4e8e5069fa
- Added: api-patterns, app-builder, architecture, bash-linux, behavioral-modes, clean-code, code-review-checklist, database-design, deployment-procedures, docker-expert, documentation-templates, game-development, geo-fundamentals, i18n-localization, lint-and-validate, mobile-design, nestjs-expert, nextjs-best-practices, nodejs-best-practices, parallel-agents, performance-profiling, plan-writing, powershell-windows, prisma-expert, python-patterns, react-patterns, red-team-tactics, seo-fundamentals, server-management, tailwind-patterns, tdd-workflow, typescript-expert, vulnerability-scanner - Updated README: skill count 179 → 223 - Added credit for vudovn/antigravity-kit (MIT License) Source: https://github.com/vudovn/antigravity-kit
110 lines
2.5 KiB
Markdown
110 lines
2.5 KiB
Markdown
---
|
|
name: code-review-checklist
|
|
description: Code review guidelines covering code quality, security, and best practices.
|
|
allowed-tools: Read, Glob, Grep
|
|
---
|
|
|
|
# Code Review Checklist
|
|
|
|
## Quick Review Checklist
|
|
|
|
### Correctness
|
|
- [ ] Code does what it's supposed to do
|
|
- [ ] Edge cases handled
|
|
- [ ] Error handling in place
|
|
- [ ] No obvious bugs
|
|
|
|
### Security
|
|
- [ ] Input validated and sanitized
|
|
- [ ] No SQL/NoSQL injection vulnerabilities
|
|
- [ ] No XSS or CSRF vulnerabilities
|
|
- [ ] No hardcoded secrets or sensitive credentials
|
|
- [ ] **AI-Specific:** Protection against Prompt Injection (if applicable)
|
|
- [ ] **AI-Specific:** Outputs are sanitized before being used in critical sinks
|
|
|
|
### Performance
|
|
- [ ] No N+1 queries
|
|
- [ ] No unnecessary loops
|
|
- [ ] Appropriate caching
|
|
- [ ] Bundle size impact considered
|
|
|
|
### Code Quality
|
|
- [ ] Clear naming
|
|
- [ ] DRY - no duplicate code
|
|
- [ ] SOLID principles followed
|
|
- [ ] Appropriate abstraction level
|
|
|
|
### Testing
|
|
- [ ] Unit tests for new code
|
|
- [ ] Edge cases tested
|
|
- [ ] Tests readable and maintainable
|
|
|
|
### Documentation
|
|
- [ ] Complex logic commented
|
|
- [ ] Public APIs documented
|
|
- [ ] README updated if needed
|
|
|
|
## AI & LLM Review Patterns (2025)
|
|
|
|
### Logic & Hallucinations
|
|
- [ ] **Chain of Thought:** Does the logic follow a verifiable path?
|
|
- [ ] **Edge Cases:** Did the AI account for empty states, timeouts, and partial failures?
|
|
- [ ] **External State:** Is the code making safe assumptions about file systems or networks?
|
|
|
|
### Prompt Engineering Review
|
|
```markdown
|
|
// ❌ Vague prompt in code
|
|
const response = await ai.generate(userInput);
|
|
|
|
// ✅ Structured & Safe prompt
|
|
const response = await ai.generate({
|
|
system: "You are a specialized parser...",
|
|
input: sanitize(userInput),
|
|
schema: ResponseSchema
|
|
});
|
|
```
|
|
|
|
## Anti-Patterns to Flag
|
|
|
|
```typescript
|
|
// ❌ Magic numbers
|
|
if (status === 3) { ... }
|
|
|
|
// ✅ Named constants
|
|
if (status === Status.ACTIVE) { ... }
|
|
|
|
// ❌ Deep nesting
|
|
if (a) { if (b) { if (c) { ... } } }
|
|
|
|
// ✅ Early returns
|
|
if (!a) return;
|
|
if (!b) return;
|
|
if (!c) return;
|
|
// do work
|
|
|
|
// ❌ Long functions (100+ lines)
|
|
// ✅ Small, focused functions
|
|
|
|
// ❌ any type
|
|
const data: any = ...
|
|
|
|
// ✅ Proper types
|
|
const data: UserData = ...
|
|
```
|
|
|
|
## Review Comments Guide
|
|
|
|
```
|
|
// Blocking issues use 🔴
|
|
🔴 BLOCKING: SQL injection vulnerability here
|
|
|
|
// Important suggestions use 🟡
|
|
🟡 SUGGESTION: Consider using useMemo for performance
|
|
|
|
// Minor nits use 🟢
|
|
🟢 NIT: Prefer const over let for immutable variable
|
|
|
|
// Questions use ❓
|
|
❓ QUESTION: What happens if user is null here?
|
|
```
|