AgentSkillsCN

reviewing-changes

针对Bitwarden iOS项目进行全面的代码审查,从架构合规性、编码风格规范、编译安全性、测试覆盖率到安全需求等多方面进行验证。适用于Pull Request评审、提交记录检查、代码变更分析、Bitwarden编码标准的落实、单向数据流模式的评估、服务容器依赖注入的使用情况核查、安全实现的审查,以及测试覆盖率的评估。该技能可由CI流水线自动触发,亦可手动调用,用于交互式代码审查。

SKILL.md
--- frontmatter
name: reviewing-changes
description: Performs comprehensive code reviews for Bitwarden iOS projects, verifying architecture compliance, style guidelines, compilation safety, test coverage, and security requirements. Use when reviewing pull requests, checking commits, analyzing code changes, verifying Bitwarden coding standards, evaluating unidirectional data flow pattern, checking services container dependency injection usage, reviewing security implementations, or assessing test coverage. Automatically invoked by CI pipeline or manually for interactive code reviews.

Reviewing Changes

Instructions

Follow this process to review code changes for Bitwarden iOS:

Step 1: Understand Context

Start with high-level assessment of the change's purpose and approach. Read PR/commit descriptions and understand what problem is being solved.

Step 2: Verify Compliance

Systematically check each area against Bitwarden standards documented in CLAUDE.md:

  1. Architecture: Follow patterns in Docs/Architecture.md

    • Unidirectional data flow Coordinators + Processors (using SwiftUI)
    • Dependency Injection using ServiceContainer
    • Repository pattern and proper data flow
  2. Style: Adhere to Code Style

    • Naming conventions, code organization, formatting
    • Swift/SwiftUI guidelines
  3. Compilation: Analyze for potential build issues

    • Import statements and dependencies
    • Type safety and null safety
    • API compatibility and deprecation warnings
    • Resource/SDK references and requirements
  4. Testing: Verify appropriate test coverage

    • Unit tests for business logic and utility functions
    • Snapshot/View inspector tests for user-facing features when applicable
    • Test coverage for edge cases and error scenarios
  5. Security: Given Bitwarden's security-focused nature

    • Proper handling of sensitive data
    • Secure storage practices (Keychain)
    • Authentication and authorization patterns
    • Data encryption and decryption flows
    • Zero-knowledge architecture preservation

Step 3: Document Findings

Identify specific violations with file:line_number references. Be precise about locations.

Step 4: Provide Recommendations

Give actionable recommendations for improvements. Explain why changes are needed and suggest specific solutions.

Step 5: Flag Critical Issues

Highlight issues that must be addressed before merge. Distinguish between blockers and suggestions.

Step 6: Acknowledge Quality

Note well-implemented patterns (briefly, without elaboration). Keep positive feedback concise.

Review Anti-Patterns (DO NOT)

  • Be nitpicky about linter-catchable style issues
  • Review without understanding context - ask for clarification first
  • Focus only on new code - check surrounding context for issues
  • Request changes outside the scope of this changeset

Examples

Good Review Format

markdown
## Summary
This PR adds biometric authentication to the login flow, implementing unidirectional data flow pattern with proper state management.

## Critical Issues
- `BitwardenShared/UI/Auth/Login/LoginView.swift:25` - No `scrollView` added, user can't scroll through the view.
- `BitwardenShared/Core/Auth/Services/AuthService.swift:120` - You must not use `try!`, change it to `try` in a `do...catch` block or throwing function.

## Suggested Improvements
- Consider extracting biometric prompt logic to separate struct
- Add missing tests for biometric failure scenarios
- `BitwardenShared/UI/Auth/Login/LoginView.swift:43` - Consider using existing `BitwardenTextField` component

## Good Practices
- Proper comments documentation
- Comprehensive unit test coverage
- Clear separation of concerns

## Action Items
1. Add scroll view in `LoginView`
2. Change `try!` to `try` in `AuthService`
3. Consider adding tests for error flows

What to Focus On

DO focus on:

  • Architecture violations (incorrect patterns)
  • Security issues (data handling, encryption)
  • Missing tests for critical paths
  • Compilation risks (type safety, null safety)

DON'T focus on:

  • Minor formatting (handled by linters)
  • Personal preferences without architectural basis
  • Issues outside the changeset scope