codereview-orchestrator

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Code Review Orchestrator Skill

The coordinator for code reviews. This skill only triages and routes - it does NOT perform detailed code review. All actual review work is delegated to specialist skills.

代码评审的协调器。本Skill仅负责分类与任务分配——不执行详细的代码评审。所有实际评审工作均委托给专业Skill完成。

Quick Start: Full Pipeline

快速开始：完整工作流

Trigger a complete review by saying:

Review PR 123
Review PR owner/repo#123
Review PR https://github.com/owner/repo/pull/123

This will:

Retrieve the PR diff via GitHub API
Triage and assess risk
Route to appropriate specialist skills
Review the code
Submit the review to GitHub

输入以下命令即可触发完整评审：

Review PR 123
Review PR owner/repo#123
Review PR https://github.com/owner/repo/pull/123

该命令将执行以下操作：

获取：通过GitHub API获取PR的代码差异
分类：评估风险等级
分配：将任务派发给合适的专业Skill
评审：执行代码评审（由专业Skill完成）
提交：将评审结果提交至GitHub

Role

职责

Triage: Classify the PR and assess risk level
Route: Select appropriate specialist skills
Summarize: Generate high-level PR summary
Delegate: Hand off to specialists for actual review
Orchestrate: Manage the full review pipeline (input → review → output)

分类：对PR进行分类并评估风险等级
分配：选择合适的专业Skill
总结：生成PR的高层级摘要
委托：将实际评审工作交给专业Skill
编排：管理完整的评审工作流（输入 → 评审 → 输出）

What This Skill Does NOT Do

本Skill不负责的工作

❌ Find bugs
❌ Check security
❌ Review performance
❌ Validate tests
❌ Check style

All of the above are delegated to specialist skills.

❌ 查找代码缺陷
❌ 安全检查
❌ 性能评审
❌ 测试验证
❌ 代码风格检查

以上所有工作均委托给专业Skill完成。

Full Pipeline Architecture

完整工作流架构

┌─────────────────────────────────────────────────────────────────┐
│                         INPUT SKILLS                             │
├─────────────────────────────────────────────────────────────────┤
│  retrieve-diff-from-github-pr  │  retrieve-diff-from-commit     │
│  (GitHub PRs via API)          │  (Local git commits)           │
└────────────────────────────────┴────────────────────────────────┘
                                 │
                                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                    codereview-orchestrator                       │
│                   (Triage & Route - this skill)                  │
└─────────────────────────────────────────────────────────────────┘
                                 │
     ┌───────┬───────┬───────────┴───────────┬───────┬───────┐
     ▼       ▼       ▼                       ▼       ▼       ▼
┌─────────┐ ┌─────┐ ┌─────┐             ┌─────────┐ ┌─────┐ ┌─────┐
│security │ │ api │ │data │    ...      │  perf   │ │test │ │style│
└─────────┘ └─────┘ └─────┘             └─────────┘ └─────┘ └─────┘
     │       │       │                       │       │       │
     └───────┴───────┴───────────┬───────────┴───────┴───────┘
                                 │
                                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                        OUTPUT SKILLS                             │
├─────────────────────────────────────────────────────────────────┤
│                    submit-github-review                          │
│                 (Post review to GitHub API)                      │
└─────────────────────────────────────────────────────────────────┘

┌─────────────────────────────────────────────────────────────────┐
│                         INPUT SKILLS                             │
├─────────────────────────────────────────────────────────────────┤
│  retrieve-diff-from-github-pr  │  retrieve-diff-from-commit     │
│  (GitHub PRs via API)          │  (Local git commits)           │
└────────────────────────────────┴────────────────────────────────┘
                                 │
                                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                    codereview-orchestrator                       │
│                   (Triage & Route - this skill)                  │
└─────────────────────────────────────────────────────────────────┘
                                 │
     ┌───────┬───────┬───────────┴───────────┬───────┬───────┐
     ▼       ▼       ▼                       ▼       ▼       ▼
┌─────────┐ ┌─────┐ ┌─────┐             ┌─────────┐ ┌─────┐ ┌─────┐
│security │ │ api │ │data │    ...      │  perf   │ │test │ │style│
└─────────┘ └─────┘ └─────┘             └─────────┘ └─────┘ └─────┘
     │       │       │                       │       │       │
     └───────┴───────┴───────────┬───────────┴───────┴───────┘
                                 │
                                 ▼
┌─────────────────────────────────────────────────────────────────┐
│                        OUTPUT SKILLS                             │
├─────────────────────────────────────────────────────────────────┤
│                    submit-github-review                          │
│                 (Post review to GitHub API)                      │
└─────────────────────────────────────────────────────────────────┘

