Back to Details

init-review-policy

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Initialize Review Policy

初始化审查策略

Create a repo-local review policy package for use by 
/code-review
and 
/review
.
创建仓库本地的审查策略包,供/code-review和/review使用。

Goal

目标

Initialize these files:
  • .opencode/review/policy.md
    (required)
  • .opencode/review/checklist.md
    (optional but recommended)
  • .opencode/review/severity.yml
    (optional but recommended)
初始化以下文件:
  • .opencode/review/policy.md
    (必填)
  • .opencode/review/checklist.md
    (可选但推荐)
  • .opencode/review/severity.yml
    (可选但推荐)

Behavior

执行逻辑

  1. Detect repo root (prefer 
    vcs-detect
    if available).
  2. Create 
    .opencode/review/
    if missing.
  3. If files do not exist, create them from templates below.
  4. If files exist, preserve user content and only add missing sections.
  5. Ask for domain-specific overrides from user input and apply them.
  6. Return a short summary with created/updated file paths.
  1. 检测仓库根目录(如果有
    vcs-detect
    则优先使用)。
  2. .opencode/review/
    目录不存在则创建。
  3. 若目标文件不存在,根据下方模板创建。
  4. 若文件已存在,保留用户原有内容,仅补充缺失的章节。
  5. 向用户询问领域专属的自定义配置并应用。
  6. 返回包含已创建/更新文件路径的简短总结。

policy.md template

policy.md 模板

markdown
undefined
markdown
undefined

Review Policy

Review Policy

Scope

Scope

  • Applies to all code reviews in this repository.
  • Overrides generic review defaults where explicitly stated.
  • Applies to all code reviews in this repository.
  • Overrides generic review defaults where explicitly stated.

Critical Domains

Critical Domains

  • Authentication and authorization
  • Data integrity and migrations
  • Secrets, credentials, and PII handling
  • Billing, quota, and financial calculations
  • Authentication and authorization
  • Data integrity and migrations
  • Secrets, credentials, and PII handling
  • Billing, quota, and financial calculations

Must-Flag Findings

Must-Flag Findings

  • Security vulnerabilities with practical exploit paths
  • Silent data loss or corruption risks
  • Backward-incompatible API or schema changes without migration plan
  • Missing rollback/guardrails for risky deploy paths
  • Security vulnerabilities with practical exploit paths
  • Silent data loss or corruption risks
  • Backward-incompatible API or schema changes without migration plan
  • Missing rollback/guardrails for risky deploy paths

Usually Ignore

Usually Ignore

  • Pure style nits unless they hide correctness issues
  • Hypothetical edge cases without realistic trigger paths
  • Pure style nits unless they hide correctness issues
  • Hypothetical edge cases without realistic trigger paths

Repo-Specific Rules

Repo-Specific Rules

  • Add project rules here (framework constraints, architecture boundaries, test expectations)
  • Add project rules here (framework constraints, architecture boundaries, test expectations)

Required Review Output

Required Review Output

  • Severity: critical | high | medium | low
  • File and line reference for every issue
  • Why this is a bug/risk in this repository
  • Concrete fix suggestion
undefined
  • Severity: critical | high | medium | low
  • File and line reference for every issue
  • Why this is a bug/risk in this repository
  • Concrete fix suggestion
undefined

checklist.md template

checklist.md 模板

markdown
undefined
markdown
undefined

Review Checklist

Review Checklist

Correctness

Correctness

  • Logic matches intended behavior and existing contracts
  • Error handling is explicit and testable
  • Logic matches intended behavior and existing contracts
  • Error handling is explicit and testable

Security

Security

  • No new injection/authz/secrets/PII exposure paths
  • No new injection/authz/secrets/PII exposure paths

Data and Migrations

Data and Migrations

  • Schema changes include compatibility and rollback notes
  • Schema changes include compatibility and rollback notes

Performance

Performance

  • No obvious unbounded hot-path regressions
  • No obvious unbounded hot-path regressions

Operations

Operations

  • Logging/metrics/alerts are sufficient for new risk areas
  • Logging/metrics/alerts are sufficient for new risk areas

Testing

Testing

  • Critical paths have adequate coverage for changed behavior
undefined
  • Critical paths have adequate coverage for changed behavior
undefined

severity.yml template

severity.yml 模板

yaml
severity:
  critical:
    - remote code execution
    - auth bypass
    - irreversible data loss
  high:
    - privilege escalation
    - data corruption risk
    - breaking migration without rollback
  medium:
    - reliability regression on common paths
    - significant performance regression
  low:
    - minor maintainability risk
    - non-blocking robustness gaps
rules:
  require_file_line_reference: true
  require_concrete_fix: true
  deduplicate_findings: true
yaml
severity:
  critical:
    - remote code execution
    - auth bypass
    - irreversible data loss
  high:
    - privilege escalation
    - data corruption risk
    - breaking migration without rollback
  medium:
    - reliability regression on common paths
    - significant performance regression
  low:
    - minor maintainability risk
    - non-blocking robustness gaps
rules:
  require_file_line_reference: true
  require_concrete_fix: true
  deduplicate_findings: true

Notes

注意事项

  • Keep rules concise and specific to this repository.
  • Prefer concrete examples over abstract policy language.
  • 保持规则简洁且贴合本仓库的实际情况。
  • 优先使用具体示例,而非抽象的策略性语言。