### Install Dependencies and Setup Source: https://github.com/ctxr-dev/skill-code-review/blob/main/CONTRIBUTING.md Installs development dependencies and configures the pre-commit hook using Husky. ```bash npm install ``` -------------------------------- ### Manual Installation Source: https://github.com/ctxr-dev/skill-code-review/blob/main/README.md Installs the Code Review Skill manually by cloning the repository and copying files. ```bash git clone https://github.com/ctxr-dev/skill-code-review.git /tmp/skill-code-review mkdir -p .agents/skills cp -r /tmp/skill-code-review .agents/skills/skill-code-review ``` -------------------------------- ### Interactive Tool Installation Source: https://github.com/ctxr-dev/skill-code-review/blob/main/README.md Enables an interactive mode that prompts to install missing linters. ```text /skill-code-review tools=interactive ``` -------------------------------- ### Git Submodule Installation Source: https://github.com/ctxr-dev/skill-code-review/blob/main/README.md Installs the Code Review Skill as a Git submodule in your project. ```bash git submodule add https://github.com/ctxr-dev/skill-code-review.git \ .agents/skills/skill-code-review ``` -------------------------------- ### Example Run Directory Path Source: https://github.com/ctxr-dev/skill-code-review/blob/main/docs/code-reviewer-design.md Shows an example of the directory structure used to store code review artifacts. The path includes a shard identifier and a unique run ID, facilitating organized storage and retrieval. ```text .skill-code-review/a3/20260426-001512-a3f7c9b/ ``` -------------------------------- ### Shellcheck Example with Sourced Files Source: https://github.com/ctxr-dev/skill-code-review/blob/main/reviewers.wiki/correctness-discipline/lang-shell-bash.md Illustrates how to use `shellcheck -x` to follow sourced files during analysis. This is useful for ensuring that logic in included scripts also adheres to best practices. ```shell #!/bin/bash # shellcheck source-path=./lib/ . ./lib/my_functions.sh # Main script logic here ``` -------------------------------- ### Show Help Source: https://github.com/ctxr-dev/skill-code-review/blob/main/README.md Displays all available arguments and options for the skill-code-review command. ```text /skill-code-review help ``` -------------------------------- ### Install Code Review Skill Source: https://github.com/ctxr-dev/skill-code-review/blob/main/README.md Installs the Code Review Skill into your project using npm. ```bash npx @ctxr/kit@latest install @ctxr/skill-code-review ``` -------------------------------- ### Install Upstream FSM Version Source: https://github.com/ctxr-dev/skill-code-review/blob/main/CONTRIBUTING.md Revert to a pinned upstream form of the FSM before committing. This ensures consistency by installing a specific commit hash of the FSM package. ```bash SHA=$(gh api repos/ctxr-dev/fsm/commits/main --jq '.sha') npm install --save "@ctxr/fsm@git+https://github.com/ctxr-dev/fsm.git#$SHA" ``` -------------------------------- ### Start Code Review Source: https://github.com/ctxr-dev/skill-code-review/blob/main/SKILL.md Initiates the code review process. Use `--base` and `--head` to specify the branches for comparison. Additional flags can be passed as key-value pairs. ```bash node scripts/run-review.mjs --start --base --head [--=...] ``` -------------------------------- ### Store-Load Reordering Example Source: https://github.com/ctxr-dev/skill-code-review/blob/main/reviewers.wiki/lock-numa/conc-memory-model-ordering.md Illustrates potential store-load reordering on weaker memory models like ARM or POWER, where loads can be reordered before stores and vice-versa, unlike x86's TSO. ```C++ thread A stores X=1 then loads Y; thread B stores Y=1 then loads X ``` -------------------------------- ### Bulk Update Operation Example Source: https://github.com/ctxr-dev/skill-code-review/blob/main/reviewers.wiki/csrf-missing/sec-idor-and-mass-assignment.md This example shows a common vulnerability where a bulk update operation on a model does not include a user ownership check, allowing unauthorized modifications. ```javascript Model.update({status: 'cancelled'}, {where: {id: req.body.ids}}) ``` -------------------------------- ### Rails Controller Strong Parameters Example Source: https://github.com/ctxr-dev/skill-code-review/blob/main/reviewers.wiki/csrf-missing/sec-idor-and-mass-assignment.md This example points out a critical vulnerability in Rails controllers where `params.permit!` or missing strong parameters in state-changing actions can lead to mass assignment issues. ```ruby params.permit! ``` -------------------------------- ### Makefile Multi-line Recipe Handling Source: https://github.com/ctxr-dev/skill-code-review/blob/main/reviewers.wiki/correctness-discipline/lang-shell-bash.md Demonstrates how to handle multi-line recipes in a Makefile. By default, each line is a separate shell invocation. Use backslash continuation or `.ONESHELL` for single-line execution. ```makefile .PHONY: multi_line_example multi_line_example: echo "First line" \ eecho "Second line" ``` ```makefile .PHONY: oneshell_example .ONESHELL: oneshell_example: echo "This is line 1" echo "This is line 2" ```