@tinkcarlos/skillora 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (234) hide show
  1. package/.claude/skills/.temp-skill-index.md +245 -0
  2. package/.claude/skills/SKILL.md +264 -0
  3. package/.claude/skills/api-scaffolding/SKILL.md +431 -0
  4. package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
  5. package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
  6. package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
  7. package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
  8. package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
  9. package/.claude/skills/api-testing-observability/SKILL.md +583 -0
  10. package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
  11. package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
  12. package/.claude/skills/brainstorming/SKILL.md +283 -0
  13. package/.claude/skills/bug-fixing/SKILL.md +382 -0
  14. package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
  15. package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
  16. package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
  17. package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
  18. package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
  19. package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
  20. package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
  21. package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
  22. package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
  23. package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
  24. package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
  25. package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
  26. package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
  27. package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
  28. package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
  29. package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
  30. package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
  31. package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
  32. package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
  33. package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
  34. package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
  35. package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
  36. package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
  37. package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
  38. package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
  39. package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
  40. package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
  41. package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
  42. package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
  43. package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
  44. package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
  45. package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
  46. package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
  47. package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
  48. package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
  49. package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
  50. package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
  51. package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
  52. package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
  53. package/.claude/skills/code-review/SKILL.md +535 -0
  54. package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
  55. package/.claude/skills/code-review/references/automated-analysis.md +456 -0
  56. package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
  57. package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
  58. package/.claude/skills/code-review/references/backend-review.md +868 -0
  59. package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
  60. package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
  61. package/.claude/skills/code-review/references/common-patterns.md +321 -0
  62. package/.claude/skills/code-review/references/configuration-review.md +425 -0
  63. package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
  64. package/.claude/skills/code-review/references/database-review.md +298 -0
  65. package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
  66. package/.claude/skills/code-review/references/external-standards.md +51 -0
  67. package/.claude/skills/code-review/references/feature-review.md +329 -0
  68. package/.claude/skills/code-review/references/file-review-template.md +326 -0
  69. package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
  70. package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
  71. package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
  72. package/.claude/skills/code-review/references/frontend-review.md +783 -0
  73. package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
  74. package/.claude/skills/code-review/references/fullstack-review.md +477 -0
  75. package/.claude/skills/code-review/references/functional-completeness.md +386 -0
  76. package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
  77. package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
  78. package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
  79. package/.claude/skills/code-review/references/iteration-review.md +264 -0
  80. package/.claude/skills/code-review/references/job-review.md +335 -0
  81. package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
  82. package/.claude/skills/code-review/references/logic-completeness.md +535 -0
  83. package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
  84. package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
  85. package/.claude/skills/code-review/references/new-project-review.md +226 -0
  86. package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
  87. package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
  88. package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
  89. package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
  90. package/.claude/skills/code-review/references/python-patterns.md +494 -0
  91. package/.claude/skills/code-review/references/rca-techniques.md +362 -0
  92. package/.claude/skills/code-review/references/report-template.md +430 -0
  93. package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
  94. package/.claude/skills/code-review/references/review-dimensions.md +311 -0
  95. package/.claude/skills/code-review/references/review-guide.md +202 -0
  96. package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
  97. package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
  98. package/.claude/skills/code-review/references/review-record-template.md +195 -0
  99. package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
  100. package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
  101. package/.claude/skills/containerization/SKILL.md +313 -0
  102. package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
  103. package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
  104. package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
  105. package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
  106. package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
  107. package/.claude/skills/frontend-design/LICENSE.txt +177 -0
  108. package/.claude/skills/frontend-design/SKILL.md +587 -0
  109. package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
  110. package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
  111. package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
  112. package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
  113. package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
  114. package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
  115. package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
  116. package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
  117. package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
  118. package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
