@tinkcarlos/skillora 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/.claude/skills/.temp-skill-index.md +245 -0
  2. package/.claude/skills/SKILL.md +264 -0
  3. package/.claude/skills/api-scaffolding/SKILL.md +431 -0
  4. package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
  5. package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
  6. package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
  7. package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
  8. package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
  9. package/.claude/skills/api-testing-observability/SKILL.md +583 -0
  10. package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
  11. package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
  12. package/.claude/skills/brainstorming/SKILL.md +283 -0
  13. package/.claude/skills/bug-fixing/SKILL.md +382 -0
  14. package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
  15. package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
  16. package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
  17. package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
  18. package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
  19. package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
  20. package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
  21. package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
  22. package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
  23. package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
  24. package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
  25. package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
  26. package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
  27. package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
  28. package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
  29. package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
  30. package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
  31. package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
  32. package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
  33. package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
  34. package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
  35. package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
  36. package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
  37. package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
  38. package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
  39. package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
  40. package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
  41. package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
  42. package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
  43. package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
  44. package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
  45. package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
  46. package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
  47. package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
  48. package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
  49. package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
  50. package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
  51. package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
  52. package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
  53. package/.claude/skills/code-review/SKILL.md +535 -0
  54. package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
  55. package/.claude/skills/code-review/references/automated-analysis.md +456 -0
  56. package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
  57. package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
  58. package/.claude/skills/code-review/references/backend-review.md +868 -0
  59. package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
  60. package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
  61. package/.claude/skills/code-review/references/common-patterns.md +321 -0
  62. package/.claude/skills/code-review/references/configuration-review.md +425 -0
  63. package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
  64. package/.claude/skills/code-review/references/database-review.md +298 -0
  65. package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
  66. package/.claude/skills/code-review/references/external-standards.md +51 -0
  67. package/.claude/skills/code-review/references/feature-review.md +329 -0
  68. package/.claude/skills/code-review/references/file-review-template.md +326 -0
  69. package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
  70. package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
  71. package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
  72. package/.claude/skills/code-review/references/frontend-review.md +783 -0
  73. package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
  74. package/.claude/skills/code-review/references/fullstack-review.md +477 -0
  75. package/.claude/skills/code-review/references/functional-completeness.md +386 -0
  76. package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
  77. package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
  78. package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
  79. package/.claude/skills/code-review/references/iteration-review.md +264 -0
  80. package/.claude/skills/code-review/references/job-review.md +335 -0
  81. package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
  82. package/.claude/skills/code-review/references/logic-completeness.md +535 -0
  83. package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
  84. package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
  85. package/.claude/skills/code-review/references/new-project-review.md +226 -0
  86. package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
  87. package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
  88. package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
  89. package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
  90. package/.claude/skills/code-review/references/python-patterns.md +494 -0
  91. package/.claude/skills/code-review/references/rca-techniques.md +362 -0
  92. package/.claude/skills/code-review/references/report-template.md +430 -0
  93. package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
  94. package/.claude/skills/code-review/references/review-dimensions.md +311 -0
  95. package/.claude/skills/code-review/references/review-guide.md +202 -0
  96. package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
  97. package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
  98. package/.claude/skills/code-review/references/review-record-template.md +195 -0
  99. package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
  100. package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
  101. package/.claude/skills/containerization/SKILL.md +313 -0
  102. package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
  103. package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
  104. package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
  105. package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
  106. package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
  107. package/.claude/skills/frontend-design/LICENSE.txt +177 -0
  108. package/.claude/skills/frontend-design/SKILL.md +587 -0
  109. package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
  110. package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
  111. package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
  112. package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
  113. package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
  114. package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
  115. package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
  116. package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
  117. package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
  118. package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
  119. package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
  120. package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
  121. package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
  122. package/.claude/skills/fullstack-developer/SKILL.md +512 -0
  123. package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
  124. package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
  125. package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
  126. package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
  127. package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
  128. package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
  129. package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
  130. package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
  131. package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
  132. package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
  133. package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
  134. package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
  135. package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
  136. package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
  137. package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
  138. package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
  139. package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
  140. package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
