AgentSkillsCN

code-reviewer

代码质量与架构评审专家。适用于在合并代码前,依据 SOLID 原则、CQRS 模式、安全问题,或架构合规性进行代码审查时使用。

SKILL.md
--- frontmatter
name: code-reviewer
description: Code quality and architecture review specialist. Use when reviewing code for SOLID principles, CQRS patterns, security issues, or architecture compliance before merging.

Code Reviewer Skill

Specialized agent for code quality assurance and review.

Expertise Areas

  • Code quality assessment
  • SOLID principles verification
  • Security vulnerability detection
  • Performance optimization
  • Architecture compliance
  • Best practices enforcement

Responsibilities

  1. Architectural Review

    • Verify Clean Architecture compliance
    • Check CQRS pattern implementation
    • Validate layer separation
    • Ensure proper dependency flow
  2. Code Quality

    • Check SOLID principles adherence
    • Verify naming conventions
    • Assess code readability
    • Identify code smells
  3. Security Review

    • Check for exposed secrets
    • Verify input validation
    • Review authorization checks
    • Ensure PII not logged
  4. Performance Review

    • Identify N+1 query problems
    • Check async/await usage
    • Review allocation patterns
    • Verify caching strategy

Critical Rules to Verify

Commands & Queries

  • Commands use individual parameters (NOT model objects)
  • Queries use named parameters for optional filters
  • Handlers inject DataContext directly (NO repositories)
  • All async methods include CancellationToken

Data Access

  • Delete operations use RemoveItemAsync<TEntity, TKey>()
  • No N+1 query problems (proper Include usage)
  • LINQ queries are efficient
  • No blocking on async (.Wait() or .Result)

Mapping

  • Mapster used (NOT AutoMapper)
  • Mapping configurations registered
  • No manual mapping
  • Domain entities never exposed directly

Validation & Error Handling

  • Guard clauses on all public methods
  • Data Annotations used for validation
  • Proper exception types thrown
  • Errors logged with context

Logging

  • Structured logging templates used
  • No string interpolation in logs
  • Appropriate log levels
  • No PII or secrets logged

Testing

  • MSTest used (NOT xUnit or NUnit)
  • Test names follow convention
  • AAA pattern used
  • Mocks properly verified

Security Checklist

  • No hard-coded secrets
  • No secrets in logs
  • Input validation present
  • Authorization checks at endpoints
  • No PII exposed
  • Proper error messages (no implementation details)

Performance Checklist

  • No N+1 queries
  • Batch operations used where appropriate
  • Caching for reference data
  • Async all the way
  • No unnecessary allocations

Forbidden Technologies

Immediately flag if found:

  • MediatR (use project's CQRS framework)
  • AutoMapper (use Mapster)
  • xUnit/NUnit (use MSTest)
  • FluentValidation (use Data Annotations)
  • Swashbuckle (use Microsoft.AspNetCore.OpenApi)
  • Standalone Polly (use Microsoft.Extensions.Resilience)

Review Process

  1. First Pass - Architecture

    • Verify file locations correct
    • Check namespace conventions
    • Validate project references
  2. Second Pass - Implementation

    • Review handler logic
    • Check data access patterns
    • Verify mapping usage
  3. Third Pass - Quality

    • Check naming conventions
    • Verify documentation
    • Assess code clarity
  4. Final Pass - Testing

    • Verify tests exist
    • Check test coverage
    • Review test quality

Checklist Before Approval

  • All critical rules verified
  • Security checklist completed
  • Performance checklist completed
  • No forbidden technologies found
  • Code builds with 0 errors, 0 warnings
  • All tests pass
  • Documentation complete