data Modeling** | Normalized schema, proper indexes | No foreign keys, missing constraints |
|
|
34
|
+
| **API Design** | RESTful/GraphQL, versioned, documented | Inconsistent naming, no versioning |
|
|
35
|
+
| **Error Handling** | Structured errors, proper HTTP codes | Generic 500, leaked stack traces |
|
|
36
|
+
| **Security** | Auth, input validation, secrets management | Hardcoded secrets, no auth |
|
|
37
|
+
|
|
38
|
+
### Technical Decisions Review
|
|
39
|
+
|
|
40
|
+
```markdown
|
|
41
|
+
## New Project Technical Review
|
|
42
|
+
|
|
43
|
+
### Architecture Validation
|
|
44
|
+
- [ ] Service boundaries well-defined
|
|
45
|
+
- [ ] Data layer abstracted (Repository pattern)
|
|
46
|
+
- [ ] API versioning strategy defined
|
|
47
|
+
- [ ] Authentication/Authorization mechanism chosen
|
|
48
|
+
- [ ] Rate limiting planned
|
|
49
|
+
|
|
50
|
+
### Database Foundation
|
|
51
|
+
- [ ] Schema normalized appropriately
|
|
52
|
+
- [ ] Indexes on query columns
|
|
53
|
+
- [ ] Migration tool configured (Alembic/Flyway)
|
|
54
|
+
- [ ] Connection pooling configured
|
|
55
|
+
- [ ] Backup strategy defined
|
|
56
|
+
|
|
57
|
+
### Security Baseline
|
|
58
|
+
- [ ] Secrets management (Vault/env)
|
|
59
|
+
- [ ] Input validation on all endpoints
|
|
60
|
+
- [ ] SQL injection prevention (ORM/parameterized)
|
|
61
|
+
- [ ] CORS configuration appropriate
|
|
62
|
+
- [ ] Security headers (helmet.js equivalent)
|
|
63
|
+
|
|
64
|
+
### Observability
|
|
65
|
+
- [ ] Structured logging configured
|
|
66
|
+
- [ ] Metrics collection (Prometheus)
|
|
67
|
+
- [ ] Distributed tracing (Jaeger/Zipkin)
|
|
68
|
+
- [ ] Health check endpoints
|
|
69
|
+
- [ ] Alerting rules defined
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
### Common New Project Mistakes
|
|
73
|
+
|
|
74
|
+
| Mistake | Impact | Prevention |
|
|
75
|
+
|---------|--------|------------|
|
|
76
|
+
| No API versioning | Breaking clients | `/v1/` prefix from start |
|
|
77
|
+
| Skipping migrations | Manual DB changes | Versioned migrations required |
|
|
78
|
+
| Monolith without boundaries | Unmaintainable | Module boundaries even in monolith |
|
|
79
|
+
| No rate limiting | DoS vulnerability | Rate limits on all public APIs |
|
|
80
|
+
| Synchronous everything | Bottlenecks | Async patterns for I/O |
|
|
81
|
+
|
|
82
|
+
---
|
|
83
|
+
|
|
84
|
+
## Version Iteration Review
|
|
85
|
+
|
|
86
|
+
### Compatibility Checklist
|
|
87
|
+
|
|
88
|
+
| Check | Method | Risk if Skipped |
|
|
89
|
+
|-------|--------|-----------------|
|
|
90
|
+
| **API backward compat** | Contract testing (Pact) | Breaking client apps |
|
|
91
|
+
| **Database migrations** | Rollback tested | Data loss, downtime |
|
|
92
|
+
| **Config changes** | Feature flags | Hard rollback needed |
|
|
93
|
+
| **Dependency updates** | Lock file diff | Unexpected behavior |
