@tinkcarlos/skillora 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/.temp-skill-index.md +245 -0
- package/.claude/skills/SKILL.md +264 -0
- package/.claude/skills/api-scaffolding/SKILL.md +431 -0
- package/.claude/skills/api-scaffolding/agents/backend-architect.md +282 -0
- package/.claude/skills/api-scaffolding/agents/django-pro.md +144 -0
- package/.claude/skills/api-scaffolding/agents/fastapi-pro.md +156 -0
- package/.claude/skills/api-scaffolding/agents/graphql-architect.md +146 -0
- package/.claude/skills/api-scaffolding/skills/fastapi-templates/SKILL.md +171 -0
- package/.claude/skills/api-testing-observability/SKILL.md +583 -0
- package/.claude/skills/api-testing-observability/agents/api-documenter.md +146 -0
- package/.claude/skills/api-testing-observability/commands/api-mock.md +1320 -0
- package/.claude/skills/brainstorming/SKILL.md +283 -0
- package/.claude/skills/bug-fixing/SKILL.md +382 -0
- package/.claude/skills/bug-fixing/references/backend-guide.md +132 -0
- package/.claude/skills/bug-fixing/references/bug-guide.md +354 -0
- package/.claude/skills/bug-fixing/references/bug-record-template.md +134 -0
- package/.claude/skills/bug-fixing/references/bug-records.md +88 -0
- package/.claude/skills/bug-fixing/references/code-review-gate.md +81 -0
- package/.claude/skills/bug-fixing/references/common-bugs.md +140 -0
- package/.claude/skills/bug-fixing/references/complete-workflow.md +361 -0
- package/.claude/skills/bug-fixing/references/config-driven-fixes.md +136 -0
- package/.claude/skills/bug-fixing/references/context-isolation-protocol.md +268 -0
- package/.claude/skills/bug-fixing/references/cross-surface-regression.md +120 -0
- package/.claude/skills/bug-fixing/references/database-investigation.md +129 -0
- package/.claude/skills/bug-fixing/references/dependency-and-integrity-protocol.md +369 -0
- package/.claude/skills/bug-fixing/references/fix-completeness-checklist.md +239 -0
- package/.claude/skills/bug-fixing/references/frontend-guide.md +219 -0
- package/.claude/skills/bug-fixing/references/fullstack-joint-guide.md +123 -0
- package/.claude/skills/bug-fixing/references/functional-breakage.md +117 -0
- package/.claude/skills/bug-fixing/references/ide-lint-errors-guide.md +176 -0
- package/.claude/skills/bug-fixing/references/impact-analysis.md +511 -0
- package/.claude/skills/bug-fixing/references/investigation-checklist.md +263 -0
- package/.claude/skills/bug-fixing/references/knowledge-extraction-guide.md +531 -0
- package/.claude/skills/bug-fixing/references/knowledge-workflow.md +212 -0
- package/.claude/skills/bug-fixing/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/bug-fixing/references/python-env-and-testing.md +126 -0
- package/.claude/skills/bug-fixing/references/rca-guide.md +428 -0
- package/.claude/skills/bug-fixing/references/similar-bug-patterns.md +113 -0
- package/.claude/skills/bug-fixing/references/skill-delegation-guide.md +350 -0
- package/.claude/skills/bug-fixing/references/skill-orchestration.md +155 -0
- package/.claude/skills/bug-fixing/references/testing-strategy.md +350 -0
- package/.claude/skills/bug-fixing/references/tooling-build-scripts.md +162 -0
- package/.claude/skills/bug-fixing/references/user-input-validation.md +77 -0
- package/.claude/skills/bug-fixing/references/ux-patterns.md +158 -0
- package/.claude/skills/bug-fixing/references/windows-terminal-hygiene.md +106 -0
- package/.claude/skills/bug-fixing/references/zero-regression-matrix.md +239 -0
- package/.claude/skills/bug-fixing/references/zero-risk-protocol.md +102 -0
- package/.claude/skills/bug-fixing/scripts/format_code.py +611 -0
- package/.claude/skills/bug-fixing/scripts/generate_report_template.py +74 -0
- package/.claude/skills/bug-fixing/scripts/lint_check.py +816 -0
- package/.claude/skills/bug-fixing/scripts/requirements.txt +36 -0
- package/.claude/skills/cicd-pipeline/SKILL.md +300 -0
- package/.claude/skills/code-review/SKILL.md +535 -0
- package/.claude/skills/code-review/references/anti-pattern-scan.md +102 -0
- package/.claude/skills/code-review/references/automated-analysis.md +456 -0
- package/.claude/skills/code-review/references/backend-common-issues.md +589 -0
- package/.claude/skills/code-review/references/backend-expert-guide.md +415 -0
- package/.claude/skills/code-review/references/backend-review.md +868 -0
- package/.claude/skills/code-review/references/batch-processing-strategy.md +198 -0
- package/.claude/skills/code-review/references/call-chain-analysis-protocol.md +166 -0
- package/.claude/skills/code-review/references/common-patterns.md +321 -0
- package/.claude/skills/code-review/references/configuration-review.md +425 -0
- package/.claude/skills/code-review/references/control-flow-completeness.md +114 -0
- package/.claude/skills/code-review/references/database-review.md +298 -0
- package/.claude/skills/code-review/references/dependency-and-integrity-protocol.md +313 -0
- package/.claude/skills/code-review/references/external-standards.md +51 -0
- package/.claude/skills/code-review/references/feature-review.md +329 -0
- package/.claude/skills/code-review/references/file-review-template.md +326 -0
- package/.claude/skills/code-review/references/frontend-advanced.md +654 -0
- package/.claude/skills/code-review/references/frontend-common-issues.md +482 -0
- package/.claude/skills/code-review/references/frontend-expert-guide.md +342 -0
- package/.claude/skills/code-review/references/frontend-review.md +783 -0
- package/.claude/skills/code-review/references/fullstack-consistency.md +418 -0
- package/.claude/skills/code-review/references/fullstack-review.md +477 -0
- package/.claude/skills/code-review/references/functional-completeness.md +386 -0
- package/.claude/skills/code-review/references/hidden-bugs-detection.md +473 -0
- package/.claude/skills/code-review/references/ide-lint-errors-guide.md +173 -0
- package/.claude/skills/code-review/references/infrastructure-review.md +453 -0
- package/.claude/skills/code-review/references/iteration-review.md +264 -0
- package/.claude/skills/code-review/references/job-review.md +335 -0
- package/.claude/skills/code-review/references/layered-checklist-protocol.md +157 -0
- package/.claude/skills/code-review/references/logic-completeness.md +535 -0
