Skip to content

Commit d310090

Browse files
committed
have classification details
LiveReview Pre-Commit Check: skipped (iter:1, coverage:0%)
1 parent 6874714 commit d310090

1 file changed

Lines changed: 184 additions & 1 deletion

File tree

README.md

Lines changed: 184 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ GenAI today is a **race car without brakes**. It accelerates fast -- you describ
3737

3838
**`git-lrc` is your braking system.** It hooks into `git commit` and runs an AI review on every diff _before_ it lands. 60-second setup. Completely free.
3939

40-
**At a glance:** 10 risk categories · 100+ failure patterns tracked · every commit scanned automatically.
40+
**At a glance:** [10 risk categories](#what-git-lrc-checks-for) · [100+ failure patterns tracked](#what-git-lrc-checks-for) · every commit scanned automatically.
4141

4242
```bash
4343
# Try it now (Linux/macOS)
@@ -365,6 +365,189 @@ If it's sent to the model, you can see it first.
365365
- Automated security checks and SBOM workflows support transparent verification.
366366
- For complete details, see [SECURITY.md](SECURITY.md).
367367

368+
## What git-lrc Checks For
369+
370+
Every review is checked against **10 risk categories** and **100+ specific failure patterns**, grouped into three pillars: what takes down production, what ends up in a disclosure letter, and what slows every future release. Expand any pillar, then any category, to see the exact patterns and why each one matters.
371+
372+
<details>
373+
<summary><strong>Outages</strong> — what takes down production, and your on-call rotation (4 categories, 40 patterns)</summary>
374+
375+
<details>
376+
<summary><strong>Reliability</strong></summary>
377+
378+
- **Error Handling** — Unhandled errors crash services mid-request, leaving customers staring at broken pages during peak traffic.
379+
- **Fault Tolerance** — One dependency hiccup cascades into a full outage instead of degrading gracefully.
380+
- **Retry Logic** — Missing retries turn brief network blips into failed payments, lost orders, and support tickets.
381+
- **Timeout Management** — Requests hang forever, exhausting connections until the whole service grinds to a halt.
382+
- **Resilience Patterns** — No circuit breakers means one slow service drags down everything connected to it.
383+
- **Availability Risks** — Single points of failure turn a routine deploy into a multi-hour outage.
384+
- **Data Integrity** — Corrupted or inconsistent records silently poison reports, billing, and downstream decisions.
385+
- **Race Conditions** — Two requests collide and overwrite each other's work — intermittently, unreproducibly, in production.
386+
- **Resource Cleanup** — Leaked connections and file handles pile up until the server falls over at 2am.
387+
- **Failure Recovery** — No rollback path means a bad deploy stays live until someone manually fixes it.
388+
389+
</details>
390+
391+
<details>
392+
<summary><strong>Correctness</strong></summary>
393+
394+
- **Logic Errors** — Wrong calculations ship to production and quietly produce incorrect invoices, prices, or reports.
395+
- **Edge Cases** — The 1% scenario nobody tested is the one your biggest customer hits first.
396+
- **Data Validation** — Bad input slips through and corrupts records that are expensive to clean up later.
397+
- **State Management** — Stale or out-of-sync state shows users the wrong balance, status, or inventory count.
398+
- **Concurrency Bugs** — Parallel operations step on each other, causing duplicate charges or lost updates.
399+
- **Business Rule Violations** — A discount, limit, or policy nobody approved gets applied automatically, at scale.
400+
- **Numerical Accuracy** — Rounding and precision errors compound into real financial discrepancies over time.
401+
- **Null Handling** — An unexpected null crashes the checkout flow at the worst possible moment.
402+
- **Type Safety** — A type mismatch silently mangles data instead of failing loudly where it's cheap to fix.
403+
- **API Contract Violations** — A backend change breaks every client that depends on the old response shape.
404+
405+
</details>
406+
407+
<details>
408+
<summary><strong>Performance</strong></summary>
409+
410+
- **Database Efficiency** — An unindexed query that's fine today locks up the database the moment you scale.
411+
- **Algorithmic Complexity** — Code that's fast with 100 records grinds to a crawl with 100,000.
412+
- **Memory Usage** — Memory leaks force daily restarts — and eventually an outage when nobody's watching.
413+
- **CPU Utilization** — A hot loop quietly burns CPU until autoscaling bills spike or pods get killed.
414+
- **Network Efficiency** — Chatty calls multiply latency until a simple page takes seconds to load.
415+
- **Caching** — Every request hits the database directly, so traffic spikes become outages.
416+
- **Concurrency** — Without proper concurrency, your service serves one user at a time under load.
417+
- **Resource Contention** — Threads fight over the same lock, and the whole app slows to match the slowest one.
418+
- **Rendering Performance** — A janky UI makes users think the product is broken, even when it isn't.
419+
- **Startup Performance** — Slow boot times mean slow deploys, slow rollbacks, and slow recovery from incidents.
420+
421+
</details>
422+
423+
<details>
424+
<summary><strong>Scalability</strong></summary>
425+
426+
- **Horizontal Scaling** — The app can't run on more than one instance, so growth means a rewrite.
427+
- **Vertical Scaling** — You're one viral spike away from maxing out the biggest server money can buy.
428+
- **Distributed Systems** — Two services disagree about reality, and nobody notices until the numbers don't add up.
429+
- **Load Balancing** — Traffic piles onto one node while others sit idle, until that one node falls over.
430+
- **Capacity Planning** — Nobody knows the breaking point until customers find it for you, live.
431+
- **Bottleneck Risks** — One slow component caps the throughput of the entire system, no matter what else you scale.
432+
- **Concurrency Limits** — A hardcoded limit silently throttles your busiest customers during your biggest moments.
433+
- **Service Growth Constraints** — What works for 10 teams collapses under coordination overhead at 50.
434+
- **Database Scaling** — The database that powered your launch becomes the thing that takes you down at scale.
435+
- **Queue Backpressure** — Unbounded queues hide a growing backlog until it surfaces as hours-long delays.
436+
437+
</details>
438+
439+
</details>
440+
441+
<details>
442+
<summary><strong>Breaches</strong> — what ends up in a disclosure letter, and a board meeting (2 categories, 20 patterns)</summary>
443+
444+
<details>
445+
<summary><strong>Security</strong></summary>
446+
447+
- **Authentication** — A weak login flow is an open door — and attackers check every door.
448+
- **Authorization** — A missing permission check lets any logged-in user act as an admin.
449+
- **Secrets Management** — A hardcoded API key in source control is a breach waiting for someone to find it.
450+
- **Input Validation** — Unvalidated input is the first line in almost every successful attack.
451+
- **Injection Vulnerabilities** — One unsanitized query away from an attacker reading your entire database.
452+
- **Cryptography** — Weak or homemade encryption gives a false sense of security — and a real breach.
453+
- **Dependency Vulnerabilities** — A known CVE in a dependency is a published instruction manual for attackers.
454+
- **Data Exposure** — Sensitive fields leak into logs, responses, or error messages where they don't belong.
455+
- **Session Management** — A session that never expires is a credential an attacker can use forever.
456+
- **Security Logging & Auditing** — Without audit trails, you can't tell what happened, when, or who's responsible — during an incident or after.
457+
458+
</details>
459+
460+
<details>
461+
<summary><strong>Compliance & Governance</strong></summary>
462+
463+
- **Privacy** — Mishandled personal data turns a code review comment into a regulatory investigation.
464+
- **Regulatory Compliance** — A missed requirement in GDPR, HIPAA, or SOC 2 becomes a finding in your next audit.
465+
- **Auditability** — When auditors ask "who changed this and why," there has to be an answer.
466+
- **Data Retention** — Keeping data longer than allowed turns a storage decision into a legal liability.
467+
- **Data Residency** — Data stored in the wrong region can violate contracts and local law simultaneously.
468+
- **Licensing** — An incompatible open-source license buried in a dependency can taint your entire codebase.
469+
- **Policy Enforcement** — Security policy that exists only on paper doesn't stop a real incident.
470+
- **Access Controls** — Former employees with active access are an open invitation, not an oversight.
471+
- **Change Management** — Unreviewed changes to production are how "small fixes" become headline incidents.
472+
- **Governance Standards** — Inconsistent standards across teams mean your weakest team sets your actual risk level.
473+
474+
</details>
475+
476+
</details>
477+
478+
<details>
479+
<summary><strong>Technical Debt</strong> — what slows every future release until someone pays it down (4 categories, 44 patterns)</summary>
480+
481+
<details>
482+
<summary><strong>Maintainability</strong></summary>
483+
484+
- **Code Complexity** — Code only one person understands is a single point of failure with a name and a vacation schedule.
485+
- **Readability** — Every minute spent decoding unclear code is a minute not spent shipping.
486+
- **Documentation** — Undocumented systems turn every handoff into a multi-week ramp-up.
487+
