code-quality
Multi-language code quality standards and review for TypeScript, Python, Go, and Rust. Enforces type safety, security, performance, and maintainability. Use when writing, reviewing, or refactoring code. Includes review process, checklist, and Python PEP 8 deep-dive.
适合你,如果你在写或审查 TypeScript、Python、Go、Rust 代码
用别的 agent?下载 .zip 解压,把文件夹放进它的技能目录
~/.claude/skills/(项目级 .claude/skills/)~/.codex/skills/npx oh-my-skill add georgekhananaev/claude-skills-vault/code-qualitycurl -fsSL https://oh-my-skill.com/install.sh | bash -s -- georgekhananaev/claude-skills-vault/code-qualitynpx oh-my-skill verify georgekhananaev/claude-skills-vault/code-quality怎么用
技能原文 SKILL.md
Code Quality
Production-grade code standards and review for TypeScript, Python, Go, and Rust.
When to Use
- Writing or reviewing code in TS/Python/Go/Rust
- Code review or pull request analysis
- Security or performance audit
- Setting up linting/CI for a project
- Python-specific style check (PEP 8)
Quick-Start Modes
| Intent | Sections to Use | |--------|----------------| | Write code | Core Rules + Language Standards + AI-Friendly Patterns | | Review PR | Review Process + references/checklist.md + Severity Levels | | Setup CI | Config Files + Scripts + Enforcement Strategy | | Python style | references/python.md (full PEP 8 deep-dive) |
Context loading: For deep reviews, read the relevant references/ file for the language under review.
Quick Reference
| Language | Type Safety | Linter | Complexity | |----------|-------------|--------|------------| | TypeScript | strict, no any | ESLint + typescript-eslint | max 10 | | Python | mypy strict, PEP 484 | Ruff + mypy | max 10 | | Go | staticcheck | golangci-lint | max 10 | | Rust | clippy pedantic | clippy + cargo-audit | - |
Severity Levels
| Level | Description | Action | |-------|-------------|--------| | Critical | Security vulnerabilities, data loss | Block merge | | Error | Bugs, type violations, any | Block merge | | Warning | Code smells, complexity | Must address | | Style | Formatting, naming | Auto-fix |
Core Rules (All Languages)
Type Safety
- No implicit any / untyped functions
- No type assertions without guards
- Explicit return types on public APIs
Security
- No hardcoded secrets (use gitleaks)
- No eval/pickle/unsafe deserialization
- Parameterized queries only
- SCA scanning (npm audit / pip-audit / govulncheck / cargo-audit)
Complexity
- Max cyclomatic complexity: 10
- Max function lines: 50
- Max nesting depth: 3
- Max parameters: 5
Error Handling
- No ignored errors (Go: no
_for err) - No bare except (Python)
- No unwrap in prod (Rust)
- Wrap errors with context
Language-Specific Standards
TypeScript
See: references/typescript.md
// CRITICAL: Never use any const bad: any = data; // Error const good: unknown = data; // OK // ERROR: No type assertions const bad = data as User; // Error const good = isUser(data) ? data : null; // OK // ERROR: Non-null assertions const bad = user!.name; // Error const good = user?.name ?? ''; // OK
Python (PEP 8 / 3.11+)
See: references/python.md
# CRITICAL: All functions must be typed
def bad(data): # Error
return data
def good(data: dict[str, Any]) -> list[str]: # OK
return list(data.keys())
# Use modern syntax
value: str | None = None # OK (not Optional)
items: list[str] = [] # OK (not List)
Go
See: references/go.md
// CRITICAL: Never ignore errors
result, _ := doSomething() // Error
result, err := doSomething() // OK
if err != nil {
return fmt.Errorf("doing something: %w", err)
}
Rust
See: references/rust.md
// CRITICAL: No unwrap in production let value = data.unwrap(); // Error let value = data?; // OK let value = data.unwrap_or_default(); // OK
Cross-Language Standards
Structured Logging
See: references/logging.md
logger.info({ userId, action: 'login' }, 'User logged in'); // TS (pino)
logger.info("user_login", user_id=user_id) # Python (structlog)
log.Info().Str("user_id", userID).Msg("user logged in") // Go (zerolog)
Test Coverage
See: references/testing.md