- package/.claude/skills/code-review/references/mandatory-checklist.md +288 -0
- package/.claude/skills/code-review/references/multi-language-guide.md +800 -0
- package/.claude/skills/code-review/references/new-project-review.md +226 -0
- package/.claude/skills/code-review/references/non-code-files-review.md +451 -0
- package/.claude/skills/code-review/references/overlooked-issues.md +657 -0
- package/.claude/skills/code-review/references/platform-specific-review.md +195 -0
- package/.claude/skills/code-review/references/precision-analysis-protocol.md +260 -0
- package/.claude/skills/code-review/references/python-patterns.md +494 -0
- package/.claude/skills/code-review/references/rca-techniques.md +362 -0
- package/.claude/skills/code-review/references/report-template.md +430 -0
- package/.claude/skills/code-review/references/resource-limits-and-degradation.md +137 -0
- package/.claude/skills/code-review/references/review-dimensions.md +311 -0
- package/.claude/skills/code-review/references/review-guide.md +202 -0
- package/.claude/skills/code-review/references/review-knowledge-workflow.md +257 -0
- package/.claude/skills/code-review/references/review-progress-tracker-protocol.md +172 -0
- package/.claude/skills/code-review/references/review-record-template.md +195 -0
- package/.claude/skills/code-review/references/skill-orchestration.md +143 -0
- package/.claude/skills/code-review/references/ui-ux-review.md +470 -0
- package/.claude/skills/containerization/SKILL.md +313 -0
- package/.claude/skills/database-migrations/agents/database-admin.md +142 -0
- package/.claude/skills/database-migrations/agents/database-optimizer.md +144 -0
- package/.claude/skills/database-migrations/commands/migration-observability.md +408 -0
- package/.claude/skills/database-migrations/commands/sql-migrations.md +492 -0
- package/.claude/skills/finishing-a-development-branch/SKILL.md +319 -0
- package/.claude/skills/frontend-design/LICENSE.txt +177 -0
- package/.claude/skills/frontend-design/SKILL.md +587 -0
- package/.claude/skills/frontend-design/references/color-consistency.md +487 -0
- package/.claude/skills/frontend-design/references/color-palettes-full.md +657 -0
- package/.claude/skills/frontend-design/references/design-system-generator.md +285 -0
- package/.claude/skills/frontend-design/references/font-pairings-full.md +705 -0
- package/.claude/skills/frontend-design/references/industry-anti-patterns.md +281 -0
- package/.claude/skills/frontend-design/references/layout-anti-patterns.md +582 -0
- package/.claude/skills/frontend-design/references/motion-patterns.md +659 -0
- package/.claude/skills/frontend-design/references/pre-delivery-checklist.md +153 -0
- package/.claude/skills/frontend-design/references/responsive-design.md +555 -0
- package/.claude/skills/frontend-design/references/style-modification-rules.md +335 -0
- package/.claude/skills/frontend-design/references/ui-styles-full.md +383 -0
- package/.claude/skills/frontend-design/references/ui-styles-rating.md +191 -0
- package/.claude/skills/frontend-design/references/ux-guidelines.md +640 -0
- package/.claude/skills/fullstack-developer/SKILL.md +512 -0
- package/.claude/skills/fullstack-developer/references/api-contract-guide.md +312 -0
- package/.claude/skills/fullstack-developer/references/api-response-patterns.md +223 -0
- package/.claude/skills/fullstack-developer/references/async-patterns.md +220 -0
- package/.claude/skills/fullstack-developer/references/bug-prevention.md +914 -0
- package/.claude/skills/fullstack-developer/references/code-quality-checklist.md +271 -0
- package/.claude/skills/fullstack-developer/references/complete-development-workflow.md +278 -0
- package/.claude/skills/fullstack-developer/references/context-isolation-protocol.md +256 -0
- package/.claude/skills/fullstack-developer/references/database-migration.md +331 -0
- package/.claude/skills/fullstack-developer/references/dependency-and-integrity-protocol.md +390 -0
- package/.claude/skills/fullstack-developer/references/development-phases.md +333 -0
- package/.claude/skills/fullstack-developer/references/expert-guide.md +214 -0
- package/.claude/skills/fullstack-developer/references/file-import-patterns.md +114 -0
- package/.claude/skills/fullstack-developer/references/graceful-degradation-patterns.md +78 -0
- package/.claude/skills/fullstack-developer/references/ide-lint-errors-guide.md +183 -0
- package/.claude/skills/fullstack-developer/references/integration-testing.md +301 -0
- package/.claude/skills/fullstack-developer/references/mock-api-patterns.md +307 -0
- package/.claude/skills/fullstack-developer/references/phase-gate-template.md +249 -0
- package/.claude/skills/fullstack-developer/references/post-edit-quality-gate.md +30 -0
- package/.claude/skills/fullstack-developer/references/python-engineering.md +79 -0
- package/.claude/skills/fullstack-developer/references/skill-orchestration.md +214 -0
- package/.claude/skills/fullstack-developer/references/skill-router-table.md +304 -0
- package/.claude/skills/fullstack-developer/references/state-sync.md +217 -0
- package/.claude/skills/fullstack-developer/references/ui-testing-checklist.md +292 -0
- package/.claude/skills/fullstack-developer/scripts/format_code.py +611 -0
- package/.claude/skills/fullstack-developer/scripts/lint_check.py +816 -0
- package/.claude/skills/fullstack-developer/scripts/requirements.txt +36 -0
- package/.claude/skills/performance-optimization/SKILL.md +250 -0
- package/.claude/skills/product-requirements/SKILL.md +357 -0
- package/.claude/skills/product-requirements/references/acceptance-criteria.md +335 -0
- package/.claude/skills/product-requirements/references/answer-first-questioning-protocol.md +299 -0
- package/.claude/skills/product-requirements/references/competitive-analysis-guide.md +183 -0
- package/.claude/skills/product-requirements/references/document-accuracy-protocol.md +253 -0
- package/.claude/skills/product-requirements/references/document-management-protocol.md +278 -0
- package/.claude/skills/product-requirements/references/external-standards.md +62 -0
- package/.claude/skills/product-requirements/references/feature-spec-template.md +359 -0
- package/.claude/skills/product-requirements/references/knowledge-acquisition-protocol.md +251 -0
- package/.claude/skills/product-requirements/references/plan-execution-protocol.md +334 -0
- package/.claude/skills/product-requirements/references/plan-generation-protocol.md +264 -0
- package/.claude/skills/product-requirements/references/prioritization-frameworks.md +80 -0
- package/.claude/skills/product-requirements/references/requirement-decomposition-protocol.md +291 -0
- package/.claude/skills/product-requirements/references/user-story-examples.md +297 -0
- package/.claude/skills/product-requirements/references/workflow-templates.md +266 -0
- package/.claude/skills/react-best-practices/SKILL.md +198 -0
- package/.claude/skills/react-best-practices/references/advanced-patterns.md +94 -0
- package/.claude/skills/react-best-practices/references/bundle-optimization.md +182 -0
- package/.claude/skills/react-best-practices/references/client-data-fetching.md +112 -0
- package/.claude/skills/react-best-practices/references/complete-guide.md +2249 -0
- package/.claude/skills/react-best-practices/references/eliminating-waterfalls.md +169 -0
- package/.claude/skills/react-best-practices/references/javascript-performance.md +256 -0
- package/.claude/skills/react-best-practices/references/rendering-performance.md +230 -0
- package/.claude/skills/react-best-practices/references/rerender-optimization.md +214 -0
- package/.claude/skills/react-best-practices/references/server-performance.md +182 -0
- package/.claude/skills/security-audit/SKILL.md +226 -0
- package/.claude/skills/shared-references/advanced-debugging-techniques.md +186 -0
- package/.claude/skills/shared-references/code-quality-checklist.md +218 -0
- package/.claude/skills/shared-references/code-review-efficiency-guide.md +125 -0
- package/.claude/skills/shared-references/mcp-dependency-compatibility-protocol.md +276 -0
- package/.claude/skills/shared-references/skill-call-graph.md +230 -0
- package/.claude/skills/shared-references/skill-orchestration-protocol.md +281 -0
- package/.claude/skills/shared-references/subagent-dispatch-templates.md +199 -0
- package/.claude/skills/skill-expert-skills/LICENSE.txt +204 -0
- package/.claude/skills/skill-expert-skills/QUICK_NAVIGATION.md +374 -0
- package/.claude/skills/skill-expert-skills/SKILL.md +247 -0
- package/.claude/skills/skill-expert-skills/docs/_index.md +91 -0
- package/.claude/skills/skill-expert-skills/references/deep-research-methodology.md +389 -0
- package/.claude/skills/skill-expert-skills/references/docs-generation-workflow.md +398 -0
- package/.claude/skills/skill-expert-skills/references/domain-expertise-protocol.md +343 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/_index.md +54 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/backend-expertise.md +517 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/bug-fixing-expertise.md +363 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/code-review-expertise.md +392 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge/frontend-expertise.md +410 -0
- package/.claude/skills/skill-expert-skills/references/domain-knowledge-template.md +503 -0
- package/.claude/skills/skill-expert-skills/references/examples.md +782 -0
- package/.claude/skills/skill-expert-skills/references/integration-examples.md +655 -0
- package/.claude/skills/skill-expert-skills/references/knowledge-validation-checklist.md +246 -0
- package/.claude/skills/skill-expert-skills/references/latest-knowledge-acquisition.md +461 -0
- package/.claude/skills/skill-expert-skills/references/mcp-tools-guide.md +439 -0
- package/.claude/skills/skill-expert-skills/references/official-best-practices.md +616 -0
- package/.claude/skills/skill-expert-skills/references/patterns.md +218 -0
- package/.claude/skills/skill-expert-skills/references/plugin-skills-guide.md +432 -0
- package/.claude/skills/skill-expert-skills/references/requirement-elicitation-protocol.md +290 -0
- package/.claude/skills/skill-expert-skills/references/skill-creator-SKILL.md +353 -0
- package/.claude/skills/skill-expert-skills/references/skill-templates.md +583 -0
- package/.claude/skills/skill-expert-skills/references/skills-knowledge-base.md +561 -0
- package/.claude/skills/skill-expert-skills/references/tools-guide.md +379 -0
- package/.claude/skills/skill-expert-skills/references/troubleshooting.md +378 -0
- package/.claude/skills/skill-expert-skills/references/universality-guide.md +205 -0
- package/.claude/skills/skill-expert-skills/references/writing-style-guide.md +466 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/quick_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/__pycache__/universal_validate.cpython-313.pyc +0 -0
- package/.claude/skills/skill-expert-skills/scripts/analyze_trigger.py +425 -0
- package/.claude/skills/skill-expert-skills/scripts/diff_with_official.py +188 -0
- package/.claude/skills/skill-expert-skills/scripts/init_skill.py +349 -0
- package/.claude/skills/skill-expert-skills/scripts/package_skill.py +156 -0
- package/.claude/skills/skill-expert-skills/scripts/quick_validate.py +493 -0
- package/.claude/skills/skill-expert-skills/scripts/requirements.txt +2 -0
- package/.claude/skills/skill-expert-skills/scripts/universal_validate.py +182 -0
- package/.claude/skills/skill-expert-skills/scripts/upgrade_skill.py +431 -0
- package/.claude/skills/subagent-driven-development/SKILL.md +268 -0
- package/.claude/skills/test-driven-development/SKILL.md +246 -0
- package/.claude/skills/test-driven-development/references/testing-anti-patterns.md +192 -0
- package/.claude/skills/using-git-worktrees/SKILL.md +266 -0
- package/.claude/skills/using-skillstack/SKILL.md +127 -0
- package/.claude/skills/vercel-deploy/SKILL.md +166 -0
- package/.claude/skills/vercel-deploy/scripts/deploy.sh +249 -0
- package/.claude/skills/verification-before-completion/SKILL.md +305 -0
- package/.claude/skills/writing-plans/SKILL.md +259 -0
- package/README.md +69 -0
- package/bin/cli.js +468 -0
- package/lib/init.js +333 -0
- package/package.json +29 -0
|
@@ -0,0 +1,257 @@
|
|
|
1
|
+
# Knowledge Workflow for Code Review
|
|
2
|
+
|
|
3
|
+
This document describes the knowledge accumulation and utilization workflow for code review.
