NB-076
2f61ad7f1a
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
1.1 KiB
1.1 KiB
Payment Module — Manual Review Checklist
Callback Idempotency
- Is payment callback idempotent? (duplicate notification won't double-charge)
- Idempotency key sourced from payment provider's transaction ID
- Idempotency check happens before any state change
Amount Precision
- All monetary amounts use integer cents or decimal with fixed precision
- No floating-point arithmetic in payment calculations
- Rounding strategy defined and consistent (round half up vs floor)
Reconciliation
- Reconciliation logic matches payment provider's settlement model
- Discrepancy thresholds defined (when to auto-adjust vs flag for manual review)
- Reconciliation runs are idempotent
Refund State Machine
- All refund states defined (pending, processing, completed, failed)
- Transition rules enforced (can't refund a refunded payment)
- Partial refund logic correct (remaining refundable amount tracked)
Third-Party Timeout
- Payment provider timeout handled (request timed out ≠ payment failed)
- Retry strategy for querying payment status
- Circuit breaker or backoff for provider outages