Explore

Reviews web UI for WCAG compliance — semantic HTML, ARIA usage, keyboard navigation, color contrast, and screen reader compatibility. Accessibility bugs exclude real users and often violate legal requirements, yet they are invisible to sighted mouse-users during development.

Reviews REST API design for consistency, correctness, and security — covering endpoint naming, input validation, HTTP status codes, pagination, and rate limiting. Poorly designed APIs create integration headaches that compound with every new consumer.

Code review rules for DRY/SOLID layered architecture in fullstack TypeScript applications. Covers dependency direction, service/repository patterns, factory injection, domain entities, security hardening, performance optimization, and code quality patterns. Use this skill when reviewing, writing, or refactoring fullstack TypeScript code with layered architecture — especially before merging pull requests. Triggers on tasks involving code review, architecture review, SOLID principles, clean architecture, or quality checks for fullstack TypeScript projects.

Comprehensive code review rules for WordPress plugin and theme development. Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring WordPress/PHP code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for WordPress projects.

Reviews CI/CD pipelines, deployment configuration, and dependency management — build caching, environment parity, rollback strategies, and supply chain security. Broken pipelines block every developer on the team; insecure pipelines can compromise production.

Team-specific coding conventions detected and accepted from real codebases. Rules in this skill enforce patterns that the team has explicitly adopted rather than generic best practices.

Reviews error handling patterns — error boundaries, structured logging, graceful degradation, and user-facing error communication. Silent failures and swallowed exceptions are the leading cause of "it works on my machine" bugs that only surface in production.

Reviews git practices — commit message quality, branch naming, merge strategy, and secret prevention. Poor git hygiene creates archaeology problems: future developers cannot understand why changes were made, and leaked secrets require expensive credential rotation.

Review rules and best practices for popular hosted database platforms including connection pooling, backups, and scaling.

Lint MySQL and MariaDB schemas, queries, and migrations for performance, security, and best practices.

Comprehensive code review rules for Next.js, React, and TypeScript applications. Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring Next.js/React code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for React/Next.js/TypeScript projects.

Opinionated best practices for full-stack Next.js 14+ App Router applications with Supabase. Covers project structure, data fetching, auth, RLS, server actions, components, TypeScript, performance, error handling, security, and testing.

Reviews Node.js code for security vulnerabilities — input sanitization, eval/exec prevention, HTTP header hardening, dependency risks, and prototype pollution. Server-side JavaScript runs with full system access, so a single unsanitized input can compromise the entire host.

Lint PostgreSQL schemas, migrations, and functions using splinter, squawk, plpgsql_check, and pgTAP.

Comprehensive code review rules for React applications (framework-agnostic). Covers security anti-patterns, performance pitfalls, architecture mistakes, and code quality issues. Use this skill when reviewing, writing, or refactoring React code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for React/TypeScript projects. Does not cover Next.js-specific patterns (see nextjs-review for that).

Reviews SQL and database design for correctness and performance — indexing strategy, query patterns, normalization, and migration safety. Bad queries and missing indexes are invisible until production traffic exposes them as outages.

Comprehensive code review rules for Supabase applications including RLS security, auth patterns, query performance, migration workflows, and type safety. Use this skill when reviewing, writing, or refactoring Supabase-backed code — especially before merging pull requests. Triggers on tasks involving code review, PR review, security audit, performance review, or quality checks for Supabase/PostgreSQL projects.

Reviews Tailwind CSS usage for consistency, responsive design, and maintainability — utility extraction, design token adherence, and avoiding inline style duplication. Unstructured Tailwind usage leads to 300-character class strings that no one can read or maintain.

Reviews test quality across unit, integration, and E2E layers — test isolation, assertion clarity, factory patterns, and coverage gaps. Tests that pass but do not actually verify behavior create false confidence that leads to production incidents.

Enforces strict TypeScript practices — proper generics, discriminated unions, exhaustive checks, and elimination of any. Weak types propagate silently through a codebase, so this skill catches the patterns that erode type safety before they spread.

Reviews front-end code for performance — Core Web Vitals, lazy loading, image optimization, bundle size, and rendering efficiency. Performance directly impacts conversion rates and search rankings, but degradation happens gradually and is easy to miss in development.