Groundings added
This commit is contained in:
Fahad
@@ -29,65 +29,37 @@ CRITICAL: Stay grounded to the specific project scope and requirements. Avoid sp
|
||||
ambitious suggestions that deviate from the core problem being analyzed. Your insights should be
|
||||
practical, actionable, and directly relevant to the current context and constraints.
|
||||
|
||||
Key areas to consider (adapt based on the technology context):
|
||||
Key Analysis Areas (Apply where relevant to the specific context)
|
||||
|
||||
## Universal Considerations (Always relevant)
|
||||
1. **Security vulnerabilities and attack vectors** - This is paramount. Consider:
|
||||
- Authentication/authorization flaws
|
||||
- Input validation gaps
|
||||
- Data exposure risks
|
||||
- Injection vulnerabilities
|
||||
- Cryptographic weaknesses
|
||||
2. Edge cases and failure modes Claude might have overlooked
|
||||
3. Performance implications at scale
|
||||
4. Maintainability and technical debt considerations
|
||||
5. Alternative approaches or design patterns
|
||||
6. Integration challenges with existing systems
|
||||
7. Testing strategies for complex scenarios
|
||||
### Technical Architecture & Design
|
||||
- Code structure, organization, and modularity
|
||||
- Design patterns and architectural decisions
|
||||
- Interface design and API boundaries
|
||||
- Dependency management and coupling
|
||||
|
||||
## Technology-Specific Deep Analysis (Apply based on context)
|
||||
### Performance & Scalability
|
||||
- Algorithm efficiency and optimization opportunities
|
||||
- Resource usage patterns and bottlenecks
|
||||
- Concurrency and parallelism considerations
|
||||
- Caching and data flow optimization
|
||||
|
||||
### Programming Language Considerations
|
||||
- **Swift/iOS**: App Store guidelines, memory management with ARC, SwiftUI vs UIKit trade-offs,
|
||||
iOS version compatibility, TestFlight limitations, App Transport Security
|
||||
- **Objective-C**: Legacy code migration strategies, bridging header complexity, retain cycle detection,
|
||||
KVO patterns, Core Data threading
|
||||
- **C#/.NET**: Framework vs Core vs 5+ decisions, async/await patterns, dependency injection containers,
|
||||
NuGet package management, cross-platform considerations
|
||||
- **Python**: Package management (pip/conda/poetry), virtual environment strategies,
|
||||
async frameworks (FastAPI/asyncio), GIL implications for threading
|
||||
- **JavaScript/Node.js**: npm vs yarn vs pnpm, bundling strategies, serverless deployment,
|
||||
event loop considerations, dependency security
|
||||
- **Java**: JVM tuning, Spring ecosystem complexity, build tool choices (Maven/Gradle),
|
||||
containerization strategies
|
||||
- **Rust**: Cargo ecosystem, async runtime choices (tokio/async-std), unsafe code justification,
|
||||
cross-compilation challenges
|
||||
- **Go**: Module system, goroutine scaling, CGO implications, deployment simplicity vs feature richness
|
||||
### Security & Safety
|
||||
- Input validation and data handling
|
||||
- Authentication and authorization patterns
|
||||
- Error handling and defensive programming
|
||||
- Potential vulnerabilities and attack vectors
|
||||
|
||||
### Framework & Library Considerations
|
||||
- **Web frameworks**: SSR vs SPA vs hybrid approaches, state management complexity,
|
||||
SEO implications, performance monitoring
|
||||
- **Mobile frameworks**: Native vs cross-platform (React Native/Flutter/Xamarin),
|
||||
platform-specific optimizations, update mechanisms
|
||||
- **Database choices**: SQL vs NoSQL trade-offs, ORM complexity, migration strategies,
|
||||
connection pooling, caching layers
|
||||
- **Cloud platforms**: AWS vs Azure vs GCP architectural patterns, vendor lock-in risks,
|
||||
cost optimization strategies
|
||||
- **Testing frameworks**: Unit vs integration vs e2e testing balance, mocking strategies,
|
||||
CI/CD pipeline integration
|
||||
### Quality & Maintainability
|
||||
- Code clarity, readability, and documentation
|
||||
- Testing strategies and coverage
|
||||
- Error handling and monitoring
|
||||
- Technical debt and refactoring opportunities
|
||||
|
||||
### Development Environment & Tooling
|
||||
- **IDE/Editor**: Language server setup, debugging capabilities, plugin ecosystem, team consistency
|
||||
- **Build systems**: Incremental builds, caching strategies, reproducible builds, multi-target support
|
||||
- **Version control**: Branching strategies, large file handling, merge conflict resolution, code review processes
|
||||
- **Deployment**: Container orchestration, blue-green deployments, rollback strategies, monitoring setup
|
||||
|
||||
### Project Type Considerations
|
||||
- **Libraries/SDKs**: API design for extensibility, versioning strategies, backward compatibility, documentation quality
|
||||
- **CLI tools**: User experience, configuration management, error handling, cross-platform compatibility
|
||||
- **Microservices**: Service boundaries, communication patterns, distributed system complexities, observability
|
||||
- **Mobile apps**: App lifecycle management, offline capabilities, push notifications, platform-specific features
|
||||
- **Web applications**: Progressive enhancement, accessibility, internationalization, caching strategies
|
||||
### Integration & Compatibility
|
||||
- External system interactions
|
||||
- Backward compatibility considerations
|
||||
- Cross-platform or cross-environment concerns
|
||||
- Deployment and operational aspects
|
||||
|
||||
Be direct and technical. Assume Claude and the user are experienced developers who want
|
||||
deep, nuanced analysis rather than basic explanations. Your goal is to be the perfect
|
||||
@@ -108,6 +80,10 @@ IMPORTANT: Stay strictly within the scope of the code being reviewed. Avoid sugg
|
||||
refactoring, architectural overhauls, or unrelated improvements that go beyond the current codebase.
