@@ -6,55 +6,57 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
66
77## how to use
88
9- 1 . ** scan for blocking issues** - anti-patterns, security flaws, silent failures
10- 2 . ** check code quality** - follows llm/rules-backend.md or llm/rules-frontend.md
11- 3 . ** verify documentation** - identify which llm/state-* .md files need updates
12- 4 . ** validate tests** - new code has tests, error cases covered
13- 5 . ** provide verdict** - block, request changes, or approve
9+ 1 . scan for blocking issues - anti-patterns, security flaws, silent failures
10+ 2 . check code quality - follows llm/rules-backend.md or llm/rules-frontend.md
11+ 3 . verify documentation - identify which llm/state-* .md files need updates
12+ 4 . validate tests - new code has tests, error cases covered
13+ 5 . provide verdict - block, request changes, or approve
1414
15- ** this file is self-contained.** all rules needed for review are below. do not read external files.
15+ this file is self-contained. all rules needed for review are below. do not read external files.
1616
1717---
1818
1919## project context
2020
21- ** type:** full-stack data generation platform (fastapi + react + typescript)
22- ** philosophy:** simplicity over cleverness, clarity over abstraction
23- ** style:** minimal functions, explicit dependencies, fail fast and loud
21+ - type: full-stack data generation platform (fastapi + react + typescript)
22+ - philosophy: simplicity over cleverness, clarity over abstraction
23+ - style: minimal functions, explicit dependencies, fail fast and loud
2424
25- ** llm file structure:**
25+ llm file structure:
2626- ` llm/rules-backend.md ` - backend coding standards
2727- ` llm/rules-frontend.md ` - frontend coding standards
2828- ` llm/rules-agent.md ` - agent behavior guidelines
2929- ` llm/state-backend.md ` - backend implementation status
3030- ` llm/state-frontend.md ` - frontend implementation status
3131- ` llm/state-project.md ` - overall project status
3232
33- ** golden rule:** if code cannot be explained in one sentence, it's too complex.
33+ golden rule: if code cannot be explained in one sentence, it's too complex.
3434
3535---
3636
3737## review priorities
3838
39- ** priority 1: blocking issues (must fix)**
39+ priority 1: blocking issues (must fix)
4040- anti-patterns from checklists below
4141- security vulnerabilities (sql injection, xss, missing validation)
4242- silent failures (empty catch/except blocks)
4343- broken tests
44+ - missing tests for: new api endpoints, new blocks, bug fixes
45+ - hardcoded colors in UI (#000 , #fff, rgb() instead of theme variables)
4446
45- ** priority 2: code quality (should fix)**
47+ priority 2: code quality (should fix)
4648- violations of llm/rules-* .md guidelines
4749- missing error handling
4850- missing type hints
4951- functions >30 lines, >3 params
5052- classes >7 public methods
5153
52- ** priority 3: documentation (should update)**
54+ priority 3: documentation (should update)
5355- llm/state-* .md files need updates when architecture changes
5456- code comments missing for complex logic
5557- comments explain what instead of why
5658
57- ** priority 4: improvements (nice to have)**
59+ priority 4: improvements (nice to have)
5860- extract duplicate code
5961- add memoization where helpful
6062- improve naming clarity
@@ -64,14 +66,15 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
6466## backend checklist
6567
6668### anti-patterns (blocking - must reject)
67- - [ ] ** silent failures** - empty except blocks, no logging
68- - [ ] ** god functions** - >30 lines or >3 params
69- - [ ] ** god classes** - >7 public methods
70- - [ ] ** global variables** - use dependency injection
71- - [ ] ** walrus operators** - complex one-liners violate simplicity
72- - [ ] ** magic numbers/strings** - use named constants
73- - [ ] ** sql injection** - f-strings in queries instead of parameterized
74- - [ ] ** missing error context** - bare exceptions without detail
69+ - [ ] silent failures - empty except blocks, no logging
70+ - [ ] god functions - >30 lines or >3 params
71+ - [ ] god classes - >7 public methods
72+ - [ ] global variables - use dependency injection
73+ - [ ] walrus operators - complex one-liners violate simplicity