|
|
4
|
+
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
## Architecture Overview
|
|
8
|
+
|
|
9
|
+
```
|
|
10
|
+
┌─────────────────────────────────────────────────────────────────────┐
|
|
11
|
+
│ Knowledge Architecture │
|
|
12
|
+
├─────────────────────────────────────────────────────────────────────┤
|
|
13
|
+
│ │
|
|
14
|
+
│ ┌──────────────────────┐ ┌──────────────────────┐ │
|
|
15
|
+
│ │ PROJECT LEVEL │ │ SKILL LEVEL │ │
|
|
16
|
+
│ │ (Project-specific) │ │ (Cross-project) │ │
|
|
17
|
+
│ ├──────────────────────┤ ├──────────────────────┤ │
|
|
18
|
+
│ │ │ │ │ │
|
|
19
|
+
│ │ code-review- │ ──► │ review-guide.md │ │
|
|
20
|
+
│ │ record.md │ │ ──────────────── │ │
|
|
21
|
+
│ │ ──────────────── │ │ • Pattern library │ │
|
|
22
|
+
│ │ • Specific findings │ │ • Detection methods │ │
|
|
23
|
+
│ │ • Actual code refs │ │ • Recommendations │ │
|
|
24
|
+
│ │ • Real resolutions │ │ • Priority matrix │ │
|
|
25
|
+
│ │ │ │ │ │
|
|
26
|
+
│ └──────────────────────┘ └──────────────────────┘ │
|
|
27
|
+
│ ▲ │ │
|
|
28
|
+
│ │ │ │
|
|
29
|
+
│ │ Record │ Reference │
|
|
30
|
+
│ │ ▼ │
|
|
31
|
+
│ ┌──────────────────────────────────────────────────────────────┐ │
|
|
32
|
+
│ │ CODE REVIEW PROCESS │ │
|
|
33
|
+
│ └──────────────────────────────────────────────────────────────┘ │
|
|
34
|
+
│ │
|
|
35
|
+
└─────────────────────────────────────────────────────────────────────┘
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
---
|
|
39
|
+
|
|
40
|
+
## Phase 0.5: Knowledge Check (Before Detailed Review)
|
|
41
|
+
|
|
42
|
+
**Purpose**: Leverage historical findings and known patterns to focus review efforts.
|
|
43
|
+
|
|
44
|
+
### Step 1: Check Project History
|
|
45
|
+
|
|
46
|
+
```markdown
|
|
47
|
+
1. Look for code-review-record.md in project root
|
|
48
|
+
2. If exists, search for:
|
|
49
|
+
- Issues in same module/component being reviewed
|
|
50
|
+
- Recent P0/P1 findings that may recur
|
|
51
|
+
- Patterns specific to this codebase
|
|
52
|
+
3. Note any high-frequency issues for focused checking
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
### Step 2: Review Universal Patterns
|
|
56
|
+
|
|
57
|
+
```markdown
|
|
58
|
+
1. Read references/review-guide.md
|
|
59
|
+
2. Note patterns relevant to this change type:
|
|
60
|
+
- Security changes → Check security patterns
|
|
61
|
+
- Async code → Check concurrency patterns
|
|
62
|
+
- API changes → Check contract patterns
|
|
63
|
+
3. Add relevant patterns to your review checklist
|
|
64
|
+
```
|
|
65
|
+
|
|
66
|
+
### Step 3: Document in Review Plan
|
|
67
|
+
|
|
68
|
+
Add to your review plan:
|
|
69
|
+
|
|
70
|
+
```markdown
|
|
71
|
+
## Knowledge Check
|
|
72
|
+
- Project code-review-record.md: [Found/Not found]
|
|
73
|
+
- High-frequency issues in this area: [List or None]
|
|
74
|
+
- Applicable patterns from review-guide.md: [Pattern names]
|
|
75
|
+
- Focus areas based on history: [List]
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
---
|
|
79
|
+
|
|
80
|
+
## Phase 8: Knowledge Update (After Report)
|
|
81
|
+
|
|
82
|
+
**Purpose**: Record significant findings for future reference and pattern extraction.
|
|
83
|
+
|
|
84
|
+
### 🔴 Step 0: Check for Existing File (MANDATORY)
|
|
85
|
+
|
|
86
|
+
**Before creating any file:**
|
|
87
|
+
1. Check if `code-review-record.md` exists in project root
|
|
88
|
+
2. If YES → Read it, find the last REV-NNN ID, and append
|
|
89
|
+
3. If NO → Create using template from `references/review-record-template.md`
|
|
90
|
+
|
|
91
|
+
**NEVER create versioned files like `CODE_REVIEW_REPORT_V1.md`!**
|
|
92
|
+
|
|
93
|
+
### Step 1: Add Record to Project code-review-record.md
|
|
94
|
+
|
|
95
|
+
Only record if there are P0/P1 findings worth remembering.
|
|
96
|
+
|
|
97
|
+
If code-review-record.md doesn't exist, create it using the template from `references/review-record-template.md`.
|
|
98
|
+
|
|
99
|
+
Add a new entry with:
|
|
100
|
+
- Review ID (sequential, based on last ID in file)
