home / skills / georgekhananaev / claude-skills-vault / code-quality

code-quality skill

Q: What languages are supported?

TypeScript, Python, Go, and Rust with language-specific linters and rulesets.

Q: How are issues prioritized?

Issues use four severities: Critical (block), Error (block), Warning (must address), Style (auto-fixable).

Q: Can I run checks incrementally in a monorepo?

Yes. Provided scripts support changed-file checking and progressive enforcement modes to speed feedback.

This skill enforces multi-language code quality standards for TypeScript, Python, Go, and Rust, guiding writing, review, and refactoring.

npx playbooks add skill georgekhananaev/claude-skills-vault --skill code-quality

Review the files below or copy the command above to add this skill to your agents.

Files (24)

SKILL.md

8.5 KB

---
name: code-quality
description: Multi-language code quality standards and review for TypeScript, Python, Go, and Rust. Enforces type safety, security, performance, and maintainability. Use when writing, reviewing, or refactoring code. Includes review process, checklist, and Python PEP 8 deep-dive.
author: George Khananaev
replaces: [beautiful-code, code-reviewer, pep8]
---

# Code Quality

Production-grade code standards and review for TypeScript, Python, Go, and Rust.

## When to Use

- Writing or reviewing code in TS/Python/Go/Rust
- Code review or pull request analysis
- Security or performance audit
- Setting up linting/CI for a project
- Python-specific style check (PEP 8)

## Quick-Start Modes

| Intent | Sections to Use |
|--------|----------------|
| **Write code** | Core Rules + Language Standards + AI-Friendly Patterns |
| **Review PR** | Review Process + `references/checklist.md` + Severity Levels |
| **Setup CI** | Config Files + Scripts + Enforcement Strategy |
| **Python style** | `references/python.md` (full PEP 8 deep-dive) |

**Context loading:** For deep reviews, read the relevant `references/` file for the language under review.

## Quick Reference

| Language | Type Safety | Linter | Complexity |
|----------|-------------|--------|------------|
| TypeScript | `strict`, no `any` | ESLint + typescript-eslint | max 10 |
| Python | mypy `strict`, PEP 484 | Ruff + mypy | max 10 |
| Go | staticcheck | golangci-lint | max 10 |
| Rust | clippy pedantic | clippy + cargo-audit | - |

## Severity Levels

| Level | Description | Action |
|-------|-------------|--------|
| **Critical** | Security vulnerabilities, data loss | Block merge |
| **Error** | Bugs, type violations, `any` | Block merge |
| **Warning** | Code smells, complexity | Must address |
| **Style** | Formatting, naming | Auto-fix |

---

## Core Rules (All Languages)

### Type Safety
- No implicit any / untyped functions
- No type assertions without guards
- Explicit return types on public APIs

### Security
- No hardcoded secrets (use gitleaks)
- No eval/pickle/unsafe deserialization
- Parameterized queries only
- SCA scanning (npm audit / pip-audit / govulncheck / cargo-audit)

### Complexity
- Max cyclomatic complexity: 10
- Max function lines: 50
- Max nesting depth: 3
- Max parameters: 5

### Error Handling
- No ignored errors (Go: no `_` for err)
- No bare except (Python)
- No unwrap in prod (Rust)
- Wrap errors with context

---

## Language-Specific Standards

### TypeScript
See: `references/typescript.md`

```typescript
// CRITICAL: Never use any
const bad: any = data;           // Error
const good: unknown = data;      // OK

// ERROR: No type assertions
const bad = data as User;        // Error
const good = isUser(data) ? data : null;  // OK

// ERROR: Non-null assertions
const bad = user!.name;          // Error
const good = user?.name ?? '';   // OK
```

### Python (PEP 8 / 3.11+)
See: `references/python.md`

```python
# CRITICAL: All functions must be typed
def bad(data):                   # Error
    return data

def good(data: dict[str, Any]) -> list[str]:  # OK
    return list(data.keys())

# Use modern syntax
value: str | None = None         # OK (not Optional)
items: list[str] = []            # OK (not List)
```

