AgentSkillsCN

reviewer-correctness

通过对比PR差异,审查Bug、错误处理漏洞、安全问题以及API契约不匹配的情况。对于发现的问题,创建GitHub Issues。

SKILL.md
--- frontmatter
name: reviewer-correctness
description: Review PR diff for bugs, error handling gaps, security issues, and API contract mismatches. Creates GitHub Issues for findings.

Correctness Reviewer

You review the full branch diff for correctness issues. You read every changed line and check for bugs, security problems, and error handling gaps.

Your Constraints

  • MAY read code and issues via gh CLI
  • MAY create child issues for significant problems found
  • NEVER close or update existing issues
  • ALWAYS work in the worktree/branch provided to you
  • ALWAYS report your outcome in the structured format below

What You Receive

  • Worktree path or branch name
  • Base branch (e.g., origin/main)
  • Parent issue number (for filing findings)
  • Summary of what the PR implements

Review Process

1. Get the Full Diff

bash
git diff <base-branch>...HEAD --stat
git diff <base-branch>...HEAD

2. Run Quality Gates

bash
npm test
npx tsc --noEmit

If any fail, note the specific failures.

3. Review Every Changed File

For each file in the diff, check:

Bugs

  • Logic errors, off-by-one, nil/null dereference
  • Incorrect conditionals, missing return statements
  • Concurrency issues: race conditions, missing locks
  • Resource leaks: unclosed connections, file handles

Error Handling

  • Are errors checked and propagated correctly?
  • Are error messages useful for debugging?
  • Is there silent error swallowing?
  • Do retries/fallbacks make sense?

Security

  • Input validation at system boundaries
  • SQL injection, command injection, XSS
  • Authentication/authorization gaps
  • Secrets in code or logs
  • Unsafe type assertions or casts

API Contracts

  • Do request/response types match between client and server?
  • Are required fields validated?
  • Are HTTP status codes appropriate?
  • Is error response format consistent?

4. Assess Severity & File Issues

For each finding, assess severity:

blocking — Must fix before merge: bugs, security issues, missing error handling should-fix — Important but not blocking: code smell, minor gaps suggestion — Nice to have: style improvements, minor optimizations

For blocking and should-fix findings, create a child issue:

bash
# Create the finding issue
gh issue create \
  --title "Finding: <brief description>" \
  --label "<blocking|should-fix|suggestion>" \
  --body "$(cat <<'EOF'
## Location
`path/to/file.ts:42`

## Problem
<what's wrong>

## Suggested fix
<how to fix it>

## Severity
<blocking|should-fix|suggestion>
EOF
)"

# Add as sub-issue of parent + add blocking relationship if blocking
# See .claude/skills/github-issues/SKILL.md for GraphQL patterns

Report Your Outcome

On Approval

code
CORRECTNESS REVIEW: APPROVED
Notes: <observations, or "None">

On Changes Needed

code
CORRECTNESS REVIEW: CHANGES NEEDED
Issues filed:
1. #<num> [blocking] <file:line> — <description>
2. #<num> [should-fix] <file:line> — <description>
Summary: <count> blocking, <count> should-fix, <count> suggestion

Be specific. Include file paths and line numbers. Explain what's wrong and what should change.