Inputs

输入参数

Input	Description
`pr_reference`	PR number, short ref (owner/repo#123), or full URL
`diff/PR`	The code changes to review (or retrieved automatically)
`repo_context`	Language, framework, architecture patterns
`focus_areas`	Optional: security, performance, correctness, etc.
`auto_submit`	Whether to automatically submit review to GitHub (default: false)

输入参数	描述
`pr_reference`	PR编号、短引用（owner/repo#123）或完整URL
`diff/PR`	需要评审的代码变更（可自动获取）
`repo_context`	项目使用的语言、框架、架构模式
`focus_areas`	可选：重点关注领域，如安全、性能、正确性等
`auto_submit`	是否自动将评审结果提交至GitHub（默认：false）

Outputs

输出结果

Output	Description
`summary`	Plain-English description of changes
`touched_surfaces`	What parts of the system are affected
`risk_assessment`	Overall risk level with justification
`review_plan`	Which specialists to invoke and why
`questions`	Clarifying questions for the author (if any)

输出结果	描述
`summary`	用通俗易懂的语言描述代码变更
`touched_surfaces`	系统中受影响的模块
`risk_assessment`	整体风险等级及理由
`review_plan`	需要调用的专业Skill及原因
`questions`	向PR作者提出的澄清问题（如有）

Step 1: Understand Intent

步骤1：理解PR意图

Ask these questions (do NOT review the code):

What behavior change is intended?
Does the PR description explain the purpose?
Is this a feature, bugfix, refactor, or infrastructure change?

询问以下问题（请勿评审代码）：

该PR想要实现什么样的行为变更？
PR描述是否说明了变更目的？
这是功能新增、缺陷修复、代码重构还是基础设施变更？

Step 2: Identify Touched Surfaces

步骤2：识别受影响模块

Categorize modified files into surfaces:

Surface	File Patterns	Risk Indicator
Auth	`/auth/` , `/login/` , `/session/`	🔴 High
API	`/api/` , `/routes/` , `/handlers/`	🟡 Medium
Database	`/migrations/` , `/models/` , `/schema/`	🔴 High
Business Logic	`/services/` , `/domain/`	🟡 Medium
Infrastructure	`Dockerfile` , `.yaml` , `terraform/*`	🟡 Medium
Configuration	`/config/` , `.env` , `.json`	🟡 Medium
Tests	`/test/` , `/spec/` , `*/.test.*`	🟢 Low
Documentation	`.md` , `/docs/*`	🟢 Low
Dependencies	`package.json` , `requirements.txt` , `go.mod`	🟡 Medium

将修改的文件归类到以下模块：

模块	文件匹配规则	风险标识
Auth	`/auth/` , `/login/` , `/session/`	🔴 高
API	`/api/` , `/routes/` , `/handlers/`	🟡 中
Database	`/migrations/` , `/models/` , `/schema/`	🔴 高
Business Logic	`/services/` , `/domain/`	🟡 中
Infrastructure	`Dockerfile` , `.yaml` , `terraform/*`	🟡 中
Configuration	`/config/` , `.env` , `.json`	🟡 中
Tests	`/test/` , `/spec/` , `*/.test.*`	🟢 低
Documentation	`.md` , `/docs/*`	🟢 低
Dependencies	`package.json` , `requirements.txt` , `go.mod`	🟡 中

Step 3: Assess Risk

步骤3：评估风险

Rate overall risk based on:

Factor	High Risk	Low Risk
Surfaces	Auth, DB, payments	Docs, tests
Scope	Many files, cross-cutting	Single file, isolated
Complexity	New algorithms, state machines	Simple CRUD
Reversibility	DB migrations, API changes	Internal refactors

根据以下因素评估整体风险：

评估因素	高风险场景	低风险场景
模块	Auth、数据库、支付相关	文档、测试
范围	修改大量文件、跨模块变更	仅修改单个文件、独立模块
复杂度	新增算法、状态机	简单CRUD操作
可回滚性	数据库迁移、API变更	内部代码重构

Step 4: Generate Review Plan

步骤4：生成评审计划

Select specialists based on touched surfaces:

yaml

review_plan:
  # Always run
  always:
    - codereview-correctness   # Logic bugs
    - codereview-style         # Readability
  
  # Conditional based on surfaces
  conditional:
    - skill: codereview-security
      trigger: auth, input handling, secrets, external APIs
      
    - skill: codereview-api
      trigger: routes, endpoints, schemas, contracts
      
    - skill: codereview-data
      trigger: migrations, models, queries
      
    - skill: codereview-concurrency
      trigger: async, workers, queues, locks
      
    - skill: codereview-performance
      trigger: loops, queries, caching, I/O
      
    - skill: codereview-observability
      trigger: logging, metrics, tracing
      
    - skill: codereview-testing
      trigger: test files modified or missing
      
    - skill: codereview-config
      trigger: config files, env vars, feature flags
      
    - skill: codereview-architect
      trigger: core utilities, shared libraries, breaking changes

根据受影响的模块选择对应的专业Skill：

yaml

review_plan:
  # Always run
  always:
    - codereview-correctness   # Logic bugs
    - codereview-style         # Readability
  
  # Conditional based on surfaces
  conditional:
    - skill: codereview-security
      trigger: auth, input handling, secrets, external APIs
      
    - skill: codereview-api
      trigger: routes, endpoints, schemas, contracts
      
    - skill: codereview-data
      trigger: migrations, models, queries
      
    - skill: codereview-concurrency
      trigger: async, workers, queues, locks
      
    - skill: codereview-performance
      trigger: loops, queries, caching, I/O
      
    - skill: codereview-observability
      trigger: logging, metrics, tracing
      
    - skill: codereview-testing
      trigger: test files modified or missing
      
    - skill: codereview-config
      trigger: config files, env vars, feature flags
      
    - skill: codereview-architect
      trigger: core utilities, shared libraries, breaking changes

Output Format

输出格式

markdown

undefined

markdown

undefined

PR Summary

PR摘要

[2-3 sentence description of what this PR does]

[用2-3句话描述该PR的作用]

Touched Surfaces

受影响模块

Surface	Files	Risk
Auth	`auth/login.ts` , `auth/session.ts`	🔴 High
API	`routes/users.ts`	🟡 Medium
Tests	`tests/user.test.ts`	🟢 Low

模块	文件	风险等级
Auth	`auth/login.ts` , `auth/session.ts`	🔴 高
API	`routes/users.ts`	🟡 中
Tests	`tests/user.test.ts`	🟢 低

Risk Assessment

风险评估

Overall Risk: 🟡 MEDIUM

🔴 Touches authentication flow
🟡 Modifies public API
🟢 Has test coverage

整体风险：🟡 中等

🔴 涉及认证流程变更
🟡 修改了公开API
🟢 包含测试用例

Review Plan

评审计划


auth/*
routes/*
codereview-correctness
tests/*
codereview-style

Priority	Skill	Files	Reason
1	`codereview-security`	`auth/*`	Auth changes require security review
2	`codereview-api`	`routes/*`	API contract changes
3	`codereview-correctness`	All	Standard logic check
4	`codereview-testing`	`tests/*`	Verify coverage
5	`codereview-style`	All	Final readability pass


auth/*
routes/*
codereview-correctness
tests/*
codereview-style

优先级	Skill	文件	原因
1	`codereview-security`	`auth/*`	认证变更需要安全评审
2	`codereview-api`	`routes/*`	API契约变更
3	`codereview-correctness`	全部文件	标准逻辑检查
4	`codereview-testing`	`tests/*`	验证测试覆盖率
5	`codereview-style`	全部文件	最终可读性检查

Questions for Author

向作者提出的问题

[Only if something is genuinely unclear about intent]

undefined

[仅当PR意图确实不明确时填写]

undefined

Specialist Skills Reference

专业Skill参考

Skill	Invoke When
`codereview-security`	Auth, input parsing, secrets, external APIs
`codereview-correctness`	All PRs - logic bugs, error handling
`codereview-api`	API routes, schemas, contracts
`codereview-data`	Database migrations, models, queries
`codereview-concurrency`	Async code, workers, distributed systems
`codereview-performance`	Loops, queries, caching, memory
`codereview-observability`	Logging, metrics, tracing
`codereview-testing`	Test files or code needing tests
`codereview-config`	Config, env vars, feature flags
`codereview-architect`	Core libs, shared code, breaking changes
`codereview-style`	All PRs - final readability pass

Skill	调用场景
`codereview-security`	认证、输入解析、密钥管理、外部API
`codereview-correctness`	所有PR - 逻辑缺陷、错误处理
`codereview-api`	API路由、数据模型、契约
`codereview-data`	数据库迁移、数据模型、查询语句
`codereview-concurrency`	异步代码、工作线程、分布式系统
`codereview-performance`	循环、查询、缓存、内存管理
`codereview-observability`	日志、指标、链路追踪
`codereview-testing`	修改测试文件或代码需要补充测试
`codereview-config`	配置文件、环境变量、功能开关
`codereview-architect`	核心库、共享代码、破坏性变更
`codereview-style`	所有PR - 最终可读性检查

Quick Reference

快速参考

□ Understand Intent
  □ What does this PR do?
  □ Feature / bugfix / refactor / infra?

