code-review-patterns
npx machina-cli add skill a5c-ai/babysitter/code-review-patterns --openclawCode Review Patterns
Overview
Structured patterns for multi-dimensional code review with strict confidence gating. Only issues with >=80% confidence are reported. Zero tolerance for empty catch blocks.
Four Dimensions
Security (weight: 30%)
- Injection vulnerabilities (SQL, XSS, command)
- Authentication and authorization patterns
- Secrets handling (no hardcoded credentials)
- Input validation and sanitization
Quality (weight: 25%)
- Naming conventions and consistency
- Code structure (SRP, cohesion, coupling)
- Error handling completeness
- Type safety (no
anyescapes)
Performance (weight: 20%)
- Algorithmic complexity (flag O(n^2) or worse)
- Resource and memory leaks
- Database query efficiency (N+1)
- Caching opportunities
Maintainability (weight: 25%)
- Documentation (JSDoc/TSDoc for public APIs)
- Test coverage adequacy
- Readability (function length, nesting depth)
- Tech debt markers (TODO, FIXME)
Confidence Gating
- Only report issues with confidence >= 80%
- Empty catch blocks are always critical (100% confidence)
- Classify: critical, high, medium, low
- Include actionable remediation for each issue
Router Contract
Every review must produce: STATUS, BLOCKING, REQUIRES_REMEDIATION, issue counts.
When to Use
- Code review step in BUILD workflow
- Fix review in DEBUG workflow
- Full REVIEW workflow
Agents Used
code-reviewer(primary consumer)silent-failure-hunter(error handling dimension)
Source
git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/methodologies/cc10x/skills/code-review-patterns/SKILL.mdView on GitHub Overview
Code Review Patterns provides a structured framework for assessing code across Security, Quality, Performance, and Maintainability, with confidence-gated reporting that only surfaces issues above 80% certainty. It also generates a Router Contract to summarize status and remediation needs.
How This Skill Works
The skill scores findings across four weighted dimensions (Security 30%, Quality 25%, Performance 20%, Maintainability 25%) and reports only issues with confidence >= 80%. Empty catch blocks are always treated as critical. Each review yields a Router Contract that includes STATUS, BLOCKING, REQUIRES_REMEDIATION, and issue counts for actionable remediation.
When to Use It
- Code review step in BUILD workflow
- Fix review in DEBUG workflow
- Full REVIEW workflow
Quick Start
- Step 1: Integrate code-review-patterns into your BUILD workflow as the standard code review step.
- Step 2: Run the review and inspect issues with confidence >= 80%, noting classifications.
- Step 3: Use the Router Contract to determine STATUS, BLOCKING, REQUIRES_REMEDIATION, and address remediation before re-running.
Best Practices
- Apply the four dimension weights (Security 30%, Quality 25%, Performance 20%, Maintainability 25%) to guide prioritization.
- Enforce confidence gating at >= 80% and treat empty catch blocks as critical (100% confidence).
- Always include actionable remediation for each issue surfaced.
- Classify issues as critical, high, medium, or low to drive remediation urgency.
- Generate and inspect the Router Contract output (STATUS, BLOCKING, REQUIRES_REMEDIATION, issue counts) as part of gating decisions.
Example Use Cases
- SQL injection risk in a user input processing path flagged under Security with high confidence.
- Hardcoded credentials detected in configuration files flagged under Security with remediation steps.
- N+1 query pattern identified in data access layer flagged under Performance with actionable optimization.
- Missing JSDoc/TSDoc for a public API surfaced under Maintainability with recommended documentation.
- Long functions and deep nesting flagged under Readability, triggering maintainability remediation.
