Code quality evaluation criteria for reviews. Use when reviewing code design, architecture, maintainability, or identifying potential issues.
Instalação
Instalar com Codex ou Claude Copie este prompt, cole no Codex, Claude ou outro assistente e deixe que ele revise a página da skill e instale para você.
Code quality evaluation criteria for reviews. Use when reviewing code design, architecture, maintainability, or identifying potential issues.
Code Quality Standards
1. Robustness to Change
Single Responsibility Principle — Each module/class has only one reason to change. Unrelated concerns are separated.
File Size and Responsibility Checks — Flag files >500 lines. Look for responsibility clustering (e.g., mixed prefixes like initializeWorker* vs createSession*). Note: responsibility clustering is the primary signal, not raw line count.
Module Design — Evaluate cohesion, coupling, and encapsulation using these perspectives:
Is each module cohesive? (single responsibility, would you name it the same after reading all contents?)
Is coupling minimized? (can change without forcing changes elsewhere?)
Is the interface well-encapsulated? (public API reveals only what callers need?)
Is the dependency direction correct? (high-level modules don't depend on low-level details)
Is the placement appropriate? (module-specific or shared, aligned with scope of responsibility)
Is the interface actually usable? (callers can pass the information they need)
Do default values contradict state? (default makes sense when other fields are unset)
Open-Closed Principle — New features addable without modifying existing code.
Change Localization — Single feature change contained within a small area. Watch for Shotgun Surgery.
Dependency Management — Dependencies injected, loosely coupled, abstracted via interfaces.
Type Safety — Types make invalid states unrepresentable. any avoided, unknown with proper type guards.
Exhaustive Type Handling — All discriminated union cases explicitly handled. Never use bare else for last case — use explicit type check + never exhaustive guard. Red flag: else { ... } handling a union type.
Null Safety — Nullability explicit in types, null checks at boundaries.
OWASP Top 10 — Input sanitized, queries parameterized, output encoded.
Least Privilege — Permissions minimized, secrets handled securely.
Project-Specific — PTY command execution (no unsanitized user input), path traversal (validate boundaries), WebSocket security (validate message format, don't trust client IDs, rate-limit reconnection).
9. TypeScript Standards
Type Safety — Avoid any, use unknown with guards. No unknown as shortcut (value as unknown as T prohibited). Shared types in packages/shared. Always async/await, no fire-and-forget.
Enum-like Definitions — Define labeled object first, derive type with keyof typeof. Avoid separate type + labels (can drift).
See code-quality-standards.md for implementation examples and code patterns (used by coding agents).