moicle 2.3.0 → 3.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +36 -47
- package/assets/commands/marketing.md +6 -6
- package/assets/skills/docs/sync/SKILL.md +195 -157
- package/assets/skills/feature/build/SKILL.md +891 -0
- package/assets/skills/feature/track/SKILL.md +157 -0
- package/assets/skills/fix/bug/SKILL.md +449 -0
- package/assets/skills/fix/incident/SKILL.md +6 -6
- package/assets/skills/marketing/brand/SKILL.md +304 -0
- package/assets/skills/marketing/content/SKILL.md +199 -141
- package/assets/skills/research/explore/SKILL.md +392 -0
- package/assets/skills/review/code/SKILL.md +622 -0
- package/dist/commands/install/usage.js +2 -2
- package/dist/commands/install/usage.js.map +1 -1
- package/package.json +1 -1
- package/assets/skills/docs/write/SKILL.md +0 -274
- package/assets/skills/feature/api/SKILL.md +0 -277
- package/assets/skills/feature/deprecate/SKILL.md +0 -276
- package/assets/skills/feature/new/SKILL.md +0 -273
- package/assets/skills/feature/refactor/SKILL.md +0 -269
- package/assets/skills/fix/hotfix/SKILL.md +0 -233
- package/assets/skills/fix/pr-comment/SKILL.md +0 -186
- package/assets/skills/fix/root-cause/SKILL.md +0 -276
- package/assets/skills/marketing/logo/SKILL.md +0 -252
- package/assets/skills/marketing/seo-blog/SKILL.md +0 -367
- package/assets/skills/marketing/video/SKILL.md +0 -258
- package/assets/skills/research/onboarding/SKILL.md +0 -225
- package/assets/skills/research/spike/SKILL.md +0 -228
- package/assets/skills/research/web/SKILL.md +0 -204
- package/assets/skills/review/architect/SKILL.md +0 -274
- package/assets/skills/review/branch/SKILL.md +0 -277
- package/assets/skills/review/pr/SKILL.md +0 -231
- package/assets/skills/review/tdd/SKILL.md +0 -245
|
@@ -1,274 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: review-architect
|
|
3
|
-
description: DDD architecture compliance review with automated checks and review loop. Use when user says "architect-review", "architecture review", "review architecture", "check architecture", "review ddd", "ddd review".
|
|
4
|
-
args: "[ARCHITECTURE_NAME] [DOMAIN]"
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
# DDD Architecture Review
|
|
8
|
-
|
|
9
|
-
Audit a codebase (or a single domain) against DDD rules with automated checks, manual review, and a fix loop until score ≥ B.
|
|
10
|
-
|
|
11
|
-
## When to use this skill
|
|
12
|
-
|
|
13
|
-
- ✅ Verify DDD compliance after `/feature-new` or `/feature-refactor`
|
|
14
|
-
- ✅ Periodic audit of an existing codebase
|
|
15
|
-
- ✅ Quality gate before merging architectural changes
|
|
16
|
-
- ❌ Full PR review (arch + code + security + tests) → use `/review-pr`
|
|
17
|
-
- ❌ Self-review own branch before push → use `/review-branch`
|
|
18
|
-
- ❌ Security-only audit → use `@security-audit` agent
|
|
19
|
-
|
|
20
|
-
## Usage
|
|
21
|
-
|
|
22
|
-
```
|
|
23
|
-
/review-architect <architecture> [domain]
|
|
24
|
-
/review-architect # auto-detect stack
|
|
25
|
-
```
|
|
26
|
-
|
|
27
|
-
Examples: `/review-architect go-backend wallet`, `/review-architect react-frontend`.
|
|
28
|
-
|
|
29
|
-
## Supported architectures
|
|
30
|
-
|
|
31
|
-
Aliases: `ddd → ddd-architecture`, `go → go-backend`, `react → react-frontend`, `flutter → flutter-mobile`, `laravel → laravel-backend`, `remix → remix-fullstack`, `nestjs → nodejs-nestjs`, `mono → monorepo`.
|
|
32
|
-
|
|
33
|
-
Files live at `.claude/architecture/{name}.md` (project) → `~/.claude/architecture/{name}.md` (global).