  119. package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
  120. package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
  121. package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
  122. package/.claude/skills/fullstack-developer/SKILL.md +512 -0
  123. package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
  124. package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
  125. package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
  126. package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
  127. package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
  128. package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
  129. package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
  130. package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
  131. package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
  132. package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
  133. package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
  134. package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
  135. package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
  136. package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
  137. package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
  138. package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
  139. package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
  140. package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
  141. package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
  142. package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
  143. package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
  144. package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
  145. package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
  146. package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
  147. package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
  148. package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
  149. package/.claude/skills/performance-optimization/SKILL.md +250 -0
  150. package/.claude/skills/product-requirements/SKILL.md +357 -0
  151. package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
  152. package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
  153. package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
  154. package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
  155. package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
  156. package/.claude/skills/product-requirements/references/external-standards.md +62 -0
  157. package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
  158. package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
  159. package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
  160. package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
  161. package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
  162. package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
  163. package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
  164. package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
  165. package/.claude/skills/react-best-practices/SKILL.md +198 -0
  166. package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
  167. package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
  168. package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
  169. package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
  170. package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
  171. package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
  172. package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
  173. package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
  174. package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
  175. package/.claude/skills/security-audit/SKILL.md +226 -0
  176. package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
  177. package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
  178. package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
  179. package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
  180. package/.claude/skills/shared-references/skill-call-graph.md +230 -0
  181. package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
  182. package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
  183. package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
  184. package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
  185. package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
  186. package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
  187. package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
  188. package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
  189. package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
  190. package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
  191. package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
  192. package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
  193. package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
  194. package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
  195. package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
  196. package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
  197. package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
  198. package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
  199. package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
  200. package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
  201. package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
  202. package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
  203. package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
  204. package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
  205. package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
  206. package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
  207. package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
  208. package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
  209. package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
  210. package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
  211. package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
  212. package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
  213. package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
  214. package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
  215. package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
  216. package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
  217. package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
  218. package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
  219. package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
  220. package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
  221. package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
  222. package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
  223. package/.claude/skills/test-driven-development/SKILL.md +246 -0
  224. package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
  225. package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
  226. package/.claude/skills/using-skillstack/SKILL.md +127 -0
  227. package/.claude/skills/vercel-deploy/SKILL.md +166 -0
  228. package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
  229. package/.claude/skills/verification-before-completion/SKILL.md +305 -0
  230. package/.claude/skills/writing-plans/SKILL.md +259 -0
  231. package/README.md +69 -0
  232. package/bin/cli.js +468 -0
  233. package/lib/init.js +333 -0
  234. package/package.json +29 -0
@@ -0,0 +1,657 @@
1
+ # Commonly Overlooked Issues - Detailed Guide
2
+
3
+ Issues that developers often miss due to time pressure or experience gaps, leading to significantly higher maintenance costs later.
4
+
5
+ ---
6
+
7
+ ## Backend Commonly Overlooked Issues
8
+
9
+ Backend issues often manifest in production under load, making them hard to catch locally. These issues account for ~40% of production bugs (2025 GitHub/SonarQube data).