|
|
101
|
+
- Date, scope, verdict
|
|
102
|
+
- Findings summary table
|
|
103
|
+
- P0/P1 finding details
|
|
104
|
+
- Lessons learned
|
|
105
|
+
|
|
106
|
+
**Entry placement**: Add new entries at the TOP of the file (most recent first).
|
|
107
|
+
|
|
108
|
+
### Step 2: What to Record
|
|
109
|
+
|
|
110
|
+
| Record | Skip |
|
|
111
|
+
|--------|------|
|
|
112
|
+
| P0/P1 findings with details | P3 style nits |
|
|
113
|
+
| Recurring patterns | One-time typos |
|
|
114
|
+
| Security issues | Already-known patterns |
|
|
115
|
+
| Breaking changes | Personal preferences |
|
|
116
|
+
| First occurrence of new pattern | Obvious fixes |
|
|
117
|
+
|
|
118
|
+
### Step 3: Extract Patterns (Periodic)
|
|
119
|
+
|
|
120
|
+
After every 5-10 review records:
|
|
121
|
+
|
|
122
|
+
```markdown
|
|
123
|
+
1. Review recent findings for common themes
|
|
124
|
+
2. Abstract project-specific details to universal patterns
|
|
125
|
+
3. Update references/review-guide.md with new patterns
|
|
126
|
+
4. Update review checklist if needed
|
|
127
|
+
```
|
|
128
|
+
|
|
129
|
+
---
|
|
130
|
+
|
|
131
|
+
## Record Format Reference
|
|
132
|
+
|
|
133
|
+
### Minimal Record (Few Findings)
|
|
134
|
+
|
|
135
|
+
```markdown
|
|
136
|
+
## [REV-NNN] Brief Title
|
|
137
|
+
|
|
138
|
+
**Date**: YYYY-MM-DD | **Verdict**: APPROVED WITH COMMENTS
|
|
139
|
+
|
|
140
|
+
**Findings**:
|
|
141
|
+
| Sev | Category | Issue | Status |
|
|
142
|
+
|-----|----------|-------|--------|
|
|
143
|
+
| P1 | Security | Missing rate limit | Fixed |
|
|
144
|
+
|
|
145
|
+
**Lesson**: Always check rate limiting on auth endpoints.
|
|
146
|
+
```
|
|
147
|
+
|
|
148
|
+
### Full Record (Significant Review)
|
|
149
|
+
|
|
150
|
+
Use the complete template from `references/review-record-template.md`.
|
|
151
|
+
|
|
152
|
+
---
|
|
153
|
+
|
|
154
|
+
## Pattern Abstraction Rules
|
|
155
|
+
|
|
156
|
+
When extracting patterns for review-guide.md, follow these rules:
|
|
157
|
+
|
|
158
|
+
### What to Remove (Project-Specific)
|
|
159
|
+
|
|
160
|
+
- Actual file paths (`/src/controllers/UserController.ts`)
|
|
161
|
+
- Specific function/class names (`handleUserLogin`)
|
|
162
|
+
- Exact line numbers (`line 45`)
|
|
163
|
+
- Specific API endpoints (`POST /api/users/login`)
|
|
164
|
+
- Concrete error messages (`TypeError: Cannot read 'id'`)
|
|
165
|
+
|
|
166
|
+
### What to Keep (Universal)
|
|
167
|
+
|
|
168
|
+
- Issue category (security, performance, error handling)
|
|
169
|
+
- Finding type (missing check, wrong handling, etc.)
|
|
170
|
+
- Detection method (search for X, check Y)
|
|
171
|
+
- Recommendation (add Z, use pattern W)
|
|
172
|
+
|
|
173
|
+
### Abstraction Examples
|
|
174
|
+
|
|
175
|
+
| Project-Specific | Universal |
|
|
176
|
+
|------------------|-----------|
|
|
177
|
+
| "UserController.login missing rate limit" | "Auth endpoint without rate limiting" |
|
|
178
|
+
| "useEffect in ChatPanel missing cleanup" | "useEffect missing cleanup function for subscriptions" |
|
|
179
|
+
| "getUser() returns null but caller doesn't check" | "Nullable return value not checked by caller" |
|
|
180
|
+
|
|
181
|
+
---
|
|
182
|
+
|
|
183
|
+
## Integration with Output Contract
|
|
184
|
+
|
|
185
|
+
Add to your review report:
|
|
186
|
+
|
|
187
|
+
```markdown
|
|
188
|
+
## Knowledge Update
|
|
189
|
+
|
|
190
|
+
### Project Record
|
|
191
|
+
- Added to: code-review-record.md
|
|
192
|
+
- Review ID: REV-NNN
|
|
193
|
+
- Findings recorded: [N] P0/P1
|
|
194
|
+
|
|
195
|
+
### Pattern Extraction
|
|
196
|
+
- New pattern identified: [Yes/No]
|
|
197
|
+
- Pattern name: [If yes]
|
|
198
|
+
- Added to review-guide.md: [Yes/No]
|
|
199
|
+
|
|
200
|
+
### Related Findings
|
|
201
|
+
- Similar past findings: [REV-XXX-F1, REV-YYY-F2] or [None]
|
|
202
|
+
- Recurring pattern confirmed: [Yes/No]