|
|
34
|
-
|
|
35
|
-
---
|
|
36
|
-
|
|
37
|
-
## Workflow
|
|
38
|
-
|
|
39
|
-
```
|
|
40
|
-
RESOLVE → LOAD RULES → AUTOMATED CHECKS → MANUAL REVIEW → REPORT → FIX LOOP
|
|
41
|
-
```
|
|
42
|
-
|
|
43
|
-
---
|
|
44
|
-
|
|
45
|
-
## Phase 0: RESOLVE ARCHITECTURE
|
|
46
|
-
|
|
47
|
-
### Argument provided
|
|
48
|
-
1. Normalize via alias table → search project then global
|
|
49
|
-
2. Found → Phase 1. Not found → reject with available list, STOP.
|
|
50
|
-
|
|
51
|
-
### No argument
|
|
52
|
-
1. Detect stack via `~/.claude/architecture/_shared/stack-detection.md`
|
|
53
|
-
2. Detected → confirm with user. Not detected → list options, ask.
|
|
54
|
-
|
|
55
|
-
### Gate
|
|
56
|
-
- [ ] Architecture file loaded
|
|
57
|
-
- [ ] Domain identified (if scoped)
|
|
58
|
-
|
|
59
|
-
---
|
|
60
|
-
|
|
61
|
-
## Phase 1: LOAD RULES
|
|
62
|
-
|
|
63
|
-
Read `ddd-architecture.md` (core) + the stack doc. Extract:
|
|
64
|
-
- DDD directory layout
|
|
65
|
-
- Layer import rules + forbidden imports
|
|
66
|
-
- Hard rules (HR1-HR15)
|
|
67
|
-
- Stack-specific check scripts
|
|
68
|
-
- Wiring + test patterns
|
|
69
|
-
|
|
70
|
-
### Gate
|
|
71
|
-
- [ ] Core + stack rules loaded
|
|
72
|
-
- [ ] Check scripts extracted
|
|
73
|
-
- [ ] Review checklist prepared
|
|
74
|
-
|
|
75
|
-
---
|
|
76
|
-
|
|
77
|
-
## Phase 2: AUTOMATED CHECKS
|
|
78
|
-
|
|
79
|
-
Run the stack-specific check scripts from the architecture doc. They follow this universal pattern (adapt per stack):
|
|
80
|
-
|
|
81
|
-
```bash
|
|
82
|
-
echo "R1: Build" ; {build} && echo PASS || echo FAIL
|
|
83
|
-
echo "R2: Lint/Vet" ; {lint} && echo PASS || echo FAIL
|
|
84
|
-
echo "R3: Domain pure" ; {grep_forbidden in domain/} && echo FAIL || echo PASS
|
|
85
|
-
echo "R4: No cross-dom" ; {grep_domain_A in domain_B} && echo FAIL || echo PASS
|
|
86
|
-
echo "R5: No cycles" ; {cycle_check} && echo FAIL || echo PASS
|
|
87
|
-
echo "R6: Tests exist" ; {find_tests_in_domain} | wc -l
|
|
88
|
-
echo "R7: Tests pass" ; {test} && echo PASS || echo FAIL
|
|
89
|
-
echo "R8: Wiring reg" ; {check_routes_registered}
|
|
90
|
-
echo "R9: Event names" ; {check_event_consistency}
|
|
91
|
-
echo "R10: Async ctx" ; {check_no_request_context_in_goroutines}
|
|
92
|
-
```
|
|
93
|
-
|
|
94
|
-
Record PASS/FAIL per check. Continue to Phase 3 either way — manual review catches what automated misses.