10
+
11
+ | Category | Overlooked Issue | Why Important | Example Bug |
12
+ |----------|------------------|---------------|-------------|
13
+ | **Error Handling** | Exception propagation & resource leak | 35% of production crashes | Java JDBC connection without finally, pool exhaustion |
14
+ | **Security** | Injection attacks & hardcoded credentials | OWASP Top 1 risk | Python SQL without placeholder, API key in git |
15
+ | **Performance** | N+1 queries & coarse lock granularity | 50% QPS drop under load | Hibernate loop load(), Go mutex on entire map |
16
+ | **Concurrency** | Race condition & transaction isolation | Distributed system pain point | Node async parallel update shared state |
17
+ | **Request Isolation** | Modifying shared/singleton objects | Data leak between users | `self.user_config.id = req.id` in Service |
18
+ | **Data Validation** | Input boundary & serialization overflow | API abuse crashes | Python requests no size limit (DoS) |
19
+ | **Logging** | Sensitive info leak & inconsistent log levels | Debug/audit difficulty | Go zapper logs full SQL, compliance violation |
20
+ | **Compatibility** | Version dependencies & migration scripts | Multi-env deployment failure | npm audit vulnerabilities, Python 3.12 syntax in 3.8 |
21
+ | **Maintainability** | Magic values & over-nested functions | High refactor cost | Go const not used, Java 10-layer nested if |
22
+ | **Test Coverage** | Missing integration tests & incomplete mocks | CI green but prod red (25% regression bugs) | Python pytest only happy path |
23
+ | **Configuration** | Env var override & hot update ignored | Zero-downtime deployment failure | Node process.env no fallback |
24
+
25
+ ### Backend Review Efficiency Tips
26
+
27
+ - **Language Tool Stacks**: Java (Checkstyle+FindBugs), Node (StandardJS+David), Go (golangci-lint), Python (mypy+bandit)
28
+ - **CI Integration**: Run SonarQube on every PR, automate >70% of checks
29
+ - **Load Testing**: Use LoadForge/k6 for stress testing before production
30
+ - **Priority**: Focus on API layer first, then infrastructure
31
+
32
+ ---
33
+
34
+ ## Frontend Commonly Overlooked Issues
35
+
36
+ Frontend issues often appear only on specific devices, browsers, or network conditions. Visual issues require manual testing with only ~50% automation coverage. Responsive bugs account for ~35% of frontend issues (2025 data).
37
+
38
+ | Category | Overlooked Issue | Why Important | Example Bug |
39
+ |----------|------------------|---------------|-------------|
40
+ | **UI Layout** | Responsive breakpoints & overflow hidden | Mobile = 60% traffic | iPad landscape sidebar overflow |
41
+ | **Visual** | Dark mode & insufficient contrast | WCAG violation, poor UX | Light gray text on white (<3:1 ratio) |
42
+ | **Interaction** | Focus management & keyboard navigation | Accessibility pain point | Modal tab key cannot focus switch |
43
+ | **Functionality** | State sync & async error handling | Production network fluctuation | Page refresh shopping cart data lost |
44
+ | **Memory Leaks** | Module-level variables & event listeners | SPA performance degradation | Global `const cache = {}` growing forever |
45
+ | **TypeScript** | Missing `import type` & circular types | Runtime crash in bundlers | `import { Interface }` causes "no export" error |
46
+ | **Performance** | Unoptimized images & JS render blocking | First load >3s = 50% user loss | Large image no lazy, LCP >4s |
47