  141. package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
  142. package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
  143. package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
  144. package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
  145. package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
  146. package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
  147. package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
  148. package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
  149. package/.claude/skills/performance-optimization/SKILL.md +250 -0
  150. package/.claude/skills/product-requirements/SKILL.md +357 -0
  151. package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
  152. package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
  153. package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
  154. package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
  155. package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
  156. package/.claude/skills/product-requirements/references/external-standards.md +62 -0
  157. package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
  158. package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
  159. package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
  160. package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
  161. package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
  162. package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
  163. package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
  164. package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
  165. package/.claude/skills/react-best-practices/SKILL.md +198 -0
  166. package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
  167. package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
  168. package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
  169. package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
  170. package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
  171. package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
  172. package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
  173. package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
  174. package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
  175. package/.claude/skills/security-audit/SKILL.md +226 -0
  176. package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
  177. package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
  178. package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
  179. package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
  180. package/.claude/skills/shared-references/skill-call-graph.md +230 -0
  181. package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
  182. package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
  183. package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
  184. package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
  185. package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
  186. package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
  187. package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
  188. package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
  189. package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
  190. package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
  191. package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
  192. package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
  193. package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
  194. package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
  195. package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
  196. package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
  197. package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
  198. package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
  199. package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
  200. package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
  201. package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
  202. package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
  203. package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
  204. package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
  205. package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
  206. package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
  207. package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
  208. package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
  209. package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
  210. package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
  211. package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
  212. package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
  213. package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
  214. package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
  215. package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
  216. package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
  217. package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
  218. package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
  219. package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
  220. package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
  221. package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
  222. package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
  223. package/.claude/skills/test-driven-development/SKILL.md +246 -0
  224. package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
  225. package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
  226. package/.claude/skills/using-skillstack/SKILL.md +127 -0
  227. package/.claude/skills/vercel-deploy/SKILL.md +166 -0
  228. package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
  229. package/.claude/skills/verification-before-completion/SKILL.md +305 -0
  230. package/.claude/skills/writing-plans/SKILL.md +259 -0
  231. package/README.md +69 -0
  232. package/bin/cli.js +468 -0
  233. package/lib/init.js +333 -0
  234. package/package.json +29 -0
package/.claude/skills/code-review/references/database-review.md ADDED
@@ -0,0 +1,298 @@
1
+ # Database Review Guide
2
+
3
+ > Comprehensive guide for reviewing database-related code, SQL, migrations, and data layer.
4
+
5
+ ## Table of Contents
6
+
7
+ - [SQL File Review](#sql-file-review)
8
+ - [Migration Review](#migration-review)
9
+ - [ORM & Query Review](#orm--query-review)
10
+ - [Schema Design Review](#schema-design-review)
11
+ - [Performance Patterns](#performance-patterns)
12
+ - [Security Checklist](#security-checklist)
13
+ - [Database File Review](#database-file-review)
14
+
15
+ ---
16
+
17
+ ## SQL File Review
18
+
19
+ ### What to Check in SQL Files
20
+
21
+ | Category | Check | Why |
22
+ |----------|-------|-----|
23
+ | **Syntax** | Valid SQL for target database | MySQL != PostgreSQL != SQLite |
24
+ | **Indexes** | Indexes on WHERE, JOIN, ORDER BY columns | Performance critical |
25
+ | **Transactions** | BEGIN/COMMIT/ROLLBACK boundaries | Data consistency |
26
+ | **Error Handling** | What happens on failure | Partial updates are dangerous |
27
+ | **Idempotency** | Safe to run multiple times | Deployments may retry |
28
+
29
+ ### Common SQL Bugs
30
+
31
+ ```sql
32
+ -- 🔴 BUG: Missing index on frequently queried column
33
+ SELECT * FROM orders WHERE customer_id = ?;
34
+ -- Fix: CREATE INDEX idx_orders_customer ON orders(customer_id);
35
+
36
+ -- 🔴 BUG: SELECT * in production code
37
+ SELECT * FROM users WHERE id = ?;
38
+ -- Fix: SELECT id, name, email FROM users WHERE id = ?;
39
+
40
+ -- 🔴 BUG: Missing NULL handling
41
+ SELECT * FROM users WHERE deleted_at = NULL;
42
+ -- Fix: SELECT * FROM users WHERE deleted_at IS NULL;
43
+
44
+ -- 🔴 BUG: Implicit type conversion
45
+ SELECT * FROM users WHERE id = '123'; -- id is INT
46
+ -- Fix: SELECT * FROM users WHERE id = 123;
47
+
48
+ -- 🔴 BUG: LIKE without index hint
49
+ SELECT * FROM products WHERE name LIKE '%phone%';
50
+ -- Note: Leading wildcard prevents index usage
51
+
52
+ -- 🔴 BUG: Missing LIMIT on large tables
53
+ SELECT * FROM logs WHERE level = 'ERROR';
54
+ -- Fix: SELECT * FROM logs WHERE level = 'ERROR' LIMIT 1000;
55
+ ```
56
+
57
+ ### Transaction Patterns
58
+
59
+ ```sql
60
+ -- ✅ GOOD: Explicit transaction with error handling
61
+ BEGIN;
62
+ UPDATE accounts SET balance = balance - 100 WHERE id = 1;
63
+ UPDATE accounts SET balance = balance + 100 WHERE id = 2;
64
+ COMMIT;
65
+
66
+ -- 🔴 BAD: No transaction for multi-statement operation
67
+ UPDATE accounts SET balance = balance - 100 WHERE id = 1;
68
+ -- If crash here, money is lost
69
+ UPDATE accounts SET balance = balance + 100 WHERE id = 2;
70
+ ```
71
+
72
+ ---
73
+
74
+ ## Migration Review
75
+
76
+ ### Pre-Deployment Checklist
77
+
78
+ | Check | Question | Risk |
79
+ |-------|----------|------|
80
+ | **Reversibility** | Can this be rolled back? | Stuck with broken schema |
81
+ | **Data Loss** | Does this delete data? | Irreversible damage |
82
+ | **Downtime** | Does this lock tables? | Service unavailable |
83
+ | **Dependencies** | Is code deployed first or DB? | 500 errors during deploy |
84
+ | **Large Tables** | Will this take hours? | Deployment timeout |
85
+
86
+ ### Dangerous Migration Patterns
87
+
88
+ ```sql
89
+ -- 🔴 DANGEROUS: Dropping column without checking usage
90
+ ALTER TABLE users DROP COLUMN legacy_field;
91
+ -- Check: Is any code still using this column?
92
+
93
+ -- 🔴 DANGEROUS: Renaming column (breaks running code)
94
+ ALTER TABLE users RENAME COLUMN name TO full_name;
95
+ -- Fix: Add new column, migrate data, then drop old in next release
96
+
97
+ -- 🔴 DANGEROUS: Adding NOT NULL without default
98
+ ALTER TABLE users ADD COLUMN role VARCHAR(50) NOT NULL;
99
+ -- Fix: ADD COLUMN role VARCHAR(50) NOT NULL DEFAULT 'user';
100
+
101
+ -- 🔴 DANGEROUS: Changing column type with data loss
102
+ ALTER TABLE users ALTER COLUMN age TYPE SMALLINT;
103
+ -- Check: Any values > 32767?
104
+
105
+ -- 🔴 DANGEROUS: Index on large table without CONCURRENTLY
106
+ CREATE INDEX idx_orders_date ON orders(created_at);
107
+ -- Fix (PostgreSQL): CREATE INDEX CONCURRENTLY idx_orders_date ON orders(created_at);
108
+ ```
109
+
110
+ ### Migration Best Practices
111
+
112
+ 1. **Backward Compatible**: New code should work with old schema
113
+ 2. **Forward Compatible**: Old code should work with new schema
114
+ 3. **Separate Deploy**: Schema change and code change in different deploys
115
+ 4. **Test Rollback**: Actually run the down migration
116
+
117
+ ---
118
+
119
+ ## ORM & Query Review
120
+
121
+ ### N+1 Query Detection
122
+
123
+ ```python
124
+ # 🔴 BUG: N+1 queries (1 + N database calls)
125
+ users = User.query.all() # 1 query
126
+ for user in users:
127
+ print(user.orders) # N queries (1 per user)
128
+
129
+ # ✅ FIX: Eager loading
130
+ users = User.query.options(joinedload(User.orders)).all() # 1-2 queries
131
+ ```
132
+
133
+ ```typescript
134
+ // 🔴 BUG: N+1 in JavaScript
135
+ const users = await User.findAll();
136
+ for (const user of users) {
137
+ const orders = await Order.findAll({ where: { userId: user.id } });
138
+ }
139
+
140
+ // ✅ FIX: Include in query
141
+ const users = await User.findAll({ include: [Order] });
142
+ ```
143
+
144
+ ### Raw Query Injection
145
+
146
+ ```python
147
+ # 🔴 BUG: SQL Injection
148
+ user_id = request.args.get('id')
149
+ query = f"SELECT * FROM users WHERE id = {user_id}"
150
+ db.execute(query)
151
+
152
+ # ✅ FIX: Parameterized query
153
+ query = "SELECT * FROM users WHERE id = :id"
154
+ db.execute(query, {"id": user_id})
155
+ ```
156
+
157
+ ### Connection Management
158
+
159
+ ```python
160
+ # 🔴 BUG: Connection leak
161
+ conn = pool.acquire()
162
+ result = conn.execute(query) # If exception here
163
+ pool.release(conn) # Never executed
164
+
165
+ # ✅ FIX: Context manager
166
+ with pool.acquire() as conn:
167
+ result = conn.execute(query)
168
+ ```
169
+
170
+ ---
171
+
172
+ ## Schema Design Review
173
+
174
+ ### Data Type Issues
175
+
176
+ | Issue | Problem | Fix |
177
+ |-------|---------|-----|
178
+ | VARCHAR(255) for everything | Wasted space, no validation | Use appropriate sizes |
179
+ | TEXT for short strings | Index limitations | Use VARCHAR with limit |
180
+ | FLOAT for money | Precision loss | Use DECIMAL(19,4) |
181
+ | INT for timestamp | Y2K38 problem | Use DATETIME/TIMESTAMP |
182
+ | No ENUM validation | Invalid data allowed | Use ENUM or CHECK constraint |
183
+
184
+ ### Constraint Checklist
185
+
186
+ ```sql
187
+ -- Required constraints to verify:
188
+ -- 1. Primary Key
189
+ -- 2. Foreign Keys with ON DELETE behavior
190
+ -- 3. NOT NULL for required fields
191
+ -- 4. UNIQUE for unique fields
192
+ -- 5. CHECK constraints for valid ranges
193
+ -- 6. DEFAULT values for optional fields
194
+
195
+ -- Example: Complete table definition
196
+ CREATE TABLE orders (
197
+ id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
198
+ user_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
199
+ status VARCHAR(20) NOT NULL DEFAULT 'pending'
200
+ CHECK (status IN ('pending', 'paid', 'shipped', 'delivered')),
201
+ total DECIMAL(19, 4) NOT NULL CHECK (total >= 0),
202
+ created_at TIMESTAMP NOT NULL DEFAULT NOW(),
203
+ updated_at TIMESTAMP NOT NULL DEFAULT NOW()
204
+ );
205
+ ```
206
+
207
+ ---
208
+
209
+ ## Performance Patterns
210
+
211
+ ### Index Review
212
+
213
+ ```sql
214
+ -- Find missing indexes (PostgreSQL)
215
+ SELECT schemaname, tablename, indexname, indexdef
216
+ FROM pg_indexes
217
+ WHERE tablename = 'your_table';
218
+
219
+ -- Check for unused indexes
220
+ SELECT indexrelname, idx_scan, idx_tup_read
221
+ FROM pg_stat_user_indexes
222
+ WHERE idx_scan = 0;
223
+ ```
224
+
225
+ ### Query Optimization
226
+
227
+ | Pattern | Bad | Good |
228
+ |---------|-----|------|
229
+ | Select fields | `SELECT *` | `SELECT id, name, email` |
230
+ | Pagination | `OFFSET 10000` | Cursor-based pagination |
231
+ | Counting | `SELECT COUNT(*)` | Cached count or estimate |
232
+ | Existence | `SELECT COUNT(*) > 0` | `SELECT EXISTS(...)` |
233
+ | Batch insert | Loop with single INSERT | Bulk INSERT |
234
+
235
+ ---
236
+
237
+ ## Security Checklist
238
+
239
+ ### SQL Injection Prevention
240
+
241
+ - [ ] All user input parameterized
242
+ - [ ] No string concatenation in queries
243
+ - [ ] ORM queries don't use raw()
244
+ - [ ] Stored procedures use parameters
245
+
246
+ ### Data Protection
247
+
248
+ - [ ] Sensitive data encrypted at rest
249
+ - [ ] PII masked in logs
250
+ - [ ] Backups encrypted
251
+ - [ ] Connection uses TLS
252
+
253
+ ### Access Control
254
+
255
+ - [ ] Principle of least privilege
256
+ - [ ] No root/admin credentials in code
257
+ - [ ] Database users have limited permissions
258
+ - [ ] Connection strings use environment variables
259
+
260
+ ---
261
+
262
+ ## Database File Review
263
+
264
+ ### SQLite/Embedded Database Files
265
+
266
+ When reviewing `.db`, `.sqlite`, `.sqlite3` files:
267
+
268
+ | Check | What to Look For | Risk |
269
+ |-------|------------------|------|
270
+ | **PII Exposure** | User data, emails, phones | Privacy violation |
271
+ | **Secrets** | API keys, tokens, passwords | Security breach |
272
+ | **Test Data** | Fake data in production | Confusion |
273
+ | **Size** | Unexpectedly large files | Performance issue |
274
+ | **Location** | In version control? | Data leak |
275
+
276
+ ### Detection Commands
277
+
278
+ ```bash
279
+ # Check if DB files are in git
280
+ git ls-files | grep -E "\.db$|\.sqlite"
281
+
282
+ # List tables in SQLite
283
+ sqlite3 database.db ".tables"
284
+
285
+ # Check for sensitive columns
286
+ sqlite3 database.db ".schema" | grep -i "password\|secret\|token\|key"
287
+
288
+ # Sample data (first 5 rows)
289
+ sqlite3 database.db "SELECT * FROM users LIMIT 5;"
290
+ ```
291
+
292
+ ### Best Practices
293
+
294
+ 1. **Never commit database files** — Add to `.gitignore`
295
+ 2. **Use migrations** — Don't ship pre-populated DBs
296
+ 3. **Separate test data** — Use fixtures/seeds, not DB files
297
+ 4. **Encrypt sensitive DBs** — SQLCipher for SQLite
298
+
package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md ADDED
@@ -0,0 +1,313 @@
1
+ # Dependency Management & Code Integrity Protocol
2
+
3
+ > **核心原则**: 新增依赖必须安装 → 依赖文件必须更新 → 完成后必须验证 → 验证包括兼容性和文件完整性
4
+
5
+ ---
6
+
7
+ ## 🔴 依赖管理门禁 (Dependency Management Gate)
8
+
9
+ ### 触发条件
10
+
11
+ 当代码中出现以下情况时,**必须执行依赖管理流程**:
12
+
13
+ | 触发条件 | 示例 |
14
+ |----------|------|
15
+ | 新增 import/require 语句 | `import { Collapsible } from "@radix-ui/react-collapsible"` |
16
+ | 安装新的组件库/UI 框架 | shadcn/ui, Ant Design, Material UI |
17
+ | 引入新的工具函数库 | lodash, date-fns, zod |
18
+ | 使用新的后端框架/库 | FastAPI, LangChain, Pydantic |
19
+ | 调用新的第三方 API SDK | Stripe, OpenAI, AWS SDK |
20
+
21
+ ---
22
+
23
+ ## 依赖检测规则 (通用)
24
+
25
+ ### Step 1: 识别依赖类型
26
+
27
+ | 项目类型 | 依赖文件 | 安装命令 |
28
+ |----------|---------|----------|
29
+ | Node.js/前端 | `package.json` | `npm install <pkg>` / `yarn add <pkg>` / `pnpm add <pkg>` |
30
+ | Python | `requirements.txt` / `pyproject.toml` | `pip install <pkg>` / `uv add <pkg>` |
31
+ | Go | `go.mod` | `go get <pkg>` |
32
+ | Rust | `Cargo.toml` | `cargo add <pkg>` |
33
+ | Java/Kotlin | `pom.xml` / `build.gradle` | Maven/Gradle 手动添加 |
34
+
35
+ ### Step 2: 检查依赖是否已存在
36
+
37
+ ```bash
38
+ # Node.js - 检查 package.json
39
+ grep "<package-name>" package.json
40
+
41
+ # Python - 检查 requirements.txt
42
+ grep "<package-name>" requirements.txt
43
+
44
+ # 通用 - 检查 node_modules / venv
45
+ ls node_modules/<package-name> 2>/dev/null || echo "Not installed"
46
+ ```
47
+
48
+ ### Step 3: 安装缺失依赖
49
+
50
+ **🔴 必须在代码修改前或立即之后安装依赖!**
51
+
52
+ ```bash
53
+ # Node.js
54
+ npm install <package-name>
55
+ # 或指定版本
56
+ npm install <package-name>@<version>
57
+ ```
58
+
59
+ #### 🔴 Python 虚拟环境强制要求 (NON-NEGOTIABLE)
60
+
61
+ **Python 项目的所有依赖操作必须在虚拟环境中进行!**
62
+
63
+ ```bash
64
+ # Step 1: 检查虚拟环境是否存在
65
+ ls venv/ 2>/dev/null || ls .venv/ 2>/dev/null || echo "虚拟环境不存在"
66
+
67
+ # Step 2: 如果不存在,创建虚拟环境
68
+ python -m venv venv
69
+
70
+ # Step 3: 激活虚拟环境 (必须!)
71
+ # Windows CMD
72
+ venv\Scripts\activate
73
+ # Windows PowerShell
74
+ .\venv\Scripts\Activate.ps1
75
+ # Linux/Mac
76
+ source venv/bin/activate
77
+
78
+ # Step 4: 在虚拟环境中安装依赖
79
+ pip install <package-name>
80
+ # 或指定版本
81
+ pip install <package-name>==<version>
82
+
83
+ # Step 5: 更新 requirements.txt
84
+ pip freeze > requirements.txt
85
+ ```
86
+
87
+ **❌ 禁止事项**:
88
+ - 禁止在全局 Python 环境中安装项目依赖
89
+ - 禁止不激活虚拟环境就执行 `pip install`
90
+ - 禁止使用系统 Python 运行项目脚本
91
+
92
+ **✅ 验证虚拟环境激活**:
93
+ ```bash
94
+ # 检查 which/where python 指向虚拟环境
95
+ which python # Linux/Mac: 应显示 .../venv/bin/python
96
+ where python # Windows: 应显示 ...\venv\Scripts\python.exe
97
+ ```
98
+
99
+ ### Step 4: 更新依赖文件
100
+
101
+ **🔴 安装后必须验证依赖文件已更新!**
102
+
103
+ | 项目类型 | 验证方式 |
104
+ |----------|---------|
105
+ | Node.js | 检查 `package.json` 和 `package-lock.json` 是否包含新依赖 |
106
+ | Python | 执行 `pip freeze > requirements.txt` 或手动添加到 requirements.txt |
107
+
108
+ ---
109
+
110
+ ## 🔴 代码文件完整性检查 (File Integrity Check)
111
+
112
+ ### 触发条件
113
+
114
+ 当新增功能涉及以下情况时,**必须执行文件完整性检查**:
115
+
116
+ | 场景 | 检查内容 |
117
+ |------|----------|
118
+ | 使用 UI 组件库 | 组件文件是否存在于 `components/ui/` |
119
+ | 引用工具函数 | 工具函数文件是否存在于 `lib/` 或 `utils/` |
120
+ | 导入类型定义 | 类型文件是否存在于 `types/` |
121
+ | 调用 API 服务 | 服务文件是否存在于 `services/` 或 `api/` |
122
+
123
+ ### 检查流程
124
+
125
+ ```
126
+ 代码中有新 import
127
+
128
+ ┌──────────────────────────────────────────────────────┐
129
+ │ Step 1: 解析 import 路径 │
130
+ │ ─────────────────────────────────────────────────────│
131
+ │ 相对路径? → 检查文件是否存在 │
132
+ │ 别名路径 (@/)? → 解析别名后检查文件是否存在 │
133
+ │ 包路径? → 检查 node_modules 或 site-packages │
134
+ └──────────────────────────────────────────────────────┘
135
+
136
+ ┌──────────────────────────────────────────────────────┐
137
+ │ Step 2: 文件不存在时的处理 │
138
+ │ ─────────────────────────────────────────────────────│
139
+ │ UI 组件? → 创建组件文件 (shadcn/ui 风格) │
140
+ │ 工具函数? → 创建工具函数文件 │
141
+ │ 第三方包? → 安装依赖 │
142
+ └──────────────────────────────────────────────────────┘
143
+ ```
144
+
145
+ ### 常见缺失文件场景
146
+
147
+ | 场景 | 缺失类型 | 解决方案 |
148
+ |------|---------|----------|
149
+ | shadcn/ui 组件 | `components/ui/xxx.tsx` | 使用 `npx shadcn@latest add xxx` 或手动创建 |
150
+ | Radix UI 原语 | npm 包未安装 | `npm install @radix-ui/react-xxx` |
151
+ | 自定义 Hook | `hooks/useXxx.ts` | 创建 Hook 文件 |
152
+ | API 服务 | `services/xxxService.ts` | 创建服务文件 |
153
+
154
+ ---
155
+
156
+ ## 🔴 兼容性检查 (Compatibility Check)
157
+
158
+ ### 版本兼容性矩阵
159
+
160
+ | 检查项 | 方法 | 风险等级 |
161
+ |--------|------|----------|
162
+ | **Peer Dependencies** | 检查 npm 警告信息 | 🔴 高 |
163
+ | **Node.js 版本** | 对比 `engines` 字段 | 🔴 高 |
164
+ | **TypeScript 版本** | 检查类型定义兼容性 | 🟡 中 |
165
+ | **React 版本** | 检查 Hooks/API 可用性 | 🔴 高 |
166
+ | **Python 版本** | 对比 `python_requires` | 🔴 高 |
167
+ | 🔴 **原生模块 (Native Module)** | 检查是否需要编译 | 🔴 高 |
168
+
169
+ ### 🔴 原生模块检查 (Electron/React Native 必须)
170
+
171
+ **原生模块 = 使用 C/C++/Rust 编写的 Node.js 模块 = Electron 启动失败的头号杀手**
172
+
173
+ | 检查命令 | 判断标准 |
174
+ |----------|----------|
175
+ | `ls node_modules/<pkg>/*.node` | 有 .node 文件 = 原生模块 |
176
+ | `grep "binding.gyp" node_modules/<pkg>/` | 有 binding.gyp = 原生模块 |
177
+ | `npm info <pkg> | grep -i "native\|gyp\|c++"` | 搜索结果有匹配 = 原生模块 |
178
+
179
+ **常见原生模块及纯 JS 替代方案:**
180
+
181
+ | 原生模块 | 纯 JS 替代 | 说明 |
182
+ |----------|-----------|------|
183
+ | `better-sqlite3` / `sqlite3` | `sql.js` | SQLite |
184
+ | `sharp` | `jimp` | 图片处理 |
185
+ | `bcrypt` | `bcryptjs` | 密码哈希 |
186
+ | `node-sass` | `sass` | SCSS 编译 |
187
+
188
+ → 完整列表: `references/platform-specific-review.md`
189
+
190
+ ### 兼容性检查命令
191
+
192
+ ```bash
193
+ # Node.js - 检查 peer dependency 警告
194
+ npm ls 2>&1 | grep -i "peer dep"
195
+
196
+ # Node.js - 审计安全问题
197
+ npm audit
198
+
199
+ # Python - 检查依赖冲突
200
+ pip check
201
+
202
+ # Python - 查看依赖树
203
+ pip show <package-name>
204
+ ```
205
+
206
+ ### 常见兼容性问题处理
207
+
208
+ | 问题 | 症状 | 解决方案 |
209
+ |------|------|----------|
210
+ | Peer dependency 不满足 | npm 警告 | 安装兼容版本或使用 `--legacy-peer-deps` |
211
+ | TypeScript 类型错误 | 编译失败 | 安装 `@types/xxx` 或升级 TS 版本 |
212
+ | React 版本不匹配 | 运行时错误 | 检查组件库的 React 版本要求 |
213
+ | Python 版本不兼容 | ImportError | 检查库的 Python 版本要求 |
214
+
215
+ ---
216
+
217
+ ## 任务完成验证清单 (Post-Task Verification)
218
+
219
+ **🔴 每个开发任务结束前,必须完成以下检查:**
220
+
221
+ ### 依赖验证
222
+
223
+ - [ ] **依赖安装完成**: 所有新增依赖已安装到项目中
224
+ - [ ] **依赖文件更新**: `package.json` / `requirements.txt` 已包含新依赖
225
+ - [ ] **Lock 文件同步**: `package-lock.json` / `poetry.lock` 已更新
226
+ - [ ] **无兼容性警告**: `npm ls` / `pip check` 无报错
227
+
228
+ ### 文件完整性验证
229
+
230
+ - [ ] **所有 import 可解析**: 无 "Cannot find module" / "ModuleNotFoundError"
231
+ - [ ] **组件文件存在**: UI 组件文件均存在于正确路径
232
+ - [ ] **类型定义完整**: 无 TypeScript 类型错误
233
+
234
+ ### 运行时验证
235
+
236
+ - [ ] **开发服务器启动**: `npm run dev` / `python run.py` 无报错
237
+ - [ ] **无控制台错误**: 浏览器/终端无红色错误
238
+ - [ ] **核心功能正常**: 主要功能可正常使用
239
+
240
+ ---
241
+
242
+ ## 验证命令速查
243
+
244
+ ```bash
245
+ # ===== Node.js 项目 =====
246
+ # 检查依赖安装
247
+ npm ls --depth=0
248
+
249
+ # 检查 peer dependency
250
+ npm ls 2>&1 | grep -i "peer\|missing\|invalid"
251
+
252
+ # 启动开发服务器验证
253
+ npm run dev
254
+
255
+ # ===== Python 项目 (🔴 必须在虚拟环境中!) =====
256
+ # Step 0: 检查虚拟环境是否存在
257
+ ls venv/ 2>/dev/null || ls .venv/ 2>/dev/null || echo "需要创建虚拟环境"
258
+
259
+ # Step 1: 创建虚拟环境 (如果不存在)
260
+ python -m venv venv
261
+
262
+ # Step 2: 激活虚拟环境 (🔴 必须!)
