implementing-code
Implementing Code
Workflows
- Security Check: Injection flaws, auth issues, sensitive data exposure
- Performance Check: N+1 queries, memory leaks, inefficient algorithms
- Readability Check: SOLID principles, naming conventions, comments
- Testing Check: Edge cases, error paths, happy paths
Feedback Loops
- Implement feature or fix
- Run local tests (unit/integration)
- Run linter/formatter
- If failure, fix and repeat
Reference Implementation
SOLID Compliant Class (Java + Spring Boot)
// Abstraction (Interface Segregation)
public interface Logger {
void log(String message);
}
public interface UserRepository extends JpaRepository<User, Long> {
boolean existsByEmail(String email);
}
// Domain Entity
@Entity
@Data
@Builder
@NoArgsConstructor
@AllArgsConstructor
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@Email(message = "Invalid email format")
@NotBlank(message = "Email is required")
private String email;
@Builder.Default
private Instant createdAt = Instant.now();
}
// Implementation (Single Responsibility)
@Service
@Transactional
public class UserService {
private final UserRepository userRepository;
private final Logger logger;
public UserService(UserRepository userRepository, Logger logger) {
this.userRepository = userRepository;
this.logger = logger;
}
public User registerUser(String email) {
// Validation
if (!email.contains("@")) {
throw new IllegalArgumentException("Invalid email format");
}
if (userRepository.existsByEmail(email)) {
throw new DuplicateEmailException("Email already exists");
}
// Business logic
User user = User.builder()
.email(email)
.build();
User saved = userRepository.save(user);
logger.log("User registered: " + saved.getId());
return saved;
}
}
Code Review Checklist
- No hardcoded secrets or credentials
- Input validation on all external data
- Proper error handling with meaningful messages
- No N+1 query patterns
- Functions follow single responsibility principle
- Dependencies injected, not instantiated inline
- Tests cover happy path and edge cases
More from nguyenhuuca/assessment
compliance
Ensure regulatory compliance. Use when implementing GDPR, HIPAA, PCI-DSS, or SOC2 requirements. Covers compliance frameworks and controls.
17requirements-analysis
Analyze and refine product requirements. Use when clarifying scope, identifying gaps, or validating requirements. Covers requirement types and analysis techniques.
16security-review
Conduct security code reviews. Use when reviewing code for vulnerabilities, assessing security posture, or auditing applications. Covers security review checklist.
13identity-access
Implement identity and access management. Use when designing authentication, authorization, or user management. Covers OAuth2, OIDC, and RBAC.
12execution-roadmaps
Create execution roadmaps for projects. Use when planning multi-phase projects or feature rollouts. Covers phased delivery and milestone planning.
12cloud-native-patterns
Apply cloud-native architecture patterns. Use when designing for scalability, resilience, or cloud deployment. Covers microservices, containers, and distributed systems.
12