Initial commit

2025-11-29 18:12:49 +08:00
commit 66ead20430
4 changed files with 336 additions and 0 deletions
--- a/.claude-plugin/plugin.json
+++ b/.claude-plugin/plugin.json
@@ -0,0 +1,12 @@
+{
+  "name": "code-review",
+  "description": "ClaudeForge Strategic Code Governance Architect delivering comprehensive code review methodologies, quality assurance frameworks, and development excellence optimization that transforms code review from quality checkpoint into strategic business value creation and development excellence catalyst",
+  "version": "1.0.0",
+  "author": {
+    "name": "ClaudeForge Community",
+    "url": "https://github.com/claudeforge/marketplace"
+  },
+  "commands": [
+    "./commands"
+  ]
+}
--- a/README.md
+++ b/README.md
@@ -0,0 +1,3 @@
+# code-review
+
+ClaudeForge Strategic Code Governance Architect delivering comprehensive code review methodologies, quality assurance frameworks, and development excellence optimization that transforms code review from quality checkpoint into strategic business value creation and development excellence catalyst
--- a/commands/code-review.md
+++ b/commands/code-review.md
@@ -0,0 +1,276 @@
+---
+allowed-tools: Bash, Read, Write, Edit, Grep, Glob
+description: Perform comprehensive code review analyzing quality, security, performance, and maintainability with actionable feedback
+---
+
+# Code Review Command
+
+Conduct thorough code review to identify issues, suggest improvements, and ensure code quality standards.
+
+## Usage
+
+```bash
+/code-review [file_or_directory]
+```
+
+**Examples:**
+```bash
+/code-review                           # Review recent git changes
+/code-review src/api/users.js         # Review specific file
+/code-review src/components/          # Review directory
+/code-review --pr 123                 # Review pull request
+```
+
+## What This Command Does
+
+Performs comprehensive code review across multiple dimensions:
+
+1. **Code Quality**: Structure, readability, maintainability
+2. **Security**: Vulnerabilities, authentication, data protection
+3. **Performance**: Bottlenecks, optimization opportunities
+4. **Best Practices**: Standards compliance, design patterns
+5. **Testing**: Coverage, test quality, edge cases
+
+## Review Process
+
+### Step 1: Identify Changes
+
+First, determine what to review:
+```bash
+# Check recent changes
+git status
+git diff HEAD
+
+# For PR reviews
+gh pr diff <pr_number>
+```
+
+### Step 2: Multi-Dimensional Analysis
+
+**Code Quality Check**:
+- Cyclomatic complexity (functions should be <10)
+- Code duplication (identify DRY violations)
+- Naming conventions (clear, descriptive names)
+- Function length (keep under 50 lines)
+- Comment quality (explain why, not what)
+
+**Security Analysis**:
+- Input validation (SQL injection, XSS prevention)
+- Authentication/authorization checks
+- Secrets management (no hardcoded credentials)
+- Dependency vulnerabilities
+- Error handling (no sensitive data leaks)
+
+**Performance Review**:
+- Algorithm efficiency (time/space complexity)
+- Database query optimization (N+1 problems)
+- Resource management (memory leaks, connections)
+- Caching opportunities
+- Async operations usage
+
+**Architecture Assessment**:
+- SOLID principles adherence
+- Design pattern usage
+- Separation of concerns
+- Dependency management
+- API design quality
+
+**Testing Evaluation**:
+- Test coverage (aim for >80%)
+- Test quality (unit, integration, edge cases)
+- Mocking strategy
+- Test maintainability
+- Error scenario coverage
+
+### Step 3: Generate Feedback
+
+Provide actionable feedback in this format:
+
+```markdown
+## Code Review Results
+
+### Critical Issues (Must Fix)
+- [SECURITY] SQL injection vulnerability in user.login() - Line 45
+- [BUG] Null pointer exception possible in processOrder() - Line 123
+
+### Important (Should Fix)
+- [PERFORMANCE] N+1 query in getUserOrders() - Line 67
+- [QUALITY] Function complexity too high (CC: 15) in calculatePrice() - Line 234
+
+### Suggestions (Nice to Have)
+- [REFACTOR] Extract method: validateUserInput() from createUser()
+- [STYLE] Use consistent naming: camelCase vs snake_case
+
+### Positive Feedback
+- Excellent error handling in PaymentService
+- Good test coverage for authentication module (92%)
+```
+
+## Review Checklist
+
+### Code Quality
+- [ ] Functions are single-purpose and focused
+- [ ] Variable names are descriptive and clear
+- [ ] No code duplication (DRY principle)
+- [ ] Proper error handling throughout
+- [ ] Consistent code style and formatting
+
+### Security
+- [ ] All inputs are validated and sanitized
+- [ ] Authentication/authorization implemented correctly
+- [ ] No hardcoded secrets or credentials
+- [ ] SQL queries use parameterization
+- [ ] Sensitive data is encrypted
+
+### Performance
+- [ ] No obvious performance bottlenecks
+- [ ] Database queries are optimized
+- [ ] Appropriate data structures used
+- [ ] Caching implemented where beneficial
+- [ ] Async operations used for I/O
+
+### Testing
+- [ ] New code has test coverage
