generic-fullstack-code-reviewer

Review full-stack code for bugs, security vulnerabilities, performance issues, accessibility gaps, and CLAUDE.md compliance. Enforces TypeScript strict mode, input validation, GPU-accelerated animations, and design system consistency. Use when completing features, before commits, or reviewing pull requests.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "generic-fullstack-code-reviewer" with this command: npx skills add travisjneuman/.claude/travisjneuman-claude-generic-fullstack-code-reviewer

Fullstack Code Reviewer

Review Next.js/NestJS code against production quality standards.

Extends: Generic Code Reviewer - Read base skill for full code review methodology, P0/P1/P2 priority system, and judgment calls.

Pre-Commit Commands

# Frontend
npm run build        # Next.js build
npm run lint         # ESLint

# Backend
npm run test         # NestJS tests
npm run type-check   # TypeScript

Fullstack-Specific Checks

Backend (NestJS)

Authentication & Authorization:

// Protected routes MUST have auth guard
@UseGuards(JwtAuthGuard)
@Get('profile')
getProfile(@CurrentUser() user: User) {
  return this.userService.findById(user.id);
}

Input Validation (DTOs):

// All inputs validated via class-validator
export class CreateUserDto {
  @IsEmail()
  email: string;

  @IsString()
  @MinLength(8)
  password: string;
}

Database Safety:

// Use Prisma, never raw SQL
// ✓ Good
await this.prisma.user.findUnique({ where: { id } });

// ✗ Bad
await this.prisma.$queryRaw`SELECT * FROM users WHERE id = ${id}`;

Frontend (Next.js)

Server vs Client Components:

// Default: Server Component (can fetch data, no hooks)
export default async function Page() {
  const data = await getData();
  return <div>{data}</div>;
}

// Client: Interactive (hooks, event handlers)
'use client';
export default function Interactive() {
  const [state, setState] = useState();
  return <button onClick={() => setState(...)}>Click</button>;
}

API Route Patterns:

// app/api/[route]/route.ts
export async function POST(request: Request) {
  const body = await request.json();
  // Validate body before processing
  return NextResponse.json({ success: true });
}

Cross-Stack Consistency

Shared Types:

// types/api.ts - Shared between frontend/backend
interface UserResponse {
  id: string;
  email: string;
  createdAt: string;
}

API Contract:

  • Request DTOs match frontend payloads
  • Response types match frontend expectations
  • Error format consistent (status, message, errors[])

Environment & Secrets

# .env (never committed)
DATABASE_URL=postgres://...
JWT_SECRET=...

# Check .env.example exists with placeholder values
# Verify .gitignore includes .env

Prisma Checks

# After schema changes
npx prisma migrate dev --name description
npx prisma generate
  • Migrations are reversible
  • Types regenerated after schema changes
  • Relations properly defined

Testing Requirements

Backend:

  • Unit tests for services
  • E2E tests for API endpoints
  • Mocked database for tests

Frontend:

  • Component tests for interactivity
  • API mocking for integration tests

Quick Fullstack Checklist

  • Auth guards on protected routes
  • DTOs validate all inputs
  • No raw SQL queries
  • Shared types match
  • .env not committed
  • Prisma types current

See Also

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

Security

application-security

No summary provided by upstream source.

Repository SourceNeeds Review
-36
travisjneuman
Security

security

No summary provided by upstream source.

Repository SourceNeeds Review
-32
travisjneuman
Security

seo-analytics-auditor

No summary provided by upstream source.

Repository SourceNeeds Review
-30
travisjneuman