code-investigator

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Code Investigator

代码调查器

Systematic codebase investigation using parallel subagents. Discover all features, analyze risks, and produce a prioritized action report.

使用并行子Agent对代码库进行系统性调查，发现所有功能、分析风险并生成优先级排序的行动报告。

Workflow

工作流

Phase 1: Feature Discovery

阶段1：功能发现

Use the Task tool with

subagent_type=Explore

to map the entire project:

Identify project type (framework, language, architecture pattern)
List all features/modules with file locations
Map dependencies (package.json, requirements.txt, go.mod, etc.)
Identify entry points, routes, API endpoints
Note configuration files, environment setup, CI/CD

Output a structured feature inventory:

undefined

使用

subagent_type=Explore

的Task工具映射整个项目：

识别项目类型（框架、语言、架构模式）
列出所有功能/模块及其文件位置
映射依赖（package.json、requirements.txt、go.mod等）
识别入口点、路由、API端点
记录配置文件、环境设置、CI/CD相关内容

输出结构化的功能清单：

undefined

Feature Inventory

#	Feature/Module	Files	Description
1	Authentication	src/auth/*	OAuth + session
2	Product CRUD	src/products/*	Admin API
...


Present this inventory to the user before proceeding to Phase 2.

#	Feature/Module	Files	Description
1	Authentication	src/auth/*	OAuth + session
2	Product CRUD	src/products/*	Admin API
...


在进入阶段2前，先将该清单展示给用户。

Phase 2: Parallel Investigation

阶段2：并行调查

Launch multiple Task subagents in a single message to investigate concurrently. Each subagent focuses on one investigation area. See references/investigation-areas.md for detailed checklists per area.

Required subagents (launch all in parallel):

Subagent	Type	Focus
Security Auditor	`tech-lead`	Vulnerabilities, injection risks, auth gaps, secret exposure
Dead Code Detector	`Explore`	Unused exports, unreachable code, orphan files, unused dependencies
Architecture Reviewer	`tech-lead`	Pattern violations, circular deps, coupling issues, missing abstractions
Error & Edge Case Analyzer	`Explore`	Missing error handling, unhandled promises, race conditions
Dependency Auditor	`Bash`	`npm audit` , outdated packages, license issues, duplicate deps
Test Coverage Analyzer	`Explore`	Missing tests, untested critical paths, test quality

Optional subagents (based on project type):

Subagent	Type	When
Performance Profiler	`tech-lead`	Web apps, APIs with DB queries
TypeScript Strictness	`Explore`	TS projects with `any` usage
API Contract Checker	`Explore`	Projects with REST/GraphQL APIs
Accessibility Auditor	`Explore`	Frontend projects

Each subagent prompt must include:

The feature inventory from Phase 1
Specific checklist items from references/investigation-areas.md
Instruction to rate each finding: CRITICAL / HIGH / MEDIUM / LOW
Instruction to provide file path and line number for each finding

在单条消息中启动多个Task子Agent同步开展调查，每个子Agent专注于一个调查领域。每个领域的详细检查清单可参考references/investigation-areas.md。

必填子Agent（全部并行启动）：

子Agent	类型	关注方向
安全审计员	`tech-lead`	漏洞、注入风险、认证缺口、密钥泄露
死代码检测器	`Explore`	未使用的导出项、不可达代码、孤立文件、未使用依赖
架构评审员	`tech-lead`	模式违规、循环依赖、耦合问题、缺失抽象
错误与边界场景分析器	`Explore`	缺失的错误处理、未处理的promise、竞态条件
依赖审计员	`Bash`	`npm audit` 、过时包、许可证问题、重复依赖
测试覆盖率分析器	`Explore`	缺失的测试、未覆盖的核心路径、测试质量

可选子Agent（根据项目类型启用）：

子Agent	类型	启用场景
性能分析器	`tech-lead`	Web应用、带数据库查询的API
TypeScript严格性检查器	`Explore`	存在 `any` 使用的TS项目
API契约检查器	`Explore`	包含REST/GraphQL API的项目
可访问性审计员	`Explore`	前端项目

每个子Agent的提示词必须包含：

阶段1输出的功能清单
references/investigation-areas.md中的具体检查清单项
要求对每个发现项评级：CRITICAL / HIGH / MEDIUM / LOW
要求为每个发现项提供文件路径和行号

Phase 3: Report Synthesis

阶段3：报告汇总

Collect all subagent results and compile into a single prioritized report.

收集所有子Agent的结果，整合成一份统一的优先级排序报告。

Report Structure

报告结构

markdown

undefined

markdown

undefined

Code Investigation Report

Project: [name] | Date: [date] | Files Analyzed: [count]

Executive Summary

[2-3 sentences: overall health, top concerns, immediate actions needed]

Critical Findings (Act Immediately)

#	Finding	Category	File:Line	Impact	Recommendation

#	Finding	Category	File:Line	Impact	Recommendation

High Priority

#	Finding	Category	File:Line	Impact	Recommendation

#	Finding	Category	File:Line	Impact	Recommendation

Medium Priority

#	Finding	Category	File:Line	Impact	Recommendation

#	Finding	Category	File:Line	Impact	Recommendation

Low Priority / Improvements

#	Finding	Category	File:Line	Impact	Recommendation

#	Finding	Category	File:Line	Impact	Recommendation

Dead Code & Redundancies

#	Item	Type	File:Line	Safe to Remove?

#	Item	Type	File:Line	Safe to Remove?

Missing Functionality

#	Gap	Why It Matters	Suggested Implementation

#	Gap	Why It Matters	Suggested Implementation

Dependency Health

Package	Current	Latest	Risk	Action

Package	Current	Latest	Risk	Action

Metrics Summary

Total findings: X (Critical: X, High: X, Medium: X, Low: X)
Dead code items: X
Missing features: X
Vulnerable dependencies: X

undefined

Total findings: X (Critical: X, High: X, Medium: X, Low: X)
Dead code items: X
Missing features: X
Vulnerable dependencies: X

undefined

Sorting Rules

排序规则

CRITICAL: Security vulnerabilities, data loss risks, crashes in production
HIGH: Bugs likely to affect users, missing auth checks, unhandled errors in critical paths
MEDIUM: Code smells, minor security issues, performance concerns, missing tests
LOW: Style issues, minor refactoring opportunities, nice-to-have improvements

CRITICAL（严重）：安全漏洞、数据丢失风险、生产环境崩溃问题
HIGH（高优先级）：可能影响用户的bug、缺失的认证检查、核心路径未处理错误
MEDIUM（中优先级）：代码坏味道、轻微安全问题、性能隐患、缺失测试
LOW（低优先级）：风格问题、小型重构机会、锦上添花的优化项

Key Guidelines

核心准则

Never guess - always verify by reading actual code before reporting a finding
Include file path and line number for every finding
Distinguish between confirmed issues and potential concerns
Do not report style preferences as issues unless they cause real problems
Group related findings to avoid duplicate reports
If a subagent finds nothing in its area, report that as a positive signal

绝不猜测 - 报告发现前务必通过阅读实际代码进行验证
每个发现项都要包含文件路径和行号
区分已确认的问题和潜在风险
不要将风格偏好作为问题上报，除非它们会导致实际问题
合并相关发现避免重复报告
如果子Agent在其负责领域未发现任何问题，将其作为正面信号上报