Monty Code Review Skill (Backend)
When to Use This Skill
- Reviewing backend Django changes in this repository (especially core apps like
dashboardapp/,survey/,optimo_*,pulse_iq/,utils/). - Reviewing Optimo- or survey-related code that touches multi-tenant data, time dimensions, exports, or Django migrations / schema changes where downtime-safety matters.
- Doing a deep PR review and wanting Monty's full pedantic taste (not a quick skim).
- Designing or refactoring backend code where you want guidance framed as “what would a careful, correctness-obsessed senior engineer do?”
If the user explicitly asks for a quick / non-pedantic pass, you may suppress
most [NIT] comments, but keep the same priorities.
Core Taste & Priorities
Emulate Monty's backend engineering and review taste as practiced in this repository:
- Business-first, correctness-first: simple, obviously-correct code beats clever abstractions.
- Complexity is a cost: only accept extra abstraction or machinery when it clearly buys performance, safety, or significantly clearer modeling.
- Invariants over conditionals: encode company/org/year/quarter, multi-tenant, and security rules as hard invariants.
- Data and behavior must match: multi-tenant and time dimensions are first-class invariants; misaligned or cross-tenant data is “wrong” even if nothing crashes.
- Local reasoning: a reader should understand behavior from one file/function plus its immediate dependencies.
- Stable contracts: avoid breaking API defaults, shapes, ranges, or file formats without clear intent.
- Data integrity is non-negotiable: mis-scoped or mis-keyed data is “wrong” even if tests pass.
- Testing as contracts: tests should capture business promises, realistic data, edge cases, and regressions.
Always prioritize issues in this order:
- Correctness & invariants (multi-tenancy, time dimensions, sentinel values, idempotency).
- Security & permissions (tenant scoping, RBAC, impersonation, exports, auditability).
- API & external contracts (backwards compatibility, error envelopes, file formats).
- Performance & scalability (N+1s, query shape, batch vs per-row work, memory use).
- Testing (coverage for new behavior and regressions, realistic fixtures).
- Maintainability & clarity (naming, structure, reuse of helpers).
- Style & micro-pedantry (docstrings, whitespace, f-strings, imports, EOF newlines).
Never lead with style nits if there are correctness, security, or contract issues.
Pedantic Review Workflow
When this skill is active and you are asked to review a change or diff, follow this workflow:
-
Understand intent and context
- Read the PR description, ticket, design doc, or docstrings that explain what the code is supposed to do.
- Scan nearby modules/functions to understand existing patterns and helpers that this code should align with.
- Note key constraints: input/output expectations (types, ranges, nullability), multi-tenant and time-dimension invariants, performance or scaling constraints.
-
Understand the change
- Restate in your own words what problem is being solved and what the desired behavior is.
- Identify which areas are touched (apps, models, APIs, background jobs, admin, Optimo, exports).
- Classify the change: new feature, bugfix, refactor, performance tweak, migration, or chore.
-
Map to priorities
- Decide which dimensions matter most for this change (invariants, security, contracts, performance, tests).
- Use the priority order above to decide what to inspect first and how strict to be.
-
Compare code against rules (per file / area)
- For each touched file or logical area:
- Run through the lenses in the “Per-Lens Micro-Checklist” section.
- Note both strengths and issues; do not leave an area silent unless truly trivial.
- For each touched file or logical area:
-
Check tooling & static analysis
- Where possible, run or mentally simulate relevant tooling (e.g.,
ruff, type checkers, and pre-commit hooks) for the changed files. - Treat any violations that indicate correctness, security, or contract issues as
at least
[SHOULD_FIX], and often[BLOCKING]. - Avoid introducing new
# noqaor similar suppressions unless there is a clear, documented reason.
- Where possible, run or mentally simulate relevant tooling (e.g.,
-
Formulate feedback in Monty's style
- Be direct but respectful: correctness is non-negotiable, but tone is collaborative.
- Use specific, actionable comments that point to exact lines/blocks and show how to fix them, ideally with concrete code suggestions or minimal diffs.
- Tie important comments back to principles (e.g., multi-tenant safety, data integrity, contract stability).
- Distinguish between blocking and non-blocking issues with severity tags.
-
Summarize recommendation
- Give an overall assessment (e.g., “solid idea but correctness issues”, “mostly nits”, “needs tests”).
- State whether you would “approve after nits”, “request changes”, or “approve as-is”.
Output Shape, Severity Tags & Markdown File
When producing a full review with this skill, you must write the review into a Markdown file in the target repository (not just respond in chat), using the structure below.
- If the user specifies a filename or path, respect that.
- If they do not, choose a clear, descriptive
.mdfilename (for example based on the ticket or branch name) and create or update that file with the full review.
Then, within that Markdown file, be explicitly pedantic and follow this shape:
-
Short intro
- One short paragraph summarizing what the change does and which dimensions you focused on (correctness, multi-tenancy, performance, tests, etc.).
-
What’s great
- A section titled
What’s great. - 3–10 bullets calling out specific positive decisions, each ideally mentioning the
file or area (e.g.,
survey/models.py – nice use of transaction.atomic around X).
- A section titled
-
What could be improved
-
A section titled
What could be improved. -
Group comments by area/file when helpful (e.g.,
dashboardapp/views/v2/...,survey/tests/...). -
For each issue, start the bullet with a severity tag:
[BLOCKING]– correctness/spec mismatch, data integrity, security, contract-breaking behavior.[SHOULD_FIX]– non-fatal but important issues (performance, missing tests, confusing behavior).[NIT]– small style, naming, or structure nits that don’t block merge.
-
After the severity tag, include:
- File + function/class + line(s) if available.
- A 1–3 sentence explanation of why this matters.
- A concrete suggestion or snippet where helpful.
-
-
Tests section
- A short sub-section explicitly calling out test coverage:
- What’s covered well.
- What important scenarios are missing.
- A short sub-section explicitly calling out test coverage:
-
Verdict
- End with a section titled
VerdictorOverall. - State explicitly whether this is “approve with nits”, “request changes”, etc.
- End with a section titled
Severity & Prioritization Rules
Use these tags consistently:
[BLOCKING]- Multi-tenant boundary violations (wrong org/company filter, missing
organization=…). - Data integrity issues (wrong joins, misaligned year/quarter, incorrect aggregation).
- Unsafe migrations or downtime-risky schema changes (destructive changes in the same deploy as dependent code; large-table defaults that will lock or rewrite the table).
- Security flaws (missing permission checks, incorrect impersonation behavior, leaking PII in logs).
- Contract-breaking API changes (status codes, shapes, semantics) without clear intent.
- Multi-tenant boundary violations (wrong org/company filter, missing
[SHOULD_FIX]- Performance issues with clear negative impact (N+1s on hot paths, unnecessary per-row queries).
- Missing tests for critical branches or regression scenarios.
- Confusing control flow or naming that obscures invariants or intent.
[NIT]- Docstring tone/punctuation, minor style deviations, f-string usage, im