Template

Files

lmiranda 2d51df7a42 feat(marketplace): command consolidation + 8 new plugins (v8.1.0 → v9.0.0) [BREAKING]

Phase 1b: Rename all ~94 commands across 12 plugins to /<noun> <action>
sub-command pattern. Git-flow consolidated from 8→5 commands (commit
variants absorbed into --push/--merge/--sync flags). Dispatch files,
name: frontmatter, and cross-reference updates for all plugins.

Phase 2: Design documents for 8 new plugins in docs/designs/.

Phase 3: Scaffold 8 new plugins — saas-api-platform, saas-db-migrate,
saas-react-platform, saas-test-pilot, data-seed, ops-release-manager,
ops-deploy-pipeline, debug-mcp. Each with plugin.json, commands, agents,
skills, README, and claude-md-integration. Marketplace grows from 12→20.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-06 14:52:11 -05:00

3.5 KiB

Raw Blame History

name, description

name	description
review-checklist	Code review criteria and severity classification

Review Checklist

Purpose

Defines code review criteria, severity classification, and output format.

When to Use

Code Reviewer agent: During pre-sprint-close review
Commands: /sprint review

Severity Classification

Critical (Must Fix Before Close)

Security issues, broken functionality, data loss risks:

Hardcoded credentials or API keys
SQL injection vulnerabilities
Missing authentication/authorization checks
Unhandled errors that could crash the application
Data loss or corruption risks
Broken core functionality

Warning (Should Fix)

Technical debt that will cause problems soon:

TODO/FIXME comments left unresolved
Debug statements (console.log, print) in production code
Functions over 50 lines (complexity smell)
Deeply nested conditionals (>3 levels)
Bare except/catch blocks
Ignored errors
Missing error handling

Recommendation (Future Sprint)

Improvements that can wait:

Missing docstrings on public functions
Minor code duplication
Commented-out code blocks
Variable naming improvements
Minor refactoring opportunities

Review Patterns by Language

Python

Look For	Severity
Bare `except:`	Warning
`print()` statements	Warning
`# TODO`	Warning
Missing type hints on public APIs	Recommendation
`eval()`, `exec()`	Critical
SQL string formatting	Critical
`verify=False` in requests	Critical

JavaScript/TypeScript

Look For	Severity
`console.log`	Warning
`// TODO`	Warning
`any` type abuse	Warning
Missing error boundaries	Warning
`eval()`	Critical
`innerHTML` with user input	Critical
Unescaped user input	Critical

Go

Look For	Severity
`// TODO`	Warning
Ignored errors (`_`)	Warning
Missing error returns	Warning
SQL concatenation	Critical
Missing input validation	Warning

Rust

Look For	Severity
`// TODO`	Warning
`unwrap()` chains	Warning
`unsafe` blocks without justification	Warning
Unchecked `unwrap()` on user input	Critical

What NOT to Review

Style issues (assume formatters handle this)
Architectural rewrites mid-sprint
Issues in unchanged code (unless directly impacted)
Bikeshedding on naming preferences

Output Template

## Code Review Summary

**Scope**: [X files from sprint/last N commits]
**Verdict**: [READY FOR CLOSE / NEEDS ATTENTION / BLOCKED]

### Critical (Must Fix)
- `src/auth.py:45` - Hardcoded API key in source code
- `src/db.py:123` - SQL injection vulnerability

### Warnings (Should Fix)
- `src/utils.js:123` - console.log left in production code
- `src/handler.py:67` - Bare except block swallows all errors

### Recommendations (Future Sprint)
- `src/api.ts:89` - Function exceeds 50 lines, consider splitting

### Clean Files
- src/models.py
- src/tests/test_auth.py

Verdict Criteria

Verdict	Criteria
READY FOR CLOSE	No Critical, few/no Warnings
NEEDS ATTENTION	No Critical, has Warnings that should be addressed
BLOCKED	Has Critical issues that must be fixed

Integration with Sprint

When sprint context is available:

Reference the sprint's issue list
Create follow-up issues for non-critical findings
Tag findings with appropriate labels from taxonomy

3.5 KiB Raw Blame History