Back to Details

clean-code-reviewer-correctness

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Clean Code Reviewer: Correctness

整洁代码评审器:正确性检查

Reviews changed code for functional issues that break behavior, introduce vulnerabilities, degrade performance, or leave critical paths untested. This skill intentionally ignores style, naming, formatting, and structure — those belong to the style skills.
评审变更代码中破坏功能、引入漏洞、降低性能或导致关键路径未测试的功能性问题。本技能特意忽略代码风格、命名、格式和结构——这些属于代码风格类技能的范畴。

Review Scope

评审范围

Only flag issues in:
  • Code that was changed in the diff
  • Existing code that is now broken by the change (e.g., a caller that passes arguments the new signature no longer accepts)
Do not review unchanged code unless the change directly breaks it.
仅标记以下内容中的问题:
  • 差异中变更的代码
  • 因变更而被破坏的现有代码(例如,调用方传递的参数不再符合新的签名要求)
除非变更直接破坏了未修改的代码,否则不评审未修改的代码。

Correctness

正确性检查

Look for:
  • Backwards compatibility: Will existing callers break? Changed return types, removed exports, renamed public APIs, changed default parameter values, narrowed accepted input types, altered event shapes or callback signatures.
  • Logic errors: Off-by-one, wrong comparison operator (
    <
    vs 
    <=
    ), inverted conditions, short-circuit evaluation that skips side effects, integer overflow in calculations.
  • Missing null/undefined checks: Accessing properties on values that can be null, optional chaining that silently produces undefined where the caller expects a value.
  • Unhandled states: Switch/if chains that miss a discriminant, async code that doesn't handle rejection, promises that can resolve to unexpected shapes.
  • Behavioral mismatch: The code does something different from what the commit message, PR description, function name, or surrounding comments say it does.
  • Type narrowing gaps: Assertions (
    as
    ) that skip runtime validation, 
    unknown
    that is never narrowed, generic constraints that are too wide for the actual usage.
  • Broken contracts: Functions that violate their documented or implied contract — a 
    find
    that can return 
    undefined
    but the caller assumes it always finds, a sort comparator that isn't consistent.
需排查:
  • 向后兼容性:现有调用方是否会受影响?包括变更返回类型、移除导出内容、重命名公开API、修改默认参数值、收窄输入类型范围、更改事件结构或回调签名。
  • 逻辑错误:边界值错误、比较运算符误用(
    <
    <=
    混淆)、条件判断倒置、短路求值跳过副作用、计算中的整数溢出。
  • 缺失空值/未定义检查:访问可能为null的值的属性、在调用方期望有效值的场景下,可选链静默返回undefined。
  • 未处理状态:Switch/if分支遗漏判别条件、异步代码未处理拒绝状态、Promise可能解析为意外结构。
  • 行为不符:代码行为与提交信息、PR描述、函数名称或周边注释所述不一致。
  • 类型收窄漏洞:使用断言(
    as
    )跳过运行时验证、
    unknown
    类型从未被收窄、泛型约束远宽于实际使用场景。
  • 违反契约:函数违反其文档声明或隐含的契约——例如
    find
    可能返回
    undefined
    但调用方假设总能找到结果、排序比较器逻辑不一致。

Security

安全检查

Look for:
  • Injection: SQL concatenation with user input, 
    innerHTML
    or 
    dangerouslySetInnerHTML
    with unsanitized data, shell command construction from user strings, template literal injection in queries.
  • Exposed secrets: API keys, tokens, passwords, or private keys hardcoded in source, committed 
    .env
    files, secrets logged or included in error messages sent to clients.
  • Unsafe evaluation: 
    eval()
    , 
    new Function()
    , 
    setTimeout(string)
    , or dynamic 
    import()
    with user-controlled paths.
  • Prototype pollution: Object spread or assignment from unvalidated external input without freezing or allowlisting keys.
  • Insecure randomness: 
    Math.random()
    used for tokens, session IDs, or anything security-sensitive (should use 
    crypto
    ).
  • Missing authentication/authorization checks: New endpoints or routes that skip auth middleware, privilege escalation paths where role checks are absent.
需排查:
  • 注入漏洞:拼接用户输入的SQL语句、使用未经过滤数据的innerHTML或dangerouslySetInnerHTML、通过用户字符串构造Shell命令、查询中的模板字面量注入。
  • 泄露机密:源代码中硬编码的API密钥、令牌、密码或私钥、已提交的
    .env
    文件、日志中包含或发送给客户端的错误信息里的机密内容。
  • 不安全求值:使用
    eval()
    new Function()
    setTimeout(string)
    或通过用户可控路径进行动态
    import()
  • 原型污染:从未经验证的外部输入进行对象扩展或赋值,且未冻结对象或设置键名白名单。
  • 不安全随机数:使用
    Math.random()
    生成令牌、会话ID或任何安全敏感内容(应使用
    crypto
    模块)。
  • 缺失认证/授权检查:新增端点或路由跳过认证中间件、缺少角色检查的权限提升路径。