+- [ ] Tests are meaningful and maintainable
+- [ ] Edge cases are covered
+- [ ] Tests follow AAA pattern (Arrange, Act, Assert)
+- [ ] No flaky or unreliable tests
+
+### Documentation
+- [ ] Complex logic is explained
+- [ ] API changes are documented
+- [ ] README updated if needed
+- [ ] Breaking changes are noted
+- [ ] Examples provided for new features
+
+## Common Issues & Fixes
+
+### Security Issues
+
+**SQL Injection**:
+```javascript
+// Bad
+const query = `SELECT * FROM users WHERE id = ${userId}`;
+
+// Good
+const query = 'SELECT * FROM users WHERE id = ?';
+db.query(query, [userId]);
+```
+
+**XSS Prevention**:
+```javascript
+// Bad
+element.innerHTML = userInput;
+
+// Good
+element.textContent = userInput;
+// Or use sanitization library
+element.innerHTML = DOMPurify.sanitize(userInput);
+```
+
+### Performance Issues
+
+**N+1 Query Problem**:
+```python
+# Bad
+users = User.query.all()
+for user in users:
+    orders = user.orders  # Executes query for each user
+
+# Good
+users = User.query.options(joinedload(User.orders)).all()
+```
+
+**Memory Leak**:
+```javascript
+// Bad - event listener not removed
+element.addEventListener('click', handler);
+
+// Good - cleanup
+useEffect(() => {
+  element.addEventListener('click', handler);
+  return () => element.removeEventListener('click', handler);
+}, []);
+```
+
+### Code Quality Issues
+
+**High Complexity**:
+```python
+# Bad - complexity 12
+def process_payment(user, amount, method, promo):
+    if user.is_premium:
+        if method == "credit":
+            if promo:
+                # ... nested logic
+            else:
+                # ... more logic
+        elif method == "debit":
+            # ... more nesting
+    else:
+        # ... even more logic
+
+# Good - extract methods
+def process_payment(user, amount, method, promo):
+    discount = calculate_discount(user, promo)
+    final_amount = apply_discount(amount, discount)
+    return charge_payment(user, final_amount, method)
+```
+
+## Review Best Practices
+
+1. **Be Constructive**: Focus on the code, not the person
+2. **Provide Context**: Explain why changes are needed
+3. **Suggest Solutions**: Don't just point out problems
+4. **Prioritize Issues**: Critical > Important > Suggestions
+5. **Acknowledge Good Work**: Positive feedback is valuable
+6. **Ask Questions**: "Why did you choose this approach?"
+7. **Use Examples**: Show better alternatives with code
+
+## Automated Checks
+
+Run these tools before manual review:
+```bash
+# Linting
+eslint src/
+pylint app/
+
+# Security scanning
+npm audit
+safety check
+
+# Test coverage
+jest --coverage
+pytest --cov
+
+# Complexity analysis
+complexity src/
+```
+
+## Review Context
+
+When reviewing, gather this information:
+```bash
+# Recent changes
+git log --oneline -5
+git diff main...HEAD
+
+# Changed files
+git diff --name-only main...HEAD
+
+# Test results
+npm test
+pytest
+
+# Build status
+npm run build
+```
+
+## Methodology
+
+This command follows code review best practices:
+- **Risk-Based Prioritization**: Critical issues first
+- **Constructive Feedback**: Solutions, not just problems
+- **Knowledge Sharing**: Explain reasoning
+- **Consistency**: Apply standards uniformly
+- **Continuous Learning**: Capture best practices
--- a/plugin.lock.json
+++ b/plugin.lock.json
@@ -0,0 +1,45 @@
+{
+  "$schema": "internal://schemas/plugin.lock.v1.json",
+  "pluginId": "gh:claudeforge/marketplace:plugins/commands/code-review",
+  "normalized": {
+    "repo": null,
+    "ref": "refs/tags/v20251128.0",
+    "commit": "4f9d1ff84562052da9f4427d8b64611e7449d35a",
+    "treeHash": "326889d58004b4b376ccd13a4be394953cdda180eb031e3dcb2778de2e65f9da",
+    "generatedAt": "2025-11-28T10:15:26.848422Z",
+    "toolVersion": "publish_plugins.py@0.2.0"
+  },
+  "origin": {
+    "remote": "git@github.com:zhongweili/42plugin-data.git",
+    "branch": "master",
+    "commit": "aa1497ed0949fd50e99e70d6324a29c5b34f9390",
+    "repoRoot": "/Users/zhongweili/projects/openmind/42plugin-data"
+  },
+  "manifest": {
+    "name": "code-review",
+    "description": "ClaudeForge Strategic Code Governance Architect delivering comprehensive code review methodologies, quality assurance frameworks, and development excellence optimization that transforms code review from quality checkpoint into strategic business value creation and development excellence catalyst",
+    "version": "1.0.0"
+  },
+  "content": {
+    "files": [
+      {
+        "path": "README.md",
+        "sha256": "22155c8dac83da6cac9453f6bbf2b62c275cc30fa738c18af4e35909f5a42964"
+      },
+      {
+        "path": ".claude-plugin/plugin.json",
+        "sha256": "7711bd2a15fb3e45a163c5543b83e9bbad8eb2014faaa571493906147094a492"
+      },
+      {
+        "path": "commands/code-review.md",
+        "sha256": "db0458459a87d9045796339694e7635b9d7f70caf219c3c801928f505297b96d"
+      }
+    ],
+    "dirSha256": "326889d58004b4b376ccd13a4be394953cdda180eb031e3dcb2778de2e65f9da"
+  },
+  "security": {
+    "scannedAt": null,
+    "scannerVersion": null,
+    "flags": []
+  }
+}