Back to Details

review-code

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Review Code

代码审查

This skill is portable. It works from instructions alone and should be usable in any repository with Git history and repository guidance.
本Skill可移植,仅通过指令即可运行,适用于任何具备Git历史记录和仓库指引的代码库。

Safety Boundary

安全边界

Local code review is read-only and findings-only.
  • Do not edit files, stage changes, commit, push, create pull requests, post GitHub comments, or mutate review threads.
  • Do not run formatters, generators, fixers, installers, or other commands that write to the worktree.
  • Do not read, require, print, or infer secrets.
  • Do not fall back to same-thread review. If fresh reviewer dispatch is unavailable, halt.
本地代码审查为只读模式,仅输出审查结果。
  • 不得编辑文件、暂存变更、提交、推送、创建拉取请求、发布GitHub评论或修改审查线程。
  • 不得运行格式化工具、生成器、修复工具、安装程序或其他会写入工作目录的命令。
  • 不得读取、索取、打印或推断机密信息。
  • 不得退回到同线程审查。若无法调度全新审查者,则终止操作。

Scope

审查范围

  1. Resolve the repository default branch with 
    gh repo view --json defaultBranchRef --jq .defaultBranchRef.name
    or 
    git rev-parse --abbrev-ref origin/HEAD
    . Normalize the fallback by stripping the leading 
    origin/
    so the branch name is 
    main
    , not 
    origin/main
    . If neither source can identify a default branch, halt with instructions to set 
    origin/HEAD
    outside this skill, for example with 
    git remote set-head origin --auto
    .
  2. Use the current 
    origin/<default-branch>
    ref. Do not update refs during review. Verify the local ref exists with 
    git rev-parse --verify origin/<default-branch>
    . When 
    gh
    is available, resolve 
    {owner}/{repo}
    with 
    gh repo view --json nameWithOwner --jq .nameWithOwner
    , then compare the local SHA to the remote default-branch SHA from 
    gh api repos/{owner}/{repo}/branches/{branch} --jq .commit.sha
    ; halt and report both SHAs when they differ. When remote freshness cannot be checked, continue only after recording that freshness is unverified in the report.
  3. Compute the review base with 
    git merge-base origin/<default-branch> HEAD
    after normalization.
  4. Review the default-branch merge-base to the current branch, plus staged, unstaged, and untracked local changes. Include deleted files.
  5. Load repository instructions before review: 
    AGENTS.md
    , 
    CLAUDE.md
    if present, and docs they explicitly import.
  6. Treat generated files, lockfiles, vendored files, and dogfood overlay paths as low-signal unless repository instructions or the diff make them relevant.
  1. 通过
    gh repo view --json defaultBranchRef --jq .defaultBranchRef.name
    git rev-parse --abbrev-ref origin/HEAD
    确定仓库默认分支。对回退结果进行标准化处理,去除前缀
    origin/
    ,使分支名称为
    main
    而非
    origin/main
    。若无法通过任一方式识别默认分支,则终止操作并提示用户在此Skill外设置
    origin/HEAD
    ,例如执行
    git remote set-head origin --auto
  2. 使用当前的
    origin/<default-branch>
    引用。审查期间不得更新引用。通过
    git rev-parse --verify origin/<default-branch>
    验证本地引用是否存在。当
    gh
    可用时,通过
    gh repo view --json nameWithOwner --jq .nameWithOwner
    获取
    {owner}/{repo}
    ,然后将本地SHA与通过
    gh api repos/{owner}/{repo}/branches/{branch} --jq .commit.sha
    获取的远程默认分支SHA进行对比;若两者不同,则终止操作并报告两个SHA值。若无法检查远程新鲜度,则仅在报告中记录“新鲜度未验证”后继续操作。
  3. 标准化后,通过
    git merge-base origin/<default-branch> HEAD
    计算审查基准。
  4. 审查从默认分支合并基准到当前分支的差异,以及本地暂存、未暂存和未跟踪的变更,包括已删除的文件。
  5. 审查前加载仓库指引文件:若存在
    AGENTS.md
    CLAUDE.md
    及其明确导入的文档。
  6. 除非仓库指引或差异显示其相关性,否则将生成文件、锁定文件、供应商文件和内部测试覆盖路径视为低信号内容。

Fresh Reviewer Dispatch

全新审查者调度

The primary agent may compute scope and collect context, but the actual review must run as a fresh-context reviewer in a fresh reviewer agent or equivalent isolated dispatch surface with no inherited implementation conversation. Prefer a host-provided read-only Explorer or reviewer background agent when one is available, because branch-diff review is a codebase question with a bounded scope.
In Codex, spawn a fresh Explorer background agent for the review without asking for another user confirmation when the caller has already requested local review, 
/review-code
, or an issue workflow that reaches the review gate. Close the Explorer or reviewer agent after its final report is consumed. Do not let old review agents pile up, and do not start a duplicate reviewer for the same unresolved review pass.
Pass only:
  • Repository path
  • Default branch, merge-base, head, and dirty/untracked scope
  • Changed file list and relevant diff commands
  • Repository instructions
  • This read-only review contract
If the host runtime cannot create a fresh reviewer or equivalent isolated review surface, halt and report that isolation is unavailable. Do not ask the current implementation conversation to perform the review.
主Agent可计算审查范围并收集上下文,但实际审查必须由全新上下文的审查者在全新审查Agent或等效的隔离调度环境中运行,不得继承之前的实现对话。若存在宿主提供的只读Explorer或审查后台Agent,优先使用,因为分支差异审查是一个范围明确的代码库问题。
在Codex中,当调用者已请求本地审查、
/review-code
或到达审查环节的任务工作流时,无需再次请求用户确认,直接生成一个全新的Explorer后台Agent进行审查。在审查最终报告被处理后关闭该Explorer或审查Agent。不得堆积旧的审查Agent,也不得为同一未完成的审查流程启动重复的审查者。
仅传递以下内容:
  • 仓库路径
  • 默认分支、合并基准、HEAD以及未提交/未跟踪的范围
  • 变更文件列表和相关差异命令
  • 仓库指引
  • 本只读审查协议
若宿主运行时无法创建全新审查者或等效的隔离审查环境,则终止操作并报告隔离环境不可用。不得请求当前对话执行审查操作。

Reviewer Contract

审查者协议

The reviewer should inspect the scoped diff for merge-relevant risk:
  • correctness, security, data loss, requirements fit, error handling, test quality, edge cases, production readiness, clarity, and maintainability
  • missing or misleading tests for changed behavior
  • inconsistencies with repository instructions or issue acceptance criteria
Group findings by severity: blocking, non-blocking, and low-severity. Each finding must include a file and line reference, rationale, and suggested fix. Keep praise-heavy commentary out of the report. If there are no findings, say so and mention residual risk or test gaps.
审查者应检查范围内的差异,识别与合并相关的风险:
  • 正确性、安全性、数据丢失、需求匹配度、错误处理、测试质量、边缘情况、生产就绪性、代码清晰度和可维护性
  • 变更行为对应的测试缺失或描述不准确
  • 与仓库指引或任务验收标准不一致的内容
按严重程度分组结果:阻塞性问题、非阻塞性问题和低严重度问题。每个结果必须包含文件和行号引用、理由及建议修复方案。报告中避免过多赞美性评论。若无审查结果,需明确说明并提及潜在风险或测试缺口。

Distinction From Hosted Review

与托管审查的区别

review-code
is a local isolated reviewer for branch-diff findings. It does not emulate 
code-review.yml
, does not require a PR number, and does not post comments.
This skill only covers local isolated branch-diff review. Hosted review workflows own their own prompt, permissions, and PR-commenting contract.
review-code
是用于分支差异结果的本地隔离审查工具。它不模拟
code-review.yml
,不需要PR编号,也不会发布评论。
本Skill仅涵盖本地隔离的分支差异审查。托管审查工作流拥有独立的提示词、权限和PR评论协议。

Report

报告内容

  • Base, head, and default branch used
  • Local default-branch ref freshness check, or why freshness is unverified (for example: 
    Freshness unverified: gh unavailable; reviewed current origin/main only
    )
  • Changed files, including staged, unstaged, and untracked files
  • Fresh reviewer dispatch mechanism, or halt reason
  • Findings grouped by severity
  • Low-signal paths skipped or reviewed with rationale
  • 使用的基准分支、HEAD分支和默认分支
  • 本地默认分支引用的新鲜度检查结果,或新鲜度未验证的原因(例如:新鲜度未验证:gh不可用;仅审查当前origin/main)
  • 变更文件,包括暂存、未暂存和未跟踪的文件
  • 全新审查者调度机制,或终止操作的原因
  • 按严重程度分组的审查结果
  • 跳过或审查低信号路径的理由