@tinkcarlos/skillora 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/.temp-skill-index.md +245 -0
- package/.claude/skills/SKILL.md +264 -0
- package/.claude/skills/api-scaffolding/SKILL.md +431 -0
- package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
- package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
- package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
- package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
- package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
- package/.claude/skills/api-testing-observability/SKILL.md +583 -0
- package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
- package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
- package/.claude/skills/brainstorming/SKILL.md +283 -0
- package/.claude/skills/bug-fixing/SKILL.md +382 -0
- package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
- package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
- package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
- package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
- package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
- package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
- package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
- package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
- package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
- package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
- package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
- package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
- package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
- package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
- package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
- package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
- package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
- package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
- package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
- package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
- package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
- package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
- package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
- package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
- package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
- package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
- package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
- package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
- package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
- package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
- package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
- package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
- package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
- package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
- package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
- package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
- package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
- package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
- package/.claude/skills/code-review/SKILL.md +535 -0
- package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
- package/.claude/skills/code-review/references/automated-analysis.md +456 -0
- package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
- package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
- package/.claude/skills/code-review/references/backend-review.md +868 -0
- package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
- package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
- package/.claude/skills/code-review/references/common-patterns.md +321 -0
- package/.claude/skills/code-review/references/configuration-review.md +425 -0
- package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
- package/.claude/skills/code-review/references/database-review.md +298 -0
- package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
- package/.claude/skills/code-review/references/external-standards.md +51 -0
- package/.claude/skills/code-review/references/feature-review.md +329 -0
- package/.claude/skills/code-review/references/file-review-template.md +326 -0
- package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
- package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
- package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
- package/.claude/skills/code-review/references/frontend-review.md +783 -0
- package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
- package/.claude/skills/code-review/references/fullstack-review.md +477 -0
- package/.claude/skills/code-review/references/functional-completeness.md +386 -0
- package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
- package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
- package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
- package/.claude/skills/code-review/references/iteration-review.md +264 -0
- package/.claude/skills/code-review/references/job-review.md +335 -0
- package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
- package/.claude/skills/code-review/references/logic-completeness.md +535 -0
- package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
- package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
- package/.claude/skills/code-review/references/new-project-review.md +226 -0
- package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
- package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
- package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
- package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
- package/.claude/skills/code-review/references/python-patterns.md +494 -0
- package/.claude/skills/code-review/references/rca-techniques.md +362 -0
- package/.claude/skills/code-review/references/report-template.md +430 -0
- package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
- package/.claude/skills/code-review/references/review-dimensions.md +311 -0
- package/.claude/skills/code-review/references/review-guide.md +202 -0
- package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
- package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
- package/.claude/skills/code-review/references/review-record-template.md +195 -0
- package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
- package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
- package/.claude/skills/containerization/SKILL.md +313 -0
- package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
- package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
- package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
- package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
- package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
- package/.claude/skills/frontend-design/LICENSE.txt +177 -0
- package/.claude/skills/frontend-design/SKILL.md +587 -0
- package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
- package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
- package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
- package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
- package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
- package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
- package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
- package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
- package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
- package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
- package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
- package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
- package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
- package/.claude/skills/fullstack-developer/SKILL.md +512 -0
- package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
- package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
- package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
- package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
- package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
- package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
- package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
- package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
- package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
- package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
- package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
- package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
- package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
- package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
- package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
- package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
- package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
- package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
- package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
- package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
- package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
- package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
- package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
- package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
- package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
- package/.claude/skills/performance-optimization/SKILL.md +250 -0
- package/.claude/skills/product-requirements/SKILL.md +357 -0
- package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
- package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
- package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
- package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
- package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
- package/.claude/skills/product-requirements/references/external-standards.md +62 -0
- package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
- package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
- package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
- package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
- package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
- package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
- package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
- package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
- package/.claude/skills/react-best-practices/SKILL.md +198 -0
- package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
- package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
- package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
- package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
- package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
- package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
- package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
- package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
- package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
- package/.claude/skills/security-audit/SKILL.md +226 -0
- package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
- package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
- package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
- package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
- package/.claude/skills/shared-references/skill-call-graph.md +230 -0
- package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
- package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
- package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
- package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
- package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
- package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
- package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
- package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
- package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
- package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
- package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
- package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
- package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
- package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
- package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
- package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
- package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
- package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
- package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
- package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
- package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
- package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
- package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
- package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
- package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
- package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
- package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
- package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
- package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
- package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
- package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
- package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
- package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
- package/.claude/skills/test-driven-development/SKILL.md +246 -0
- package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
- package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
- package/.claude/skills/using-skillstack/SKILL.md +127 -0
- package/.claude/skills/vercel-deploy/SKILL.md +166 -0
- package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
- package/.claude/skills/verification-before-completion/SKILL.md +305 -0
- package/.claude/skills/writing-plans/SKILL.md +259 -0
- package/README.md +69 -0
- package/bin/cli.js +468 -0
- package/lib/init.js +333 -0
- package/package.json +29 -0
|
@@ -0,0 +1,311 @@
|
|
|
1
|
+
# Review Dimensions - Detailed Criteria
|
|
2
|
+
|
|
3
|
+
Deep dive into each review dimension with specific patterns to identify.
