Back to Details

code-quality-auditor

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Quality Auditor Skill (代码质量审计技能)

Code Quality Auditor Skill

核心职责 (Responsibilities)

Core Responsibilities (Responsibilities)

1. 自动化质量验证 (Automation)

1. Automated Quality Verification (Automation)

  • 静态检查: 执行 
    pnpm lint
    检查代码风格。
  • 类型闭环: 执行 
    pnpm typecheck
    确保无 
    any
    和类型断裂。
  • 样式校验: 执行 
    pnpm lint:css
    确保 BEM 规范。
  • Static Check: Execute 
    pnpm lint
    to check code style.
  • Type Closure: Execute 
    pnpm typecheck
    to ensure no 
    any
    and type breaks.
  • Style Validation: Execute 
    pnpm lint:css
    to ensure compliance with BEM specifications.

2. 安全审计 (Security) 🛡️

2. Security Auditing (Security) 🛡️

  • 漏洞扫描: 检查 SQL 注入、XSS、CSRF 和未授权访问风险。
  • 密钥检查: 严禁代码中出现硬编码的 API Key、Token 或密钥。
  • 鉴权逻辑: 检查是否正确使用了 
    isAdmin()
    等权限校验函数。
  • Vulnerability Scanning: Check for risks such as SQL injection, XSS, CSRF, and unauthorized access.
  • Secret Check: Strictly prohibit hard-coded API Keys, Tokens, or secrets in code.
  • Authentication Logic: Check whether permission verification functions like 
    isAdmin()
    are used correctly.

3. 规范对齐 (Standards)

3. Standard Alignment (Standards)

  • 命名规范: 检查文件 kebab-case、国际化 snake_case 等命名。
  • i18n: 检查 UI 文本是否全部被 
    $t()
    包裹。
  • 代码味道: 识别过长函数、死代码和重复逻辑。
  • Naming Conventions: Check naming conventions such as kebab-case for files, snake_case for internationalization, etc.
  • i18n: Check whether all UI texts are wrapped with 
    $t()
    .
  • Code Smells: Identify overly long functions, dead code, and duplicate logic.

指令 (Instructions)

Instructions

  1. 阻塞式交付: 如果 
    lint
    typecheck
    失败,必须标记为“阻塞”,禁止进入提交环节。
  2. 分级反馈: 提供 
    Blocker
    (死档问题), 
    Warning
    (风格问题), 
    Suggest
    (重构建议)。
  3. 零容忍 any: 在 TypeScript 开发中,严禁无故使用 
    any
  1. Blocking Delivery: If 
    lint
    or 
    typecheck
    fails, it must be marked as "Blocked", and submission is prohibited.
  2. Graded Feedback: Provide 
    Blocker
    (showstopper issues), 
    Warning
    (style issues), 
    Suggest
    (refactoring suggestions).
  3. Zero Tolerance for any: In TypeScript development, the use of 
    any
    without valid reasons is strictly prohibited.

使用示例 (Usage Example)

Usage Example

动作: 运行 
pnpm lint && pnpm typecheck
,解析所有警告并在代码修改中一次性修复。
Action: Run 
pnpm lint && pnpm typecheck
, parse all warnings and fix them all at once during code modification.