proffesor-for-testing

code-review-quality

@proffesor-for-testing/code-review-quality
proffesor-for-testing
23
7 forks
Updated 1/6/2026
View on GitHub

Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices.

Installation

$skills install @proffesor-for-testing/code-review-quality
Claude Code
Cursor
Copilot
Codex
Antigravity

Details

Repositoryproffesor-for-testing/sentinel-api-testing
Path.claude/skills/code-review-quality/SKILL.md
Branchmain
Scoped Name@proffesor-for-testing/code-review-quality

Usage

After installing, this skill will be available to your AI coding assistant.

Verify installation:

skills list

Skill Instructions

name: code-review-quality description: "Conduct context-driven code reviews focusing on quality, testability, and maintainability. Use when reviewing code, providing feedback, or establishing review practices." category: development-practices priority: high tokenEstimate: 900 agents: [qe-quality-analyzer, qe-security-scanner, qe-performance-tester, qe-coverage-analyzer] implementation_status: optimized optimization_version: 1.0 last_optimized: 2025-12-02 dependencies: [] quick_reference_card: true tags: [code-review, feedback, quality, testability, maintainability, pr-review]

Code Review Quality

<default_to_action> When reviewing code or establishing review practices:

  1. PRIORITIZE feedback: šŸ”“ Blocker (must fix) ā†’ šŸŸ” Major ā†’ šŸŸ¢ Minor ā†’ šŸ’” Suggestion
  2. FOCUS on: Bugs, security, testability, maintainability (not style preferences)
  3. ASK questions over commands: "Have you considered...?" > "Change this to..."
  4. PROVIDE context: Why this matters, not just what to change
  5. LIMIT scope: Review < 400 lines at a time for effectiveness

Quick Review Checklist:

  • Logic: Does it work correctly? Edge cases handled?
  • Security: Input validation? Auth checks? Injection risks?
  • Testability: Can this be tested? Is it tested?
  • Maintainability: Clear naming? Single responsibility? DRY?
  • Performance: O(nĀ²) loops? N+1 queries? Memory leaks?

Critical Success Factors:

  • Review the code, not the person
  • Catching bugs > nitpicking style
  • Fast feedback (< 24h) > thorough feedback </default_to_action>

Quick Reference Card

When to Use

  • PR code reviews
  • Pair programming feedback
  • Establishing team review standards
  • Mentoring developers

Feedback Priority Levels

LevelIconMeaningAction
BlockeršŸ”“Bug/security/crashMust fix before merge
MajoršŸŸ”Logic issue/test gapShould fix before merge
MinoršŸŸ¢Style/namingNice to fix
SuggestionšŸ’”Alternative approachConsider for future

Review Scope Limits

Lines ChangedRecommendation
< 200Single review session
200-400Review in chunks
> 400Request PR split

What to Focus On

āœ… ReviewāŒ Skip
Logic correctnessFormatting (use linter)
Security risksNaming preferences
Test coverageArchitecture debates
Performance issuesStyle opinions
Error handlingTrivial changes

Feedback Templates

Blocker (Must Fix)

šŸ”“ **BLOCKER: SQL Injection Risk**

This query is vulnerable to SQL injection:
```javascript
db.query(`SELECT * FROM users WHERE id = ${userId}`)

Fix: Use parameterized queries:

db.query('SELECT * FROM users WHERE id = ?', [userId])

Why: User input directly in SQL allows attackers to execute arbitrary queries.


### Major (Should Fix)
```markdown
šŸŸ” **MAJOR: Missing Error Handling**

What happens if `fetchUser()` throws? The error bubbles up unhandled.

**Suggestion:** Add try/catch with appropriate error response:
```javascript
try {
  const user = await fetchUser(id);
  return user;
} catch (error) {
  logger.error('Failed to fetch user', { id, error });
  throw new NotFoundError('User not found');
}


### Minor (Nice to Fix)
```markdown
šŸŸ¢ **minor:** Variable name could be clearer

`d` doesn't convey meaning. Consider `daysSinceLastLogin`.

