code-analyzer
Installation
SKILL.md
Contains Hooks
This skill uses Claude hooks which can execute code automatically in response to events. Review carefully before installing.
Contains Shell Commands
This skill contains shell command directives (!`command`) that may execute system commands. Review carefully before installing.
Project Context
- Recent changes: !
git diff --name-only HEAD~3 2>/dev/null || echo "no git history" - Swift version: !
swift --version 2>&1 | head -1 || echo "swift not found" - Build target: !
xcodebuild -list -json 2>/dev/null | jq -r '.project.schemes[0]' 2>/dev/null || echo "unknown"
Code Analyzer (Read-Only)
Structured Swift/macOS code analysis protocol. Read-only — no file modifications.
Lifecycle Position
Phase 5 (Review). Load before swiftui-view-refactor for architectural overview. For deep line-by-line analysis, use audit-context-building.
Analysis Protocol
Step 1 — Map the Entry Point
- Find the
@mainApp struct or entry point - Identify window scenes (
WindowGroup,Settings,MenuBarExtra) - Trace the root navigation structure (
NavigationSplitView,TabView)
Step 2 — Trace the Module Graph
- List all Swift source files grouped by directory/feature
- Identify dependencies between modules (imports, protocol conformances)
- Map state ownership: which types own
@Observablemodels, which receive them - Identify services/repositories and their injection pattern
Step 3 — Identify Architecture Pattern
Classify the codebase:
- MV (Model-View): Views consume models directly via
@State,@Environment,@Query - MVVM: Separate ViewModel classes mediate between Model and View
- TCA: Reducers, Store, Actions, State
- Hybrid: Mix of patterns across features
Note consistency — are all features using the same pattern?
Review Checklist
1. Code Organization — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
| File structure | Features grouped by domain, not by type (Views/, Models/, etc.) |
| File size | Swift files under 300 lines; views under 100 lines |
| Naming | Types are nouns, methods are verbs, booleans read as questions |
| Access control | private by default, internal where needed, public only for API surface |
| Extensions | Used to group protocol conformances and // MARK: sections |
2. State Management — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
@Observable vs ObservableObject |
New code uses @Observable; legacy ObservableObject flagged |
@State visibility |
All @State and @StateObject are private |
| Ownership | Views don't create models they should receive via injection |
@MainActor |
Observable classes and view models are @MainActor |
| Binding direction | @Binding only where child modifies parent state |
| Nested observables | No nested ObservableObject (pass directly or use @Observable) |
3. Error Handling — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
try without catch |
Unhandled throws that could crash |
Force unwrap (!) |
Every ! must have justification comment or precondition |
Result vs throws |
Consistent error propagation strategy |
| User-facing errors | Errors surfaced to UI with actionable messages |
| Network errors | Retry logic, timeout handling, offline state |
4. Performance — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
| View body complexity | No object creation, heavy computation, or side effects in body |
| Lazy containers | LazyVStack/LazyHStack for lists with >20 items |
| ForEach identity | Stable id (never .indices for dynamic content) |
GeometryReader |
Guarded with > 0 and .isFinite; prefer containerRelativeFrame() |
| Image loading | AsyncImage or downsampled thumbnails, not raw UIImage(data:) |
| Glass effects | Multiple glass views wrapped in GlassEffectContainer |
5. Concurrency — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
@MainActor |
UI-bound classes and properties are main actor isolated |
Sendable |
Types crossing isolation boundaries conform to Sendable |
.task modifier |
Async work uses .task {} (auto-cancels on disappear) |
| Actor isolation | Mutable shared state protected by actors |
| Data races | No unprotected mutable state accessed from multiple contexts |
6. Security — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
| Hardcoded secrets | No API keys, tokens, or passwords in source |
| Keychain usage | Sensitive data stored in Keychain, not UserDefaults |
| Sandbox entitlements | Minimal entitlements; no unnecessary capabilities |
| Input validation | User input validated before use |
| URL handling | External URLs validated before opening |
7. Test Coverage — PASS / WARN / FAIL
| Check | What to Look For |
|---|---|
| Test file existence | Every feature has corresponding test file |
| Model tests | Business logic and data transformations tested |
| Edge cases | Empty states, nil values, boundary conditions covered |
| Async tests | async test methods with proper expectations |
| SwiftData tests | In-memory ModelContainer for persistence tests |
Output Format
For each section, provide:
### [Section Name] — [PASS/WARN/FAIL]
**Summary:** One-line assessment.
**Findings:**
- [file_path:line] Description of issue
- [file_path:line] Description of issue
**Recommendation:** What to fix and in what order.
Cross-References
- For SwiftUI-specific review, use the
swiftui-ui-patternsreview checklist - For view structure refactoring, load
swiftui-view-refactor - For deep line-by-line analysis, load
audit-context-building