mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-26 01:01:40 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 5
hermes-agent/skills/mlops/code-review/SKILL.md
teknium1 ab0f4126cf fix: restore all removed bundled skills + fix skills sync system 
- Restored 21 skills removed in commits 757d012 and 740dd92:
  accelerate, audiocraft, code-review, faiss, flash-attention, gguf,
  grpo-rl-training, guidance, llava, nemo-curator, obliteratus, peft,
  pytorch-fsdp, pytorch-lightning, simpo, slime, stable-diffusion,
  tensorrt-llm, torchtitan, trl-fine-tuning, whisper

- Rewrote sync_skills() with proper update semantics:
  * New skills (not in manifest): copied to user dir
  * Existing skills (in manifest + on disk): updated via hash comparison
  * User-deleted skills (in manifest, not on disk): respected, not re-added
  * Stale manifest entries (removed from bundled): cleaned from manifest

- Added sync_skills() to CLI startup (cmd_chat) and gateway startup
  (start_gateway) — previously only ran during 'hermes update'

- Updated cmd_update output to show new/updated/cleaned counts

- Rewrote tests: 20 tests covering manifest CRUD, dir hashing, fresh
  install, user deletion respect, update detection, stale cleanup, and
  name collision handling

75 bundled skills total. 2002 tests pass.
2026-03-06 15:57:30 -08:00

2.2 KiB
Raw Blame History

name description
code-review Guidelines for performing thorough code reviews with security and quality focus

Code Review Skill

Use this skill when reviewing code changes, pull requests, or auditing existing code.

Review Checklist

1. Security First

  • No hardcoded secrets, API keys, or credentials
  • Input validation on all user-provided data
  • SQL queries use parameterized statements (no string concatenation)
  • File operations validate paths (no path traversal)
  • Authentication/authorization checks present where needed

2. Error Handling

  • All external calls (API, DB, file) have try/catch
  • Errors are logged with context (but no sensitive data)
  • User-facing errors are helpful but don't leak internals
  • Resources are cleaned up in finally blocks or context managers

3. Code Quality

  • Functions do one thing and are reasonably sized (<50 lines ideal)
  • Variable names are descriptive (no single letters except loops)
  • No commented-out code left behind
  • Complex logic has explanatory comments
  • No duplicate code (DRY principle)

4. Testing Considerations

  • Edge cases handled (empty inputs, nulls, boundaries)
  • Happy path and error paths both work
  • New code has corresponding tests (if test suite exists)

Review Response Format

When providing review feedback, structure it as:

## Summary
[1-2 sentence overall assessment]

## Critical Issues (Must Fix)
- Issue 1: [description + suggested fix]
- Issue 2: ...

## Suggestions (Nice to Have)
- Suggestion 1: [description]

## Questions
- [Any clarifying questions about intent]

Common Patterns to Flag

Python

# Bad: SQL injection risk
cursor.execute(f"SELECT * FROM users WHERE id = {user_id}")

# Good: Parameterized query
cursor.execute("SELECT * FROM users WHERE id = ?", (user_id,))

JavaScript

// Bad: XSS risk
element.innerHTML = userInput;

// Good: Safe text content
element.textContent = userInput;

Tone Guidelines

  • Be constructive, not critical
  • Explain why something is an issue, not just what
  • Offer solutions, not just problems
  • Acknowledge good patterns you see