تشغيل أي مهارة في Manus بنقرة واحدة

pr-review

Fetch and review a GitHub pull request with comprehensive analysis — pattern consistency against existing codebase, junior-friendly explanations, documentation links, manual testing steps with edge cases, and Fix Verification Criteria. Requires gh CLI. Usage: /skill:pr-review <PR URL or number>

تشغيل في Manus

النجوم١

التفرعات٠

آخر تحديث٢٣ فبراير ٢٠٢٦ في ١٢:٥٨

المصدر

aaronmaturen

aaronmaturen/pi-config

فتح مستودع GitHub عرض مستودعات المنشئ

أمر التثبيت

تنزيل

تشغيل في Manus

مفيد لـSOC

محللو ضمان جودة البرمجيات والمختبرونمهن الحاسوب والرياضيات15-1253L4

SKILL.md

readonly

name	pr-review
description	Fetch and review a GitHub pull request with comprehensive analysis — pattern consistency against existing codebase, junior-friendly explanations, documentation links, manual testing steps with edge cases, and Fix Verification Criteria. Requires gh CLI. Usage: /skill:pr-review <PR URL or number>

PR Review for Junior Engineers

Review a GitHub PR and provide a comprehensive summary with documentation links.

PR URL: $ARGUMENTS

Steps:

Parse PR Information
- Extract owner, repo, and PR number from the provided URL
- Format: https://github.com/{owner}/{repo}/pull/{number}
Setup PR for Review
- Save current work: git stash push -m "PR review backup"
- Note current branch: git branch --show-current > .pr-review-original-branch
- Checkout PR: gh pr checkout {number} --repo {owner}/{repo}
- Check for new dependencies:
  - git diff {original-branch}...HEAD -- package.json requirements.txt Gemfile go.mod
  - Only install if dependency files changed
Fetch PR Overview
- gh pr view {number} --repo {owner}/{repo} --json title,body,state,author,createdAt,files,additions,deletions
- gh pr diff {number} --repo {owner}/{repo} - Get the full diff
Analyze Changed Files
- Group changes by file type and purpose
- Identify patterns and architectural changes
- Note any new dependencies or libraries added
Pattern Consistency Check
- Search Existing Codebase for similar implementations:
  - Authentication patterns already in use
  - Error handling conventions
  - API response formats
  - Database query patterns
  - State management approaches
- Compare PR Patterns with established ones:
  - ✅ Uses existing patterns (list which ones)
  - ⚠️ Modifies existing patterns (explain why)
  - ❌ Introduces new patterns (justify necessity)
- Examples to Look For:
  - If adding auth: How do other endpoints handle auth?
  - If adding API: What's the existing response format?
  - If adding validation: What validation library is used?
  - If adding tests: What testing patterns exist?
Create Junior-Friendly Summary

PR Overview
- Purpose: What problem does this PR solve?
- Scope: How many files changed and why?
- Impact: What parts of the system are affected?
Technical Changes Explained

For each significant change:
- What changed: Plain English explanation
- Why it changed: The reasoning behind the change
- How it works: Step-by-step breakdown
Code Patterns Used
- Design patterns implemented
- Best practices followed
- Anti-patterns avoided
Documentation Research
- For any new libraries, frameworks, or design patterns introduced in the PR, look up and include links to official documentation.
- Use your knowledge of official docs and, where useful, run:
```
# Check package version for accurate docs URL
cat package.json | grep '"<library>"'
```
- Include relevant documentation links inline with the summary.
Learning Points
- Key concepts to understand
- Skills demonstrated in the PR
- Common patterns to remember
Testing Strategy
- Manual Testing Steps:
  - Identify user flows affected by the changes
  - Create step-by-step testing instructions
  - Include expected outcomes for each step
- Data Setup Requirements:
  - Database state needed (users, records, etc.)
  - Required environment variables
  - External service dependencies
  - Sample data or fixtures needed
- Edge Cases to Test:
  - Boundary conditions (empty, null, max values)
  - Error scenarios and error handling
  - Concurrent operations
  - Permission/authorization edge cases
  - Network failure scenarios
- Test Data Examples:
```
// Example user for testing auth
{
	"email": "test@example.com",
	"password": "TestPass123!",
	"role": "admin"
}
```
Questions to Ask

Suggest thoughtful questions for code review
Areas that might need clarification
Edge cases not covered in tests

Example Output:

# PR Review: Add User Authentication (#123)

## Overview
This PR adds JWT-based authentication to our API. It affects 15 files
and introduces middleware for protecting routes.