### Go
See: `references/go.md`

```go
// CRITICAL: Never ignore errors
result, _ := doSomething()       // Error
result, err := doSomething()     // OK
if err != nil {
    return fmt.Errorf("doing something: %w", err)
}
```

### Rust
See: `references/rust.md`

```rust
// CRITICAL: No unwrap in production
let value = data.unwrap();        // Error
let value = data?;                // OK
let value = data.unwrap_or_default(); // OK
```

---

## Cross-Language Standards

### Structured Logging
See: `references/logging.md`

```typescript
logger.info({ userId, action: 'login' }, 'User logged in');   // TS (pino)
```
```python
logger.info("user_login", user_id=user_id)                    # Python (structlog)
```
```go
log.Info().Str("user_id", userID).Msg("user logged in")       // Go (zerolog)
```

### Test Coverage
See: `references/testing.md`

| Metric | Threshold |
|--------|-----------|
| Line coverage | 80% min |
| Branch coverage | 70% min |
| New code | 90% min |

### Security Scanning
See: `references/security.md`

- Secrets: gitleaks (pre-commit + CI)
- Dependencies: npm audit / pip-audit / govulncheck / cargo-audit
- Accessibility: jsx-a11y (TypeScript)
- Race detection: go test -race (Go)

### API Design
See: `references/api-design.md`

- Proper HTTP status codes (200, 201, 204, 400, 401, 403, 404, 422, 429, 500)
- RFC 7807 error format
- Plural nouns for resources: `/users/{id}/orders`
- Validate at API boundary

### Database Patterns
See: `references/database.md`

- Transactions for multi-write operations
- N+1 prevention: eager load or batch
- Safe migrations (expand-contract pattern)
- Always paginate list queries

### Async & Concurrency
See: `references/async-concurrency.md`

- Always clean up resources (try/finally, defer, Drop)
- Set timeouts on all async operations
- Use semaphores for rate limiting
- Avoid blocking in async contexts

---

## Review Process

### Step 1: Understand Context
1. Identify the language/framework
2. Understand the purpose of the code
3. Check for existing patterns in the codebase
4. Review any related tests

### Step 2: Systematic Review
Use the checklist at `references/checklist.md` for thorough reviews covering:
- Code quality (structure, naming, type safety, dead code)
- Security (injection, auth, secrets, input validation)
- Performance (N+1, memory leaks, caching, re-renders)
- Error handling (edge cases, recovery, cleanup)
- Testing (coverage, quality, assertions)
- Best practices (SOLID, patterns, maintainability)

### Step 3: Categorize & Report

```markdown
**[SEVERITY] Issue Title**
- File: `path/to/file.ts:line`
- Problem: Clear description
- Impact: What could go wrong
- Fix: Specific code suggestion
```

### Git Integration

```bash
# Review staged changes
git --no-pager diff --cached

# Review specific commit
git --no-pager show <commit>

# Review PR diff
gh pr diff <number>
```

## Review Output Format

Use severity levels from the table above (Critical / Error / Warning / Style).

```markdown
# Code Review Summary

## Overview
- Files reviewed: X
- Issues found: Y (X Critical, Y Error, Z Warning)
- Recommendation: [Approve / Request Changes / Needs Discussion]

## Critical Issues
[Security vulnerabilities, data loss - must fix]

## Error Issues
[Bugs, type violations - must fix]

## Warnings
[Code smells, complexity - should address]

## Style
[Formatting, naming - auto-fixable]

## Positive Observations
[Good practices found]
```

