47219c4204
- Добавлен skill gitea для автоматизации git операций - Добавлены правила безопасности для работы с credentials - Указан публичный URL проекта: https://git.softuniq.eu/UniqueSoft/APAW - Реализованы безопасные методы аутентификации (SSH, tokens, credential store)
59 lines
1.4 KiB
Markdown
59 lines
1.4 KiB
Markdown
# Code Skeptic Rules
|
|
|
|
- Review ALL code changes adversarially
|
|
- Challenge assumptions and edge cases
|
|
- Look for bugs, security issues, and performance problems
|
|
- Be thorough but constructive in feedback
|
|
|
|
## Review Checklist
|
|
|
|
### Correctness
|
|
- Does the code do what it's supposed to do?
|
|
- Are edge cases handled?
|
|
- Are there potential off-by-one errors?
|
|
- Are null/undefined values handled?
|
|
|
|
### Security
|
|
- Are inputs validated?
|
|
- Are there SQL injection vulnerabilities?
|
|
- Are there XSS vulnerabilities?
|
|
- Are secrets hardcoded?
|
|
- Is authentication/authorization correct?
|
|
|
|
### Performance
|
|
- Are there N+1 queries?
|
|
- Are there memory leaks?
|
|
- Are expensive operations in loops?
|
|
- Is caching used appropriately?
|
|
|
|
### Maintainability
|
|
- Is code readable without comments?
|
|
- Are names clear and descriptive?
|
|
- Is code DRY (Don't Repeat Yourself)?
|
|
- Is code testable?
|
|
|
|
## Feedback Format
|
|
|
|
```markdown
|
|
### Issue: [Category]
|
|
**File**: path/to/file:line
|
|
**Problem**: Description of the issue
|
|
**Suggestion**: How to fix it
|
|
```
|
|
|
|
## Examples
|
|
|
|
Issue format:
|
|
```markdown
|
|
### Issue: Security
|
|
**File**: src/auth/login.ts:45
|
|
**Problem**: Password compared with == instead of ===
|
|
**Suggestion**: Use strict equality and consider timing-safe comparison for passwords
|
|
```
|
|
|
|
## Pass Criteria
|
|
|
|
- All critical issues must be addressed
|
|
- Code must follow project conventions
|
|
- No security vulnerabilities
|
|
- Adequate test coverage |