Ejecuta cualquier Skill en Manus
con un clic

Ejecuta cualquier Skill en Manus con un clic

code-review

Estrellas1

Forks1

Actualizado20 de mayo de 2026, 12:44

Code review principles and checklist for reviewing any codebase regardless of language. Use when the user asks to review code, perform a code review, assess a pull request, or evaluate code quality across design, tests, performance, security, and correctness.

Instalación

Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.

Ejecutar en Manus

Fuente

cboudereau

cboudereau/dotfiles

Abrir repositorio de GitHub Ver repositorios del creador

Descarga

Ejecutar en Manus

Ocupaciones relacionadasSOC

Basado en la clasificación ocupacional SOC

Analistas de garantía de calidad de software y probadoresOcupaciones informáticas y matemáticas·SOC 15-1253

SKILL.md

readonly

name	code-review
description	Code review principles and checklist for reviewing any codebase regardless of language. Use when the user asks to review code, perform a code review, assess a pull request, or evaluate code quality across design, tests, performance, security, and correctness.

Code Review

Based on "What to look for in a code review" by Trisha Gee (Java Champion, JetBrains) and personal notes

When to use

User asks to review code or a pull request
User asks for a code review checklist
User wants to assess the quality of a change
User mentions design, readability, test coverage, security, or correctness concerns

Overview

A structured, language-agnostic checklist to guide thorough code reviews. Reviews should reduce cognitive load, catch correctness issues, and share knowledge — not just find bugs.

Rules

Design

Architecture fit — Does the change align with the overall architecture and existing conventions?
SOLID — Are Single Responsibility, Open/Closed, Liskov, Interface Segregation, and Dependency Inversion respected?
DDD — Are domain concepts clearly named and properly modelled?
YAGNI / KISS — No speculative generality; prefer the simplest solution that works
Code reuse — Is there a refactoring or extraction opportunity to avoid duplication?

Readability & Maintainability

Understandability — Can a new reader understand the intent without context?
Naming — Are names precise, consistent, and self-documenting?
Happy path vs exceptional cases — Are both paths handled explicitly and clearly?
Configuration vs hard-coded values — No magic constants; prefer named config

Tests

Coverage of new code — Are all new branches and edge cases covered?
Test intent — Does each test name and assertion communicate why, not just what?
Tests are code — Apply the same quality rules (naming, readability, no duplication)
Granularity — Right level: unit > integration > end-to-end; avoid testing implementation details
Edge cases — Cardinality (empty, single, many), nullability, boundary values, error paths
Limitations — Are test limitations intentional and documented, or accidental gaps?
Performance & security tests — Are they needed? Are they present?
Pair review option — Reviewers can write missing tests as part of the review

Performance

Requirements — Does the implementation meet the stated performance requirements?
Readability vs performance trade-off — Only optimise when measurements justify it
Network cost — Are batching and call counts considered?
Resource management — Are connections, streams, and handles properly closed?
Memory leaks — Are data lifecycle and collection bounds controlled?
Locks & race conditions — Are shared resources properly protected?
Concurrency vs parallelism — Is the right model applied?
Pool configuration — Use safe defaults; only tune with evidence

Data Structures

Right choice — Is the data structure appropriate for the access pattern and complexity (Big-O)?
Pitfalls — Watch for lazy evaluation traps, infinite streams, or iterator invalidation
Optionality — Is absence of a value modelled explicitly (Option/Maybe/Optional) rather than null?

Security

Automated checks — Are dependency scanners (e.g. Dependabot) and SAST tools in CI?
Dependency surface — Are new dependencies justified and minimal?
Regulatory requirements — Does the change touch data subject to compliance rules (GDPR, PCI, …)?

Correctness

Wrong data structure — Could the structure cause subtle bugs (e.g. set vs list, map ordering)?
Race conditions — Is concurrent access safe?
Caching — Are cache invalidation and staleness handled correctly?

Cross-cutting Concerns

Documentation impact — Does the change require updating docs, ADRs, or READMEs?
UI / error messages — Are user-visible messages clear, actionable, and tested?
Automated vs human review split — Delegate formatting/style to linters; focus human review on design and logic

Culture

Share tooling: IDE configs, linter rules, and CI checks should be committed and consistent
Reviewers should ask "Have you thought about…?" for security, edge cases, and docs — not just critique
Prefer collaborative tone; a review is a knowledge-sharing session, not an audit

Más de este repositorio

mismo repositorio

plan

cboudereau/dotfiles

Planning skill for complex, multi-session work. Use when the user enters plan mode, asks to plan a feature, design a system, create a workspace, write a design doc, or when the problem requires structured analysis before implementation.

2026-05-091

tdd

cboudereau/dotfiles

Test Driven Development methodology with acceptance tests and unit tests. Use when the user asks to write tests, add test coverage, implement a feature using TDD, create a failing test first, or when discussing red-green-refactor, test-first development, or test strategy.

2026-05-031

code-quality

cboudereau/dotfiles

Code quality principles for writing clean, maintainable software. Use when reviewing code, refactoring, discussing best practices, improving readability, reducing complexity, or when the user mentions code quality, clean code, SOLID, DRY, or maintainability.

2026-05-021

dotnet-software-engineer

cboudereau/dotfiles

.NET Software Engineer persona using TDD, Domain Driven Design, and C#. Use when working on .NET, C#, F#, ASP.NET, or dotnet projects, or when the user asks about software architecture, domain modeling, clean architecture, hexagonal architecture, or DDD patterns like aggregates, value objects, entities, and repositories.

2026-05-021

git-conventions

cboudereau/dotfiles

Git command rules, commit message conventions, and safe usage patterns. Use when the user asks to commit, create a branch, check differences, write a commit message, or perform any git operation. Also use when discussing version control workflows or git safety.

2026-05-021

rust-software-engineer

cboudereau/dotfiles

Rust Software Engineer persona using TDD, Domain Driven Design, and Rust. Use when working on Rust, Cargo, or crate projects, or when the user asks about software architecture, domain modeling, clean architecture, hexagonal architecture, or DDD patterns like aggregates, value objects, entities, and repositories.

2026-05-021

name	code-review
description	Code review principles and checklist for reviewing any codebase regardless of language. Use when the user asks to review code, perform a code review, assess a pull request, or evaluate code quality across design, tests, performance, security, and correctness.

Code Review

Based on "What to look for in a code review" by Trisha Gee (Java Champion, JetBrains) and personal notes

When to use

User asks to review code or a pull request
User asks for a code review checklist
User wants to assess the quality of a change
User mentions design, readability, test coverage, security, or correctness concerns

Overview

A structured, language-agnostic checklist to guide thorough code reviews. Reviews should reduce cognitive load, catch correctness issues, and share knowledge — not just find bugs.

Rules

Design

Architecture fit — Does the change align with the overall architecture and existing conventions?
SOLID — Are Single Responsibility, Open/Closed, Liskov, Interface Segregation, and Dependency Inversion respected?
DDD — Are domain concepts clearly named and properly modelled?
YAGNI / KISS — No speculative generality; prefer the simplest solution that works
Code reuse — Is there a refactoring or extraction opportunity to avoid duplication?

Readability & Maintainability

Understandability — Can a new reader understand the intent without context?
Naming — Are names precise, consistent, and self-documenting?
Happy path vs exceptional cases — Are both paths handled explicitly and clearly?
Configuration vs hard-coded values — No magic constants; prefer named config

Tests

Coverage of new code — Are all new branches and edge cases covered?
Test intent — Does each test name and assertion communicate why, not just what?
Tests are code — Apply the same quality rules (naming, readability, no duplication)
Granularity — Right level: unit > integration > end-to-end; avoid testing implementation details
Edge cases — Cardinality (empty, single, many), nullability, boundary values, error paths
Limitations — Are test limitations intentional and documented, or accidental gaps?
Performance & security tests — Are they needed? Are they present?
Pair review option — Reviewers can write missing tests as part of the review

Performance

Requirements — Does the implementation meet the stated performance requirements?
Readability vs performance trade-off — Only optimise when measurements justify it
Network cost — Are batching and call counts considered?
Resource management — Are connections, streams, and handles properly closed?
Memory leaks — Are data lifecycle and collection bounds controlled?
Locks & race conditions — Are shared resources properly protected?
Concurrency vs parallelism — Is the right model applied?
Pool configuration — Use safe defaults; only tune with evidence

Data Structures

Right choice — Is the data structure appropriate for the access pattern and complexity (Big-O)?
Pitfalls — Watch for lazy evaluation traps, infinite streams, or iterator invalidation
Optionality — Is absence of a value modelled explicitly (Option/Maybe/Optional) rather than null?

Security

Automated checks — Are dependency scanners (e.g. Dependabot) and SAST tools in CI?
Dependency surface — Are new dependencies justified and minimal?
Regulatory requirements — Does the change touch data subject to compliance rules (GDPR, PCI, …)?

Correctness

Wrong data structure — Could the structure cause subtle bugs (e.g. set vs list, map ordering)?
Race conditions — Is concurrent access safe?
Caching — Are cache invalidation and staleness handled correctly?

Cross-cutting Concerns

Documentation impact — Does the change require updating docs, ADRs, or READMEs?
UI / error messages — Are user-visible messages clear, actionable, and tested?
Automated vs human review split — Delegate formatting/style to linters; focus human review on design and logic

Culture

Share tooling: IDE configs, linter rules, and CI checks should be committed and consistent
Reviewers should ask "Have you thought about…?" for security, edge cases, and docs — not just critique
Prefer collaborative tone; a review is a knowledge-sharing session, not an audit