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
---
|
|
206
|
+
|
|
207
|
+
## Workflow Checklist
|
|
208
|
+
|
|
209
|
+
### Before Starting Review
|
|
210
|
+
|
|
211
|
+
- [ ] Checked project code-review-record.md for history
|
|
212
|
+
- [ ] Reviewed review-guide.md for relevant patterns
|
|
213
|
+
- [ ] Noted high-frequency issues in this area
|
|
214
|
+
- [ ] Added historical patterns to review checklist
|
|
215
|
+
|
|
216
|
+
### After Completing Review
|
|
217
|
+
|
|
218
|
+
- [ ] Added P0/P1 findings to project code-review-record.md
|
|
219
|
+
- [ ] Linked related findings if pattern repeats
|
|
220
|
+
- [ ] Considered if pattern should be extracted
|
|
221
|
+
- [ ] Updated review-guide.md if new pattern found
|
|
222
|
+
|
|
223
|
+
### Periodic Maintenance (Every 5-10 Reviews)
|
|
224
|
+
|
|
225
|
+
- [ ] Reviewed recent finding records
|
|
226
|
+
- [ ] Identified recurring themes
|
|
227
|
+
- [ ] Abstracted to universal patterns
|
|
228
|
+
- [ ] Updated review-guide.md pattern library
|
|
229
|
+
- [ ] Updated review checklist if needed
|
|
230
|
+
- [ ] Discussed recurring issues with team
|
|
231
|
+
|
|
232
|
+
---
|
|
233
|
+
|
|
234
|
+
## Quick Decisions
|
|
235
|
+
|
|
236
|
+
### Should I Record This Finding?
|
|
237
|
+
|
|
238
|
+
```
|
|
239
|
+
P0 (Critical)? → Yes, full details
|
|
240
|
+
P1 (High)? → Yes, with context
|
|
241
|
+
P2 (Medium)? → Table only, no details
|
|
242
|
+
P3 (Low)? → Skip unless pattern-forming
|
|
243
|
+
Already in guide? → Skip, just link
|
|
244
|
+
First occurrence? → Record for tracking
|
|
245
|
+
```
|
|
246
|
+
|
|
247
|
+
### Should I Extract a Pattern?
|
|
248
|
+
|
|
249
|
+
```
|
|
250
|
+
Same issue 3+ times? → Yes, extract now
|
|
251
|
+
Same category repeat? → Yes, extract pattern
|
|
252
|
+
Security/data issue? → Yes, even if first time
|
|
253
|
+
Style preference? → No
|
|
254
|
+
One-time mistake? → No
|
|
255
|
+
Already in guide? → No, just link
|
|
256
|
+
```
|
|
257
|
+
|
|
@@ -0,0 +1,172 @@
|
|
|
1
|
+
# Review Progress Tracker Protocol
|
|
2
|
+
|
|
3
|
+
## 核心原则
|
|
4
|
+
|
|
5
|
+
**每次 code review 必须生成并维护一个进度追踪文档,确保:**
|
|
6
|
+
1. 每个文件都被分析
|
|
7
|
+
2. 每个检查项都被执行
|
|
8
|
+
3. 所有发现都有记录
|
|
9
|
+
|
|
10
|
+
---
|
|
11
|
+
|
|
12
|
+
## 进度追踪文档格式
|
|
13
|
+
|
|
14
|
+
### 文件位置
|
|
15
|
+
|
|
16
|
+
```
|
|
17
|
+
项目根目录/.review/
|
|
18
|
+
├── review-session-{timestamp}.md # 当前 review 会话
|
|
19
|
+
└── archive/ # 历史 review 记录
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
### 文档结构
|
|
23
|
+
|
|
24
|
+
```markdown
|
|
25
|
+
# Code Review Progress Tracker
|
|
26
|
+
|
|
27
|
+
## Session Info
|
|
28
|
+
- **Session ID**: REV-{YYYYMMDD}-{HHmm}
|
|
29
|
+
- **Reviewer**: AI Assistant
|
|
30
|
+
- **Start Time**: {timestamp}
|
|
31
|
+
- **Status**: 🔄 In Progress / ✅ Completed
|
|
32
|
+
|
|
33
|
+
---
|
|
34
|
+
|
|
35
|
+
## 1. File Analysis Progress
|
|
36
|
+
|
|
37
|
+
| # | File | Status | Issues | Checkpoint |
|
|
38
|
+
|---|------|--------|--------|------------|
|
|
39
|
+
| 1 | src/auth.ts | ✅ Done | 3 | [CP-001] |
|
|
40
|
+
| 2 | src/api.ts | 🔄 In Progress | - | - |
|
|
41
|
+
| 3 | src/utils.ts | ⏳ Pending | - | - |
|
|
42
|
+
|
|
43
|
+
**Progress**: 1/3 files (33%)
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## 2. Checkpoints (Evidence of Analysis)
|
|
48
|
+
|
|
49
|
+
### [CP-001] src/auth.ts
|
|
50
|
+
- **Analyzed At**: {timestamp}
|
|
51
|
+
- **Functions Analyzed**: 5/5
|
|
52
|
+
- **Branches Traced**: 12
|
|
53
|
+
- **Return Paths Verified**: 8
|
|
54
|
+
|
|
55
|
+
**Checklist Completion**:
|
|
56
|
+
| Layer | Items | Passed | Failed |
|
|
57
|
+
|-------|-------|--------|--------|
|
|
58
|
+
| L0-Critical | 4 | 3 | 1 |
|
|
59
|
+
| L1-Logic | 5 | 5 | 0 |
|
|
60
|
+
| L2-Quality | 4 | 4 | 0 |
|
|
61
|
+
| L3-Style | 4 | 4 | 0 |
|
|
62
|
+
|
|
63
|
+
---
|
|
64
|
+
|
|
65
|
+
## 3. Findings Registry
|
|
66
|
+
|
|
67
|
+
### P0 (Must-Fix)
|
|
68
|
+
| ID | File:Line | Issue | Evidence |
|
|
69
|
+
|----|-----------|-------|----------|
|
|
70
|
+
| BUG-001 | auth.ts:45 | SQL Injection | `query = f"SELECT * FROM users WHERE id = {user_id}"` |
|
|
71
|
+
|
|
72
|
+
### P1 (Should-Fix)
|
|
73
|
+
| ID | File:Line | Issue | Evidence |
|
|
74
|
+
|----|-----------|-------|----------|
|
|
75
|
+
| BUG-002 | auth.ts:78 | Null not handled | `user.name.toLowerCase()` without null check |
|
|
76
|
+
|
|
77
|
+
### P2-P3 (Minor)
|
|
78
|
+
...
|
|
79
|
+
|
|
80
|
+
---
|
|
81
|
+
|
|
82
|
+
## 4. Cross-Reference Analysis
|
|
83
|
+
|
|
84
|
+
### Call Chain Traced
|
|
85
|
+
| Symbol | Defined In | Called By | Depth |
|
|
86
|
+
|--------|------------|-----------|-------|
|
|
87
|
+
| `validateUser()` | auth.ts:10 | api.ts:25, login.ts:30 | 2 |
|
|
88
|
+
| `hashPassword()` | auth.ts:50 | validateUser() | 1 |
|
|
89
|
+
|
|
90
|
+
---
|
|
91
|
+
|
|
92
|
+
## 5. Review Summary
|
|
93
|
+
|
|
94
|
+
- **Total Files**: 3
|
|
95
|
+
- **Files Analyzed**: 3/3 (100%)
|
|
96
|
+
- **Total Issues**: 5
|
|
97
|
+
- P0: 1
|
|
98
|
+
- P1: 2
|
|
99
|
+
- P2: 1
|
|
100
|
+
- P3: 1
|
|
101
|
+
- **Verdict**: CHANGES REQUESTED
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
---
|
|
105
|
+
|
|
106
|
+
## 强制规则
|
|
107
|
+
|
|
108
|
+
### Rule 1: 必须先创建 Tracker
|
|
109
|
+
|
|
110
|
+
```
|
|
111
|
+
开始 review 前:
|
|
112
|
+
1. 创建 .review/ 目录(如不存在)
|
|
113
|
+
2. 创建 review-session-{timestamp}.md
|
|
114
|
+
3. 列出所有待审查文件
|
|
115
|
+
```
|
|
116
|
+
|
|
117
|
+
### Rule 2: 每个文件必须有 Checkpoint
|
|
118
|
+
|
|
119
|
+
```
|
|
120
|
+
分析完一个文件后,必须输出:
|
|
121
|
+
|
|
122
|
+
## [CP-XXX] {filename}
|
|
123
|
+
- Analyzed At: {timestamp}
|
|
124
|
+
- Functions: X/X
|
|
125
|
+
- Branches: X
|
|
126
|
+
- Return Paths: X
|
|
127
|
+
- Issues Found: X
|
|
128
|
+
```
|
|
129
|
+
|
|
130
|
+
### Rule 3: 发现必须有证据
|
|
131
|
+
|
|
132
|
+
```
|
|
133
|
+
每个 bug 必须包含:
|
|
134
|
+
- File:Line
|
|
135
|
+
- Code snippet (3-5 lines context)
|
|
136
|
+
- Issue description
|
|
137
|
+
- Impact analysis
|
|
138
|
+
```
|
|
139
|
+
|
|
140
|
+
### Rule 4: 完成前必须验证覆盖率
|
|
141
|
+
|
|
142
|
+
```
|
|
143
|
+
Review 结束前检查:
|
|
144
|
+
- [ ] 所有文件状态为 ✅ Done
|
|
145
|
+
- [ ] 所有 Checkpoint 已记录
|
|
146
|
+
- [ ] Progress = 100%
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
---
|
|
150
|
+
|
|
151
|
+
## 与 SKILL.md 的集成
|
|
152
|
+
|
|
153
|
+
在 SKILL.md 的 Phase A 中添加:
