tasks-code-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseSkill Variant: Use this skill for autonomous, comprehensive code reviews with structured checklists. For interactive code review discussions with user feedback, useinstead.code-review
技能变体: 本技能用于基于结构化检查清单开展自治的全方面代码评审。若需要用户反馈参与的交互式代码评审讨论,请使用技能。code-review
Code Review Workflow
代码评审工作流
Summary
摘要
Goal: Perform autonomous, comprehensive code reviews with structured checklists covering architecture, patterns, quality, security, and performance.
| Step | Action | Key Notes |
|---|---|---|
| 1 | Understand context | Read changed files, identify scope and intent |
| 2 | Architecture compliance | Clean Architecture layers, repository patterns, service boundaries |
| 3 | Pattern adherence | CQRS, entity patterns, component hierarchy, platform base classes |
| 4 | Code quality | SRP, DRY, naming, abstractions |
| 5 | Security & performance | Authorization, injection, N+1, pagination, caching |
| 6 | Generate report | Findings with severity, file references, suggested fixes |
Key Principles:
- Autonomous variant — for interactive reviews with user feedback, use instead
code-review - Check all 5 review dimensions: architecture, patterns, quality, security, performance
- Every finding must reference specific file and line
目标: 基于覆盖架构、代码模式、质量、安全与性能的结构化检查清单,开展自治的全方面代码评审。
| 步骤 | 操作 | 关键说明 |
|---|---|---|
| 1 | 理解上下文 | 读取变更文件,明确评审范围与意图 |
| 2 | 架构合规性 | 符合Clean Architecture分层、仓库模式、服务边界要求 |
| 3 | 模式遵循度 | CQRS、实体模式、组件层级、平台基类使用规范 |
| 4 | 代码质量 | SRP、DRY原则、命名规范、抽象合理性 |
| 5 | 安全与性能 | 授权机制、注入漏洞、N+1查询问题、分页、缓存 |
| 6 | 生成报告 | 带严重等级的问题发现、文件引用、修复建议 |
核心原则:
- 自治变体——如需用户反馈的交互式评审,请使用技能
code-review - 覆盖全部5个评审维度:架构、模式、质量、安全、性能
- 每个问题发现必须关联具体文件和行号
When to Use This Skill
何时使用本技能
- Reviewing pull requests
- Analyzing code for refactoring
- Pre-commit code quality check
- Security and performance audit
- 评审拉取请求(PR)
- 待重构代码分析
- 代码提交前质量检查
- 安全与性能审计
Review Dimensions
评审维度
1. Architecture Compliance
1. 架构合规性
- Follows Clean Architecture layers
- Uses correct repository pattern
- No cross-service boundary violations
- Proper separation of concerns
- 遵循Clean Architecture分层要求
- 正确使用仓库模式
- 无跨服务边界违规情况
- 合理的关注点分离
2. Pattern Adherence
2. 模式遵循度
- CQRS patterns followed (Command/Query/Handler in ONE file)
- Entity patterns correct (expressions, computed properties)
- Frontend component hierarchy respected
- Platform base classes used correctly
- 符合CQRS模式要求(命令/查询/处理器放在同一个文件中)
- 实体模式正确(表达式、计算属性)
- 遵守前端组件层级规范
- 正确使用平台基类
3. Code Quality
3. 代码质量
- Single Responsibility Principle
- No code duplication
- Meaningful naming
- Appropriate abstractions
- 符合单一职责原则(SRP)
- 无代码重复
- 命名语义化
- 抽象层级合理
4. Security
4. 安全
- No SQL injection vulnerabilities
- Authorization checks present
- Sensitive data handling
- Input validation
- 无SQL注入漏洞
- 存在完善的授权检查
- 敏感数据处理合规
- 输入校验覆盖全面
5. Performance
5. 性能
- N+1 query prevention (eager loading)
- Proper paging for large datasets
- Parallel operations where applicable
- Caching considerations
- 预防N+1查询(使用预加载)
- 大数据集配置合理分页
- 合适场景下使用并行操作
- 考虑缓存策略适配
Review Process
评审流程
Step 1: Understand Context
步骤1:理解上下文
bash
undefinedbash
undefinedGet changed files
Get changed files
git diff --name-only main...HEAD
git diff --name-only main...HEAD
Get full diff
Get full diff
git diff main...HEAD
git diff main...HEAD
Check commit messages
Check commit messages
git log main...HEAD --oneline
undefinedgit log main...HEAD --oneline
undefinedStep 2: Categorize Changes
步骤2:变更归类
markdown
undefinedmarkdown
undefinedFiles Changed
Files Changed
Domain Layer
Domain Layer
- - New entity
Entity.cs
- - New entity
Entity.cs
Application Layer
Application Layer
- - New command
SaveEntityCommand.cs
- - New command
SaveEntityCommand.cs
Persistence Layer
Persistence Layer
- - EF configuration
EntityConfiguration.cs
- - EF configuration
EntityConfiguration.cs
Frontend
Frontend
- - List component
entity-list.component.ts
undefined- - List component
entity-list.component.ts
undefinedStep 3: Review Each Category
步骤3:分类评审
Backend Review Checklist
后端评审检查清单
markdown
undefinedmarkdown
undefinedEntity Review
Entity Review
- Inherits from correct base (RootEntity/RootAuditedEntity)
- Static expressions for queries
- Computed properties have empty
set { } - Navigation properties have
[JsonIgnore] - on tracked fields
[TrackFieldUpdatedDomainEvent]
- Inherits from correct base (RootEntity/RootAuditedEntity)
- Static expressions for queries
- Computed properties have empty
set { } - Navigation properties have
[JsonIgnore] - on tracked fields
[TrackFieldUpdatedDomainEvent]
Command/Query Review
Command/Query Review
- Command + Handler + Result in ONE file
- Uses service-specific repository
- Validation uses fluent API
- No side effects in command handler
- DTO mapping in DTO class, not handler
- Command + Handler + Result in ONE file
- Uses service-specific repository