---

## Naming Conventions

| Element | TypeScript | Python | Go | Rust |
|---------|------------|--------|-----|------|
| Variables | camelCase | snake_case | camelCase | snake_case |
| Functions | camelCase | snake_case | camelCase | snake_case |
| Constants | SCREAMING_SNAKE | SCREAMING_SNAKE | MixedCaps | SCREAMING_SNAKE |
| Types | PascalCase | PascalCase | PascalCase | PascalCase |
| Files | kebab-case | snake_case | lowercase | snake_case |

## AI-Friendly Patterns

1. Explicit types always
2. Single responsibility per function
3. Small functions (< 30 lines ideal)
4. Max nesting depth 3
5. Guard clauses for early returns
6. Named constants, no magic values
7. Linear, predictable execution flow

## Enforcement Strategy

### Progressive (Ratchet-Based)
```
Phase 1: Errors block, Warnings tracked
Phase 2: Strict on NEW files only
Phase 3: Strict on TOUCHED files
Phase 4: Full enforcement
```

### WIP vs Merge Mode

| Mode | Trigger | Behavior |
|------|---------|----------|
| WIP | Local commit | Warnings only |
| Push | git push | Errors block |
| PR | PR to main | Full strict |

## Config Files

Available in `configs/`:
- `typescript/` - ESLint, tsconfig, Prettier
- `python/` - pyproject.toml, pre-commit
- `go/` - golangci.yaml
- `rust/` - clippy.toml
- `.pre-commit-config.yaml`
- `.gitleaks.toml`

## Scripts

Available in `scripts/`:
- `check_changed.sh` - Monorepo-aware incremental linting
- `check_all.sh` - Full repository check
- `check_style.py` - Python full check (ruff + pycodestyle + mypy)
- `check_pep8.sh` - Quick PEP 8 only
- `check_types.sh` - Python type hints only
- `fix_style.sh` - Python auto-fix issues

Overview

This skill provides production-grade code quality standards and review for TypeScript, Python, Go, and Rust. It enforces type safety, security, performance, and maintainability through checklist-driven reviews, language-specific rules, and CI-friendly enforcement. Use it when writing, reviewing, or refactoring code to keep commits and PRs production-ready.

How this skill works

The skill inspects code against a core ruleset (type safety, security, complexity, error handling) and language-specific standards (TS, Python, Go, Rust). It produces a categorized review using severity levels (Critical, Error, Warning, Style) and a structured report with file locations, impact, and precise fixes. It also includes CI configs, lint presets, and a PEP 8 deep-dive for Python.

When to use it

When authoring new features or refactoring across TS/Python/Go/Rust
During PR reviews to block critical issues and enforce standards
Setting up linting, pre-commit, and CI enforcement for a repo
Security or performance audits and dependency scanning
When you need a PEP 8–focused review for Python code

Best practices

Enable strict typing in TypeScript and mypy strict in Python; avoid implicit any or untyped functions
Treat Critical and Error severities as merge blockers; auto-fix Style issues in CI
Keep functions small (ideally <30 lines) and limit cyclomatic complexity to 10
Use parameterized queries, avoid hardcoded secrets, and run SCA and gitleaks scans
Adopt progressive enforcement: start with warnings, tighten on new/touched files, then full enforcement

Example use cases

Automated PR review that flags type violations, security vulnerabilities, and complexity regressions
Repository setup: add ESLint/tsconfig, Ruff+mypy, golangci-lint, and clippy with provided configs
Refactor session: run the checklist to find uncaught errors, ignored returns, or unwraps in production code
Python style audit: PEP 8 deep-dive with concrete fixes, typing recommendations, and auto-fix scripts
CI gate: block merges on Errors/Criticals and run incremental checks for faster feedback

FAQ

What languages are supported?

TypeScript, Python, Go, and Rust with language-specific linters and rulesets.

How are issues prioritized?

Issues use four severities: Critical (block), Error (block), Warning (must address), Style (auto-fixable).

Can I run checks incrementally in a monorepo?

Yes. Provided scripts support changed-file checking and progressive enforcement modes to speed feedback.