hive-skills 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +28 -0
- package/README.md +235 -0
- package/assets/LICENSE +32 -0
- package/assets/THIRD_PARTY_NOTICES.md +72 -0
- package/assets/manifest.json +1290 -0
- package/assets/skills/authored/code-review/composable/BUNDLE.md +192 -0
- package/assets/skills/authored/code-review/composable/INDEX.md +13 -0
- package/assets/skills/authored/code-review/composable/VERSION +1 -0
- package/assets/skills/authored/code-review/composable/mini/01-review-method.md +34 -0
- package/assets/skills/authored/code-review/composable/mini/02-security-review.md +20 -0
- package/assets/skills/authored/code-review/composable/mini/03-correctness-bugs.md +19 -0
- package/assets/skills/authored/code-review/composable/mini/04-concurrency.md +16 -0
- package/assets/skills/authored/code-review/composable/mini/05-error-handling.md +12 -0
- package/assets/skills/authored/code-review/composable/mini/06-performance.md +11 -0
- package/assets/skills/authored/code-review/composable/mini/07-api-design.md +20 -0
- package/assets/skills/authored/code-review/composable/mini/08-missing-tests.md +25 -0
- package/assets/skills/authored/code-review/composable/mini/09-refactoring-and-communication.md +32 -0
- package/assets/skills/authored/data-analysis/composable/BUNDLE.md +186 -0
- package/assets/skills/authored/data-analysis/composable/INDEX.md +13 -0
- package/assets/skills/authored/data-analysis/composable/VERSION +1 -0
- package/assets/skills/authored/data-analysis/composable/mini/01-data-quality-profiling.md +26 -0
- package/assets/skills/authored/data-analysis/composable/mini/02-aggregation-pitfalls.md +21 -0
- package/assets/skills/authored/data-analysis/composable/mini/03-time-series.md +19 -0
- package/assets/skills/authored/data-analysis/composable/mini/04-segmentation.md +23 -0
- package/assets/skills/authored/data-analysis/composable/mini/05-discount-pricing.md +17 -0
- package/assets/skills/authored/data-analysis/composable/mini/06-insight-generation.md +25 -0
- package/assets/skills/authored/data-analysis/composable/mini/07-executive-writing.md +26 -0
- package/assets/skills/authored/data-analysis/composable/mini/08-recommendations.md +20 -0
- package/assets/skills/authored/data-analysis/composable/mini/09-reproducibility-assumptions.md +20 -0
- package/assets/skills/authored/financial-analysis/composable/BUNDLE.md +1293 -0
- package/assets/skills/authored/financial-analysis/composable/INDEX.md +17 -0
- package/assets/skills/authored/financial-analysis/composable/VERSION +1 -0
- package/assets/skills/authored/financial-analysis/composable/mini/00-core.md +69 -0
- package/assets/skills/authored/financial-analysis/composable/mini/01-profitability-efficiency-ratios.md +173 -0
- package/assets/skills/authored/financial-analysis/composable/mini/02-liquidity-leverage-ratios.md +120 -0
- package/assets/skills/authored/financial-analysis/composable/mini/03-valuation-ratios-interpretation.md +107 -0
- package/assets/skills/authored/financial-analysis/composable/mini/04-dcf-projection-wacc.md +122 -0
- package/assets/skills/authored/financial-analysis/composable/mini/05-dcf-terminal-value-sensitivity.md +75 -0
- package/assets/skills/authored/financial-analysis/composable/mini/06-comparables-precedents.md +78 -0
- package/assets/skills/authored/financial-analysis/composable/mini/07-budget-variance-analysis.md +47 -0
- package/assets/skills/authored/financial-analysis/composable/mini/08-driver-based-forecasting-scenarios.md +111 -0
- package/assets/skills/authored/financial-analysis/composable/mini/09-rolling-forecasts-accuracy.md +114 -0
- package/assets/skills/authored/financial-analysis/composable/mini/10-reporting-exec-summary.md +58 -0
- package/assets/skills/authored/financial-analysis/composable/mini/11-industry-adaptations.md +130 -0
- package/assets/skills/authored/financial-analysis/composable/mini/12-toolkit-scripts-io.md +102 -0
- package/assets/skills/authored/python-api/composable/BUNDLE.md +389 -0
- package/assets/skills/authored/python-api/composable/INDEX.md +13 -0
- package/assets/skills/authored/python-api/composable/VERSION +1 -0
- package/assets/skills/authored/python-api/composable/mini/01-project-structure.md +44 -0
- package/assets/skills/authored/python-api/composable/mini/02-routing-and-app.md +38 -0
- package/assets/skills/authored/python-api/composable/mini/03-pydantic-models.md +45 -0
- package/assets/skills/authored/python-api/composable/mini/04-validation-and-errors.md +59 -0
- package/assets/skills/authored/python-api/composable/mini/05-dependencies-and-auth.md +60 -0
- package/assets/skills/authored/python-api/composable/mini/06-pagination-filtering.md +44 -0
- package/assets/skills/authored/python-api/composable/mini/07-async-performance.md +30 -0
- package/assets/skills/authored/python-api/composable/mini/08-testing.md +45 -0
- package/assets/skills/authored/python-api/composable/mini/09-middleware-observability.md +29 -0
- package/assets/skills/authored/tech-writing/composable/BUNDLE.md +220 -0
- package/assets/skills/authored/tech-writing/composable/INDEX.md +12 -0
- package/assets/skills/authored/tech-writing/composable/VERSION +1 -0
- package/assets/skills/authored/tech-writing/composable/mini/01-audience-analysis.md +26 -0
- package/assets/skills/authored/tech-writing/composable/mini/02-document-types.md +27 -0
- package/assets/skills/authored/tech-writing/composable/mini/03-readme-quickstart-changelog.md +22 -0
- package/assets/skills/authored/tech-writing/composable/mini/04-information-architecture.md +21 -0
- package/assets/skills/authored/tech-writing/composable/mini/05-style-clarity.md +29 -0
- package/assets/skills/authored/tech-writing/composable/mini/06-breaking-changes-migrations.md +33 -0
- package/assets/skills/authored/tech-writing/composable/mini/07-troubleshooting-security.md +30 -0
- package/assets/skills/authored/tech-writing/composable/mini/08-faq-voice-tone.md +32 -0
- package/assets/skills/converted/claude-api/composable/BUNDLE.md +14996 -0
- package/assets/skills/converted/claude-api/composable/INDEX.md +98 -0
- package/assets/skills/converted/claude-api/composable/VERSION +1 -0
- package/assets/skills/converted/claude-api/composable/mini/00-core.md +235 -0
- package/assets/skills/converted/claude-api/composable/mini/01-model-api-quick-reference.md +258 -0
- package/assets/skills/converted/claude-api/composable/mini/02-common-pitfalls.md +42 -0
- package/assets/skills/converted/claude-api/composable/mini/10-models.md +135 -0
- package/assets/skills/converted/claude-api/composable/mini/11-platform-availability.md +96 -0
- package/assets/skills/converted/claude-api/composable/mini/12-claude-platform-on-aws.md +59 -0
- package/assets/skills/converted/claude-api/composable/mini/13-live-sources.md +143 -0
- package/assets/skills/converted/claude-api/composable/mini/14-error-codes.md +256 -0
- package/assets/skills/converted/claude-api/composable/mini/15-prompt-caching.md +223 -0