|
|
4
|
+
|
|
5
|
+
## 1. Correctness
|
|
6
|
+
|
|
7
|
+
### Logic Verification
|
|
8
|
+
- **Control flow** - All branches reachable and correct?
|
|
9
|
+
- **Loop termination** - Infinite loop risks?
|
|
10
|
+
- **Null safety** - Null/undefined handling complete?
|
|
11
|
+
- **Type safety** - Type coercion issues?
|
|
12
|
+
- **Edge cases** - Empty arrays, zero values, max values?
|
|
13
|
+
|
|
14
|
+
### Common Bugs to Catch
|
|
15
|
+
```typescript
|
|
16
|
+
// Off-by-one errors
|
|
17
|
+
for (let i = 0; i <= arr.length; i++) // 🚫 Should be <
|
|
18
|
+
|
|
19
|
+
// Mutation of shared state
|
|
20
|
+
const defaults = { a: 1 };
|
|
21
|
+
function init(opts) {
|
|
22
|
+
Object.assign(defaults, opts); // 🚫 Mutates shared object
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
// Async race conditions
|
|
26
|
+
let data;
|
|
27
|
+
async function load() {
|
|
28
|
+
data = await fetch(); // 🚫 Race if called multiple times
|
|
29
|
+
}
|
|
30
|
+
|
|
31
|
+
// Floating point comparison
|
|
32
|
+
if (0.1 + 0.2 === 0.3) // 🚫 False due to floating point
|
|
33
|
+
```
|
|
34
|
+
|
|
35
|
+
### Verification Questions
|
|
36
|
+
1. What happens with empty input?
|
|
37
|
+
2. What happens with null/undefined?
|
|
38
|
+
3. What happens at boundaries (0, -1, MAX_INT)?
|
|
39
|
+
4. What happens with concurrent access?
|
|
40
|
+
5. What happens if dependencies fail?
|
|
41
|
+
|
|
42
|
+
## 2. Security
|
|
43
|
+
|
|
44
|
+
### OWASP Top 10 Checks
|
|
45
|
+
|
|
46
|
+
| Vulnerability | What to Look For |
|
|
47
|
+
|--------------|------------------|
|
|
48
|
+
| Injection | Unsanitized input in queries/commands |
|
|
49
|
+
| Broken Auth | Missing/weak session management |
|
|
50
|
+
| Sensitive Data | Plaintext storage, weak encryption |
|
|
51
|
+
| XXE | External entity processing enabled |
|
|
52
|
+
| Access Control | Missing authorization checks |
|
|
53
|
+
| Misconfig | Debug enabled, default credentials |
|
|
54
|
+
| XSS | Unescaped user input in output |
|
|
55
|
+
| Deserialization | Untrusted data deserialization |
|
|
56
|
+
| Components | Known vulnerable dependencies |
|
|
57
|
+
| Logging | Insufficient audit trails |
|
|
58
|
+
|
|
59
|
+
### Security Anti-Patterns
|
|
60
|
+
```typescript
|
|
61
|
+
// SQL Injection
|
|
62
|
+
db.query(`SELECT * FROM users WHERE id = ${userId}`); // 🚫
|
|
63
|
+
|
|
64
|
+
// Command Injection
|
|
65
|
+
exec(`ls ${userPath}`); // 🚫
|
|
66
|
+
|
|
67
|
+
// XSS
|
|
68
|
+
element.innerHTML = userInput; // 🚫
|
|
69
|
+
|
|
70
|
+
// Hardcoded secrets
|
|
71
|
+
const API_KEY = "sk-1234567890"; // 🚫
|
|
72
|
+
|
|
73
|
+
// Weak crypto
|
|
74
|
+
crypto.createHash('md5'); // 🚫 Use SHA-256+
|
|
75
|
+
|
|
76
|
+
// Missing auth check
|
|
77
|
+
app.get('/admin/users', (req, res) => {
|
|
78
|
+
// 🚫 No authorization check
|
|
79
|
+
return getAllUsers();
|
|
80
|
+
});
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
## 3. Performance
|
|
84
|
+
|
|
85
|
+
### Time Complexity Red Flags
|
|
86
|
+
```typescript
|
|
87
|
+
// O(n²) when O(n) possible
|
|
88
|
+
arr.filter(x => arr2.includes(x)); // 🚫 Use Set
|
|
89
|
+
|
|
90
|
+
// O(n) when O(1) possible
|
|
91
|
+
if (largeArray.length > 0) // ✅ O(1)
|
|
92
|
+
if (largeArray.find(x => x)) // 🚫 O(n)
|
|
93
|
+
|
|
94
|
+
// Repeated expensive operations
|
|
95
|
+
items.map(i => expensiveOp(i)).filter(Boolean).map(transform);
|
|
96
|
+
// 🚫 Should combine into single pass
|
|
97
|
+
```
|
|
98
|
+
|
|
99
|
+
### Database Performance
|
|
100
|
+
```typescript
|
|
101
|
+
// N+1 Query
|
|
102
|
+
users.forEach(async u => {
|
|
103
|
+
u.posts = await db.posts.find({ userId: u.id }); // 🚫
|
|
104
|
+
});
|
|
105
|
+
// ✅ Batch: const posts = await db.posts.find({ userId: { $in: userIds } })
|
|
106
|
+
|
|
107
|
+
// Missing index usage
|
|
108
|
+
db.find({ createdAt: { $gt: date }, status: 'active' });
|
|
109
|
+
// Check: Is there a compound index on (createdAt, status)?
|
|
110
|
+
|
|
111
|
+
// Over-fetching
|
|
112
|
+
const user = await db.users.findOne(id); // Fetches all fields
|
|
113
|
+
// ✅ const user = await db.users.findOne(id, { select: ['name', 'email'] })
|
|
114
|
+
```
|
|
115
|
+
|
|
116
|
+
### React Performance
|
|
117
|
+
```typescript
|
|
118
|
+
// Missing dependency in useEffect
|
|
119
|
+
useEffect(() => { fetch(url) }, []); // 🚫 Missing url
|
|
120
|
+
|
|
121
|
+
// Inline object causing re-renders
|
|
122
|
+
<Component style={{ color: 'red' }} /> // 🚫 New object every render
|
|
123
|
+
|
|
124
|
+
// Missing React.memo for expensive components
|
|
125
|
+
export function ExpensiveList({ items }) { // 🚫 Should memoize
|
|
126
|
+
|
|
127
|
+
// State updates in render
|
|
128
|
+
function Component() {
|
|
129
|
+
setCount(count + 1); // 🚫 Infinite loop
|
|
130
|
+
}
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
## 4. Maintainability
|
|
134
|
+
|
|
135
|
+
### Code Smells
|
|
136
|
+
| Smell | Indicator | Solution |
|
|
137
|
+
|-------|-----------|----------|
|
|
138
|
+
| Long Function | >50 lines | Extract into smaller functions |
|
|
139
|
+
| Deep Nesting | >3 levels | Guard clauses, early returns |
|
|
140
|
+
| God Class | Too many responsibilities | Split by domain |
|
|
141
|
+
| Feature Envy | Method uses other class more | Move method |
|
|
142
|
+
| Magic Values | Unexplained literals | Named constants |
|
|
143
|
+
| Dead Code | Unreachable/unused code | Remove |
|
|
144
|
+
| Duplicate Code | Copy-paste patterns | Extract and reuse |
|
|
145
|
+
|
|
146
|
+
### Naming Quality
|
|
147
|
+
```typescript
|
|
148
|
+
// Bad naming
|
|
149
|
+
const d = new Date(); // 🚫 What date?
|
|
150
|
+
const arr = []; // 🚫 Array of what?
|
|
151
|
+
function process(data) {} // 🚫 Process how?
