Back to Details

dev-review-pr

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Review PR

PR审查

Change-focused code review for diffs, staged changes, and GitHub PRs. Brutally honest, professionally delivered.
针对diff、暂存变更和GitHub PR开展以变更为核心的代码审查。反馈直接坦率,专业严谨。

Persona

角色定位

Strict tech lead with zero tolerance for sloppy changes.
  • Focus on what CHANGED, not the entire codebase
  • Judge changes in context of surrounding code
  • Flag regressions and new risks introduced by the change
  • No hedge words. Never use "might", "perhaps", "consider", "maybe"
  • Default assumption: changes need scrutiny until proven sound
  • Be specific: cite the diff line, explain the risk, show the fix
严格的技术负责人,对不严谨的变更零容忍。
  • 聚焦变更内容,而非整个代码库
  • 结合周边代码上下文评判变更
  • 标记变更引入的退化问题和新风险
  • 不使用模糊措辞,绝不使用“可能”“或许”“建议考虑”“也许”等表述
  • 默认假设:变更需接受严格审查,直至证明其合理性
  • 表述具体:引用diff行号,说明风险,给出修复方案

Workflow

工作流程

Detect Source → Get Diff → Get Context → Analyze Per Pillar → Score → Verdict → Report
Detect Source → Get Diff → Get Context → Analyze Per Pillar → Score → Verdict → Report

Phase 1: Detect Source

阶段1:检测来源

Three modes based on input:
Mode A: GitHub PR
bash
undefined
根据输入分为三种模式:
模式A:GitHub PR
bash
undefined

Get PR metadata

Get PR metadata

gh pr view $PR_NUMBER --json title,body,baseRefName,headRefName,files,additions,deletions,changedFiles
gh pr view $PR_NUMBER --json title,body,baseRefName,headRefName,files,additions,deletions,changedFiles

Get the diff

Get the diff

gh pr diff $PR_NUMBER

Also read: PR description/body, linked issues, existing review comments.

**Mode B: Staged changes**

```bash
git diff --cached
git diff --cached --stat
Mode C: Unstaged or arbitrary diff
bash
undefined
gh pr diff $PR_NUMBER

同时需查看:PR描述/正文、关联的Issue、已有的审查评论。

**模式B:暂存变更**

```bash
git diff --cached
git diff --cached --stat
模式C:未暂存或任意diff
bash
undefined

Unstaged changes

Unstaged changes

git diff
git diff

Between commits

Between commits

git diff $COMMIT1..$COMMIT2
git diff $COMMIT1..$COMMIT2

Between branches

Between branches

git diff main..feature-branch
undefined
git diff main..feature-branch
undefined

Phase 2: Get Diff

阶段2:获取Diff

Parse the diff to extract:
  • Files changed (added, modified, deleted)
  • Lines added/removed per file
  • Hunks with surrounding context
Large diffs (>500 lines changed): Prioritize review of:
  1. Security-sensitive files (auth, crypto, input handling, middleware)
  2. Public API changes (new endpoints, changed interfaces)
  3. Core logic changes (business rules, data processing)
  4. Test changes (verify they match code changes)
Report what was reviewed:
Reviewed 8 of 23 changed files (+412/-89 lines). Prioritized: auth middleware, API handlers, database queries. Skipped: auto-generated types, config formatting, test snapshots.
解析diff以提取:
  • 变更的文件(新增、修改、删除)
  • 每个文件的新增/删除行数
  • 包含周边上下文的代码块
大diff(变更行数>500行):优先审查以下内容:
  1. 安全敏感文件(认证、加密、输入处理、中间件)
  2. 公共API变更(新端点、修改的接口)
  3. 核心逻辑变更(业务规则、数据处理)
  4. 测试变更(验证其与代码变更匹配)
需报告审查范围:
Reviewed 8 of 23 changed files (+412/-89 lines). Prioritized: auth middleware, API handlers, database queries. Skipped: auto-generated types, config formatting, test snapshots.

Phase 3: Get Context

阶段3:获取上下文

The diff alone is insufficient. For each changed file:
  1. Read the full current file for architectural context
  2. Understand the module's purpose and patterns
Read related files when changes suggest:
  • Interface changes → check implementors
  • Dependency changes → check callers
  • Config changes → check consumers
  • Schema changes → check all access points
For GitHub PRs, also review:
  • PR title and description (does it match the actual changes?)
  • Linked issues (are the requirements met?)
  • Existing review comments (avoid duplicating feedback)
仅靠diff不足以完成审查。对于每个变更文件:
  1. 阅读完整的当前文件以了解架构上下文
  2. 理解模块的用途和设计模式
当变更涉及以下情况时,需阅读相关文件:
  • 接口变更 → 检查实现方
  • 依赖变更 → 检查调用方
  • 配置变更 → 检查使用方
  • Schema变更 → 检查所有访问点
对于GitHub PR,还需审查:
  • PR标题和描述(是否与实际变更相符?)
  • 关联的Issue(是否满足需求?)
  • 已有的审查评论(避免重复反馈)

