Skip to content

Add code-review agent skill for Workers code validation#28267

Merged
elithrar merged 1 commit into
productionfrom
code-review-skill
Feb 11, 2026
Merged

Add code-review agent skill for Workers code validation#28267
elithrar merged 1 commit into
productionfrom
code-review-skill

Conversation

@elithrar

Copy link
Copy Markdown
Collaborator

Adds a reusable agent skill at .agents/skills/code-review/ that teaches agents how to review Workers and Cloudflare Developer Platform code for correctness.

The skill is retrieval-biased — it tells agents how to fetch and validate against the latest published types and schemas rather than baking in code examples, type definitions, or config snippets that go stale.

Structure

.agents/skills/code-review/
├── SKILL.md                     # 129 lines — review process, rules, anti-patterns, output format
└── references/
    ├── workers-types.md         #  87 lines — type retrieval, integrity rules, common mistakes
    ├── wrangler-config.md       #  80 lines — schema retrieval, validation checks, config mistakes
    └── common-patterns.md       # 135 lines — what to verify, mechanical checks, serialization, security

What it covers

  • Retrieval of latest @cloudflare/workers-types and wrangler config schema via npm pack (not pinned to the docs repo's outdated dependencies)
  • Code categorization (Illustrative / Demonstrative / Executable) with expectations per category
  • Type system integrity: no any, no double-casting, no unjustified @ts-ignore, prefer satisfies over as
  • Binding access validation (env.X vs this.env.X) with mechanical grep checks
  • Floating promise detection, including oxlint --type-aware --deny typescript/no-floating-promises and manual search patterns for step.do/step.sleep/fetch
  • Serialization boundary enforcement (Queue messages, Workflow step returns, DO storage) — flags Response, Error, and other non-structured-clone types
  • Stale class/API pattern detection (implements vs extends, renamed properties, wrong import paths)
  • Security logic escalation for crypto/auth code where correct API usage masks incorrect surrounding logic
  • Config-code consistency, DO migration requirements, streaming vs buffering, conciseness

Design decisions

Supersedes the inline rules in .opencode/agent/review-code-examples.md (updating that agent to load this skill is a separate follow-up).

@elithrar
elithrar requested a review from a team February 11, 2026 15:46
@github-actions

Copy link
Copy Markdown
Contributor

This pull request requires reviews from CODEOWNERS as it changes files that match the following patterns:

Pattern Owners
* @cloudflare/pcx-technical-writing

@elithrar elithrar self-assigned this Feb 11, 2026
@github-actions

Copy link
Copy Markdown
Contributor

@elithrar
elithrar enabled auto-merge (squash) February 11, 2026 16:04
@elithrar
elithrar merged commit 37fb809 into production Feb 11, 2026
12 checks passed
@elithrar
elithrar deleted the code-review-skill branch February 11, 2026 16:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants