What is the purpose of this skill?

It ensures thorough, consistent reviews via a fixed checklist and structured outputs.

How are BLOCKING issues determined?

If any of the 10 items fail or there are critical issues (e.g., failing tests, security concerns), mark as BLOCKING and require changes before approval.

What about test results?

Include pytest output and provide per-item PASS/FAIL, along with any failing test details and necessary follow-up actions.

code-review

npx machina-cli add skill akaszubski/autonomous-dev/code-review --openclaw

Files (1)

SKILL.md

4.9 KB

Code Review Enforcement Skill

Ensures every code review is thorough, consistent, and produces actionable feedback. Used by the reviewer agent.

10-Point Review Checklist

Every review MUST evaluate all 10 items. No shortcuts.

1. Correctness

Does the code do what the ticket/plan requires?
Are edge cases handled (empty input, None, boundary values)?
Are return types consistent with declarations?

2. Test Coverage

Do tests exist for new/changed code?
Do ALL tests pass (100%, not "most")?
Are edge cases and error paths tested?

3. Error Handling

Are exceptions specific (not bare except:)?
Do error messages include context (what failed, what was expected)?
Is there graceful degradation where appropriate?

4. Type Hints on Public APIs

All public functions have parameter and return type annotations?
Complex types use Optional, Union, List, Dict correctly?

5. Naming Conventions

Variables/functions: snake_case
Classes: PascalCase
Constants: UPPER_SNAKE_CASE
Names are descriptive (no single-letter except loop vars)

6. Security

No hardcoded secrets, API keys, or passwords
No bare except: that swallows errors silently
SQL queries use parameterized statements
User input is validated before use

7. Style Compliance

Code is formatted with black (100 char line length)
Imports sorted with isort
No unused imports or variables

8. Documentation

Public APIs have Google-style docstrings
Complex logic has inline comments
Examples provided for non-obvious usage

9. No Stubs or Placeholders

No NotImplementedError in shipped code
No pass as the sole body of a function
No TODO without a linked issue number

10. No Unnecessary Complexity

No premature abstraction
No dead code paths
Functions do one thing
Nesting depth <= 3 levels

Severity Levels

BLOCKING (must fix before approval)

Failing tests
Security vulnerabilities (hardcoded secrets, SQL injection)
Missing error handling on external calls
Stubbed/placeholder code
Incorrect logic or data loss risk

ADVISORY (prefix with "Nit:")

Style preferences beyond black/isort
Alternative naming suggestions
Minor documentation improvements
Performance micro-optimizations

HARD GATE: Required Output

Every review MUST conclude with exactly one of:

APPROVED — all 10 checklist items pass, no BLOCKING issues
REQUEST_CHANGES — at least one BLOCKING issue found

FORBIDDEN:

Saying "looks good" without running the full checklist
Approving code with failing tests
Approving stubbed or placeholder code
Approving without checking security items (checklist #6)
Mixing BLOCKING and ADVISORY without clear labels
Rubber-stamping: approving in under 30 seconds of analysis

REQUIRED:

Per-file summary with specific line references for each finding
Explicit pass/fail on each of the 10 checklist items
Test results included (run pytest and report output)
Security checklist explicitly addressed
BLOCKING vs ADVISORY clearly labeled on every finding

Required Output Format

## Review: [file or PR title]

### Checklist
1. Correctness: PASS/FAIL — [details]
2. Test Coverage: PASS/FAIL — [details]
3. Error Handling: PASS/FAIL — [details]
4. Type Hints: PASS/FAIL — [details]
5. Naming: PASS/FAIL — [details]
6. Security: PASS/FAIL — [details]
7. Style: PASS/FAIL — [details]
8. Documentation: PASS/FAIL — [details]
9. No Stubs: PASS/FAIL — [details]
10. Complexity: PASS/FAIL — [details]

### Findings
- [BLOCKING] file.py:42 — description
- [Nit:] file.py:88 — suggestion

### Test Results
[paste pytest output summary]

### Verdict: APPROVED / REQUEST_CHANGES

Anti-Patterns

BAD: Rubber-stamp approval

"Looks good to me, ship it!"

Missing: checklist, line references, test results, security review.

GOOD: Structured review

## Review: lib/auth.py

### Checklist
1. Correctness: PASS — token validation logic matches RFC 7519
2. Test Coverage: PASS — 12 tests, all pass, covers expiry edge case
...
6. Security: FAIL — API key on line 34 is hardcoded

### Findings
- [BLOCKING] auth.py:34 — Hardcoded API key, move to env var

### Verdict: REQUEST_CHANGES

BAD: Nitpicking style, missing logic bugs

Spending 10 comments on variable naming while an off-by-one error goes unnoticed.

BAD: "Will fix later" acceptance

Approving with known BLOCKING issues and a verbal promise to fix. If it is BLOCKING, it blocks.

Cross-References

python-standards: Style and type hint requirements
testing-guide: Test coverage expectations
security-patterns: Security checklist details

Source

git clone https://github.com/akaszubski/autonomous-dev/blob/master/plugins/autonomous-dev/skills/code-review/SKILL.mdView on GitHub

Overview

The Code Review Enforcement Skill ensures every review is thorough, consistent, and provides actionable feedback by applying a fixed 10-point checklist. It covers correctness, tests, error handling, typing, naming, security, style, docs, stubs, and complexity to elevate code quality. It is designed for the reviewer agent to standardize reviews across teams.

How This Skill Works

During a review, the skill guides the reviewer through 10 items (Correctness, Test Coverage, Error Handling, Type Hints, Naming, Security, Style, Documentation, No Stubs, No Unnecessary Complexity). Each item is evaluated and documented with a per-file PASS/FAIL, line references, and explicit findings. The final output includes a BLOCKING/ADVISORY classification, per-item results, test results, and a verdict.

When to Use It

When reviewing new or changed code to ensure it meets the ticket or plan
When auditing critical modules or security-sensitive changes
When PRs touch public APIs or external interfaces
When multiple changes are merged in a single PR
When aiming to maintain consistent review quality across the team

Quick Start

Step 1: Open the PR and initialize the Code Review Enforcement Skill
Step 2: Apply the 10-point checklist and record PASS/FAIL and line refs
Step 3: Publish per-file summaries, test results, and final verdict (APPROVED or REQUEST_CHANGES)

Best Practices

Run the full 10-point checklist for every review
Require explicit line-referenced notes for each finding
Ensure tests exist for new/changed code and all tests pass
Flag and address security risks (no bare except, parameterized queries, etc.)
Provide actionable feedback and reference related issues or tickets

Example Use Cases

PR introducing a new API endpoint with tests
Bugfix PR that adds edge-case tests and proper error messages
Security-sensitive module update with input validation
Refactor altering function signatures—needs type hints and docs
Legacy code cleanup with style and doc updates

Frequently Asked Questions

Add this skill to your agents