// Comprehensive code analysis before committing changes. Verifies mock data exists, MCP communication is real (not hardcoded), tool calls are correct, and Apps SDK web isolation. Use before git commits, for big changes, or when the user asks to validate implementation quality.
| name | pre-commit-analysis |
| description | Comprehensive code analysis before committing changes. Verifies mock data exists, MCP communication is real (not hardcoded), tool calls are correct, and Apps SDK web isolation. Use before git commits, for big changes, or when the user asks to validate implementation quality. |
Validates code quality and implementation correctness before committing to GitHub. Uses parallel subagents for comprehensive analysis.
Launch 4 parallel subagents to analyze different areas:
1. MCP Tools Analysis - Verify tools are real, not hardcoded
2. Apps SDK Web Isolation - Check iframe/postMessage patterns
3. Mock Data Completeness - Verify mock data exists
4. Communication Flow - Validate MCP protocol compliance
Goal: Ensure all MCP tools make real API calls or use shared data sources.
Files to check:
src/apps_sdk/tools/*.py - All tool implementationssrc/apps_sdk/main.py - Tool registration and handlersRed flags:
src/data/product_catalog.py)Verification commands:
# Check for hardcoded mock products
rg "MOCK_PRODUCTS|mock_products" src/apps_sdk/
# Verify shared catalog import
rg "from src.data.product_catalog import" src/apps_sdk/
# Check tool implementations for HTTP calls
rg "httpx|requests|fetch" src/apps_sdk/tools/
Expected pattern:
# Good: Import from shared catalog
from src.data.product_catalog import PRODUCTS
# Good: Make real API calls
async with httpx.AsyncClient() as client:
response = await client.get(f"{merchant_url}/products/{id}")
Goal: Widget must be isolated, communicating only via postMessage and MCP.
Files to check:
src/apps_sdk/web/src/**/*.tsx - All widget componentssrc/apps_sdk/web/src/**/*.ts - Hooks and utilitiessrc/apps_sdk/web/package.json - DependenciesRed flags:
../../../ui/ or parent directoriesfetch, axios) to localhost portswindow.parent property access (except postMessage)Verification commands:
# Check for external imports
rg "from ['\"]\.\./\.\./\.\." src/apps_sdk/web/src/
# Check for direct API calls
rg "localhost:8000|localhost:8001" src/apps_sdk/web/src/
# Verify postMessage usage
rg "postMessage|window\.parent" src/apps_sdk/web/src/
Expected pattern:
// Good: Uses postMessage for parent communication
window.parent.postMessage({ type: "GET_RECOMMENDATIONS", ... }, "*");
// Good: Uses window.openai bridge (which uses postMessage internally)
const result = await window.openai.callTool("add-to-cart", args);
Goal: Mock data exists and matches the real data source.
Files to check:
src/data/product_catalog.py - Source of truth (17 products)src/ui/data/mock-data.ts - Frontend mockssrc/apps_sdk/tools/recommendations.py - Apps SDK product dataRed flags:
Verification:
# Count products in catalog
rg '"id": "prod_' src/data/product_catalog.py | wc -l
# Check Apps SDK uses catalog
rg "CATALOG_PRODUCTS|from src.data.product_catalog" src/apps_sdk/
Data sync checklist:
CATALOG_PRODUCTS transforms from src/data/product_catalog.pyGoal: Verify MCP protocol compliance and message passing.
Files to check:
src/ui/components/agent/MerchantIframeContainer.tsx - Parent-side handlersrc/ui/hooks/useMCPClient.ts - MCP client implementationsrc/apps_sdk/web/src/App.tsx - Widget message handlerssrc/apps_sdk/web/src/main.tsx - Bridge setupMessage types to verify:
| Direction | Message Type | Purpose |
|---|---|---|
| Widget → Parent | GET_RECOMMENDATIONS | Request product recommendations |
| Parent → Widget | RECOMMENDATIONS_RESULT | Return recommendation data |
| Widget → Parent | CHECKOUT_COMPLETE | Notify checkout success |
| Widget → Parent | CALL_TOOL | MCP tool invocation (via bridge) |
Red flags:
Verification:
# Check message type handlers in parent
rg "message\.type.*==|case.*:" src/ui/components/agent/MerchantIframeContainer.tsx
# Check message sending in widget
rg "postMessage.*type:" src/apps_sdk/web/src/
Use this prompt pattern to launch parallel analysis:
Launch 4 subagents with subagent_type="explore":
1. "Analyze MCP tools in src/apps_sdk/tools/ - verify real API calls, no hardcoded data"
2. "Check Apps SDK web isolation in src/apps_sdk/web/ - no external imports, postMessage only"
3. "Verify mock data completeness - compare src/data/product_catalog.py with other mock sources"
4. "Analyze iframe communication in src/ui/components/agent/ and src/apps_sdk/web/src/"
Copy and track progress:
Pre-Commit Analysis:
- [ ] MCP tools use shared catalog (not hardcoded mock)
- [ ] MCP tools make real API calls where needed
- [ ] Apps SDK web has no external imports
- [ ] Widget uses postMessage for all parent communication
- [ ] Widget makes no direct API calls
- [ ] Mock data synced with product catalog (17 products)
- [ ] Agent fallbacks exist when services unavailable
- [ ] Message types match between sender and receiver
- [ ] All tests pass
- [ ] Linter checks pass
After analysis, run these to verify:
# Run Apps SDK tests
uv run pytest tests/apps_sdk/ -v
# Lint Apps SDK code
uv run ruff check src/apps_sdk/
# Type check
uv run pyright src/apps_sdk/
# Build widget (verifies no import errors)
cd src/apps_sdk/web && pnpm build
Fix: Import from shared catalog
from src.data.product_catalog import PRODUCTS
CATALOG_PRODUCTS = [
{"id": p["id"], "name": p["name"], "basePrice": p["price_cents"], ...}
for p in PRODUCTS
]
Fix: Use MCP tools via bridge
// Bad: Direct API call
const response = await fetch("http://localhost:8000/products");
// Good: Use MCP tool
const result = await window.openai.callTool("search-products", { query });
Fix: Send postMessage after checkout
if (result.success && result.orderId) {
window.parent.postMessage({
type: "CHECKOUT_COMPLETE",
orderId: result.orderId
}, targetOrigin);
}
Fix: Validate message origin
const handleMessage = (event: MessageEvent) => {
// Validate origin
if (event.origin !== expectedOrigin) return;
// Process message
};
After analysis, provide findings in this format:
## Pre-Commit Analysis Report
### MCP Tools
- Status: PASS/FAIL
- Issues: [list any issues]
### Apps SDK Isolation
- Status: PASS/FAIL
- Issues: [list any issues]
### Mock Data
- Status: PASS/FAIL
- Product count: X/17
- Issues: [list any issues]
### Communication Flow
- Status: PASS/FAIL
- Issues: [list any issues]
### Recommendations
1. [High priority fixes]
2. [Medium priority improvements]
3. [Low priority enhancements]
Launch all services for the Retail Agentic Commerce project. Validates prerequisites, configures environment, and starts the full stack. Supports Docker deployment (recommended) and local development. Use when the user types "setup", "install", or asks to start/launch the project.
Python backend development standards for FastAPI, SQLModel, and pytest. Enforces Ruff linting, Pyright type checking, and test coverage. Use when writing Python code, creating API endpoints, implementing services, adding database models, or modifying backend logic in src/merchant/, src/payment/, or src/apps_sdk/.
React/Next.js frontend development standards with TypeScript, Tailwind CSS, and Kaizen UI. Enforces ESLint, Prettier, and browser validation via MCP. Use when creating React components, modifying pages, styling with Tailwind, implementing hooks, or working in src/ui/. Validates changes in browser when MCP tools available.