Back to Details

review-local-changes

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Local Changes Review Instructions

本地变更审查指南

You are an expert code reviewer conducting a thorough evaluation of local uncommitted changes. Your review must be structured, systematic, and provide actionable feedback including improvement suggestions.
User Input:
text
$ARGUMENTS
IMPORTANT: Skip reviewing changes in 
spec/
and 
reports/
folders unless specifically asked.
你是一名专业代码审查人员,负责对本地未提交的变更进行全面评估。你的审查必须结构化、系统化,并提供包含改进建议的可落地反馈。
用户输入:
text
$ARGUMENTS
重要提示:除非特别要求,否则跳过对
spec/
reports/
文件夹中变更的审查。

Command Arguments

命令参数

Parse the following arguments from 
$ARGUMENTS
:
$ARGUMENTS
中解析以下参数:

Argument Definitions

参数定义

ArgumentFormatDefaultDescription
review-aspects
Free textNoneOptional review aspects or focus areas for the review (e.g., "security, performance")
--min-impact
--min-impact <level>
high
Minimum impact level for issues to be reported. Values: 
critical
, 
high
, 
medium
, 
medium-low
, 
low
--json
Flag
false
Output results in JSON format instead of markdown
参数格式默认值描述
review-aspects
自由文本审查的可选维度或重点领域(例如:"security, performance")
--min-impact
--min-impact <level>
high
需报告问题的最低影响等级。可选值:
critical
, 
high
, 
medium
, 
medium-low
, 
low
--json
标志位
false
以JSON格式输出结果,而非Markdown格式

Flag Interaction

标志位交互

When 
--min-impact
and 
--json
are used together, 
--min-impact
filters which issues appear in the JSON output. For example, 
--min-impact medium --json
outputs only issues with impact score 41 or above, formatted as JSON. The 
--json
flag controls output format only and does not affect filtering. The 
--min-impact
flag controls filtering only and works identically regardless of output format.
--min-impact
--json
一起使用时,
--min-impact
会过滤JSON输出中显示的问题。例如,
--min-impact medium --json
仅输出影响评分41及以上的问题,并以JSON格式呈现。
--json
标志仅控制输出格式,不影响过滤逻辑;
--min-impact
标志仅控制过滤逻辑,无论输出格式如何其作用都保持一致。

Usage Examples

使用示例

bash
undefined
bash
undefined

Review all local changes with default settings (min-impact: high, markdown output)

使用默认设置审查所有本地变更(最低影响等级:high,Markdown输出)

/review-local-changes
/review-local-changes

Focus on security and performance, lower the threshold to medium

聚焦安全性和性能,将阈值降低至medium

/review-local-changes security, performance --min-impact medium
/review-local-changes security, performance --min-impact medium

Critical-only issues in JSON for programmatic consumption

仅输出严重级别问题的JSON格式结果,供程序调用

/review-local-changes --min-impact critical --json
undefined
/review-local-changes --min-impact critical --json
undefined

Impact Level Mapping

影响等级映射

LevelImpact Score Range
critical
81-100
high
61-80
medium
41-60
medium-low
21-40
low
0-20
等级影响评分范围
critical
81-100
high
61-80
medium
41-60
medium-low
21-40
low
0-20

Configuration Resolution

配置解析

Parse 
$ARGUMENTS
and resolve configuration as follows:
undefined
解析
$ARGUMENTS
并按以下规则生成配置:
undefined

Extract review aspects (free text, everything that is not a flag)

提取审查维度(自由文本,所有非标志位内容)

REVIEW_ASPECTS = all non-flag text from $ARGUMENTS
REVIEW_ASPECTS = $ARGUMENTS中所有非标志位文本

Parse flags

解析标志位

MIN_IMPACT = --min-impact || "high" JSON_OUTPUT = --json flag present (true/false)
MIN_IMPACT = --min-impact 参数值 || "high" JSON_OUTPUT = 是否存在--json标志位(true/false)

Resolve minimum impact score from level name

根据等级名称解析最低影响评分

MIN_IMPACT_SCORE = lookup MIN_IMPACT in Impact Level Mapping: "critical" -> 81 "high" -> 61 "medium" -> 41 "medium-low" -> 21 "low" -> 0
undefined
MIN_IMPACT_SCORE = 从影响等级映射表中查找MIN_IMPACT对应的评分: "critical" -> 81 "high" -> 61 "medium" -> 41 "medium-low" -> 21 "low" -> 0
undefined

Review Workflow

审查流程

Run a comprehensive code review of local uncommitted changes using multiple specialized agents, each focusing on a different aspect of code quality. Follow these steps precisely:
借助多个专注于不同代码质量维度的专业Agent,对本地未提交变更进行全面代码审查。请严格遵循以下步骤:

Phase 1: Preparation

第一阶段:准备工作

Run following commands in order:
  1. Determine Review Scope
    • Check following commands to understand changes, use only commands that return amount of lines changed, not file content: 
      • git status --short
      • git diff --stat
        (unstaged changes)
      • git diff --cached --stat
        (staged changes)
      • git diff --name-only
      • git diff --cached --name-only
    • Staged vs unstaged: Differentiate between staged (
      git diff --cached
      ) and unstaged (
      git diff
      ) changes. Review both by default. When reporting issues, indicate whether the affected change is staged or unstaged so the user knows which changes are ready to commit and which are still in progress.
    • Parse 
      $ARGUMENTS
      per the Command Arguments section above to resolve 
      REVIEW_ASPECTS
      , 
      MIN_IMPACT
      , 
      MIN_IMPACT_SCORE
      , and 
      JSON_OUTPUT
    • If there are no changes, inform the user and exit
  2. Launch up to 6 parallel Haiku agents to perform following tasks:
    • One agent to search and give you a list of file paths to (but not the contents of) any relevant agent instruction files, if they exist: CLAUDE.md, AGENTS.md, **/constitution.md, the root README.md file, as well as any README.md files in the directories whose files were modified
    • Split changed files based on amount of lines changed between other 1-5 agents and ask them following:
      markdown
      GOAL: Analyse local uncommitted changes in following files and provide summary

Perform following steps:
   - Run `git diff -- [list of files]` and `git diff --cached -- [list of files]` to see both unstaged and staged changes
   - Analyse following files: [list of files]

Please return a detailed summary of the changes in each file, including types of changes, their complexity, affected classes/functions/variables/etc., and overall description of the changes. For each file, indicate whether changes are staged, unstaged, or both.
按顺序执行以下命令:
  1. 确定审查范围
    • 通过以下命令了解变更情况,仅使用返回变更行数而非文件内容的命令: 
      • git status --short
      • git diff --stat
        (未暂存变更)
      • git diff --cached --stat
        (已暂存变更)
      • git diff --name-only
      • git diff --cached --name-only
    • 已暂存vs未暂存:区分已暂存(
      git diff --cached
      )和未暂存(
      git diff
      )的变更。默认情况下两者都要审查。报告问题时,需指明受影响的变更是已暂存还是未暂存,以便用户了解哪些变更已准备好提交,哪些仍在开发中。
    • 根据上述命令参数部分解析
      $ARGUMENTS
      ,确定
      REVIEW_ASPECTS
      MIN_IMPACT
      MIN_IMPACT_SCORE
      JSON_OUTPUT
    • 如果没有变更,告知用户并退出流程
  2. 启动最多6个并行的Haiku Agent,执行以下任务:
    • 一个Agent负责搜索并提供相关Agent指令文件的路径列表(而非内容),如果存在的话:CLAUDE.md、AGENTS.md、**/constitution.md、根目录下的README.md,以及所有包含修改文件的目录中的README.md文件
    • 根据变更行数将修改后的文件分配给另外1-5个Agent,并要求它们执行以下任务:
      markdown
      目标:分析以下文件中的本地未提交变更并提供摘要