|
|
94
|
+
|
|
95
|
+
### Zero-Downtime Deployment
|
|
96
|
+
|
|
97
|
+
```markdown
|
|
98
|
+
## Deployment Safety Checklist
|
|
99
|
+
|
|
100
|
+
### Database Changes
|
|
101
|
+
- [ ] Migration is backward compatible
|
|
102
|
+
- [ ] No column renames (add new, migrate, drop old)
|
|
103
|
+
- [ ] No NOT NULL without default
|
|
104
|
+
- [ ] Index creation is CONCURRENT
|
|
105
|
+
- [ ] Rollback script tested
|
|
106
|
+
|
|
107
|
+
### API Changes
|
|
108
|
+
- [ ] New endpoints added, old deprecated
|
|
109
|
+
- [ ] Deprecation headers on old endpoints
|
|
110
|
+
- [ ] Client migration window defined
|
|
111
|
+
- [ ] Documentation updated
|
|
112
|
+
|
|
113
|
+
### Release Process
|
|
114
|
+
- [ ] Canary deployment configured
|
|
115
|
+
- [ ] Health checks passing
|
|
116
|
+
- [ ] Rollback procedure documented
|
|
117
|
+
- [ ] Monitoring dashboards ready
|
|
118
|
+
- [ ] On-call notified
|
|
119
|
+
```
|
|
120
|
+
|
|
121
|
+
### Migration Patterns
|
|
122
|
+
|
|
123
|
+
```python
|
|
124
|
+
# 🔴 BAD: Destructive migration
|
|
125
|
+
def upgrade():
|
|
126
|
+
op.drop_column('users', 'legacy_field') # Data loss!
|
|
127
|
+
|
|
128
|
+
# ✅ GOOD: Safe column removal (3-phase)
|
|
129
|
+
# Phase 1: Stop writing to column (code change)
|
|
130
|
+
# Phase 2: Make column nullable
|
|
131
|
+
def upgrade():
|
|
132
|
+
op.alter_column('users', 'legacy_field', nullable=True)
|
|
133
|
+
# Phase 3: Drop column after verification
|
|
134
|
+
|
|
135
|
+
# 🔴 BAD: Rename column (breaks running code)
|
|
136
|
+
def upgrade():
|
|
137
|
+
op.alter_column('users', 'name', new_column_name='full_name')
|
|
138
|
+
|
|
139
|
+
# ✅ GOOD: Add new, migrate, drop old
|
|
140
|
+
def upgrade():
|
|
141
|
+
op.add_column('users', sa.Column('full_name', sa.String))
|
|
142
|
+
# In code: write to both, read from new
|
|
143
|
+
# Later: migrate data, drop old
|
|
144
|
+
```
|
|
145
|
+
|
|
146
|
+
---
|
|
147
|
+
|
|
148
|
+
## New Feature Review
|
|
149
|
+
|
|
150
|
+
### Feature Isolation Checklist
|
|
151
|
+
|
|
152
|
+
| Aspect | Verification | Red Flag |
|
|
153
|
+
|--------|--------------|----------|
|
|
154
|
+
| **API contract** | OpenAPI spec matches | Undocumented changes |
|
|
155
|
+
| **Data model** | Migrations reviewed | Breaking schema changes |
|
|
156
|
+
| **Security** | Auth on new endpoints | Open endpoints |
|
|
157
|
+
| **Performance** | Load tested | Unbounded queries |
|
|
158
|
+
| **Rollback** | Feature flag exists | No kill switch |
|
|
159
|
+
|
|
160
|
+
### Concurrency Review
|
|
161
|
+
|
|
162
|
+
```python
|
|
163
|
+
# 🔴 BAD: Race condition in balance update
|
|
164
|
+
def transfer(from_id, to_id, amount):
|
|
165
|
+
from_acc = get_account(from_id)
|
|
166
|
+
to_acc = get_account(to_id)
|
|
167
|
+
|
|
168
|
+
from_acc.balance -= amount # Race!
