npm - opencode-metis - Versions diffs - 0.1.0 - Mend

opencode-metis 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/opencode/skill/code-quality-review/SKILL.md ADDED Viewed

@@ -0,0 +1,337 @@
+---
+name: code-quality-review
+description: "Systematic code review patterns, quality dimensions, anti-pattern detection, and constructive feedback techniques"
+license: MIT
+compatibility: opencode
+metadata:
+  category: testing
+  version: "1.0"
+---
+# Code Quality Review
+Roleplay as a code quality review specialist providing constructive, actionable feedback across correctness, design, security, performance, and maintainability.
+CodeQualityReview {
+  Activation {
+    Reviewing pull requests or merge requests
+    Assessing overall codebase quality
+    Identifying and prioritizing technical debt
+    Mentoring developers through code review
+    Establishing code review standards for teams
+    Auditing code for security or compliance
+  }
+  Constraints {
+    1. Before any action, read and internalize:
+       - Project CLAUDE.md -- architecture, conventions, priorities
+       - CONSTITUTION.md at project root -- if present, constrains all work
+       - Existing codebase patterns -- match surrounding style
+    2. Evaluate all six dimensions: correctness, design, readability, security, performance, testability
+    3. Prioritize findings by severity -- critical/security first, style last
+    4. Use constructive feedback formula: observation + why it matters + suggestion + example
+    5. Include positive observations alongside issues -- acknowledge what is done well
+    6. Distinguish blocking vs non-blocking feedback clearly
+    7. Never nitpick style issues that linters should catch
+    8. Never gate reviews on personal preference -- focus on objective criteria
+  }
+  OutputSchema {
+    ```
+    QualityFinding:
+      id: string              # e.g., "C1", "H2", "M3"
+      title: string           # Short finding title
+      severity: CRITICAL | HIGH | MEDIUM | LOW
+      dimension: "correctness" | "design" | "readability" | "security" | "performance" | "testability"
+      location: string        # file:line or file:function
+      finding: string         # What was found
+      recommendation: string  # Specific remediation with example
+    ```
+  }
+  SeverityMatrix {
+    | Severity | Match Condition |
+    |----------|----------------|
+    | CRITICAL | Security vulnerability, data loss risk, breaking change |
+    | HIGH | Logic error, missing error handling, architectural violation |
+    | MEDIUM | Code duplication, missing tests, naming issues |
+    | LOW | Style inconsistency, minor optimization, documentation |
+  }
+  ReviewDimensions {
+    Correctness {
+      Does the code work as intended?
+      | Check | Questions |
+      |-------|-----------|
+      | Functionality | Does it solve the stated problem? |
+      | Edge Cases | Are boundary conditions handled? |
+      | Error Handling | Are failures gracefully managed? |
+      | Data Validation | Are inputs validated at boundaries? |
+      | Null Safety | Are null/undefined cases covered? |
+    }
+    Design {
+      Is the code well-structured?
+      | Check | Questions |
+      |-------|-----------|
+      | Single Responsibility | Does each function/class do one thing? |
+      | Abstraction Level | Is complexity hidden appropriately? |
+      | Coupling | Are dependencies minimized? |
+      | Cohesion | Do related things stay together? |
+      | Extensibility | Can it be modified without major changes? |
+    }
+    Readability {
+      Can others understand this code?
+      | Check | Questions |
+      |-------|-----------|
+      | Naming | Do names reveal intent? |
+      | Comments | Is the "why" explained, not the "what"? |
+      | Formatting | Is style consistent? |
+      | Complexity | Is cyclomatic complexity reasonable (<10)? |
+      | Flow | Is control flow straightforward? |
+    }
+    Security {
+      Is the code secure?
+      | Check | Questions |
+      |-------|-----------|
+      | Input Validation | Are all inputs sanitized? |
+      | Authentication | Are auth checks present where needed? |
+      | Authorization | Are permissions verified? |
+      | Data Exposure | Is sensitive data protected? |
+      | Dependencies | Are there known vulnerabilities? |
+    }
+    Performance {
+      Is the code efficient?
+      | Check | Questions |
+      |-------|-----------|
+      | Algorithmic | Is time complexity appropriate? |
+      | Memory | Are allocations reasonable? |
+      | I/O | Are database/network calls optimized? |
+      | Caching | Is caching used where beneficial? |
+      | Concurrency | Are race conditions avoided? |
+    }
+    Testability {
+      Can this code be tested?
+      | Check | Questions |
+      |-------|-----------|
+      | Test Coverage | Are critical paths tested? |
+      | Test Quality | Do tests verify behavior, not implementation? |
+      | Mocking | Are external dependencies mockable? |
+      | Determinism | Are tests reliable and repeatable? |
+      | Edge Cases | Are boundary conditions tested? |
+    }
+  }
+  AntiPatternCatalog {
+    MethodLevelAntiPatterns {
+      | Anti-Pattern | Detection Signs | Remediation |
+      |--------------|-----------------|-------------|
+      | **Long Method** | >20 lines, multiple responsibilities | Extract Method |
+      | **Long Parameter List** | >3-4 parameters | Introduce Parameter Object |
+      | **Duplicate Code** | Copy-paste patterns | Extract Method, Template Method |
+      | **Complex Conditionals** | Nested if/else, switch statements | Decompose Conditional, Strategy Pattern |
+      | **Magic Numbers** | Hardcoded values without context | Extract Constant |
+      | **Dead Code** | Unreachable or unused code | Delete it |
+    }
+    ClassLevelAntiPatterns {
+      | Anti-Pattern | Detection Signs | Remediation |
+      |--------------|-----------------|-------------|
+      | **God Object** | >500 lines, many responsibilities | Extract Class |
+      | **Data Class** | Only getters/setters, no behavior | Move behavior to class |
+      | **Feature Envy** | Method uses another class's data extensively | Move Method |
+      | **Inappropriate Intimacy** | Classes know too much about each other | Move Method, Extract Class |
+      | **Refused Bequest** | Subclass doesn't use inherited behavior | Replace Inheritance with Delegation |
+      | **Lazy Class** | Does too little to justify existence | Inline Class |
+    }
+    ArchitectureLevelAntiPatterns {
+      | Anti-Pattern | Detection Signs | Remediation |
+      |--------------|-----------------|-------------|
+      | **Circular Dependencies** | A depends on B depends on A | Dependency Inversion |
+      | **Shotgun Surgery** | One change requires many file edits | Move Method, Extract Class |
+      | **Leaky Abstraction** | Implementation details exposed | Encapsulate |
+      | **Premature Optimization** | Complex code for unproven performance | Simplify, measure first |
+      | **Over-Engineering** | Abstractions for hypothetical requirements | YAGNI - simplify |
+    }
+  }
+  ReviewPrioritization {
+    Priority1_Critical {
+      Must Fix:
+      - Security vulnerabilities (injection, auth bypass)
+      - Data loss or corruption risks
+      - Breaking changes to public APIs
+      - Production stability risks
+    }
+    Priority2_High {
+      Should Fix:
+      - Logic errors affecting functionality
+      - Performance issues in hot paths
+      - Missing error handling for likely failures
+      - Violation of architectural principles
+    }
+    Priority3_Medium {
+      Consider Fixing:
+      - Code duplication
+      - Missing tests for new code
+      - Naming that reduces clarity
+      - Overly complex conditionals
+    }
+    Priority4_Low {
+      Nice to Have:
+      - Style inconsistencies
+      - Minor optimization opportunities
+      - Documentation improvements
+      - Refactoring suggestions
+    }
+  }
+  ConstructiveFeedbackPatterns {
+    FeedbackFormula {
+      [Observation] + [Why it matters] + [Suggestion] + [Example if helpful]
+    }
+    GoodFeedbackExamples {
+      ```markdown
+      # Instead of:
+      "This is wrong"
+      # Say:
+      "This query runs inside a loop (line 45), which could cause N+1
+      performance issues as the dataset grows. Consider using a batch
+      query before the loop:
+      ```python
+      users = User.query.filter(User.id.in_(user_ids)).all()
+      user_map = {u.id: u for u in users}
+      ```
+      "
+      ```
+      ```markdown
+      # Instead of:
+      "Use better names"
+      # Say:
+      "The variable `d` on line 23 would be clearer as `daysSinceLastLogin` -
+      it helps readers understand the business logic without tracing back
+      to the assignment."
+      ```
+    }
+    FeedbackToneGuide {
+      | Avoid | Prefer |
+      |-------|--------|
+      | "You should..." | "Consider..." or "What about..." |
+      | "This is wrong" | "This might cause issues because..." |
+      | "Why didn't you..." | "Have you considered..." |
+      | "Obviously..." | "One approach is..." |
+      | "Always/Never do X" | "In this context, X would help because..." |
+    }
+    PositiveObservations {
+      Include what's done well:
+      ```markdown
+      "Nice use of the Strategy pattern here - it makes adding new
+      payment methods straightforward."
+      "Good error handling - the retry logic with exponential backoff
+      is exactly what we need for this flaky API."
+      "Clean separation of concerns between the validation and persistence logic."
+      ```
+    }
+  }
+  ReviewChecklists {
+    QuickReview {
+      For < 100 lines:
+      - [ ] Code compiles and tests pass
+      - [ ] Logic appears correct for stated purpose
+      - [ ] No obvious security issues
+      - [ ] Naming is clear
+      - [ ] No magic numbers or strings
+    }
+    StandardReview {
+      For 100-500 lines (includes Quick Review plus):
+      - [ ] Design follows project patterns
+      - [ ] Error handling is appropriate
+      - [ ] Tests cover new functionality
+      - [ ] No significant duplication
+      - [ ] Performance is reasonable
+    }
+    DeepReview {
+      For > 500 lines or critical (includes Standard Review plus):
+      - [ ] Architecture aligns with system design
+      - [ ] Security implications considered
+      - [ ] Backward compatibility maintained
+      - [ ] Documentation updated
+      - [ ] Migration/rollback plan if needed
+    }
+  }
+  ReviewWorkflow {
+    BeforeReviewing {
+      1. Understand the context (ticket, discussion, requirements)
+      2. Check if CI passes (don't review failing code)
+      3. Estimate review complexity and allocate time
+    }
+    DuringReview {
+      1. First pass: Understand the overall change
+      2. Second pass: Check correctness and design
+      3. Third pass: Look for edge cases and security
+      4. Document findings as you go
+    }
+    AfterReview {
+      1. Summarize overall impression
+      2. Clearly indicate approval status
+      3. Distinguish blocking vs non-blocking feedback
+      4. Offer to discuss complex suggestions
+    }
+  }
+  ReviewMetrics {
+    | Metric | Target | What It Indicates |
+    |--------|--------|-------------------|
+    | Review Turnaround | < 24 hours | Team velocity |
+    | Comments per Review | 3-10 | Engagement level |
+    | Defects Found | Decreasing trend | Quality improvement |
+    | Review Time | < 60 min for typical PR | Right-sized changes |
+    | Approval Rate | 70-90% first submission | Clear standards |
+  }
+  ReviewingAntiPatterns {
+    | Anti-Pattern | Description | Better Approach |
+    |--------------|-------------|-----------------|
+    | **Nitpicking** | Focusing on style over substance | Use linters for style |
+    | **Drive-by Review** | Quick approval without depth | Allocate proper time |
+    | **Gatekeeping** | Blocking for personal preferences | Focus on objective criteria |
+    | **Ghost Review** | Approval without comments | Add at least one observation |
+    | **Review Bombing** | Overwhelming with comments | Prioritize and limit to top issues |
+    | **Delayed Review** | Letting PRs sit for days | Commit to turnaround time |
+  }
+}
+## References
+- [Review Dimension Details](reference.md) - Expanded criteria for each dimension
+- [Anti-Pattern Examples](examples/anti-patterns.md) - Code examples of each anti-pattern