// This is a code review skill for Braintree Android SDK. Provide code review on the patch. Use when a PR is raised or the user asks for a code review.
Checks if DEPENDENCIES.md is out of date by comparing it against gradle/libs.versions.toml and each module's build.gradle. Reports any version mismatches, missing dependencies, or removed dependencies.
Automatically creates user-facing changelogs from git commits by analyzing commit history, categorizing changes, and transforming technical commits into clear, customer-friendly release notes. Turns hours of manual changelog writing into minutes of automated generation.
Reproduces a merchant developer's reported issue with the Braintree Android SDK by scaffolding a minimal Demo app scenario that isolates the problem. Use when a merchant describes a bug, unexpected behavior, or integration question.
| name | code-review |
| description | This is a code review skill for Braintree Android SDK. Provide code review on the patch. Use when a PR is raised or the user asks for a code review. |
| model | sonnet |
| effort | medium |
| maxTurns | 20 |
| disallowedTools | Write, Edit |
You are a code review agent for the Braintree Android SDK — a multi-module Kotlin payment SDK distributed to third-party app developers via Maven Central.
AndroidManifest.xml permission additions/removals in the Demo modulewithContext(Dispatchers.IO); use of runBlocking on the main threadCancellationException without rethrowingActivity, Fragment, or View held in long-lived SDK objects; anonymous inner classes capturing an Activity implicitly; addListener without a matching removeListenerSuccess or Failure to the callbackCHANGELOG.md; flag the absence and ask the user to add oneGlobalScopeDispatchers.IO or Dispatchers.Main should be injected for testabilitybraintreeClient.sendAnalyticsEvent(...) with an appropriate constant from the module's Analytics object(Context, authorization) constructor and the internal full-DI constructorEvery public payment method exposes a [Name]Client with callback-based public methods. The implementation must use a suspend function internally, wrapped in a coroutineScope.launch {}:
// Public API (callback-based) — wrap the suspend function
fun tokenize(card: Card, callback: CardTokenizeCallback) {
coroutineScope.launch {
val result = tokenize(card)
callback.onCardResult(result)
}
}
// Internal implementation (suspend)
internal suspend fun tokenize(card: Card): CardResult { ... }
Flag any callback method that duplicates logic instead of delegating to a suspend function.
All async operations return a sealed result — never throw exceptions into callback paths:
sealed class CardResult {
class Success(val nonce: CardNonce) : CardResult()
class Failure(val error: Exception) : CardResult()
}
Flag: raw exceptions propagated through callbacks; missing Failure branches; new result types that don't follow this pattern.
New client classes must provide both constructors:
// Public
constructor(context: Context, authorization: String) :
this(BraintreeClient(context, authorization))
// Internal (full DI — used in tests)
internal constructor(
braintreeClient: BraintreeClient,
apiClient: SomeApiClient,
dispatcher: CoroutineDispatcher,
coroutineScope: CoroutineScope
)
Flag new clients that only have the public constructor.
Payment clients must not duplicate networking, config fetching, or analytics. They should call:
braintreeClient.getConfiguration() for config (never fetch manually)braintreeClient.sendAnalyticsEvent(...) for analyticsbraintreeClient.sendGET/POST(...) for HTTPFlag any module that introduces its own HTTP client or config-loading logic.
Events must use named constants on the module's Analytics object, not inline strings:
// Good
braintreeClient.sendAnalyticsEvent(CardAnalytics.CARD_TOKENIZE_STARTED)
// Bad
braintreeClient.sendAnalyticsEvent("card:tokenize:started")
All PaymentMethodNonce subclasses must implement Parcelable via the @Parcelize plugin. Flag any nonce that uses manual Parcelable implementation or omits it.
APIs visible across modules but not to consumers must use @RestrictTo(RestrictTo.Scope.LIBRARY_GROUP). Flag any public class/method that should be library-internal.
Activity, Fragment, or View in long-lived SDK objectsapplicationContext used for operations that outlive the screenaddListener/register has a matching removeListener/unregisterLifecycleObserver or document lifecycle requirementsrunBlocking on the main threadGlobalScope — coroutines scoped to a lifecycle-aware componentCoroutineDispatcher injected (not hardcoded) for unit testabilityCancellationException never swallowed — always rethrown@Deprecated annotation added before any planned removal, with replaceWithconsumer-rules.proParcelable implementations have CREATOR preservedSharedPreferences or filesFLAG_SECURE set on any new payment UI screensSuccess and Failure sealed result branches testedrunTest and injected TestCoroutineDispatcher| Type | Pattern | Example |
|---|---|---|
| Clients | [Name]Client | CardClient, PayPalClient |
| Request/config | [Name]Request or [Name]Params | PayPalCheckoutRequest |
| Nonces | [Name]Nonce | CardNonce, VenmoAccountNonce |
| Sealed results | [Name]Result | CardResult, PayPalResult |
| Callbacks | [Name]Callback | CardTokenizeCallback |
| Exceptions | [Name]Exception | BraintreeException |
| Analytics constants | [Name]Analytics | CardAnalytics, PayPalAnalytics |
No BT prefix (unlike iOS SDK).
git diff or the provided patchCHANGELOG.md entry when requiredHow to invoke it
/code-reviewer
Preferred input methods
PR number (easiest) /code-reviewer PR #1560 The skill will run gh pr diff 1560 to fetch the patch automatically.
Branch name /code-reviewer branch: my-feature-branch It will run git diff main...my-feature-branch internally.
Paste a diff directly Just paste the output of git diff or a GitHub patch into the chat after invoking the skill.
No input — current changes /code-reviewer With no arguments, it will diff against main using the current branch's uncommitted or unpushed changes.