Back to Details

comprehensive-review-full-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Use this skill when

何时使用此技能

  • Working on comprehensive review full review tasks or workflows
  • Needing guidance, best practices, or checklists for comprehensive review full review
  • 处理全面审查相关任务或工作流时
  • 需要全面审查的指导、最佳实践或检查清单时

Do not use this skill when

何时不使用此技能

  • The task is unrelated to comprehensive review full review
  • You need a different domain or tool outside this scope
  • 任务与全面审查无关时
  • 需要此范围之外的其他领域或工具时

Instructions

操作说明

  • Clarify goals, constraints, and required inputs.
  • Apply relevant best practices and validate outcomes.
  • Provide actionable steps and verification.
  • If detailed examples are required, open 
    resources/implementation-playbook.md
    .
Orchestrate comprehensive multi-dimensional code review using specialized review agents
[Extended thinking: This workflow performs an exhaustive code review by orchestrating multiple specialized agents in sequential phases. Each phase builds upon previous findings to create a comprehensive review that covers code quality, security, performance, testing, documentation, and best practices. The workflow integrates modern AI-assisted review tools, static analysis, security scanning, and automated quality metrics. Results are consolidated into actionable feedback with clear prioritization and remediation guidance. The phased approach ensures thorough coverage while maintaining efficiency through parallel agent execution where appropriate.]
  • 明确目标、约束条件和所需输入。
  • 应用相关最佳实践并验证结果。
  • 提供可执行步骤和验证方法。
  • 如果需要详细示例,请打开
    resources/implementation-playbook.md
通过专业审查Agent编排全面的多维度代码审查
[扩展思考:此工作流通过分阶段编排多个专业Agent来执行详尽的代码审查。每个阶段都基于之前的发现进行构建,形成涵盖代码质量、安全性、性能、测试、文档和最佳实践的全面审查。该工作流集成了现代AI辅助审查工具、静态分析、安全扫描和自动化质量指标。结果会被整合为带有明确优先级和修复指导的可操作反馈。分阶段方法确保了审查的全面性,同时在合适的地方通过并行执行Agent来保持效率。]

Review Configuration Options

审查配置选项

  • --security-focus: Prioritize security vulnerabilities and OWASP compliance
  • --performance-critical: Emphasize performance bottlenecks and scalability issues
  • --tdd-review: Include TDD compliance and test-first verification
  • --ai-assisted: Enable AI-powered review tools (Copilot, Codium, Bito)
  • --strict-mode: Fail review on any critical issues found
  • --metrics-report: Generate detailed quality metrics dashboard
  • --framework [name]: Apply framework-specific best practices (React, Spring, Django, etc.)
  • --security-focus:优先处理安全漏洞和OWASP合规性
  • --performance-critical:重点关注性能瓶颈和可扩展性问题
  • --tdd-review:包含TDD合规性和测试优先验证
  • --ai-assisted:启用AI驱动的审查工具(Copilot、Codium、Bito)
  • --strict-mode:发现任何关键问题时判定审查不通过
  • --metrics-report:生成详细的质量指标仪表盘
  • --framework [name]:应用特定框架的最佳实践(React、Spring、Django等)

Phase 1: Code Quality & Architecture Review

阶段1:代码质量与架构审查

Use Task tool to orchestrate quality and architecture agents in parallel:
使用Task工具并行编排质量和架构Agent:

1A. Code Quality Analysis

1A. 代码质量分析

  • Use Task tool with subagent_type="code-reviewer"
  • Prompt: "Perform comprehensive code quality review for: $ARGUMENTS. Analyze code complexity, maintainability index, technical debt, code duplication, naming conventions, and adherence to Clean Code principles. Integrate with SonarQube, CodeQL, and Semgrep for static analysis. Check for code smells, anti-patterns, and violations of SOLID principles. Generate cyclomatic complexity metrics and identify refactoring opportunities."
  • Expected output: Quality metrics, code smell inventory, refactoring recommendations
  • Context: Initial codebase analysis, no dependencies on other phases
  • 使用Task工具,设置subagent_type="code-reviewer"
  • 提示语:"对以下内容执行全面代码质量审查:$ARGUMENTS。分析代码复杂度、可维护性指数、技术债务、代码重复、命名规范以及对Clean Code原则的遵循情况。集成SonarQube、CodeQL和Semgrep进行静态分析。检查代码异味、反模式以及SOLID原则的违反情况。生成圈复杂度指标并识别重构机会。"
  • 预期输出:质量指标、代码异味清单、重构建议
  • 背景:初始代码库分析,不依赖其他阶段