|
|
95
|
-
|
|
96
|
-
### Gate
|
|
97
|
-
- [ ] All 10 automated checks run
|
|
98
|
-
- [ ] PASS/FAIL recorded
|
|
99
|
-
|
|
100
|
-
---
|
|
101
|
-
|
|
102
|
-
## Phase 3: MANUAL REVIEW
|
|
103
|
-
|
|
104
|
-
Focus on **architecture structure**, not business correctness. 10 areas:
|
|
105
|
-
|
|
106
|
-
### D — Directory Structure
|
|
107
|
-
- D1 `domain/{domain}/` exists with proper subdirs
|
|
108
|
-
- D2 Has `entities/`, `ports/`, `usecases/` at minimum
|
|
109
|
-
- D3 `valueobjects/` separate (not mixed in entities)
|
|
110
|
-
- D4 `events/` separate, 1 file per event
|
|
111
|
-
- D5 Application layer: `ports/{transport}/`, `services/`, `listeners/`
|
|
112
|
-
- D6 Infrastructure implements ports
|
|
113
|
-
- D7 No legacy dirs (`modules/`, flat structure)
|
|
114
|
-
|
|
115
|
-
### E — Entities
|
|
116
|
-
- E1 Has constructor (`New{Entity}` / `create()`)
|
|
117
|
-
- E2 Has behavior methods (NOT anemic)
|
|
118
|
-
- E3 Raises domain events on state change
|
|
119
|
-
- E4 No framework imports
|
|
120
|
-
- E5 Has mappers (if persisted)
|
|
121
|
-
|
|
122
|
-
### VO — Value Objects
|
|
123
|
-
- VO1 In `valueobjects/`, not entities
|
|
124
|
-
- VO2 Only stdlib imports
|
|
125
|
-
- VO3 Immutable with behavior methods
|
|
126
|
-
- VO4 Used by entities + ports (not raw strings)
|
|
127
|
-
|
|
128
|
-
### P — Ports
|
|
129
|
-
- P1 `ports/` dir exists (no inline interfaces in usecases)
|
|
130
|
-
- P2 One file per port
|
|
131
|
-
- P3 Each file has interface + related DTOs
|
|
132
|
-
- P4 Domain types in signatures (not primitives)
|
|
133
|
-
- P5 Platform-agnostic naming (`URLParser` not `ShopeeURLParser`)
|
|
134
|
-
- P6 No infrastructure imports
|
|
135
|
-
|
|
136
|
-
### EV — Events
|
|
137
|
-
- EV1 One file per event
|
|
138
|
-
- EV2 Extends base event type
|
|
139
|
-
- EV3 Carries data for listeners
|
|
140
|
-
- EV4 Name matches registry
|
|
141
|
-
|
|
142
|
-
### U — UseCases
|
|
143
|
-
- U1 Uses port interfaces (not inline)
|
|
144
|
-
- U2 Split by concern (≤200 lines/file)
|
|
145
|
-
- U3 Business logic lives here (not in handler / store / service)
|
|
146
|
-
- U4 No infrastructure imports
|
|
147
|
-
- U5 Dispatches events after persistence
|
|
148
|
-
- U6 No `deps.go` inline interfaces
|
|
149
|
-
|
|
150
|
-
### SVC — Services
|
|
151
|
-
- SVC1 Thin wrapper, delegates to usecases
|
|
152
|
-
- SVC2 No infrastructure imports
|
|
153
|
-
|
|
154
|
-
### H — Handlers / Controllers
|
|
155
|
-
- H1 Has registration function
|
|
156
|
-
- H2 Thin (parse → service → respond)
|
|
157
|
-
- H3 No business logic
|
|
158
|
-
- H4 DTOs in separate file
|
|
159
|
-
|
|
160
|
-
### L — Listeners
|
|
161
|
-
- L1 One per event (`on_{event}` naming)
|
|
162
|
-
- L2 Side-effects only
|
|
163
|
-
- L3 Registered in event bus
|
|
164
|
-
- L4 Background context (not request ctx)
|
|
165
|
-
|
|
166
|
-
### I — Infrastructure
|
|
167
|
-
- I1 Implements port interface
|
|
168
|
-
- I2 Has mappers (domain ↔ persistence)
|
|
169
|
-
- I3 No business logic
|
|
170
|
-
- I4 Compile-time interface check (where possible)
|
|
171
|
-
|
|
172
|
-
### Gate
|
|
173
|
-
- [ ] All 10 areas reviewed
|
|
174
|
-
- [ ] Findings categorized by severity (see `~/.claude/architecture/_shared/severity-levels.md`)
|
|
175
|
-
|
|
176
|
-
---
|
|
177
|
-
|
|
178
|
-
## Phase 4: REPORT
|
|
179
|
-
|
|
180
|
-
```markdown
|
|
181
|
-
## Architecture Review: {architecture} / {domain}
|
|
182
|
-
|
|
183
|
-
### Automated (R1-R10)
|
|
184
|
-
| # | Check | Status |
|
|
185
|
-
|---|-------|--------|
|
|
186
|
-
| R1 | Build | PASS/FAIL |
|
|
187
|
-
| ... | ... | ... |
|
|
188
|
-
|
|
189
|
-
### Manual review
|
|
190
|
-
| Area | Status | Violations |
|
|
191
|
-
|------|--------|------------|
|
|
192
|
-
| Directory (D1-D7) | OK / ISSUE | ... |
|
|
193
|
-
| Entities (E1-E5) | OK / ISSUE | ... |
|
|
194
|
-
| ... | ... | ... |
|
|
195
|
-
|
|
196
|
-
### Violations
|
|
197
|
-
1. [SEVERITY] code:file:line — description
|
|
198
|
-
2. ...
