Back to Details

code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review

代码评审

Orchestrates code review across GitHub PRs, GitLab MRs, and Gerrit changes. Auto-detects the platform from git remote configuration and provides focused review feedback on security, maintainability, and architectural fit.
This is a workflow skill -- it contains no scripts and instead guides the agent through a multi-step review process using the appropriate platform skill.
可协调完成跨GitHub PR、GitLab MR和Gerrit变更的代码评审工作。会从git远程配置中自动检测平台,针对安全性、可维护性和架构适配性提供针对性的评审反馈。
这是一个工作流技能——它不包含任何脚本,而是通过调用对应平台的技能引导Agent完成多步骤的评审流程。

Authentication

身份验证

This skill delegates authentication to the underlying platform skill:
  • GitHub: Requires 
    gh auth login
    (see the github skill)
  • GitLab: Requires 
    glab auth login
    (see the gitlab skill)
  • Gerrit: Requires 
    git-review
    configuration (see the gerrit skill)
Ensure the relevant platform skill is authenticated before using code-review.
该技能将身份验证委托给底层的平台技能:
  • GitHub:需要执行
    gh auth login
    (参考github技能说明)
  • GitLab:需要执行
    glab auth login
    (参考gitlab技能说明)
  • Gerrit:需要完成
    git-review
    配置(参考gerrit技能说明)
使用代码评审功能前,请确保相关平台技能已完成身份验证。

Commands

命令

review

review

Review a change by number or URL.
Usage:
Review PR #123
Review this MR: https://gitlab.com/org/repo/-/merge_requests/42
Review Gerrit change 456789
The agent follows the Workflow steps: detects the platform from git remotes or the provided URL, fetches the change metadata, CI status, and diff, then provides structured review feedback. Optionally posts review comments.
通过编号或URL评审变更。
用法:
Review PR #123
Review this MR: https://gitlab.com/org/repo/-/merge_requests/42
Review Gerrit change 456789
Agent会遵循工作流步骤:从git远程地址或提供的URL中检测平台,拉取变更元数据、CI状态和差异内容,然后提供结构化的评审反馈。可选发布评审评论。

remember

remember

Save additional context for the current repository's reviews. This persists information that should be considered in future reviews of the same repo.
Usage:
Remember that this repo follows the Google Python Style Guide
Remember: authentication changes must be reviewed by the security team
Remember https://internal-docs.example.com/api-conventions as a reference for API design
Remember that the data layer uses the Repository pattern, not Active Record
Keyword: The word remember at the start of a message triggers saving. The context is stored in 
~/.config/agent-skills/code-review.yaml
under the current repository's remote URL.
What to save: Coding standards, architectural decisions, external documentation links, team conventions, review policies, or any context that should inform future reviews.
为当前仓库的评审保存额外上下文。该信息会被持久化,后续评审同一仓库时会被纳入考量。
用法:
Remember that this repo follows the Google Python Style Guide
Remember: authentication changes must be reviewed by the security team
Remember https://internal-docs.example.com/api-conventions as a reference for API design
Remember that the data layer uses the Repository pattern, not Active Record
触发关键词: 消息开头的remember单词会触发保存操作。上下文会存储在
~/.config/agent-skills/code-review.yaml
中,以当前仓库的远程URL作为键。
可保存的内容: 编码规范、架构决策、外部文档链接、团队约定、评审政策,或任何能为后续评审提供参考的上下文信息。

forget

forget

Remove previously saved context for the current repository.
Usage:
Forget the note about the Google Python Style Guide
Forget all saved context for this repo
移除当前仓库之前保存的上下文。
用法:
Forget the note about the Google Python Style Guide
Forget all saved context for this repo

show context

show context

Display all saved context for the current repository.
Usage:
Show review context for this repo
展示当前仓库所有已保存的上下文。
用法:
Show review context for this repo

check

check

Verify that the required platform skill is available and authenticated.
bash
undefined
验证所需的平台技能是否可用且已完成身份验证。
bash
undefined

For GitHub repos

针对GitHub仓库

skills/github/scripts/github.py check
skills/github/scripts/github.py check

For GitLab repos

针对GitLab仓库

skills/gitlab/scripts/gitlab.py check
skills/gitlab/scripts/gitlab.py check

For Gerrit repos

针对Gerrit仓库

skills/gerrit/scripts/gerrit.py check
undefined
skills/gerrit/scripts/gerrit.py check
undefined

Repository Context

仓库上下文

Per-repository context is persisted in 
~/.config/agent-skills/code-review.yaml
, keyed by the remote fetch URL from 
git remote get-url origin
. This context is loaded at the start of every review (see Step 0 in Workflow).
yaml
undefined
每个仓库的上下文会持久化存储在
~/.config/agent-skills/code-review.yaml
中,以
git remote get-url origin
返回的远程拉取URL作为键。每次评审开始时会加载该上下文(参考工作流的第0步)。
yaml
undefined

~/.config/agent-skills/code-review.yaml

~/.config/agent-skills/code-review.yaml

repositories: "git@github.com:myorg/myrepo.git": references: - "https://internal-docs.example.com/api-conventions" - "https://google.github.io/styleguide/pyguide.html" standards: - "All API endpoints must validate input with Pydantic models" - "Authentication changes require security team review" notes: - "Data layer uses Repository pattern, not Active Record" - "Legacy modules in src/compat/ are exempt from new style rules" "https://gitlab.com/myorg/other-repo.git": references: - "https://docs.example.com/other-repo/architecture" standards: [] notes: - "Migrating from REST to GraphQL -- new endpoints should use GraphQL"