- **Code Duplication** — The same bug gets fixed in one of five copies — and reappears from the other four.
488+
- **Dead Code** — Unused code still gets compiled, reviewed, and feared every time someone touches it.
489+
- **Naming Quality** — Misleading names cause the exact bug everyone assumed couldn't happen.
490+
- **Testability** — Code that can't be tested ships untested — every time, by default.
491+
- **Technical Debt** — Debt that's never tracked never gets a budget, so it never gets paid down.
492+
- **Refactoring Opportunities** — Postponed cleanup compounds until the "quick fix" takes a quarter.
493+
- **Configuration Management** — A config value hardcoded for staging quietly ships to production.
494+
- **UI/UX** — Inconsistent UI patterns erode trust in the product, one small confusion at a time.
495+
- **Accessibility** — Inaccessible interfaces exclude real users — and increasingly, that's a legal exposure too.
496+
497+
</details>
498+
499+
<details>
500+
<summary><strong>Architecture</strong></summary>
501+
502+
- **Separation of Concerns** — When everything depends on everything, one small change requires testing the whole system.
503+
- **Modularity** — A monolith with no seams means every team is blocked by every other team's code.
504+
- **Coupling** — Tightly coupled services mean a change in one place breaks three others, unpredictably.
505+
- **Cohesion** — Logic scattered across the codebase means fixing one bug means hunting in five files.
506+
- **Layering Violations** — Business logic in the UI layer means you can't change one without breaking the other.
507+
- **Dependency Management** — An undocumented dependency graph means nobody knows what breaks if this service goes down.
508+
- **Service Boundaries** — Fuzzy service boundaries turn "add one feature" into "coordinate four teams."
509+
- **Domain Modeling** — A data model that doesn't match the business means every new feature fights the model.
510+
- **API Design** — A poorly designed API gets baked into every client — and outlives its own usefulness.
511+
- **Extensibility** — A system that can't be extended gets rewritten — usually under deadline pressure.
512+
513+
</details>
514+
515+
<details>
516+
<summary><strong>Developer Experience</strong></summary>
517+
518+
- **Testing** — Low test coverage means every release is a bet, not a guarantee.
519+
- **CI/CD** — A flaky pipeline trains engineers to ignore failures — including the real ones.
520+
- **Build System** — A slow build is a tax every developer pays, every day, forever.
521+
- **Local Development** — If it's hard to run locally, it's hard to debug — and bugs survive longer.
522+
- **Debuggability** — No logs, no traces, no clue — incidents take hours instead of minutes to resolve.
523+
- **Observability** — You can't fix what you can't see — and you won't see it until a customer reports it.
524+
- **Deployment Process** — A manual, fragile deploy process is where "routine release" becomes "incident."
525+
- **Automation** — Manual steps are where human error enters the system — reliably, repeatedly.
526+
- **Developer Tooling** — Bad tooling doesn't just slow developers down — it pushes your best ones toward the door.
527+
- **Documentation Quality** — Wrong docs are worse than no docs — they actively mislead the next person.
528+
- **UI/UX** — A confusing internal tool wastes time across the whole team, every single day.
529+
- **Accessibility** — Tools that aren't accessible quietly exclude teammates who could otherwise do the job well.
530+
531+
</details>
532+
533+
<details>
534+
<summary><strong>Cost</strong></summary>
535+
536+
- **Cloud Resource Waste** — Idle resources keep billing 24/7 whether anyone's using them or not.
537+
- **Infrastructure Overprovisioning** — Paying for capacity "just in case" is a permanent tax on a maybe.
538+
- **Storage Optimization** — Unmanaged storage growth turns into a line item nobody can explain at quarter-end.
539+
- **Database Cost Optimization** — Inefficient queries don't just slow things down — on managed databases, they show up on the invoice.
540+
- **Excessive API Usage** — Unnecessary third-party API calls turn into a surprise five-figure bill.
541+
- **Third-Party Service Costs** — Forgotten integrations keep charging long after anyone remembers why they're there.
542+
- **Redundant Computation** — Recomputing the same result over and over burns money to produce nothing new.
543+
- **LLM Token Consumption** — Unbounded prompts and retries can turn an AI feature into your biggest infrastructure cost.
544+
- **Caching Opportunities** — Every uncached request is a request you're paying for twice.
545+
- **Data Transfer Costs** — Cross-region or egress traffic adds up fast — and rarely shows up until the bill does.
546+
547+
</details>
548+
549+
</details>
550+
368551
## FAQ
369552

370553
### Review vs Vouch vs Skip?

0 commit comments

Comments
 (0)