AgentSkillsCN

review-code

基于规则的多维度代码审查。从安全性、架构、正确性、性能、可读性,以及测试等多个维度进行全面评估。

SKILL.md
--- frontmatter
name: review-code
description: Multi-dimensional code review with rule-based analysis. Covers security, architecture, correctness, performance, readability, and testing dimensions.
trigger: review code|code review|审查代码|代码审查

Review Code Skill

Multi-dimensional code review using structured rule files for consistent, thorough analysis.

Architecture

code
┌─────────────────────────────────────────────────────────────────┐
│                    Review Orchestrator                          │
│         collect → quick-scan → deep-review → report             │
└───────────────────────────┬─────────────────────────────────────┘
                            │
    ┌───────────┬───────────┼───────────┬───────────┬───────────┐
    ▼           ▼           ▼           ▼           ▼           ▼
┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐ ┌────────┐
│Security│ │  Arch  │ │Correct-│ │ Perf   │ │ Read-  │ │Testing │
│ Rules  │ │ Rules  │ │  ness  │ │ Rules  │ │ability │ │ Rules  │
└────────┘ └────────┘ └────────┘ └────────┘ └────────┘ └────────┘

Review Dimensions

DimensionPrefixFocus Areas
SecuritySECXSS, injection, credentials, crypto
ArchitectureARCHCoupling, layering, SRP, abstractions
CorrectnessCORRNull checks, error handling, logic
PerformancePERFAlgorithms, I/O, memory leaks
ReadabilityREADNaming, complexity, documentation
TestingTESTCoverage, assertions, test quality

Severity Levels

LevelPrefixAction Required
Critical[C]Must fix before merge
High[H]Should fix
Medium[M]Consider fixing
Low[L]Nice to have

Execution Flow

code
1. Collect Context
   └─ Identify files, tech stack, framework

2. Quick Scan
   └─ Load rules from rules/*.json
   └─ Run pattern matching
   └─ Identify high-risk areas

3. Deep Review (per dimension)
   └─ Apply dimension-specific rules
   └─ Check contextual patterns
   └─ Validate negative patterns

4. Generate Report
   └─ Group by severity
   └─ Include file:line references
   └─ Add fix examples

Rule File Structure

Each rules/*.json file contains:

json
{
  "dimension": "security",
  "prefix": "SEC",
  "rules": [
    {
      "id": "sql-injection",
      "category": "injection",
      "severity": "critical",
      "pattern": "regex pattern",
      "patternType": "regex|includes",
      "negativePatterns": ["patterns that exclude false positives"],
      "description": "What the issue is",
      "recommendation": "How to fix it",
      "fixExample": "// Before\n...\n// After\n..."
    }
  ]
}

Usage

bash
# Review specific files
/review src/auth/*.ts

# Review a directory
/review src/components/

# Review recent changes
/review $(git diff --name-only HEAD~1)

Output Format

markdown
## Code Review Report

### Critical Issues (Must Fix)

- **[SEC-001] SQL Injection** `src/db/query.ts:42`
  - Pattern: String concatenation in query
  - Fix: Use parameterized queries

### High Priority

- **[ARCH-002] Layer Violation** `src/components/UserList.tsx:15`
  - Pattern: Direct database access in component
  - Fix: Extract to service layer

### Medium Priority

...

### Summary

- Critical: 1
- High: 2
- Medium: 5
- Low: 3

Rule Files Reference

FileRules
rules/security-rules.jsonXSS, injection, secrets, crypto
rules/architecture-rules.jsonCoupling, layers, SRP
rules/correctness-rules.jsonNull, errors, logic
rules/performance-rules.jsonComplexity, I/O, memory
rules/readability-rules.jsonNaming, nesting, magic values
rules/testing-rules.jsonAssertions, coverage, quality