## Key Changes Explained

### 1. Authentication Middleware (auth.middleware.ts)
**What**: New file that checks if requests have valid JWT tokens
**Why**: We need to protect sensitive API endpoints
**How**:
- Extracts token from Authorization header
- Verifies token signature
- Attaches user info to request

📚 JWT Documentation: https://jwt.io/introduction

### 2. User Model Updates (user.model.ts)
**What**: Added password hashing methods
**Why**: Never store plain text passwords
**How**: Uses bcrypt to hash passwords before saving

📚 Password Hashing Best Practices: https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

## Pattern Consistency Analysis

### ✅ Follows Existing Patterns:
- **Error Handling**: Uses established `AppError` class from `src/utils/errors.ts`
- **Response Format**: Matches existing API response structure `{ data, status, message }`
- **Middleware Pattern**: Consistent with existing middleware in `src/middleware/`

### ⚠️ Modified Patterns:
- **JWT Storage**: Changed from localStorage to httpOnly cookies (Security improvement)
  - Justification: Prevents XSS attacks

### ❌ New Patterns Introduced:
- **Token Refresh**: Added refresh token rotation
  - Justification: No existing refresh mechanism found
  - Consider: Should align with planned OAuth implementation

## Testing Instructions

### Data Setup
1. Create test database with:
   ```sql
   INSERT INTO users (email, password_hash, role) VALUES
   ('admin@test.com', '$2b$10$...', 'admin'),
   ('user@test.com', '$2b$10$...', 'user');

Set environment variables:

JWT_SECRET=test-secret-key
JWT_EXPIRY=1h

Environment Setup

# If using Docker:
docker-compose up -d
docker-compose exec app npm install  # Install any new dependencies

# If not using Docker:
npm install  # or yarn install
npm run db:migrate  # Run any new migrations

Manual Testing Steps

Test Login Flow:
- POST /api/auth/login with valid credentials
- Verify JWT token returned
- Check token expiry time
Test Protected Routes:
- Access /api/users without token (expect 401)
- Access with valid token (expect 200)
- Access with expired token (expect 401)

Edge Cases to Test

Login with non-existent user
Login with wrong password
Malformed JWT token
Token with invalid signature
Concurrent login attempts

Learning Points

Middleware pattern for cross-cutting concerns
Importance of password security
Token-based vs session-based auth

Review Questions

How are refresh tokens handled?
What happens when a token expires mid-request?
Should we add rate limiting to login endpoint?
Are there tests for all edge cases?


## Cleanup (After Review Complete):
```bash
# When ready to return to original work:
git checkout $(cat .pr-review-original-branch)

# Restore stashed work
git stash pop

# Clean up
rm .pr-review-original-branch

# Optionally delete PR branch locally
git branch -D pr-branch-name

Note: Stay on the PR branch while reviewing and testing. Only run cleanup when completely done.

Notes:

Requires GitHub CLI (gh) to be installed and authenticated
Uses current directory to leverage existing Docker/dependency setup
Automatically stashes current work and saves original branch
Works with all project types (Docker, Node, Python, etc.)
Focuses on education and understanding
Avoids jargon where possible

المزيد من هذا المستودع

نفس المستودع

spike-investigation

aaronmaturen/pi-config

Investigate a technical spike by gathering requirements interactively, analyzing the codebase with grep and read tools, researching libraries and technologies, evaluating options, and producing a structured report with a high-level proposals doc (for managers/PMs/designers) and detailed technical analysis. Uses Monte Carlo simulation for timeline forecasting with confidence levels. Optionally integrates with JIRA if a ticket ID is referenced.

2026-03-061

bug-investigation

aaronmaturen/pi-config

Investigate a bug using the 5 Whys root cause analysis technique. Fetches ticket details from JIRA (if a ticket ID is provided), checks for previous investigation reports, defines Fix Verification Criteria before digging in, traces the bug across frontend and backend repos, and generates a structured investigation report with timeline and recommendations. Requires jira CLI if using a ticket ID.