1B. Architecture & Design Review

1B. 架构与设计审查

  • Use Task tool with subagent_type="architect-review"
  • Prompt: "Review architectural design patterns and structural integrity in: $ARGUMENTS. Evaluate microservices boundaries, API design, database schema, dependency management, and adherence to Domain-Driven Design principles. Check for circular dependencies, inappropriate coupling, missing abstractions, and architectural drift. Verify compliance with enterprise architecture standards and cloud-native patterns."
  • Expected output: Architecture assessment, design pattern analysis, structural recommendations
  • Context: Runs parallel with code quality analysis
  • 使用Task工具,设置subagent_type="architect-review"
  • 提示语:"审查以下内容中的架构设计模式和结构完整性:$ARGUMENTS。评估微服务边界、API设计、数据库 schema、依赖管理以及对领域驱动设计(Domain-Driven Design)原则的遵循情况。检查循环依赖、不当耦合、缺失的抽象以及架构漂移。验证是否符合企业架构标准和云原生模式。"
  • 预期输出:架构评估、设计模式分析、结构改进建议
  • 背景:与代码质量分析并行执行

Phase 2: Security & Performance Review

阶段2:安全与性能审查

Use Task tool with security and performance agents, incorporating Phase 1 findings:
使用Task工具调用安全和性能Agent,结合阶段1的发现:

2A. Security Vulnerability Assessment

2A. 安全漏洞评估

  • Use Task tool with subagent_type="security-auditor"
  • Prompt: "Execute comprehensive security audit on: $ARGUMENTS. Perform OWASP Top 10 analysis, dependency vulnerability scanning with Snyk/Trivy, secrets detection with GitLeaks, input validation review, authentication/authorization assessment, and cryptographic implementation review. Include findings from Phase 1 architecture review: {phase1_architecture_context}. Check for SQL injection, XSS, CSRF, insecure deserialization, and configuration security issues."
  • Expected output: Vulnerability report, CVE list, security risk matrix, remediation steps
  • Context: Incorporates architectural vulnerabilities identified in Phase 1B
  • 使用Task工具,设置subagent_type="security-auditor"
  • 提示语:"对以下内容执行全面安全审计:$ARGUMENTS。执行OWASP Top 10分析、使用Snyk/Trivy进行依赖漏洞扫描、使用GitLeaks进行密钥检测、输入验证审查、身份验证/授权评估以及加密实现审查。包含阶段1架构审查的发现:{phase1_architecture_context}。检查SQL注入、XSS、CSRF、不安全反序列化和配置安全问题。"
  • 预期输出:漏洞报告、CVE列表、安全风险矩阵、修复步骤
  • 背景:整合阶段1B中识别的架构漏洞

2B. Performance & Scalability Analysis

2B. 性能与可扩展性分析

  • Use Task tool with subagent_type="application-performance::performance-engineer"
  • Prompt: "Conduct performance analysis and scalability assessment for: $ARGUMENTS. Profile code for CPU/memory hotspots, analyze database query performance, review caching strategies, identify N+1 problems, assess connection pooling, and evaluate asynchronous processing patterns. Consider architectural findings from Phase 1: {phase1_architecture_context}. Check for memory leaks, resource contention, and bottlenecks under load."
  • Expected output: Performance metrics, bottleneck analysis, optimization recommendations
  • Context: Uses architecture insights to identify systemic performance issues
  • 使用Task工具,设置subagent_type="application-performance::performance-engineer"
  • 提示语:"对以下内容进行性能分析和可扩展性评估:$ARGUMENTS。分析代码的CPU/内存热点、数据库查询性能、缓存策略、识别N+1问题、评估连接池以及异步处理模式。考虑阶段1的架构发现:{phase1_architecture_context}。检查内存泄漏、资源争用和负载下的瓶颈。"
  • 预期输出:性能指标、瓶颈分析、优化建议
  • 背景:利用架构洞察识别系统性性能问题

Phase 3: Testing & Documentation Review

阶段3:测试与文档审查

Use Task tool for test and documentation quality assessment:
使用Task工具评估测试和文档质量:

