code-inspector

What problem does it solve?

It helps you find deep technical risks in a Node.js/Express/MongoDB codebase by turning messy code reviews into a structured audit across security, performance, architecture, reliability, and code quality.

Core Features & Use Cases

• Security Deep Dive (OWASP + authZ/authN): Identifies common Node.js security failures (access control gaps, cryptographic missteps, injection patterns, insecure cookies/CORS) and proposes targeted mitigations.
• Performance Engineering: Detects N+1 queries, expensive MongoDB patterns, blocking sync operations, memory leak patterns, and inefficient frontend payload behaviors.
• Architecture & Multi-tenant Isolation Audits: Flags SOLID and layering violations, checks that every tenant query is correctly scoped by liga_id, and evaluates modular boundaries.
• Reliability & Observability Checks: Reviews error handling, graceful degradation paths, idempotency for financial flows, and production-grade logging/metrics/health checks.
• Code Quality & Technical Debt: Surfaces code smells (LOC/complexity), dead code candidates, dependency health signals, and missing safeguards.

Example use case: Before deploying a new version of Super Cartola Manager, run a focused audit to detect auth bypasses, missing liga_id filters, slow MongoDB patterns, and weak observability in one pass—then generate a prioritized remediation plan.

Quick Start

Use the code-inspector skill to audit the repository for multi-tenant (liga_id) security gaps, injection risks, performance bottlenecks, and code quality issues, then summarize the highest-priority fixes.