+ | **Compatibility** | Browser prefix & missing polyfill | Enterprise users on old browsers | Firefox flex-direction: row-reverse fails |
48
+ | **Security/a11y** | Empty alt text & XSS injection | SEO & compliance risk | User uploads SVG with script tag |
49
+ | **Code Standards** | Component props default & inconsistent naming | Reuse bugs | Button size="large" no default, renders small |
50
+ | **Test Coverage** | Few E2E & outdated snapshots | UI change breaks easily | Design iteration, old snapshot false positive |
51
+ | **Docs/Build** | Missing Storybook & ignored build warnings | Handoff difficult | PR merge, production build chunk too large |
52
+
53
+ ### Frontend Review Efficiency Tips
54
+
55
+ - **Checklist Template**: Maintain "UI-Interaction-Code" checklist in Notion, tick before review
56
+ - **Tool Stack**: Lighthouse (performance), axe (a11y), Cypress (E2E), Storybook (components)
57
+ - **Cross-Team**: Designers participate in UI feedback; use Zeplin/Figma plugins for sync
58
+ - **Balance**: Small changes focus on visual, large refactors focus on performance
59
+
60
+ ---
61
+
62
+ ## General Logic Errors
63
+
64
+ ## 1. Logic Errors
65
+
66
+ ### 1.1 Boundary Conditions - Account for 40% of Bugs
67
+
68
+ **Check Points**:
69
+ - [ ] null/undefined/None handling
70
+ - [ ] Empty string "" handling
71
+ - [ ] Empty array/collection [] handling
72
+ - [ ] Zero values 0, 0.0, false handling
73
+ - [ ] Max/Min integer values
74
+
75
+ **Common Bug Examples**:
76
+
77
+ ```python
78
+ # ❌ Empty list not checked
79
+ def get_first(items):
80
+ return items[0] # IndexError if empty
81
+
82
+ # ✅ Correct handling
83
+ def get_first(items):
84
+ if not items:
85
+ return None # Or raise ValueError
86
+ return items[0]
87
+ ```
88
+
89
+ ```typescript
90
+ // ❌ Undefined not checked
91
+ function getUserName(user) {
92
+ return user.profile.name; // Cannot read property 'name' of undefined
93
+ }
94
+
95
+ // ✅ Safe access
96
+ function getUserName(user?: User): string | undefined {
97
+ return user?.profile?.name;
98
+ }
99
+ ```
100
+
101
+ ### 1.2 Off-by-One Errors
102
+
103
+ **Check Points**:
104
+ - [ ] Loop start value (0 or 1)
105
+ - [ ] Loop termination condition (< or <=)
106
+ - [ ] Last element access (length-1)
107
+ - [ ] String slice/substring
108
+
109
+ **Common Bug Examples**:
110
+
111
+ ```python
112
+ # ❌ Off-by-one: missing first element
113
+ for i in range(1, len(arr)):
114
+ process(arr[i])
115
+
116
+ # ❌ Off-by-one: processing one extra
117
+ for i in range(len(arr) + 1):
118
+ process(arr[i]) # IndexError at last iteration
119
+
120
+ # ✅ Correct
121
+ for i in range(len(arr)):
122
+ process(arr[i])
123
+ # Or more Pythonic:
124
+ for item in arr:
125
+ process(item)
126
+ ```
127
+
128
+ ### 1.3 Floating Point Precision
129
+
130
+ **Check Points**:
131
+ - [ ] Use Decimal for currency calculations
132
+ - [ ] Use tolerance for float comparison
133
+ - [ ] Avoid floats as loop counters
134
+
135
+ ```python
136
+ # ❌ Float precision issue
137
+ if 0.1 + 0.2 == 0.3: # False!
138
+ print("equal")
139
+
140
+ # ✅ Use Decimal or tolerance comparison
141
+ from decimal import Decimal
142
+ if Decimal('0.1') + Decimal('0.2') == Decimal('0.3'): # True
143
+ print("equal")
144
+
145
+ # Or
146
+ import math
147
+ if math.isclose(0.1 + 0.2, 0.3):
148
+ print("equal")
149
+ ```
150
+
151
+ ---
152
+
153
+ ## 2. Error Handling
154
+
155
+ ### 2.1 Swallowed Exceptions
156
+
157
+ **Check Points**:
158
+ - [ ] Logging after catch