- package/assets/skills/converted/claude-api/composable/mini/16-token-counting.md +56 -0
- package/assets/skills/converted/claude-api/composable/mini/17-tool-use-concepts.md +444 -0
- package/assets/skills/converted/claude-api/composable/mini/18-agent-design.md +101 -0
- package/assets/skills/converted/claude-api/composable/mini/19-anthropic-cli.md +246 -0
- package/assets/skills/converted/claude-api/composable/mini/20-model-migration.md +1301 -0
- package/assets/skills/converted/claude-api/composable/mini/30-managed-agents-overview.md +71 -0
- package/assets/skills/converted/claude-api/composable/mini/31-managed-agents-core.md +278 -0
- package/assets/skills/converted/claude-api/composable/mini/32-managed-agents-environments.md +219 -0
- package/assets/skills/converted/claude-api/composable/mini/33-managed-agents-tools.md +366 -0
- package/assets/skills/converted/claude-api/composable/mini/34-managed-agents-events.md +252 -0
- package/assets/skills/converted/claude-api/composable/mini/35-managed-agents-outcomes.md +106 -0
- package/assets/skills/converted/claude-api/composable/mini/36-managed-agents-multiagent.md +101 -0
- package/assets/skills/converted/claude-api/composable/mini/37-managed-agents-webhooks.md +123 -0
- package/assets/skills/converted/claude-api/composable/mini/38-managed-agents-memory.md +197 -0
- package/assets/skills/converted/claude-api/composable/mini/39-managed-agents-scheduled-deployments.md +146 -0
- package/assets/skills/converted/claude-api/composable/mini/40-managed-agents-client-patterns.md +211 -0
- package/assets/skills/converted/claude-api/composable/mini/41-managed-agents-onboarding.md +82 -0
- package/assets/skills/converted/claude-api/composable/mini/42-managed-agents-api-reference.md +441 -0
- package/assets/skills/converted/claude-api/composable/mini/43-managed-agents-self-hosted-sandboxes.md +174 -0
- package/assets/skills/converted/claude-api/composable/mini/50-python-readme.md +564 -0
- package/assets/skills/converted/claude-api/composable/mini/51-python-tool-use.md +590 -0
- package/assets/skills/converted/claude-api/composable/mini/52-python-streaming-batches-files.md +549 -0
- package/assets/skills/converted/claude-api/composable/mini/53-python-managed-agents.md +335 -0
- package/assets/skills/converted/claude-api/composable/mini/55-typescript-readme.md +404 -0
- package/assets/skills/converted/claude-api/composable/mini/56-typescript-tool-use.md +548 -0
- package/assets/skills/converted/claude-api/composable/mini/57-typescript-streaming-batches-files.md +384 -0
- package/assets/skills/converted/claude-api/composable/mini/58-typescript-managed-agents.md +358 -0
- package/assets/skills/converted/claude-api/composable/mini/60-csharp-readme.md +361 -0
- package/assets/skills/converted/claude-api/composable/mini/61-csharp-tool-use.md +163 -0
- package/assets/skills/converted/claude-api/composable/mini/62-csharp-streaming-batches-files.md +64 -0
- package/assets/skills/converted/claude-api/composable/mini/65-go-readme.md +185 -0
- package/assets/skills/converted/claude-api/composable/mini/66-go-tool-use.md +219 -0
- package/assets/skills/converted/claude-api/composable/mini/67-go-streaming-files.md +63 -0
- package/assets/skills/converted/claude-api/composable/mini/68-go-managed-agents.md +564 -0
- package/assets/skills/converted/claude-api/composable/mini/70-java-readme.md +237 -0
- package/assets/skills/converted/claude-api/composable/mini/71-java-tool-use.md +227 -0
- package/assets/skills/converted/claude-api/composable/mini/72-java-streaming-files.md +49 -0
- package/assets/skills/converted/claude-api/composable/mini/73-java-managed-agents.md +443 -0
- package/assets/skills/converted/claude-api/composable/mini/75-php-readme.md +173 -0
- package/assets/skills/converted/claude-api/composable/mini/76-php-tool-use.md +252 -0
- package/assets/skills/converted/claude-api/composable/mini/77-php-streaming-batches-files.md +53 -0
- package/assets/skills/converted/claude-api/composable/mini/78-php-managed-agents.md +443 -0
- package/assets/skills/converted/claude-api/composable/mini/80-ruby-readme.md +133 -0
- package/assets/skills/converted/claude-api/composable/mini/81-ruby-tool-use-streaming.md +56 -0
- package/assets/skills/converted/claude-api/composable/mini/82-ruby-managed-agents.md +394 -0
- package/assets/skills/converted/claude-api/composable/mini/85-curl-examples.md +255 -0
- package/assets/skills/converted/claude-api/composable/mini/86-curl-managed-agents.md +340 -0
- package/assets/skills/converted/claude-api/composable/presets/csharp.md +1151 -0
- package/assets/skills/converted/claude-api/composable/presets/curl.md +1154 -0
- package/assets/skills/converted/claude-api/composable/presets/go.md +1598 -0
- package/assets/skills/converted/claude-api/composable/presets/java.md +1523 -0
- package/assets/skills/converted/claude-api/composable/presets/php.md +1488 -0
- package/assets/skills/converted/claude-api/composable/presets/python.md +2605 -0
- package/assets/skills/converted/claude-api/composable/presets/ruby.md +1146 -0
- package/assets/skills/converted/claude-api/composable/presets/shared.md +6478 -0
- package/assets/skills/converted/claude-api/composable/presets/typescript.md +2261 -0
- package/assets/skills/converted/docx/composable/BUNDLE.md +617 -0
- package/assets/skills/converted/docx/composable/INDEX.md +12 -0
- package/assets/skills/converted/docx/composable/VERSION +1 -0
- package/assets/skills/converted/docx/composable/mini/00-core.md +26 -0
- package/assets/skills/converted/docx/composable/mini/01-reading-converting.md +36 -0
- package/assets/skills/converted/docx/composable/mini/02-creating-setup-layout.md +85 -0
- package/assets/skills/converted/docx/composable/mini/03-creating-elements.md +257 -0
- package/assets/skills/converted/docx/composable/mini/04-editing-existing.md +57 -0
- package/assets/skills/converted/docx/composable/mini/05-xml-reference.md +128 -0
- package/assets/skills/converted/internal-comms/composable/BUNDLE.md +220 -0
- package/assets/skills/converted/internal-comms/composable/INDEX.md +11 -0
- package/assets/skills/converted/internal-comms/composable/VERSION +1 -0
- package/assets/skills/converted/internal-comms/composable/mini/00-core.md +30 -0
- package/assets/skills/converted/internal-comms/composable/mini/01-3p-updates.md +49 -0
- package/assets/skills/converted/internal-comms/composable/mini/02-company-newsletter.md +67 -0
- package/assets/skills/converted/internal-comms/composable/mini/03-faq-answers.md +32 -0
- package/assets/skills/converted/internal-comms/composable/mini/04-general-comms.md +18 -0
- package/assets/skills/converted/mcp-builder/composable/BUNDLE.md +2460 -0
- package/assets/skills/converted/mcp-builder/composable/INDEX.md +23 -0
- package/assets/skills/converted/mcp-builder/composable/VERSION +1 -0
- package/assets/skills/converted/mcp-builder/composable/mini/00-core.md +43 -0