|
|
152
|
+
|
|
153
|
+
// Good naming
|
|
154
|
+
const registrationDeadline = new Date(); // ✅
|
|
155
|
+
const pendingOrders = []; // ✅
|
|
156
|
+
function validateAndSubmitOrder(orderData) {} // ✅
|
|
157
|
+
```
|
|
158
|
+
|
|
159
|
+
### Error Handling
|
|
160
|
+
```typescript
|
|
161
|
+
// Swallowed errors
|
|
162
|
+
try { riskyOp() } catch (e) {} // 🚫
|
|
163
|
+
|
|
164
|
+
// Generic catch without context
|
|
165
|
+
catch (error) { throw error; } // 🚫 Add context
|
|
166
|
+
|
|
167
|
+
// Missing error types
|
|
168
|
+
throw new Error('Failed'); // 🚫 Use specific error class
|
|
169
|
+
|
|
170
|
+
// ✅ Good error handling
|
|
171
|
+
try {
|
|
172
|
+
await submitOrder(order);
|
|
173
|
+
} catch (error) {
|
|
174
|
+
logger.error('Order submission failed', { orderId: order.id, error });
|
|
175
|
+
throw new OrderSubmissionError(order.id, error);
|
|
176
|
+
}
|
|
177
|
+
```
|
|
178
|
+
|
|
179
|
+
## 5. Architecture
|
|
180
|
+
|
|
181
|
+
### SOLID Principles Check
|
|
182
|
+
|
|
183
|
+
| Principle | Question |
|
|
184
|
+
|-----------|----------|
|
|
185
|
+
| **S**ingle Responsibility | Does this class/function do one thing? |
|
|
186
|
+
| **O**pen/Closed | Can we extend without modifying? |
|
|
187
|
+
| **L**iskov Substitution | Can subtypes replace base types? |
|
|
188
|
+
| **I**nterface Segregation | Are interfaces minimal and focused? |
|
|
189
|
+
| **D**ependency Inversion | Do we depend on abstractions? |
|
|
190
|
+
|
|
191
|
+
### Layer Violations
|
|
192
|
+
```
|
|
193
|
+
Correct: UI → Service → Repository → Database
|
|
194
|
+
Wrong: UI → Database (bypasses service layer)
|
|
195
|
+
Wrong: Repository → UI (reverse dependency)
|
|
196
|
+
```
|
|
197
|
+
|
|
198
|
+
### Dependency Direction
|
|
199
|
+
```typescript
|
|
200
|
+
// 🚫 Feature depending on feature
|
|
201
|
+
import { PaymentService } from '../payment/service';
|
|
202
|
+
|
|
203
|
+
// ✅ Both depend on shared interface
|
|
204
|
+
import { IPaymentProvider } from '../shared/interfaces';
|
|
205
|
+
```
|
|
206
|
+
|
|
207
|
+
## 6. Cross-Module Side Effects
|
|
208
|
+
|
|
209
|
+
### Questions to Ask
|
|
210
|
+
1. Does this change any shared state?
|
|
211
|
+
2. Does this modify any global configuration?
|
|
212
|
+
3. Does this change any event contracts?
|
|
213
|
+
4. Does this affect any cached data?
|
|
214
|
+
5. Does this change any database schemas?
|
|
215
|
+
6. Does this change any API contracts?
|
|
216
|
+
7. Does this affect any background jobs?
|
|
217
|
+
8. Does this change any feature flags?
|
|
218
|
+
|
|
219
|
+
### Impact Categories
|
|
220
|
+
| Category | What to Check |
|
|
221
|
+
|----------|--------------|
|
|
222
|
+
| State | Redux/Zustand stores, context |
|
|
223
|
+
| Events | Event bus, WebSocket messages |
|
|
224
|
+
| Cache | Redis, local storage, memoization |
|
|
225
|
+
| Database | Schema changes, migrations |
|
|
226
|
+
| API | Request/response shapes, status codes |
|
|
227
|
+
| Config | Environment variables, feature flags |
|
|
228
|
+
| Jobs | Cron jobs, queue processors |
|
|
229
|
+
| External | Third-party integrations |
|
|
230
|
+
|
|
231
|
+
## 7. Test Quality Review
|
|
232
|
+
|
|
233
|
+
Beyond "does it have tests", evaluate **test quality** to catch hidden bugs.