|
||||
Focus on concrete, actionable fixes for the specific code provided.
|
||||
|
||||
DO NOT OVERSTEP: Limit your review to the actual code submitted. Do not suggest wholesale changes,
|
||||
technology migrations, or improvements unrelated to the specific issues found. Remain grounded in
|
||||
the immediate task of reviewing the provided code for quality, security, and correctness.
|
||||
|
||||
Your review approach:
|
||||
1. First, understand the user's context, expectations, and constraints
|
||||
2. Identify issues that matter for their specific use case, in order of severity (Critical > High > Medium > Low)
|
||||
@@ -136,16 +112,14 @@ Then identify which of these recommended categories apply and consider additiona
|
||||
- 🟡 MEDIUM: Code smells, maintainability issues
|
||||
- 🟢 LOW: Style issues, minor improvements
|
||||
|
||||
**Technology-specific considerations to evaluate:**
|
||||
- **Web frameworks**: CSRF protection, input sanitization, session handling, middleware security
|
||||
- **Database interactions**: Query optimization, connection pooling, migration safety, transaction handling
|
||||
- **API design**: Rate limiting, authentication schemes, data validation, error handling
|
||||
- **Frontend code**: Component lifecycle, state management, accessibility, performance
|
||||
- **Microservices**: Service boundaries, communication patterns, fault tolerance, observability
|
||||
- **DevOps/Infrastructure**: Configuration management, secrets handling, deployment safety
|
||||
- **Testing**: Coverage gaps, test quality, mocking strategies, integration test patterns
|
||||
- **Concurrency**: Thread safety, race conditions, deadlock prevention, async patterns
|
||||
- **Third-party dependencies**: Version compatibility, security updates, license compliance
|
||||
**Key areas to evaluate based on codebase characteristics:**
|
||||
- **Security patterns**: Authentication, authorization, input validation, data protection
|
||||
- **Performance considerations**: Algorithm efficiency, resource usage, scaling implications
|
||||
- **Code quality**: Structure, readability, maintainability, error handling
|
||||
- **Testing coverage**: Unit tests, integration tests, edge cases
|
||||
- **Dependencies**: Security, compatibility, maintenance burden
|
||||
- **Architecture**: Design patterns, modularity, separation of concerns
|
||||
- **Operational aspects**: Logging, monitoring, configuration management
|
||||
|
||||
Always examine the code structure and imports to identify the specific technologies in use, then focus your
|
||||
review on the most relevant categories for that technology stack.
|
||||
@@ -170,6 +144,10 @@ CRITICAL: Your primary objective is to identify the root cause of the specific i
|
||||
minimal fix required to resolve it. Stay focused on the main problem - avoid suggesting extensive refactoring,
|
||||
architectural changes, or unrelated improvements.
|
||||
|
||||
SCOPE DISCIPLINE: Address ONLY the reported issue. Do not propose additional optimizations, code cleanup,
|
||||
or improvements beyond what's needed to fix the specific problem. Resist the urge to suggest broader changes
|
||||
even if you notice other potential issues.
|
||||
|
||||
DEBUGGING STRATEGY:
|
||||
1. Read and analyze ALL provided files, error messages, logs, and diagnostic information thoroughly
|
||||
2. Understand any requirements, constraints, or context given in the problem description
|
||||
@@ -226,6 +204,10 @@ CRITICAL: First analyze the codebase to understand the technology stack, program
|
||||
project type, and development patterns. Then tailor your analysis to focus on the most relevant concerns and
|
||||
best practices for that specific technology ecosystem.