- package/assets/skills/converted/mcp-builder/composable/mini/01-workflow-research-planning.md +54 -0
- package/assets/skills/converted/mcp-builder/composable/mini/02-implementation-process.md +78 -0
- package/assets/skills/converted/mcp-builder/composable/mini/03-naming-conventions.md +33 -0
- package/assets/skills/converted/mcp-builder/composable/mini/04-response-formats.md +21 -0
- package/assets/skills/converted/mcp-builder/composable/mini/05-pagination.md +24 -0
- package/assets/skills/converted/mcp-builder/composable/mini/06-transport.md +47 -0
- package/assets/skills/converted/mcp-builder/composable/mini/07-annotations.md +20 -0
- package/assets/skills/converted/mcp-builder/composable/mini/08-security.md +35 -0
- package/assets/skills/converted/mcp-builder/composable/mini/09-error-handling.md +32 -0
- package/assets/skills/converted/mcp-builder/composable/mini/10-testing-and-documentation.md +21 -0
- package/assets/skills/converted/mcp-builder/composable/mini/11-python-implementation.md +432 -0
- package/assets/skills/converted/mcp-builder/composable/mini/12-python-advanced-and-checklist.md +233 -0
- package/assets/skills/converted/mcp-builder/composable/mini/13-node-implementation.md +717 -0
- package/assets/skills/converted/mcp-builder/composable/mini/14-node-advanced-and-checklist.md +200 -0
- package/assets/skills/converted/mcp-builder/composable/mini/15-evaluation-design.md +200 -0
- package/assets/skills/converted/mcp-builder/composable/mini/16-evaluation-running.md +198 -0
- package/assets/skills/converted/mcp-builder/composable/presets/node-server.md +1381 -0
- package/assets/skills/converted/mcp-builder/composable/presets/python-server.md +1129 -0
- package/assets/skills/converted/pdf/composable/BUNDLE.md +1284 -0
- package/assets/skills/converted/pdf/composable/INDEX.md +14 -0
- package/assets/skills/converted/pdf/composable/VERSION +1 -0
- package/assets/skills/converted/pdf/composable/mini/00-core.md +46 -0
- package/assets/skills/converted/pdf/composable/mini/01-creation.md +176 -0
- package/assets/skills/converted/pdf/composable/mini/02-extraction.md +178 -0
- package/assets/skills/converted/pdf/composable/mini/03-merge-split-manipulate.md +240 -0
- package/assets/skills/converted/pdf/composable/mini/04-images-ocr.md +168 -0
- package/assets/skills/converted/pdf/composable/mini/05-encryption.md +51 -0
- package/assets/skills/converted/pdf/composable/mini/06-forms.md +300 -0
- package/assets/skills/converted/pdf/composable/mini/07-libraries-reference.md +89 -0
- package/assets/skills/converted/pptx/composable/BUNDLE.md +911 -0
- package/assets/skills/converted/pptx/composable/INDEX.md +12 -0
- package/assets/skills/converted/pptx/composable/VERSION +1 -0
- package/assets/skills/converted/pptx/composable/mini/00-core.md +37 -0
- package/assets/skills/converted/pptx/composable/mini/01-reading.md +37 -0
- package/assets/skills/converted/pptx/composable/mini/02-creating-from-scratch.md +422 -0
- package/assets/skills/converted/pptx/composable/mini/03-editing-templates.md +207 -0
- package/assets/skills/converted/pptx/composable/mini/04-design.md +89 -0
- package/assets/skills/converted/pptx/composable/mini/05-qa-and-rendering.md +91 -0
- package/assets/skills/converted/pptx/composable/presets/creating.md +659 -0
- package/assets/skills/converted/pptx/composable/presets/editing.md +485 -0
- package/assets/skills/converted/skill-creator/composable/BUNDLE.md +1681 -0
- package/assets/skills/converted/skill-creator/composable/INDEX.md +21 -0
- package/assets/skills/converted/skill-creator/composable/VERSION +1 -0
- package/assets/skills/converted/skill-creator/composable/mini/00-core.md +59 -0
- package/assets/skills/converted/skill-creator/composable/mini/01-creating-a-skill.md +27 -0
- package/assets/skills/converted/skill-creator/composable/mini/02-skill-writing-guide.md +71 -0
- package/assets/skills/converted/skill-creator/composable/mini/03-test-cases.md +21 -0
- package/assets/skills/converted/skill-creator/composable/mini/04-running-and-evaluating.md +128 -0
- package/assets/skills/converted/skill-creator/composable/mini/05-improving-the-skill.md +30 -0
- package/assets/skills/converted/skill-creator/composable/mini/06-blind-comparison.md +5 -0
- package/assets/skills/converted/skill-creator/composable/mini/07-description-optimization.md +74 -0
- package/assets/skills/converted/skill-creator/composable/mini/08-packaging.md +11 -0
- package/assets/skills/converted/skill-creator/composable/mini/09-environment-specific.md +38 -0
- package/assets/skills/converted/skill-creator/composable/mini/10-scripts-and-references.md +34 -0
- package/assets/skills/converted/skill-creator/composable/mini/11-json-schemas.md +414 -0
- package/assets/skills/converted/skill-creator/composable/mini/12-agent-grader.md +225 -0
- package/assets/skills/converted/skill-creator/composable/mini/13-agent-comparator.md +204 -0
- package/assets/skills/converted/skill-creator/composable/mini/14-agent-analyzer.md +276 -0
- package/assets/skills/converted/skill-creator/composable/presets/authoring.md +198 -0
- package/assets/skills/converted/skill-creator/composable/presets/evaluating.md +1334 -0
- package/assets/skills/converted/skill-creator/composable/presets/optimizing.md +160 -0
- package/assets/skills/converted/skill-creator/composable/presets.json +5 -0
- package/assets/skills/meta/ccs-skill-creator/composable/BUNDLE.md +465 -0
- package/assets/skills/meta/ccs-skill-creator/composable/INDEX.md +8 -0
- package/assets/skills/meta/ccs-skill-creator/composable/VERSION +1 -0
- package/assets/skills/meta/ccs-skill-creator/composable/mini/00-core.md +46 -0
- package/assets/skills/meta/ccs-skill-creator/composable/mini/01-create-new-skill.md +167 -0
- package/assets/skills/meta/ccs-skill-creator/composable/mini/02-convert-existing-skill.md +120 -0
- package/assets/skills/meta/ccs-skill-creator/composable/mini/03-review-and-maintain.md +112 -0
- package/assets/skills/sources/anthropic/PROVENANCE.md +3 -0
- package/assets/skills/sources/anthropic/claude-api/LICENSE.txt +202 -0
- package/assets/skills/sources/anthropic/docx/LICENSE.txt +30 -0
- package/assets/skills/sources/anthropic/internal-comms/LICENSE.txt +202 -0
- package/assets/skills/sources/anthropic/mcp-builder/LICENSE.txt +202 -0
- package/assets/skills/sources/anthropic/pdf/LICENSE.txt +30 -0
- package/assets/skills/sources/anthropic/pptx/LICENSE.txt +30 -0
- package/assets/skills/sources/anthropic/skill-creator/LICENSE.txt +202 -0
- package/assets/skills/sources/financial-analyst/PROVENANCE.md +1 -0
- package/assets/tools/hive.py +728 -0
- package/dist/cli.js +7494 -0
- package/package.json +40 -0
|
@@ -0,0 +1,192 @@
|
|
|
1
|
+
<!-- GENERATED by tools/hive.py compile. Do not hand-edit. -->
|
|
2
|
+
# code-review: Compiled Skill Bundle (v1.0.0)
|
|
3
|
+
|
|
4
|
+
All composable mini-skills for `code-review` concatenated in index order, frontmatter stripped. Regenerate with `tools/hive.py compile <skill-dir>`. Do not edit by hand.