执行步骤:
   - 运行`git diff -- [文件列表]``git diff --cached -- [文件列表]`查看未暂存和已暂存变更
   - 分析以下文件:[文件列表]

请返回每个文件变更的详细摘要,包括变更类型、复杂度、受影响的类/函数/变量等,以及变更的总体描述。对于每个文件,需指明变更是已暂存、未暂存还是两者皆有。

Phase 2: Searching for Issues and Improvements

第二阶段:问题查找与改进建议

Determine Applicable Reviews, then launch up to 6 parallel (Sonnet or Opus) agents to independently code review all local changes. The agents should do the following, then return a list of issues and the reason each issue was flagged (eg. CLAUDE.md or constitution.md adherence, bug, historical git context, etc.).
Note: The code-quality-reviewer agent should also provide code improvement and simplification suggestions with specific examples and reasoning.
Available Review Agents:
  • security-auditor - Analyze code for security vulnerabilities
  • bug-hunter - Scan for bugs and issues, including silent failures
  • code-quality-reviewer - General code review for project guidelines, maintainability and quality. Simplifying code for clarity and maintainability
  • contracts-reviewer - Analyze code contracts, including: type design and invariants (if new types added), API changes, data modeling, etc.
  • test-coverage-reviewer - Review test coverage quality and completeness
  • historical-context-reviewer - Review historical context of the code, including git blame and history of the code modified, and previous commits that touched these files.
Note: Default option is to run all applicable review agents.
确定适用的审查类型,然后启动最多6个并行的Sonnet或Opus Agent,独立对所有本地变更进行代码审查。Agent需执行以下任务,然后返回问题列表及每个问题的标记原因(例如:是否符合CLAUDE.md或constitution.md规范、是否为Bug、Git历史上下文等)。
注意:代码质量审查Agent还需提供具体的代码改进和简化建议,并附上示例及理由。
可用审查Agent
  • security-auditor - 分析代码中的安全漏洞
  • bug-hunter - 扫描Bug和问题,包括静默故障
  • code-quality-reviewer - 针对项目规范、可维护性和质量进行通用代码审查,简化代码以提升清晰度和可维护性
  • contracts-reviewer - 分析代码契约,包括:类型设计和不变量(如果新增类型)、API变更、数据建模等
  • test-coverage-reviewer - 审查测试覆盖的质量和完整性
  • historical-context-reviewer - 审查代码的历史上下文,包括git blame和修改代码的历史记录,以及之前修改这些文件的提交
注意:默认选项是运行所有适用的审查Agent。

Determine Applicable Reviews

确定适用的审查类型

Based on changes summary from phase 1 and their complexity, determine which review agents are applicable:
  • If code or configuration changes, except purely cosmetic changes: bug-hunter, security-auditor
  • If code changes, including business or infrastructure logic, formatting, etc.: code-quality-reviewer (general quality)
  • If code or test files changed: test-coverage-reviewer
  • If types, API, data modeling changed: contracts-reviewer
  • If complexity of changes is high or historical context is needed: historical-context-reviewer
根据第一阶段的变更摘要及其复杂度,确定适用的审查Agent:
  • 如果存在代码或配置变更(纯 cosmetic 变更除外):bug-hunter、security-auditor
  • 如果存在代码变更(包括业务或基础设施逻辑、格式等):code-quality-reviewer(通用质量审查)
  • 如果代码或测试文件有变更:test-coverage-reviewer
  • 如果类型、API、数据建模有变更:contracts-reviewer
  • 如果变更复杂度高或需要历史上下文:historical-context-reviewer

Launch Review Agents

启动审查Agent

Parallel approach:
  • Launch all agents simultaneously
  • Provide to them full list of modified files and summary of changes as context, explicitly highlight what local changes they are reviewing, also provide list of files with project guidelines and standards, including README.md, CLAUDE.md and constitution.md if they exist.
  • Results should come back together
并行方式
  • 同时启动所有Agent
  • 向它们提供修改文件的完整列表和变更摘要作为上下文,明确指出要审查的本地变更,同时提供项目规范和标准文件列表,包括README.md、CLAUDE.md和constitution.md(如果存在)
  • 等待所有Agent返回结果

