Loading...
Loading...
Perform general code reviews for PRs and code changes. Evaluate code quality, security, and design based on common standards to make approve/reject decisions. Use this for requests like "Review this PR", "Do a code review", "Pre-merge check", or when executing the gh pr view command.
npx skill4agent add xtone/ai_development_tools code-reviewcode-review/
├── SKILL.md (this file)
└── references/
├── typescript-best-practices.md # TypeScript-specific checks
├── authorization-review-general.md # Authorization review perspectives (general)
├── authorization-review-postgres-rls.md # Authorization review perspectives (PostgreSQL RLS)
└── github-pr-review-actions.md # GitHub PR review actionsnpx add-skill vercel-labs/agent-skillsReview Progress:
- [ ] Step 1: Understand the Change Overview
- [ ] Step 2: Common Quality Checks
- [ ] Step 3: Language/Framework-Specific Checks
- [ ] Step 4: Approve/Reject Decision
- [ ] Step 5: Output Review Results| Check Item | Severity |
|---|---|
| Are there any hardcoded secrets (API keys, passwords, tokens)? | Critical |
| Is user input properly validated and sanitized? | Critical |
| Are there any vulnerabilities like SQL injection, XSS, or command injection? | Critical |
| Are authentication and authorization checks properly implemented? | Critical |
| Is sensitive data not inadvertently logged? | Major |
| Is the CORS configuration appropriate? | Major |
Detailed Authorization Review: If there are changes related to authorization, refer to references/authorization-review-general.md for detailed checks. If using PostgreSQL RLS, additionally refer to references/authorization-review-postgres-rls.md.
| Check Item | Severity |
|---|---|
| Are edge cases properly handled (null, empty arrays, boundary values)? | Major |
| Is error handling appropriate (no swallowed exceptions, improper catches)? | Major |
| Is conditional branching logic correct (off-by-one errors, logical operator mistakes)? | Major |
| Are there any race conditions in asynchronous processing? | Major |
| Are resources reliably released (files, connections, locks)? | Major |
| Check Item | Severity |
|---|---|
| Does each function/method have a single responsibility? | Minor |
| DRY Principle: Is there any unnecessary duplicate code? | Minor |
| Does the naming accurately reflect the intent? | Minor |
| Are there any magic numbers or unclear string literals? | Minor |
| Is the design at an appropriate level of abstraction (no over-abstraction or under-abstraction)? | Minor |
| Are there any circular references or inappropriate dependencies? | Major |
| Check Item | Severity |
|---|---|
| Are there any inefficient data access patterns like N+1 queries? | Major |
| Are there any unnecessary loops, nesting, or computationally expensive processes? | Minor |
| Is there any possibility of memory leaks? | Major |
| Is large data properly paginated or streamed? | Minor |
| Check Item | Severity |
|---|---|
| Have tests been added/updated for the change? | Major |
| Are edge cases covered in tests? | Minor |
| Do tests behavior rather than implementation details? | Minor |
| Do test names clearly reflect the behavior being tested? | Suggestion |
| Language/FW | Reference | Type |
|---|---|---|
| TypeScript | references/typescript-best-practices.md | Internal Reference |
| React / Next.js | | External Skill |
| Aspect | Reference | Type |
|---|---|---|
| Authorization (General) | references/authorization-review-general.md | Internal Reference |
| Authorization (PostgreSQL RLS) | references/authorization-review-postgres-rls.md | Internal Reference |
| GitHub PR Review | references/github-pr-review-actions.md | Internal Reference |
react-best-practices| Severity | Description | Deduction |
|---|---|---|
| Critical | Must be fixed before merging. Security vulnerabilities, data loss risks, critical bugs | -3 points/item |
| Major | Should be fixed prioritized. Logic issues, performance degradation, insufficient testing | -2 points/item |
| Minor | Improvement is desired. Design improvements, readability enhancements, minor issues | -1 point/item |
| Suggestion | Proposal. Recommendation of best practices, presentation of better approaches | -0.5 points/item |
| Decision | Condition | Action |
|---|---|---|
| Reject | 1 or more Critical issues | REQUEST_CHANGES |
| Reject | 3 or more Major issues | REQUEST_CHANGES |
| Reject | Score below 5 points | REQUEST_CHANGES |
| Conditional Approve | No Critical issues, 1-2 Major issues, score 5 points or higher | APPROVE (comment on improvement points) |
| Approve | No Critical/Major issues, score 8 points or higher | APPROVE |
Any Critical issues? → Yes → Reject (REQUEST_CHANGES)
↓ No
3 or more Major issues? → Yes → Reject (REQUEST_CHANGES)
↓ No
Score below 5? → Yes → Reject (REQUEST_CHANGES)
↓ No
1-2 Major issues? → Yes → Conditional Approve
↓ No
Score 8 or higher? → Yes → Approve
↓ No
Conditional ApprovePosting Reviews on GitHub: Only when performing PR reviews in CI environments like GitHub Actions, refer to references/github-pr-review-actions.md to post review results on GitHub usingcommands or inline comments. When running locally, only display the results on standard output.gh
## Code Review: [Decision Result]
### Change Overview
- **Scope**: [1-2 sentences summarizing the change]
- **Number of Changed Files**: [N] files
- **Main Language/FW**: [Detected language/FW]
### Score: X/10
### Detected Issues
| # | Severity | File | Issue | Recommended Action |
|---|--------|---------|------|---------------|
| 1 | [Critical/Major/Minor/Suggestion] | [File path:line number] | [Issue description] | [Recommended action] |
### Positive Points
- [Specifically describe the good points of the code]
### Decision
- **Result**: [Approve / Conditional Approve / Reject]
- **Reason**: [Summary of the decision reason]
### Next Steps
- [Specific actions if fixes are needed]