storegrowth-code-review

star 1

Review StoreGrowth (Sales Booster) code changes and pull requests for conventions, security, and architecture compliance. Use when reviewing PRs, auditing code, or checking quality before merge.

getdokan By getdokan schedule Updated 6/4/2026
play_arrow Run Skill in Manus View GitHub

name: storegrowth-code-review description: Review StoreGrowth (Sales Booster) code changes and pull requests for conventions, security, and architecture compliance. Use when reviewing PRs, auditing code, or checking quality before merge.

StoreGrowth Code Review

Review changes against StoreGrowth conventions. Consult storegrowth-backend-dev, storegrowth-frontend-dev, and storegrowth-module-dev for the detailed standards each item references.

Critical violations to flag

Backend PHP — architecture

  • Hooks registered ad-hoc — new WordPress hooks should live in a class implementing HookRegistry (auto-registered), not scattered add_action calls in random constructors. See storegrowth-backend-dev.
  • REST controller not auto-wired — controllers must extend WP_REST_Controller and be registered in a provider (tagged so Bootstrap::register_rest_routes() finds them). Namespace must be sales-booster/v1.
  • Service not registered via a provider — new services belong in the appropriate ServiceProvider / BootstrapServiceProvider using add_with_implements_tags() / share_with_implements_tags(); avoid new ClassName() for things that should be container-managed.
  • Wrong namespace / path — must follow StorePulse\StoreGrowth\… with matching file path. Watch for League\Container\… imports that should be the mozart-prefixed StorePulse\StoreGrowth\ThirdParty\Packages\League\Container\….
  • Hand-edited lib/ — that directory is mozart-generated; changes belong in composer.json + regeneration.

Backend PHP — modules

  • Module not extending BaseModule / not implementing the ModuleSkeleton methods (get_id, get_name, get_icon, get_banner, get_description, get_module_category).
  • Module not fully wired — missing require_once in storegrowth-sales-booster.php, missing PSR-4 autoload entry, or missing watch:/build: scripts. See storegrowth-module-dev.
  • Runtime services registered in the always-on provider — module runtime services go in BootstrapServiceProvider (booted only when active), not the registration ServiceProvider.

Backend PHP — naming & i18n

  • camelCase methods/variables — must be snake_case.
  • Unprefixed hook names — feature hooks must start with spsg_ (lifecycle hooks storegrowth_). Generic/unprefixed names risk collisions.
  • Wrong text domain — must be storegrowth-sales-booster for every __(), esc_html__(), etc.
  • Concatenated translations — use sprintf() with a /* translators: */ comment; never concatenate.

Backend PHP — security

  • Missing permission_callback on any REST route (never omit).
  • Unsanitized $request input — sanitize everything (absint, sanitize_text_field, wc_clean, …).
  • Unescaped output — escape with esc_html, esc_attr, wp_kses_post, etc., especially in templates/.
  • Raw SQL — dynamic values must go through $wpdb->prepare().
  • Loose comparisons — use ===/!==; in_array() must pass true as the third arg.

Versioning & docs

  • Hardcoded @since on new code — new symbols must use the literal @since SPSG_VERSION placeholder, NOT a version number (it's replaced at release by bin/version-replace.sh). Flag any newly added @since X.Y.Z. Do not touch existing real @since numbers.
  • Missing PHPDoc / @since on new public/protected methods, hooks, and filters.

Frontend (React)

  • Class components — functional only.
  • Admin page not registered via spsg_routes — module UI must push routes through addFilter('spsg_routes', 'spsg', …); store must be register()-ed (@wordpress/data). See storegrowth-frontend-dev.
  • Direct state mutation — go through store actions.
  • Wrong i18n — use @wordpress/i18n with text domain storegrowth-sales-booster; translator comments before sprintf(); _n() for plurals.
  • New entry/module not in build — missing assets/package.json or root package.json watch:/build: script.

Process checks

  • Run composer phpcs on changed files — the PR workflow (.github/workflows/phpcs.yml) runs PHPCS on changed PHP and must pass.
  • Verify the branch targets develop (see storegrowth-git).
  • Confirm readme.txt / CHANGELOG.md updated for user-facing changes.

Output format

For each finding:

[SEVERITY]: [specific problem]
Location: [file:line]
Standard: [which storegrowth-* skill section]
Fix: [brief correct example]

Severity: CRITICAL (security / data loss / breakage) · ERROR (standards violation / missing required pattern) · WARNING (suboptimal) · SUGGESTION (improvement).

Reviewer principles

  • Correct — does it fulfill the requirement?
  • Secure — sanitized, escaped, permission-checked, prepared SQL?
  • Consistent — fits the module/provider/hook architecture and naming?
  • Extensible — appropriate spsg_ filters/actions for the pro plugin (storegrowth_pro_is_active) to hook into?
Install via CLI
npx skills add https://github.com/getdokan/storegrowth-sales-booster --skill storegrowth-code-review
Repository Details
star Stars 1
call_split Forks 8
navigation Branch main
article Path SKILL.md
More from Creator
getdokan
getdokan Explore all skills →