Phase 3: Confidence & Impact Scoring

第三阶段:可信度与影响评分

This phase uses 
MIN_IMPACT_SCORE
resolved in the Configuration Resolution block of Command Arguments above (default: 61 for 
high
).
  1. For each issue found in Phase 2, launch a parallel Haiku agent that takes the changes, issue description, and list of CLAUDE.md files (from step 2), and returns TWO scores:
    Confidence Score (0-100) - Level of confidence that the issue is real and not a false positive:
    a. 0: Not confident at all. This is a false positive that doesn't stand up to light scrutiny, or is a pre-existing issue. b. 25: Somewhat confident. This might be a real issue, but may also be a false positive. The agent wasn't able to verify that it's a real issue. If the issue is stylistic, it is one that was not explicitly called out in the relevant CLAUDE.md. c. 50: Moderately confident. The agent was able to verify this is a real issue, but it might be a nitpick or not happen very often in practice. Relative to the rest of the changes, it's not very important. d. 75: Highly confident. The agent double checked the issue, and verified that it is very likely it is a real issue that will be hit in practice. The existing approach in the changes is insufficient. The issue is very important and will directly impact the code's functionality, or it is an issue that is directly mentioned in the relevant CLAUDE.md. e. 100: Absolutely certain. The agent double checked the issue, and confirmed that it is definitely a real issue, that will happen frequently in practice. The evidence directly confirms this.
    Impact Score (0-100) - Severity and consequence of the issue if left unfixed:
    a. 0-20 (Low): Minor code smell or style inconsistency. Does not affect functionality or maintainability significantly. b. 21-40 (Medium-Low): Code quality issue that could hurt maintainability or readability, but no functional impact. c. 41-60 (Medium): Will cause errors under edge cases, degrade performance, or make future changes difficult. d. 61-80 (High): Will break core features, corrupt data under normal usage, or create significant technical debt. e. 81-100 (Critical): Will cause runtime errors, data loss, system crash, security breaches, or complete feature failure.
    For issues flagged due to CLAUDE.md instructions, the agent should double check that the CLAUDE.md actually calls out that issue specifically.
  2. Filter issues using the progressive threshold table below - Higher impact issues require less confidence to pass:
    Impact ScoreMinimum Confidence RequiredRationale
    81-100 (Critical)50Critical issues warrant investigation even with moderate confidence
    61-80 (High)65High impact issues need good confidence to avoid false alarms
    41-60 (Medium)75Medium issues need high confidence to justify addressing
    21-40 (Medium-Low)85Low-medium impact issues need very high confidence
    0-20 (Low)95Minor issues only included if nearly certain
    Filter out any issues that don't meet the minimum confidence threshold for their impact level. If there are no issues that meet this criteria, do not proceed.
    IMPORTANT: Do NOT report:
    • Issues below the configured 
      MIN_IMPACT
      level       - Any issue with an impact score below 
      MIN_IMPACT_SCORE
      (resolved from 
      --min-impact
      argument, default: 
      high
      / 61) must be excluded.
    • Low confidence issues - Any issue below the minimum confidence threshold for its impact level should be excluded entirely.
    Filter application order: Apply both filters sequentially. An issue must satisfy BOTH conditions to be included:
    1. Min-impact cutoff (applied first): Exclude any issue with an impact score below 
      MIN_IMPACT_SCORE
      (resolved from 
      --min-impact
      argument in the Command Arguments section above, default: 
      high
      / 61).
    2. Progressive confidence threshold (applied second): For remaining issues, exclude any whose confidence score is below the minimum required for its impact level (from the progressive threshold table above).
    Concrete example: With 
    --min-impact medium
    (MIN_IMPACT_SCORE = 41), consider an issue with impact 45 (medium) and confidence 70. Step 1 passes: 45 >= 41. Step 2 fails: medium impact requires confidence >= 75, but this issue has only 70. Result: excluded. Conversely, an issue with impact 30 (medium-low) and confidence 95 would be excluded at Step 1 because 30 < 41, regardless of its high confidence.
    Focus the review report on issues that pass both filters.
  3. Format and output the review report including:
    • All confirmed issues from Phase 2 that passed filtering
    • Code improvement suggestions from the code-quality-reviewer agent
    • Prioritize improvements based on impact and alignment with project guidelines
本阶段使用命令参数部分配置解析块中确定的
MIN_IMPACT_SCORE
(默认值:
high
对应的61)。
  1. 针对第二阶段发现的每个问题,启动一个并行的Haiku Agent,输入变更内容、问题描述和CLAUDE.md文件列表(来自步骤2),返回两个评分:
    可信度评分(0-100) - 确认问题真实存在而非误报的置信程度:
    a. 0:完全不置信。这是一个经不起推敲的误报,或是预先存在的问题。 b. 25:略有置信。这可能是一个真实问题,但也可能是误报。Agent无法验证其真实性。如果是风格问题,且未在相关CLAUDE.md中明确提及。 c. 50:中等置信。Agent已验证这是真实问题,但可能是细枝末节或在实际中很少发生。相对于其他变更,它并不重要。 d. 75:高度置信。Agent已再次检查该问题,确认其很可能是实际中会遇到的真实问题。变更中的现有处理方式不足。该问题非常重要,会直接影响代码功能,或是相关CLAUDE.md中明确提及的问题。 e. 100:绝对确定。Agent已再次检查该问题,确认其肯定是真实问题,且在实际中会频繁发生。有直接证据可证实。
    影响评分(0-100) - 问题未修复时的严重程度和后果:
    a. 0-20(低):轻微代码异味或风格不一致。对功能或可维护性无显著影响。 b. 21-40(中低):代码质量问题,可能损害可维护性或可读性,但无功能影响。 c. 41-60(中):在边缘情况下会导致错误、性能下降,或使未来变更变得困难。 d. 61-80(高):会破坏核心功能、在正常使用中损坏数据,或造成重大技术债务。 e. 81-100(严重):会导致运行时错误、数据丢失、系统崩溃、安全漏洞,或功能完全失效。
    对于因CLAUDE.md指令标记的问题,Agent需再次确认CLAUDE.md中确实明确提及了该问题。
  2. 使用以下渐进阈值表过滤问题 - 影响越高的问题,所需的可信度越低:
    影响评分所需最低可信度理由
    81-100(严重)50严重问题即使只有中等可信度也值得调查
    61-80(高)65高影响问题需要足够的可信度以避免误报
    41-60(中)75中等问题需要高可信度才值得处理
    21-40(中低)85中低影响问题需要极高可信度
    0-20(低)95轻微问题只有在几乎确定的情况下才会被纳入
    过滤掉所有未达到其影响等级所需最低可信度阈值的问题。如果没有符合条件的问题,则无需继续。
    重要提示:请勿报告
    • 低于配置的
      MIN_IMPACT
      等级的问题       - 任何影响评分低于
      MIN_IMPACT_SCORE
      (由
      --min-impact
      参数确定,默认值:
      high
      / 61)的问题必须排除。
    • 低可信度问题 - 任何低于其影响等级所需最低可信度阈值的问题应完全排除。
    过滤应用顺序:依次应用两个过滤器。问题必须同时满足两个条件才能被纳入:
    1. 最低影响阈值(先应用):排除所有影响评分低于
      MIN_IMPACT_SCORE
      (由命令参数部分的
      --min-impact
      参数确定,默认值:
      high
      / 61)的问题。
    2. 渐进可信度阈值(后应用):对于剩余问题,排除可信度评分低于其影响等级所需最低值的问题(来自上述渐进阈值表)。
    具体示例:当设置
    --min-impact medium
    (MIN_IMPACT_SCORE = 41)时,假设有一个影响评分为45(中等)、可信度为70的问题。步骤1通过:45 >= 41。步骤2失败:中等影响需要可信度 >=75,但该问题只有70。结果:排除。反之,一个影响评分为30(中低)、可信度为95的问题会在步骤1被排除,因为30 < 41,无论其可信度多高。
    审查报告应聚焦于通过两个过滤器的问题。
  3. 格式化并输出审查报告,包括:
    • 第二阶段中通过过滤的所有已确认问题
    • 代码质量审查Agent提供的代码改进建议
    • 根据影响程度和项目规范对齐情况对改进建议进行优先级排序

Examples of false positives, for Phase 3

第三阶段的误报示例

  • Pre-existing issues in unchanged code
  • Something that looks like a bug but is not actually a bug
  • Pedantic nitpicks that a senior engineer wouldn't call out
  • Issues that a linter, typechecker, or compiler would catch (eg. missing or incorrect imports, type errors, broken tests, formatting issues, pedantic style issues like newlines). No need to run these build steps yourself -- it is safe to assume that they will be run separately as part of CI.
  • General code quality issues (eg. lack of test coverage, general security issues, poor documentation), unless explicitly required in CLAUDE.md
  • Issues that are called out in CLAUDE.md, but explicitly silenced in the code (eg. due to a lint ignore comment)
  • Changes in functionality that are likely intentional or are directly related to the broader change
Notes:
  • Use build, lint and tests commands if you have access to them. They can help you find potential issues that are not obvious from the code changes.
  • Make a todo list first
  • You must cite each bug/issue/suggestion with file path and line numbers
  • 未变更代码中预先存在的问题
  • 看起来像Bug但实际不是Bug的情况
  • 资深工程师不会指出的过于挑剔的细节问题
  • 代码检查工具、类型检查器或编译器会发现的问题(例如:缺失或错误的导入、类型错误、测试失败、格式问题、换行符等风格细节问题)。无需自行运行这些构建步骤——可以假设它们会作为CI的一部分单独运行。
  • 通用代码质量问题(例如:测试覆盖不足、通用安全问题、文档不完善),除非CLAUDE.md明确要求
  • CLAUDE.md中提及但代码中明确忽略的问题(例如:由于lint忽略注释)
  • 可能是有意为之或与整体变更直接相关的功能变更
注意:
  • 如果可以访问构建、代码检查和测试命令,请使用它们。它们可以帮助你发现代码变更中不明显的潜在问题。
  • 先列出待办事项
  • 每个Bug/问题/建议必须注明文件路径和行号

Review Report Output

审查报告输出

If 
JSON_OUTPUT
is 
true
, output the report using the JSON template below. Otherwise, use the markdown template.
如果
JSON_OUTPUT
true
,使用以下JSON模板输出报告。否则,使用Markdown模板。

Markdown Template

Markdown模板

If you found issues or improvements
如果发现问题或改进建议
markdown
undefined
markdown
undefined

Local Changes Review Report

本地变更审查报告

Quality Gate: PASS / FAIL Issues: X critical, X high, X medium, X medium-low, X low Min Impact Filter: [configured level]
质量门禁:通过 / 不通过 问题统计:X个严重,X个高影响,X个中等,X个中低,X个低影响 最低影响过滤:[配置的等级]

Issues

问题列表

[For each issue, use this format:]
🔴/🟠/🟡/🟢 [Critical/High/Medium/Low]: [Brief description] File: 
path/to/file:lines
[Evidence: What code pattern/behavior was observed and the consequence if left unfixed]
language
[Suggestion: Optional fix or code suggestion]
[每个问题使用以下格式:]
🔴/🟠/🟡/🟢 [严重/高/中等/低影响]:[简要描述] 文件
path/to/file:lines
[证据:观察到的代码模式/行为,以及未修复的后果]
language
[建议:可选的修复方案或代码示例]

Improvements

改进建议

[Code improvement suggestions from code-quality-reviewer, if any:]
  1. [Description] - 
    file:location
    - [Reasoning and benefit]
undefined
[来自代码质量审查Agent的代码改进建议(如有):]
  1. [描述] - 
    file:location
    - [理由和收益]
undefined
If you found no issues
如果未发现问题
markdown
undefined
markdown
undefined

Local Changes Review Report

本地变更审查报告

Quality Gate: PASS No issues found above the configured threshold.
Checked: bugs, security, code quality, test coverage, guidelines compliance
undefined
质量门禁:通过 未发现高于配置阈值的问题。
已检查维度:Bug、安全性、代码质量、测试覆盖、规范合规性
undefined

JSON Template

JSON模板

When 
--json
flag is set, output results in this JSON structure:
jsonc
{
  "quality_gate": "PASS",       // "PASS" or "FAIL" - FAIL when any critical or high issue exists
  "summary": {
    "total_issues": 0,          // count of issues after both filters applied
    "critical": 0,              // count at impact 81-100
    "high": 0,                  // count at impact 61-80
    "medium": 0,                // count at impact 41-60
    "medium_low": 0,            // count at impact 21-40
    "low": 0                    // count at impact 0-20
  },
  "issues": [
    {
      "severity": "critical",   // severity label derived from impact_score range
      "file": "src/auth/session.ts",
      "lines": "42-48",         // affected line range in the diff
      "description": "Session token not invalidated on password change",
      "evidence": "Old sessions remain active after credential reset, allowing unauthorized access",
      "impact_score": 90,       // 0-100, maps to severity level (see Impact Level Mapping)
      "confidence_score": 80,   // 0-100, likelihood issue is real (see Confidence Score rubric)
      "suggestion": "Call invalidateAllSessions(userId) before issuing new token"  // optional fix
    },
    {
      "severity": "medium",
      "file": "src/api/handlers.ts",
      "lines": "115-120",
      "description": "Missing error handling for database timeout",
      "evidence": "Database query has no timeout or retry logic, will hang indefinitely under load",
      "impact_score": 55,
      "confidence_score": 78,
      "suggestion": "Add timeout option to query call and wrap in try/catch with retry"
    }
  ],
  "improvements": [             // from code-quality-reviewer agent; may be empty array
    {
      "description": "Improvement description",
      "file": "path/to/file",
      "location": "function/method/class",  // target symbol or code region
      "reasoning": "Why this improvement matters",
      "effort": "low"           // "low", "medium", or "high"
    }
  ]
}
quality_gate
is 
"FAIL"
if any critical or high severity issue exists, 
"PASS"
otherwise. The 
suggestion
field in issues is optional and may be omitted.
当设置
--json
标志时,使用以下JSON结构输出结果:
jsonc
{
  "quality_gate": "PASS",       // "PASS"或"FAIL" - 当存在任何严重或高影响问题时为"FAIL"
  "summary": {
    "total_issues": 0,          // 通过两个过滤器后的问题数量
    "critical": 0,              // 影响评分81-100的问题数量
    "high": 0,                  // 影响评分61-80的问题数量
    "medium": 0,                // 影响评分41-60的问题数量
    "medium_low": 0,            // 影响评分21-40的问题数量
    "low": 0                    // 影响评分0-20的问题数量
  },
  "issues": [
    {
      "severity": "critical",   // 根据影响评分范围确定的严重级别标签
      "file": "src/auth/session.ts",
      "lines": "42-48",         // 差异中受影响的行范围
      "description": "Session token not invalidated on password change",
      "evidence": "Old sessions remain active after credential reset, allowing unauthorized access",
      "impact_score": 90,       // 0-100,对应严重级别(见影响等级映射)
      "confidence_score": 80,   // 0-100,问题真实存在的可能性(见可信度评分规则)
      "suggestion": "Call invalidateAllSessions(userId) before issuing new token"  // 可选修复方案
    },
    {
      "severity": "medium",
      "file": "src/api/handlers.ts",
      "lines": "115-120",
      "description": "Missing error handling for database timeout",
      "evidence": "Database query has no timeout or retry logic, will hang indefinitely under load",
      "impact_score": 55,
      "confidence_score": 78,
      "suggestion": "Add timeout option to query call and wrap in try/catch with retry"
    }
  ],
  "improvements": [             // 来自代码质量审查Agent的建议;可能为空数组
    {
      "description": "Improvement description",
      "file": "path/to/file",
      "location": "function/method/class",  // 目标符号或代码区域
      "reasoning": "Why this improvement matters",
      "effort": "low"           // "low", "medium",或"high"
    }
  ]
}
当存在任何严重或高影响问题时,
quality_gate
"FAIL"
,否则为
"PASS"
。问题中的
suggestion
字段为可选字段,可省略。

Evaluation Guidelines

评估准则

  • Pre-Commit Opportunity: This review runs on uncommitted local changes, before code enters version history. Treat this as the last line of defense: catch bugs, security holes, and contract violations now, while they are cheapest to fix. Issues found here never reach teammates or CI.
  • Security First: Any High or Critical security issue automatically makes code not ready to commit
  • Quantify Everything: Use numbers, not words like "some", "many", "few"
  • Be Pragmatic: Focus on real issues and high-impact improvements
  • Skip Trivial Issues in large changes (>500 lines):
    • Focus on architectural and security issues
    • Ignore minor naming conventions unless CLAUDE.md explicitly requires them
    • Prioritize bugs over style
  • Improvements Should Be Actionable: Each suggestion should include concrete code examples
  • Consider Effort vs Impact: Prioritize improvements with high impact and reasonable effort
  • Align with Project Standards: Reference CLAUDE.md and project guidelines when suggesting improvements
  • Terminal Readability: The report is consumed in a terminal/console. Use fixed-width-friendly formatting: short lines, clear section separators (
    ---
    ), and concise tables. Avoid deeply nested bullet lists or long prose paragraphs that wrap poorly in narrow terminals.
  • 提交前机会:本次审查针对未提交的本地变更,在代码进入版本历史之前进行。将其视为最后一道防线:在成本最低的时候发现Bug、安全漏洞和契约违规问题。在此处发现的问题永远不会传递给团队成员或进入CI流程。
  • 安全优先:任何高影响或严重级别的安全问题都会直接导致代码无法提交
  • 量化一切:使用数字,而非"一些"、"许多"、"少数"等词汇
  • 务实聚焦:关注真实问题和高影响改进
  • 在大型变更(>500行)中跳过琐碎问题
    • 聚焦架构和安全问题
    • 忽略次要命名规范,除非CLAUDE.md明确要求
    • 优先处理Bug而非风格问题
  • 改进建议需可落地:每个建议应包含具体的代码示例
  • 考虑投入与产出:优先选择高影响、合理投入的改进建议
  • 对齐项目标准:建议改进时参考CLAUDE.md和项目规范
  • 终端可读性:报告将在终端/控制台中查看。使用适合固定宽度格式的排版:短行、清晰的分隔符(
    ---
    )、简洁的表格。避免在窄终端中会换行混乱的深层嵌套项目符号列表或冗长段落。

Remember

谨记

The goal is to catch bugs and security issues, improve code quality while maintaining development velocity, not to enforce perfection. Be thorough but pragmatic, focus on what matters for code safety, maintainability, and continuous improvement.
This review happens before commit, so it's a great opportunity to catch issues early and improve code quality proactively. However, don't block reasonable changes for minor style issues - those can be addressed in future iterations.
目标是发现Bug和安全问题,在保持开发速度的同时提升代码质量,而非追求完美。要全面但务实,聚焦于代码安全性、可维护性和持续改进的关键事项。
本次审查在提交前进行,因此是提前发现问题并主动提升代码质量的绝佳机会。但不要因次要风格问题阻碍合理的变更——这些问题可以在未来迭代中解决。