Back to Details

ai-generated-business-code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

AI Business Code Review

AI业务代码评审

Overview

概述

Review AI-generated business/application code for correctness, robustness, maintainability, performance, and security. Output a 0-10 score, a risk level, and a must-fix checklist. For C++ code, REQUIRED: use 
openharmony-cpp
and 
openharmony-security-review
as hard constraints.
评审AI生成的业务/应用代码的正确性、健壮性、可维护性、性能和安全性。输出0-10分的评分、风险等级以及必须修复清单。对于C++代码,强制要求:将
openharmony-cpp
openharmony-security-review
作为硬性约束。

When to Use

适用场景

  • AI-generated business/app code review or quality evaluation
  • Need scoring, risk level, or must-fix checklist
  • C++ business code must meet OpenHarmony coding/security requirements
  • AI生成的业务/应用代码评审或质量评估
  • 需要评分、风险等级或必须修复清单
  • C++业务代码必须满足OpenHarmony编码/安全要求

Workflow

工作流程

  1. Identify language and code type (business vs test). If test code, use 
    ai-generated-ut-code-review
    instead.
  2. For C++: load and apply 
    openharmony-cpp
    + 
    openharmony-security-review
    as mandatory constraints.
  3. Inspect behavior vs requirements, edge cases, error handling, resource management, and security.
  4. Score by rubric, assign risk level, list must-fix items with concrete evidence (file/line or snippet).
  1. 识别语言和代码类型(业务代码 vs 测试代码)。如果是测试代码,请改用
    ai-generated-ut-code-review
  2. 对于C++:加载并应用
    openharmony-cpp
    + 
    openharmony-security-review
    作为强制约束。
  3. 检查行为是否符合需求、边界情况、错误处理、资源管理和安全性。
  4. 根据评分标准打分,分配风险等级,列出带有具体证据(文件/行或代码片段)的必须修复项。

Scoring (0-10)

评分标准(0-10分)

Each dimension 0-2 points. Sum = total score.
Dimension012
CorrectnessWrong/missing key behaviorPartial/assumptionsMeets requirements
RobustnessCrashes/leaks/unchecked errorsSome edge handlingSolid edge/error handling
MaintainabilityHard to read/modifyMixed qualityClear structure & naming
PerformanceInefficient hot pathsAcceptable but improvableEfficient for expected load
SecurityClear vulnerabilitiesWeak validation/unsafeSafe-by-default, validated
每个维度0-2分,总和为总分。
维度0分1分2分
正确性关键行为错误/缺失部分满足/存在假设符合需求
健壮性崩溃/泄漏/未检查错误有部分边界处理完善的边界/错误处理
可维护性难以阅读/修改质量参差不齐结构清晰、命名规范
性能热点路径低效可接受但可优化针对预期负载高效
安全性存在明显漏洞验证薄弱/不安全默认安全、已验证

Risk Levels

风险等级

  • Blocker: security漏洞、严重逻辑错误、或违反 C++ 强制规范
  • High: 关键路径缺失、异常处理不完整、明显资源泄漏
  • Medium: 维护性或性能风险显著
  • Low: 轻微问题或风格一致性
  • Blocker:安全漏洞、严重逻辑错误、或违反C++强制规范
  • High:关键路径缺失、异常处理不完整、明显资源泄漏
  • Medium:可维护性或性能风险显著
  • Low:轻微问题或风格一致性问题

Must-Fix Checklist

必须修复清单

  • 外部输入有明确校验与错误反馈
  • 关键异常路径可达且可观测(日志/错误码/异常)
  • 资源释放或 RAII 保证(C++)
  • C++ 场景满足 
    openharmony-cpp
    openharmony-security-review
  • 外部输入有明确校验与错误反馈
  • 关键异常路径可达且可观测(日志/错误码/异常)
  • 资源释放或RAII保证(C++)
  • C++场景满足
    openharmony-cpp
    openharmony-security-review
    规范

AI-Generated Code Pitfalls (Check Explicitly)

AI生成代码常见问题(需明确检查)

  • 需求误解、隐含前提错误
  • 只覆盖 happy-path,忽略异常/边界
  • 吞异常或默认值不合理
  • 复制粘贴造成重复与不一致
  • 过度复杂化或抽象错误
  • 需求误解、隐含前提错误
  • 仅覆盖正常路径,忽略异常/边界情况
  • 吞噬异常或默认值不合理
  • 复制粘贴导致重复与不一致
  • 过度复杂化或抽象错误

Output Format (Required, Semi-fixed)

输出格式(必填,半固定)

  • Score
    : x/10 — Correctness x, Robustness x, Maintainability x, Performance x, Security x
  • Risk
    : Low/Medium/High/Blocker — 简述风险原因(1 行)
  • Must-fix
    :
    • [动作 + 证据]
    • [动作 + 证据]
  • Key Evidence
    :
    • 引用具体函数/类/路径(1-2 条)
  • Notes
    :
    • 最小修复建议或替代方案(1-2 行)
Rules:
  • C++ 必须在 
    Key Evidence
    Must-fix
    中明确指出违反 
    openharmony-cpp
    /
    openharmony-security-review
    的点
  • 至少 2 条证据;证据不足需说明并降分
  • 禁止只给总体评价
  • Score
    : x/10 — 正确性x,健壮性x,可维护性x,性能x,安全性x
  • Risk
    : Low/Medium/High/Blocker — 简述风险原因(1行)
  • Must-fix
    :
    • [动作 + 证据]
    • [动作 + 证据]
  • Key Evidence
    :
    • 引用具体函数/类/路径(1-2条)
  • Notes
    :
    • 最小修复建议或替代方案(1-2行)
规则:
  • C++必须在
    Key Evidence
    Must-fix
    中明确指出违反
    openharmony-cpp
    /
    openharmony-security-review
    的点
  • 至少2条证据;证据不足需说明并降分
  • 禁止只给总体评价

Common Mistakes

常见错误

  • 只给总体评价,不给证据
  • 忽略 C++ 强制规范
  • 将风格问题当作阻断风险
  • 只给总体评价,不给证据
  • 忽略C++强制规范
  • 将风格问题当作阻断风险

Example (Concise)

示例(简洁版)

Score: 6/10 (Correctness 1, Robustness 1, Maintainability 1, Performance 1, Security 2) Risk: High Must-fix:
  • Missing input validation in 
    createUser()
    (null/empty, length, format)
  • Error path swallows exceptions without logging Key Evidence:
  • createUser()
    accepts raw input without checks
  • catch
    block is empty in 
    persistUser()
    Notes:
  • Add explicit validation and return structured errors.
Score: 6/10 (Correctness 1, Robustness 1, Maintainability 1, Performance 1, Security 2) Risk: High Must-fix:
  • createUser()
    中缺失输入校验(空值/空字符串、长度、格式)
  • 错误路径吞噬异常且未记录日志 Key Evidence:
  • createUser()
    接受原始输入未做检查
  • catch
    block is empty in 
    persistUser()
    Notes:
  • 添加明确的校验并返回结构化错误。