2026-03-021

feature-investigation

aaronmaturen/pi-config

Investigate and plan implementation of a new feature using Acceptance Criteria as the central organizing principle. Fetches ticket details from JIRA, validates and clarifies AC before any planning begins, maps every implementation task back to a specific AC, and generates an implementation plan, technical design, task breakdown, and PR checklist template. Requires jira CLI.

2026-03-021

ticket-explainer

aaronmaturen/pi-config

Explain what work is needed for a JIRA ticket in plain language. Fetches ticket details from JIRA, searches GitHub for related PRs and commits, identifies affected code areas, and produces a plain-English breakdown with acceptance criteria, task checklist, and suggested first steps. Requires jira and gh CLIs. Usage: /skill:ticket-explainer PROJ-1234

2026-03-021

implement-pr-feedback

aaronmaturen/pi-config

Fetch all review comments from a GitHub PR, categorize them by priority, present an implementation plan for user approval, then systematically implement each approved change. Does not commit or push — all git actions remain manual. Requires gh CLI. Usage: /skill:implement-pr-feedback <PR URL or number>

2026-02-231

commit-msg

aaronmaturen/pi-config

Generate a JIRA-linked conventional commit message from staged git changes. Extracts ticket number from branch name (PRO-####, BUG-###), checks for new TODO comments, formats the message, and copies it to clipboard via pbcopy. Does not commit — output only.

2026-02-201

name	pr-review
description	Fetch and review a GitHub pull request with comprehensive analysis — pattern consistency against existing codebase, junior-friendly explanations, documentation links, manual testing steps with edge cases, and Fix Verification Criteria. Requires gh CLI. Usage: /skill:pr-review <PR URL or number>

PR Review for Junior Engineers

Review a GitHub PR and provide a comprehensive summary with documentation links.

PR URL: $ARGUMENTS

Steps:

Parse PR Information
- Extract owner, repo, and PR number from the provided URL
- Format: https://github.com/{owner}/{repo}/pull/{number}
Setup PR for Review
- Save current work: git stash push -m "PR review backup"
- Note current branch: git branch --show-current > .pr-review-original-branch
- Checkout PR: gh pr checkout {number} --repo {owner}/{repo}
- Check for new dependencies:
  - git diff {original-branch}...HEAD -- package.json requirements.txt Gemfile go.mod
  - Only install if dependency files changed
Fetch PR Overview
- gh pr view {number} --repo {owner}/{repo} --json title,body,state,author,createdAt,files,additions,deletions
- gh pr diff {number} --repo {owner}/{repo} - Get the full diff
Analyze Changed Files
- Group changes by file type and purpose
- Identify patterns and architectural changes
- Note any new dependencies or libraries added
Pattern Consistency Check
- Search Existing Codebase for similar implementations:
  - Authentication patterns already in use
  - Error handling conventions
  - API response formats
  - Database query patterns
  - State management approaches
- Compare PR Patterns with established ones:
  - ✅ Uses existing patterns (list which ones)
  - ⚠️ Modifies existing patterns (explain why)
  - ❌ Introduces new patterns (justify necessity)
- Examples to Look For:
  - If adding auth: How do other endpoints handle auth?
  - If adding API: What's the existing response format?
  - If adding validation: What validation library is used?
  - If adding tests: What testing patterns exist?
Create Junior-Friendly Summary

PR Overview
- Purpose: What problem does this PR solve?
- Scope: How many files changed and why?
- Impact: What parts of the system are affected?
Technical Changes Explained

For each significant change:
- What changed: Plain English explanation
- Why it changed: The reasoning behind the change
- How it works: Step-by-step breakdown
Code Patterns Used
- Design patterns implemented
- Best practices followed
- Anti-patterns avoided
Documentation Research
- For any new libraries, frameworks, or design patterns introduced in the PR, look up and include links to official documentation.
- Use your knowledge of official docs and, where useful, run:
```
# Check package version for accurate docs URL
cat package.json | grep '"<library>"'
```
- Include relevant documentation links inline with the summary.
Learning Points
- Key concepts to understand
- Skills demonstrated in the PR
- Common patterns to remember
Testing Strategy
- Manual Testing Steps:
  - Identify user flows affected by the changes
  - Create step-by-step testing instructions
  - Include expected outcomes for each step
- Data Setup Requirements:
  - Database state needed (users, records, etc.)
  - Required environment variables
  - External service dependencies
  - Sample data or fixtures needed
- Edge Cases to Test:
  - Boundary conditions (empty, null, max values)
  - Error scenarios and error handling
  - Concurrent operations
  - Permission/authorization edge cases
  - Network failure scenarios
- Test Data Examples:
```
// Example user for testing auth
{
	"email": "test@example.com",
	"password": "TestPass123!",
	"role": "admin"
}
```
Questions to Ask

Suggest thoughtful questions for code review
Areas that might need clarification
Edge cases not covered in tests

Example Output:

# PR Review: Add User Authentication (#123)

## Overview
This PR adds JWT-based authentication to our API. It affects 15 files
and introduces middleware for protecting routes.