3A. Test Coverage & Quality Analysis

3A. 测试覆盖率与质量分析

  • Use Task tool with subagent_type="unit-testing::test-automator"
  • Prompt: "Evaluate testing strategy and implementation for: $ARGUMENTS. Analyze unit test coverage, integration test completeness, end-to-end test scenarios, test pyramid adherence, and test maintainability. Review test quality metrics including assertion density, test isolation, mock usage, and flakiness. Consider security and performance test requirements from Phase 2: {phase2_security_context}, {phase2_performance_context}. Verify TDD practices if --tdd-review flag is set."
  • Expected output: Coverage report, test quality metrics, testing gap analysis
  • Context: Incorporates security and performance testing requirements from Phase 2
  • 使用Task工具,设置subagent_type="unit-testing::test-automator"
  • 提示语:"评估以下内容的测试策略和实现:$ARGUMENTS。分析单元测试覆盖率、集成测试完整性、端到端测试场景、测试金字塔遵循情况以及测试可维护性。审查测试质量指标,包括断言密度、测试隔离、Mock使用和不稳定性。考虑阶段2的安全和性能测试要求:{phase2_security_context}, {phase2_performance_context}。如果设置了--tdd-review标志,验证TDD实践。"
  • 预期输出:覆盖率报告、测试质量指标、测试差距分析
  • 背景:整合阶段2的安全和性能测试要求

3B. Documentation & API Specification Review

3B. 文档与API规范审查

  • Use Task tool with subagent_type="code-documentation::docs-architect"
  • Prompt: "Review documentation completeness and quality for: $ARGUMENTS. Assess inline code documentation, API documentation (OpenAPI/Swagger), architecture decision records (ADRs), README completeness, deployment guides, and runbooks. Verify documentation reflects actual implementation based on all previous phase findings: {phase1_context}, {phase2_context}. Check for outdated documentation, missing examples, and unclear explanations."
  • Expected output: Documentation coverage report, inconsistency list, improvement recommendations
  • Context: Cross-references all previous findings to ensure documentation accuracy
  • 使用Task工具,设置subagent_type="code-documentation::docs-architect"
  • 提示语:"审查以下内容的文档完整性和质量:$ARGUMENTS。评估内联代码文档、API文档(OpenAPI/Swagger)、架构决策记录(ADRs)、README完整性、部署指南和运行手册。基于所有先前阶段的发现验证文档是否反映实际实现:{phase1_context}, {phase2_context}。检查过时文档、缺失示例和模糊说明。"
  • 预期输出:文档覆盖率报告、不一致列表、改进建议
  • 背景:交叉引用所有先前发现以确保文档准确性

Phase 4: Best Practices & Standards Compliance

阶段4:最佳实践与标准合规性

Use Task tool to verify framework-specific and industry best practices:
使用Task工具验证特定框架和行业最佳实践:

4A. Framework & Language Best Practices

4A. 框架与语言最佳实践

  • Use Task tool with subagent_type="framework-migration::legacy-modernizer"
  • Prompt: "Verify adherence to framework and language best practices for: $ARGUMENTS. Check modern JavaScript/TypeScript patterns, React hooks best practices, Python PEP compliance, Java enterprise patterns, Go idiomatic code, or framework-specific conventions (based on --framework flag). Review package management, build configuration, environment handling, and deployment practices. Include all quality issues from previous phases: {all_previous_contexts}."
  • Expected output: Best practices compliance report, modernization recommendations
  • Context: Synthesizes all previous findings for framework-specific guidance
  • 使用Task工具,设置subagent_type="framework-migration::legacy-modernizer"
  • 提示语:"验证以下内容对框架和语言最佳实践的遵循情况:$ARGUMENTS。检查现代JavaScript/TypeScript模式、React hooks最佳实践、Python PEP合规性、Java企业模式、Go惯用代码或特定框架约定(基于--framework标志)。审查包管理、构建配置、环境处理和部署实践。包含先前阶段的所有质量问题:{all_previous_contexts}。"
  • 预期输出:最佳实践合规报告、现代化建议
  • 背景:综合所有先前发现以提供特定框架指导