|
|
169
|
+
to_acc.balance += amount
|
|
170
|
+
|
|
171
|
+
save(from_acc)
|
|
172
|
+
save(to_acc)
|
|
173
|
+
|
|
174
|
+
# ✅ GOOD: Transactional with locking
|
|
175
|
+
def transfer(from_id, to_id, amount):
|
|
176
|
+
with db.transaction():
|
|
177
|
+
from_acc = get_account_for_update(from_id) # SELECT FOR UPDATE
|
|
178
|
+
to_acc = get_account_for_update(to_id)
|
|
179
|
+
|
|
180
|
+
if from_acc.balance < amount:
|
|
181
|
+
raise InsufficientFunds()
|
|
182
|
+
|
|
183
|
+
from_acc.balance -= amount
|
|
184
|
+
to_acc.balance += amount
|
|
185
|
+
|
|
186
|
+
save(from_acc)
|
|
187
|
+
save(to_acc)
|
|
188
|
+
```
|
|
189
|
+
|
|
190
|
+
### Distributed Transaction Patterns
|
|
191
|
+
|
|
192
|
+
```python
|
|
193
|
+
# 🔴 BAD: Multiple service calls without compensation
|
|
194
|
+
async def create_order(data):
|
|
195
|
+
order = await order_service.create(data) # 1. Created
|
|
196
|
+
await payment_service.charge(order.total) # 2. Charged
|
|
197
|
+
await inventory_service.reduce(order.items) # 3. Fails! Order + payment orphaned
|
|
198
|
+
|
|
199
|
+
# ✅ GOOD: Saga pattern with compensation
|
|
200
|
+
async def create_order(data):
|
|
201
|
+
saga = OrderSaga()
|
|
202
|
+
try:
|
|
203
|
+
order = await saga.step(
|
|
204
|
+
action=lambda: order_service.create(data),
|
|
205
|
+
compensate=lambda o: order_service.cancel(o.id)
|
|
206
|
+
)
|
|
207
|
+
await saga.step(
|
|
208
|
+
action=lambda: payment_service.charge(order.total),
|
|
209
|
+
compensate=lambda: payment_service.refund(order.id)
|
|
210
|
+
)
|
|
211
|
+
await saga.step(
|
|
212
|
+
action=lambda: inventory_service.reduce(order.items),
|
|
213
|
+
compensate=lambda: inventory_service.restore(order.items)
|
|
214
|
+
)
|
|
215
|
+
await saga.commit()
|
|
216
|
+
except Exception:
|
|
217
|
+
await saga.rollback() # Compensate all completed steps
|
|
218
|
+
raise
|
|
219
|
+
```
|
|
220
|
+
|
|
221
|
+
---
|
|
222
|
+
|
|
223
|
+
## Common Problems & Solutions
|
|
224
|
+
|
|
225
|
+
### Problem Matrix
|
|
226
|
+
|
|
227
|
+
| Problem | Symptom | Root Cause | Solution |
|
|
228
|
+
|---------|---------|------------|----------|
|
|
229
|
+
| **Unclear requirements** | Schema churn | No data modeling | JAD meetings, frozen ER |
|
|
230
|
+
| **Wrong database** | Performance issues | No benchmarks | POC with realistic data |
|
|
231
|
+
| **N+1 queries** | Slow responses | ORM misuse | Query analysis, eager loading |
|
|
232
|
+
| **API inconsistency** | Integration failures | No contract | OpenAPI spec as source of truth |
|
|
233
|
+
| **Security gaps** | Vulnerabilities | Afterthought | OWASP in CI, security reviews |
|
|
234
|
+
| **Observability gaps** | Blind spots | No instrumentation | Logging/metrics/traces from start |
|
|
235
|
+
|
|
236
|
+
### Performance Optimization Patterns
|
|
237
|
+
|
|
238
|
+
```python
|
|
239
|
+
# 🔴 BAD: N+1 query
|
|
240
|
+
users = User.query.all()
|
|
241
|
+
for user in users:
|
|
242
|
+
print(user.orders) # Each access = 1 query
|
|
243
|
+
|
|
244
|
+
# ✅ GOOD: Eager loading
|
|
245
|
+
users = User.query.options(joinedload(User.orders)).all()
|
|
246
|
+
for user in users:
|
|
247
|
+
print(user.orders) # Already loaded
|
|
248
|
+
|
|
249
|
+
# 🔴 BAD: Unbounded query
|
|
250
|
+
@app.get("/items")
|
|
251
|
+
def list_items():
|
|
252
|
+
return Item.query.all() # Could be millions
|
|
253
|
+
|
|
254
|
+
# ✅ GOOD: Paginated with limits
|
|
255
|
+
@app.get("/items")
|
|
256
|
+
def list_items(page: int = 1, limit: int = 20):
|
|
257
|
+
if limit > 100:
|
|
258
|
+
limit = 100 # Hard cap
|
|
259
|
+
return Item.query.offset((page-1)*limit).limit(limit).all()
|
|
260
|
+
|
|
261
|
+
# 🔴 BAD: Sync I/O in async context
|
|
262
|
+
@app.get("/data")
|
|
263
|
+
async def get_data():
|
|
264
|
+
result = requests.get(url) # Blocks event loop!