Performance

性能检查

Look for:
  • O(n²) or worse: Nested loops over the same growing collection, 
    .find()
    or 
    .includes()
    inside 
    .filter()
    or 
    .map()
    over large arrays (use a Set or Map).
  • N+1 patterns: Fetching related data inside a loop instead of batching, one query per item in a list.
  • Unbounded growth: Arrays, maps, or caches that grow without eviction, event listeners registered without cleanup, subscriptions that never unsubscribe.
  • Unnecessary re-renders (React): Missing 
    key
    props, unstable object/array/function references in dependency arrays or props, expensive computation in render without memoization when the component renders frequently.
  • Blocking the main thread: Synchronous file I/O, heavy computation without yielding, 
    JSON.parse
    on unbounded input without a worker or streaming parser.
  • Missing pagination/limits: Queries or API calls that fetch all records without limit, unbounded 
    SELECT *
    on tables that grow.
需排查:
  • O(n²)及更差复杂度:对同一增长集合的嵌套循环、在大数组的
    .filter()
    .map()
    中调用
    .find()
    .includes()
    (应使用Set或Map)。
  • N+1查询模式:在循环中获取关联数据而非批量获取、对列表中的每个项发起一次查询。
  • 无限制增长:无淘汰机制的数组、映射或缓存、未清理的事件监听器、从未取消的订阅。
  • 不必要重渲染(React):缺失
    key
    属性、依赖数组或props中存在不稳定的对象/数组/函数引用、频繁渲染的组件中未进行缓存的昂贵计算。
  • 阻塞主线程:同步文件I/O、未让步的繁重计算、在未使用Worker或流式解析器的情况下对无限制输入执行
    JSON.parse
  • 缺失分页/限制:无限制获取所有记录的查询或API调用、对增长的表执行无限制的
    SELECT *

Test Coverage Risk

测试覆盖率风险

Look for:
  • Changed behavior without tests: New code paths, modified conditionals, or altered business logic that lack corresponding test coverage.
  • Removed tests: Tests deleted or disabled (
    .skip
    ) that covered behavior which still exists in production code.
  • Untested error paths: Catch blocks, fallback branches, retry logic, or timeout handling that has no test exercising it.
  • Critical paths without assertions: Authentication, payment, data mutation, or permission checks that have no dedicated test.
  • Flaky test indicators: Tests that depend on timing, global state, or execution order without isolation.
需排查:
  • 变更行为无测试覆盖:新增代码路径、修改条件判断或变更业务逻辑,但未添加对应的测试覆盖。
  • 移除测试用例:删除或禁用(
    .skip
    )覆盖仍在生产代码中存在的行为的测试。
  • 未测试错误路径:捕获块、回退分支、重试逻辑或超时处理未被任何测试覆盖。
  • 关键路径无断言:认证、支付、数据变更或权限检查等关键路径无专用测试。
  • 不稳定测试迹象:依赖时序、全局状态或执行顺序且未做隔离的测试。

Output Format

输出格式

For each finding:
text
Severity: Block | Fix | Suggest
Category: Correctness | Security | Performance | Test Coverage
Location: path/to/file:line
Issue: What is wrong and why it matters.
Suggested fix: Concrete next step.
每个问题需按以下格式输出:
text
Severity: Block | Fix | Suggest
Category: Correctness | Security | Performance | Test Coverage
Location: path/to/file:line
Issue: 问题内容及影响原因。
Suggested fix: 具体改进步骤。

Severity Definitions

严重程度定义

  • Block: Will break production, cause data loss, introduce an exploitable vulnerability, or silently corrupt behavior for existing users. Examples: removed public export that other packages import, SQL injection with user input, infinite loop on a common code path.
  • Fix: Likely bug or likely vulnerability that has a plausible path to production impact. Examples: off-by-one in pagination, missing null check on a value that is nullable in practice, 
    Math.random()
    for a session token.
  • Suggest: Potential issue that depends on context or is low-probability but worth the author's attention. Examples: possible performance issue on a collection that is currently small, a missing test for a non-critical path, a race condition that only manifests under high concurrency.
  • Block:会破坏生产环境、导致数据丢失、引入可被利用的漏洞或静默破坏现有用户的行为。例如:其他包依赖的公开导出被移除、拼接用户输入的SQL注入、常见代码路径上的无限循环。
  • Fix:可能存在的bug或漏洞,有合理路径影响生产环境。例如:分页逻辑中的边界值错误、对实际可为空的值缺失空值检查、使用
    Math.random()
    生成会话令牌。
  • Suggest:潜在问题,依赖具体场景或发生概率低,但值得作者关注。例如:当前数据量较小但可能存在性能问题的代码、非关键路径缺失测试、仅在高并发下才会出现的竞态条件。

AI Behavior

AI行为规范

  • Be precise. "This might have a bug" is not useful. Say what the bug is and under what input it triggers.
  • Assume the author is competent. If something looks intentional but risky, ask rather than assert.
  • Do not flag style issues. No opinions on naming, formatting, comment presence, abstraction level, or file structure.
  • Do not flag theoretical issues that require impossible inputs. Focus on inputs that can actually reach the code.
  • When flagging backwards compatibility, name the specific caller or contract that breaks.
  • When flagging missing tests, be specific about what scenario is untested, not just "needs more tests."
  • If the diff is large, prioritize: security > correctness > performance > test coverage.
  • 表述精准。“这可能存在bug”这类表述毫无用处。应明确说明bug是什么,以及在何种输入下会触发。
  • 假设作者具备专业能力。若某些内容看似有意为之但存在风险,应询问而非直接断言。
  • 不得标记代码风格问题。不对命名、格式、注释存在与否、抽象层级或文件结构发表意见。
  • 不得标记需要不可能的输入才会触发的理论性问题。聚焦于实际可能传入代码的输入。
  • 标记向后兼容性问题时,明确指出受影响的具体调用方或契约。
  • 标记测试缺失问题时,明确说明未覆盖的具体场景,而非仅说“需要更多测试”。
  • 若差异内容较大,优先级为:安全 > 正确性 > 性能 > 测试覆盖率。