4B. CI/CD & DevOps Practices Review

4B. CI/CD与DevOps实践审查

  • Use Task tool with subagent_type="cicd-automation::deployment-engineer"
  • Prompt: "Review CI/CD pipeline and DevOps practices for: $ARGUMENTS. Evaluate build automation, test automation integration, deployment strategies (blue-green, canary), infrastructure as code, monitoring/observability setup, and incident response procedures. Assess pipeline security, artifact management, and rollback capabilities. Consider all issues identified in previous phases that impact deployment: {all_critical_issues}."
  • Expected output: Pipeline assessment, DevOps maturity evaluation, automation recommendations
  • Context: Focuses on operationalizing fixes for all identified issues
  • 使用Task工具,设置subagent_type="cicd-automation::deployment-engineer"
  • 提示语:"审查以下内容的CI/CD流水线和DevOps实践:$ARGUMENTS。评估构建自动化、测试自动化集成、部署策略(蓝绿、金丝雀)、基础设施即代码、监控/可观测性设置以及事件响应流程。评估流水线安全性、制品管理和回滚能力。考虑先前阶段中识别的所有影响部署的问题:{all_critical_issues}。"
  • 预期输出:流水线评估、DevOps成熟度评估、自动化建议
  • 背景:专注于将所有已识别问题的修复方案落地

Consolidated Report Generation

综合报告生成

Compile all phase outputs into comprehensive review report:
将所有阶段的输出整合为全面审查报告:

Critical Issues (P0 - Must Fix Immediately)

关键问题(P0 - 必须立即修复)

  • Security vulnerabilities with CVSS > 7.0
  • Data loss or corruption risks
  • Authentication/authorization bypasses
  • Production stability threats
  • Compliance violations (GDPR, PCI DSS, SOC2)
  • CVSS评分>7.0的安全漏洞
  • 数据丢失或损坏风险
  • 身份验证/授权绕过
  • 生产稳定性威胁
  • 合规性违规(GDPR、PCI DSS、SOC2)

High Priority (P1 - Fix Before Next Release)

高优先级(P1 - 下一次发布前修复)

  • Performance bottlenecks impacting user experience
  • Missing critical test coverage
  • Architectural anti-patterns causing technical debt
  • Outdated dependencies with known vulnerabilities
  • Code quality issues affecting maintainability
  • 影响用户体验的性能瓶颈
  • 缺失关键测试覆盖率
  • 导致技术债务的架构反模式
  • 存在已知漏洞的过时依赖
  • 影响可维护性的代码质量问题

Medium Priority (P2 - Plan for Next Sprint)

中优先级(P2 - 安排到下一个迭代)

  • Non-critical performance optimizations
  • Documentation gaps and inconsistencies
  • Code refactoring opportunities
  • Test quality improvements
  • DevOps automation enhancements
  • 非关键性能优化
  • 文档缺口和不一致
  • 代码重构机会
  • 测试质量改进
  • DevOps自动化增强

Low Priority (P3 - Track in Backlog)

低优先级(P3 - 跟踪到待办事项)

  • Style guide violations
  • Minor code smell issues
  • Nice-to-have documentation updates
  • Cosmetic improvements
  • 风格指南违规
  • 次要代码异味问题
  • 锦上添花的文档更新
  • 外观改进

Success Criteria

成功标准

Review is considered successful when:
  • All critical security vulnerabilities are identified and documented
  • Performance bottlenecks are profiled with remediation paths
  • Test coverage gaps are mapped with priority recommendations
  • Architecture risks are assessed with mitigation strategies
  • Documentation reflects actual implementation state
  • Framework best practices compliance is verified
  • CI/CD pipeline supports safe deployment of reviewed code
  • Clear, actionable feedback is provided for all findings
  • Metrics dashboard shows improvement trends
  • Team has clear prioritized action plan for remediation
Target: $ARGUMENTS
满足以下条件时,审查视为成功:
  • 所有关键安全漏洞均已识别并记录
  • 性能瓶颈已被分析并提供修复路径
  • 测试覆盖率缺口已映射并给出优先级建议
  • 架构风险已被评估并提供缓解策略
  • 文档反映实际实现状态
  • 已验证对框架最佳实践的合规性
  • CI/CD流水线支持已审查代码的安全部署
  • 为所有发现提供了清晰、可操作的反馈
  • 指标仪表盘显示改进趋势
  • 团队拥有明确的优先级修复行动计划
目标:$ARGUMENTS