|
|
199
|
-
|
|
200
|
-
### Recommended fixes
|
|
201
|
-
1. ...
|
|
202
|
-
|
|
203
|
-
### Overall Score: {A/B/C/D/F}
|
|
204
|
-
```
|
|
205
|
-
|
|
206
|
-
### Scoring
|
|
207
|
-
|
|
208
|
-
| Score | Criteria |
|
|
209
|
-
|-------|----------|
|
|
210
|
-
| **A** | 0 violations, all R1-R10 PASS |
|
|
211
|
-
| **B** | 0 CRITICAL/HIGH, max 3 MEDIUM |
|
|
212
|
-
| **C** | 0 CRITICAL, max 2 HIGH |
|
|
213
|
-
| **D** | Has CRITICAL or 3+ HIGH |
|
|
214
|
-
| **F** | Multiple CRITICAL — architecture broken |
|
|
215
|
-
|
|
216
|
-
### Gate
|
|
217
|
-
- [ ] Report generated
|
|
218
|
-
- [ ] Score calculated
|
|
219
|
-
- [ ] All violations have file:line
|
|
220
|
-
|
|
221
|
-
---
|
|
222
|
-
|
|
223
|
-
## Phase 5: FIX LOOP (if user confirms)
|
|
224
|
-
|
|
225
|
-
```
|
|
226
|
-
LOOP:
|
|
227
|
-
1. Fix all violations
|
|
228
|
-
2. Re-run automated checks (Phase 2)
|
|
229
|
-
3. Re-run manual review (Phase 3)
|
|
230
|
-
4. IF violations severity ≥ MEDIUM → GOTO 1
|
|
231
|
-
5. IF only LOW or none → BREAK, final report
|
|
232
|
-
```
|
|
233
|
-
|
|
234
|
-
Verify after each iteration: build passes, tests pass, domain purity holds.
|
|
235
|
-
|
|
236
|
-
---
|
|
237
|
-
|
|
238
|
-
## Calling from other skills
|
|
239
|
-
|
|
240
|
-
`/feature-new` and `/feature-refactor` call this skill at the end of their workflows. When called from another skill:
|
|
241
|
-
- Skip Phase 0 (architecture already known)
|
|
242
|
-
- Skip user confirmation for fixes (auto-fix in loop)
|
|
243
|
-
- Report final score back to caller
|
|
244
|
-
|
|
245
|
-
---
|
|
246
|
-
|
|
247
|
-
## Hard Rules
|
|
248
|
-
|
|
249
|
-
- **All CRITICAL/HIGH must be fixed** before merge
|
|
250
|
-
- **MEDIUM allowed with waiver** (explicit decision + comment)
|
|
251
|
-
- **Don't grade-inflate** — if it's a HIGH, mark HIGH
|
|
252
|
-
- **Don't skip Phase 3** — automated checks miss structural issues
|
|
253
|
-
- **File:line for every violation** — author shouldn't have to grep
|
|
254
|
-
|
|
255
|
-
---
|
|
256
|
-
|
|
257
|
-
## Related Skills
|
|
258
|
-
|
|
259
|
-
| When | Use |
|
|
260
|
-
|------|-----|
|
|
261
|
-
| Full PR review (arch + code + security + tests) | `/review-pr` |
|
|
262
|
-
| Self-review own branch before push | `/review-branch` |
|
|
263
|
-
| Refactor to fix violations | `/feature-refactor` |
|
|
264
|
-
| Add tests if missing | `/review-tdd` |
|
|
265
|
-
| Called from `/feature-new` / `/feature-refactor` | automatic |
|
|
266
|
-
|
|
267
|
-
## Recommended Agents
|
|
268
|
-
|
|
269
|
-
| Phase | Agent | Purpose |
|
|
270
|
-
|-------|-------|---------|
|
|
271
|
-
| LOAD | `@clean-architect` | Interpret architecture rules |
|
|
272
|
-
| AUTOMATED | `@devops` | Build / lint / test scripts |
|
|
273
|
-
| MANUAL | `@code-reviewer` | Spot violations |
|
|
274
|
-
| FIX | Stack-specific dev agent | Apply fixes |
|
|
@@ -1,277 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: review-branch
|
|
3
|
-
description: Review local branch changes for architecture compliance, conventions, and code quality before pushing/PR. Stack-aware — detects the project stack and applies the matching rules. Use when user says "review changes", "review branch", "check branch", "check changes", "review my code", "review before pr".
