Code Commentary Standards

Skill Profile

(Select at least one profile to enable specific modules)

[ ] DevOps
[x] Backend
[ ] Frontend
[ ] AI-RAG
[ ] Security Critical

Overview

Code commentary (comments) should explain "why" code exists, not "what" it does. This skill provides standards for writing effective comments that help future developers and AI agents understand intent, context, and reasoning behind code decisions.

Why This Matters

Reduces Onboarding Time: Clear comments help new developers understand code quickly
Reduces Team Management Costs: Increase code maintainability reduces review time
Increases Gross Margin: Automated documentation responses (Reduce onboarding time)
Faster Debugging: Comments explain reasoning, making debugging faster
Improves Work Consistency: Standardized comments ensure consistent code quality
Enables Knowledge Transfer: Well-documented code preserves institutional knowledge

Core Concepts & Rules

1. Core Principles

Follow established patterns and conventions
Maintain consistency across codebase
Document decisions and trade-offs

2. Implementation Guidelines

Start with the simplest viable solution
Iterate based on feedback and requirements
Test thoroughly before deployment

Inputs / Outputs / Contracts

Inputs:
- Code files for commenting
- Code review feedback
- Developer questions
- AI agent context
Entry Conditions:
- Code review process established
- Comment standards defined
- Linting tools configured
- CI/CD pipeline in place
Outputs:
- Well-commented code
- Comment quality metrics
- Developer feedback
- AI agent understanding
Artifacts Required (Deliverables):
- Comment standards document
- Comment templates library
- Linting configuration
- CI/CD integration
- Quality metrics dashboard
Acceptance Evidence:
- Code review comments improved
- Developer onboarding time reduced
- AI agent comprehension verified
- Comment quality score > 4.0/5.0
Success Criteria:
- Comment coverage > 80%
- Comment quality score > 4.0/5.0
- Developer satisfaction score > 4.0/5.0
- Onboarding time < 1 week

Skill Composition

Depends on: technical-writing, api-documentation
Compatible with: system-architecture-docs, runbooks
Conflicts with: None (generic documentation skill)
Related Skills: code-review-culture, knowledge-sharing

Quick Start / Implementation Example

Review requirements and constraints
Set up development environment
Implement core functionality following patterns
Write tests for critical paths
Run tests and fix issues
Document any deviations or decisions

# Example implementation following best practices
def example_function():
    # Your implementation here
    pass

Assumptions / Constraints / Non-goals

Assumptions:
- Development environment is properly configured
- Required dependencies are available
- Team has basic understanding of domain
Constraints:
- Must follow existing codebase conventions
- Time and resource limitations
- Compatibility requirements
Non-goals:
- This skill does not cover edge cases outside scope
- Not a replacement for formal training

Compatibility & Prerequisites

Supported Versions:
- Python 3.8+
- Node.js 16+
- Modern browsers (Chrome, Firefox, Safari, Edge)
Required AI Tools:
- Code editor (VS Code recommended)
- Testing framework appropriate for language
- Version control (Git)
Dependencies:
- Language-specific package manager
- Build tools
- Testing libraries
Environment Setup:
- .env.example keys: API_KEY, DATABASE_URL (no values)

Test Scenario Matrix (QA Strategy)

Technical Guardrails & Security Threat Model

1. Security & Privacy (Threat Model)

Top Threats: Injection attacks, authentication bypass, data exposure

[ ] Data Handling: Sanitize all user inputs to prevent Injection attacks. Never log raw PII
[ ] Secrets Management: No hardcoded API keys. Use Env Vars/Secrets Manager
[ ] Authorization: Validate user permissions before state changes

2. Performance & Resources

[ ] Execution Efficiency: Consider time complexity for algorithms
[ ] Memory Management: Use streams/pagination for large data
[ ] Resource Cleanup: Close DB connections/file handlers in finally blocks

3. Architecture & Scalability

[ ] Design Pattern: Follow SOLID principles, use Dependency Injection
[ ] Modularity: Decouple logic from UI/Frameworks

4. Observability & Reliability

[ ] Logging Standards: Structured JSON, include trace IDs request_id
[ ] Metrics: Track error_rate, latency, queue_depth
[ ] Error Handling: Standardized error codes, no bare except
[ ] Observability Artifacts:
- Log Fields: timestamp, level, message, request_id
- Metrics: request_count, error_count, response_time
- Dashboards/Alerts: High Error Rate > 5%

Agent Directives & Error Recovery

(ข้อกำหนดสำหรับ AI Agent ในการคิดและแก้ปัญหาเมื่อเกิดข้อผิดพลาด)

Thinking Process: Analyze root cause before fixing. Do not brute-force.
Fallback Strategy: Stop after 3 failed test attempts. Output root cause and ask for human intervention/clarification.
Self-Review: Check against Guardrails & Anti-patterns before finalizing.
Output Constraints: Output ONLY the modified code block. Do not explain unless asked.

Definition of Done (DoD) Checklist

[ ] Tests passed + coverage met
[ ] Lint/Typecheck passed
[ ] Logging/Metrics/Trace implemented
[ ] Security checks passed
[ ] Documentation/Changelog updated
[ ] Accessibility/Performance requirements met (if frontend)

Anti-patterns / Pitfalls

⛔ Don't: Log PII, catch-all exception, N+1 queries
⚠️ Watch out for: Common symptoms and quick fixes
💡 Instead: Use proper error handling, pagination, and logging

Reference Links & Examples

Internal documentation and examples
Official documentation and best practices
Community resources and discussions

Versioning & Changelog

Version: 1.0.0
Changelog:
- 2026-02-22: Initial version with complete template structure