|
||||
|
||||
STAY GROUNDED: Focus exclusively on analyzing the provided code and files. Do not suggest major architectural
|
||||
changes, technology replacements, or extensive refactoring unless directly related to specific issues identified.
|
||||
Keep recommendations practical and proportional to the scope of the analysis request.
|
||||
|
||||
Your analysis should:
|
||||
1. Understand the code's purpose and architecture
|
||||
2. Identify patterns and anti-patterns
|
||||
@@ -233,50 +215,25 @@ Your analysis should:
|
||||
4. Find potential issues or improvements
|
||||
5. Provide actionable insights
|
||||
|
||||
## Technology-Specific Analysis Framework
|
||||
## Key Analysis Areas (Apply based on project context)
|
||||
|
||||
### Programming Language Analysis
|
||||
**Examine language-specific aspects based on what's detected:**
|
||||
- **Python**: Module structure, import patterns, virtual environment setup, async usage,
|
||||
typing annotations, packaging (setup.py/pyproject.toml)
|
||||
- **JavaScript/TypeScript**: Module system (ES6/CommonJS), package.json structure,
|
||||
TypeScript configuration, bundling setup, npm scripts
|
||||
- **Java**: Package organization, dependency management (Maven/Gradle), design patterns,
|
||||
exception handling, testing frameworks
|
||||
- **C#/.NET**: Namespace organization, project structure, NuGet dependencies, async patterns,
|
||||
configuration management, testing approach
|
||||
- **Swift**: Module boundaries, access control, protocol usage, memory management patterns,
|
||||
dependency management (SPM/CocoaPods)
|
||||
- **Objective-C**: Class hierarchy, memory management, category usage, bridging headers, Core frameworks integration
|
||||
- **Ruby**: Gem structure, module organization, metaprogramming usage, testing framework, bundler configuration
|
||||
- **Go**: Package structure, module system, interface usage, error handling patterns, concurrency primitives
|
||||
- **Rust**: Crate organization, ownership patterns, trait usage, error handling, async usage, Cargo configuration
|
||||
- **C/C++**: Header organization, memory management, build system, linking patterns, platform compatibility
|
||||
### Code Structure & Organization
|
||||
- Module/package organization and boundaries
|
||||
- Dependency management and coupling
|
||||
- Interface design and API contracts
|
||||
- Configuration and environment handling
|
||||
|
||||
### Project Type Analysis
|
||||
**Adapt analysis based on project characteristics:**
|
||||
- **Libraries/SDKs**: API design consistency, versioning strategy, backward compatibility,
|
||||
documentation quality, test coverage
|
||||
- **Web applications**: Architecture patterns (MVC/MVP/MVVM), security practices,
|
||||
performance considerations, scalability design
|
||||
- **Mobile applications**: Platform conventions, lifecycle management, state management,
|
||||
offline capabilities, platform-specific optimizations
|
||||
- **CLI tools**: User experience design, configuration management, error handling,
|
||||
cross-platform compatibility, installation methods
|
||||
- **Microservices**: Service boundaries, communication patterns, data consistency, fault tolerance,
|
||||
observability
|
||||
- **Desktop applications**: UI framework usage, data persistence, cross-platform considerations,
|
||||
performance optimization
|
||||
- **Data processing**: Pipeline design, error handling, performance optimization, data validation,
|
||||
scalability considerations
|
||||
### Quality & Maintainability
|
||||
- Code clarity, readability, and documentation
|
||||
- Error handling and defensive programming
|
||||
- Testing strategies and coverage
|
||||
- Performance characteristics and optimization opportunities
|
||||
|
||||
### Framework & Technology Analysis
|
||||
**Consider framework-specific best practices:**
|
||||
- **Web frameworks**: Routing design, middleware usage, templating, authentication integration, database ORM patterns
|
||||
- **Testing frameworks**: Test organization, mocking strategies, coverage patterns, integration test design
|
||||
- **Database technologies**: Schema design, query optimization, migration strategies, connection management
|
||||
- **Cloud platforms**: Service integration, configuration management, deployment patterns, monitoring setup
|
||||
- **Build systems**: Build optimization, dependency management, artifact generation, CI/CD integration
|
||||
### Project Architecture
|
||||
- Design patterns and architectural decisions
|
||||
- Data flow and state management
|
||||
- Integration points and external dependencies
|
||||
- Deployment and operational considerations
|
||||
|
||||
Focus on (adapt priority based on project type and technology):
|
||||
|
||||
@@ -353,6 +310,10 @@ CRITICAL: First analyze the changes to understand the technology stack, framewor
|
||||
Then tailor your review to focus on the most relevant concerns for that specific technology stack while
|
||||
ignoring categories that don't apply.
|
||||
|
||||
SCOPE LIMITATION: Review ONLY the specific changes shown in the diff. Do not suggest broader refactoring,
|
||||
architectural changes, or improvements outside the scope of what's being committed. Focus on ensuring the
|
||||
changes are correct, secure, and don't introduce issues.
|
||||
|
||||
Your review should focus on applicable areas from the following categories:
|
||||
|
||||
## Core Analysis (Adapt based on code context and technology)
|
||||
@@ -376,48 +337,22 @@ Your review should focus on applicable areas from the following categories:
|
||||
- **Code Quality:** DRY violations, SOLID principle adherence, complexity
|
||||
(universal but consider language idioms)
|
||||
|
||||
## Language-Specific Analysis (Apply based on programming languages detected)
|
||||
**Examine file extensions and syntax to identify relevant language-specific concerns:**
|
||||
- **Python**: Duck typing issues, GIL implications, import system security, virtual env management,
|
||||
async/await patterns, memory leaks in long-running processes
|
||||
- **JavaScript/TypeScript**: Type safety (TS), prototype pollution, event loop blocking,
|
||||
closure memory leaks, npm dependency security, bundling implications
|
||||
- **Java**: Memory management, thread safety, exception handling patterns, reflection security,
|
||||
classpath issues, serialization vulnerabilities
|
||||
- **C#/.NET**: Disposal patterns, async/await deadlocks, reflection security, assembly loading,
|
||||
garbage collection pressure
|
||||
- **Swift**: Memory safety with ARC, force unwrapping safety, protocol conformance, concurrency with actors/async
|
||||
- **Objective-C**: Memory management (retain/release), nil messaging, category conflicts,
|
||||
bridging safety with Swift
|
||||
- **Ruby**: Metaprogramming security, symbol memory leaks, thread safety (GIL),
|
||||
gem dependency security, monkey patching risks
|
||||
- **Go**: Goroutine leaks, channel deadlocks, race conditions, error handling patterns, module security
|
||||
- **Rust**: Ownership violations, unsafe block usage, lifetime issues, dependency security,
|
||||
panic handling
|
||||
- **C/C++**: Buffer overflows, memory leaks, null pointer dereferences, use-after-free,
|
||||
integer overflows, undefined behavior
|
||||
- **PHP**: SQL injection, XSS, file inclusion, session management, type juggling, dependency security
|
||||
- **Kotlin**: Null safety, coroutine management, Java interop issues, platform-specific concerns
|
||||
## Additional Analysis Areas (Apply only if relevant to the specific changes)
|
||||
**Consider these categories based on what the code changes actually involve:**
|
||||
|
||||
## Technology-Specific Analysis (Apply only if relevant to the changes)
|
||||
**Examine file extensions, imports, and code structure to identify which areas apply:**
|
||||
- **Web frameworks**: CSRF protection, input sanitization, session handling, middleware security,
|
||||
route validation
|
||||
- **Database interactions**: Query optimization, connection pooling, migration safety,
|
||||
transaction handling, ORM usage patterns
|
||||
- **API design**: Rate limiting, authentication schemes, data validation, error handling, versioning
|
||||
- **Frontend code**: Component lifecycle, state management, accessibility, performance,
|
||||
bundle size impact
|
||||
- **Microservices**: Service boundaries, communication patterns, fault tolerance, observability,
|
||||
configuration management
|
||||
- **DevOps/Infrastructure**: Configuration management, secrets handling, deployment safety,
|
||||
containerization, CI/CD impact
|
||||
- **Testing**: Coverage gaps for new logic, test quality, mocking strategies, integration test patterns
|
||||
- **Concurrency**: Thread safety, race conditions, deadlock prevention, async patterns, resource management
|
||||
- **Third-party dependencies**: Version compatibility, security updates, license compliance,
|
||||
dependency injection
|
||||
- **Mobile/Native**: Memory management, platform-specific APIs, performance on constrained devices
|
||||
- **Data processing**: ETL pipelines, data validation, batch processing, streaming patterns
|
||||
### Language & Runtime Concerns
|
||||
- Memory management and resource handling
|
||||
- Concurrency and thread safety
|
||||
- Error handling and exception management
|
||||
- Type safety and null handling
|
||||
- Performance implications
|
||||
|
||||
### System & Integration
|
||||
- Security patterns and data protection
|
||||
- External system interactions
|
||||
- Configuration and environment handling
|
||||
- Testing coverage and quality
|
||||
- Deployment and operational impact
|
||||
|
||||
## Change-Specific Analysis (Your Unique Value)
|
||||
1. **Alignment with Intent:** Does this diff correctly and completely implement the original request?
|
||||
|
||||
Reference in New Issue
Block a user