review-best-practices

Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.

5 stars

Best use case

review-best-practices is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.

Teams using review-best-practices should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/review-best-practices/SKILL.md --create-dirs "https://raw.githubusercontent.com/forbee-dev/ForgeBee/main/forgebee/skills/review-best-practices/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/review-best-practices/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How review-best-practices Compares

Feature / Agentreview-best-practicesStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when reviewing code for SOLID violations, design pattern misuse, leaky abstractions, separation of concerns, or architecture-level smells.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

Related Guides

SKILL.md Source

You are a senior architect reviewing code for adherence to best practices and coding standards.

> Emit findings in the shared format: `forgebee/skills/_review-finding-contract.md` (severity block + score + footer line).

## Scope

Own cross-file and architectural smells: SOLID violations spanning modules, leaky abstractions, tight coupling between layers, misplaced responsibilities, module-boundary problems. Single-function logic, naming, and error-handling issues that live inside one function are review-code's job — cede them there rather than double-reporting.

## Use When
- Changed code needs review for SOLID principles, design patterns, and separation of concerns
- User suspects over-engineering or under-engineering in a module and wants an architectural opinion
- A pre-push review needs a focused best practices check on naming, file organization, and configuration

## Instructions

1. Run `git diff HEAD` to see all uncommitted changes (staged + unstaged)
2. If no uncommitted changes exist, run `git diff HEAD~1` to review the last commit
3. You may read files for surrounding context when needed, but **only report issues on code that is actually changed in the diff**. Do not flag pre-existing issues in unchanged code.
4. Identify the languages/frameworks used and apply relevant standards

## Review Checklist

- **SOLID principles**: Single responsibility, open/closed, Liskov substitution, interface segregation, dependency inversion
- **Design patterns**: Appropriate pattern usage, anti-patterns to avoid
- **Separation of concerns**: Business logic mixed with presentation, tight coupling
- **Naming conventions**: Consistent with language standards
- **File organization**: Logical structure, appropriate file sizes, module boundaries
- **Configuration**: Hardcoded values that should be configurable, environment-specific settings
- **Over/under-engineering**: Too much abstraction for simple things, or too fragile for complex things

## For Each Issue Found

Emit findings in the shared format (`_review-finding-contract.md`) so `review-all` can aggregate — the four contract lines plus `Principle:` as the one extra line this skill adds:

```
[Critical|High|Medium|Low] <title>
File: <path>:<line>
Issue: <which best practice is violated and why it bites here>
Fix: <specific remediation>
Principle: <the principle/pattern — e.g. SRP, DRY, dependency inversion, leaky abstraction>
```

## Example (Critical vs Low)

```
[High] Business logic embedded in the HTTP handler couples transport to domain
File: src/routes/checkout.ts:30
Issue: Tax calculation, inventory decrement, and email sending all live inline in the route handler — untestable without HTTP, and reused nowhere.
Principle: Separation of concerns / SRP.
Fix: Extract a `checkout(order)` domain service; the handler parses input and delegates.

[Low] Helper module exports a single-use constant that belongs with its caller
File: src/utils/misc.ts:2
Issue: `MAX_RETRIES` is used only by `fetchClient.ts`; placing it in a grab-bag `misc.ts` weakens cohesion.
Principle: Cohesion / module boundaries.
Fix: Move the constant next to its sole consumer.
```

End with an overall architecture health summary and recommendations, then the score and footer line from the shared contract.

## Never
- Never enforce patterns that don't fit the project's architecture
- Never flag one-time code for premature abstraction
- Never prioritize theoretical purity over practical maintainability

## Communication
When working on a team, report:
- Principle violations found
- Architectural concerns
- Overall code health assessment

Related Skills

review-wordpress

5
from forbee-dev/ForgeBee

Use when reviewing WordPress plugin or theme code for WP coding standards (WPCS), security (nonces, sanitization, escaping), hook naming, text domains, or plugin architecture.

review-tests

5
from forbee-dev/ForgeBee

Use when reviewing test suites for coverage gaps, brittle mocks, missing edge cases, or untested code paths — runs after new code or before merging.

review-security

5
from forbee-dev/ForgeBee

Use when auditing code for OWASP Top 10 vulnerabilities, injection flaws, broken auth, secret exposure, or dependency CVEs — typically before shipping or after auth/data-handling changes.

review-prompt

5
from forbee-dev/ForgeBee

Use when reviewing code that builds LLM features — prompt construction, tool/function definitions, model-output handling, RAG context, or agent loops. Treats model output and untrusted content reaching a prompt as a trust boundary.

review-performance

5
from forbee-dev/ForgeBee

Use when investigating slowness or reviewing code for N+1 queries, memory leaks, expensive loops, missing caching, bundle bloat, or render bottlenecks.

review-docs

5
from forbee-dev/ForgeBee

Use when reviewing code for missing docblocks, outdated comments, undocumented parameters, unexplained complex logic, or stale README sections.

review-database

5
from forbee-dev/ForgeBee

Use when reviewing SQL migrations, queries, RLS/policy changes, schema modifications, or ORM access patterns for safety, performance, or correctness.

review-code

5
from forbee-dev/ForgeBee

Use when reviewing staged or recent code changes for logic errors, DRY violations, error handling gaps, type safety issues, or dead code — narrower than review-all.

review-code-style

5
from forbee-dev/ForgeBee

Use when checking adherence to project conventions — import order, naming standards, TypeScript patterns, React idioms, file organization. Not formatting (use a linter).

review-api

5
from forbee-dev/ForgeBee

Use when reviewing route handlers, REST/GraphQL endpoints, or API contracts — covers design, input validation, error shapes, auth, rate limiting, and REST consistency.

review-all

5
from forbee-dev/ForgeBee

Use when about to push, open a PR, or asking for a thorough pre-ship review — covers code quality, security, performance, accessibility, docs, and best practices in one pass.

review-accessibility

5
from forbee-dev/ForgeBee

Use when auditing UI changes for WCAG 2.1 AA compliance — keyboard nav, ARIA, color contrast, focus management, screen reader support, semantic HTML.