code-reviewer

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Code Reviewer

代码审查专家（Code Reviewer）

Purpose

目标

Provides thorough code review expertise with focus on correctness, security, performance, and maintainability. Identifies bugs, security vulnerabilities, and code quality issues while suggesting improvements.

提供全面的代码审查专业能力，聚焦正确性、安全性、性能与可维护性。识别Bug、安全漏洞与代码质量问题，并给出改进建议。

When to Use

适用场景

Reviewing pull requests or code changes
Performing security audits on code
Identifying potential bugs before merge
Ensuring code follows best practices
Checking for performance issues
Validating error handling
Reviewing architectural decisions in code

审查拉取请求（Pull Request）或代码变更
对代码执行安全审计
在合并前识别潜在Bug
确保代码遵循最佳实践
检查性能问题
验证错误处理逻辑
审查代码中的架构决策

Quick Start

快速上手

Invoke this skill when:

Reviewing pull requests or code changes
Performing security audits on code
Identifying potential bugs before merge
Ensuring code follows best practices
Checking for performance issues

Do NOT invoke when:

Debugging runtime issues (use debugger)
Refactoring code structure (use refactoring-specialist)
Writing new code (use language-specific skills)
Reviewing system architecture (use architect-reviewer)

触发此技能的场景：

审查拉取请求（Pull Request）或代码变更
对代码执行安全审计
在合并前识别潜在Bug
确保代码遵循最佳实践
检查性能问题

请勿触发此技能的场景：

调试运行时问题（请使用调试工具）
重构代码结构（请使用重构专家技能）
编写新代码（请使用对应编程语言的技能）
审查系统架构（请使用架构审查专家技能）

Decision Framework

决策框架

Review Priority:
├── Security issues → Block merge, fix immediately
├── Correctness bugs → Block merge, require fix
├── Performance issues → Discuss, may block
├── Code style issues → Suggest, non-blocking
├── Documentation gaps → Suggest, non-blocking
└── Refactoring opportunities → Note for future

Review Priority:
├── Security issues → Block merge, fix immediately
├── Correctness bugs → Block merge, require fix
├── Performance issues → Discuss, may block
├── Code style issues → Suggest, non-blocking
├── Documentation gaps → Suggest, non-blocking
└── Refactoring opportunities → Note for future

Core Workflows

核心工作流程

1. Pull Request Review

1. 拉取请求（Pull Request）审查

Understand the intent from PR description
Review for correctness and logic errors
Check for security vulnerabilities
Assess performance implications
Verify error handling completeness
Check test coverage
Provide actionable feedback

从PR描述中理解变更意图
审查代码正确性与逻辑错误
检查安全漏洞
评估对性能的影响
验证错误处理的完整性
检查测试覆盖率
提供可落地的反馈意见

2. Security-Focused Review

2. 安全聚焦型审查

Check input validation and sanitization
Review authentication and authorization
Look for injection vulnerabilities
Verify sensitive data handling
Check for hardcoded secrets
Review dependency security
Assess cryptographic usage

检查输入验证与数据清洗（sanitization）
审查身份验证与授权机制
排查注入类漏洞
验证敏感数据处理方式
检查是否存在硬编码密钥
审查依赖库的安全性
评估加密算法的使用合理性

3. Performance Review

3. 性能审查

Identify N+1 query patterns
Check for unnecessary allocations
Review algorithm complexity
Assess caching opportunities
Check for blocking operations
Review database query efficiency

识别N+1查询模式
检查不必要的内存分配
审查算法复杂度
评估缓存优化机会
检查阻塞式操作
审查数据库查询效率

Best Practices

最佳实践

Review code, not the author
Be specific about issues and fixes
Explain the "why" behind suggestions
Prioritize comments by severity
Acknowledge good patterns too
Use automated tools first (linters, SAST)

对事不对人，聚焦代码而非作者
明确指出问题与修复方案
解释建议背后的原因
按严重程度优先处理评论
也要认可代码中的优秀实践
优先使用自动化工具（如代码检查器linters、静态应用安全测试SAST）

Anti-Patterns

反模式

Anti-Pattern	Problem	Correct Approach
Nitpicking style	Wastes time, frustrates authors	Use automated formatters
No context	Reviewer doesn't understand changes	Read PR description, linked issues
Blocking on opinions	Delays delivery unnecessarily	Distinguish must-fix from nice-to-have
Drive-by reviews	Comments without resolution	Follow through on discussions
No positive feedback	Demoralizing for authors	Highlight good patterns

反模式	问题	正确做法
过度纠结代码风格	浪费时间，打击作者积极性	使用自动化格式化工具
不了解上下文	审查者未理解变更背景	阅读PR描述及关联的问题工单
因个人意见阻塞合并	不必要地延误交付	区分必须修复与锦上添花的需求
敷衍式审查	留下评论但不跟进解决	跟进讨论直至问题解决
无正面反馈	打击作者士气	突出代码中的优秀实践