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
<!-- module: 01-review-method.md -->
|
|
8
|
+
|
|
9
|
+
# Review Mindset & Method
|
|
10
|
+
|
|
11
|
+
A review's job is to find the defects that matter and communicate them so they get fixed. Everything else is secondary.
|
|
12
|
+
|
|
13
|
+
**Read with a threat model.** For the code in front of you, ask: what does it trust? What can an attacker or a buggy caller feed it? What happens when each assumption is false? Bugs live where assumptions meet reality.
|
|
14
|
+
|
|
15
|
+
**Read enough context.** Review the diff, but read the surrounding code to understand invariants. A change is only correct relative to the contract of the functions it calls and the callers it serves. A line that looks fine in isolation may violate a precondition established elsewhere.
|
|
16
|
+
|
|
17
|
+
**Work in passes, not one linear read:**
|
|
18
|
+
1. Understand intent and the happy path: what is this trying to do?
|
|
19
|
+
2. Hunt correctness and security defects: where does it break?
|
|
20
|
+
3. Consider concurrency, error handling, and performance.
|
|
21
|
+
4. Assess tests and design: is the change complete and maintainable?
|
|
22
|
+
|
|
23
|
+
**Prioritize by impact.** A security hole or data-corruption bug outranks a style nit every time. Spend your attention budget on the code that can hurt: input handling, auth, money, state mutation, external calls. Skim boilerplate.
|
|
24
|
+
|
|
25
|
+
**Reproduce before you report.** For each candidate defect, construct the concrete input or interleaving that triggers it. A finding you can trace to a failing scenario is strong; a vague "this looks risky" is weak and erodes trust in the review.
|
|
26
|
+
|
|
27
|
+
**Stay collaborative.** Assume competence; ask when intent is unclear rather than assuming a mistake. The goal is better code merged, not a scorecard. Lead with the findings that matter and don't bury a critical issue under a pile of nits.
|
|
28
|
+
|
|
29
|
+
**A fast sweep to run against any non-trivial change:**
|
|
30
|
+
- Security: untrusted input reaching SQL/shell/templates parameterized? Paths canonicalized and contained? No hardcoded secrets? Strong password hashing, CSPRNG for tokens? Every object access authorized, not just authenticated?
|
|
31
|
+
- Correctness: boundaries (empty/one/last) handled? `None` guarded? No mutable default args? Money in `Decimal`/integers?
|
|
32
|
+
- Concurrency: shared state locked or avoided? Check-then-act atomic? No blocking call in async code?
|
|
33
|
+
- Errors: no bare `except`/silent swallow? Cleanup on every path? Multi-step mutations transactional?
|
|
34
|
+
- Performance: no query/network call in a loop (N+1)? No list-membership tests in hot loops? Large data streamed?
|
|
35
|
+
- Design & tests: interfaces single-purpose and backward-compatible? Risky branches and the new security check covered by meaningful tests, with a regression test for any fix?
|
|
36
|
+
|
|
37
|
+
Run the sweep, then focus your attention on the two or three areas the change actually touches: the checklist finds candidates, deep reading confirms them.
|
|
38
|
+
|
|
39
|
+
---
|
|
40
|
+
<!-- module: 02-security-review.md -->
|
|
41
|
+
|
|
42
|
+
# Security Review
|
|
43
|
+
|
|
44
|
+
Security bugs are the highest-value finding. Work these categories on any change touching input, storage, or external systems.
|
|
45
|
+
|
|
46
|
+
**Injection.** Untrusted input reaching an interpreter (SQL, shell, LDAP, XML, template) needs parameterization, not concatenation. Flag `f"SELECT ... WHERE id = {user_id}"` and `execute("... %s" % val)`; require bound parameters: `execute("... WHERE id = %s", (user_id,))`. For shell, flag `os.system` and `subprocess.run(..., shell=True)` with interpolated input; require `shell=False` with an arg list. Watch ORM/NoSQL operators injected via user-controlled dicts.
|
|
47
|
+
|
|
48
|
+
**Path traversal.** When a path comes from input, `../` can escape the intended directory. Require canonicalization + containment: resolve the real path and verify it's inside the base (`Path.resolve().is_relative_to(base)` or `realpath(p).startswith(base)`). Reject absolute paths and null bytes.
|
|
49
|
+
|
|
50
|
+
**Secrets.** Flag hardcoded API keys, passwords, tokens, private keys in source, including test fixtures and example configs. Secrets belong in env vars or a secret manager, never the repo or logs. Check that logs and error messages don't echo credentials.
|
|
51
|
+
|
|
52
|
+
**Crypto.** Flag MD5/SHA-1 for security use and passwords stored with a fast hash or none. Passwords need bcrypt/scrypt/argon2 with per-user salt. Flag ECB mode, static/zero IVs, and reused IVs. Require a CSPRNG (`secrets`, `os.urandom`) for tokens, never `random`. Check TLS verification isn't disabled (`verify=False`).
|
|
53
|
+
|
|
54
|
+
**AuthN vs AuthZ.** Authentication is who you are; authorization is what you may do. The classic bug (IDOR): an endpoint authenticates the user but never checks the requested object belongs to them. Verify every object access is scoped to the caller's permissions, and that "internal"/admin routes have access control.
|
|
55
|
+
|
|
56
|
+
**Other high-value checks.** SSRF (server fetching a user-supplied URL: allowlist hosts, block internal ranges); unsafe deserialization (`pickle`, `yaml.load` without `SafeLoader`); open redirects; missing rate limits on auth endpoints. Validate and bound all input at the trust boundary.
|
|
57
|
+
|
|
58
|
+
---
|
|
59
|
+
<!-- module: 03-correctness-bugs.md -->
|
|
60
|
+
|
|
61
|
+
# Correctness Bugs
|
|
62
|
+
|
|
63
|
+
These defects make code do the wrong thing on some input. Check each category, and for every candidate construct the concrete triggering input.
|
|
64
|
+
|
|
65
|
+
- **Off-by-one / boundary:** empty collections, single-element cases, the last index, inclusive vs exclusive ranges. Most boundary bugs hide at size 0 and size 1.
|
|
66
|
+
- **None/null handling:** a value that can be `None` used without a guard; `dict.get()` returning `None` then dereferenced; a function returning `None` on a path the caller doesn't expect.
|
|
67
|
+
- **Type and coercion bugs:** comparing strings to ints, truthiness of `0` / `""` / `[]` mistaken for "missing" (use explicit `is None`), integer vs float division.
|
|
68
|
+
- **Incorrect conditionals:** inverted logic, `and`/`or` precedence, `==` vs `is`, De Morgan mistakes, a `not` binding to the wrong clause.
|
|
69
|
+
- **Mutable default arguments:** `def f(x, acc=[])`: the default is created once and shared across all calls, so it accumulates. Use `None` and initialize inside the function.
|
|
70
|
+
- **Loop and state bugs:** modifying a collection while iterating it; an accumulator reset in the wrong scope; an early `return`/`break` that skips cleanup or a later necessary step.
|
|
71
|
+
- **Resource leaks:** files, sockets, DB connections not closed on every path (including exceptions). Require context managers (`with`).
|
|
72
|
+
- **Floating-point money:** never use binary floats for currency. Rounding errors accumulate. Use integer cents or `Decimal`.
|
|
73
|
+
|
|
74
|
+
The discipline that separates a strong finding from noise: name the exact input and the wrong output it produces. "This crashes when `items` is empty because line 12 indexes `items[0]`" is actionable; "the loop looks off" is not.
|
|
75
|
+
|
|
76
|
+
---
|
|
77
|
+
<!-- module: 04-concurrency.md -->
|
|
78
|
+
|
|
79
|
+
# Concurrency
|
|
80
|
+
|
|
81
|
+
Concurrency defects are subtle and rarely covered by tests, so review them deliberately whenever code is threaded, async, or shares state across requests.
|
|
82
|
+
|
|
83
|
+
- **Race conditions / check-then-act:** `if not exists(k): create(k)` run by two threads can both pass the check and both create. Require atomic operations, locks, or DB-level guarantees: a unique constraint plus `INSERT ... ON CONFLICT`, or a compare-and-swap. Any read-modify-write on shared data is suspect.
|
|
84
|
+
- **Shared mutable state:** module-level dicts, lists, counters, or caches mutated by concurrent requests without a lock. Remember `counter += 1` is not atomic: it's a read, an add, and a write, any of which can interleave. Prefer per-request state or thread-safe structures.
|
|
85
|
+
- **Deadlocks:** two locks acquired in inconsistent order across different code paths. Establish and follow a global lock ordering; hold locks for the shortest span possible.
|
|
86
|
+
- **Async pitfalls:** a blocking call (sync I/O, `time.sleep`, CPU-heavy loop) inside `async` code freezes the whole event loop and stalls every concurrent task. Also flag a forgotten `await` (the coroutine never runs), and task exceptions that are swallowed because no one awaits the task.