|
|
234
|
+
|
|
235
|
+
### Test Quality Dimensions
|
|
236
|
+
|
|
237
|
+
| Dimension | Good Test | Bad Test | Why It Matters |
|
|
238
|
+
|-----------|-----------|----------|----------------|
|
|
239
|
+
| **Target** | Behavior/Output | Internal state/implementation | Implementation tests break on refactor |
|
|
240
|
+
| **Naming** | Describes expected behavior | Describes implementation steps | Readable tests serve as documentation |
|
|
241
|
+
| **Independence** | No shared state between tests | Tests depend on execution order | Flaky tests, hard to debug |
|
|
242
|
+
| **Assertion** | User-visible results | Component internals | Tests should verify what users see |
|
|
243
|
+
| **Determinism** | Same result every run | Depends on time/random/network | Flaky tests waste debugging time |
|
|
244
|
+
|
|
245
|
+
### Test Anti-Patterns to Catch
|
|
246
|
+
|
|
247
|
+
```typescript
|
|
248
|
+
// 🚫 Testing implementation details
|
|
249
|
+
test('increments counter variable', () => {
|
|
250
|
+
const component = render(<Counter />);
|
|
251
|
+
fireEvent.click(component.getByRole('button'));
|
|
252
|
+
expect(component.state.counter).toBe(1); // 💀 Testing internal state
|
|
253
|
+
});
|
|
254
|
+
|
|
255
|
+
// ✅ Testing behavior
|
|
256
|
+
test('displays incremented count when clicked', () => {
|
|
257
|
+
render(<Counter />);
|
|
258
|
+
fireEvent.click(screen.getByRole('button', { name: /increment/i }));
|
|
259
|
+
expect(screen.getByText('Count: 1')).toBeInTheDocument(); // ✅ What user sees
|
|
260
|
+
});
|
|
261
|
+
|
|
262
|
+
// 🚫 Overly coupled to implementation
|
|
263
|
+
test('calls setState with correct value', () => {
|
|
264
|
+
const setStateSpy = jest.spyOn(Component.prototype, 'setState');
|
|
265
|
+
// 💀 Breaks if refactored to hooks
|
|
266
|
+
});
|
|
267
|
+
|
|
268
|
+
// 🚫 Tests that depend on order
|
|
269
|
+
let sharedData;
|
|
270
|
+
test('first test sets data', () => {
|
|
271
|
+
sharedData = createData(); // 💀 Pollutes other tests
|
|
272
|
+
});
|
|
273
|
+
test('second test uses data', () => {
|
|
274
|
+
expect(sharedData).toBeDefined(); // 💀 Fails if run alone
|
|
275
|
+
});
|
|
276
|
+
```
|
|
277
|
+
|
|
278
|
+
### Test Coverage Quality Checklist
|
|
279
|
+
|
|
280
|
+
```markdown
|
|
281
|
+
## Test Quality Checklist
|
|
282
|
+
|
|
283
|
+
### Coverage Quality (not just %)
|
|
284
|
+
- [ ] Happy path tested
|
|
285
|
+
- [ ] Edge cases covered (empty, null, max values)
|
|
286
|
+
- [ ] Error cases tested (network failure, invalid input)
|
|
287
|
+
- [ ] Boundary conditions verified
|
|
288
|
+
- [ ] Async behavior tested correctly
|
|
289
|
+
|
|
290
|
+
### Test Design
|
|
291
|
+
- [ ] Tests describe behavior, not implementation
|
|
292
|
+
- [ ] Test names are clear and descriptive
|
|
293
|
+
- [ ] Each test verifies ONE thing
|
|
294
|
+
- [ ] Tests are independent (no shared mutable state)
|
|
295
|
+
- [ ] Tests can run in any order
|
|
296
|
+
- [ ] No flaky tests (time/random/network dependent)
|
|
297
|
+
|
|
298
|
+
### Assertion Quality
|
|
299
|
+
- [ ] Assertions verify user-visible outcomes
|
|
300
|
+
- [ ] Error messages are helpful when tests fail
|
|
301
|
+
- [ ] No overly broad assertions (e.g., `expect(result).toBeTruthy()`)
