ワンクリックで
rsh-review
Review Restish code changes for bugs, regressions, missing tests, and repo-specific risks
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
メニュー
Review Restish code changes for bugs, regressions, missing tests, and repo-specific risks
Codex または Claude でインストール この Prompt をコピーして Codex、Claude、または他のアシスタントに貼り付けると、Skill ページを確認してインストールできます。
SOC 職業分類に基づく
Write and maintain Restish documentation, blog posts, release announcements, tutorials, recipes, and user-facing product explanations.
Shape Restish product direction, feature strategy, and CLI/developer-tool UX. Use when planning, prioritizing, designing, or reviewing a Restish feature before or during implementation; when evaluating whether a request fits Restish; when turning user feedback into a feature proposal; when checking CLI UX, help, errors, output, docs, tests, compatibility, or release readiness.
Run Restish release readiness QA from main using recent commits, built-in historical risk patterns, docs, and full release gates; report reproducible issues without patching product code
Analyze the Restish codebase for simplification and refactoring opportunities, then implement approved changes
Write or improve Restish tests with concise, high-density Go coverage, especially CLI behavior tests using OpenAPI specs, mock HTTP servers, real CLI commands, and expected output
| name | rsh-review |
| description | Review Restish code changes for bugs, regressions, missing tests, and repo-specific risks |
Review code changes with a bug-finding mindset. Prioritize correctness, regressions, and missing coverage over style nits. Keep feedback specific, actionable, and grounded in the actual diff.
git status --short, git diff --stat, and git diff --name-only to map the review surface.site/ docs or docs/design/ should change.Findings, Open questions / assumptions, Residual risk.P0: breakage, data loss, or a serious security issueP1: likely regression or incorrect behaviorP2: test gap, maintainability issue, or edge-case risk with plausible impactP3: minor issue, clarity problem, or polish itemThese are high-value repo-specific checks, not an exhaustive checklist. Use them when relevant; do not force them into unrelated reviews. For the full catalog of historical bug classes found in past releases, see ../rsh-release-qa/references/findings-mining.md. When a changed subsystem has a design doc (docs/design/README.md), check the diff against its stated invariants.
internal/cli/: flags, exit codes, stdin/stdout/stderr, config precedence, generated commandsinternal/request/: content negotiation, auth headers, redirects, pagination, retries, streaming, cancellationinternal/output/: formatter drift, regression fixtures, terminal width behavior, stable orderinginternal/config/: defaults, file permissions, migrations, backward compatibilityinternal/plugin/ and cmd/restish-*: plugin protocol, subprocess lifecycle, wire compatibilitycmd/restish and site/: user-facing CLI behavior, examples, docs impactEvery exec.Cmd that has been Start()ed must be Wait()ed, or the process becomes a zombie. Error paths usually need cleanup that closes pipes, kills the process if needed, and then waits for exit.
If a goroutine reads from a subprocess pipe and another goroutine times out, the reader can leak forever unless the read is made interruptible. Closing the relevant io.ReadCloser and draining result channels is the usual fix.
io.ReadersA goroutine blocked on Read often cannot be stopped by closing some other resource. Prefer patterns where the blocking read is isolated and the coordinating goroutine can exit cleanly on cancellation.
Backward-incompatible plugin protocol changes usually require updating the plugin API version and checking compatibility behavior for older plugins.
CBOR byte payloads may decode into different Go types depending on decoder behavior. Avoid brittle direct assertions when helper functions exist to normalize input.
Config fields should not be added unless their behavior is implemented. Otherwise users can set them successfully and still see no effect.
Spec-loading or command-generation changes can break existing workflows indirectly. Check for backward compatibility in generated command shape, naming, argument expectations, and operation discovery.
A recurring source of fixes: stale generated commands after config or spec changes. Caches are keyed by base URL, operation base, server variables, and raw spec hash. Changes to api edit/api connect, profiles, base URLs, or spec loading must invalidate or refresh the relevant caches, and concurrent api connect runs must not clobber each other's entries.
Token refreshes must stay serialized; discovery transports and OAuth state are shared across generated commands. Changes to internal/auth should be checked for refresh races, cache-key reuse across profiles/issuers, and browser-launch behavior ($BROWSER handling, Linux flows).
Changing config schema, cache key formats, or credential storage breaks existing user state unless migrated. Past fixes migrated legacy token cache keys, legacy tls.cert/tls.key fields, and added migration warnings. New formats need a mapping from the old one or an explicit, tested migration error.
internal/cli/command_surface_test.go locks the built-in command tree, help grouping, error-message UX, and removed pre-release names. Adding, renaming, or regrouping commands should update it deliberately — treat unexplained churn there as a regression signal.
Intentional formatter changes should usually come with targeted regression coverage. Unintentional output drift is a common source of user-visible regressions.
Changes in these areas often regress behavior only in realistic end-to-end paths. Review interactions, not just isolated helpers.
For auth, redaction, and cache metadata changes, check both positive behavior and negative leakage boundaries: where credentials are applied, where they must not be applied, what gets persisted, and what appears in errors or traces. Keep findings tied to the PR's changed paths.
internal/secrets holds the central allow-lists for recognizing credential-like fields; new secret-ish field names belong there, not in ad-hoc checks. Past fixes covered suffixed fields (confirm_password), URL userinfo and query credentials in network errors, and avoiding false positives on ordinary fields like max_tokens.
Tests that share a bytes.Buffer across concurrent writers can hide data races, especially when subprocess stderr/stdout is wired into test buffers.
go test ./..., then -tags=integration for CLI/plugin behavior changes, and -race when concurrency, subprocess handling, or shared buffers are touched.go run ./cmd/restish-docgen --check when CLI surface or help text changed; CI fails on stale generated docs regions.Good examples illustrate the shape of a finding without hard-coding one exact response style: