carterdea/pre-pr
agents/skills/pre-pr/SKILL.md
Run complete validation before creating a PR - security, tests, breaking changes, and generate PR description
$ install --global
skillsauthnpx skillsauth add carterdea/dots pre-prInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 20, 2026, 3:28 AM6.9s1 file scanned
SKILL.md
- name:
- pre-pr
- description:
- Run complete validation before creating a PR - security, tests, breaking changes, and generate PR description
- user-invocable:
- true
Pre-PR Validation Pipeline
Complete validation pipeline to run before creating a pull request.
Pipeline Overview
PHASE 1: SECURITY & COMPLIANCE (Blocking)
- Security Scanner -> Secrets, OWASP
- Compliance Checker -> Project rules
- Architecture Validator-> Layer boundaries
PHASE 2: QUALITY (Blocking) 4. Test Coverage Gate -> Tests exist 5. Breaking Change Check -> API compatibility 6. Performance Analyzer -> N+1, blocking I/O
PHASE 3: POLISH (Non-blocking) 7. Type Modernization -> Modern Python types 8. Code Simplification -> Refactoring suggestions
PHASE 4: OUTPUT 9. Run Tests -> pytest / vitest 10. Run Linters -> ruff, basedpyright, biome 11. Generate PR Desc -> Ready-to-paste description
Execution
Step 1: Gather Context
git branch --show-current git log main..HEAD --oneline git diff --name-only main...HEAD
Step 2: Determine Scope
Based on changed files, run appropriate checks:
.pyfiles -> Python pipeline.tsfiles -> TypeScript backend checks.tsxfiles -> Frontend checks
Phase 1: Security & Compliance (BLOCKING)
1.1 Security Scan
- Hardcoded secrets
- SQL/Command injection
- SSRF risks
STOP if CRITICAL or HIGH issues found.
1.2 Compliance Check
- Python: python-compliance-checker
- TypeScript: Check for
any,let, proper imports
1.3 Architecture Validation
- Layer boundaries respected
- No circular imports
- Proper dependency injection
Phase 2: Quality (BLOCKING)
2.1 Test Coverage
- Check modified files have tests
- Verify coverage meets minimum
2.2 Breaking Changes
- API changes
- Schema changes
- Configuration changes
WARN if breaking changes detected.
2.3 Performance Analysis
- N+1 queries
- Blocking I/O
- Inefficient patterns
Phase 3: Polish (NON-BLOCKING)
3.1 Type Modernization
- Suggest modern type syntax
- Offer to fix automatically
3.2 Code Simplification
- Complexity reduction opportunities
- Refactoring suggestions
Phase 4: Final Verification
4.1 Run Tests
Python
cd chat-services && uv run pytest -x -v
TypeScript Backend
cd backend && bun run test
Frontend
cd frontend && bun run test
4.2 Run Linters
Python
cd chat-services && uv run ruff check . && uv run basedpyright
TypeScript
bun run lint && bun run typecheck
4.3 Generate PR Description
Options
--quick- Fast mode, critical checks only--no-tests- Skip test execution--python-only- Only check Python code--typescript-only- Only check TypeScript code
Related Skills
carterdea/vertical-feature-architect
development
VerifiedTrustedCommunity
Add net-new product, workflow, platform, or developer-experience features as small vertical slices. Use this skill whenever the user asks to build a new feature, add a new page/route/API/workflow/job/eval/operator path, enrich an existing feature with a new user-visible capability, or plan feature architecture before coding. This skill maps the files to change or create, defines the authoritative contract, specifies tests, and gives a QA plan before treating the feature as done.
1SKILL.mdUpdated Jun 12, 2026
carterdea/trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Trello ticket on a non-Shopify web app and render a verdict. Dogfood the posted preview (desktop + mobile) against the card's acceptance criteria, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, or opens a PR. Use when asked to 'QA this card', 'test before release', or 'sign off on this ticket'. Shopify themes use shopify-trello-qa; building a ticket uses trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/shopify-trello-qa
development
VerifiedTrustedCommunity
Verify a developer's finished Shopify theme ticket and render a verdict. Dogfood the posted preview theme and Customizer (desktop + mobile) against the card's acceptance criteria and Figma, then PASS it (approve the PR, move to Ready for Release) or FAIL it (request changes, attach repro, reassign the dev, move to Development). Read-only: never implements, commits, deploys, or opens a PR. Use when asked to 'QA this Shopify card', 'verify the Ready for Testing card', or 'sign off on this theme ticket'. Non-Shopify apps use trello-qa; building a ticket uses shopify-trello-delivery.
1SKILL.mdUpdated Jun 12, 2026
carterdea/improve
development
VerifiedTrustedCommunity
Survey any codebase as a senior advisor and produce prioritized, self-contained implementation plans for OTHER models/agents to execute. Strictly read-only on source code — never implements, fixes, or refactors anything itself. Use when asked to audit a codebase, find improvement opportunities (bugs, security, performance, test coverage, tech debt, migrations, DX), suggest features or where to take the project next (roadmap, product direction), or generate handoff plans for another agent to implement.
1SKILL.mdUpdated Jun 12, 2026