code-review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCode Review
代码审查
Overview
概述
Comprehensive code review against the original plan, coding standards, and learned project patterns. This skill dispatches a dedicated code-reviewer agent for thorough analysis, ensuring every change is evidence-based, plan-aligned, and convention-aware before it reaches the main branch.
Announce at start: "I'm using the code-review skill to review the implementation."
对照原始计划、编码标准和已沉淀的项目模式开展全面代码审查。本技能会调度专属的code-reviewer agent执行深度分析,确保所有变更在并入主分支前均有据可依、符合计划且遵循约定规范。
启动时声明: "我正在使用code-review技能评审本次实现。"
Phase 1: Gather Context
阶段1:收集上下文
Goal: Identify what changed, what the plan required, and what conventions apply.
目标: 明确变更内容、计划要求和适用规范。
Actions
执行动作
- Retrieve the changes to review:
bash
git diff HEAD~N..HEAD # or specific commit range
git log --oneline HEAD~N..HEAD # what was done- Locate the plan document:
bash
ls docs/plans/*.md | tail -1-
Load project conventions from
memory/learned-patterns.md -
Identify:
- What files were changed
- What the plan/spec required
- What conventions apply
- 拉取待评审的变更内容:
bash
git diff HEAD~N..HEAD # 或指定提交范围
git log --oneline HEAD~N..HEAD # 查看提交说明- 查找计划文档:
bash
ls docs/plans/*.md | tail -1-
从加载项目约定规范
memory/learned-patterns.md -
明确以下信息:
- 哪些文件发生了变更
- 计划/需求文档的要求是什么
- 哪些约定规范适用于本次变更
STOP — Do NOT proceed to Phase 2 until:
暂停 — 满足以下条件前请勿进入阶段2:
- All changed files are identified
- The plan or spec requirements are loaded
- Relevant conventions from memory are loaded
- You can state what was supposed to be built
- 已识别所有变更文件
- 已加载计划或需求要求
- 已加载知识库中相关的约定规范
- 你能清晰说明本次需要交付的功能内容
Phase 2: Dispatch Code Reviewer
阶段2:调度代码审查者
Goal: Send structured review request to the agent.
code-reviewer目标: 向agent发送结构化的评审请求。
code-reviewerReview Prompt Template
评审提示词模板
Review the following changes against:
1. Plan: [plan document or requirements]
2. Conventions: [learned patterns from memory]
3. Standards: [CLAUDE.md rules]
Changes:
[git diff output or file list]
Check for:
- Plan alignment (did we build what was specified?)
- Code quality (DRY, YAGNI, naming, structure)
- Error handling (edge cases, failure modes)
- Security (injection, XSS, auth issues)
- Test coverage (are changes tested?)
- Performance (obvious bottlenecks)
- Documentation (are public APIs documented?)对照以下要求评审变更内容:
1. 计划:[计划文档或需求内容]
2. 约定:[知识库中的沉淀模式]
3. 标准:[CLAUDE.md规则]
变更内容:
[git diff输出或变更文件列表]
检查维度:
- 计划对齐度:是否实现了需求指定的功能?
- 代码质量:是否符合DRY、YAGNI原则,命名、结构是否规范?
- 错误处理:是否覆盖了边缘场景、故障模式?
- 安全性:是否存在注入、XSS、权限相关问题?
- 测试覆盖:变更内容是否有对应的测试?
- 性能:是否存在明显的性能瓶颈?
- 文档:公共API是否有对应的文档说明?STOP — Do NOT proceed to Phase 3 until:
暂停 — 满足以下条件前请勿进入阶段3:
- Review request has been dispatched
- Reviewer agent has returned findings
- 已发送评审请求
- 评审agent已返回评审结果
Phase 3: Categorize and Resolve Issues
阶段3:问题分类与修复
Goal: Classify findings and fix all Critical issues.
目标: 对评审发现的问题分类,修复所有严重问题。
Issue Categorization Table
问题分类表
| Category | Definition | Action Required |
|---|---|---|
| Critical | Bugs, security issues, data loss risk, plan violations | Must fix before merge |
| Important | Code quality, missing tests, convention violations | Should fix before merge |
| Suggestions | Style, naming, minor improvements | Nice to have, fix if time allows |
| 分类 | 定义 | 要求动作 |
|---|---|---|
| 严重(Critical) | Bug、安全问题、数据丢失风险、违反计划要求 | 合并前必须修复 |
| 重要(Important) | 代码质量问题、缺失测试、违反约定规范 | 合并前应当修复 |
| 建议(Suggestions) | 风格、命名、微小优化 | 非必需,时间允许时修复 |
Fix Loop
修复循环
For Critical and Important issues:
- Fix the issue
- Run tests to verify the fix
- Re-dispatch code-reviewer agent for the specific fix
- Repeat until no Critical issues remain
针对严重和重要问题:
- 修复问题
- 运行测试验证修复效果
- 针对修复内容重新调度code-reviewer agent评审
- 重复上述步骤直到无严重问题残留
STOP — Do NOT proceed to Phase 4 until:
暂停 — 满足以下条件前请勿进入阶段4:
- All Critical issues are resolved
- All Important issues are resolved or explicitly deferred with justification
- Test suite passes after all fixes
- 所有严重问题已解决
- 所有重要问题已解决或已明确说明延期理由
- 所有修复完成后测试集全部通过
Phase 4: Self-Learning Integration
阶段4:自学习集成
Goal: Persist patterns discovered during review for future sessions.
目标: 存储评审过程中发现的新模式,供后续会话使用。
Actions
执行动作
- If new patterns were identified, update
memory/learned-patterns.md - If a common mistake was found, note it for future reference
- If the plan needed adjustment, update
memory/decisions-log.md
- 如果识别到新模式,更新
memory/learned-patterns.md - 如果发现了共性错误,记录下来供后续参考
- 如果计划需要调整,更新
memory/decisions-log.md
Review Output Format
评审输出格式
markdown
undefinedmarkdown
undefinedCode Review Summary
代码审查总结
Scope: [files/components reviewed]
Plan alignment: [aligned / minor deviations / major deviations]
评审范围: [评审的文件/组件]
计划对齐度: [完全对齐/少量偏差/严重偏差]
Critical Issues (N)
严重问题(N个)
- [Issue title] — Problem: [description] Fix: [specific recommendation]
file:line
- [问题标题] — 问题:[问题描述] 修复方案:[具体修复建议]
文件:行号
Important Issues (N)
重要问题(N个)
- [Issue title] — Problem: [description] Fix: [specific recommendation]
file:line
- [问题标题] — 问题:[问题描述] 修复方案:[具体修复建议]
文件:行号
Suggestions (N)
优化建议(N个)
- [Suggestion] —
file:line
- [建议内容] —
文件:行号
What Was Done Well
做得好的地方
- [Positive observations]
---- [正面评价内容]
---Decision Table: Review Depth
决策表:评审深度
| Change Type | Review Depth | Reviewer |
|---|---|---|
| New feature (>100 lines) | Full review: plan alignment + quality + security + tests | code-reviewer agent |
| Bug fix (<50 lines) | Focused review: regression test + root cause + fix correctness | code-reviewer agent |
| Refactor (no behavior change) | Behavior preservation: all tests pass + no regressions | code-reviewer agent |
| Config/infra change | Security + correctness: no secrets exposed, valid syntax | code-reviewer agent |
| Documentation only | Accuracy + completeness: matches current code behavior | Inline review |
| 变更类型 | 评审深度 | 评审方 |
|---|---|---|
| 新功能(>100行) | 全量评审:计划对齐+质量+安全+测试 | code-reviewer agent |
| Bug修复(<50行) | 聚焦评审:回归测试+根因+修复正确性 | code-reviewer agent |
| 重构(无行为变更) | 行为一致性:所有测试通过+无回归 | code-reviewer agent |
| 配置/基础设施变更 | 安全+正确性:无密钥泄露、语法有效 | code-reviewer agent |
| 仅文档变更 | 准确性+完整性:与当前代码行为一致 | 直接评审 |
Anti-Patterns / Common Mistakes
反模式/常见错误
| Anti-Pattern | Why It Is Wrong | Correct Approach |
|---|---|---|
| Skipping review for "small fixes" | Small changes cause production outages | Review everything |
| Reviewing without the plan | Cannot verify correctness without requirements | Always load the plan first |
| Fixing issues without re-running tests | Fixes can introduce new bugs | Run full test suite after every fix |