159
+ - [ ] Re-throw or wrap exception
160
+ - [ ] Return meaningful error info
161
+
162
+ ```python
163
+ # ❌ Swallowed exception
164
+ try:
165
+ risky_operation()
166
+ except Exception:
167
+ pass # Does nothing
168
+
169
+ # ❌ Print only, no handling
170
+ try:
171
+ risky_operation()
172
+ except Exception as e:
173
+ print(e) # Continues execution, may cause worse issues
174
+
175
+ # ✅ Correct handling
176
+ try:
177
+ risky_operation()
178
+ except SpecificError as e:
179
+ logger.error(f"Operation failed: {e}", exc_info=True)
180
+ raise OperationFailedError(f"Cannot complete: {e}") from e
181
+ ```
182
+
183
+ ### 2.2 Resource Leaks
184
+
185
+ **Check Points**:
186
+ - [ ] File handles closed
187
+ - [ ] Database connections released
188
+ - [ ] Network connections closed
189
+ - [ ] Locks released
190
+
191
+ ```python
192
+ # ❌ Resource leak
193
+ def read_file(path):
194
+ f = open(path)
195
+ data = f.read()
196
+ # If exception here, f is never closed
197
+ return data
198
+
199
+ # ✅ Use context manager
200
+ def read_file(path):
201
+ with open(path) as f:
202
+ return f.read()
203
+
204
+ # ✅ Or try-finally
205
+ def read_file(path):
206
+ f = open(path)
207
+ try:
208
+ return f.read()
209
+ finally:
210
+ f.close()
211
+ ```
212
+
213
+ ### 2.3 Network Timeout
214
+
215
+ **Check Points**:
216
+ - [ ] HTTP requests have timeout
217
+ - [ ] Database queries have timeout
218
+ - [ ] Retry mechanism exists
219
+ - [ ] Retry has exponential backoff
220
+
221
+ ```python
222
+ # ❌ No timeout - may block forever
223
+ response = requests.get(url)
224
+
225
+ # ✅ Set timeout
226
+ response = requests.get(url, timeout=30)
227
+
228
+ # ✅ Request with retry
229
+ from tenacity import retry, stop_after_attempt, wait_exponential
230
+
231
+ @retry(stop=stop_after_attempt(3), wait=wait_exponential(multiplier=1, min=1, max=10))
232
+ def fetch_with_retry(url):
233
+ return requests.get(url, timeout=30)
234
+ ```
235
+
236
+ ---
237
+
238
+ ## 3. Input Validation
239
+
240
+ ### 3.1 SQL Injection
241
+
242
+ **Check Points**:
243
+ - [ ] All SQL uses parameterized queries
244
+ - [ ] No string concatenation for SQL
245
+ - [ ] ORM query params not directly concatenated
246
+
247
+ ```python
248
+ # ❌ SQL injection
249
+ def get_user(user_id):
250
+ cursor.execute(f"SELECT * FROM users WHERE id = '{user_id}'")
251
+ # Input: "'; DROP TABLE users; --"
252
+
253
+ # ✅ Parameterized query
254
+ def get_user(user_id):
255
+ cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
256
+
257
+ # ✅ ORM
258
+ def get_user(user_id):
259
+ return User.objects.get(id=user_id)
260
+ ```
261
+
262
+ ### 3.2 XSS Attack
263
+
264
+ **Check Points**:
265
+ - [ ] User input escaped before output
266
+ - [ ] Using secure template engine
267
+ - [ ] innerHTML doesn't handle untrusted data
268
+
269
+ ```typescript
270
+ // ❌ XSS risk
271
+ element.innerHTML = userInput; // User can inject <script>alert('XSS')</script>
272
+
273
+ // ✅ Use textContent
274
+ element.textContent = userInput;
275
+
276
+ // ✅ Or use DOMPurify
277
+ import DOMPurify from 'dompurify';
278
+ element.innerHTML = DOMPurify.sanitize(userInput);
279
+ ```
280
+
281
+ ### 3.3 Type Validation
282
+
283
+ **Check Points**:
284
+ - [ ] External input type validated
285
+ - [ ] API params have schema validation
286
+ - [ ] Type conversion is safe
287
+
288
+ ```python
289
+ # ❌ Type not validated
290
+ def process_age(age):
291
+ return age + 1 # What if age is string?
