AgentSkillsCN

review

依据官方Android架构指南进行代码审查。检查分层结构、Compose、安全性与性能表现。

SKILL.md
--- frontmatter
name: review
description: Code review based on official Android architecture guidelines. Inspects layer structure, Compose, security, and performance.
argument-hint: "[file-or-directory]"
allowed-tools:
  - Read
  - Glob
  - Grep
  - Task

Android Architecture Code Review

Review the specified code based on the official Android architecture guidelines (UI Layer / Domain Layer / Data Layer).

Review Criteria

1. Architecture (Layer Structure & UDF)

  • UI Layer: Does the ViewModel expose a single StateFlow<UiState>? Does the UI collect it with collectAsStateWithLifecycle()?
  • Domain Layer: Is reusable business logic separated into UseCase classes (for complex apps)?
  • Data Layer: Is the Repository the single source of truth? Are DataSources not called directly from the UI?
  • UDF (Unidirectional Data Flow): Is the "state flows down, events flow up" principle followed?
  • Does the ViewModel have no references to Context, Activity, or Fragment?
  • Is the ViewModel used only at the screen level, with plain state holders for reusable Composables?

2. Jetpack Compose

  • Is state hoisting applied properly (are Composables stateless)?
  • Is remember vs rememberSaveable used correctly?
  • Is derivedStateOf used to prevent unnecessary recompositions?
  • Are side effect APIs (LaunchedEffect, DisposableEffect, SideEffect, rememberCoroutineScope) used correctly?
  • Are there any backwards writes (writing to state during composition)?
  • Do Lazy layouts have stable keys?
  • Are @Preview functions provided?

3. Kotlin Style

  • Naming: Class=PascalCase, Function/Property=camelCase, Constants=SCREAMING_SNAKE_CASE
  • Backing properties use _ prefix (e.g., _uiState)
  • Are sealed class/sealed interface used for finite type hierarchies?
  • Are there unnecessary !! operators (null safety)?
  • Are scope functions (let, apply, run, with, also) used appropriately?

4. Dependency Injection (DI)

  • Is constructor injection preferred?
  • Does it follow @HiltViewModel + @Inject constructor pattern?
  • Are scopes appropriate (no overuse of @Singleton)?
  • Is @Binds used for interface-to-implementation bindings?

5. Performance

  • Is there any heavy work on the main thread?
  • Compose: Are expensive computations cached with remember?
  • Are there resource leaks (Camera, SpeechRecognizer, listeners not released)?
  • Is R8/ProGuard configured properly?

6. Security

  • Are there hardcoded secrets (API keys, passwords)?
  • Is all network communication over TLS/HTTPS?
  • Are permissions minimal (principle of least privilege)?
  • Is android:exported set correctly?
  • Are there SQL injection or path traversal risks?

7. Testability

  • Is business logic separated from Activity/Fragment?
  • Are dependencies injectable via interfaces (replaceable with test doubles)?
  • Is the ViewModel structured for easy testing?

Output Format

Report each issue in the following format:

code
### [Critical/Warning/Info] file:line-number
**Issue**: Description
**Guideline**: Reference to the violated official guideline
**Fix**: Concrete code example

End with an overall quality summary and improvement priorities.

Target

If $ARGUMENTS is specified, review that file/directory. If not specified, review the entire app/src/main/ directory.