code-reviewer
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCode Reviewer Skill
Code Reviewer Skill
Purpose
用途
This skill provides comprehensive code review guidance covering quality, security, performance, and style. It helps identify issues, suggest improvements, and ensure code meets project standards before committing.
该Skill提供涵盖质量、安全性、性能和编码风格的全面代码评审指导。它有助于在提交代码前识别问题、提出改进建议,并确保代码符合项目标准。
Activation
激活方式
On-demand via command:
/review-code <file-path>Example:
bash
/review-code src/tools/example/core.py通过命令按需调用:
/review-code <file-path>示例:
bash
/review-code src/tools/example/core.pyWhen to Use
使用场景
- Self-review before committing
- Refactoring existing code
- Security concerns arise
- Performance optimization needed
- Ensuring style guide compliance
- Code quality improvement
- Pre-pull request review
- 提交前的自我评审
- 现有代码重构
- 存在安全顾虑时
- 需要性能优化时
- 确保符合编码风格指南
- 提升代码质量
- 拉取请求前的评审
Resources
相关资源
review-checklist.md
review-checklist.md
Comprehensive code review checklist covering:
- Code Quality: File organization, naming, type hints, docstrings, error handling
- Testing: Coverage, quality, edge cases
- Performance: Algorithm efficiency, memory usage, I/O optimization
- Security: Input validation, authentication, authorization, data protection
- Style: PEP 8 compliance, import organization, formatting
全面的代码评审清单,涵盖:
- 代码质量:文件组织、命名规范、类型提示、文档字符串、错误处理
- 测试:测试覆盖率、测试质量、边缘场景
- 性能:算法效率、内存使用、I/O优化
- 安全性:输入验证、身份认证、授权、数据保护
- 风格:PEP 8合规性、导入组织、代码格式化
security-patterns.md
security-patterns.md
Security best practices including:
- OWASP Top 10: Injection, authentication, XSS, etc.
- Python-Specific Security: eval() usage, pickle security, SQL injection
- Best Practices: Input validation patterns, secure authentication, data protection
安全最佳实践,包括:
- OWASP Top 10:注入攻击、身份认证、XSS等
- Python专属安全:eval()使用、pickle安全性、SQL注入
- 最佳实践:输入验证模式、安全身份认证、数据保护
Provides
提供的评审内容
Code Quality Feedback
代码质量反馈
- File size enforcement (500-line limit)
- Single responsibility principle adherence
- Type hint completeness
- Docstring quality (Google-style)
- Error handling patterns
- Naming convention compliance
- 文件大小限制(最多500行)
- 单一职责原则遵循情况
- 类型提示完整性
- 文档字符串质量(Google风格)
- 错误处理模式
- 命名规范合规性
Security Vulnerability Detection
安全漏洞检测
- Input validation issues
- SQL injection vulnerabilities
- XSS vulnerabilities
- Authentication/authorization flaws
- Sensitive data exposure
- Insecure dependencies
- 输入验证问题
- SQL注入漏洞
- XSS漏洞
- 身份认证/授权缺陷
- 敏感数据泄露
- 不安全依赖
Performance Optimization Suggestions
性能优化建议
- Algorithm efficiency improvements
- Memory usage optimization
- I/O operation optimization
- Caching opportunities
- Database query optimization
- 算法效率提升
- 内存使用优化
- I/O操作优化
- 缓存机会识别
- 数据库查询优化
Refactoring Recommendations
重构建议
- Code duplication removal
- Complexity reduction
- Design pattern applications
- Dependency injection improvements
- Interface clarity
- 移除代码重复
- 降低代码复杂度
- 设计模式应用
- 依赖注入改进
- 接口清晰度提升
Style Guide Compliance Checks
编码风格指南合规检查
- PEP 8 for Python
- Import organization
- Code formatting
- Comment quality
- Documentation completeness
- Python的PEP 8规范
- 导入组织
- 代码格式化
- 注释质量
- 文档完整性
Usage Examples
使用示例
Example 1: Review Python Module
示例1:评审Python模块
bash
/review-code src/tools/doc_fetcher/core.pyProvides feedback on:
- Function complexity and size
- Type hints and docstrings
- Error handling
- Security concerns (if any)
- Performance bottlenecks
- Style violations
bash
/review-code src/tools/doc_fetcher/core.py提供以下方面的反馈:
- 函数复杂度与大小
- 类型提示与文档字符串
- 错误处理
- 安全问题(如有)
- 性能瓶颈
- 风格违规
Example 2: Security-Focused Review
示例2:聚焦安全的评审
bash
/review-code src/api/authentication.pyFocuses on:
- Authentication patterns
- Password handling
- Session management
- Input validation
- Authorization checks
- Token security
bash
/review-code src/api/authentication.py重点关注:
- 身份认证模式
- 密码处理
- 会话管理
- 输入验证
- 授权检查
- Token安全性
Example 3: Performance Review
示例3:性能评审
bash
/review-code src/processors/data_processor.pyAnalyzes:
- Algorithm complexity
- Memory allocation
- I/O operations
- Caching strategy
- Database queries
- Batch processing opportunities
bash
/review-code src/processors/data_processor.py分析内容:
- 算法复杂度
- 内存分配
- I/O操作
- 缓存策略
- 数据库查询
- 批量处理机会
Review Categories
评审分类
1. Code Quality (⭐⭐⭐⭐⭐ Essential)
1. 代码质量(⭐⭐⭐⭐⭐ 核心)
File Organization
文件组织
- ✓ File size ≤ 500 lines
- ✓ Logical module structure
- ✓ Clear separation of concerns
- ✓ Appropriate file naming
- ✓ 文件大小 ≤ 500行
- ✓ 逻辑模块结构
- ✓ 关注点清晰分离
- ✓ 合适的文件命名
Naming Conventions
命名规范
- ✓ Descriptive variable names
- ✓ Clear function names (verb_noun pattern)
- ✓ Class names (PascalCase)
- ✓ Constants (UPPER_CASE)
- ✓ Private members (_prefix)
- ✓ 描述性变量名
- ✓ 清晰的函数名(动词_名词格式)
- ✓ 类名(PascalCase)
- ✓ 常量(UPPER_CASE)
- ✓ 私有成员(_前缀)
Type Hints
类型提示
- ✓ All function parameters typed
- ✓ All return types specified
- ✓ Complex types properly annotated
- ✓ Optional types used correctly
- ✓ 所有函数参数都有类型标注
- ✓ 所有返回类型都已指定
- ✓ 复杂类型正确标注
- ✓ 可选类型使用正确
Docstrings
文档字符串
- ✓ Google-style format
- ✓ Clear description
- ✓ Args documented
- ✓ Returns documented
- ✓ Raises documented
- ✓ Google风格格式
- ✓ 清晰的描述
- ✓ 参数已文档化
- ✓ 返回值已文档化
- ✓ 抛出异常已文档化
Error Handling
错误处理
- ✓ Appropriate exception types
- ✓ Error messages clear
- ✓ No bare except clauses
- ✓ Cleanup in finally blocks
- ✓ 合适的异常类型
- ✓ 错误消息清晰
- ✓ 无裸except语句
- ✓ 在finally块中进行清理
2. Testing (⭐⭐⭐⭐ Important)
2. 测试(⭐⭐⭐⭐ 重要)
Test Coverage
测试覆盖率
- ✓ 80%+ code coverage
- ✓ All public functions tested
- ✓ Edge cases covered
- ✓ Error paths tested
- ✓ 代码覆盖率≥80%
- ✓ 所有公共函数都已测试
- ✓ 覆盖边缘场景
- ✓ 错误路径已测试
Test Quality
测试质量
- ✓ Clear test names
- ✓ Arrange-Act-Assert pattern
- ✓ Independent tests
- ✓ Appropriate fixtures
- ✓ 清晰的测试名称
- ✓ 遵循Arrange-Act-Assert模式
- ✓ 测试独立
- ✓ 使用合适的fixtures
3. Performance (⭐⭐⭐ Moderate)
3. 性能(⭐⭐⭐ 中等)
Efficiency
效率
- ✓ Optimal algorithm complexity
- ✓ No unnecessary loops
- ✓ Efficient data structures
