liveview-code-review

Reviews Phoenix LiveView code for lifecycle patterns, assigns/streams usage, components, and security. Use when reviewing LiveView modules, .heex templates, or LiveComponents.

View SKILL.md on GitHub Repository

Stars 44

Forks 5

Install this agent skill to your Project

npx add-skill https://github.com/existential-birds/beagle/tree/main/plugins/beagle-elixir/skills/liveview-code-review

SKILL.md

LiveView Code Review

Quick Reference

Issue Type	Reference
mount, handle_params, handle_event, handle_async	references/lifecycle.md
When to use assigns vs streams, AsyncResult	references/assigns-streams.md
Function vs LiveComponent, slots, attrs	references/components.md
Authorization per event, phx-value trust	references/security.md

Review Checklist

Critical Issues

No socket copying into async functions (extract values first)
Every handle_event validates authorization
No sensitive data in assigns (visible in DOM)
phx-value data is validated (user-modifiable)

Lifecycle

Subscriptions wrapped in connected?(socket)
handle_params used for URL-based state
handle_async handles :loading and :error states

Data Management

Streams used for large collections (100+ items)
temporary_assigns for data not needed after render
AsyncResult patterns for loading states

Components

Function components preferred over LiveComponents
LiveComponents preserve :inner_block in update/2
Slots use proper attr declarations
phx-debounce on text inputs

Valid Patterns (Do NOT Flag)

Empty mount returning {:ok, socket} - Valid for simple LiveViews
Using assigns for small lists - Streams only needed for 100+ items
LiveComponent without update/2 - Default update/2 assigns all
phx-click without phx-value - Event may not need data
Inline function in heex - Valid for simple transforms

Context-Sensitive Rules

Issue	Flag ONLY IF
Missing debounce	Input is text/textarea AND triggers server event
Use streams	Collection has 100+ items OR is paginated
Missing auth check	Event modifies data AND no auth in mount

Critical Anti-Patterns

Socket Copying (MOST IMPORTANT)

elixir

# BAD - socket copied into async function
def handle_event("load", _, socket) do
  Task.async(fn ->
    user = socket.assigns.user  # Socket copied!
    fetch_data(user.id)
  end)
  {:noreply, socket}
end

# GOOD - extract values first
def handle_event("load", _, socket) do
  user_id = socket.assigns.user.id
  Task.async(fn ->
    fetch_data(user_id)  # Only primitive copied
  end)
  {:noreply, socket}
end

Missing Authorization

elixir

# BAD - trusts phx-value without auth
def handle_event("delete", %{"id" => id}, socket) do
  Posts.delete_post!(id)  # Anyone can delete any post!
  {:noreply, socket}
end

# GOOD - verify authorization
def handle_event("delete", %{"id" => id}, socket) do
  post = Posts.get_post!(id)

  if post.user_id == socket.assigns.current_user.id do
    Posts.delete_post!(post)
    {:noreply, stream_delete(socket, :posts, post)}
  else
    {:noreply, put_flash(socket, :error, "Unauthorized")}
  end
end

Before Submitting Findings

Use the issue format: [FILE:LINE] ISSUE_TITLE for each finding.

Load and follow review-verification-protocol before reporting any issue.

Maintainer

existential-birds Core maintainer

Source details

Full Name: existential-birds/beagle
Branch: main
Path in repo: plugins/beagle-elixir/skills/liveview-code-review
License: Apache License 2.0
Topics: claude-code agent-skills typescript ai-agents developer-tools python react golang code-review rust langgraph swift elixir documentation swiftui fastapi axum phoenix pydantic-ai tokio

Featured Tools

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

existential-birds/beagle

review-python

Comprehensive Python/FastAPI backend code review with optional parallel agents

44 5

Explore

existential-birds/beagle

review-verification-protocol

Mandatory verification steps for all code reviews to reduce false positives. Load this skill before reporting ANY code review findings.

44 5

Explore

existential-birds/beagle

sqlalchemy-code-review

Reviews SQLAlchemy code for session management, relationships, N+1 queries, and migration patterns. Use when reviewing SQLAlchemy 2.0 code, checking session lifecycle, relationship() usage, or Alembic migrations.

44 5

Explore

existential-birds/beagle

fastapi-code-review

Reviews FastAPI code for routing patterns, dependency injection, validation, and async handlers. Use when reviewing FastAPI apps, checking APIRouter setup, Depends() usage, or response models.

44 5

Explore

existential-birds/beagle

pytest-code-review

Reviews pytest test code for async patterns, fixtures, parametrize, and mocking. Use when reviewing test_*.py files, checking async test functions, fixture usage, or mock patterns.

44 5

Explore

existential-birds/beagle

postgres-code-review

Reviews PostgreSQL code for indexing strategies, JSONB operations, connection pooling, and transaction safety. Use when reviewing SQL queries, database schemas, JSONB usage, or connection management.

44 5

Explore

Didn't find tool you were looking for?

Search AI Tools

Install this agent skill to your Project

SKILL.md

LiveView Code Review

Quick Reference

Review Checklist

Critical Issues

Lifecycle

Data Management

Components

Valid Patterns (Do NOT Flag)

Context-Sensitive Rules

Critical Anti-Patterns

Socket Copying (MOST IMPORTANT)

Missing Authorization

Before Submitting Findings

Recommended Agent Skills

review-python

review-verification-protocol

sqlalchemy-code-review

fastapi-code-review

pytest-code-review

postgres-code-review