|
|
87
|
+
- **TOCTOU on the filesystem:** check-then-use races, such as `if os.path.exists(p): open(p)`, where the file changes between the two calls. Prefer a single atomic operation (open with the right flags, `O_CREAT|O_EXCL`) over stat-then-open.
|
|
88
|
+
|
|
89
|
+
Because these bugs surface only under specific interleavings, reason about "what if two callers hit this simultaneously" for every piece of shared state, rather than relying on tests to catch them. A useful mental model: mark every read-modify-write on shared data, then ask whether another thread could slip between the read and the write. If it could, and the outcome would be wrong, you have a race that needs a lock, an atomic primitive, or a database-level guarantee.
|
|
90
|
+
|
|
91
|
+
---
|
|
92
|
+
<!-- module: 05-error-handling.md -->
|
|
93
|
+
|
|
94
|
+
# Error Handling
|
|
95
|
+
|
|
96
|
+
Good error handling is about failing safely and visibly, never silently.
|
|
97
|
+
|
|
98
|
+
- **Bare and blanket excepts.** Flag `except:` and `except Exception: pass`. They hide bugs and turn failures into silent wrong behavior. Catch the specific exceptions you can handle; log or re-raise the rest.
|
|
99
|
+
- **Silent failure via sentinels.** Don't swallow an error and return a sentinel (`None`, `-1`, `[]`, `False`) that callers treat as success. If you can't handle it, fail loudly. If you return a sentinel, make sure every caller checks it.
|
|
100
|
+
- **Cleanup on every path.** Files, locks, connections, and transactions must be released whether the code succeeds or raises. Use `finally` or context managers rather than duplicating cleanup before each `return`: the duplicated version always misses a path.
|
|
101
|
+
- **Message hygiene.** Error messages should aid debugging without leaking internals to end users: log the detail (stack trace, ids) server-side, return a generic message to the client. Don't echo secrets, SQL, or file paths.
|
|
102
|
+
- **Consistent state on partial failure.** A multi-step mutation that fails halfway can leave data inconsistent. Wrap it in a transaction and roll back on error, or design idempotent/compensating steps. Verify the code doesn't commit step 1, then throw on step 2.
|
|
103
|
+
- **Don't lose context.** Catching an exception only to raise a vaguer one discards the stack and the root cause. Chain exceptions (`raise NewError(...) from exc`) or let the original propagate.
|
|
104
|
+
|
|
105
|
+
The core question for any `try` block: if this raises, does the system end up in a known-good state, and will someone find out it happened? If either answer is no, it's a finding.
|
|
106
|
+
|
|
107
|
+
---
|
|
108
|
+
<!-- module: 06-performance.md -->
|
|
109
|
+
|
|
110
|
+
# Performance
|
|
111
|
+
|
|
112
|
+
Focus on algorithmic and I/O issues that scale badly with data or load. Ignore micro-optimizations that don't move the needle.
|
|
113
|
+
|
|
114
|
+
- **N+1 queries.** A database (or network) call inside a loop over rows is the most common real-world performance bug: 1 query to list, then N to fetch each item's detail. Batch it into one query, or eager-load the relationship. Spotting a `.get`/`.query`/`fetch` inside a `for` loop is a red flag.
|
|
115
|
+
- **Accidental O(n²).** Membership tests against a list inside a loop (`if x in big_list`) turn linear work quadratic. Use a `set`/`dict` for O(1) lookup. Watch nested loops over the same large collection, and invariant work recomputed each iteration that could be hoisted out.
|
|
116
|
+
- **Unbounded memory.** Loading an entire large file or result set into memory (`f.read()`, `.all()` on a huge table) risks OOM. Stream, chunk, or paginate instead.
|
|
117
|
+
- **Missing indexes / full scans.** Query patterns filtering or joining on unindexed columns imply table scans. Repeated identical queries that should be cached also count.
|
|
118
|
+
- **Chatty I/O.** Many small network or disk calls that could be batched; a new connection per call instead of a reused pooled client.
|
|
119
|
+
|
|
120
|
+
Discipline: **distinguish hot paths from cold.** A slow one-time startup step rarely matters; a slow per-request or per-row path does. Estimate the input size: O(n²) on n=10 is fine, on n=10⁶ it's fatal. When you claim something is slow, point to the scaling factor (data size or request rate) that makes it bite, and prefer measuring over asserting.
|
|
121
|
+
|
|
122
|
+
---
|
|
123
|
+
<!-- module: 07-api-design.md -->
|
|
124
|
+
|
|
125
|
+
# API & Interface Design
|
|
126
|
+
|
|
127
|
+
Interfaces are contracts; review them for clarity, consistency, and stability.
|
|
128
|
+
|
|
129
|
+
- **Intent-revealing naming.** Names should say what a thing is or does. Consistent parameter order and return types across a module reduce caller mistakes. A function named `get_user` that sometimes creates one is a lie.
|
|
130
|
+
- **Single responsibility.** A function should do one thing. Be wary of a boolean flag parameter that switches behavior (`render(data, is_admin=True)`). It usually means two functions crammed into one; split them so each name describes exactly what it does.
|
|
131
|
+
- **Predictable return types.** Don't sometimes return a list and sometimes a single item, or `None` on one path and `[]` on another for "nothing." Callers can't handle a type that shifts. Pick one shape (empty collection over `None` is usually kinder) and hold it.
|
|
132
|
+
- **Backward compatibility.** For public/shared interfaces, a changed signature or response shape breaks existing callers. Require additive change or a deprecation path, not a silent breaking change. Watch for a renamed field, a removed parameter, or a newly-required argument.
|
|
133
|
+
- **Fail-fast validation.** Validate arguments at the boundary with clear errors, so bad input is rejected where it enters rather than causing a confusing failure three layers down.
|
|
134
|
+
- **Small, injectable dependencies.** Prefer focused interfaces over god-objects, and pass dependencies in (injectable) rather than reaching for globals: it makes the unit testable and its contract explicit.
|
|
135
|
+
|
|
136
|
+
When reviewing a new interface, imagine writing a caller against it: is the correct usage obvious, is misuse hard, and will next year's change break me? If any answer is uncomfortable, note it.
|
|
137
|
+
|
|
138
|
+
Prefer interfaces that make the illegal state unrepresentable: a type or enum that can't hold a bad value beats runtime validation, and a required constructor argument beats a settable field the caller might forget. If a function needs a long comment to explain when to call it or what its return means, that's usually a sign the interface should be reshaped, not documented around.
|
|
139
|
+
|
|
140
|
+
---
|
|
141
|
+
<!-- module: 08-missing-tests.md -->
|
|
142
|
+
|
|
143
|
+
# Missing Tests
|
|
144
|
+
|
|
145
|
+
A change without tests for its risky behavior is incomplete. Reviewing tests is part of reviewing the change, not an afterthought.
|
|
146
|
+
|
|
147
|
+
**Hunt untested branches.** The happy path is usually covered; the defects hide in what isn't:
|
|
148
|
+
- Error paths: does anything exercise the `except`, the validation rejection, the "not found" case?
|
|
149
|
+
- Boundary inputs: empty, single-element, maximum size, zero, negative, null.
|
|
150
|
+
- The security check that was just added: is there a test proving the unauthorized caller is actually denied?
|
|
151
|
+
|
|
152
|
+
**Regression tests for fixes.** When a bug is fixed, there should be a test that fails without the fix and passes with it. A fix with no test invites the bug's return and gives no evidence the fix works.
|
|
153
|
+
|
|
154
|
+
**Judge test quality, not just presence.** A test that runs code but asserts nothing proves only that it doesn't crash. Require assertions on observable behavior: return values, side effects, raised exceptions. Flag:
|
|
155
|
+
- Tests with no meaningful assertion (can't fail).
|
|
156
|
+
- Tests coupled to implementation detail (they break on every refactor and don't validate contract).