|
|
154
|
+
|
|
155
|
+
```markdown
|
|
156
|
+
### Phase A: 创建 Progress Tracker (FIRST!)
|
|
157
|
+
|
|
158
|
+
1. 创建 `.review/review-session-{timestamp}.md`
|
|
159
|
+
2. 列出所有待审查文件
|
|
160
|
+
3. 设置初始状态为 ⏳ Pending
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
在 Phase D 中添加:
|
|
164
|
+
|
|
165
|
+
```markdown
|
|
166
|
+
### Phase D: Checkpoint 输出 (MANDATORY)
|
|
167
|
+
|
|
168
|
+
每个文件分析完成后,必须:
|
|
169
|
+
1. 更新 Progress Tracker 中的文件状态
|
|
170
|
+
2. 输出 Checkpoint 确认
|
|
171
|
+
3. 记录发现的问题
|
|
172
|
+
```
|
|
@@ -0,0 +1,195 @@
|
|
|
1
|
+
# Code Review Record Template (code-review-record.md)
|
|
2
|
+
|
|
3
|
+
This template defines the standard format for project-level code review records. Create `code-review-record.md` in your project root directory using this structure.
|
|
4
|
+
|
|
5
|
+
## 🔴 Single Document Rule
|
|
6
|
+
|
|
7
|
+
**Each project has exactly ONE `code-review-record.md` file.**
|
|
8
|
+
|
|
9
|
+
- ❌ DO NOT create `CODE_REVIEW_REPORT_V1.md`, `CODE_REVIEW_REPORT_V2.md`, etc.
|
|
10
|
+
- ❌ DO NOT create a new file for each review session
|
|
11
|
+
- ✅ Always append to the existing `code-review-record.md`
|
|
12
|
+
- ✅ Check for existing file before creating new one
|
|
13
|
+
|
|
14
|
+
## File Header
|
|
15
|
+
|
|
16
|
+
```markdown
|
|
17
|
+
# Code Review Record
|
|
18
|
+
|
|
19
|
+
This document tracks issues found during code reviews to prevent recurrence and enable pattern extraction.
|
|
20
|
+
|
|
21
|
+
Last Updated: [YYYY-MM-DD]
|
|
22
|
+
Total Records: [N]
|
|
23
|
+
```
|
|
24
|
+
|
|
25
|
+
## Record Entry Format
|
|
26
|
+
|
|
27
|
+
Each review session should document significant findings using this structure:
|
|
28
|
+
|
|
29
|
+
```markdown
|
|
30
|
+
---
|
|
31
|
+
|
|
32
|
+
## [REV-NNN] Review Title / PR Reference
|
|
33
|
+
|
|
34
|
+
**Date**: YYYY-MM-DD
|
|
35
|
+
**Reviewer**: [Name/Role]
|
|
36
|
+
**Scope**: [Files/modules reviewed]
|
|
37
|
+
**Verdict**: APPROVED | APPROVED WITH COMMENTS | CHANGES REQUESTED | BLOCKED
|
|
38
|
+
|
|
39
|
+
### Findings Summary
|
|
40
|
+
|
|
41
|
+
| ID | Severity | Category | Description | Status |
|
|
42
|
+
|----|----------|----------|-------------|--------|
|
|
43
|
+
| F1 | P0 | [Category] | Brief description | Fixed/Deferred |
|
|
44
|
+
| F2 | P1 | [Category] | Brief description | Fixed |
|
|
45
|
+
| ... | ... | ... | ... | ... |
|
|
46
|
+
|
|
47
|
+
### P0/P1 Finding Details
|
|
48
|
+
|
|
49
|
+
#### F1: [Finding Title]
|
|
50
|
+
|
|
51
|
+
**Category**: [See categories below]
|
|
52
|
+
**Location**: [file:line or module/component]
|
|
53
|
+
**Severity**: P0 | P1
|
|
54
|
+
|
|
55
|
+
**Issue**:
|
|
56
|
+
- What was found (specific)
|
|
57
|
+
- Why it's a problem
|
|
58
|
+
|
|
59
|
+
**Root Cause**:
|
|
60
|
+
- Why this issue exists (knowledge gap, oversight, complexity)
|
|
61
|
+
|
|
62
|
+
**Resolution**:
|
|
63
|
+
- How it was fixed
|
|
64
|
+
- Or why it was deferred
|
|
65
|
+
|
|
66
|
+
**Pattern Notes**:
|
|
67
|
+
- Is this a recurring pattern?
