SKILL CODE ANALYSIS

Monty Code Review

Hyper-pedantic Django code review with correctness-first, multi-tenant-safe, harness-aware review style. Includes a pytest test-hardening lane and persistent JSON-first review memory across review passes.

Overview

The Monty Code Review skill brings a hyper-pedantic, correctness-first review style to your Django backend code. It targets core Django apps like dashboardapp/, survey/, optimo_*, pulse_iq/, and utils/, with special attention to multi-tenant data safety, time dimensions, exports, and Django migrations.

  • Business-first, correctness-first : Simple, obviously-correct code beats clever abstractions.
  • Complexity is a cost : Only accept extra abstraction when it clearly buys performance, safety, or clearer modeling.
  • Invariants over conditionals : Encode company/org/year/quarter and multi-tenant guards as invariants, not scattered if-statements.
  • Migrations are downtime-sensitive : Every schema change is reviewed for safety with large tables and concurrent traffic.

Core Taste & Priorities

Emulate Monty's backend engineering and review taste as practiced in the Diversio codebase:

  • Business-first, correctness-first: simple, obviously-correct code beats clever abstractions.
  • Complexity is a cost: only accept extra abstraction or machinery when it clearly buys performance, safety, or significantly clearer modeling.
  • Invariants over conditionals: encode company/org/year/quarter, multi-tenant, and time-dimension guards as invariants encoded in the type system or at the query layer.
  • Migrations: every schema change must be reviewed through the lens of large tables, concurrent traffic, and downtime risk.

Quickstart

Switch between Claude Code and Codex, then copy the invocation you actually need:

/monty-code-review:code-review

For a test-hardening pass specifically:

bash 
/monty-code-review:test-hardening

Review Output Format

The human-facing review artifact is a markdown review with severity-tagged findings, not a standalone JSON report. The skill’s persistent memory is JSON-first behind the scenes, but the reviewer-visible output should follow this shape:

docs/code_reviews/pr_1842_review.md 
## What’s great
- survey/models.py – nice use of transaction.atomic around the backfill path.

## What could be improved
- [BLOCKING] dashboardapp/views.py:get_queryset (line 142)
  Missing tenant scoping on the Survey query can leak cross-company data.
  Add .filter(company_id=request.company_id) before evaluation.

- [SHOULD_FIX] survey/tests/test_exports.py
  The new export path has happy-path coverage, but it does not exercise the
  empty-result and cross-tenant cases.

- [NIT] utils/dates.py
  Consider renaming quarter_key to reporting_quarter_key for local clarity.

## Tests
- Covered well: export happy path, serializer validation.
- Missing: cross-tenant access, zero-row export, rollback behavior.

## Verdict
Request changes until the tenant filter and missing tests land.

Severity tags should follow the skill’s documented conventions: [BLOCKING], [SHOULD_FIX], and [NIT].

Test Hardening Lane

The skill includes a dedicated test-hardening lane that reviews test coverage and suggests additional test cases. It focuses on:

  • Edge cases for multi-tenant data access
  • Permission boundary tests
  • Migration rollback and rollforward scenarios
  • Concurrent access and race condition tests
  • Large dataset performance tests

Review Memory

The skill maintains a persistent JSON-first review memory across passes. When re-reviewing a PR after fixes, it loads the previous findings and marks resolved items so reassessment can focus on what actually changed.

The machine-readable memory lives in an XDG-aware cache/state location (for example ~/.cache/monty-code-review when no XDG path is set), while the repo-local *_review.md file remains the human-facing artifact.