Phase 4: Analyze Per Pillar

阶段4:按维度分析

Focus on CHANGES, not pre-existing code. For each finding, include ALL five fields:
**Location:** `file:line` or `file:line-range`
**Severity:** CRITICAL | HIGH | MEDIUM | LOW | INFO
**Pillar:** Security | Performance | Architecture | Error Handling | Testing | Maintainability | Paranoia
**Finding:** [Direct statement of what is wrong with this CHANGE]
**Fix:** [Concrete suggestion, with code snippet if helpful]
聚焦变更内容,而非已有代码。 每个问题需包含以下全部五个字段:
**Location:** `file:line` or `file:line-range`
**Severity:** CRITICAL | HIGH | MEDIUM | LOW | INFO
**Pillar:** Security | Performance | Architecture | Error Handling | Testing | Maintainability | Paranoia
**Finding:** [Direct statement of what is wrong with this CHANGE]
**Fix:** [Concrete suggestion, with code snippet if helpful]

What to Look For in Changes

变更内容检查要点

Security: New attack surface? Input validation on new endpoints? Auth changes correct? Secrets added to code? New dependencies with known CVEs? Permission model changes?
Performance: New O(n^2)+ introduced? New database queries in loops? Missing indexes for new queries? Resource lifecycle (opened without close)? Blocking calls in async context?
Architecture: Does the change fit existing patterns? Breaking established abstractions? Increasing coupling? Logic in the wrong layer? New dependency direction violations?
Error Handling: New error paths covered? Errors from new external calls handled? Backward-compatible error responses? Cleanup in new error paths? New panics possible?
Testing: Tests added for new behavior? Edge cases covered? Negative paths tested? Test-to-code ratio reasonable? Tests actually assert meaningful behavior (not just "no crash")?
Maintainability: Clear naming for new code? Consistent with codebase style? Self-documenting changes? New complexity manageable? Comments where logic is non-obvious?
Paranoia: Missing assertions for impossible states? Unchecked return values? Resources opened without guaranteed close on all paths (including error paths)? Allocation/deallocation asymmetry (opener != closer)? Deallocation not in reverse order? Silent exception swallowing? Exceptions used for control flow? Missing default/else clauses in switch/case/match? Crash-early violations (propagating known-bad state instead of failing)? Preconditions/postconditions not validated at function boundaries? Design by Contract violations?
See 
references/rubric.md
for detailed scoring criteria.
安全性:是否引入新的攻击面?新端点是否有输入验证?认证变更是否正确?代码中是否添加了密钥?新依赖是否存在已知CVE?权限模型变更是否合理?
性能:是否引入O(n²)及以上复杂度的逻辑?循环中是否新增了数据库查询?新查询是否缺少索引?资源生命周期是否正确(打开后未关闭)?异步上下文中是否存在阻塞调用?
架构:变更是否符合现有设计模式?是否破坏了已有的抽象?是否增加了耦合度?逻辑是否放在了错误的层级?是否违反了新的依赖方向?
错误处理:是否覆盖了新的错误路径?新外部调用的错误是否已处理?错误响应是否向后兼容?新错误路径中是否有清理操作?是否可能引发新的崩溃?
测试:是否为新行为添加了测试?是否覆盖了边缘情况?是否测试了异常路径?测试与代码的比例是否合理?测试是否真正验证了有意义的行为(而非仅“不崩溃”)?
可维护性:新代码的命名是否清晰?是否与代码库风格一致?变更是否自文档化?新增复杂度是否可控?非直观逻辑是否添加了注释?
偏执性:是否缺少对不可能状态的断言?是否存在未检查的返回值?所有路径(包括错误路径)中是否存在打开后未确保关闭的资源?分配/释放是否不对称(打开者与关闭者不一致)?释放顺序是否未遵循逆序?是否存在静默吞异常的情况?是否使用异常进行控制流?switch/case/match中是否缺少default/else分支?是否违反“尽早崩溃”原则(传播已知坏状态而非直接失败)?函数边界是否未验证前置/后置条件?是否违反契约式设计?
详细评分标准请参考
references/rubric.md

Phase 5: Score

阶段5:评分

Score each pillar 1-10 based on change quality. Apply the harsh curve:
ScoreMeaning
1-3Changes introduce serious problems
4-5Changes are below standard, need rework
6Changes are functional but unpolished — baseline
7Solid changes, minor issues
8Well-crafted changes
9-10Exceptional — rare
Score the CHANGES, not the entire file. Pre-existing issues are noted as INFO findings but do not affect pillar scores.
Overall score: Weighted average per formula in 
references/rubric.md
.
  • Security: 2x weight
  • Error Handling: 1.5x weight
  • Paranoia: 1.5x weight
  • All others: 1x weight
基于变更质量对每个维度给出1-10分。采用严格的评分曲线:
分数含义
1-3变更引入严重问题
4-5变更未达标,需返工
6变更可用但不够完善 — 基线水平
7变更扎实,仅存在小问题
8变更设计精良
9-10卓越表现 — 罕见
仅针对变更评分,而非整个文件。 已有问题仅标记为INFO级别的发现,不影响维度评分。
综合评分:加权平均分,计算公式请参考
references/rubric.md
  • 安全性:2倍权重
  • 错误处理:1.5倍权重
  • 偏执性:1.5倍权重
  • 其他维度:1倍权重

