菜单
Use when reviewing code changes, identifying potential bugs, or suggesting improvements for pull requests. Covers correctness, maintainability, performance, security, and project-specific rule compliance (Symfony 8, PHP 8.4, Doctrine multi-EM, RabbitMQ message flow, Redis cache, API key handling).
Use when auto-generating API endpoint documentation, writing OpenAPI specs, or producing request/response examples for external provider integrations
Use when analyzing project codebase structure, documenting architecture, mapping domain boundaries, or resolving dependency relationships. Covers Symfony app layout, multi-EntityManager topology, Messenger message flows, and external provider integrations.
Use when explaining how to install, configure, or use an external library in this project. Covers Composer packages, npm packages, Symfony bundles, and infrastructure client libraries. Always verifies compatibility with PHP 8.4, Symfony 8, and existing project conventions before recommending.
Use this skill whenever the user writes, reviews, debugs, or refactors Bash shell scripts on Ubuntu/Linux. Triggers include mentions of '.sh files', 'shell script', 'bash', 'shebang', POSIX compatibility, ShellCheck, cron jobs, systemd timers, or any task involving command-line automation. Also use when fixing common bash pitfalls like quoting issues, exit code handling, IFS, variable expansion, or word splitting — even if the user doesn't explicitly say 'bash'.
| name | reviewing-code-changes |
| description | Use when reviewing code changes, identifying potential bugs, or suggesting improvements for pull requests. Covers correctness, maintainability, performance, security, and project-specific rule compliance (Symfony 8, PHP 8.4, Doctrine multi-EM, RabbitMQ message flow, Redis cache, API key handling). |
| allowed-tools | Read, Grep, Glob |
Before starting, determine what changed:
git diff main...HEAD --name-only # Files changed
git diff main...HEAD # Full diff
Group changed files by layer — Entity, Repository, Service, Handler, Controller, Config — and apply the relevant checklist sections for each layer.
getOneOrNullResult() used for single optional results (not getResult()[0] ?? null)?\DateTimeImmutable instances created with an explicit Asia/Seoul timezone where Korean business time is required?readonly properties used for injected dependencies (Constructor Property Promotion)?match expressions used instead of multi-branch if/switch where appropriate?final classes used for all concrete Entity and Value Object classes?$this->container->get())?#[IsGranted] attributes used for authorization (not manual if checks in controllers)?#[Sensitive] applied to DTO properties that carry API keys or passwords?#[AsPeriodicTask] scheduler classes dispatching Commands via MessageBusInterface (not calling Services directly)?.claude/rules/database/postgresql-rule.md)final with no parent)?#[ORM\Entity(repositoryClass: ...)] declared with an explicit repository class?#[ORM\Table(name: '...')] declared explicitly (never relying on auto-generated names)?#[ORM\HasLifecycleCallbacks] present on any class that uses #[ORM\PrePersist] or #[ORM\PreUpdate]?Doctrine\ORM\EntityRepository (not ServiceEntityRepository)?#[Target('...entity_manager')]?OneToMany/ManyToOne between different EM domains)?decimal columns typed as string in PHP (not float)?#[ORM\Index]?findByXxx() have a companion findByXxxQueryBuilder() for callers that need pagination or ordering?getArrayResult() used when only scalar values are needed (not getResult())?.claude/rules/api/rest-rule.md)HttpClientInterface used (not Guzzle, cURL, or file_get_contents)?Service/{Provider}/ApiKeyService class?Handler fetches → raw JSON stored in Entity → MessageEvent dispatched for downstream processing?\RuntimeException for RabbitMQ retry?MessageEvent to notify the user (not retried)?.claude/rules/cache/redis-rule.md)#[Target('cache_pool_{domain}')] (not the generic cache.app)?$item->expiresAfter(...) call set a TTL (never indefinite)?TagAwareCacheInterface used when invalidation by tag is needed?\Redis class absent from all service and controller code (cache access via Symfony Cache only)?CacheInterface used for simple get/set and TagAwareCacheInterface only when tagging is needed?|raw filter on user-supplied content)?.env, source code)?#[IsGranted] or voter checks in place for every endpoint that mutates data?use statements, variables, and dead code removed?JOIN FETCH / addSelect() where a relation is always accessed?getArrayResult() used over getResult() for read-only scalar queries?LIMIT/OFFSET)?Apply one of three severities to each finding:
| Severity | Label | When to use |
|---|---|---|
| Must fix | [MUST] | Bug, security vulnerability, rule violation, data corruption risk |
| Should fix | [SHOULD] | Performance issue, maintainability problem, project convention deviation |
| Consider | [CONSIDER] | Optional improvement, style preference, future-proofing |
Only [MUST] items block merge.
Structure the review response in this exact order:
One or two sentences: overall code quality assessment and merge readiness.
Items that must be resolved before merging. Reference the specific file and line:
app/src/Entity/Foo.php:42 — Missing #[ORM\HasLifecycleCallbacks]; #[ORM\PrePersist] will be silently ignored without it.app/src/Service/Bar.php:17 — Decrypted API key passed to logger; use masked prefix only.Items that improve quality but do not block merge:
app/src/Repository/BazRepository.php — findByStatus() has no companion findByStatusQueryBuilder(); callers cannot paginate without duplicating the query.Low-priority ideas for future improvement:
new \DateTimeZone('Asia/Seoul') to a shared constant to avoid scattered string literals.Acknowledge what is done well — this is not optional. Identify at least one concrete strength:
app/src/MessageHandler/FooHandler.php — Correctly separates fetch and transform; the raw JSON is persisted first and transformation is deferred to a downstream MessageEvent.When a finding relates to a project rule, cite the rule file directly:
| Area | Rule file |
|---|---|
| Database / Doctrine | .claude/rules/database/postgresql-rule.md |
| External API | .claude/rules/api/rest-rule.md |
| Redis / Cache | .claude/rules/cache/redis-rule.md |
| Nginx | .claude/rules/server/nginx-rule.md |
| General conventions | CLAUDE.md |