AgentSkillsCN

review

在推送前运行自动化代码评审,以捕捉Bug、安全问题及性能瓶颈。

SKILL.md
--- frontmatter
name: review
description: Runs automated code review before push to catch bugs, security issues, and performance problems.

Code Review

รัน automated code review ก่อน push code

Usage

code
/review

Instructions

Step 1: Get Changed Files

bash
echo "=== Changed Files ==="
git diff --name-only HEAD
git diff --cached --name-only

echo "=== Diff Stats ==="
git diff --stat HEAD

Step 2: Run Code Review

ใช้ Task tool กับ subagent_type="general-purpose" เพื่อ review code:

code
Prompt:
"Review the code changes in this branch compared to main.

Check for:
1. **Code Quality**: Best practices, clean code, naming conventions
2. **Bugs**: Potential bugs, logic errors, edge cases
3. **Security**: SQL injection, XSS, command injection, secrets exposure
4. **Performance**: N+1 queries, memory leaks, inefficient algorithms
5. **Tests**: Test coverage, missing tests, test quality

For each finding, provide:
- Severity: CRITICAL / WARNING / INFO
- File and line number
- Description of the issue
- Suggested fix

Output format:
## Review Summary

### Critical Issues (must fix)
- [ ] Issue description

### Warnings (should fix)
- [ ] Issue description

### Info (nice to have)
- [ ] Issue description

### Overall Assessment
Pass / Fail with reason"

Step 3: Report Results

ถ้ามี CRITICAL issues:

markdown
## Code Review Failed

### Critical Issues Found

[list of critical issues]

### Action Required
แก้ไข critical issues ก่อน push

### Commands
- แก้ไข code
- รัน `/review` อีกครั้ง

ถ้าไม่มี CRITICAL issues:

markdown
## Code Review Passed

### Summary
- Critical: 0
- Warnings: [count]
- Info: [count]

### Warnings (should fix)
[list if any]

### Ready to Push
Code is ready for `/td` or manual push

Review Checklist

CategoryWhat to Check
Code QualityNaming, formatting, comments, DRY
BugsNull checks, error handling, edge cases
SecurityInput validation, auth, secrets
PerformanceQueries, loops, memory
TestsCoverage, quality, assertions

Severity Levels

LevelDescriptionAction
CRITICALSecurity vulnerability, data loss, crashMust fix before push
WARNINGBug risk, bad practice, missing testShould fix
INFOStyle, optimization, suggestionNice to have

Integration with /td

/td command จะเรียก /review โดยอัตโนมัติใน Step 4

ถ้า review fail → /td จะหยุดและแจ้งให้แก้ไขก่อน

Examples

Example Output (Pass)

markdown
## Code Review Passed

### Summary
- Critical: 0
- Warnings: 2
- Info: 3

### Warnings
1. `internal/auth/service.go:45` - Missing error check on database call
2. `internal/user/handler.go:78` - No input validation for email

### Info
1. `internal/auth/service.go:12` - Consider using constants for magic numbers
2. `internal/user/model.go:5` - Add godoc comment for exported type
3. `tests/auth_test.go:30` - Consider adding edge case test

### Ready to Push

Example Output (Fail)

markdown
## Code Review Failed

### Critical Issues Found

1. `internal/db/query.go:23` - SQL Injection vulnerability
   ```go
   query := "SELECT * FROM users WHERE id = " + userId

Fix: Use parameterized queries

go
query := "SELECT * FROM users WHERE id = $1"
db.Query(query, userId)
  1. config/secrets.go:5 - Hardcoded API key exposed
    go
    const API_KEY = "sk-1234567890"
    
    Fix: Use environment variables

Action Required

แก้ไข critical issues ก่อน push

code

## Related Commands

| Command | Purpose |
|---------|---------|
| `/td` | จบ session (เรียก review อัตโนมัติ) |
| `/commit` | Atomic commits |
| `/review` | Manual code review (คุณอยู่ที่นี่) |