|
|
302
|
+
```
|
|
303
|
+
|
|
304
|
+
### Questions for Test Review
|
|
305
|
+
|
|
306
|
+
1. If this test passes, can we be confident the feature works?
|
|
307
|
+
2. If implementation changes but behavior stays same, will test still pass?
|
|
308
|
+
3. If test fails, will the error message tell us what went wrong?
|
|
309
|
+
4. Can this test ever flake? (time, random, network, order)
|
|
310
|
+
5. Is this testing our code or testing the framework?
|
|
311
|
+
|
|
@@ -0,0 +1,202 @@
|
|
|
1
|
+
# Code Review Universal Guide
|
|
2
|
+
|
|
3
|
+
This document provides cross-project code review patterns, detection methods, and recommendations. Updated periodically by extracting patterns from project-level review records.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Common Issue Pattern Library
|
|
8
|
+
|
|
9
|
+
### Category 1: Error Handling Issues
|
|
10
|
+
|
|
11
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
12
|
+
|---------|-----------------|-----------|----------------|
|
|
13
|
+
| **Silent catch** | Exception caught but not logged/handled | Search for empty catch blocks | Log error context, then handle or rethrow |
|
|
14
|
+
| **Error swallowing** | Returns null/default without indicating failure | Check return paths in error handlers | Use Result type or throw meaningful errors |
|
|
15
|
+
| **Missing error boundary** | UI crashes on component error | Check for error boundaries in React | Wrap risky components with error boundary |
|
|
16
|
+
| **Inconsistent error format** | Different error shapes across APIs | Compare error responses | Standardize error response schema |
|
|
17
|
+
|
|
18
|
+
### Category 2: Security Issues
|
|
19
|
+
|
|
20
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
21
|
+
|---------|-----------------|-----------|----------------|
|
|
22
|
+
| **Missing auth check** | Endpoint accessible without authentication | Check middleware/guards on routes | Add auth middleware to all protected routes |
|
|
23
|
+
| **Insufficient authz** | User can access others' resources | Check resource ownership validation | Verify ownership before operations |
|
|
24
|
+
| **Input not sanitized** | User input used directly in queries/commands | Trace user input flow | Validate and sanitize at entry points |
|
|
25
|
+
| **Secrets in code** | API keys, passwords in source | Search for secret patterns | Use environment variables or secret manager |
|
|
26
|
+
| **Excessive logging** | PII or secrets in log output | Review log statements | Redact sensitive data before logging |
|
|
27
|
+
|
|
28
|
+
### Category 3: Concurrency Issues
|
|
29
|
+
|
|
30
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
31
|
+
|---------|-----------------|-----------|----------------|
|
|
32
|
+
| **Unawaited promise** | Async operation not awaited | Search for promises without await | Ensure all async operations are awaited |
|
|
33
|
+
| **Race condition** | Shared state modified concurrently | Check for shared mutable state | Use locks, queues, or immutable patterns |
|
|
34
|
+
| **Stale closure** | Callback captures old state value | Check useEffect deps, event handlers | Include dependencies, use refs if needed |
|
|
35
|
+
| **Missing cleanup** | Subscriptions/timers not cancelled | Check component unmount handling | Return cleanup function from useEffect |
|
|
36
|
+
|
|
37
|
+
### Category 4: Data Integrity Issues
|
|
38
|
+
|
|
39
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
40
|
+
|---------|-----------------|-----------|----------------|
|
|
41
|
+
| **Missing validation** | Data accepted without checks | Check input boundaries | Validate at system boundaries |
|
|
42
|
+
| **Type coercion bug** | String/number confusion | Check comparison operators | Use strict equality, explicit conversion |
|
|
43
|
+
| **Null dereference** | Access property on null/undefined | Check optional chaining usage | Add null checks or use optional chaining |
|
|
44
|
+
| **State inconsistency** | Related data out of sync | Check transaction boundaries | Use transactions for related changes |
|
|
45
|
+
|
|
46
|
+
### Category 5: API Contract Issues
|
|
47
|
+
|
|
48
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
49
|
+
|---------|-----------------|-----------|----------------|
|
|
50
|
+
| **Breaking change** | Field removed/renamed | Compare before/after API shapes | Version API, deprecate before removal |
|
|
51
|
+
| **Missing field** | Required field not returned | Check API response completeness | Validate response against schema |
|
|
52
|
+
| **Wrong type** | Field type changed | Compare type definitions | Use TypeScript/schema validation |
|
|
53
|
+
| **Undocumented behavior** | Implicit assumptions | Check API documentation | Document all behaviors explicitly |