|
|
68
|
+
- Related findings: [REV-XXX-F1, REV-YYY-F2]
|
|
69
|
+
- Prevention suggestion
|
|
70
|
+
|
|
71
|
+
### Lessons Learned
|
|
72
|
+
|
|
73
|
+
- Key takeaway 1
|
|
74
|
+
- Key takeaway 2
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
## Finding Categories
|
|
80
|
+
|
|
81
|
+
| Category | Description |
|
|
82
|
+
|----------|-------------|
|
|
83
|
+
| **Correctness** | Logic errors, boundary conditions, off-by-one |
|
|
84
|
+
| **Error Handling** | Missing/wrong error handling, swallowed exceptions |
|
|
85
|
+
| **Security** | Auth bypass, injection, data exposure |
|
|
86
|
+
| **Performance** | N+1 queries, inefficient algorithms, memory leaks |
|
|
87
|
+
| **Concurrency** | Race conditions, deadlocks, async issues |
|
|
88
|
+
| **Data Integrity** | Missing validation, inconsistent state |
|
|
89
|
+
| **API Contract** | Breaking changes, missing fields, wrong types |
|
|
90
|
+
| **Resource Management** | Leaks, missing cleanup, unclosed connections |
|
|
91
|
+
| **Observability** | Missing logs, sensitive data in logs |
|
|
92
|
+
| **Testing** | Missing tests, inadequate coverage |
|
|
93
|
+
| **Code Quality** | Unclear intent, complexity, maintainability |
|
|
94
|
+
|
|
95
|
+
## Severity Levels
|
|
96
|
+
|
|
97
|
+
| Level | Meaning | Action Required |
|
|
98
|
+
|-------|---------|-----------------|
|
|
99
|
+
| **P0** | Critical - blocks merge | Must fix before approval |
|
|
100
|
+
| **P1** | High - should fix | Should fix soon |
|
|
101
|
+
| **P2** | Medium - recommended | Fix or justify deferral |
|
|
102
|
+
| **P3** | Low - nice to have | Optional improvement |
|
|
103
|
+
|
|
104
|
+
## Example Entry
|
|
105
|
+
|
|
106
|
+
```markdown
|
|
107
|
+
---
|
|
108
|
+
|
|
109
|
+
## [REV-001] User Authentication Refactor
|
|
110
|
+
|
|
111
|
+
**Date**: 2025-01-05
|
|
112
|
+
**Reviewer**: Senior Dev
|
|
113
|
+
**Scope**: auth/, middleware/, tests/auth/
|
|
114
|
+
**Verdict**: CHANGES REQUESTED
|
|
115
|
+
|
|
116
|
+
### Findings Summary
|
|
117
|
+
|
|
118
|
+
| ID | Severity | Category | Description | Status |
|
|
119
|
+
|----|----------|----------|-------------|--------|
|
|
120
|
+
| F1 | P0 | Security | Missing rate limit on login endpoint | Fixed |
|
|
121
|
+
| F2 | P1 | Error Handling | Token validation swallows exceptions | Fixed |
|
|
122
|
+
| F3 | P2 | Testing | No tests for edge case: expired token | Deferred |
|
|
123
|
+
|
|
124
|
+
### P0/P1 Finding Details
|
|
125
|
+
|
|
126
|
+
#### F1: Missing Rate Limit on Login Endpoint
|
|
127
|
+
|
|
128
|
+
**Category**: Security
|
|
129
|
+
**Location**: auth/loginHandler.ts:45
|
|
130
|
+
**Severity**: P0
|
|
131
|
+
|
|
132
|
+
**Issue**:
|
|
133
|
+
- Login endpoint accepts unlimited requests
|
|
134
|
+
- Enables brute force attacks on user passwords
|
|
135
|
+
|
|
136
|
+
**Root Cause**:
|
|
137
|
+
- Rate limiting was assumed to be handled by infrastructure layer
|
|
138
|
+
- No explicit check in code review checklist
|
|
139
|
+
|
|
140
|
+
**Resolution**:
|
|
141
|
+
- Added express-rate-limit middleware
|
|
142
|
+
- Configured: 5 attempts per 15 minutes per IP
|
|
143
|
+
|
|
144
|
+
**Pattern Notes**:
|
|
145
|
+
- Recurring pattern: No (first occurrence)
|
|
146
|
+
- Prevention: Add rate limiting to security review checklist
|
|
147
|
+
|
|
148
|
+
#### F2: Token Validation Swallows Exceptions
|
|
149
|
+
|
|
150
|
+
**Category**: Error Handling
|
|
151
|
+
**Location**: auth/tokenValidator.ts:23
|
|
152
|
+
**Severity**: P1
|
|
153
|
+
|
|
154
|
+
**Issue**:
|
|
155
|
+
- Catch block returns null without logging
|
|
156
|
+
- Makes debugging auth failures very difficult
|
|
157
|
+
|
|
158
|
+
**Root Cause**:
|
|
159
|
+
- Developer wanted to simplify error handling
|
|
160
|
+
- Didn't consider observability implications
|
|
161
|
+
|
|
162
|
+
**Resolution**:
|
|
163
|
+
- Added structured logging before return
|
|
164
|
+
- Error includes token prefix for tracing (not full token)
|
|
165
|
+
|
|
166
|
+
**Pattern Notes**:
|
|
167
|
+
- Recurring pattern: Yes - similar to REV-003-F2
|
|
168
|
+
- Prevention: Add "no silent catch" to code review checklist
|
|
169
|
+
|
|
170
|
+
### Lessons Learned
|
|
171
|
+
|
|
172
|
+
- Always verify security controls are in place, not assumed
|
|
173
|
+
- Silent error handling creates debugging nightmares
|
|
174
|
+
|
|
175
|
+
---
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
## Maintenance Guidelines
|
|
179
|
+
|
|
180
|
+
1. **Add new entries at the top** (most recent first)
|
|
181
|
+
2. **Only record P0/P1 details** - P2/P3 can be summarized in table
|
|
182
|
+
3. **Link related findings** to track recurring patterns
|
|
183
|
+
4. **Review periodically** to extract common patterns for `review-guide.md`
|
|
184
|
+
5. **Keep entries actionable** - focus on prevention, not blame
|
|
185
|
+
|
|
186
|
+
## Quick Reference: What to Record
|
|
187
|
+
|
|
188
|
+
| Always Record | Sometimes Record | Don't Record |
|
|
189
|
+
|---------------|------------------|--------------|
|
|
190
|
+
| P0/P1 findings with details | P2 findings (table only) | P3 style nits |
|
|
191
|
+
| Security issues | Performance concerns | Personal preferences |
|
|
192
|
+
| Breaking changes | Testing gaps | Already-known patterns |
|
|
193
|
+
| Data integrity risks | Observability gaps | Obvious fixes |
|
|
194
|
+
| Pattern-forming issues | First occurrences | One-time typos |
|
|
195
|
+
|