|
|
4
|
-
args: "[BASE_BRANCH]"
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
# Review Local Branch Changes
|
|
8
|
-
|
|
9
|
-
Self-review your branch vs a base branch before pushing or opening a PR. Checks architecture compliance, stack conventions, and code quality — on **changed files only**, not the whole codebase.
|
|
10
|
-
|
|
11
|
-
**ARGUMENTS:** (optional) base branch. Default: `main` (fallback to `master`).
|
|
12
|
-
|
|
13
|
-
## When to use this skill
|
|
14
|
-
|
|
15
|
-
- ✅ Before pushing your branch / opening a PR
|
|
16
|
-
- ✅ Before asking a teammate to review (catch easy issues first)
|
|
17
|
-
- ✅ Quick sanity check on a feature you've been working on
|
|
18
|
-
- ❌ Reviewing someone else's PR → use `/review-pr`
|
|
19
|
-
- ❌ Only checking DDD architecture → use `/review-architect`
|
|
20
|
-
- ❌ Security-only sweep → use `@security-audit` agent
|
|
21
|
-
|
|
22
|
-
## Read Architecture First
|
|
23
|
-
|
|
24
|
-
Detect stack via `~/.claude/architecture/_shared/stack-detection.md`. Load `ddd-architecture.md` + the stack doc — extract forbidden imports + conventions before reviewing.
|
|
25
|
-
|
|
26
|
-
Severity definitions: `~/.claude/architecture/_shared/severity-levels.md` (code severity table).
|
|
27
|
-
|
|
28
|
-
---
|
|
29
|
-
|
|
30
|
-
## Workflow
|
|
31
|
-
|
|
32
|
-
```
|
|
33
|
-
0 DETECT → 1 COLLECT → 2 BUILD+LINT → 3 ARCH → 4 CONVENTIONS → 5 QUALITY → 6 TESTS → 7 REPORT → 8 FIX
|
|
34
|
-
```
|
|
35
|
-
|
|
36
|
-
---
|
|
37
|
-
|
|
38
|
-
## Phase 0: DETECT
|
|
39
|
-
|
|
40
|
-
- [ ] Stack detected (ask user if ambiguous, e.g., monorepo)
|
|
41
|
-
- [ ] Architecture doc loaded
|
|
42
|
-
- [ ] Forbidden-imports list extracted
|
|
43
|
-
|
|
44
|
-
---
|
|
45
|
-
|
|
46
|
-
## Phase 1: COLLECT
|
|
47
|
-
|
|
48
|
-
```bash
|
|
49
|
-
BASE=${1:-main}
|
|
50
|
-
git rev-parse --verify "$BASE" >/dev/null 2>&1 || BASE=master
|
|
51
|
-
|
|
52
|
-
git log "$BASE"..HEAD --oneline
|
|
53
|
-
git diff "$BASE"...HEAD --stat
|
|
54
|
-
git diff "$BASE"...HEAD --name-only --diff-filter=ACMR
|
|
55
|
-
```
|
|
56
|
-
|
|
57
|
-
Categorize changed files by layer:
|
|
58
|
-
|
|
59
|
-
| Layer | Typical paths |
|
|
60
|
-
|-------|---------------|
|
|
61
|
-
| Domain | `domain/`, `internal/domain/`, `src/domain/`, `lib/domain/` |
|
|
62
|
-
| Application | `application/`, `internal/application/`, `src/application/` |
|
|
63
|
-
| Infrastructure | `infrastructure/`, `internal/infrastructure/`, `src/infrastructure/` |
|
|
64
|
-
| Presentation / UI | `controllers/`, `pages/`, `components/`, `views/`, `ports/http/` |
|
|
65
|
-
| Persistence | `models/`, `entities/` (ORM), `prisma/`, `migrations/` |
|
|
66
|
-
| Config / Bootstrap | `config/`, `bootstrap/`, `cmd/`, `main.*` |
|
|
67
|
-
|
|
68
|
-
Read **all** changed files before reviewing — never skim.