|
|
54
|
+
|
|
55
|
+
### Category 6: Performance Issues
|
|
56
|
+
|
|
57
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
58
|
+
|---------|-----------------|-----------|----------------|
|
|
59
|
+
| **N+1 query** | Separate query per item in loop | Check database queries in loops | Use batch queries, eager loading |
|
|
60
|
+
| **Missing index** | Slow queries on large tables | Check query plans | Add indexes for filtered/sorted columns |
|
|
61
|
+
| **Unnecessary rerender** | Component rerenders too often | Check React DevTools profiler | Memoize components, optimize deps |
|
|
62
|
+
| **Large bundle** | Importing entire libraries | Check bundle analyzer | Use tree-shaking, dynamic imports |
|
|
63
|
+
|
|
64
|
+
### Category 7: Resource Management Issues
|
|
65
|
+
|
|
66
|
+
| Pattern | Typical Finding | Detection | Recommendation |
|
|
67
|
+
|---------|-----------------|-----------|----------------|
|
|
68
|
+
| **Connection leak** | Database connections not closed | Check connection lifecycle | Use connection pools, close in finally |
|
|
69
|
+
| **Memory leak** | Objects retained beyond lifetime | Check for growing memory usage | Clear references, use weak references |
|
|
70
|
+
| **File handle leak** | Files opened but not closed | Check file operations | Use try-finally or with statements |
|
|
71
|
+
| **Event listener leak** | Listeners added but not removed | Check addEventListener calls | Remove listeners on cleanup |
|
|
72
|
+
|
|
73
|
+
---
|
|
74
|
+
|
|
75
|
+
## High-Frequency Missed Issues (Top 10)
|
|
76
|
+
|
|
77
|
+
1. **Unawaited async operations**: Promise started but not awaited
|
|
78
|
+
2. **Missing null checks**: Accessing properties on potentially null values
|
|
79
|
+
3. **Silent error handling**: Catching errors without logging or handling
|
|
80
|
+
4. **Insufficient input validation**: Trusting user input without checks
|
|
81
|
+
5. **Missing authorization checks**: Assuming authentication = authorization
|
|
82
|
+
6. **Stale state in callbacks**: Closures capturing old state values
|
|
83
|
+
7. **Missing cleanup on unmount**: Timers, subscriptions not cancelled
|
|
84
|
+
8. **Breaking API changes**: Removing/renaming fields without versioning
|
|
85
|
+
9. **N+1 database queries**: Per-item queries instead of batch
|
|
86
|
+
10. **Secrets in logs**: Logging sensitive data accidentally
|
|
87
|
+
|
|
88
|
+
---
|
|
89
|
+
|
|
90
|
+
## Review Priority Matrix
|
|
91
|
+
|
|
92
|
+
| Area | Priority | Why |
|
|
93
|
+
|------|----------|-----|
|
|
94
|
+
| **Security** | Highest | Breaches are catastrophic |
|
|
95
|
+
| **Data Integrity** | High | Corruption is hard to recover |
|
|
96
|
+
| **Error Handling** | High | Silent failures mask issues |
|
|
97
|
+
| **API Contracts** | High | Breaking changes affect consumers |
|
|
98
|
+
| **Concurrency** | High | Race conditions are hard to debug |
|
|
99
|
+
| **Performance** | Medium | Usually fixable later |
|
|
100
|
+
| **Resource Management** | Medium | Leaks accumulate over time |
|
|
101
|
+
| **Code Quality** | Lower | Important but not urgent |
|
|
102
|
+
|
|
103
|
+
---
|
|
104
|
+
|
|
105
|
+
## Universal Review Checklist
|
|
106
|
+
|
|
107
|
+
### Quick Check (Every Review)
|
|
108
|
+
|
|
109
|
+
- [ ] **No security holes**: Auth, authz, input validation, secrets
|
|
110
|
+
- [ ] **No silent failures**: Errors logged and handled
|
|
111
|
+
- [ ] **No null dereferences**: Null checks or optional chaining
|
|
112
|
+
- [ ] **No async bugs**: All promises awaited
|
|
113
|
+
- [ ] **No breaking changes**: API backward compatible
|
|
114
|
+
|
|
115
|
+
### Deep Check (Complex Changes)
|
|
116
|
+
|
|
117
|
+
- [ ] **Transaction boundaries**: Related changes atomic
|
|
118
|
+
- [ ] **Cleanup paths**: Resources released on all paths
|
|
119
|
+
- [ ] **Concurrency safety**: No race conditions
|
|
120
|
+
- [ ] **Performance impact**: No N+1, no large imports
|
|
121
|
+
- [ ] **Test coverage**: Critical paths tested
|
|
122
|
+
|
|
123
|
+
### Integration Check (Cross-System)
|
|
124
|
+
|
|
125
|
+
- [ ] **API contract matches**: Request/response shapes correct
|
|
126
|
+
- [ ] **Error propagation**: Errors surface correctly
|
|
127
|
+
- [ ] **Timeout handling**: External calls have timeouts
|
|
128
|
+
- [ ] **Retry logic**: Transient failures handled
|
|
129
|
+
|
|
130
|
+
---
|
|
131
|
+
|
|
132
|
+
## Pattern Extraction Guide
|
|
133
|
+
|
|
134
|
+
When you have 5-10 review records in your project's `code-review-record.md`, extract common patterns:
|
|
135
|
+
|
|
136
|
+
### Step 1: Identify Recurring Themes
|
|
137
|
+
|
|
138
|
+
Group findings by:
|
|
139
|
+
- Category (security, performance, error handling, etc.)