| Metric | Threshold | |--------|-----------| | Line coverage | 80% min | | Branch coverage | 70% min | | New code | 90% min |
Security Scanning
See: references/security.md
- Secrets: gitleaks (pre-commit + CI)
- Dependencies: npm audit / pip-audit / govulncheck / cargo-audit
- Accessibility: jsx-a11y (TypeScript)
- Race detection: go test -race (Go)
API Design
See: references/api-design.md
- Proper HTTP status codes (200, 201, 204, 400, 401, 403, 404, 422, 429, 500)
- RFC 7807 error format
- Plural nouns for resources:
/users/{id}/orders - Validate at API boundary
Database Patterns
See: references/database.md
- Transactions for multi-write operations
- N+1 prevention: eager load or batch
- Safe migrations (expand-contract pattern)
- Always paginate list queries
Async & Concurrency
See: references/async-concurrency.md
- Always clean up resources (try/finally, defer, Drop)
- Set timeouts on all async operations
- Use semaphores for rate limiting
- Avoid blocking in async contexts
Review Process
Step 1: Understand Context
- Identify the language/framework
- Understand the purpose of the code
- Check for existing patterns in the codebase
- Review any related tests
Step 2: Systematic Review
Use the checklist at references/checklist.md for thorough reviews covering:
- Code quality (structure, naming, type safety, dead code)
- Security (injection, auth, secrets, input validation)
- Performance (N+1, memory leaks, caching, re-renders)
- Error handling (edge cases, recovery, cleanup)
- Testing (coverage, quality, assertions)
- Best practices (SOLID, patterns, maintainability)
Step 3: Categorize & Report
**[SEVERITY] Issue Title** - File: `path/to/file.ts:line` - Problem: Clear description - Impact: What could go wrong - Fix: Specific code suggestion
Git Integration
# Review staged changes git --no-pager diff --cached # Review specific commit git --no-pager show <commit> # Review PR diff gh pr diff <number>
Review Output Format
Use severity levels from the table above (Critical / Error / Warning / Style).
# Code Review Summary ## Overview - Files reviewed: X - Issues found: Y (X Critical, Y Error, Z Warning) - Recommendation: [Approve / Request Changes / Needs Discussion] ## Critical Issues [Security vulnerabilities, data loss - must fix] ## Error Issues [Bugs, type violations - must fix] ## Warnings [Code smells, complexity - should address] ## Style [Formatting, naming - auto-fixable] ## Positive Observations [Good practices found]
Naming Conventions
| Element | TypeScript | Python | Go | Rust | |---------|------------|--------|-----|------| | Variables | camelCase | snake_case | camelCase | snake_case | | Functions | camelCase | snake_case | camelCase | snake_case | | Constants | SCREAMING_SNAKE | SCREAMING_SNAKE | MixedCaps | SCREAMING_SNAKE | | Types | PascalCase | PascalCase | PascalCase | PascalCase | | Files | kebab-case | snake_case | lowercase | snake_case |
AI-Friendly Patterns
- Explicit types always
- Single responsibility per function
- Small functions (< 30 lines ideal)
- Max nesting depth 3
- Guard clauses for early returns
- Named constants, no magic values
- Linear, predictable execution flow
Enforcement Strategy
Progressive (Ratchet-Based)
Phase 1: Errors block, Warnings tracked Phase 2: Strict on NEW files only Phase 3: Strict on TOUCHED files Phase 4: Full enforcement
WIP vs Merge Mode
| Mode | Trigger | Behavior | |------|---------|----------| | WIP | Local commit | Warnings only | | Push | git push | Errors block | | PR | PR to main | Full strict |
Config Files
Available in configs/:
typescript/- ESLint, tsconfig, Prettierpython/- pyproject.toml, pre-commitgo/- golangci.yamlrust/- clippy.toml.pre-commit-config.yaml.gitleaks.toml
Scripts
Available in scripts/:
check_changed.sh- Monorepo-aware incremental lintingcheck_all.sh- Full repository checkcheck_style.py- Python full check (ruff + pycodestyle + mypy)check_pep8.sh- Quick PEP 8 onlycheck_types.sh- Python type hints onlyfix_style.sh- Python auto-fix issues