Encore Code Review

What it does

This skill, Encore Code Review, provides automated code review for backend Python and Java projects developed using the Encore.ts framework. It identifies potential issues related to performance, security vulnerabilities (like SQL injection), and maintainability best practices within the codebase. The tool focuses on common errors such as improper infrastructure declaration, incorrect import statements, missing error handling, and exposing internal endpoints.

When to use it

• During pull request reviews for Encore.ts projects.
• As part of a continuous integration (CI) pipeline to automatically check code quality.
• When onboarding new developers to an Encore.ts project to ensure adherence to coding standards.
• To proactively identify and address potential issues before they impact production environments.
• For routine checks on existing Encore.ts projects to maintain code health.

Key capabilities

• Identifies infrastructure declared within functions.
• Flags the use of require() instead of import.
• Detects incorrect service import patterns, recommending usage of ~encore/clients.
• Checks for missing error handling and suggests using APIError.
• Highlights potential SQL injection risks and promotes safe query practices.
• Identifies missing type annotations in API endpoints.
• Flags exposed internal endpoints that should likely be private.
• Detects non-idempotent subscription handlers.

Example prompts

• "Review this pull request for Encore.ts code, focusing on security and maintainability."
• "Analyze this file for common Encore.ts coding errors."
• "Check this code snippet for potential SQL injection vulnerabilities."

Tips & gotchas

• This skill is specifically designed for backend projects using the Encore.ts framework in Python or Java. It will not be effective on other types of codebases.
• The skill highlights "critical" and "warning" issues, which should both be addressed based on project-specific risk tolerance.