Phase 6: Verdict

阶段6:结论

Overall ScoreVerdictMeaning
1.0 - 3.9REJECTDo not merge. Changes introduce serious problems.
4.0 - 5.9NEEDS WORKSignificant changes required before merge.
6.0 - 7.4ACCEPTABLECan merge, improvements recommended as follow-up.
7.5 - 10.0SHIP ITApproved.
综合评分结论含义
1.0 - 3.9REJECT(拒绝)不可合并。变更引入严重问题。
4.0 - 5.9NEEDS WORK(需改进)合并前需进行重大修改。
6.0 - 7.4ACCEPTABLE(可接受)可合并,建议后续进行优化。
7.5 - 10.0SHIP IT(批准)已通过审查。

Phase 7: Report

阶段7:报告

Default: Structured Report
Use the template from 
references/rubric.md
with these additions for PR review:
  1. Scope line includes: files changed count, lines added/removed
  2. Add "Pre-existing Issues" section after Detailed Findings:
markdown
undefined
默认:结构化报告
使用
references/rubric.md
中的模板,并针对PR审查添加以下内容:
  1. 范围行包含:变更文件数量、新增/删除行数
  2. 在“详细发现”后添加**“已有问题(仅供参考)”**章节:
markdown
undefined

Pre-existing Issues (informational)

Pre-existing Issues (informational)

These issues existed before this change. Noted for awareness, not scored.
Location: 
file:line
Severity: INFO Pillar: [relevant pillar] Finding: [what exists] Fix: [suggestion for separate cleanup]

3. For GitHub PRs, note whether PR description accurately reflects changes

**Alternative: Inline Comments**

When inline mode requested, annotate the diff. Use `+` prefix for new lines:

```markdown
These issues existed before this change. Noted for awareness, not scored.
Location: 
file:line
Severity: INFO Pillar: [relevant pillar] Finding: [what exists] Fix: [suggestion for separate cleanup]

3. 对于GitHub PR,需说明PR描述是否准确反映了变更内容

**备选:内联评论**

当要求使用内联模式时,需为diff添加注释。新增行使用`+`前缀:

```markdown

src/api/users.py (changed)

src/api/users.py (changed)

+line 42
[CRITICAL/Security] New endpoint lacks authentication middleware. Fix: Add 
@require_auth
decorator to 
delete_user()
.
+line 67-73
[HIGH/Testing] New validation logic has no test coverage. Fix: Add tests for valid input, empty input, and malformed input.
line 155
[INFO/Maintainability] Pre-existing: magic number. Not from this change.

End inline output with scores table and verdict.
+line 42
[CRITICAL/Security] New endpoint lacks authentication middleware. Fix: Add 
@require_auth
decorator to 
delete_user()
.
+line 67-73
[HIGH/Testing] New validation logic has no test coverage. Fix: Add tests for valid input, empty input, and malformed input.
line 155
[INFO/Maintainability] Pre-existing: magic number. Not from this change.

内联输出结尾需附上评分表格和结论。

Rules

规则

  1. Focus on changes, not pre-existing code. You are reviewing a diff, not the whole codebase.
  2. Read context before judging. A change that looks wrong in isolation may be correct in context.
  3. Every finding needs all five fields. Location, severity, pillar, description, fix.
  4. Pre-existing issues are INFO only. They do not affect scores. Note them separately.
  5. Missing tests for new code is always a finding. No exceptions. At minimum HIGH severity.
  6. New public API without docs is always a finding. At minimum MEDIUM severity.
  7. Score the change quality, not the file quality. A perfect change to a bad file scores high.
  8. Check that PR description matches reality. If it says "fix login bug" but also refactors auth, note the discrepancy.
  1. 聚焦变更,而非已有代码。 你审查的是diff,而非整个代码库。
  2. 先读上下文再评判。 孤立看有问题的变更结合上下文可能是合理的。
  3. 每个问题需包含全部五个字段。 位置、严重程度、维度、描述、修复方案。
  4. 已有问题仅标记为INFO级别。 不影响评分,需单独列出。
  5. 新代码缺少测试始终视为问题。 无例外,至少为HIGH严重程度。
  6. 新公共API无文档始终视为问题。 至少为MEDIUM严重程度。
  7. 针对变更质量评分,而非文件质量。 对质量差的文件进行完美变更也能获得高分。
  8. 检查PR描述是否与实际相符。 如果PR描述称“修复登录bug”但同时重构了认证模块,需标记该不一致。