staged-changes-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseStaged Changes Review
暂存变更审查
This skill provides comprehensive analysis of Git staged changes to identify risks, errors, and potential issues before committing code.
本技能针对Git暂存变更提供全面分析,用于在提交代码前识别风险、错误和潜在问题。
输出要求 / Output Requirements
输出要求 / Output Requirements
重要:本技能必须使用中文输出所有分析结果和建议。
- 语言 (Language): 始终使用中文回复
- 编码 (Encoding): 使用 UTF-8 编码
- 风格 (Style): 专业、详细、实用,提供具体的代码示例和修改建议
重要:本技能必须使用中文输出所有分析结果和建议。
- 语言 (Language): 始终使用中文回复
- 编码 (Encoding): 使用 UTF-8 编码
- 风格 (Style): 专业、详细、实用,提供具体的代码示例和修改建议
Core Workflow
核心工作流程
When invoked, follow this systematic review process:
调用本技能时,请遵循以下系统化审查流程:
Step 1: Retrieve Staged Changes
步骤1:获取暂存变更
bash
undefinedbash
undefinedGet the diff of staged changes
Get the diff of staged changes
git diff --cached
git diff --cached
Get list of staged files
Get list of staged files
git status --short | grep "^[MARC]"
undefinedgit status --short | grep "^[MARC]"
undefinedStep 2: Multi-Perspective Analysis
步骤2:多维度分析
Analyze the staged changes from four critical perspectives:
从四个关键维度分析暂存变更:
2.1 Syntax and Compilation Errors
2.1 语法与编译错误
- Missing imports or undefined references
- Type errors and incorrect type annotations
- Syntax errors (missing semicolons, brackets, quotes)
- Invalid API usage or method signatures
- Malformed JSON/YAML/configuration files
- 缺失的导入或未定义的引用
- 类型错误和不正确的类型注解
- 语法错误(缺少分号、括号、引号)
- 无效的API使用或方法签名
- 格式错误的JSON/YAML/配置文件
2.2 Logic and Runtime Errors
2.2 逻辑与运行时错误
- Null pointer / undefined access risks
- Off-by-one errors in loops and array access
- Incorrect error handling (missing try-catch, unhandled promises)
- Memory leaks (unclosed resources, event listeners)
- Race conditions in async code
- 空指针/未定义访问风险
- 循环和数组访问中的差一错误
- 错误处理不当(缺少try-catch、未处理的Promise)
- 内存泄漏(未关闭的资源、事件监听器)
- 异步代码中的竞争条件
2.3 Breaking Changes and Side Effects
2.3 破坏性变更与副作用
- API signature changes affecting consumers
- Database schema modifications
- Environment variable changes
- Dependency version updates with breaking changes
- Removed or renamed public functions/classes
When potential breaking changes are detected:
bash
undefined- 影响消费者的API签名变更
- 数据库模式修改
- 环境变量变更
- 包含破坏性变更的依赖版本更新
- 已移除或重命名的公共函数/类
当检测到潜在破坏性变更时:
bash
undefinedSearch for usages of modified functions/classes
Search for usages of modified functions/classes
git grep -n "functionName" -- ".js" ".ts"
git grep -n "functionName" -- ".js" ".ts"
Check if migrations are included for schema changes
Check if migrations are included for schema changes
find . -name "migration" -mtime -1
find . -name "migration" -mtime -1
Review related test files
Review related test files
git diff --cached --name-only | grep test
undefinedgit diff --cached --name-only | grep test
undefined2.4 Security Vulnerabilities
2.4 安全漏洞
- Hardcoded credentials, API keys, or secrets
- SQL injection vulnerabilities
- XSS (Cross-Site Scripting) risks
- Insecure data handling (unencrypted PII)
- Authentication/authorization bypasses
- 硬编码的凭据、API密钥或机密信息
- SQL注入漏洞
- XSS(跨站脚本)风险
- 不安全的数据处理(未加密的个人可识别信息)
- 身份验证/授权绕过
Step 3: Contextual Code Inspection
步骤3:上下文代码检查
When issues are found, examine related code:
bash
undefined当发现问题时,检查相关代码:
bash
undefinedView full file context
View full file context
git show HEAD:<filename>
git show HEAD:<filename>
Search related code patterns
Search related code patterns
git grep -n "relatedPattern" -- "*.ext"
undefinedgit grep -n "relatedPattern" -- "*.ext"
undefinedStep 4: Confidence Scoring
步骤4:置信度评分
| Level | Score | Examples |
|---|---|---|
| HIGH | 90-100 | Syntax errors, type mismatches, clear security issues |
| MEDIUM | 60-89 | Potential logic errors, suspicious patterns |
| LOW | 20-59 | Code smells, style concerns |
| 等级 | 分数 | 示例 |
|---|---|---|
| 高 | 90-100 | 语法错误、类型不匹配、明确的安全问题 |
| 中 | 60-89 | 潜在逻辑错误、可疑模式 |
| 低 | 20-59 | 代码异味、风格问题 |
Step 5: Generate Review Report
步骤5:生成审查报告
Present findings in this format:
markdown
undefined按以下格式呈现发现的问题:
markdown
undefinedStaged Changes Review
Staged Changes Review
Summary
Summary
- Files Changed: <count>
- High Risk Issues: <count>
- Medium Risk Issues: <count>
- Security Concerns: <count>
- Files Changed: <count>
- High Risk Issues: <count>
- Medium Risk Issues: <count>
- Security Concerns: <count>
Critical Issues (Confidence >= 80)
Critical Issues (Confidence >= 80)
1. [Category] Issue Title
1. [Category] Issue Title
File:
Severity: CRITICAL | HIGH | MEDIUM
Confidence: <score>/100
path/to/file.ext:lineProblem: [Description]
Impact: [What happens if committed]
Recommendation: [Specific fix]
File:
Severity: CRITICAL | HIGH | MEDIUM
Confidence: <score>/100
path/to/file.ext:lineProblem: [Description]
Impact: [What happens if committed]
Recommendation: [Specific fix]
Files Review Summary
Files Review Summary
| File | Status | Issues | Risk Level |
|---|---|---|---|
| path/to/file1 | Clean | 0 | Low |
| path/to/file2 | Warning | 2 | Medium |
| path/to/file3 | Critical | 1 | High |
undefined| File | Status | Issues | Risk Level |
|---|---|---|---|
| path/to/file1 | Clean | 0 | Low |
| path/to/file2 | Warning | 2 | Medium |
| path/to/file3 | Critical | 1 | High |
undefinedQuick Reference
快速参考
| Perspective | Key Checks |
|---|---|
| Syntax | Imports, types, brackets, API usage |
| Logic | Null access, loops, error handling, async |
| Breaking | API changes, schema, dependencies |
| Security | Secrets, injection, XSS, auth |
| 维度 | 关键检查项 |
|---|---|
| 语法 | 导入、类型、括号、API使用 |
| 逻辑 | 空值访问、循环、错误处理、异步 |
| 破坏性变更 | API变更、模式、依赖 |
| 安全 | 机密信息、注入、XSS、身份验证 |
Additional Resources
额外资源
For language-specific patterns and edge cases, see:
- - Language-specific validation rules
references/language-patterns.md - - Special scenarios and optimizations
references/edge-cases.md
针对特定语言的模式和边缘情况,请参考:
- - 特定语言的验证规则
references/language-patterns.md - - 特殊场景与优化
references/edge-cases.md