一键导入
code-review
Code review checklists and patterns for Pennyfarthing. Use when reviewing PRs, self-reviewing code, or checking for common issues before commit.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Code review checklists and patterns for Pennyfarthing. Use when reviewing PRs, self-reviewing code, or checking for common issues before commit.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Interactive playtest — full-stack (UI + Playwright + UX Designer) or headless (API-only + Python driver). Coordinates cross-workspace bug reporting via ping-pong file with FIXER.
LLM cost and cache forensics — reconcile server-log narrator costs against the Anthropic Admin API, attribute per-model spend, detect dead caching and invisible callers. Use when analyzing API costs, auditing cache efficiency, or when the Console bill doesn't match expectations.
Create epic or story context documents. Reads sprint YAML for epic/story data, reads context-schema.yaml for required sections, populates templates, and writes output to sprint/context/. Epic context is a single-agent operation (no tandem). Story context uses PM + tandem partner for domain-specific observations.
Jira CLI commands for sprint management. Use when viewing, assigning, or updating Jira issues from the command line.
Sprint status, backlog, and story management for Pennyfarthing. Use when checking current sprint status, finding available stories, reviewing backlog, or understanding story context and history. IMPORTANT: Always use `pf sprint` CLI commands - never manually edit sprint YAML.
List available workflows, show current workflow details, and switch workflows mid-session. Use when checking available workflow types (TDD, trivial, agent-docs), viewing current workflow phase, switching to a different workflow pattern, or managing BikeLane stepped workflows.
| name | code-review |
| description | Code review checklists and patterns for Pennyfarthing. Use when reviewing PRs, self-reviewing code, or checking for common issues before commit. |
Review code against the checklists below. Focus on authorization, error handling, TypeScript/React patterns, and performance.
Code review comments using [MUST FIX], [SUGGESTION], [QUESTION], [NICE] prefixes
This skill provides code review patterns and checklists for the Pennyfarthing project. Use this when reviewing PRs or self-reviewing before commit.
utils.GetClientIDsForQuery() for admin bypassanyimport type - Required for buildany types - Use proper types// BAD - blocks admins with empty ClientIDs
if len(clientIDs) == 0 {
return http.StatusForbidden
}
// GOOD - use centralized utility
clientIDs, err := utils.GetClientIDsForQuery(user, h.db)
// BAD - leaks internals
http.Error(w, err.Error(), 500)
// GOOD - generic message, log details
log.Error("database error", "error", err, "user_id", user.ID)
http.Error(w, "Internal server error", 500)
// BAD - causes build errors
import { SomeType } from './types';
// GOOD
import type { SomeType } from './types';
// BAD - query runs even when not ready
const { data } = useQuery({
queryKey: ['items', clientId],
queryFn: () => fetchItems(clientId),
});
// GOOD - only runs when clientId is set
const { data } = useQuery({
queryKey: ['items', clientId],
queryFn: () => fetchItems(clientId),
enabled: !!clientId,
});
**[MUST FIX]** This leaks internal error details to the client.
Suggest: Use a generic message and log the details server-side.
**[SUGGESTION]** Consider using `useMemo` here since this calculation
runs on every render.
**[QUESTION]** What happens if `clientId` is undefined? Should we
add an early return or enabled flag?
**[NICE]** Good use of the centralized auth utility here!
| Date | Issue | Resolution |
|---|---|---|
| Dec 2024 | Admin 403 errors | Use GetClientIDsForQuery() |
| Dec 2024 | Type import errors | Use import type |
| Dec 2024 | Role-based filtering | Check analyst vs manager vs admin |
| Dec 2024 | Error boundaries | Wrap risky components |