devflow-kit 1.1.0 → 1.3.0

package/shared/skills/python/references/detection.md

@@ -0,0 +1,128 @@
+# Python Issue Detection
+
+Grep patterns for finding common Python issues. Reference from main SKILL.md.
+
+## Type Safety Detection
+
+### Missing Type Hints
+
+```bash
+# Functions without return type annotation
+grep -rn "def .*):$" --include="*.py" | grep -v "->.*:"
+
+# Functions without any annotations
+grep -rn "def .*([a-z_][a-z_0-9]*\s*," --include="*.py" | grep -v ":"
+```
+
+### Bare Except Clauses
+
+```bash
+# Bare except (catches everything)
+grep -rn "except:" --include="*.py"
+
+# Overly broad except Exception
+grep -rn "except Exception:" --include="*.py" | grep -v "# noqa"
+```
+
+## Data Modeling Detection
+
+### Mutable Default Arguments
+
+```bash
+# List defaults
+grep -rn "def .*=\s*\[\]" --include="*.py"
+
+# Dict defaults
+grep -rn "def .*=\s*{}" --include="*.py"
+
+# Set defaults
+grep -rn "def .*=\s*set()" --include="*.py"
+```
+
+### Raw Dict Usage Instead of Dataclasses
+
+```bash
+# Dict literals assigned to typed variables
+grep -rn ': dict\[' --include="*.py" | grep "= {"
+
+# Nested dict access patterns (fragile)
+grep -rn '\["[a-z].*\]\["' --include="*.py"
+```
+
+## Anti-Pattern Detection
+
+### Assert in Production Code
+
+```bash
+# Assert statements outside test files
+grep -rn "^    assert " --include="*.py" | grep -v "test_\|_test\.py\|tests/"
+```
+
+### Global Mutable State
+
+```bash
+# Global variable assignment
+grep -rn "^[a-z_].*= \[\]\|^[a-z_].*= {}\|^[a-z_].*= set()" --include="*.py"
+
+# Global keyword usage
+grep -rn "global " --include="*.py"
+```
+
+### Old-Style String Formatting
+
+```bash
+# Percent formatting
+grep -rn '"%.*" %' --include="*.py"
+grep -rn "'%.*' %" --include="*.py"
+
+# .format() where f-strings would be cleaner
+grep -rn '\.format(' --include="*.py"
+```
+
+### Wildcard Imports
+
+```bash
+# Star imports
+grep -rn "from .* import \*" --include="*.py"
+```
+
+## Async Detection
+
+### Missing Await
+
+```bash
+# Coroutine called without await (common mistake)
+grep -rn "async def" --include="*.py" -l | xargs grep -n "[^await ]fetch\|[^await ]save\|[^await ]send"
+```
+
+### Blocking Calls in Async Code
+
+```bash
+# time.sleep in async context
+grep -rn "time\.sleep" --include="*.py"
+
+# requests library in async files (should use aiohttp/httpx)
+grep -rn "import requests\|from requests" --include="*.py"
+```
+
+## Security Detection
+
+### Unsafe Deserialization
+
+```bash
+# pickle usage (arbitrary code execution risk)
+grep -rn "pickle\.loads\|pickle\.load(" --include="*.py"
+
+# yaml.load without SafeLoader
+grep -rn "yaml\.load(" --include="*.py" | grep -v "SafeLoader\|safe_load"
+```
+
+### Shell Injection
+
+```bash
+# subprocess with shell=True
+grep -rn "shell=True" --include="*.py"
+
+# os.system calls
+grep -rn "os\.system(" --include="*.py"
+```