| Generic feedback ("looks good") | Not actionable, misses real issues | Cite specific code lines with fix recommendations |
| Reviewing your own code alone | Author blindness misses defects | Always dispatch code-reviewer agent |
| Deferring Critical issues | Critical issues become production incidents | Must fix before merge, no exceptions |
| 反模式 | 错误原因 | 正确做法 |
|---|---|---|
| 认为是“小修复”跳过评审 | 小变更也可能导致生产故障 | 所有变更都要评审 |
| 不对照计划开展评审 | 没有需求依据无法验证正确性 | 始终先加载计划再评审 |
| 修复问题后不重新运行测试 | 修复可能引入新Bug | 每次修复后运行完整测试集 |
| 泛泛的反馈(“看起来不错”) | 无法落地,会遗漏真实问题 | 引用具体代码行并给出修复建议 |
| 仅自己评审自己的代码 | 作者盲区会遗漏缺陷 | 始终调度code-reviewer agent评审 |
| 延期处理严重问题 | 严重问题会演变为生产事故 | 合并前必须修复,无例外 |
Rationalizations — STOP If You Think These
常见借口 — 如果你有这些想法请立刻停止
| Excuse | Reality |
|---|---|
| "It's just a typo fix" | Typo fixes can break APIs. Review it. |
| "I'm confident in this code" | Confidence does not equal correctness. Review it. |
| "The tests pass" | Tests can miss bugs. Review it. |
| "It's just styling/formatting" | Style changes can introduce bugs. Review it. |
| "Nobody will notice" | That is exactly when bugs ship. Review it. |
| "I'll review it later" | Later never comes. Review it now. |
| "The deadline is tight" | Shipping bugs costs more than reviewing. Review it. |
| 借口 | 现实 |
|---|---|
| “只是改了个 typo” | Typo修复也可能破坏API,必须评审 |
| “我对这段代码很有信心” | 信心不等于正确性,必须评审 |
| “测试都通过了” | 测试也可能遗漏Bug,必须评审 |
| “只是样式/格式调整” | 样式变更也可能引入Bug,必须评审 |
| “没人会注意到” | 这正是Bug发布的原因,必须评审 |
| “我之后再评审” | 之后永远不会来,现在就评审 |
| “ deadline 很紧” | 线上Bug的修复成本远高于评审成本,必须评审 |
Subagent Dispatch Opportunities
子代理调度场景
| Task Pattern | Dispatch To | When |
|---|---|---|
| Reviewing multiple independent files/modules | | When review scope spans multiple unrelated modules |
| Security-focused review pass | | When changes touch auth, input handling, or external APIs |
| Performance impact assessment | | When changes affect hot paths or data-heavy operations |
Follow the skill protocol when dispatching.
dispatching-parallel-agents| 任务模式 | 调度对象 | 触发时机 |
|---|---|---|
| 评审多个独立文件/模块 | | 评审范围覆盖多个无关模块时 |
| 聚焦安全的评审环节 | 调用 | 变更涉及权限、输入处理或外部API时 |
| 性能影响评估 | 调用 | 变更影响热点路径或大数据量操作时 |
调度时遵循技能协议。
dispatching-parallel-agentsIntegration Points
集成点
| Skill | Relationship |
|---|---|
| Review checks implementation against the approved plan |
| Review verifies test coverage and TDD compliance |
| Review is a prerequisite for verification |
| Review findings feed into learned patterns |
| Review checks that acceptance tests exist for all criteria |
| If review reveals a bug, switch to debugging skill |
| Security findings during review trigger deeper security analysis |
| 技能 | 关联关系 |
|---|---|
| 评审对照已审批的计划校验实现 |
| 评审验证测试覆盖度和TDD合规性 |
| 评审是验证环节的前置条件 |
| 评审结果沉淀为已学习模式 |
| 评审检查所有验收标准是否有对应的验收测试 |
| 如果评审发现Bug,切换到调试技能 |
| 评审中发现的安全问题会触发深度安全分析 |
Iron Law
铁律
┌─────────────────────────────────────────────────────────────────┐
│ HARD-GATE: NO MERGE WITHOUT REVIEW │
│ │
│ Every change gets reviewed. No exceptions for "small fixes" │
│ or "obvious changes." If you are about to merge without │
│ review, STOP immediately. │
└─────────────────────────────────────────────────────────────────┘┌─────────────────────────────────────────────────────────────────┐
│ 硬性门禁:无评审不合并 │
│ │
│ 所有变更都必须评审。即便是“小修复”或“明显变更”也不例外。如果你 │
│ 打算不经评审就合并,请立刻停止。 │
└─────────────────────────────────────────────────────────────────┘Skill Type
技能类型
RIGID — The four-phase process is mandatory. Every change must be reviewed by the code-reviewer agent. No merge without review. No exceptions.
严格执行(RIGID) — 四阶段流程为强制要求。所有变更必须经过code-reviewer agent评审,无评审不合并,无任何例外。