74+ - [ ] magic numbers/strings - use named constants
75+ - [ ] sql injection - f-strings in queries instead of parameterized
76+ - [ ] missing error context - bare exceptions without detail
77+ - [ ] missing tests - new api endpoints, new blocks, bug fixes must have tests
7578
7679### code quality (should fix)
7780- [ ] specific exceptions caught (never bare ` Exception ` without re-raise)
@@ -88,9 +91,12 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
8891- [ ] size limits on file uploads
8992- [ ] type hints on all parameters and returns
9093- [ ] ` | None ` instead of ` Optional `
94+ - [ ] entities used instead of big dicts (>5 fields)
9195
9296### testing
93- - [ ] tests exist for new features
97+ - [ ] blocking: new api endpoints must have tests
98+ - [ ] blocking: new blocks must have unit tests
99+ - [ ] blocking: bug fixes must have regression tests
94100- [ ] error cases tested (not just happy path)
95101- [ ] test names: ` test_<method>_<scenario>_<expected> `
96102- [ ] one behavior per test
@@ -106,16 +112,17 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
106112## frontend checklist
107113
108114### anti-patterns (blocking - must reject)
109- - [ ] ** silent error handling** - empty catch blocks
110- - [ ] ** bloated components** - too many hooks, mixed concerns
111- - [ ] ** prop drilling** - >5 props passed through multiple levels
112- - [ ] ** repeated JSX** - copied 3+ times without extraction
113- - [ ] ** direct storage access** - localStorage/sessionStorage not abstracted
114- - [ ] ** inline fetch calls** - not in service layer
115- - [ ] ** unstable dependencies** - missing useCallback/useMemo in hooks
116- - [ ] ** missing cleanup** - useEffect without return for intervals/subscriptions/AbortController
117- - [ ] ** any types** - use proper types or ` unknown `
118- - [ ] ** type assertions** - ` as ` instead of type guards
115+ - [ ] silent error handling - empty catch blocks
116+ - [ ] bloated components - too many hooks, mixed concerns
117+ - [ ] prop drilling - >5 props passed through multiple levels
118+ - [ ] repeated JSX - copied 3+ times without extraction
119+ - [ ] direct storage access - localStorage/sessionStorage not abstracted
120+ - [ ] inline fetch calls - not in service layer
121+ - [ ] unstable dependencies - missing useCallback/useMemo in hooks
122+ - [ ] missing cleanup - useEffect without return for intervals/subscriptions/AbortController
123+ - [ ] any types - use proper types or ` unknown `
124+ - [ ] type assertions - ` as ` instead of type guards
125+ - [ ] hardcoded colors - use theme variables (fg.* , canvas.* , border.* ) not #000 , #fff, rgb()
119126
120127### code quality (should fix)
121128- [ ] components focused (extract if unwieldy)
@@ -153,27 +160,34 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
153160- [ ] API calls mockable
154161- [ ] tests exist for new features
155162
163+ ### ui/ux
164+ - [ ] theme compatibility verified in both light and dark modes
165+ - [ ] text uses fg.* colors (fg.default, fg.muted, fg.subtle)
166+ - [ ] backgrounds use canvas.* colors
167+ - [ ] no hardcoded colors (#000 , #fff, rgb())
168+ - [ ] interactive states work in both themes
169+
156170---
157171
158172## documentation updates
159173
160174### when to update llm/state-* .md files
161175
162- ** llm/state-backend.md** - update when:
176+ llm/state-backend.md - update when:
163177- new API endpoints added or changed
164178- database schema modified
165179- new blocks added to lib/blocks/
166180- core logic patterns changed (workflow, storage, job processing)
167181- error handling patterns changed
168182
169- ** llm/state-frontend.md** - update when:
183+ llm/state-frontend.md - update when:
170184- new pages or components added
171185- UI flow changed
172186- state management patterns changed
173187- API integration patterns changed
174188- routing updated
175189
176- ** llm/state-project.md** - update when:
190+ llm/state-project.md - update when:
177191- overall architecture changed
178192- new major features added
179193- file structure reorganized
@@ -189,7 +203,7 @@ review code for quality, security, and consistency. flag anti-patterns, verify d
189203- reflect actual code, not aspirational designs
190204
191205### code comments