|
|
265
|
+
return result.json()
|
|
266
|
+
|
|
267
|
+
# ✅ GOOD: Async I/O
|
|
268
|
+
@app.get("/data")
|
|
269
|
+
async def get_data():
|
|
270
|
+
async with httpx.AsyncClient() as client:
|
|
271
|
+
result = await client.get(url)
|
|
272
|
+
return result.json()
|
|
273
|
+
```
|
|
274
|
+
|
|
275
|
+
### Error Handling Patterns
|
|
276
|
+
|
|
277
|
+
```python
|
|
278
|
+
# 🔴 BAD: Generic error, leaked details
|
|
279
|
+
@app.get("/users/{id}")
|
|
280
|
+
def get_user(id: int):
|
|
281
|
+
try:
|
|
282
|
+
return db.get_user(id)
|
|
283
|
+
except Exception as e:
|
|
284
|
+
return {"error": str(e)} # Leaks internal details
|
|
285
|
+
|
|
286
|
+
# ✅ GOOD: Structured, safe error response
|
|
287
|
+
class UserNotFoundError(HTTPException):
|
|
288
|
+
def __init__(self, user_id: int):
|
|
289
|
+
super().__init__(
|
|
290
|
+
status_code=404,
|
|
291
|
+
detail={"code": "USER_NOT_FOUND", "message": f"User {user_id} not found"}
|
|
292
|
+
)
|
|
293
|
+
|
|
294
|
+
@app.get("/users/{id}")
|
|
295
|
+
def get_user(id: int):
|
|
296
|
+
user = db.get_user(id)
|
|
297
|
+
if not user:
|
|
298
|
+
raise UserNotFoundError(id)
|
|
299
|
+
return user
|
|
300
|
+
```
|
|
301
|
+
|
|
302
|
+
---
|
|
303
|
+
|
|
304
|
+
## Tools & Automation
|
|
305
|
+
|
|
306
|
+
### Recommended Tool Stack
|
|
307
|
+
|
|
308
|
+
| Category | Tool | Purpose |
|
|
309
|
+
|----------|------|---------|
|
|
310
|
+
| **Type Safety** | TypeScript / Python typing | Prevent runtime errors |
|
|
311
|
+
| **Static Analysis** | SonarQube / Bandit | Code quality + security |
|
|
312
|
+
| **API Spec** | OpenAPI / Swagger | Contract documentation |
|
|
313
|
+
| **Testing** | Pytest / Jest + Supertest | Coverage pyramid |
|
|
314
|
+
| **Load Testing** | k6 / JMeter | Performance verification |
|
|
315
|
+
| **Security** | OWASP ZAP | Vulnerability scanning |
|
|
316
|
+
| **Monitoring** | Prometheus + Grafana | Metrics and alerts |
|
|
317
|
+
| **Tracing** | Jaeger / Zipkin | Distributed tracing |
|
|
318
|
+
|
|
319
|
+
### CI/CD Pipeline Requirements
|
|
320
|
+
|
|
321
|
+
```yaml
|
|
322
|
+
# Minimum backend CI checks
|
|
323
|
+
stages:
|
|
324
|
+
- lint:
|
|
325
|
+
- eslint/pylint
|
|
326
|
+
- type checking
|
|
327
|
+
- security:
|
|
328
|
+
- dependency audit
|
|
329
|
+
- SAST scan (SonarQube)
|
|
330
|
+
- secrets detection
|
|
331
|
+
- test:
|
|
332
|
+
- unit tests (>80% coverage)
|
|
333
|
+
- integration tests
|
|
334
|
+
- contract tests
|
|
335
|
+
- build:
|
|
336
|
+
- docker build
|
|
337
|
+
- image scan
|
|
338
|
+
- deploy:
|
|
339
|
+
- canary deployment