- ✓ Batch operations where possible
- ✓ 最优算法复杂度
- ✓ 无不必要的循环
- ✓ 高效的数据结构
- ✓ 尽可能使用批量操作
Resource Usage
资源使用
- ✓ Memory-efficient
- ✓ File handles closed
- ✓ Database connections managed
- ✓ No resource leaks
- ✓ 内存高效
- ✓ 文件句柄已关闭
- ✓ 数据库连接已管理
- ✓ 无资源泄漏
Optimization
优化
- ✓ Caching implemented
- ✓ Lazy loading used
- ✓ Async for I/O operations
- ✓ Query optimization
- ✓ 已实现缓存
- ✓ 使用延迟加载
- ✓ I/O操作使用异步
- ✓ 查询优化
4. Security (⭐⭐⭐⭐⭐ Critical)
4. 安全性(⭐⭐⭐⭐⭐ 关键)
Input Validation
输入验证
- ✓ All inputs validated
- ✓ Type checking
- ✓ Range checking
- ✓ Sanitization
- ✓ 所有输入都已验证
- ✓ 类型检查
- ✓ 范围检查
- ✓ 数据清理
Authentication & Authorization
身份认证与授权
- ✓ Strong authentication
- ✓ Proper authorization
- ✓ Session management
- ✓ Token validation
- ✓ 强身份认证
- ✓ 适当的授权
- ✓ 会话管理
- ✓ Token验证
Data Protection
数据保护
- ✓ No secrets in code
- ✓ Sensitive data encrypted
- ✓ SQL parameterized
- ✓ Output encoding
- ✓ 代码中无密钥
- ✓ 敏感数据已加密
- ✓ SQL使用参数化查询
- ✓ 输出编码
OWASP Top 10
OWASP Top 10
- ✓ Injection prevention
- ✓ Broken auth prevention
- ✓ XSS prevention
- ✓ Access control
- ✓ Security misconfiguration
- ✓ 防止注入攻击
- ✓ 防止身份认证失效
- ✓ 防止XSS攻击
- ✓ 访问控制
- ✓ 安全配置错误防护
5. Style (⭐⭐⭐ Moderate)
5. 风格(⭐⭐⭐ 中等)
PEP 8 Compliance
PEP 8合规性
- ✓ Line length ≤ 88 characters
- ✓ Indentation (4 spaces)
- ✓ Blank line usage
- ✓ Whitespace around operators
- ✓ 行长度 ≤ 88字符
- ✓ 缩进(4个空格)
- ✓ 空行使用
- ✓ 运算符周围的空格
Import Organization
导入组织
- ✓ Grouped (stdlib, third-party, local)
- ✓ Alphabetically sorted
- ✓ No unused imports
- ✓ Absolute imports preferred
- ✓ 分组(标准库、第三方库、本地库)
- ✓ 按字母顺序排序
- ✓ 无未使用的导入
- ✓ 优先使用绝对导入
Code Formatting
代码格式化
- ✓ Black-formatted
- ✓ Consistent style
- ✓ Readable layout
- ✓ Appropriate comments
- ✓ 使用Black格式化
- ✓ 风格一致
- ✓ 布局易读
- ✓ 注释适当
Review Output Format
评审输出格式
markdown
undefinedmarkdown
undefinedCode Review: <file-path>
Code Review: <file-path>
Summary
摘要
[Brief overview of file purpose and key findings]
[文件用途概述及关键发现]
Quality Score: X/10
质量评分: X/10
[Overall quality score with justification]
[总体质量评分及理由]
Critical Issues (Must Fix)
关键问题(必须修复)
- [Issue 1 with location and recommendation]
- [Issue 2 with location and recommendation]
- [问题1及位置和建议]
- [问题2及位置和建议]
Important Issues (Should Fix)
重要问题(应该修复)
- [Issue 1 with location and recommendation]
- [Issue 2 with location and recommendation]
- [问题1及位置和建议]
- [问题2及位置和建议]
Suggestions (Consider)
建议(考虑采纳)
- [Suggestion 1 with rationale]
- [Suggestion 2 with rationale]
- [建议1及理由]
- [建议2及理由]
Strengths
优点
- [Positive aspect 1]
- [Positive aspect 2]
- [积极方面1]
- [积极方面2]
Detailed Analysis
详细分析
Code Quality
代码质量
[Detailed quality assessment]
[详细质量评估]
Security
安全性
[Security assessment and concerns]
[安全评估及顾虑]
Performance
性能
[Performance analysis]
[性能分析]
Testing
测试
[Test coverage and quality]
[测试覆盖率及质量]
Style
风格
[Style guide compliance]
[风格指南合规性]
Recommendations
建议措施
- [Priority 1 recommendation]
- [Priority 2 recommendation]
- [Priority 3 recommendation]
- [优先级1建议]
- [优先级2建议]
- [优先级3建议]
Next Steps
后续步骤
[Suggested actions for improvement]
undefined[改进建议的行动方案]
undefinedBest Practices
最佳实践
Constructive Feedback
建设性反馈
- Focus on code, not person
- Explain "why" behind suggestions
- Provide specific examples
- Offer alternative solutions
- Acknowledge good practices
- 聚焦代码,而非个人
- 解释建议背后的“原因”
- 提供具体示例
- 提供替代解决方案
- 认可良好实践
Priority Levels
优先级等级
- Critical: Security vulnerabilities, bugs, data loss
- Important: Poor performance, missing tests, unclear code
- Suggestions: Style improvements, refactoring opportunities
- 关键:安全漏洞、bug、数据丢失
- 重要:性能不佳、测试缺失、代码不清晰
- 建议:风格改进、重构机会
Context Awareness
上下文感知
- Consider project stage (prototype vs. production)
- Respect project conventions
- Balance perfection with pragmatism
- Focus on impactful improvements
- 考虑项目阶段(原型 vs 生产环境)
- 尊重项目约定
- 在完美主义和实用主义之间取得平衡
- 聚焦有影响力的改进
Common Issues to Check
常见问题检查清单
Python-Specific
Python专属问题
- Using eval() or exec() unsafely
- Mutable default arguments
- Catching Exception too broadly
- Not using context managers for resources
- String concatenation in loops
- Missing init.py in packages
- Incorrect use of class variables
- Not using generators for large datasets
- 不安全地使用eval()或exec()
- 可变默认参数
- 过宽地捕获Exception
- 未使用上下文管理器管理资源
- 循环中进行字符串拼接
- 包中缺少__init__.py
- 类变量使用错误
- 未对大数据集使用生成器
General Issues
通用问题
- Magic numbers (use constants)
- Deeply nested code (>3 levels)
- Long functions (>50 lines)
- Duplicate code
- Unclear variable names
- Missing error handling
- No input validation
- Hard-coded credentials
- 魔法数字(应使用常量)
- 深层嵌套代码(>3层)
- 长函数(>50行)
- 重复代码
- 变量名不清晰
- 缺少错误处理
- 无输入验证
- 硬编码凭证
Integration with Development Workflow
与开发工作流的集成
Pre-Commit Review
提交前评审
Use this skill before committing:
bash
/review-code <file-you-modified>提交前使用该技能:
bash
/review-code <file-you-modified>Pre-Pull Request Review
拉取请求前评审
Review all changed files:
bash
git diff --name-only main | xargs -I {} /review-code {}评审所有变更文件:
bash
git diff --name-only main | xargs -I {} /review-code {}Refactoring Review
重构后评审
After refactoring, verify improvements:
bash
/review-code <refactored-file>重构完成后,验证改进效果:
bash
/review-code <refactored-file>Notes
注意事项
- Guidance Only: This skill provides review feedback and guidance. It does not automatically fix issues.
- Comprehensive: Reviews cover multiple dimensions (quality, security, performance, style).
- Actionable: Feedback includes specific recommendations and examples.
- Project-Aware: Considers project-specific standards and conventions.
- 仅作指导:该Skill提供评审反馈和指导,不会自动修复问题。
- 全面覆盖:评审涵盖多个维度(质量、安全性、性能、风格)。
- 可落地:反馈包含具体建议和示例。
- 适配项目:考虑项目特定的标准和约定。
Used When
使用时机
- Before committing changes
- During code refactoring
- When security review is needed
- For performance optimization
- To ensure style compliance
- Pre-pull request submission
- Learning best practices
- Mentoring code quality
- 提交变更前
- 代码重构期间
- 需要安全评审时
- 进行性能优化时
- 确保风格合规时
- 拉取请求提交前
- 学习最佳实践时
- 指导提升代码质量时