263
+ # Windows CMD
264
+ venv\Scripts\activate
265
+ # Windows PowerShell
266
+ .\venv\Scripts\Activate.ps1
267
+ # Linux/Mac
268
+ source venv/bin/activate
269
+
270
+ # Step 3: 验证虚拟环境已激活
271
+ which python # 应指向 venv/bin/python 或 venv\Scripts\python.exe
272
+
273
+ # Step 4: 安装依赖
274
+ pip install -r requirements.txt
275
+
276
+ # Step 5: 检查依赖安装
277
+ pip list | grep <package-name>
278
+
279
+ # Step 6: 检查依赖冲突
280
+ pip check
281
+
282
+ # Step 7: 导出依赖 (安装新包后)
283
+ pip freeze > requirements.txt
284
+
285
+ # Step 8: 运行项目 (使用虚拟环境 Python)
286
+ python run.py # 或 venv/bin/python run.py
287
+ ```
288
+
289
+ ---
290
+
291
+ ## 输出契约 (Dependency Gate Report)
292
+
293
+ **任务完成时,在 Output Contract 中添加:**
294
+
295
+ ```markdown
296
+ ## 依赖管理报告
297
+
298
+ ### 新增依赖
299
+ | 包名 | 版本 | 用途 | 安装状态 |
300
+ |------|------|------|----------|
301
+ | @radix-ui/react-collapsible | ^1.0.0 | Collapsible 组件 | ✅ 已安装 |
302
+
303
+ ### 文件完整性
304
+ | 文件 | 类型 | 状态 |
305
+ |------|------|------|
306
+ | components/ui/collapsible.tsx | UI 组件 | ✅ 已创建 |
307
+
308
+ ### 验证结果
309
+ - [x] 依赖安装完成
310
+ - [x] 依赖文件更新
311
+ - [x] 无兼容性警告
312
+ - [x] 开发服务器启动正常
313
+ ```
package/.claude/skills/code-review/references/external-standards.md ADDED
@@ -0,0 +1,51 @@
1
+ # External Standards & Authoritative Sources (for Code Review)
2
+
3
+ Retrieved: 2025-12-23
4
+
5
+ Use this document as a source-of-truth index for what “good” looks like across common review dimensions. Prefer these references when you need a neutral standard to justify a review finding or to design a minimal verification plan.
6
+
7
+ ## 1) General Code Review Process
8
+
9
+ - Google Engineering Practices – Code Review Developer Guide: https://google.github.io/eng-practices/review/
10
+ - Review what matters: design, functionality, complexity, tests, naming, comments, style, documentation.
11
+ - Use code review as a quality and knowledge-sharing mechanism.
12
+ - GitHub Docs – About pull request reviews: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/about-pull-request-reviews
13
+ - Standard review outcomes: comment, approve, request changes.
14
+ - Use CODEOWNERS and required reviews to enforce quality gates.
15
+
16
+ ## 2) Secure Code Review
17
+
18
+ - OWASP Code Review Guide (project page + downloadable PDF): https://owasp.org/www-project-code-review-guide/
19
+ - Manual security review remains important even with automated scanners.
20
+ - Organize review around vulnerability classes and “red flags”, not language-specific “do it my way” patterns.
21
+ - OWASP Application Security Verification Standard (ASVS): https://owasp.org/www-project-application-security-verification-standard/
22
+ - Security requirements checklist usable for design review, implementation review, and verification planning.
23
+ - Requirements are versioned and identifiable; reference the ASVS version when citing requirements.
24
+
25
+ ## 3) Testing & Verification Strategy
26
+
27
+ - Martin Fowler – Test Pyramid: https://martinfowler.com/bliki/TestPyramid.html
28
+ - Prefer many fast, reliable unit tests; use fewer, more expensive end-to-end/UI tests.
29
+ - High-level tests are valuable but can be slow/brittle; balance matters.
30
+ - Microsoft Learn – Unit testing best practices for .NET: https://learn.microsoft.com/en-us/dotnet/core/testing/unit-testing-best-practices
31
+ - Good unit tests are fast, isolated, repeatable, self-checking, and readable.
32
+ - Coverage is a signal, not a goal; avoid chasing coverage without value.
33
+
34
+ ## 4) Database Schema/DDL Change Risk
35
+
36
+ - PostgreSQL Documentation – ALTER TABLE: https://www.postgresql.org/docs/current/sql-altertable.html
37
+ - Many DDL variants require strong locks (often ACCESS EXCLUSIVE) unless stated otherwise.
38
+ - Multiple subcommands acquire the strictest lock required by any subcommand.
39
+ - MySQL 8.0 Reference Manual – InnoDB and Online DDL: https://dev.mysql.com/doc/refman/8.0/en/innodb-online-ddl.html
40
+ - Online DDL supports INSTANT/INPLACE operations with concurrent DML in many cases.
41
+ - Use `ALGORITHM`/`LOCK` clauses as explicit safety rails; fail fast if the desired concurrency is unavailable.
42
+
43
+ ## 5) Frontend Accessibility & Real-User Performance
44
+
45
+ - W3C Recommendation – WCAG 2.2: https://www.w3.org/TR/WCAG22/
46
+ - Accessibility guidance is structured as principles → guidelines → testable success criteria (A/AA/AAA).
47
+ - WCAG is technology-agnostic; use it as a baseline for UX/a11y review discussions.
48
+ - GoogleChrome – web-vitals (Core Web Vitals metrics): https://github.com/GoogleChrome/web-vitals
49
+ - Core Web Vitals include CLS, INP, and LCP; additional metrics like FCP and TTFB support diagnosis.
50
+ - Measuring “real users” requires careful instrumentation; don’t double-register observers/listeners.
51
+