## Key Changes Explained

### 1. Authentication Middleware (auth.middleware.ts)
**What**: New file that checks if requests have valid JWT tokens
**Why**: We need to protect sensitive API endpoints
**How**:
- Extracts token from Authorization header
- Verifies token signature
- Attaches user info to request

📚 JWT Documentation: https://jwt.io/introduction

### 2. User Model Updates (user.model.ts)
**What**: Added password hashing methods
**Why**: Never store plain text passwords
**How**: Uses bcrypt to hash passwords before saving

📚 Password Hashing Best Practices: https://auth0.com/blog/hashing-passwords-one-way-road-to-security/

## Pattern Consistency Analysis

### ✅ Follows Existing Patterns:
- **Error Handling**: Uses established `AppError` class from `src/utils/errors.ts`
- **Response Format**: Matches existing API response structure `{ data, status, message }`
- **Middleware Pattern**: Consistent with existing middleware in `src/middleware/`

### ⚠️ Modified Patterns:
- **JWT Storage**: Changed from localStorage to httpOnly cookies (Security improvement)
  - Justification: Prevents XSS attacks

### ❌ New Patterns Introduced:
- **Token Refresh**: Added refresh token rotation
  - Justification: No existing refresh mechanism found
  - Consider: Should align with planned OAuth implementation

## Testing Instructions

### Data Setup
1. Create test database with:
   ```sql
   INSERT INTO users (email, password_hash, role) VALUES
   ('admin@test.com', '$2b$10$...', 'admin'),
   ('user@test.com', '$2b$10$...', 'user');

Set environment variables:

JWT_SECRET=test-secret-key
JWT_EXPIRY=1h

Environment Setup

# If using Docker:
docker-compose up -d
docker-compose exec app npm install  # Install any new dependencies

# If not using Docker:
npm install  # or yarn install
npm run db:migrate  # Run any new migrations

Manual Testing Steps

Test Login Flow:
- POST /api/auth/login with valid credentials
- Verify JWT token returned
- Check token expiry time
Test Protected Routes:
- Access /api/users without token (expect 401)
- Access with valid token (expect 200)
- Access with expired token (expect 401)

Edge Cases to Test

Login with non-existent user
Login with wrong password
Malformed JWT token
Token with invalid signature
Concurrent login attempts

Learning Points

Middleware pattern for cross-cutting concerns
Importance of password security
Token-based vs session-based auth

Review Questions

How are refresh tokens handled?
What happens when a token expires mid-request?
Should we add rate limiting to login endpoint?
Are there tests for all edge cases?


## Cleanup (After Review Complete):
```bash
# When ready to return to original work:
git checkout $(cat .pr-review-original-branch)

# Restore stashed work
git stash pop

# Clean up
rm .pr-review-original-branch

# Optionally delete PR branch locally
git branch -D pr-branch-name

Note: Stay on the PR branch while reviewing and testing. Only run cleanup when completely done.

Notes:

Requires GitHub CLI (gh) to be installed and authenticated
Uses current directory to leverage existing Docker/dependency setup
Automatically stashes current work and saves original branch
Works with all project types (Docker, Node, Python, etc.)
Focuses on education and understanding
Avoids jargon where possible

pr-review

PR Review for Junior Engineers

Steps:

PR Overview

Technical Changes Explained

Code Patterns Used

Example Output:

Environment Setup

Manual Testing Steps

Edge Cases to Test

Learning Points

Review Questions

Notes:

المزيد من هذا المستودع

المزيد من هذا المستودع

PR Review for Junior Engineers

Steps:

PR Overview

Technical Changes Explained

Code Patterns Used

Example Output:

Environment Setup

Manual Testing Steps

Edge Cases to Test

Learning Points

Review Questions

Notes: