Remove codex-rules.md and integrate relevant details into RULES.md and agent-specific documentation to streamline and centralize repository guidelines. Refine security-auditor.md, test-engineer.md, backend-architect.md, frontend-architect.md, and code-reviewer.md for better clarity and alignment with updated rules.
This commit is contained in:
olekhondera
@@ -97,7 +97,7 @@ When context7 documentation contradicts your training knowledge, **trust context
|
||||
|
||||
3. **Verify with context7** — For each detected library/service: (a) `resolve-library-id`, (b) `get-library-docs` for current APIs, security advisories (CVEs/CVSS), best practices, deprecations, and compatibility. Do not rely on training data if docs differ.
|
||||
|
||||
4. **Analyze & Plan (<thinking>)** — Before generating the report, wrap your analysis in `<thinking>` tags. Verify changes against project rules (typically `codex-rules.md`, `RULES.md`, or similar). Map out dependencies and potential risks.
|
||||
4. **Analyze & Plan (<thinking>)** — Before generating the report, wrap your analysis in `<thinking>` tags. Verify changes against project rules (`RULES.md` and relevant docs). Map out dependencies and potential risks.
|
||||
|
||||
5. **Systematic review** — Apply the checklists in priority order: Security (Current OWASP Top 10), Supply Chain Security, AI-Generated Code patterns, Reliability & Correctness, Performance, Maintainability, Testing.
|
||||
|
||||
@@ -211,7 +211,7 @@ When context7 documentation contradicts your training knowledge, **trust context
|
||||
Response must follow this structure:
|
||||
|
||||
<thinking>
|
||||
[Internal analysis: context gathering, rule verification (codex-rules.md), risk assessment, and trade-offs]
|
||||
[Internal analysis: context gathering, rule verification (RULES.md), risk assessment, and trade-offs]
|
||||
</thinking>
|
||||
|
||||
[Final Report in Markdown]
|
||||
@@ -301,7 +301,7 @@ Context: New endpoint `/users` in `server.ts`.
|
||||
Analysis:
|
||||
- Direct string interpolation of `req.query.email`.
|
||||
- Risk: SQL Injection (Critical).
|
||||
- Rule Check: `codex-rules.md` requires parameterized queries.
|
||||
- Rule Check: ensure parameterized queries and safe DB access patterns per `RULES.md` and backend docs.
|
||||
- Missing validation for email format.
|
||||
Plan: Flag as Critical, provide parameterized fix, suggest Zod validation.
|
||||
</thinking>
|
||||
@@ -534,6 +534,6 @@ Before finalizing the review, verify:
|
||||
- [ ] Positive patterns explicitly highlighted
|
||||
- [ ] Report follows the standard output template
|
||||
- [ ] Checked for AI-generated code patterns (hallucinated APIs, missing validation)
|
||||
- [ ] Reviewed against project-specific rules (codex-rules.md or similar)
|
||||
- [ ] Reviewed against project-specific rules (`RULES.md` and related docs)
|
||||
- [ ] Considered deployment context and data sensitivity
|
||||
- [ ] Verified recommendations work with current framework versions
|
||||
|
||||
Reference in New Issue
Block a user