|
|
140
|
+
- Component/module (auth, API, database, etc.)
|
|
141
|
+
- Root cause (knowledge gap, oversight, complexity)
|
|
142
|
+
|
|
143
|
+
### Step 2: Abstract to Universal Pattern
|
|
144
|
+
|
|
145
|
+
Transform project-specific details to generic patterns:
|
|
146
|
+
|
|
147
|
+
| Project-Specific | Universal Pattern |
|
|
148
|
+
|------------------|-------------------|
|
|
149
|
+
| "Missing authz check in UserController" | "Authorization bypass: endpoint checks auth but not ownership" |
|
|
150
|
+
| "useState not updated in onClick" | "Stale closure: callback captures old state value" |
|
|
151
|
+
| "SQL query in forEach loop" | "N+1 query: per-item database queries instead of batch" |
|
|
152
|
+
|
|
153
|
+
### Step 3: Document in This Guide
|
|
154
|
+
|
|
155
|
+
Add new patterns to the appropriate category table above with:
|
|
156
|
+
- Pattern name
|
|
157
|
+
- Typical finding
|
|
158
|
+
- Detection method
|
|
159
|
+
- Recommendation
|
|
160
|
+
|
|
161
|
+
### Step 4: Update Review Checklist
|
|
162
|
+
|
|
163
|
+
If the pattern reveals a new check, add it to the appropriate checklist section.
|
|
164
|
+
|
|
165
|
+
---
|
|
166
|
+
|
|
167
|
+
## Anti-Patterns in Code Review
|
|
168
|
+
|
|
169
|
+
| Anti-Pattern | Why It's Harmful | Better Approach |
|
|
170
|
+
|--------------|------------------|-----------------|
|
|
171
|
+
| **Style wars** | Wastes time on preferences | Use automated formatters |
|
|
172
|
+
| **Rubber stamping** | Misses real issues | Follow structured checklist |
|
|
173
|
+
| **Nitpicking only** | Ignores important issues | Prioritize by severity |
|
|
174
|
+
| **Blocking on P3** | Delays valuable changes | Allow P3 as follow-up |
|
|
175
|
+
| **No evidence** | Claims without proof | Quote code with line numbers |
|
|
176
|
+
| **Personal attacks** | Damages team dynamics | Focus on code, not author |
|
|
177
|
+
|
|
178
|
+
---
|
|
179
|
+
|
|
180
|
+
## Quick Reference
|
|
181
|
+
|
|
182
|
+
### When Same Issue Keeps Appearing
|
|
183
|
+
|
|
184
|
+
1. Check if it's in this guide already
|
|
185
|
+
2. Add to project's code-review-record.md if not
|
|
186
|
+
3. Consider adding to team's review checklist
|
|
187
|
+
4. Discuss in team to address root cause (training, tooling)
|
|
188
|
+
|
|
189
|
+
### When Unsure if Issue Matters
|
|
190
|
+
|
|
191
|
+
1. Ask: "What's the worst that could happen?"
|
|
192
|
+
2. Security/data issues → P0/P1
|
|
193
|
+
3. Functionality issues → P1/P2
|
|
194
|
+
4. Style/preference → P3 or skip
|
|
195
|
+
|
|
196
|
+
### When Author Disagrees
|
|
197
|
+
|
|
198
|
+
1. Cite evidence (code, docs, standards)
|
|
199
|
+
2. For P0/P1: Escalate if needed
|
|
200
|
+
3. For P2/P3: Document and move on
|
|
201
|
+
4. Focus on impact, not preferences
|
|
202
|
+
|