Update documentation with AI IDE context recommendations and improve starter prompt
This commit is contained in:
163
.ai-workflows/code-review.md
Normal file
163
.ai-workflows/code-review.md
Normal file
@ -0,0 +1,163 @@
|
||||
# Code Review Guide for AI Assistants
|
||||
|
||||
This document provides guidance for AI assistants to help with code review for the Fix Plugin Does Not Exist Notices plugin.
|
||||
|
||||
## Code Review Checklist
|
||||
|
||||
When reviewing code, check for the following:
|
||||
|
||||
### Functionality
|
||||
|
||||
- [ ] Does the code work as expected?
|
||||
- [ ] Does it handle edge cases appropriately?
|
||||
- [ ] Are there any logical errors?
|
||||
- [ ] Is error handling implemented properly?
|
||||
|
||||
### Code Quality
|
||||
|
||||
- [ ] Does the code follow WordPress coding standards?
|
||||
- [ ] Is the code well-organized and easy to understand?
|
||||
- [ ] Are there any code smells (duplicate code, overly complex functions, etc.)?
|
||||
- [ ] Are functions and variables named appropriately?
|
||||
- [ ] Are there appropriate comments and documentation?
|
||||
|
||||
### Security
|
||||
|
||||
- [ ] Is user input properly validated and sanitized?
|
||||
- [ ] Is output properly escaped?
|
||||
- [ ] Are capability checks used for user actions?
|
||||
- [ ] Are nonces used for form submissions?
|
||||
- [ ] Are there any potential SQL injection vulnerabilities?
|
||||
- [ ] Are there any potential XSS vulnerabilities?
|
||||
|
||||
### Performance
|
||||
|
||||
- [ ] Are there any performance bottlenecks?
|
||||
- [ ] Are database queries optimized?
|
||||
- [ ] Is caching used appropriately?
|
||||
- [ ] Are assets (CSS, JS) properly enqueued?
|
||||
|
||||
### Compatibility
|
||||
|
||||
- [ ] Is the code compatible with the minimum supported WordPress version (5.0)?
|
||||
- [ ] Is the code compatible with the minimum supported PHP version (7.0)?
|
||||
- [ ] Are there any browser compatibility issues?
|
||||
- [ ] Are there any conflicts with other plugins?
|
||||
|
||||
### Internationalization
|
||||
|
||||
- [ ] Are all user-facing strings translatable?
|
||||
- [ ] Is the correct text domain used?
|
||||
- [ ] Are translation functions used correctly?
|
||||
|
||||
### Accessibility
|
||||
|
||||
- [ ] Does the code follow accessibility best practices?
|
||||
- [ ] Are ARIA attributes used appropriately?
|
||||
- [ ] Is keyboard navigation supported?
|
||||
- [ ] Is screen reader support implemented?
|
||||
|
||||
## Code Review Process
|
||||
|
||||
### 1. Understand the Context
|
||||
|
||||
Before reviewing code, understand:
|
||||
- What problem is the code trying to solve?
|
||||
- What are the requirements?
|
||||
- What are the constraints?
|
||||
|
||||
### 2. Review the Code
|
||||
|
||||
Review the code with the checklist above in mind.
|
||||
|
||||
### 3. Provide Feedback
|
||||
|
||||
When providing feedback:
|
||||
- Be specific and clear
|
||||
- Explain why a change is needed
|
||||
- Provide examples or suggestions when possible
|
||||
- Prioritize feedback (critical issues vs. minor improvements)
|
||||
- Be constructive and respectful
|
||||
|
||||
### 4. Follow Up
|
||||
|
||||
After the code has been updated:
|
||||
- Review the changes
|
||||
- Verify that issues have been addressed
|
||||
- Provide additional feedback if necessary
|
||||
|
||||
## Common Issues to Look For
|
||||
|
||||
### PHP Issues
|
||||
|
||||
- Undefined variables or functions
|
||||
- Incorrect function parameters
|
||||
- Missing return statements
|
||||
- Improper error handling
|
||||
- Inefficient loops or conditionals
|
||||
- Hardcoded values that should be configurable
|
||||
|
||||
### WordPress-Specific Issues
|
||||
|
||||
- Incorrect hook usage
|
||||
- Missing or incorrect nonces
|
||||
- Missing capability checks
|
||||
- Direct database queries instead of using WordPress functions
|
||||
- Improper enqueuing of scripts and styles
|
||||
- Not using WordPress functions for common tasks
|
||||
|
||||
### JavaScript Issues
|
||||
|
||||
- Undefined variables or functions
|
||||
- Event listener memory leaks
|
||||
- jQuery conflicts
|
||||
- Browser compatibility issues
|
||||
- Missing error handling
|
||||
|
||||
### CSS Issues
|
||||
|
||||
- Browser compatibility issues
|
||||
- Specificity issues
|
||||
- Unused styles
|
||||
- Overriding WordPress admin styles inappropriately
|
||||
|
||||
## Example Feedback
|
||||
|
||||
### Good Feedback Example
|
||||
|
||||
```
|
||||
In function `handle_remove_reference()`:
|
||||
|
||||
1. The nonce check is missing, which could lead to CSRF vulnerabilities.
|
||||
Consider adding:
|
||||
```php
|
||||
if (!isset($_GET['_wpnonce']) || !wp_verify_nonce($_GET['_wpnonce'], 'fpden_remove_reference')) {
|
||||
wp_die(__('Security check failed.', 'fix-plugin-does-not-exist-notices'));
|
||||
}
|
||||
```
|
||||
|
||||
2. The user capability check should be more specific. Instead of:
|
||||
```php
|
||||
if (!current_user_can('manage_options')) {
|
||||
```
|
||||
Consider using:
|
||||
```php
|
||||
if (!current_user_can('activate_plugins')) {
|
||||
```
|
||||
This is more appropriate for the action being performed.
|
||||
|
||||
3. The success message should be translatable:
|
||||
```php
|
||||
// Change this:
|
||||
add_settings_error('fpden', 'fpden_removed', 'Plugin reference removed successfully.', 'updated');
|
||||
|
||||
// To this:
|
||||
add_settings_error('fpden', 'fpden_removed', __('Plugin reference removed successfully.', 'fix-plugin-does-not-exist-notices'), 'updated');
|
||||
```
|
||||
```
|
||||
|
||||
### Poor Feedback Example
|
||||
|
||||
```
|
||||
This code has security issues and doesn't follow best practices. Fix it.
|
||||
```
|
||||
Reference in New Issue
Block a user