|
|
69
|
-
|
|
70
|
-
---
|
|
71
|
-
|
|
72
|
-
## Phase 2: BUILD + LINT
|
|
73
|
-
|
|
74
|
-
Run the stack's build + typecheck + lint commands. If any fail → mark **CRITICAL** and stop further review until they pass.
|
|
75
|
-
|
|
76
|
-
```bash
|
|
77
|
-
# Go: go build ./... && go vet ./...
|
|
78
|
-
# NestJS: pnpm typecheck && pnpm lint
|
|
79
|
-
# Laravel: composer dump-autoload && ./vendor/bin/phpstan analyse
|
|
80
|
-
# Flutter: dart analyze
|
|
81
|
-
# React/Remix: pnpm typecheck && pnpm lint
|
|
82
|
-
```
|
|
83
|
-
|
|
84
|
-
---
|
|
85
|
-
|
|
86
|
-
## Phase 3: ARCHITECTURE (changed files only)
|
|
87
|
-
|
|
88
|
-
Apply the stack's rules. Common checks per layer:
|
|
89
|
-
|
|
90
|
-
### 3.1 Domain (if changed)
|
|
91
|
-
| # | Rule |
|
|
92
|
-
|---|------|
|
|
93
|
-
| D1 | Domain purity — no forbidden imports (ORM, HTTP, cache, queue, auth SDK) |
|
|
94
|
-
| D2 | No cross-domain imports (only shared kernel allowed) |
|
|
95
|
-
| D3 | No persistence-model imports in domain |
|
|
96
|
-
| D4 | Entities have behavior (not anemic data bags) |
|
|
97
|
-
| D5 | Entities raise events on state change (if architecture uses events) |
|
|
98
|
-
| D6 | Ports in `ports/` dir (not inline in usecases) |
|
|
99
|
-
| D7 | One port per file |
|
|
100
|
-
| D8 | Ports return domain types, not primitives |
|
|
101
|
-
| D9 | Value objects stdlib-only |
|
|
102
|
-
| D10 | Usecases have no infra imports |
|
|
103
|
-
|
|
104
|
-
Quick check:
|
|
105
|
-
```bash
|
|
106
|
-
CHANGED_DOMAIN=$(git diff "$BASE"...HEAD --name-only --diff-filter=ACMR \
|
|
107
|
-
| grep -E '^(src|internal|lib)/domain/')
|
|
108
|
-
[ -n "$CHANGED_DOMAIN" ] && echo "$CHANGED_DOMAIN" \
|
|
109
|
-
| xargs grep -lEn '<STACK_FORBIDDEN_REGEX>' 2>/dev/null \
|
|
110
|
-
&& echo FAIL || echo PASS
|
|
111
|
-
```
|
|
112
|
-
|
|
113
|
-
### 3.2 Application (if changed)
|
|
114
|
-
| # | Rule |
|
|
115
|
-
|---|------|
|
|
116
|
-
| A1 | Handler is thin (parse → service → respond, no business logic) |
|
|
117
|
-
| A2 | Service justified only when ≥2 usecases orchestrated |
|
|
118
|
-
| A3 | Listener is side-effect only (no business logic) |
|
|
119
|
-
| A4 | Listener registered in event bus |
|
|
120
|
-
| A5 | Event name string matches registry |
|
|
121
|
-
| A6 | DTOs validated at boundary |
|
|
122
|
-
| A7 | Composition root only — no inline wiring in handlers |
|
|
123
|
-
|
|
124
|
-
### 3.3 Infrastructure (if changed)
|
|
125
|
-
| # | Rule |
|
|
126
|
-
|---|------|
|
|
127
|
-
| I1 | Repository has no business logic |
|
|
128
|
-
| I2 | Mappers exist (domain ↔ ORM model) |
|
|
129
|
-
| I3 | Implements port interface (returns domain types) |
|
|
130
|
-
| I4 | Context / transaction propagation correct |
|
|
131
|
-
|
|
132
|
-
### 3.4 Persistence models (if changed)
|
|
133
|
-
| # | Rule |
|
|
134
|
-
|---|------|
|
|
135
|
-
| M1 | ORM models in infrastructure, NOT domain |
|
|
136
|
-
| M2 | Schema change → matching migration |
|
|
137
|
-
| M3 | Nullable columns use nullable types |
|
|
138
|
-
|
|
139
|
-
---
|
|
140
|
-
|
|
141
|
-
## Phase 4: CONVENTIONS (cross-stack)
|
|
142
|
-
|
|
143
|
-
| # | Rule |
|
|
144
|
-
|---|------|
|
|
145
|
-
| G1 | No swallowed errors (no empty catch / `if err != nil {}`) |
|
|
146
|
-
| G2 | Async work uses background context, NOT request context |
|
|
147
|
-
| G3 | API-facing types have serialization tags (`json:`, decorators, etc.) |
|
|
148
|
-
| G4 | No hardcoded secrets / tokens / keys |
|
|
149
|
-
| G5 | Parameterized queries only — no string-interpolated SQL |
|
|
150
|
-
| G6 | Input validation at boundary before reaching domain |
|
|
151
|
-
|
|
152
|
-
Plus any stack-specific Hard Rules from the architecture doc.
|
|
153
|
-
|
|
154
|
-
---
|
|
155
|
-
|
|
156
|
-
## Phase 5: QUALITY (manual)
|
|
157
|
-
|
|
158
|
-
Read the diff. Look for:
|
|
159
|
-
|
|
160
|
-
| # | Area | What to look for |
|
|
161
|
-
|---|------|------------------|
|
|
162
|
-
| Q1 | Logic correctness | Off-by-one, nil deref, wrong condition, missed edge case |
|
|
163
|
-
| Q2 | Error handling | Errors propagated/wrapped, not silently ignored |
|
|
164
|
-
| Q3 | Concurrency | Race conditions, shared mutable state, async leaks |
|
|
165
|
-
| Q4 | Resource leaks | Unclosed connections, HTTP bodies, file handles |
|
|
166
|
-
| Q5 | Naming | Reveals intent (no `data`, `info`, `manager`, `helper`) |
|
|
167
|
-
| Q6 | Dead code | Unreachable, unused, commented-out |
|
|
168
|
-
| Q7 | Duplication | Real duplication across changed files (not coincidental) |
|
|
169
|
-
| Q8 | Breaking change | API contract change, removed field, behavior change |
|
|
170
|
-
| Q9 | Over-engineering | Abstraction not justified by the change |
|
|
171
|
-
| Q10 | Test coverage | New logic has tests; bug fixes have regression tests |
|
|
172
|
-
|
|
173
|
-
---
|
|
174
|
-
|
|
175
|
-
## Phase 6: TESTS
|
|
176
|
-
|
|
177
|
-
```bash
|
|
178
|
-
# Tests for changed domains only
|
|
179
|
-
CHANGED_DOMAINS=$(git diff "$BASE"...HEAD --name-only --diff-filter=ACMR \
|
|
180
|
-
| grep -E '/(domain|modules|features)/' \
|
|
181
|
-
| sed -E 's|.*(domain\|modules\|features)/([^/]+)/.*|\2|' | sort -u)
|
|
182
|
-
|
|
183
|
-
for d in $CHANGED_DOMAINS; do
|
|
184
|
-
# Go: go test ./internal/domain/$d/... -v
|
|
185
|
-
# NestJS: npx jest src/domain/$d
|
|
186
|
-
# Laravel: ./vendor/bin/phpunit --filter $d
|
|
187
|
-
# Flutter: flutter test test/domain/$d
|
|
188
|
-
echo "Test $d"
|
|
189
|
-
done
|
|
190
|
-
|
|
191
|
-
# Full suite
|
|
192
|
-
{full_test_command}
|
|
193
|
-
```
|
|
194
|
-
|
|
195
|
-
---
|
|
196
|
-
|
|
197
|
-
## Phase 7: REPORT
|
|
198
|
-
|
|
199
|
-
```markdown
|
|
200
|
-
## Code Review: {branch} → {base}
|
|
201
|
-
|
|
202
|
-
**Stack:** {stack} · **Commits:** {N} · **Files:** {N} (+{add} / -{del})
|
|
203
|
-
|
|
204
|
-
### Build / Lint / Types
|
|
205
|
-
| Check | Status |
|
|
206
|
-
|-------|--------|
|
|
207
|
-
| Build | PASS/FAIL |
|
|
208
|
-
| Lint | PASS/FAIL |
|
|
209
|
-
| Types | PASS/FAIL |
|
|
210
|
-
|
|
211
|
-
### Architecture / Conventions / Quality
|
|
212
|
-
| # | Rule | Status | File:line |
|
|
213
|
-
|---|------|--------|-----------|
|
|
214
|
-
| D1 | Domain purity | PASS | — |
|
|
215
|
-
| G4 | No secrets | FAIL | `config/db.ts:42` hardcoded token |
|
|
216
|
-
| Q1 | Logic correctness | OK | — |
|
|
217
|
-
|
|
218
|
-
### Tests
|
|
219
|
-
| Check | Status |
|
|
220
|
-
|-------|--------|
|
|
221
|
-
| Changed area tests | PASS/FAIL |
|
|
222
|
-
| Full suite | PASS/FAIL |
|
|
223
|
-
|
|
224
|
-
### Issues (sorted by severity)
|
|
225
|
-
| # | Severity | File:line | Issue | Suggested fix |
|
|
226
|
-
|---|----------|-----------|-------|---------------|
|
|
227
|
-
| 1 | CRITICAL | config/db.ts:42 | hardcoded token | move to env |
|
|
228
|
-
| 2 | HIGH | handlers/user.ts:88 | business logic in handler | extract to usecase |
|
|
229
|
-
|
|
230
|
-
### Verdict
|
|
231
|
-
{APPROVED / CHANGES REQUESTED}
|
|
232
|
-
```
|
|
233
|
-
|
|
234
|
-
### Verdict rules
|
|
235
|
-
- **CRITICAL or HIGH found** → CHANGES REQUESTED
|
|
236
|
-
- **MEDIUM only** → CHANGES REQUESTED (should fix)
|
|
237
|
-
- **LOW only or nothing** → APPROVED (with suggestions if any)
|
|
238
|
-
|
|
239
|
-
---
|
|
240
|
-
|
|
241
|
-
## Phase 8: FIX (if user confirms)
|
|
242
|
-
|
|
243
|
-
1. Fix in order: CRITICAL → HIGH → MEDIUM → LOW
|
|
244
|
-
2. Re-run build + lint + tests after each batch
|
|
245
|
-
3. Re-run full review when all fixed
|
|
246
|
-
4. Report final status
|
|
247
|
-
|
|
248
|
-
---
|
|
249
|
-
|
|
250
|
-
## Hard Rules
|
|
251
|
-
|
|
252
|
-
- **Changed files only** — don't expand scope to drive-by reviews
|
|
253
|
-
- **Stop on CRITICAL** — fix build / lint / type errors before everything else
|
|
254
|
-
- **File:line for every issue** — no vague "somewhere in handlers"
|
|
255
|
-
- **Match severity honestly** — don't grade-inflate
|
|
256
|
-
- **Test changed areas** — don't only rely on global test run
|
|
257
|
-
|
|
258
|
-
---
|
|
259
|
-
|
|
260
|
-
## Related Skills
|
|
261
|
-
|
|
262
|
-
| When | Use |
|
|
263
|
-
|------|-----|
|
|
264
|
-
| Reviewing teammate's PR | `/review-pr` |
|
|
265
|
-
| Deep DDD audit of a domain | `/review-architect` |
|
|
266
|
-
| Fixing review comments on your PR | `/fix-pr-comment` |
|
|
267
|
-
| Fixing bugs surfaced here | `/fix-hotfix` |
|
|
268
|
-
|
|
269
|
-
## Recommended Agents
|
|
270
|
-
|
|
271
|
-
| Phase | Agent | Purpose |
|
|
272
|
-
|-------|-------|---------|
|
|
273
|
-
| 3 Architecture | `@clean-architect` | DDD compliance |
|
|
274
|
-
| 4 Conventions | `@security-audit` | Vulnerability sweep |
|
|
275
|
-
| 5 Quality | `@code-reviewer` | Code smells |
|
|
276
|
-
| 6 Tests | `@test-writer` | Coverage check |
|
|
277
|
-
| 8 Fix | Stack-specific dev agent | Apply fixes |
|