Chinese Code Review Guidelines

Overview

Domestic teams often encounter two extremes when conducting Code Review: either being overly polite and letting critical issues slip through, or copying the straightforward Western style which embarrasses colleagues. This skill helps you find a balance — neither avoiding problems nor making others unwilling to accept feedback.

Core Principles: Replace "commands" with "suggestions", replace "negations" with "questions", but never overlook bugs for the sake of politeness.

Expression of Review Feedback

Replace Commands with Suggestions

Avoid (Imperative)	Recommend (Suggestive)
You must change this to X	It is recommended to consider using X because Y
This is written wrong	There might be an issue here. Have you considered scenario Z?
Don't use this method	This method may have performance issues in scenario A. You can look at solution B
This code doesn't work	Did I understand this logic correctly? What happens if the input is empty?

Replace Negations with Questions

When you're unsure of the other party's intent, ask first before commenting:

# Good approach
What was the consideration for using sync to read files here? If concurrency increases, it might block the event loop.

# Bad approach
You shouldn't use sync to read files here.

Priority Labeling

Use unified priority markers to help authors quickly judge urgency:

[Must Fix] — Security vulnerabilities, data loss risks, logical errors (cannot merge without fixing)
[Suggested Change] — Performance issues, maintainability, missing validations (fix in this iteration or next)
[For Reference Only] — Naming optimizations, style suggestions, alternative solutions (okay to leave unchanged)
[Question] — Uncertain areas that require the author to explain intent

Review Comment Template

[Must Fix] SQL Injection Risk

Line 42: User input is directly concatenated into the SQL statement.

Reason: Attackers can inject `'; DROP TABLE users; --` via the name parameter.

Suggestion: Use parameterized queries:
  db.query('SELECT * FROM users WHERE name = $1', [name])

Reference: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

Chinese-English Mixed Code Comment Guidelines

When to Use Chinese

Business Logic Explanations — Use Chinese to explain business background and requirement sources
Complex Algorithm Comments — Write the thought process in Chinese to ensure all team members can understand
TODO / FIXME — Describe pending tasks in Chinese for easy searching and tracking
Document Comments (Internal Projects) — Use Chinese for descriptive text in JSDoc / Javadoc

typescript

/**
 * Calculate member level discount for users
 *
 * Business Rules:
 * - Regular members: 5% off
 * - Silver members: 10% off
 * - Gold members: 15% off
 * - Diamond members: 20% off
 *
 * @param level - Member level (MemberLevel enum)
 * @param amount - Original amount (unit: cents)
 * @returns Discounted amount (unit: cents)
 */
function calculateDiscount(level: MemberLevel, amount: number): number {
  // ...
}

When to Use English

Variable names, function names, class names — Always use English naming, follow team naming conventions
Git commit message — Refer to the commit guidelines below
Open Source Project Comments — For projects targeting the international community, use English for comments uniformly
Error messages and logs — Use English for production environment error messages (to avoid encoding issues)
API Documentation — Use English for externally exposed APIs

Mixed Format Requirements

typescript

// Good: Add space between Chinese and English
// Use Redis cache to reduce MySQL query pressure

// Bad: No space between Chinese and English
// 使用Redis缓存来减少MySQL的查询压力

// Good: Keep technical terms in English
// Use debounce to prevent frequent API requests

// Bad: Force translation of technical terms
// 这里用防抖动处理，避免频繁触发应用程序接口请求

Commit Message Chinese-English Bilingual Format

Recommended Format

For internal team projects, use Chinese commit messages, adopting the Chinese version of Conventional Commits:

<type>(<scope>): <brief description>

<detailed explanation (optional)>

<relevant information (optional)>

Type Comparison Table

Type	Meaning	Example
feat	New feature	feat(user): Add mobile phone login function
fix	Fix bug	fix(payment): Fix repeated processing of WeChat payment callbacks
docs	Document changes	docs: Update API documentation
style	Code format	style: Unify indentation to 2 spaces
refactor	Refactoring	refactor(order): Split order service and extract common logic
perf	Performance optimization	perf(list): Virtual scroll optimization for long list rendering performance
test	Testing	test(auth): Add unit tests for login module
chore	Build/tools	chore: Upgrade Node.js to v20

Example

fix(payment): Fix Alipay asynchronous callback signature verification failure

Reason: After upgrading the SDK, the signature algorithm changed from RSA to RSA2, but callback verification still used the old algorithm.
Solution: Support both RSA and RSA2 signature verification in callback processing.