- Validation uses fluent API
- No side effects in command handler
- DTO mapping in DTO class, not handler
Repository Usage Review
Repository Usage Review
- Uses for reusable queries
GetQueryBuilder - Uses for optional filters
WhereIf - Parallel tuple queries for count + data
- Proper eager loading
- Uses for reusable queries
GetQueryBuilder - Uses for optional filters
WhereIf - Parallel tuple queries for count + data
- Proper eager loading
Event Handler Review
Event Handler Review
- In folder
UseCaseEvents/ - Uses
PlatformCqrsEntityEventApplicationHandler<T> - is
HandleWhenpublic override async Task<bool> - Filters by appropriately
CrudAction
undefined- In folder
UseCaseEvents/ - Uses
PlatformCqrsEntityEventApplicationHandler<T> - is
HandleWhenpublic override async Task<bool> - Filters by appropriately
CrudAction
undefinedFrontend Review Checklist
前端评审检查清单
markdown
undefinedmarkdown
undefinedComponent Review
Component Review
- Correct base class for use case
- Store provided at component level
- Loading/error states handled
- on subscriptions
untilDestroyed() - Track-by in loops
@for
- Correct base class for use case
- Store provided at component level
- Loading/error states handled
- on subscriptions
untilDestroyed() - Track-by in loops
@for
Store Review
Store Review
- State interface defined
- provides defaults
vmConstructor - Effects use
observerLoadingErrorState - Immutable state updates
- State interface defined
- provides defaults
vmConstructor - Effects use
observerLoadingErrorState - Immutable state updates
Form Review
Form Review
- before submit
validateForm() - Async validators conditional
- Dependent validations configured
- Error messages for all rules
- before submit
validateForm() - Async validators conditional
- Dependent validations configured
- Error messages for all rules
API Service Review
API Service Review
- Extends
PlatformApiService - Typed responses
- Caching where appropriate
undefined- Extends
PlatformApiService - Typed responses
- Caching where appropriate
undefinedStep 4: Security Review
步骤4:安全评审
markdown
undefinedmarkdown
undefinedSecurity Checklist
Security Checklist
Authorization
Authorization
- on controllers
[PlatformAuthorize] - Role checks in handlers
- Data filtered by company/user context
- on controllers
[PlatformAuthorize] - Role checks in handlers
- Data filtered by company/user context
Input Validation
Input Validation
- All inputs validated
- No raw SQL strings
- File upload validation
- All inputs validated
- No raw SQL strings
- File upload validation
Sensitive Data
Sensitive Data
- No secrets in code
- Passwords hashed
- PII handled correctly
undefined- No secrets in code
- Passwords hashed
- PII handled correctly
undefinedStep 5: Performance Review
步骤5:性能评审
markdown
undefinedmarkdown
undefinedPerformance Checklist
Performance Checklist
Database
Database
- Indexes on filtered columns
- Eager loading for N+1 prevention
- Paging for large datasets
- Indexes on filtered columns
- Eager loading for N+1 prevention
- Paging for large datasets
API
API
- Response size reasonable
- Parallel operations used
- Caching for static data
- Response size reasonable
- Parallel operations used
- Caching for static data
Frontend
Frontend
- Lazy loading for routes
- Track-by for lists
- OnPush change detection
undefined- Lazy loading for routes
- Track-by for lists
- OnPush change detection
undefinedReview Report Template
评审报告模板
markdown
undefinedmarkdown
undefinedCode Review Report
Code Review Report
Summary
Summary
- PR/Changes: [Description]
- Reviewer: AI
- Date: [Date]
- PR/Changes: [Description]
- Reviewer: AI
- Date: [Date]
Overall Assessment
Overall Assessment
[APPROVED | APPROVED WITH COMMENTS | CHANGES REQUESTED]
[APPROVED | APPROVED WITH COMMENTS | CHANGES REQUESTED]
Issues Found
Issues Found
Critical (Must Fix)
Critical (Must Fix)
- [File:Line]: [Description]
- [File:Line]: [Description]
Major (Should Fix)
Major (Should Fix)
- [File:Line]: [Description]
- [File:Line]: [Description]
Minor (Consider Fixing)
Minor (Consider Fixing)
- [File:Line]: [Description]
- [File:Line]: [Description]
Recommendations
Recommendations
- [Recommendation 1]
- [Recommendation 2]
undefined- [Recommendation 1]
- [Recommendation 2]
undefinedVerification Checklist
验证检查清单
- All changed files reviewed
- Architecture compliance verified
- Platform patterns followed
- Security concerns addressed
- Performance considered
- Review report generated
- 所有变更文件均已完成评审
- 已验证架构合规性
- 符合平台模式规范
- 安全隐患已处理
- 性能优化已考量
- 已生成评审报告
Related
相关技能
code-reviewtasks-test-generation
IMPORTANT Task Planning Notes (MUST FOLLOW)
- Always plan and break work into many small todo tasks
- Always add a final review todo task to verify work quality and identify fixes/enhancements
code-reviewtasks-test-generation
重要任务规划说明(必须遵守)
- 始终将工作拆解为多个小型待办任务
- 始终添加最终评审待办任务,校验工作质量,识别需修复/优化的内容