□ Identify Surfaces
  □ Which areas are touched?
  □ What's the risk level of each?

□ Assess Risk
  □ Overall risk rating?
  □ Key risk factors?

□ Generate Plan
  □ Which specialists needed?
  □ In what priority order?
  □ Why each specialist?

□ 理解PR意图
  □ 该PR的作用是什么？
  □ 属于功能新增/缺陷修复/代码重构/基础设施变更？

□ 识别受影响模块
  □ 涉及哪些模块？
  □ 每个模块的风险等级是什么？

□ 评估风险
  □ 整体风险等级？
  □ 关键风险因素？

□ 生成评审计划
  □ 需要哪些专业Skill？
  □ 优先级顺序是什么？
  □ 每个Skill的调用原因？

Important

重要提示

This skill is only for triage and routing. Once the review plan is generated, invoke the specialist skills to perform the actual review.

本Skill仅用于分类与任务分配。生成评审计划后，需调用专业Skill执行实际评审工作。

Full Pipeline Execution

完整工作流执行

When triggered with "Review PR <number>", execute the full pipeline:

当通过「Review PR <编号>」命令触发时，将执行完整工作流：

Phase 1: Input (Retrieve Diff)

阶段1：输入（获取代码差异）

yaml

undefined

yaml

undefined

For GitHub PRs

skill: retrieve-diff-from-github-pr inputs: owner: <from PR reference> repo: <from PR reference> pull_number: <from PR reference> outputs:

pr_info
files
diff
commit_id # Needed for submit phase

undefined

skill: retrieve-diff-from-github-pr inputs: owner: <from PR reference> repo: <from PR reference> pull_number: <from PR reference> outputs:

pr_info
files
diff
commit_id # Needed for submit phase

undefined

Phase 2: Triage (This Skill)

阶段2：分类（本Skill）

Execute Steps 1-4 above to generate the review plan.

执行上述步骤1-4生成评审计划。

Phase 3: Review (Specialist Skills)

阶段3：评审（专业Skill）

Execute each specialist skill in the review plan:

yaml

for each skill in review_plan:
  invoke: <skill>
  inputs:
    diff: <from phase 1>
    files: <relevant files for this skill>
  collect: findings[]

执行评审计划中的每个专业Skill：

yaml

for each skill in review_plan:
  invoke: <skill>
  inputs:
    diff: <from phase 1>
    files: <relevant files for this skill>
  collect: findings[]

Phase 4: Output (Submit Review)

阶段4：输出（提交评审结果）

yaml

skill: submit-github-review
inputs:
  owner: <from phase 1>
  repo: <from phase 1>
  pull_number: <from phase 1>
  commit_id: <from phase 1>
  findings: <aggregated from phase 3>
  review_event: <determined by findings severity>
outputs:
  - review_url

yaml

skill: submit-github-review
inputs:
  owner: <from phase 1>
  repo: <from phase 1>
  pull_number: <from phase 1>
  commit_id: <from phase 1>
  findings: <aggregated from phase 3>
  review_event: <determined by findings severity>
outputs:
  - review_url

Pipeline Output

工作流输出

markdown

undefined

markdown

undefined

Review Complete

评审完成

PR: owner/repo#123 Review URL: https://github.com/owner/repo/pull/123#pullrequestreview-12345

PR: owner/repo#123 评审URL: https://github.com/owner/repo/pull/123#pullrequestreview-12345

Summary

摘要

Severity	Count
🔴 Blocker	1
🟡 Major	2
🔵 Minor	3
⚪ Nit	2

Action: REQUEST_CHANGES

View the full review on GitHub: PR #123

undefined

严重程度	数量
🔴 阻塞	1
🟡 主要	2
🔵 次要	3
⚪ 优化建议	2

操作: REQUEST_CHANGES

查看完整评审结果：PR #123

undefined

Input/Output Skills Reference

输入/输出Skill参考

Skill	Type	Purpose
`retrieve-diff-from-commit`	Input	Get diff from local git commits
`retrieve-diff-from-github-pr`	Input	Get diff from GitHub PR via API
`submit-github-review`	Output	Post review to GitHub PR

Skill	类型	用途
`retrieve-diff-from-commit`	输入	从本地Git提交获取代码差异
`retrieve-diff-from-github-pr`	输入	通过GitHub API获取PR的代码差异
`submit-github-review`	输出	将评审结果提交至GitHub PR