Suggestion (Consider)

šŸ’” **suggestion:** Consider extracting this to a helper

This validation logic appears in 3 places. A `validateEmail()` helper would reduce duplication. Not blocking, but might be worth a follow-up PR.

Review Questions to Ask

Logic

  • What happens when X is null/empty/negative?
  • Is there a race condition here?
  • What if the API call fails?

Security

  • Is user input validated/sanitized?
  • Are auth checks in place?
  • Any secrets or PII exposed?

Testability

  • How would you test this?
  • Are dependencies injectable?
  • Is there a test for the happy path? Edge cases?

Maintainability

  • Will the next developer understand this?
  • Is this doing too many things?
  • Is there duplication we could reduce?

Agent-Assisted Reviews

// Comprehensive code review
await Task("Code Review", {
  prNumber: 123,
  checks: ['security', 'performance', 'testability', 'maintainability'],
  feedbackLevels: ['blocker', 'major', 'minor'],
  autoApprove: { maxBlockers: 0, maxMajor: 2 }
}, "qe-quality-analyzer");

// Security-focused review
await Task("Security Review", {
  prFiles: changedFiles,
  scanTypes: ['injection', 'auth', 'secrets', 'dependencies']
}, "qe-security-scanner");

// Test coverage review
await Task("Coverage Review", {
  prNumber: 123,
  requireNewTests: true,
  minCoverageDelta: 0
}, "qe-coverage-analyzer");

Agent Coordination Hints

Memory Namespace

aqe/code-review/
ā”œā”€ā”€ review-history/*     - Past review decisions
ā”œā”€ā”€ patterns/*           - Common issues by team/repo
ā”œā”€ā”€ feedback-templates/* - Reusable feedback
ā””ā”€ā”€ metrics/*            - Review turnaround time

Fleet Coordination

const reviewFleet = await FleetManager.coordinate({
  strategy: 'code-review',
  agents: [
    'qe-quality-analyzer',    // Logic, maintainability
    'qe-security-scanner',    // Security risks
    'qe-performance-tester',  // Performance issues
    'qe-coverage-analyzer'    // Test coverage
  ],
  topology: 'parallel'
});

Review Etiquette

āœ… DoāŒ Don't
"Have you considered...?""This is wrong"
Explain why it mattersJust say "fix this"
Acknowledge good codeOnly point out negatives
Suggest, don't demandBe condescending
Review < 400 linesReview 2000 lines at once

Related Skills

Remember

Prioritize feedback: šŸ”“ Blocker ā†’ šŸŸ” Major ā†’ šŸŸ¢ Minor ā†’ šŸ’” Suggestion. Focus on bugs and security, not style. Ask questions, don't command. Review < 400 lines at a time. Fast feedback (< 24h) beats thorough feedback.

With Agents: Agents automate security, performance, and coverage checks, freeing human reviewers to focus on logic and design. Use agents for consistent, fast initial review.

More by proffesor-for-testing

View all
testability-scoring
111

AI-powered testability assessment using 10 principles of intrinsic testability with Playwright and optional Vibium integration. Evaluates web applications against Observability, Controllability, Algorithmic Simplicity, Transparency, Stability, Explainability, Unbugginess, Smallness, Decomposability, and Similarity. Use when assessing software testability, evaluating test readiness, identifying testability improvements, or generating testability reports.

holistic-testing-pact
111

Apply the Holistic Testing Model evolved with PACT (Proactive, Autonomous, Collaborative, Targeted) principles. Use when designing comprehensive test strategies for Classical, AI-assisted, Agent based, or Agentic Systems building quality into the team, or implementing whole-team quality practices.

quality-metrics
111

Measure quality effectively with actionable metrics. Use when establishing quality dashboards, defining KPIs, or evaluating test effectiveness.

shift-left-testing
111

Move testing activities earlier in the development lifecycle to catch defects when they're cheapest to fix. Use when implementing TDD, CI/CD, or early quality practices.