Add claude config

.claude/commands/code-review.md

@@ -0,0 +1,46 @@
+# Code Review
+
+Security and quality review of uncommitted changes.
+
+## Workflow
+
+1. Get changed files: `git diff --name-only HEAD` and `git diff --staged --name-only`
+2. Review each file for issues (see checklist below)
+3. Run automated checks: `mypy src/`, `ruff check src/`, `pytest -x`
+4. Generate report with severity, location, description, suggested fix
+5. Block commit if CRITICAL or HIGH issues found
+
+## Checklist
+
+### CRITICAL (Block)
+
+- Hardcoded credentials, API keys, tokens, passwords
+- SQL injection (must use parameterized queries)
+- Path traversal risks
+- Missing input validation on API endpoints
+- Missing authentication/authorization
+
+### HIGH (Block)
+
+- Functions > 50 lines, files > 800 lines
+- Nesting depth > 4 levels
+- Missing error handling or bare `except:`
+- `print()` in production code (use logging)
+- Mutable default arguments
+
+### MEDIUM (Warn)
+
+- Missing type hints on public functions
+- Missing tests for new code
+- Duplicate code, magic numbers
+- Unused imports/variables
+- TODO/FIXME comments
+
+## Report Format
+
+```
+[SEVERITY] file:line - Issue description
+  Suggested fix: ...
+```
+
+## Never Approve Code With Security Vulnerabilities!