package/shared/skills/python/references/patterns.md

@@ -0,0 +1,226 @@
+# Python Correct Patterns
+
+Extended correct patterns for Python development. Reference from main SKILL.md.
+
+## Dependency Injection
+
+### Constructor Injection
+
+```python
+from typing import Protocol
+
+class EmailSender(Protocol):
+    def send(self, to: str, subject: str, body: str) -> None: ...
+
+class UserService:
+    def __init__(self, repo: UserRepository, emailer: EmailSender) -> None:
+        self._repo = repo
+        self._emailer = emailer
+
+    def create_user(self, request: CreateUserRequest) -> User:
+        user = User(name=request.name, email=request.email)
+        saved = self._repo.save(user)
+        self._emailer.send(user.email, "Welcome", f"Hello {user.name}")
+        return saved
+
+# Easy to test — inject fakes
+service = UserService(repo=FakeUserRepo(), emailer=FakeEmailSender())
+```
+
+### Factory Functions
+
+```python
+def create_app(config: AppConfig) -> Flask:
+    app = Flask(__name__)
+    db = Database(config.database_url)
+    cache = RedisCache(config.redis_url)
+    user_service = UserService(repo=SqlUserRepo(db), emailer=SmtpSender(config.smtp))
+    register_routes(app, user_service)
+    return app
+```
+
+## Decorator Patterns
+
+### Retry Decorator
+
+```python
+import functools
+import time
+from typing import TypeVar, Callable, ParamSpec
+
+P = ParamSpec("P")
+R = TypeVar("R")
+
+def retry(
+    max_attempts: int = 3,
+    delay: float = 1.0,
+    exceptions: tuple[type[Exception], ...] = (Exception,),
+) -> Callable[[Callable[P, R]], Callable[P, R]]:
+    def decorator(func: Callable[P, R]) -> Callable[P, R]:
+        @functools.wraps(func)
+        def wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+            last_error: Exception | None = None
+            for attempt in range(max_attempts):
+                try:
+                    return func(*args, **kwargs)
+                except exceptions as e:
+                    last_error = e
+                    if attempt < max_attempts - 1:
+                        time.sleep(delay * (2 ** attempt))
+            raise last_error  # type: ignore[misc]
+        return wrapper
+    return decorator
+
+@retry(max_attempts=3, delay=0.5, exceptions=(ConnectionError, TimeoutError))
+def fetch_data(url: str) -> dict[str, Any]:
+    ...
+```
+
+### Validation Decorator
+
+```python
+def validate_input(schema: type[BaseModel]):
+    def decorator(func: Callable[P, R]) -> Callable[P, R]:
+        @functools.wraps(func)
+        def wrapper(*args: P.args, **kwargs: P.kwargs) -> R:
+            # Validate first positional arg after self/cls
+            data = args[1] if len(args) > 1 else args[0]
+            schema.model_validate(data)
+            return func(*args, **kwargs)
+        return wrapper
+    return decorator
+```
+
+## Context Manager Patterns
+
+### Database Transaction
+
+```python
+from contextlib import contextmanager
+from typing import Generator
+
+@contextmanager
+def transaction(session: Session) -> Generator[Session, None, None]:
+    try:
+        yield session
+        session.commit()
+    except Exception:
+        session.rollback()
+        raise
+    finally:
+        session.close()
+
+# Usage
+with transaction(db.session()) as session:
+    session.add(user)
+    session.add(audit_log)
+```
+
+### Temporary Directory
+
+```python
+from contextlib import contextmanager
+from pathlib import Path
+import tempfile
+import shutil
+
+@contextmanager
+def temp_workspace() -> Generator[Path, None, None]:
+    path = Path(tempfile.mkdtemp())
+    try:
+        yield path
+    finally:
+        shutil.rmtree(path, ignore_errors=True)
+```
+
+## Pytest Fixture Patterns
+
+### Service Fixtures with DI
+
+```python
+import pytest
+
+@pytest.fixture
+def fake_repo() -> FakeUserRepo:
+    return FakeUserRepo()
+
+@pytest.fixture
+def fake_emailer() -> FakeEmailSender:
+    return FakeEmailSender()
+
+@pytest.fixture
+def user_service(fake_repo: FakeUserRepo, fake_emailer: FakeEmailSender) -> UserService:
+    return UserService(repo=fake_repo, emailer=fake_emailer)
+
+def test_create_user_sends_welcome_email(
+    user_service: UserService,
+    fake_emailer: FakeEmailSender,
+) -> None:
+    user_service.create_user(CreateUserRequest(name="Alice", email="a@b.com"))
+    assert fake_emailer.sent_count == 1
+    assert fake_emailer.last_to == "a@b.com"
+```
+
+### Parametrized Tests
+
+```python
+@pytest.mark.parametrize(
+    "input_age, expected_valid",
+    [
+        (25, True),
+        (0, True),
+        (150, True),
+        (-1, False),
+        (151, False),
+        (None, False),
+    ],
+)
+def test_age_validation(input_age: int | None, expected_valid: bool) -> None:
+    result = validate_age(input_age)
+    assert result.is_valid == expected_valid
+```
+
+## Structured Logging
+
+```python
+import structlog
+
+logger = structlog.get_logger()
+
+def process_order(order: Order) -> OrderResult:
+    log = logger.bind(order_id=order.id, user_id=order.user_id)
+    log.info("processing_order", item_count=len(order.items))
+
+    try:
+        result = fulfill(order)
+        log.info("order_fulfilled", total=result.total)
+        return result
+    except InsufficientStockError as e:
+        log.warning("order_failed_stock", item_id=e.item_id)
+        raise
+```
+
+## Enum Patterns
+
+```python
+from enum import Enum, auto
+
+class OrderStatus(Enum):
+    PENDING = auto()
+    PROCESSING = auto()
+    SHIPPED = auto()
+    DELIVERED = auto()
+    CANCELLED = auto()
+
+    @property
+    def is_terminal(self) -> bool:
+        return self in (OrderStatus.DELIVERED, OrderStatus.CANCELLED)
+
+    def can_transition_to(self, target: "OrderStatus") -> bool:
+        valid = {
+            OrderStatus.PENDING: {OrderStatus.PROCESSING, OrderStatus.CANCELLED},
+            OrderStatus.PROCESSING: {OrderStatus.SHIPPED, OrderStatus.CANCELLED},
+            OrderStatus.SHIPPED: {OrderStatus.DELIVERED},
+        }
+        return target in valid.get(self, set())
+```

package/shared/skills/python/references/violations.md

@@ -0,0 +1,204 @@
+# Python Violation Examples
+
+Extended violation patterns for Python reviews. Reference from main SKILL.md.
+
+## Type Safety Violations
+
+### Missing Type Hints
+
+```python
+# VIOLATION: No type annotations
+def process(data, config):
+    result = transform(data)
+    return result
+
+# VIOLATION: Partial annotations (inconsistent)
+def save(user: User, db):  # db missing type
+    return db.insert(user)
+
+# VIOLATION: Missing return type
+def calculate_total(items: list[Item]):
+    return sum(item.price for item in items)
+```
+
+### Bare Except Clauses
+
+```python
+# VIOLATION: Catches everything including SystemExit and KeyboardInterrupt
+try:
+    process_data()
+except:
+    pass
+
+# VIOLATION: Catches too broadly and silences
+try:
+    user = fetch_user(user_id)
+except Exception:
+    user = None  # Hides real errors (network, auth, parsing)
+
+# VIOLATION: Bare except with logging but no re-raise
+try:
+    critical_operation()
+except:
+    logger.error("Something failed")
+    # Swallows the error — caller never knows
+```
+
+## Data Modeling Violations
+
+### Raw Dicts Instead of Dataclasses
+
+```python
+# VIOLATION: Untyped dict — no IDE support, no validation
+user = {
+    "name": "Alice",
+    "email": "alice@example.com",
+    "age": 30,
+}
+
+# VIOLATION: Accessing dict keys without safety
+def get_display_name(user: dict) -> str:
+    return f"{user['first_name']} {user['last_name']}"  # KeyError risk
+
+# VIOLATION: Nested untyped dicts
+config = {
+    "database": {
+        "host": "localhost",
+        "port": 5432,
+    },
+    "cache": {
+        "ttl": 300,
+    },
+}
+```
+
+### Mutable Default Arguments
+
+```python
+# VIOLATION: Mutable default shared across calls
+def add_item(item: str, items: list[str] = []) -> list[str]:
+    items.append(item)
+    return items
+
+# VIOLATION: Dict default mutated in place
+def register(name: str, registry: dict[str, bool] = {}) -> None:
+    registry[name] = True
+
+# VIOLATION: Set default
+def collect(value: int, seen: set[int] = set()) -> set[int]:
+    seen.add(value)
+    return seen
+```
+
+## String Formatting Violations
+
+### Percent Formatting
+
+```python
+# VIOLATION: Old-style % formatting
+message = "Hello %s, you have %d messages" % (name, count)
+
+# VIOLATION: % formatting with dict — hard to read, error-prone
+log = "%(timestamp)s - %(level)s - %(message)s" % log_data
+```
+
+### String Concatenation in Loops
+
+```python
+# VIOLATION: O(n^2) string building
+result = ""
+for line in lines:
+    result += line + "\n"
+
+# CORRECT: Use join
+result = "\n".join(lines)
+```
+
+## Global State Violations
+
+### Module-Level Mutable State
+
+```python
+# VIOLATION: Global mutable state
+_cache = {}
+_connections = []
+
+def get_cached(key: str) -> Any:
+    return _cache.get(key)
+
+def add_connection(conn: Connection) -> None:
+    _connections.append(conn)
+
+# VIOLATION: Global variable modified by functions
+current_user = None
+
+def login(username: str) -> None:
+    global current_user
+    current_user = authenticate(username)
+```
+
+### Singleton via Module Import
+
+```python
+# VIOLATION: Hard-to-test singleton
+# db.py
+connection = create_connection(os.environ["DATABASE_URL"])
+
+# service.py
+from db import connection  # Cannot mock or swap for tests
+```
+
+## Import Violations
+
+### Wildcard Imports
+
+```python
+# VIOLATION: Pollutes namespace, hides dependencies
+from os.path import *
+from utils import *
+
+# VIOLATION: Star import in __init__.py
+# mypackage/__init__.py
+from .models import *
+from .services import *
+```
+
+### Circular Imports
+
+```python
+# VIOLATION: Circular dependency
+# models.py
+from services import UserService  # services imports models too
+
+# services.py
+from models import User  # Circular!
+```
+
+## Testing Violations
+
+### Assert in Production Code
+
+```python
+# VIOLATION: assert is stripped with -O flag
+def withdraw(account: Account, amount: float) -> None:
+    assert amount > 0, "Amount must be positive"  # Disabled in production!
+    assert account.balance >= amount, "Insufficient funds"
+    account.balance -= amount
+```
+
+### No pytest Fixtures
+
+```python
+# VIOLATION: Repeated setup in every test
+def test_create_user():
+    db = Database(":memory:")
+    db.create_tables()
+    service = UserService(db)
+    # ... test logic
+
+def test_update_user():
+    db = Database(":memory:")  # Duplicated setup
+    db.create_tables()
+    service = UserService(db)
+    # ... test logic
+```

package/shared/skills/react/SKILL.md

@@ -95,7 +95,7 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
   const [user, setUser] = useState<User | null>(null);
   const login = async (creds: Credentials) => setUser(await authApi.login(creds));
   const logout = () => { authApi.logout(); setUser(null); };
-  return <AuthContext.Provider value={{ user, login, logout }}>{children}</AuthContext.Provider>;
+  return <AuthContext value={{ user, login, logout }}>{children}</AuthContext>;
 }
 
 export function useAuth() {

package/shared/skills/react/references/patterns.md

@@ -429,9 +429,9 @@ export function AuthProvider({ children }: { children: React.ReactNode }) {
   };
 
   return (
-    <AuthContext.Provider value={{ user, login, logout, isLoading }}>
+    <AuthContext value={{ user, login, logout, isLoading }}>
       {children}
-    </AuthContext.Provider>
+    </AuthContext>
   );
 }
 
@@ -590,7 +590,7 @@ function SearchInput() {
 ```tsx
 // CORRECT: Track previous value for comparisons
 function usePrevious<T>(value: T): T | undefined {
-  const ref = useRef<T>();
+  const ref = useRef<T | undefined>(undefined);
 
   useEffect(() => {
     ref.current = value;

package/shared/skills/regression-patterns/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: regression-patterns
-description: Regression analysis patterns for code review. Detects lost functionality, removed exports, changed signatures, and behavioral changes that break existing consumers. Loaded by Reviewer agent when focus=regression.
+description: This skill should be used when reviewing changes that may remove exports, change signatures, or alter behavior.
 user-invocable: false
 allowed-tools: Read, Grep, Glob
 ---

package/shared/skills/review-methodology/SKILL.md

@@ -1,6 +1,6 @@
 ---
 name: review-methodology
-description: Standard review methodology providing the 6-step process and 3-category issue classification (must-fix, should-fix, nit) used by all DevFlow review agents. Ensures consistent, fair, and actionable code reviews across all focus areas. Loaded by the unified Reviewer agent.
+description: This skill should be used when performing a code review to apply the standard 6-step review process.
 user-invocable: false
 allowed-tools: Read, Grep, Glob, Bash
 ---