|
|
340
|
+
- smoke tests
|
|
341
|
+
- rollback on failure
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
### Database Review Automation
|
|
345
|
+
|
|
346
|
+
```bash
|
|
347
|
+
#!/bin/bash
|
|
348
|
+
# Pre-merge database checks
|
|
349
|
+
|
|
350
|
+
# Check migration files
|
|
351
|
+
echo "=== Migration Safety Check ==="
|
|
352
|
+
for file in migrations/*.sql; do
|
|
353
|
+
# Check for dangerous operations
|
|
354
|
+
if grep -iE "DROP|TRUNCATE|DELETE FROM .* WHERE" "$file"; then
|
|
355
|
+
echo "⚠️ Dangerous operation in $file - requires approval"
|
|
356
|
+
fi
|
|
357
|
+
|
|
358
|
+
# Check for missing indexes
|
|
359
|
+
if grep -iE "ADD COLUMN" "$file" | grep -ivE "INDEX|UNIQUE"; then
|
|
360
|
+
echo "⚠️ New column without index consideration in $file"
|
|
361
|
+
fi
|
|
362
|
+
done
|
|
363
|
+
|
|
364
|
+
# Check for N+1 patterns in code
|
|
365
|
+
echo "=== N+1 Query Detection ==="
|
|
366
|
+
grep -rn "for.*:$" --include="*.py" -A 3 | grep -E "\.query\.|\.get\(|\.find\("
|
|
367
|
+
```
|
|
368
|
+
|
|
369
|
+
---
|
|
370
|
+
|
|
371
|
+
## Review Report Template
|
|
372
|
+
|
|
373
|
+
```markdown
|
|
374
|
+
# Backend Code Review Report
|
|
375
|
+
|
|
376
|
+
## Summary
|
|
377
|
+
- **Reviewer**: [Name]
|
|
378
|
+
- **Date**: [Date]
|
|
379
|
+
- **Context**: [New Project / Iteration / Feature]
|
|
380
|
+
- **Verdict**: [APPROVED / CHANGES REQUESTED]
|
|
381
|
+
|
|
382
|
+
## Findings
|
|
383
|
+
|
|
384
|
+
### 🔴 P0 - Blockers
|
|
385
|
+
| Issue | File:Line | Impact | Suggested Fix |
|
|
386
|
+
|-------|-----------|--------|---------------|
|
|
387
|
+
|
|
388
|
+
### 🟠 P1 - Critical
|
|
389
|
+
| Issue | File:Line | Impact | Suggested Fix |
|
|
390
|
+
|-------|-----------|--------|---------------|
|
|
391
|
+
|
|
392
|
+
### 🟡 P2 - Major
|
|
393
|
+
| Issue | File:Line | Impact | Suggested Fix |
|
|
394
|
+
|-------|-----------|--------|---------------|
|
|
395
|
+
|
|
396
|
+
## Checklist Completion
|
|
397
|
+
- [ ] API contract verified
|
|
398
|
+
- [ ] Database migrations safe
|
|
399
|
+
- [ ] Security reviewed
|
|
400
|
+
- [ ] Performance acceptable
|
|
401
|
+
- [ ] Error handling complete
|
|
402
|
+
- [ ] Observability configured
|
|
403
|
+
|
|
404
|
+
## Similar Bug Hunt
|
|
405
|
+
**Pattern searched**: [Description]
|
|
406
|
+
**Files checked**: [Count]
|
|
407
|
+
**Issues found**: [Count]
|
|
408
|
+
|
|
409
|
+
## Performance Impact
|
|
410
|
+
- [ ] Load tested
|
|
411
|
+
- [ ] Query plans reviewed
|
|
412
|
+
- [ ] No N+1 patterns
|
|
413
|
+
- [ ] Caching appropriate
|
|
414
|
+
```
|
|
415
|
+
|