// Auto-activates when user mentions code review, reviewing code, PR review, or checking code quality. Provides systematic code review process with TodoWrite checklist.
Use when adapting Droidz framework or creating custom workflows. Guide for customizing droids, skills, and commands for specific project needs.
Auto-activates when user mentions API documentation, endpoint docs, API reference, or OpenAPI spec. Generates comprehensive API documentation from code.
Auto-activates when user mentions CI/CD, GitHub Actions, pipeline, continuous integration, deployment automation, or workflow files. Creates automated testing and deployment pipelines.
Auto-activates when user mentions Clerk, authentication, user management, or auth flows. Expert in Clerk authentication including Next.js integration, user management, and session handling.
Auto-activates when user mentions Cloudflare Workers, edge functions, or serverless deployment. Expert in Cloudflare Workers including deployment, KV storage, and Durable Objects.
Auto-activates when user mentions UI design, design systems, or component design. Expert in design principles, accessibility, and component architecture.
| name | code-review-checklist |
| description | Auto-activates when user mentions code review, reviewing code, PR review, or checking code quality. Provides systematic code review process with TodoWrite checklist. |
| category | workflow |
Systematic code review process ensuring quality, security, and maintainability.
Create todos for each item:
## Code Review Summary
### ✅ Strengths
- Clear naming conventions
- Good test coverage (85%)
- Error handling comprehensive
### ⚠️ Minor Issues
1. Line 45: Variable name `x` should be `userId`
2. Line 102: Missing error case for null input
3. Missing JSDoc comment on `processData` function
**Suggested fixes:** [code suggestions]
### 🔴 Blockers (MUST FIX)
1. Line 78: **Hardcoded API key** - Move to environment variable
2. Line 123: **SQL injection risk** - Use parameterized query
**These must be fixed before merge.**
### 📊 Metrics
- Files changed: 5
- Lines added: 230
- Lines removed: 45
- Test coverage: 85% → 88%
- Complexity: Medium
### 💡 Recommendations
- Consider extracting `validateUser` to shared util
- Add integration test for auth flow
- Document breaking changes in CHANGELOG
Run automated checks:
# Lint
npm run lint
# Type check
npm run typecheck
# Tests
npm test
# Security scan
npm audit
# Check for secrets
git diff --cached | grep -i "api[_-]key\\|password\\|secret\\|token"
| Issue | Fix |
|---|---|
| Hardcoded secrets | Move to .env, add to .env.example |
| SQL injection | Use parameterized queries |
| Missing tests | Add tests before merge |
| Complex function | Break into smaller functions |
| Magic numbers | Extract to named constants |
| No error handling | Add try/catch, validate inputs |
Use TodoWrite to track all checklist items. Present summary when complete.