|
|
157
|
+
- Mocks of the very unit under test: you end up testing the mock, not the code. Mock external boundaries, not the subject.
|
|
158
|
+
|
|
159
|
+
**Prioritize.** You won't demand tests for everything. Ask for them where risk is highest and correctness is least obvious: the intricate branching logic, the security boundary, the money calculation, the concurrency-sensitive path. A trivial getter needs less than a permissions check.
|
|
160
|
+
|
|
161
|
+
When you flag missing coverage, name the specific scenario that's untested and why it matters, for example "no test covers a withdrawal larger than the balance", so the author knows exactly what to add.
|
|
162
|
+
|
|
163
|
+
---
|
|
164
|
+
<!-- module: 09-refactoring-and-communication.md -->
|
|
165
|
+
|
|
166
|
+
# Refactoring Strategy & Communicating Findings
|
|
167
|
+
|
|
168
|
+
## Refactoring safely
|
|
169
|
+
|
|
170
|
+
Refactor to reduce duplication and complexity, but protect behavior while you do it.
|
|
171
|
+
|
|
172
|
+
- **Characterize before you change.** Put tests around behavior-critical code before refactoring it, so you can prove behavior didn't change.
|
|
173
|
+
- **One kind of change at a time.** Keep pure refactors (no behavior change) in separate commits from behavior changes. This keeps review honest and lets `git bisect` isolate regressions.
|
|
174
|
+
- **Small, reversible steps:** extract a function, rename for clarity, replace a conditional with polymorphism, introduce a parameter object. Each step should leave the code working.
|
|
175
|
+
- **Watch false duplication.** Don't unify two blocks that only look alike: if they can evolve independently or already differ subtly, merging them couples unrelated things.
|
|
176
|
+
- **Resist scope creep.** Leave code better than you found it, but a refactor that balloons the diff balloons the risk and the review cost. Stay near the change you came to make.
|
|
177
|
+
|
|
178
|
+
## Severity triage
|
|
179
|
+
|
|
180
|
+
- **Critical / blocker:** security holes, data loss/corruption, crashes on common input. Must fix before merge.
|
|
181
|
+
- **Major:** correctness bugs on plausible inputs, missing error handling on important paths, significant performance regressions.
|
|
182
|
+
- **Minor:** edge cases, smaller performance issues, missing tests for lower-risk code.
|
|
183
|
+
- **Nit:** style, naming, non-blocking suggestions. Label them so they aren't mistaken for blockers.
|
|
184
|
+
|
|
185
|
+
## Communicating findings
|
|
186
|
+
|
|
187
|
+
A finding only matters if it lands.
|
|
188
|
+
- Be specific and cite the line.
|
|
189
|
+
- Explain *why* it's a problem (the failing scenario), not just what to change.
|
|
190
|
+
- Suggest a concrete fix.
|
|
191
|
+
- Separate must-fix from nice-to-have; lead with what matters and don't bury a critical issue under nits.
|
|
192
|
+
- Ask when intent is unclear rather than assuming a mistake; praise good solutions. Review is collaborative, not adversarial.
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# Code Review & Refactoring: Mini-Skill Index
|
|
2
|
+
|
|
3
|
+
Loading policy: read this menu, then load 00-core (if present) plus the minis relevant to your task. If most of this skill is relevant, load BUNDLE.md (or a matching presets/*.md) in one read instead.
|
|
4
|
+
|
|
5
|
+
- `01-review-method.md` - Mindset, passes, prioritization. Load at the start of any review.
|
|
6
|
+
- `02-security-review.md` - Injection, path traversal, secrets, crypto, authz/IDOR, SSRF. Load when code touches input, storage, or external systems.
|
|
7
|
+
- `03-correctness-bugs.md` - Off-by-one, None handling, coercion, mutable defaults, leaks, money. Load when checking logic correctness.
|
|
8
|
+
- `04-concurrency.md` - Races, shared state, deadlocks, async, TOCTOU. Load when code is threaded, async, or shares state.
|
|
9
|
+
- `05-error-handling.md` - Bare excepts, silent failure, cleanup, transactions. Load when reviewing error paths.
|
|
10
|
+
- `06-performance.md` - N+1, O(n²), unbounded memory, chatty I/O. Load when assessing efficiency.
|
|
11
|
+
- `07-api-design.md` - Naming, single responsibility, compatibility, return types. Load when reviewing interfaces.
|
|
12
|
+
- `08-missing-tests.md` - Untested branches, regression tests, weak tests. Load when assessing test coverage.
|
|
13
|
+
- `09-refactoring-and-communication.md` - Safe refactoring + severity triage and feedback. Load when refactoring or writing up findings.
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
1.0.0
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- 09-refactoring-and-communication.md
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Review Mindset & Method
|
|
7
|
+
|
|
8
|
+
A review's job is to find the defects that matter and communicate them so they get fixed. Everything else is secondary.
|
|
9
|
+
|
|
10
|
+
**Read with a threat model.** For the code in front of you, ask: what does it trust? What can an attacker or a buggy caller feed it? What happens when each assumption is false? Bugs live where assumptions meet reality.
|
|
11
|
+
|
|
12
|
+
**Read enough context.** Review the diff, but read the surrounding code to understand invariants. A change is only correct relative to the contract of the functions it calls and the callers it serves. A line that looks fine in isolation may violate a precondition established elsewhere.
|
|
13
|
+
|
|
14
|
+
**Work in passes, not one linear read:**
|
|
15
|
+
1. Understand intent and the happy path: what is this trying to do?
|
|
16
|
+
2. Hunt correctness and security defects: where does it break?
|
|
17
|
+
3. Consider concurrency, error handling, and performance.
|
|
18
|
+
4. Assess tests and design: is the change complete and maintainable?
|
|
19
|
+
|
|
20
|
+
**Prioritize by impact.** A security hole or data-corruption bug outranks a style nit every time. Spend your attention budget on the code that can hurt: input handling, auth, money, state mutation, external calls. Skim boilerplate.
|
|
21
|
+
|
|
22
|
+
**Reproduce before you report.** For each candidate defect, construct the concrete input or interleaving that triggers it. A finding you can trace to a failing scenario is strong; a vague "this looks risky" is weak and erodes trust in the review.
|
|
23
|
+
|
|
24
|
+
**Stay collaborative.** Assume competence; ask when intent is unclear rather than assuming a mistake. The goal is better code merged, not a scorecard. Lead with the findings that matter and don't bury a critical issue under a pile of nits.
|
|
25
|
+
|
|
26
|
+
**A fast sweep to run against any non-trivial change:**
|
|
27
|
+
- Security: untrusted input reaching SQL/shell/templates parameterized? Paths canonicalized and contained? No hardcoded secrets? Strong password hashing, CSPRNG for tokens? Every object access authorized, not just authenticated?
|
|
28
|
+
- Correctness: boundaries (empty/one/last) handled? `None` guarded? No mutable default args? Money in `Decimal`/integers?
|
|
29
|
+
- Concurrency: shared state locked or avoided? Check-then-act atomic? No blocking call in async code?
|
|
30
|
+
- Errors: no bare `except`/silent swallow? Cleanup on every path? Multi-step mutations transactional?
|
|
31
|
+
- Performance: no query/network call in a loop (N+1)? No list-membership tests in hot loops? Large data streamed?
|
|
32
|
+
- Design & tests: interfaces single-purpose and backward-compatible? Risky branches and the new security check covered by meaningful tests, with a regression test for any fix?
|
|
33
|
+
|
|
34
|
+
Run the sweep, then focus your attention on the two or three areas the change actually touches: the checklist finds candidates, deep reading confirms them.
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- python-api/05-dependencies-and-auth.md
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Security Review
|
|
7
|
+
|
|
8
|
+
Security bugs are the highest-value finding. Work these categories on any change touching input, storage, or external systems.
|
|
9
|
+
|
|
10
|
+
**Injection.** Untrusted input reaching an interpreter (SQL, shell, LDAP, XML, template) needs parameterization, not concatenation. Flag `f"SELECT ... WHERE id = {user_id}"` and `execute("... %s" % val)`; require bound parameters: `execute("... WHERE id = %s", (user_id,))`. For shell, flag `os.system` and `subprocess.run(..., shell=True)` with interpolated input; require `shell=False` with an arg list. Watch ORM/NoSQL operators injected via user-controlled dicts.
|
|
11
|
+
|
|
12
|
+
**Path traversal.** When a path comes from input, `../` can escape the intended directory. Require canonicalization + containment: resolve the real path and verify it's inside the base (`Path.resolve().is_relative_to(base)` or `realpath(p).startswith(base)`). Reject absolute paths and null bytes.
|
|
13
|
+
|
|
14
|
+
**Secrets.** Flag hardcoded API keys, passwords, tokens, private keys in source, including test fixtures and example configs. Secrets belong in env vars or a secret manager, never the repo or logs. Check that logs and error messages don't echo credentials.
|
|
15
|
+
|
|
16
|
+
**Crypto.** Flag MD5/SHA-1 for security use and passwords stored with a fast hash or none. Passwords need bcrypt/scrypt/argon2 with per-user salt. Flag ECB mode, static/zero IVs, and reused IVs. Require a CSPRNG (`secrets`, `os.urandom`) for tokens, never `random`. Check TLS verification isn't disabled (`verify=False`).
|
|
17
|
+
|
|
18
|
+
**AuthN vs AuthZ.** Authentication is who you are; authorization is what you may do. The classic bug (IDOR): an endpoint authenticates the user but never checks the requested object belongs to them. Verify every object access is scoped to the caller's permissions, and that "internal"/admin routes have access control.
|
|
19
|
+
|
|
20
|
+
**Other high-value checks.** SSRF (server fetching a user-supplied URL: allowlist hosts, block internal ranges); unsafe deserialization (`pickle`, `yaml.load` without `SafeLoader`); open redirects; missing rate limits on auth endpoints. Validate and bound all input at the trust boundary.
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- 08-missing-tests.md
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Correctness Bugs
|
|
7
|
+
|
|
8
|
+
These defects make code do the wrong thing on some input. Check each category, and for every candidate construct the concrete triggering input.
|
|
9
|
+
|
|
10
|
+
- **Off-by-one / boundary:** empty collections, single-element cases, the last index, inclusive vs exclusive ranges. Most boundary bugs hide at size 0 and size 1.
|
|
11
|
+
- **None/null handling:** a value that can be `None` used without a guard; `dict.get()` returning `None` then dereferenced; a function returning `None` on a path the caller doesn't expect.
|
|
12
|
+
- **Type and coercion bugs:** comparing strings to ints, truthiness of `0` / `""` / `[]` mistaken for "missing" (use explicit `is None`), integer vs float division.
|
|
13
|
+
- **Incorrect conditionals:** inverted logic, `and`/`or` precedence, `==` vs `is`, De Morgan mistakes, a `not` binding to the wrong clause.
|
|
14
|
+
- **Mutable default arguments:** `def f(x, acc=[])`: the default is created once and shared across all calls, so it accumulates. Use `None` and initialize inside the function.
|
|
15
|
+
- **Loop and state bugs:** modifying a collection while iterating it; an accumulator reset in the wrong scope; an early `return`/`break` that skips cleanup or a later necessary step.
|
|
16
|
+
- **Resource leaks:** files, sockets, DB connections not closed on every path (including exceptions). Require context managers (`with`).
|
|
17
|
+
- **Floating-point money:** never use binary floats for currency. Rounding errors accumulate. Use integer cents or `Decimal`.
|
|
18
|
+
|
|
19
|
+
The discipline that separates a strong finding from noise: name the exact input and the wrong output it produces. "This crashes when `items` is empty because line 12 indexes `items[0]`" is actionable; "the loop looks off" is not.
|
|
@@ -0,0 +1,16 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- python-api/07-async-performance.md
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Concurrency
|
|
7
|
+
|
|
8
|
+
Concurrency defects are subtle and rarely covered by tests, so review them deliberately whenever code is threaded, async, or shares state across requests.
|
|
9
|
+
|
|
10
|
+
- **Race conditions / check-then-act:** `if not exists(k): create(k)` run by two threads can both pass the check and both create. Require atomic operations, locks, or DB-level guarantees: a unique constraint plus `INSERT ... ON CONFLICT`, or a compare-and-swap. Any read-modify-write on shared data is suspect.
|
|
11
|
+
- **Shared mutable state:** module-level dicts, lists, counters, or caches mutated by concurrent requests without a lock. Remember `counter += 1` is not atomic: it's a read, an add, and a write, any of which can interleave. Prefer per-request state or thread-safe structures.
|
|
12
|
+
- **Deadlocks:** two locks acquired in inconsistent order across different code paths. Establish and follow a global lock ordering; hold locks for the shortest span possible.
|
|
13
|
+
- **Async pitfalls:** a blocking call (sync I/O, `time.sleep`, CPU-heavy loop) inside `async` code freezes the whole event loop and stalls every concurrent task. Also flag a forgotten `await` (the coroutine never runs), and task exceptions that are swallowed because no one awaits the task.
|
|
14
|
+
- **TOCTOU on the filesystem:** check-then-use races, such as `if os.path.exists(p): open(p)`, where the file changes between the two calls. Prefer a single atomic operation (open with the right flags, `O_CREAT|O_EXCL`) over stat-then-open.
|
|
15
|
+
|
|
16
|
+
Because these bugs surface only under specific interleavings, reason about "what if two callers hit this simultaneously" for every piece of shared state, rather than relying on tests to catch them. A useful mental model: mark every read-modify-write on shared data, then ask whether another thread could slip between the read and the write. If it could, and the outcome would be wrong, you have a race that needs a lock, an atomic primitive, or a database-level guarantee.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Error Handling
|
|
2
|
+
|
|
3
|
+
Good error handling is about failing safely and visibly, never silently.
|
|
4
|
+
|
|
5
|
+
- **Bare and blanket excepts.** Flag `except:` and `except Exception: pass`. They hide bugs and turn failures into silent wrong behavior. Catch the specific exceptions you can handle; log or re-raise the rest.
|
|
6
|
+
- **Silent failure via sentinels.** Don't swallow an error and return a sentinel (`None`, `-1`, `[]`, `False`) that callers treat as success. If you can't handle it, fail loudly. If you return a sentinel, make sure every caller checks it.
|
|
7
|
+
- **Cleanup on every path.** Files, locks, connections, and transactions must be released whether the code succeeds or raises. Use `finally` or context managers rather than duplicating cleanup before each `return`: the duplicated version always misses a path.
|
|
8
|
+
- **Message hygiene.** Error messages should aid debugging without leaking internals to end users: log the detail (stack trace, ids) server-side, return a generic message to the client. Don't echo secrets, SQL, or file paths.
|
|
9
|
+
- **Consistent state on partial failure.** A multi-step mutation that fails halfway can leave data inconsistent. Wrap it in a transaction and roll back on error, or design idempotent/compensating steps. Verify the code doesn't commit step 1, then throw on step 2.
|
|
10
|
+
- **Don't lose context.** Catching an exception only to raise a vaguer one discards the stack and the root cause. Chain exceptions (`raise NewError(...) from exc`) or let the original propagate.
|
|
11
|
+
|
|
12
|
+
The core question for any `try` block: if this raises, does the system end up in a known-good state, and will someone find out it happened? If either answer is no, it's a finding.
