Common Pitfalls Prevention
Orchestrates specialized pitfall prevention skills learned from production issues. Use during code review to automatically check for common mistakes.
When to Use
- During code review (auto-triggered by full-review skill)
- Before committing changes
- When debugging production issues
- Reviewing unfamiliar code patterns
Workflow
Step 1: Identify Code Categories
Based on changed files, determine which sub-skills to invoke:
| File Pattern | Sub-Skill |
|---|---|
**/hooks/**, useQuery, useMutation | pitfalls-tanstack-query |
**/db/**, schema.ts, drizzle | pitfalls-drizzle-orm |
**/routes/**, router., app. | pitfalls-express-api |
**/components/**, **/pages/**, .tsx | pitfalls-react |
websocket, wss, ws. | pitfalls-websocket |
contract, rpc, multicall, gas | pitfalls-blockchain |
session, key, cache, log | pitfalls-security |
Step 2: Invoke Relevant Sub-Skills
For each category found, invoke the corresponding skill for detailed patterns.
Step 3: Generate Combined Report
Aggregate findings from all invoked sub-skills.
Sub-Skills Reference
| Skill | Focus Area |
|---|---|
| pitfalls-tanstack-query | Query keys, invalidation, v5 patterns |
| pitfalls-drizzle-orm | Schema types, migrations, array columns |
| pitfalls-express-api | Routes, status codes, storage patterns |
| pitfalls-react | Components, forms, a11y, responsive |
| pitfalls-websocket | Server setup, heartbeat, reconnection |
| pitfalls-blockchain | RPC errors, gas, multicall, nonces |
| pitfalls-security | Session keys, caching, logging, secrets |
Quick Reference Checklist
Core
- TanStack Query keys use full URL paths
- Mutations invalidate relevant queries
- Drizzle types exported for all models
- API routes return correct status codes
- All RPC calls wrapped in try/catch
- WebSocket has heartbeat/reconnection
- React components handle loading/error states
- No secrets in logs or frontend code
Type Safety
- No
anytypes - useunknownand narrow - Types inferred from schema ($inferSelect, z.infer)
- Type guards for runtime validation
Financial
- BigInt for all token amounts
- Decimal.js for price calculations
- Proper rounding (floor/ceil)
Blockchain
- Gas estimation with buffer
- EIP-1559 gas pricing
- Transaction simulation before send
- Multicall uses
allowFailure: true
Security
- Session keys have expiry and limits
- AES-256-GCM for stored credentials
- Audit logging for sensitive operations
- Rate limiting with exponential backoff