192- - [ ] complex logic has comments explaining ** why** (not what)
206+ - [ ] complex logic has comments explaining why (not what)
193207- [ ] comments are lowercase and concise
194208- [ ] no over-documentation of obvious code
195209
@@ -207,13 +221,13 @@ when reviewing refactoring changes (identified by large-scale file changes or sy
207221- duplicate patterns consolidated
208222
209223### what to verify
210- - [ ] ** pattern choice is correct** - chosen pattern is actually dominant in codebase (count occurrences)
211- - [ ] ** tests still pass** - no functionality broken
212- - [ ] ** anti-patterns removed** - not just moved around
213- - [ ] ** documentation updated** - llm/state-* .md files reflect changes
214- - [ ] ** quality improved** - code is simpler, clearer, more consistent
215- - [ ] ** behavior unchanged** - unless explicitly documented
216- - [ ] ** no scope creep** - refactoring doesn't include new features
224+ - [ ] pattern choice is correct - chosen pattern is actually dominant in codebase (count occurrences)
225+ - [ ] tests still pass - no functionality broken
226+ - [ ] anti-patterns removed - not just moved around
227+ - [ ] documentation updated - llm/state-* .md files reflect changes
228+ - [ ] quality improved - code is simpler, clearer, more consistent
229+ - [ ] behavior unchanged - unless explicitly documented
230+ - [ ] no scope creep - refactoring doesn't include new features
217231
218232### acceptable
219233- renaming for consistency
@@ -236,8 +250,8 @@ when reviewing refactoring changes (identified by large-scale file changes or sy
236250### step 1: anti-pattern scan
237251scan code for anti-patterns from checklists above. flag immediately if found.
238252
239- ** backend:** silent failures, god functions, sql injection, magic numbers
240- ** frontend:** silent errors, bloated components, prop drilling, inline fetch
253+ backend: silent failures, god functions, sql injection, magic numbers
254+ frontend: silent errors, bloated components, prop drilling, inline fetch
241255
242256### step 2: security check
243257verify no security vulnerabilities:
@@ -314,7 +328,7 @@ identify which llm/state-*.md files need updates:
314328- code quality: ✓ good | ⚠issues exist
315329
316330### verdict
317- ** [ block | request changes | approve] **
331+ [ block | request changes | approve]
318332
319333reason: [ brief explanation]
320334```
@@ -335,7 +349,7 @@ reason: [brief explanation]
335349- fix: ` catch (err) { console.error(err); showToast({type: "error", message: err.message}); } `
336350
337351### verdict
338- ** block** - must fix silent error handling before merge
352+ block - must fix silent error handling before merge
339353```
340354
341355### example 2: documentation update needed
@@ -353,7 +367,7 @@ none found
353367- details: document how user input is sanitized using parameterized queries
354368
355369### verdict
356- ** request changes** - update state-backend.md to document new pattern
370+ request changes - update state-backend.md to document new pattern
357371```
358372
359373### example 3: refactoring review
@@ -384,17 +398,17 @@ refactoring verified:
384398- ✓ quality improved
385399
386400### verdict
387- ** request changes** - update state-backend.md then approve
401+ request changes - update state-backend.md then approve
388402```
389403
390404---
391405
392406## golden rules
393407
394- 1 . ** anti-patterns are blocking** - always reject
395- 2 . ** security issues are blocking** - always reject
396- 3 . ** broken tests are blocking** - always reject
397- 4 . ** llm/* updates required** - for architecture changes
398- 5 . ** simplicity wins** - if code is complex, it's wrong
399- 6 . ** fail loudly** - silent failures are never acceptable
400- 7 . ** self-contained** - all rules in this file, don't read external files
408+ 1 . anti-patterns are blocking - always reject
409+ 2 . security issues are blocking - always reject
410+ 3 . broken tests are blocking - always reject
411+ 4 . llm/* updates required - for architecture changes
412+ 5 . simplicity wins - if code is complex, it's wrong
413+ 6 . fail loudly - silent failures are never acceptable
414+ 7 . self-contained - all rules in this file, don't read external files
0 commit comments