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
# Performance
|
|
2
|
+
|
|
3
|
+
Focus on algorithmic and I/O issues that scale badly with data or load. Ignore micro-optimizations that don't move the needle.
|
|
4
|
+
|
|
5
|
+
- **N+1 queries.** A database (or network) call inside a loop over rows is the most common real-world performance bug: 1 query to list, then N to fetch each item's detail. Batch it into one query, or eager-load the relationship. Spotting a `.get`/`.query`/`fetch` inside a `for` loop is a red flag.
|
|
6
|
+
- **Accidental O(n²).** Membership tests against a list inside a loop (`if x in big_list`) turn linear work quadratic. Use a `set`/`dict` for O(1) lookup. Watch nested loops over the same large collection, and invariant work recomputed each iteration that could be hoisted out.
|
|
7
|
+
- **Unbounded memory.** Loading an entire large file or result set into memory (`f.read()`, `.all()` on a huge table) risks OOM. Stream, chunk, or paginate instead.
|
|
8
|
+
- **Missing indexes / full scans.** Query patterns filtering or joining on unindexed columns imply table scans. Repeated identical queries that should be cached also count.
|
|
9
|
+
- **Chatty I/O.** Many small network or disk calls that could be batched; a new connection per call instead of a reused pooled client.
|
|
10
|
+
|
|
11
|
+
Discipline: **distinguish hot paths from cold.** A slow one-time startup step rarely matters; a slow per-request or per-row path does. Estimate the input size: O(n²) on n=10 is fine, on n=10⁶ it's fatal. When you claim something is slow, point to the scaling factor (data size or request rate) that makes it bite, and prefer measuring over asserting.
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- python-api/02-routing-and-app.md
|
|
4
|
+
- tech-writing/06-breaking-changes-migrations.md
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# API & Interface Design
|
|
8
|
+
|
|
9
|
+
Interfaces are contracts; review them for clarity, consistency, and stability.
|
|
10
|
+
|
|
11
|
+
- **Intent-revealing naming.** Names should say what a thing is or does. Consistent parameter order and return types across a module reduce caller mistakes. A function named `get_user` that sometimes creates one is a lie.
|
|
12
|
+
- **Single responsibility.** A function should do one thing. Be wary of a boolean flag parameter that switches behavior (`render(data, is_admin=True)`). It usually means two functions crammed into one; split them so each name describes exactly what it does.
|
|
13
|
+
- **Predictable return types.** Don't sometimes return a list and sometimes a single item, or `None` on one path and `[]` on another for "nothing." Callers can't handle a type that shifts. Pick one shape (empty collection over `None` is usually kinder) and hold it.
|
|
14
|
+
- **Backward compatibility.** For public/shared interfaces, a changed signature or response shape breaks existing callers. Require additive change or a deprecation path, not a silent breaking change. Watch for a renamed field, a removed parameter, or a newly-required argument.
|
|
15
|
+
- **Fail-fast validation.** Validate arguments at the boundary with clear errors, so bad input is rejected where it enters rather than causing a confusing failure three layers down.
|
|
16
|
+
- **Small, injectable dependencies.** Prefer focused interfaces over god-objects, and pass dependencies in (injectable) rather than reaching for globals: it makes the unit testable and its contract explicit.
|
|
17
|
+
|
|
18
|
+
When reviewing a new interface, imagine writing a caller against it: is the correct usage obvious, is misuse hard, and will next year's change break me? If any answer is uncomfortable, note it.
|
|
19
|
+
|
|
20
|
+
Prefer interfaces that make the illegal state unrepresentable: a type or enum that can't hold a bad value beats runtime validation, and a required constructor argument beats a settable field the caller might forget. If a function needs a long comment to explain when to call it or what its return means, that's usually a sign the interface should be reshaped, not documented around.
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- 03-correctness-bugs.md
|
|
4
|
+
- python-api/08-testing.md
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
# Missing Tests
|
|
8
|
+
|
|
9
|
+
A change without tests for its risky behavior is incomplete. Reviewing tests is part of reviewing the change, not an afterthought.
|
|
10
|
+
|
|
11
|
+
**Hunt untested branches.** The happy path is usually covered; the defects hide in what isn't:
|
|
12
|
+
- Error paths: does anything exercise the `except`, the validation rejection, the "not found" case?
|
|
13
|
+
- Boundary inputs: empty, single-element, maximum size, zero, negative, null.
|
|
14
|
+
- The security check that was just added: is there a test proving the unauthorized caller is actually denied?
|
|
15
|
+
|
|
16
|
+
**Regression tests for fixes.** When a bug is fixed, there should be a test that fails without the fix and passes with it. A fix with no test invites the bug's return and gives no evidence the fix works.
|
|
17
|
+
|
|
18
|
+
**Judge test quality, not just presence.** A test that runs code but asserts nothing proves only that it doesn't crash. Require assertions on observable behavior: return values, side effects, raised exceptions. Flag:
|
|
19
|
+
- Tests with no meaningful assertion (can't fail).
|
|
20
|
+
- Tests coupled to implementation detail (they break on every refactor and don't validate contract).
|
|
21
|
+
- Mocks of the very unit under test: you end up testing the mock, not the code. Mock external boundaries, not the subject.
|
|
22
|
+
|
|
23
|
+
**Prioritize.** You won't demand tests for everything. Ask for them where risk is highest and correctness is least obvious: the intricate branching logic, the security boundary, the money calculation, the concurrency-sensitive path. A trivial getter needs less than a permissions check.
|
|
24
|
+
|
|
25
|
+
When you flag missing coverage, name the specific scenario that's untested and why it matters, for example "no test covers a withdrawal larger than the balance", so the author knows exactly what to add.
|
package/assets/skills/authored/code-review/composable/mini/09-refactoring-and-communication.md
ADDED
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
---
|
|
2
|
+
pairs-with:
|
|
3
|
+
- 01-review-method.md
|
|
4
|
+
---
|
|
5
|
+
|
|
6
|
+
# Refactoring Strategy & Communicating Findings
|
|
7
|
+
|
|
8
|
+
## Refactoring safely
|
|
9
|
+
|
|
10
|
+
Refactor to reduce duplication and complexity, but protect behavior while you do it.
|
|
11
|
+
|
|
12
|
+
- **Characterize before you change.** Put tests around behavior-critical code before refactoring it, so you can prove behavior didn't change.
|
|
13
|
+
- **One kind of change at a time.** Keep pure refactors (no behavior change) in separate commits from behavior changes. This keeps review honest and lets `git bisect` isolate regressions.
|
|
14
|
+
- **Small, reversible steps:** extract a function, rename for clarity, replace a conditional with polymorphism, introduce a parameter object. Each step should leave the code working.
|
|
15
|
+
- **Watch false duplication.** Don't unify two blocks that only look alike: if they can evolve independently or already differ subtly, merging them couples unrelated things.
|
|
16
|
+
- **Resist scope creep.** Leave code better than you found it, but a refactor that balloons the diff balloons the risk and the review cost. Stay near the change you came to make.
|
|
17
|
+
|
|
18
|
+
## Severity triage
|
|
19
|
+
|
|
20
|
+
- **Critical / blocker:** security holes, data loss/corruption, crashes on common input. Must fix before merge.
|
|
21
|
+
- **Major:** correctness bugs on plausible inputs, missing error handling on important paths, significant performance regressions.
|
|
22
|
+
- **Minor:** edge cases, smaller performance issues, missing tests for lower-risk code.
|
|
23
|
+
- **Nit:** style, naming, non-blocking suggestions. Label them so they aren't mistaken for blockers.
|
|
24
|
+
|
|
25
|
+
## Communicating findings
|
|
26
|
+
|
|
27
|
+
A finding only matters if it lands.
|
|
28
|
+
- Be specific and cite the line.
|
|
29
|
+
- Explain *why* it's a problem (the failing scenario), not just what to change.
|
|
30
|
+
- Suggest a concrete fix.
|
|
31
|
+
- Separate must-fix from nice-to-have; lead with what matters and don't bury a critical issue under nits.
|
|
32
|
+
- Ask when intent is unclear rather than assuming a mistake; praise good solutions. Review is collaborative, not adversarial.
|