Closes #1234

Projects Targeting International Community

If the project targets the international community or has foreign members, use English for commit messages, and attach Chinese explanations in PR descriptions:

fix(payment): fix Alipay async callback signature verification failure

The SDK upgrade changed the signature algorithm from RSA to RSA2,
but the callback handler still used the old algorithm.

Closes #1234

Common Anti-patterns and Countermeasures

Anti-pattern 1: Overly Polite

Performance: All comments are like "I think maybe perhaps there's a small issue here..."

Consequence: Critical bugs are hidden in a pile of euphemisms, and the author doesn't know which ones must be fixed.

Countermeasure: Use priority labeling. [Must Fix] means it must be fixed. The tone can be gentle, but the priority must be accurate.

# Bad: Overly polite
I don't know if I understand correctly, but there might be a tiny concurrency issue here, though maybe I'm wrong...

# Good: Gentle but clear
[Must Fix] Concurrency Safety Issue

This map is being read and written simultaneously in multiple goroutines, which will trigger a panic.
It is recommended to add sync.RWMutex, or switch to sync.Map.

Reproduction method: Run tests with -race flag to see it.

Anti-pattern 2: Afraid to Give Feedback to Senior Developers

Performance: Directly Approve code from senior developers or leaders without careful review.

Consequence: Double standards in code quality, and the team loses trust in Code Review.

Countermeasure: Code Review is about the code, not the person. You can use an alternative expression:

# Question-based (suitable for feedback to senior colleagues)
I'd like to ask, what was the consideration for choosing recursion instead of iteration here?
I'm thinking if the recursion depth exceeds 1000 layers, will there be a stack overflow risk?

# Learning-based
Learned a new writing style! But I have a small question — the type assertion here isn't checked at runtime.
If the upstream data structure changes, this will pass silently. Have you considered adding runtime validation?

Anti-pattern 3: Review Becomes a Style Dispute

Performance: A large number of comments obsess over indentation, spaces, brace positions.

Consequence: Wastes time and ignores real issues.

Countermeasure: Leave style issues to tools like ESLint / Prettier / gofmt to handle automatically. Code Review focuses on logic, security, and performance.

Anti-pattern 4: Only Write "LGTM"

Performance: Casually write LGTM and Approve without substantive review.

Consequence: Code Review becomes a formality, and no one takes responsibility when problems occur.

Countermeasure: Even if the code quality is good, write out the aspects you focused on:

LGTM

Reviewed the following aspects:
- Concurrency safety: Lock granularity is reasonable
- Error handling: All external calls have error handling
- Backward compatibility: New fields all have default values, no impact on old versions

A small suggestion [For Reference Only]: The variable name `d` on line 78 can be changed to `duration` for better readability.

Review Process Suggestions

Before Starting the Review

First read the PR description to understand the background and purpose of the changes
Look at related Issues or requirement documents
First browse the overall changes, then look at each file in detail

Review Order

Architecture Level — Is the solution reasonable? Is there a better way?
Correctness — Is the logic correct? Are boundary conditions handled?
Security — Are there injection, unauthorized access, information leakage issues?
Performance — Are there N+1 queries, memory leaks, unnecessary loops?
Maintainability — Can it be understood in half a year? Is test coverage sufficient?
Style — Only focus on parts that cannot be handled automatically by tools

Provide a Summary

After completing the review, provide a summary including:

Overall evaluation (one sentence)
Points worth learning (praise first, then constructive feedback)
List of main issues (by priority)
Suggested modification directions

Summary: The overall implementation idea is clear, and the idempotent processing of payment callbacks is well done.

Main Issues:
1. [Must Fix] Concurrent map write issues (2 places)
2. [Suggested Change] Missing null value validations (3 places)
3. [For Reference Only] Several variable names can be more semantic

Suggestion: Fix the concurrency issues first, and the validation part can be fixed in this iteration or split into the next one.

Checklist

Before submitting review comments, confirm:

Each comment is labeled with priority
[Must Fix] issues all have specific repair suggestions
No critical issues were skipped for the sake of politeness
No style issues that can be handled automatically by tools were obsessed over
Positive feedback was given for good code
An overall summary was provided

chinese-code-review

NPX Install

Tags

SKILL.md Content (Chinese)