Jeden Skill in Manus ausführen
mit einem Klick

Jeden Skill in Manus mit einem Klick ausführen

Loslegen

$pwd:

code-review

Name: Code Review
Author: hiroshiyui

// Perform a project-wide code review covering security, correctness, code quality, documentation, UI/UX, and style.

In Manus ausführen

$ git log --oneline --stat

stars:1

forks:0

updated:23. Mai 2026 um 23:39

SKILL.md

readonly

name	code-review
description	Perform a project-wide code review covering security, correctness, code quality, documentation, UI/UX, and style.

When performing a project-wide code review, always follow these steps:

Survey recent changes — Run git log --oneline -20 and skim the corresponding diffs to understand the scope of work before examining individual files.
Security audit — Apply the security-audit skill. Give particular attention to the following areas:
- MCP server: Confirm that safe_path() is enforced on every export path, the 30-second tokio::time::timeout is in place, and no VM state is shared between tool calls.
- Ruby DSL evaluation: Verify that the security prelude removes all dangerous Kernel methods (system, exec, `, open, eval, and their equivalents) before any user script runs.
- FFI boundary: Confirm that no raw pointer escapes the dfree / RData ownership contract, and that the Rust↔mRuby bridge is free from double-free and use-after-free bugs.
Correctness and logic — Review the Rust and C++ implementation for:
- Memory safety: Every unsafe block must include a comment that states the invariant it relies on.
- OCCT bridge (bridge.h / bridge.cpp): Verify that all OCCT calls are wrapped in proper exception handling, since unhandled C++ exceptions crossing the cxx boundary cause aborts.
- mRuby GC hazards: Confirm that any mrb_value retained across a potential allocation is either protected with mrb_gc_protect or converted to a stable pointer before the allocation occurs.
Code smells — Flag any of the following:
- Duplicated logic that should be extracted into a shared helper.
- Functions exceeding roughly 60 lines without clear justification.
- Magic numbers or hard-coded paths (e.g., /tmp/rrcad_preview.glb appearing in multiple places without a named constant).
- unwrap() or expect() in non-test code where a meaningful error could be propagated instead.
- Dead code or stale commented-out blocks.
Test coverage — Verify that:
- New Rust logic has unit tests co-located in the same file, per project convention.
- New DSL features have integration tests under tests/.
- No test spawns threads that create additional mRuby VMs; the RUST_TEST_THREADS=1 setting in .cargo/config.toml enforces single-threaded execution, and tests must not circumvent it.
Documentation quality — Confirm that:
- Public Rust items that form the DSL API are covered by doc comments (///).
- Non-obvious C++ bridge functions carry inline comments explaining the relevant OCCT behavior.
- CLAUDE.md, doc/user-guide.md (and the chapter files under doc/user-guide/), and doc/TODOs.md are updated to reflect any new architectural or behavioral changes.
UI/UX (preview server) — Review the Three.js HTML and WebSocket reload flow for:
- Control usability: orbit, zoom, wireframe toggle, flat-line view, and scene background controls should behave intuitively.
- Error states: The browser should display a clear, user-facing message when the WebSocket disconnects or the GLB file fails to load.
- Console hygiene: Normal use should produce no uncaught JavaScript errors.
Code style — Confirm that formatting rules are observed throughout:
- Rust: Code must be rustfmt-clean. Hooks enforce this automatically, but verify that no suppression comments (#[rustfmt::skip]) were quietly added.
- C++: Code must be clang-format-clean according to .clang-format (LLVM base, 100-column limit, 4-space indent).
- Any #[allow(clippy::...)] suppression must be accompanied by a comment explaining why the lint is a false positive in that context.
Report findings — Present all identified issues grouped by category: Security, Correctness, Code Smell, Tests, Documentation, UI/UX, and Style. Assign each a severity of Critical, High, Medium, or Low. For every finding, include the file path and line number, a clear description of the problem, and a concrete recommendation for how to fix it.

related-skills.json

gleiches Repository

docs-engineering.md

from "hiroshiyui/rrcad"

Audit and update all project documentation to stay in sync with the current development status.

2026-05-231

docs-engineering.md

from "hiroshiyui/rrcad"

Audit and update project documentation to stay in sync with the current codebase and development status.

2026-05-231

code-review.md

from "hiroshiyui/rrcad"

Perform a project-wide code review covering security, correctness, code quality, documentation, UI/UX, and style.

2026-05-151

commit-and-push.md

from "hiroshiyui/rrcad"

Stage, commit, and push changes to the remote repository with a well-formed commit message and body.

2026-05-151

release-engineering.md

from "hiroshiyui/rrcad"

Manage the release process, including build verification, version bumps, changelogs, tags, and GitHub releases.

2026-05-151

security-audit.md

from "hiroshiyui/rrcad"

Perform project-wide security audits.

2026-05-151

package.json

"author": "hiroshiyui"

"repository": "hiroshiyui/rrcad"

GitHub-Repository öffnen Creator-Repositorys ansehen

$ install --global

$ download --local

In Manus ausführen

$ useful --forSOC

Softwarequalitätssicherungsanalysten und -testerInformatik- und Mathematikberufe15-1253L4

name	code-review
description	Perform a project-wide code review covering security, correctness, code quality, documentation, UI/UX, and style.

When performing a project-wide code review, always follow these steps:

Survey recent changes — Run git log --oneline -20 and skim the corresponding diffs to understand the scope of work before examining individual files.
Security audit — Apply the security-audit skill. Give particular attention to the following areas:
- MCP server: Confirm that safe_path() is enforced on every export path, the 30-second tokio::time::timeout is in place, and no VM state is shared between tool calls.
- Ruby DSL evaluation: Verify that the security prelude removes all dangerous Kernel methods (system, exec, `, open, eval, and their equivalents) before any user script runs.
- FFI boundary: Confirm that no raw pointer escapes the dfree / RData ownership contract, and that the Rust↔mRuby bridge is free from double-free and use-after-free bugs.
Correctness and logic — Review the Rust and C++ implementation for:
- Memory safety: Every unsafe block must include a comment that states the invariant it relies on.
- OCCT bridge (bridge.h / bridge.cpp): Verify that all OCCT calls are wrapped in proper exception handling, since unhandled C++ exceptions crossing the cxx boundary cause aborts.
- mRuby GC hazards: Confirm that any mrb_value retained across a potential allocation is either protected with mrb_gc_protect or converted to a stable pointer before the allocation occurs.
Code smells — Flag any of the following:
- Duplicated logic that should be extracted into a shared helper.
- Functions exceeding roughly 60 lines without clear justification.
- Magic numbers or hard-coded paths (e.g., /tmp/rrcad_preview.glb appearing in multiple places without a named constant).
- unwrap() or expect() in non-test code where a meaningful error could be propagated instead.
- Dead code or stale commented-out blocks.
Test coverage — Verify that:
- New Rust logic has unit tests co-located in the same file, per project convention.
- New DSL features have integration tests under tests/.
- No test spawns threads that create additional mRuby VMs; the RUST_TEST_THREADS=1 setting in .cargo/config.toml enforces single-threaded execution, and tests must not circumvent it.
Documentation quality — Confirm that:
- Public Rust items that form the DSL API are covered by doc comments (///).
- Non-obvious C++ bridge functions carry inline comments explaining the relevant OCCT behavior.
- CLAUDE.md, doc/user-guide.md (and the chapter files under doc/user-guide/), and doc/TODOs.md are updated to reflect any new architectural or behavioral changes.
UI/UX (preview server) — Review the Three.js HTML and WebSocket reload flow for:
- Control usability: orbit, zoom, wireframe toggle, flat-line view, and scene background controls should behave intuitively.
- Error states: The browser should display a clear, user-facing message when the WebSocket disconnects or the GLB file fails to load.
- Console hygiene: Normal use should produce no uncaught JavaScript errors.
Code style — Confirm that formatting rules are observed throughout:
- Rust: Code must be rustfmt-clean. Hooks enforce this automatically, but verify that no suppression comments (#[rustfmt::skip]) were quietly added.
- C++: Code must be clang-format-clean according to .clang-format (LLVM base, 100-column limit, 4-space indent).
- Any #[allow(clippy::...)] suppression must be accompanied by a comment explaining why the lint is a false positive in that context.
Report findings — Present all identified issues grouped by category: Security, Correctness, Code Smell, Tests, Documentation, UI/UX, and Style. Assign each a severity of Critical, High, Medium, or Low. For every finding, include the file path and line number, a clear description of the problem, and a concrete recommendation for how to fix it.

code-review

Mehr aus diesem Repository

Mehr aus diesem Repository