mosaic/agent-skills
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d9bcdc4a8d7b0f0f24d6600e1e3da935c2f208a3
agent-skills/skills/code-review-excellence/assets/review-checklist.md
Jason Woltje d9bcdc4a8d feat: Initial agent-skills repo — 4 adapted skills for Mosaic Stack 
Skills included:
- pr-reviewer: Adapted for Gitea/GitHub via platform-aware scripts
  (dropped fetch_pr_data.py and add_inline_comment.py, kept generate_review_files.py)
- code-review-excellence: Methodology and checklists (React, TS, Python, etc.)
- vercel-react-best-practices: 57 rules for React/Next.js performance
- tailwind-design-system: Tailwind CSS v4 patterns, CVA, design tokens

New shell scripts added to ~/.claude/scripts/git/:
- pr-diff.sh: Get PR diff (GitHub gh / Gitea API)
- pr-metadata.sh: Get PR metadata as normalized JSON

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-16 16:03:39 -06:00

2.7 KiB
Raw Blame History

Code Review Quick Checklist

Quick reference checklist for code reviews.

Pre-Review (2 min)

  • Read PR description and linked issue
  • Check PR size (<400 lines ideal)
  • Verify CI/CD status (tests passing?)
  • Understand the business requirement

Architecture & Design (5 min)

  • Solution fits the problem
  • Consistent with existing patterns
  • No simpler approach exists
  • Will it scale?
  • Changes in right location

Logic & Correctness (10 min)

  • Edge cases handled
  • Null/undefined checks present
  • Off-by-one errors checked
  • Race conditions considered
  • Error handling complete
  • Correct data types used

Security (5 min)

  • No hardcoded secrets
  • Input validated/sanitized
  • SQL injection prevented
  • XSS prevented
  • Authorization checks present
  • Sensitive data protected

Performance (3 min)

  • No N+1 queries
  • Expensive operations optimized
  • Large lists paginated
  • No memory leaks
  • Caching considered where appropriate

Testing (5 min)

  • Tests exist for new code
  • Edge cases tested
  • Error cases tested
  • Tests are readable
  • Tests are deterministic

Code Quality (3 min)

  • Clear variable/function names
  • No code duplication
  • Functions do one thing
  • Complex code commented
  • No magic numbers

Documentation (2 min)

  • Public APIs documented
  • README updated if needed
  • Breaking changes noted
  • Complex logic explained

Severity Labels

Label Meaning Action
🔴 [blocking] Must fix Block merge
🟡 [important] Should fix Discuss if disagree
🟢 [nit] Nice to have Non-blocking
💡 [suggestion] Alternative Consider
[question] Need clarity Respond
🎉 [praise] Good work Celebrate!

Decision Matrix

Situation Decision
Critical security issue 🔴 Block, fix immediately
Breaking change without migration 🔴 Block
Missing error handling 🟡 Should fix
No tests for new code 🟡 Should fix
Style preference 🟢 Non-blocking
Minor naming improvement 🟢 Non-blocking
Clever but working code 💡 Suggest simpler

Time Budget

PR Size Target Time
< 100 lines 10-15 min
100-400 lines 20-40 min
> 400 lines Ask to split

Red Flags

Watch for these patterns:

  • // TODO in production code
  • console.log left in code
  • Commented out code
  • any type in TypeScript
  • Empty catch blocks
  • unwrap() in Rust production code
  • Magic numbers/strings
  • Copy-pasted code blocks
  • Missing null checks
  • Hardcoded URLs/credentials
Reference in New Issue View Git Blame Copy Permalink