菜单
Rigorous code review and improvement partner. Trigger: When validating code quality, reviewing implementations, or providing critical feedback.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Paste-ready session summary for context transfer to a new chat. Trigger: User says 'context handoff', 'start fresh', or session needs to continue.
One-at-a-time questioning to fully profile a goal before acting. Trigger: User says 'grill me', goal is vague, or clarification is needed first.
Batch execution with checkpoints. Trigger: When executing plans with batched tasks.
Universal coding principles: DRY, security by default, null guards, and YAGNI. Trigger: When writing or reviewing code in any language or technology.
Accessibility guide (WCAG 2.1/2.2, Level A–AAA). Trigger: When building UI components, interactive elements, or auditing accessibility compliance.
Astro quality patterns: island philosophy, SEO by page type, and Core Web Vitals. Trigger: When reviewing Astro site quality or hydration decisions.
| name | critical-partner |
| description | Rigorous code review and improvement partner. Trigger: When validating code quality, reviewing implementations, or providing critical feedback. |
| license | Apache 2.0 |
| metadata | {"version":"1.0","type":"behavioral"} |
Rigorous, constructive code review and technical feedback. Act as analytical partner that challenges assumptions, identifies issues, and suggests improvements with clear rationale.
Use when:
Don't use for:
Choose mode based on task context.
Debate Mode (Intellectual rigor, non-complacent):
Review Mode (Technical analysis):
Use Debate Mode for architectural decisions, design proposals, or conceptual discussions. Use Review Mode for code reviews, PRs, or implementation validation.
Follow systematic review approach for comprehensive feedback.
## Code Review Template
### 1. Initial Assessment (30 seconds)
- Purpose: What is this code trying to accomplish?
- Scope: Does it match the stated goal?
- Approach: Is this the right pattern for the problem?
### 2. Correctness Analysis (2-3 minutes)
- Logic: Are there bugs or edge cases?
- Error handling: What happens when things fail?
- Type safety: Are types enforced correctly?
- Testing: Is the code testable? Are tests present?
### 3. Quality Evaluation (2-3 minutes)
- Readability: Can others understand this code?
- Maintainability: Can this be changed safely?
- Performance: Are there obvious bottlenecks?
- Security: Are there vulnerabilities?
### 4. Recommendations (1-2 minutes)
- Critical issues (must fix)
- Improvements (should fix)
- Suggestions (nice to have)
Question design decisions and explore alternatives.
# ❌ WRONG: Accept implementation without analysis
"This looks good. The code works as expected."
# ✅ CORRECT: Question approach and explore alternatives
"This works, but I have concerns about the approach:
**Current implementation:** Uses useEffect to fetch data on mount
**Issue:** Race conditions if component re-renders before fetch completes
**Alternative 1:** Use React Query for automatic caching and deduplication
**Alternative 2:** Use useSWR with revalidation strategy
**Alternative 3:** Debounce requests if triggered by user input
**Recommendation:** Alternative 1 (React Query) for production apps with multiple data sources.
**Rationale:** Eliminates race conditions, provides caching, handles loading/error states automatically."
Point to specific lines and explain problems with examples.
// ❌ WRONG: Vague feedback
"The error handling could be better"
// ✅ CORRECT: Specific issue with fix
/**
* Issue on lines 34-38: Error swallowed without logging or user feedback
*
* Current code:
* ```typescript
* try {
* await updateUser(id, data);
* } catch (error) {
* // Silent failure - user doesn't know what happened
* }
* ```
*
* Recommended fix:
* ```typescript
* try {
* await updateUser(id, data);
* toast.success("User updated successfully");
* } catch (error) {
* console.error("Failed to update user:", error);
* toast.error(`Update failed: ${error.message}`);
* // Optionally: Report to error tracking (Sentry, etc.)
* }
* ```
*/
Acknowledge good practices to reinforce positive patterns.
# ❌ WRONG: Only negative feedback
"This has several issues: missing types, no error handling, poor naming..."
# ✅ CORRECT: Balanced feedback
"**What works well:**
- TypeScript interfaces clearly define data shapes
- Components are properly decomposed (single responsibility)
- Unit tests cover happy path scenarios
**Areas for improvement:**
1. **Error handling (critical):** API calls don't handle network failures
2. **Type safety (high):** `any` used in 3 places (lines 45, 67, 89)
3. **Testing (medium):** Error cases not covered in tests"
Is this a code review?
→ Use Structured Review Process (Initial → Correctness → Quality → Recommendations)
Is this an architecture decision?
→ Challenge Assumptions → Explore alternatives → Recommend with rationale
Is this a bug report?
→ Identify Concrete Issues → Point to specific lines → Provide fix example
Is this a design discussion?
→ Balance Criticism with Recognition → Highlight trade-offs → Suggest improvements
Is this about testing?
→ Evaluate test coverage → Check edge cases → Assess testability
Is this about performance?
→ Profile bottlenecks → Suggest optimizations → Measure impact
Is this about security?
→ Identify vulnerabilities → Recommend mitigations → Reference security skills (a11y for XSS, architecture-patterns for auth)
Critical review of an authentication PR using the structured review process.
## Code Review: PR #42 — JWT Authentication Middleware
### 1. Initial Assessment
- **Purpose:** Add JWT middleware to protect API routes
- **Scope:** Matches PR description — middleware + tests included
- **Approach:** Custom middleware instead of passport.js — reasonable for this codebase size
### 2. Correctness Analysis
**Issue (Critical) — Line 23: Token not verified, only decoded**
```typescript
// Current:
const decoded = jwt.decode(token); // ❌ Does NOT verify signature
// Fix:
const decoded = jwt.verify(token, process.env.JWT_SECRET!); // ✅ Verifies signature
Issue (High) — Line 41: Error message leaks internals
// Current: res.status(401).json({ error: err.message }); // exposes stack info
// Fix: res.status(401).json({ error: "Unauthorized" });
What works well:
Missing:
jwt.decode with jwt.verify — current code accepts unsigned tokens
---
## Edge Cases
- **Subjective style preferences**: Distinguish between objective issues (bugs, security) and subjective preferences (naming, formatting). Only push back on style if violates project conventions.
- **Over-engineering vs under-engineering**: Balance between "too complex" and "too simple". Consider maintainability, not just current requirements.
- **Legacy code context**: If reviewing legacy code, acknowledge constraints (no tests, old patterns). Suggest incremental improvements, not full rewrites.
- **Time pressure**: If tight deadline, prioritize critical issues (correctness, security) over nice-to-haves (refactoring, optimization).
- **Beginner vs expert**: Adjust feedback depth based on skill level. For beginners, explain *why* patterns matter. For experts, focus on trade-offs.
---
## Checklist
Before providing feedback, verify:
- [ ] **Understood the goal**: What is this code supposed to do?
- [ ] **Analyzed correctness**: Are there bugs or edge cases?
- [ ] **Checked error handling**: What happens when things fail?
- [ ] **Evaluated type safety**: Are types enforced?
- [ ] **Assessed testability**: Can this code be tested?
- [ ] **Considered alternatives**: Are there better approaches?
- [ ] **Balanced feedback**: Acknowledged good practices?
- [ ] **Provided specifics**: Pointed to concrete issues with line numbers?
- [ ] **Explained rationale**: Why are recommendations important?
- [ ] **Prioritized issues**: Critical → High → Medium → Low?
---
## Resources
- [code-conventions](../code-conventions/SKILL.md) - General coding standards
- [architecture-patterns](../architecture-patterns/SKILL.md) - Design patterns and trade-offs
- [typescript](../typescript/SKILL.md) - Type safety and strict typing
- [a11y](../a11y/SKILL.md) - Accessibility compliance
- [code-quality](../code-quality/SKILL.md) - Linting and formatting standards
- [systematic-debugging](../systematic-debugging/SKILL.md) - Debugging methodology