kai/invoice-master-poc-v2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a516de43203082eb6cbc9e2182bb9eddbe646080
invoice-master-poc-v2/.claude/commands/code-review.md
Yaojia Wang d5101e3604 Add claude config
2026-01-25 16:17:23 +01:00

1.1 KiB
Raw Blame History

Code Review

Security and quality review of uncommitted changes.

Workflow

  1. Get changed files: git diff --name-only HEAD and git diff --staged --name-only
  2. Review each file for issues (see checklist below)
  3. Run automated checks: mypy src/, ruff check src/, pytest -x
  4. Generate report with severity, location, description, suggested fix
  5. Block commit if CRITICAL or HIGH issues found

Checklist

CRITICAL (Block)

  • Hardcoded credentials, API keys, tokens, passwords
  • SQL injection (must use parameterized queries)
  • Path traversal risks
  • Missing input validation on API endpoints
  • Missing authentication/authorization

HIGH (Block)

  • Functions > 50 lines, files > 800 lines
  • Nesting depth > 4 levels
  • Missing error handling or bare except:
  • print() in production code (use logging)
  • Mutable default arguments

MEDIUM (Warn)

  • Missing type hints on public functions
  • Missing tests for new code
  • Duplicate code, magic numbers
  • Unused imports/variables
  • TODO/FIXME comments

Report Format

[SEVERITY] file:line - Issue description
  Suggested fix: ...

Never Approve Code With Security Vulnerabilities!