292
+
293
+ # ✅ Type validation
294
+ def process_age(age: int) -> int:
295
+ if not isinstance(age, int):
296
+ raise TypeError(f"Expected int, got {type(age)}")
297
+ if age < 0 or age > 150:
298
+ raise ValueError(f"Invalid age: {age}")
299
+ return age + 1
300
+
301
+ # ✅ Use Pydantic
302
+ from pydantic import BaseModel, Field
303
+
304
+ class UserInput(BaseModel):
305
+ age: int = Field(ge=0, le=150)
306
+ ```
307
+
308
+ ---
309
+
310
+ ## 4. Performance Bottlenecks
311
+
312
+ ### 4.1 N+1 Queries
313
+
314
+ **Check Points**:
315
+ - [ ] No database query in loop
316
+ - [ ] Use batch queries
317
+ - [ ] ORM uses select_related/prefetch_related
318
+
319
+ ```python
320
+ # ❌ N+1 query - 100 users = 101 queries
321
+ users = User.objects.all()
322
+ for user in users:
323
+ print(user.profile.bio) # Each profile access triggers a query
324
+
325
+ # ✅ Eager load related data - only 2 queries
326
+ users = User.objects.select_related('profile').all()
327
+ for user in users:
328
+ print(user.profile.bio)
329
+
330
+ # ✅ Many-to-many use prefetch_related
331
+ users = User.objects.prefetch_related('posts').all()
332
+ ```
333
+
334
+ ### 4.2 String Concatenation
335
+
336
+ **Check Points**:
337
+ - [ ] No + concatenation in loops
338
+ - [ ] Use StringBuilder/join
339
+
340
+ ```python
341
+ # ❌ O(n²) string concatenation
342
+ result = ""
343
+ for item in items:
344
+ result += str(item) # Creates new string each time
345
+
346
+ # ✅ O(n) using join
347
+ result = "".join(str(item) for item in items)
348
+
349
+ # ✅ Use StringIO
350
+ from io import StringIO
351
+ buffer = StringIO()
352
+ for item in items:
353
+ buffer.write(str(item))
354
+ result = buffer.getvalue()
355
+ ```
356
+
357
+ ### 4.3 Time Complexity
358
+
359
+ **Check Points**:
360
+ - [ ] Any nested loops that can be optimized
361
+ - [ ] Can use Set/Dict for lookups
362
+ - [ ] Is sorting necessary, can use heap
363
+
364
+ ```python
365
+ # ❌ O(n²) - nested loop lookup
366
+ def find_common(list1, list2):
367
+ common = []
368
+ for item in list1:
369
+ if item in list2: # O(n) lookup
370
+ common.append(item)
371
+ return common
372
+
373
+ # ✅ O(n) - use Set
374
+ def find_common(list1, list2):
375
+ set2 = set(list2) # O(n) build
376
+ return [item for item in list1 if item in set2] # O(1) lookup
377
+ ```
378
+
379
+ ---
380
+
381
+ ## 5. Security
382
+
383
+ ### 5.1 Hardcoded Credentials
384
+
385
+ **Check Points**:
386
+ - [ ] No API keys, passwords, tokens in source
387
+ - [ ] Config files not in version control
388
+ - [ ] Use environment variables or secret manager
389
+
390
+ ```python
391
+ # ❌ Hardcoded
392
+ API_KEY = "sk-1234567890abcdef"
393
+ DB_PASSWORD = "admin123"
394
+
395
+ # ✅ Use environment variables
396
+ import os
397
+ API_KEY = os.environ.get("API_KEY")
398
+ if not API_KEY:
399
+ raise ValueError("API_KEY environment variable required")
400
+
401
+ # ✅ Use Secret Manager
402
+ from google.cloud import secretmanager
403
+ client = secretmanager.SecretManagerServiceClient()
404
+ API_KEY = client.access_secret_version(name="projects/.../secrets/api-key/versions/latest")
405
+ ```
406
+
407
+ ### 5.2 Permission Checks
408
+
409
+ **Check Points**:
410
+ - [ ] Permission check before each sensitive operation
411
+ - [ ] Resource ownership verified
412
+ - [ ] Prevent privilege escalation
413
+
414
+ ```python
415
+ # ❌ No permission check
416
+ @app.get("/users/{user_id}/data")
417
+ async def get_user_data(user_id: str):
418
+ return await db.get_user_data(user_id) # Anyone can access any user data
419
+
420
+ # ✅ Check permissions
421
+ @app.get("/users/{user_id}/data")
422
+ async def get_user_data(user_id: str, current_user: User = Depends(get_current_user)):
423
+ if current_user.id != user_id and not current_user.is_admin:
424
+ raise HTTPException(status_code=403, detail="Access denied")
425
+ return await db.get_user_data(user_id)
426
+ ```
427
+
428
+ ### 5.3 Sensitive Information in Logs
429
+
430
+ **Check Points**:
431
+ - [ ] No passwords or tokens in logs
432
+ - [ ] No complete credit card numbers in logs
433
+ - [ ] No PII (Personally Identifiable Information)
434
+
435
+ ```python
436
+ # ❌ Sensitive info leakage
437
+ logger.info(f"User login: {username}, password: {password}")
438
+ logger.debug(f"Request: {request.json()}") # May contain sensitive data
439
+
440
+ # ✅ Secure logging
441
+ logger.info(f"User login: {username}")
442
+ logger.debug(f"Request to {request.path}, user: {current_user.id}")
443
+ ```
444
+
445
+ ---
446
+
447
+ ## 6. Concurrency Issues
448
+
449
+ ### 6.1 Race Conditions
450
+
451
+ **Check Points**:
452
+ - [ ] Shared state protected
453
+ - [ ] Read-modify-write operations atomic
454
+ - [ ] Appropriate locks used
455
+
456
+ ```python
457
+ # ❌ Race condition
458
+ class Counter:
459
+ def __init__(self):
460
+ self.count = 0
461
+
462
+ def increment(self):
463
+ self.count += 1 # Read-modify-write not atomic
464
+
465
+ # ✅ Use lock
466
+ import threading
467
+
468
+ class Counter:
469
+ def __init__(self):
470
+ self.count = 0
471
+ self._lock = threading.Lock()
472
+
473
+ def increment(self):
474
+ with self._lock:
475
+ self.count += 1
476
+ ```
477
+
478
+ ### 6.2 Deadlock
479
+
480
+ **Check Points**:
481
+ - [ ] Multiple locks acquired in fixed order
482
+ - [ ] Lock acquisition has timeout
483
+ - [ ] No circular dependencies
484
+
485
+ ```python
486
+ # ❌ Possible deadlock
487
+ def transfer_a_to_b():
488
+ with lock_a:
489
+ with lock_b:
490
+ # transfer
491
+
492
+ def transfer_b_to_a():
493
+ with lock_b:
494
+ with lock_a:
495
+ # transfer
496
+
497
+ # ✅ Fixed order lock acquisition
498
+ def transfer(from_account, to_account):
499
+ lock1, lock2 = sorted([from_account.lock, to_account.lock], key=id)
500
+ with lock1:
501
+ with lock2:
502
+ # transfer
503
+ ```
504
+
505
+ ### 6.3 Async Pitfalls
506
+
507
+ **Check Points**:
508
+ - [ ] No blocking calls in async functions
509
+ - [ ] await used correctly
510
+ - [ ] Promise handles reject
511
+
512
+ ```python
513
+ # ❌ Blocking in async
514
+ async def fetch_data():
515
+ time.sleep(5) # Blocks entire event loop!
516
+ return await some_async_call()
517
+
518
+ # ✅ Use async sleep
519
+ async def fetch_data():
520
+ await asyncio.sleep(5)
521
+ return await some_async_call()
522
+
523
+ # ❌ Blocking I/O
524
+ async def read_file():
525
+ with open("file.txt") as f: # Blocking!
526
+ return f.read()
527
+
528
+ # ✅ Use aiofiles
529
+ import aiofiles
530
+ async def read_file():
531
+ async with aiofiles.open("file.txt") as f:
532
+ return await f.read()
533
+ ```
534
+
535
+ ```typescript
536
+ // ❌ Promise not handling reject
537
+ fetch('/api/data').then(r => r.json());
538
+
539
+ // ✅ Handle error
540
+ fetch('/api/data')
541
+ .then(r => r.json())
542
+ .catch(error => {
543
+ console.error('Fetch failed:', error);
544
+ throw error;
545
+ });
546
+
547
+ // ✅ Use async/await
548
+ try {
549
+ const response = await fetch('/api/data');
550
+ return await response.json();
551
+ } catch (error) {
552
+ console.error('Fetch failed:', error);
553
+ throw error;
554
+ }
555
+ ```
556
+
557
+ ---
558
+
559
+ ## 7. Framework-Specific Pitfalls
560
+
561
+ ### React
562
+
563
+ | Pitfall | Check Points | Example |
564
+ |---------|--------------|---------|
565
+ | Non-unique key | Is key unique and stable in lists | `key={index}` causes render issues |
566
+ | useEffect deps | Is dependency array complete | Missing deps causes stale closure |
567
+ | Infinite loop | setState in useEffect | No deps array causes loop |
568
+ | Memory leak | Clean up subscriptions and timers | Continues after unmount |
569
+
570
+ ```tsx
571
+ // ❌ Key using index
572
+ {items.map((item, index) => (
573
+ <Item key={index} data={item} /> // Issues on delete/sort
574
+ ))}
575
+
576
+ // ✅ Use unique ID
577
+ {items.map(item => (
578
+ <Item key={item.id} data={item} />
579
+ ))}
580
+
581
+ // ❌ Incomplete useEffect deps
582
+ useEffect(() => {
583
+ fetchUser(userId);
584
+ }, []); // Missing userId
585
+
586
+ // ✅ Complete deps
587
+ useEffect(() => {
588
+ fetchUser(userId);
589
+ }, [userId]);
590
+ ```
591
+
592
+ ### Vue
593
+
594
+ | Pitfall | Check Points | Example |
595
+ |---------|--------------|---------|
596
+ | v-if/v-for order | v-if should be outer | Together causes performance issue |
597
+ | Reactivity lost | Is object property reactive | Direct new property not reactive |
598
+ | this context | Arrow function this | Cannot access component this |
599
+
600
+ ```vue
601
+ <!-- ❌ v-for with v-if together -->
602
+ <li v-for="user in users" v-if="user.active">
603
+
604
+ <!-- ✅ Use computed to filter -->
605
+ <li v-for="user in activeUsers">
606
+ ```
607
+
608
+ ### Django
609
+
610
+ | Pitfall | Check Points | Example |
611
+ |---------|--------------|---------|
612
+ | N+1 queries | Use select_related | Accessing FK in loop |
613
+ | Unvalidated input | Form/Serializer validation | Direct request.POST usage |
614
+ | Password storage | Use make_password | Plaintext password storage |
615
+
616
+ ### FastAPI
617
+
618
+ | Pitfall | Check Points | Example |
619
+ |---------|--------------|---------|
620
+ | Sync blocking | No sync I/O in async | Using requests instead of httpx |
621
+ | Dependency injection | Depends used correctly | Dependency not declared |
622
+ | CORS | CORS configured | Frontend cannot access |
623
+
624
+ ---
625
+
626
+ ## Quick Self-Check List
627
+
628
+ When reviewing each file, quickly check:
629
+
630
+ ```markdown
631
+ ## Quick Self-Check (Per File)
632
+
633
+ ### Boundary Handling
634
+ - [ ] null/empty value handling
635
+ - [ ] Array bounds
636
+ - [ ] Type conversion
637
+
638
+ ### Error Handling
639
+ - [ ] try-catch complete
640
+ - [ ] Resource cleanup (finally)
641
+ - [ ] Exception logging
642
+
643
+ ### Security
644
+ - [ ] No hardcoded credentials
645
+ - [ ] Input validation
646
+ - [ ] Permission checks
647
+
648
+ ### Performance
649
+ - [ ] No N+1 queries
650
+ - [ ] No O(n²) nested loops
651
+ - [ ] String handling optimized
652
+
653
+ ### Concurrency
654
+ - [ ] Shared state protected
655
+ - [ ] async/await correct
656
+ - [ ] No blocking calls
657
+ ```