molecule-ai/molecule-core
34
0
Fork 2
Code Issues 16 Pull Requests 2 Actions 49 Packages Projects Releases Wiki Activity
24fec62d7f
molecule-core/.claude/skills/code-review/SKILL.md
Hongming Wang 24fec62d7f initial commit — Molecule AI platform 
Forked clean from public hackathon repo (Starfire-AgentTeam, BSL 1.1)
with full rebrand to Molecule AI under github.com/Molecule-AI/molecule-monorepo.

Brand: Starfire → Molecule AI.
Slug: starfire / agent-molecule → molecule.
Env vars: STARFIRE_* → MOLECULE_*.
Go module: github.com/agent-molecule/platform → github.com/Molecule-AI/molecule-monorepo/platform.
Python packages: starfire_plugin → molecule_plugin, starfire_agent → molecule_agent.
DB: agentmolecule → molecule.

History truncated; see public repo for prior commits and contributor
attribution. Verified green: go test -race ./... (platform), pytest
(workspace-template 1129 + sdk 132), vitest (canvas 352), build (mcp).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 11:55:37 -07:00

6.9 KiB
Raw Blame History

name description
code-review Review code for best practices, modularity, scalability, abstraction, test coverage, redundancy, hardcoded values, type safety, performance, naming, API design, async patterns, config/env sync, template consistency, and documentation alignment. Generates detailed report with issues and recommendations.

Code Review

Perform a comprehensive code review of recent changes or specified files to ensure quality standards.

Review Criteria

1. Best Practices

  • Follows TypeScript strict mode conventions
  • Proper error handling (try/catch, error types, no silent failures)
  • No hardcoded values (use environment variables or constants)
  • Proper logging with appropriate log levels
  • Security best practices (input validation, no SQL injection, XSS prevention)
  • No console.log in production code (use logger)

2. Modularity

  • Single responsibility principle (each function/class does one thing)
  • Functions are small and focused (< 50 lines ideally)
  • No code duplication (DRY principle)
  • Clear separation of concerns (routes, services, utilities)

3. Scalability

  • Efficient database queries (proper indexing, no N+1 queries)
  • Connection pooling used correctly
  • Async operations handled properly
  • No blocking operations in hot paths

4. Abstraction

  • Interfaces/types defined for all public APIs
  • Implementation details hidden behind abstractions
  • Adapter pattern used for external services (LLM, database)
  • Configuration externalized (not hardcoded)

5. Test Coverage

  • Unit tests exist for all utility functions and service functions
  • Service layer has integration tests
  • Edge cases are covered
  • Test files go in tests/unit/ or tests/integration/, named *.test.ts
  • All exported functions have at least one test

6. No Redundancy

  • No duplicate code blocks (extract to shared functions/utilities)
  • No repeated logic across files (consolidate into services)
  • No redundant imports or unused variables
  • No copy-pasted code with minor variations (use parameters/generics)
  • No redundant API calls (cache or batch where appropriate)
  • No repeated validation logic (create reusable validators)
  • No duplicate helper logic in test files (extract shared test utilities)

7. No Hardcoded Values

  • No hardcoded URLs, API endpoints, or hostnames (use env vars)
  • No hardcoded credentials, keys, or secrets (use env vars)
  • No magic numbers without named constants
  • No hardcoded file paths (use configuration or path utilities)
  • No hardcoded timeouts/limits (externalize to config)
  • No hardcoded error messages (use constants or i18n)
  • No hardcoded feature flags (use configuration system)
  • No hardcoded tenant/user IDs in business logic

8. Type Safety

  • No usage of any type (use unknown or proper types)
  • Proper null/undefined handling (optional chaining, nullish coalescing)
  • Generic types used appropriately
  • Return types explicitly declared for public functions
  • No type assertions (as) without validation

9. Performance

  • No memory leaks (cleanup subscriptions, timers, event listeners)
  • Proper memoization for expensive computations
  • Lazy loading for heavy components/modules
  • Efficient data structures for the use case
  • No synchronous operations blocking the event loop
  • Batch API calls where possible (e.g., single messages.modify with multiple label IDs)

10. Naming & Readability

  • Descriptive variable/function names (no x, temp, data)
  • Consistent naming conventions (camelCase, PascalCase)
  • No misleading names (function does what name suggests)
  • Boolean variables prefixed appropriately (is, has, should)
  • No excessive abbreviations
  • Code is self-documenting where possible

11. API Design

  • Consistent response formats across endpoints
  • Proper HTTP status codes used
  • Input validation at API boundaries
  • Proper error response structure
  • RESTful conventions followed
  • API versioning considered for breaking changes

12. Async & Concurrency

  • No unhandled promise rejections
  • Proper race condition handling
  • Concurrent operations use Promise.all where appropriate
  • No floating promises (missing await)
  • Proper cleanup on component unmount/request abort
  • AbortController used for cancellable operations

13. Dependency Management

  • No unused dependencies in package.json
  • No deprecated packages
  • Security vulnerabilities addressed (npm audit)
  • Peer dependency conflicts resolved
  • Dependencies pinned to specific versions where needed

14. Environment & Configuration Sync

  • Every env var used in src/config/env.ts is documented in .env.example
  • Every env var in .env.example is defined in the Zod schema (src/config/env.ts)
  • Default values match between .env.example comments and Zod .default() calls
  • Conditional requirements are documented (e.g., "only required when LLM_PROVIDER=openai")
  • No env vars referenced directly via process.env outside of src/config/env.ts and src/lib/logger.ts
  • docker-compose.yml service ports/URLs align with .env.example defaults
  • Dockerfile exposes the correct PORT matching .env.example
  • docs/railway-deployment.md env var list matches the Zod schema

15. Template & Documentation Consistency

  • Email templates in docs/templates/ have all {{variable}} placeholders documented in their "Available Variables" table
  • Template variable sources match actual database columns and service outputs
  • Classification categories in docs/classification-design.md match the EmailCategory type in src/types/email.ts
  • Confidence thresholds in docs match the actual thresholds implemented in code
  • Sub-types in docs match the template trigger conditions
  • Gmail label names in code (GmailLabel const) match labels documented in architecture docs
  • API endpoint schemas in docs/api-spec.md match actual route handler request/response types
  • Error handling strategies in docs/error-handling.md match actual retry/error class behavior (e.g., isRetryable flags)

16. Error Messages & UX

  • User-friendly error messages (no technical jargon)
  • Loading states for async operations
  • Empty states handled gracefully
  • Graceful degradation when features fail
  • Confirmation for destructive actions
  • Success feedback for completed actions
  • Error boundaries to prevent full app crashes
  • Proper form validation with clear feedback

Output Format

## Code Review Report

### Files Reviewed
- List of files

### Issues Found

#### 🔴 Critical
- [file:line] Description - Recommendation

#### 🟡 Warning
- [file:line] Description - Recommendation

#### 🔵 Suggestions
- [file:line] Description - Recommendation

### Config & Template Sync
- .env.example ↔ env.ts schema: [in sync / N mismatches]
- docs/classification-design.md ↔ src/types/email.ts: [in sync / N mismatches]
- docs/templates/ ↔ template variables: [in sync / N mismatches]
- docs/error-handling.md ↔ src/lib/errors.ts: [in sync / N mismatches]

### Test Coverage
- Files missing tests
- Coverage gaps

### Summary
- Total issues count
- Action items