Skills

Neexo Feature Audit Skill

Audits an existing feature for correctness, missing validation, domain-rule gaps, test coverage, and production risk.

AuthorNeexoCore
Sourcegithub.com/NeexoCore/awesome-neexo
Updated
auditfeaturereview

Overview

Use this skill after a feature is built, before it is shipped, or when a domain needs a health check.

Methodology

  1. Scope — identify the feature boundaries: which files, routes, APIs, and database tables are involved
  2. Walk the happy path — trace the primary user flow end-to-end and check for correctness
  3. Probe edge cases — test boundary values, empty states, concurrent access, and error conditions
  4. Check security surface — verify auth, roles, tenant scoping, and input validation
  5. Review data layer — check migrations, query correctness, and cascading deletes/updates
  6. Assess test coverage — identify untested paths and suggest focused tests
  7. Evaluate production readiness — check logging, monitoring, feature flags, and rollback plan

Audit Areas

Area What to Check
Domain rules Business logic constraints, edge cases, state transitions
Auth and roles Role checks on every endpoint, tenant isolation, permission escalation
Database Migration safety, query performance, missing indexes, cascading effects
UI states Loading, empty, error, success states; accessibility; responsive layout
Test coverage Missing unit/integration/E2E tests for critical paths
Error handling Graceful degradation, user-facing error messages, retry behavior

Output Format

For each finding, provide:

  • Severity: critical / high / medium / low
  • Area: which audit area (domain, auth, db, UI, test, error)
  • File: affected file path
  • Finding: what is wrong or missing
  • Recommendation: specific fix or test to add

Raw content

Copy this into your project — e.g. .instructions.md, .agent.md, or SKILL.md

## Overview

Use this skill after a feature is built, before it is shipped, or when a domain needs a health check.

## Methodology

1. **Scope** — identify the feature boundaries: which files, routes, APIs, and database tables are involved
2. **Walk the happy path** — trace the primary user flow end-to-end and check for correctness
3. **Probe edge cases** — test boundary values, empty states, concurrent access, and error conditions
4. **Check security surface** — verify auth, roles, tenant scoping, and input validation
5. **Review data layer** — check migrations, query correctness, and cascading deletes/updates
6. **Assess test coverage** — identify untested paths and suggest focused tests
7. **Evaluate production readiness** — check logging, monitoring, feature flags, and rollback plan

## Audit Areas

| Area | What to Check |
|------|--------------|
| Domain rules | Business logic constraints, edge cases, state transitions |
| Auth and roles | Role checks on every endpoint, tenant isolation, permission escalation |
| Database | Migration safety, query performance, missing indexes, cascading effects |
| UI states | Loading, empty, error, success states; accessibility; responsive layout |
| Test coverage | Missing unit/integration/E2E tests for critical paths |
| Error handling | Graceful degradation, user-facing error messages, retry behavior |

## Output Format

For each finding, provide:

- **Severity**: critical / high / medium / low
- **Area**: which audit area (domain, auth, db, UI, test, error)
- **File**: affected file path
- **Finding**: what is wrong or missing
- **Recommendation**: specific fix or test to add