Which languages are covered?

TypeScript, Python, Go, and Rust are covered with their respective type safety and linting standards.

How are issues prioritized?

Issues are categorized by Severity Levels: Critical, Error, Warning, Style; critical issues block merges.

Is there language-specific style guidance?

Yes; Python uses a deep-dive into PEP 8, and each language has dedicated references (TS, Go, Rust) for their standards.

Code Quality

npx machina-cli add skill georgekhananaev/claude-skills-vault/code-quality --openclaw

Files (1)

SKILL.md

8.5 KB

Code Quality

Production-grade code standards and review for TypeScript, Python, Go, and Rust.

When to Use

Writing or reviewing code in TS/Python/Go/Rust
Code review or pull request analysis
Security or performance audit
Setting up linting/CI for a project
Python-specific style check (PEP 8)

Quick-Start Modes

Intent	Sections to Use
Write code	Core Rules + Language Standards + AI-Friendly Patterns
Review PR	Review Process + `references/checklist.md` + Severity Levels
Setup CI	Config Files + Scripts + Enforcement Strategy
Python style	`references/python.md` (full PEP 8 deep-dive)

Context loading: For deep reviews, read the relevant references/ file for the language under review.

Quick Reference

Language	Type Safety	Linter	Complexity
TypeScript	`strict`, no `any`	ESLint + typescript-eslint	max 10
Python	mypy `strict`, PEP 484	Ruff + mypy	max 10
Go	staticcheck	golangci-lint	max 10
Rust	clippy pedantic	clippy + cargo-audit	-

Severity Levels

Level	Description	Action
Critical	Security vulnerabilities, data loss	Block merge
Error	Bugs, type violations, `any`	Block merge
Warning	Code smells, complexity	Must address
Style	Formatting, naming	Auto-fix

Core Rules (All Languages)

Type Safety

No implicit any / untyped functions
No type assertions without guards
Explicit return types on public APIs

Security

No hardcoded secrets (use gitleaks)
No eval/pickle/unsafe deserialization
Parameterized queries only
SCA scanning (npm audit / pip-audit / govulncheck / cargo-audit)

Complexity

Max cyclomatic complexity: 10
Max function lines: 50
Max nesting depth: 3
Max parameters: 5

Error Handling

No ignored errors (Go: no _ for err)
No bare except (Python)
No unwrap in prod (Rust)
Wrap errors with context

Language-Specific Standards

TypeScript

See: references/typescript.md

// CRITICAL: Never use any
const bad: any = data;           // Error
const good: unknown = data;      // OK

// ERROR: No type assertions
const bad = data as User;        // Error
const good = isUser(data) ? data : null;  // OK

// ERROR: Non-null assertions
const bad = user!.name;          // Error
const good = user?.name ?? '';   // OK

Python (PEP 8 / 3.11+)

See: references/python.md

# CRITICAL: All functions must be typed
def bad(data):                   # Error
    return data

def good(data: dict[str, Any]) -> list[str]:  # OK
    return list(data.keys())

# Use modern syntax
value: str | None = None         # OK (not Optional)
items: list[str] = []            # OK (not List)

Go

See: references/go.md

// CRITICAL: Never ignore errors
result, _ := doSomething()       // Error
result, err := doSomething()     // OK
if err != nil {
    return fmt.Errorf("doing something: %w", err)
}

Rust

See: references/rust.md

// CRITICAL: No unwrap in production
let value = data.unwrap();        // Error
let value = data?;                // OK
let value = data.unwrap_or_default(); // OK

Cross-Language Standards

Structured Logging

See: references/logging.md

logger.info({ userId, action: 'login' }, 'User logged in');   // TS (pino)

logger.info("user_login", user_id=user_id)                    # Python (structlog)

log.Info().Str("user_id", userID).Msg("user logged in")       // Go (zerolog)

Test Coverage

See: references/testing.md

Metric	Threshold
Line coverage	80% min
Branch coverage	70% min
New code	90% min

Security Scanning

See: references/security.md

Secrets: gitleaks (pre-commit + CI)
Dependencies: npm audit / pip-audit / govulncheck / cargo-audit
Accessibility: jsx-a11y (TypeScript)
Race detection: go test -race (Go)

API Design

See: references/api-design.md

Proper HTTP status codes (200, 201, 204, 400, 401, 403, 404, 422, 429, 500)
RFC 7807 error format
Plural nouns for resources: /users/{id}/orders
Validate at API boundary

Database Patterns

See: references/database.md

Transactions for multi-write operations
N+1 prevention: eager load or batch
Safe migrations (expand-contract pattern)
Always paginate list queries

Async & Concurrency

See: references/async-concurrency.md

Always clean up resources (try/finally, defer, Drop)
Set timeouts on all async operations
Use semaphores for rate limiting
Avoid blocking in async contexts

Review Process

Step 1: Understand Context

Identify the language/framework
Understand the purpose of the code
Check for existing patterns in the codebase
Review any related tests

Step 2: Systematic Review

Use the checklist at references/checklist.md for thorough reviews covering:

Code quality (structure, naming, type safety, dead code)
Security (injection, auth, secrets, input validation)
Performance (N+1, memory leaks, caching, re-renders)
Error handling (edge cases, recovery, cleanup)
Testing (coverage, quality, assertions)
Best practices (SOLID, patterns, maintainability)

Step 3: Categorize & Report

**[SEVERITY] Issue Title**
- File: `path/to/file.ts:line`
- Problem: Clear description
- Impact: What could go wrong
- Fix: Specific code suggestion

Git Integration

# Review staged changes
git --no-pager diff --cached

# Review specific commit
git --no-pager show <commit>

# Review PR diff
gh pr diff <number>

Review Output Format

Use severity levels from the table above (Critical / Error / Warning / Style).

# Code Review Summary

## Overview
- Files reviewed: X
- Issues found: Y (X Critical, Y Error, Z Warning)
- Recommendation: [Approve / Request Changes / Needs Discussion]

## Critical Issues
[Security vulnerabilities, data loss - must fix]

## Error Issues
[Bugs, type violations - must fix]

## Warnings
[Code smells, complexity - should address]

## Style
[Formatting, naming - auto-fixable]

## Positive Observations
[Good practices found]

Naming Conventions

Element	TypeScript	Python	Go	Rust
Variables	camelCase	snake_case	camelCase	snake_case
Functions	camelCase	snake_case	camelCase	snake_case
Constants	SCREAMING_SNAKE	SCREAMING_SNAKE	MixedCaps	SCREAMING_SNAKE
Types	PascalCase	PascalCase	PascalCase	PascalCase
Files	kebab-case	snake_case	lowercase	snake_case

AI-Friendly Patterns

Explicit types always
Single responsibility per function
Small functions (< 30 lines ideal)
Max nesting depth 3
Guard clauses for early returns
Named constants, no magic values
Linear, predictable execution flow

Enforcement Strategy

Progressive (Ratchet-Based)

Phase 1: Errors block, Warnings tracked
Phase 2: Strict on NEW files only
Phase 3: Strict on TOUCHED files
Phase 4: Full enforcement

WIP vs Merge Mode

Mode	Trigger	Behavior
WIP	Local commit	Warnings only
Push	git push	Errors block
PR	PR to main	Full strict

Config Files

Available in configs/:

typescript/ - ESLint, tsconfig, Prettier
python/ - pyproject.toml, pre-commit
go/ - golangci.yaml
rust/ - clippy.toml
.pre-commit-config.yaml
.gitleaks.toml

Scripts

Available in scripts/:

check_changed.sh - Monorepo-aware incremental linting
check_all.sh - Full repository check
check_style.py - Python full check (ruff + pycodestyle + mypy)
check_pep8.sh - Quick PEP 8 only
check_types.sh - Python type hints only
fix_style.sh - Python auto-fix issues

Source

git clone https://github.com/georgekhananaev/claude-skills-vault/blob/main/.claude/skills/code-quality/SKILL.mdView on GitHub

Overview

Code Quality defines production-grade standards for TS, Python, Go, and Rust. It emphasizes type safety, security, performance, and maintainability, and provides a review process, checklist, and a Python PEP 8 deep-dive to guide writing, reviewing, or refactoring code.

How This Skill Works

It combines core rules across all languages (type safety, security, complexity, error handling) with language-specific standards. The skill includes a formal review process, severity levels, and references to the relevant guidance, enabling linting and CI enforcement to ensure consistent code quality.

When to Use It

Writing or reviewing code in TS/Python/Go/Rust
Code review or pull request analysis
Security or performance audit
Setting up linting/CI for a project
Python-specific style check (PEP 8)

Quick Start

Step 1: Choose a Quick-Start Mode (Write code, Review PR, Setup CI, or Python style)
Step 2: Apply Core Rules + Language Standards to your target language
Step 3: Run the Review Process and enable CI/linting for enforcement

Best Practices

Enforce explicit types on public APIs and avoid implicit any or untyped functions
Apply security guidelines: no hardcoded secrets, avoid eval, use parameterized queries, run SCA scans
Keep complexity in check: max cyclomatic complexity 10, max function lines 50, max nesting depth 3, max parameters 5
Follow language-specific standards: TS forbids any, Python typing with PEP 8 deep-dive, ensure proper error handling in Go and Rust
Integrate the rules into CI and linting; use the provided review process and checklists

Example Use Cases

A TS PR refactors to remove any and enforces strict types across modules
Python module updated to include type hints and run through PEP 8 checks
Go service error handling updated from blank identifier to proper error propagation
Rust code replaced unwrap with safe alternatives and added cargo-audit checks
Security audit runs npm/pip/go cargo audit and blocks PRs with critical findings

Frequently Asked Questions

Add this skill to your agents