When the user provides out-of-repo context during a review, suggest using the **remember** command to persist it.
repositories: "git@github.com:myorg/myrepo.git": references: - "https://internal-docs.example.com/api-conventions" - "https://google.github.io/styleguide/pyguide.html" standards: - "All API endpoints must validate input with Pydantic models" - "Authentication changes require security team review" notes: - "Data layer uses Repository pattern, not Active Record" - "Legacy modules in src/compat/ are exempt from new style rules" "https://gitlab.com/myorg/other-repo.git": references: - "https://docs.example.com/other-repo/architecture" standards: [] notes: - "Migrating from REST to GraphQL -- new endpoints should use GraphQL"

如果用户在评审过程中提供了仓库外的上下文,建议使用**remember**命令将其持久化保存。

Workflow

工作流

Step 0: Load Repository Context

第0步:加载仓库上下文

Before starting the review, check for saved context:
bash
git remote get-url origin
Read 
~/.config/agent-skills/code-review.yaml
and look up the remote URL. If context exists, load it and keep it in mind throughout the review:
  • references: Consult these when evaluating architectural decisions
  • standards: Actively check compliance with each standard
  • notes: Factor these into review feedback
If no context file exists or the repo has no entries, proceed without additional context.
开始评审前,检查是否有已保存的上下文:
bash
git remote get-url origin
读取
~/.config/agent-skills/code-review.yaml
并查找对应远程URL的配置。如果存在上下文,加载并在整个评审过程中参考这些信息:
  • references:评估架构决策时参考这些内容
  • standards:主动检查代码是否符合每一项规范
  • notes:将这些内容纳入评审反馈的考量因素
如果不存在上下文文件,或仓库没有对应条目,无需额外上下文直接继续。

Step 1: Detect Platform

第1步:检测平台

Determine the code hosting platform from the repository context:
bash
undefined
从仓库上下文中确定代码托管平台:
bash
undefined

Check git remotes

检查git远程地址

git remote -v

- If remote contains `github.com` -> use the **github** skill
- If remote contains `gitlab` -> use the **gitlab** skill
- If `.gitreview` file exists -> use the **gerrit** skill
- If a URL is provided, detect from the URL hostname
git remote -v

- 如果远程地址包含`github.com` -> 使用**github**技能
- 如果远程地址包含`gitlab` -> 使用**gitlab**技能
- 如果存在`.gitreview`文件 -> 使用**gerrit**技能
- 如果提供了URL,从URL的主机名检测平台

Step 2: Fetch Change Metadata and CI Status

第2步:拉取变更元数据和CI状态

GitHub:
bash
skills/github/scripts/github.py prs view <number> --repo OWNER/REPO
skills/github/scripts/github.py prs checks <number> --repo OWNER/REPO
GitLab:
bash
skills/gitlab/scripts/gitlab.py mrs view <number> --repo GROUP/REPO
skills/gitlab/scripts/gitlab.py pipelines list --repo GROUP/REPO
Gerrit:
bash
skills/gerrit/scripts/gerrit.py changes view <change-number>
GitHub:
bash
skills/github/scripts/github.py prs view <number> --repo OWNER/REPO
skills/github/scripts/github.py prs checks <number> --repo OWNER/REPO
GitLab:
bash
skills/gitlab/scripts/gitlab.py mrs view <number> --repo GROUP/REPO
skills/gitlab/scripts/gitlab.py pipelines list --repo GROUP/REPO
Gerrit:
bash
skills/gerrit/scripts/gerrit.py changes view <change-number>

Step 3: Assess CI/Test Status

第3步:评估CI/测试状态

Before reviewing, check whether CI/tests have passed:
  • If CI is passing: proceed with full review
  • If CI is failing: note the failures, skip reviewing concerns that would be caught by tests, and focus on issues tests cannot catch (security, architecture, design)
  • If CI is pending: note it and proceed with review
评审前,检查CI/测试是否通过:
  • 如果CI通过:继续完成全量评审
  • 如果CI失败:标注失败内容,跳过评审会被测试覆盖的问题,重点关注测试无法发现的问题(安全性、架构、设计)
  • 如果CI运行中:标注该状态后继续评审

Step 4: Fetch the Diff

第4步:拉取差异内容

GitHub:
bash
gh pr diff <number>
GitLab:
bash
glab mr diff <number>
Gerrit:
bash
git diff HEAD~1
GitHub:
bash
gh pr diff <number>
GitLab:
bash
glab mr diff <number>
Gerrit:
bash
git diff HEAD~1

Step 5: Review the Changes

第5步:评审变更

Focus review feedback on these areas, in priority order. See references/review-checklist.md for the full checklist.
  1. Security concerns: injection vulnerabilities, authentication/authorization gaps, data exposure, unsafe deserialization, hardcoded secrets
  2. Maintainability: excessive complexity, poor naming, missing separation of concerns, code duplication that harms readability
  3. Good coding practices: error handling gaps, resource leaks, race conditions, missing input validation at system boundaries
  4. Architectural fit: consistency with existing codebase patterns, appropriate abstraction level, dependency direction
Do not flag:
  • Style/formatting issues (leave to linters)
  • Minor naming preferences without clear readability impact
  • Test coverage gaps (leave to CI coverage tools)
  • Issues already caught by failing CI
按照优先级顺序,重点关注以下领域的评审反馈。完整检查清单可参考references/review-checklist.md
  1. 安全问题:注入漏洞、身份验证/授权缺口、数据暴露、不安全的反序列化、硬编码密钥
  2. 可维护性:过度复杂、命名不规范、缺少关注点分离、影响可读性的代码重复
  3. 良好编码实践:错误处理缺失、资源泄漏、竞态条件、系统边界缺少输入验证
  4. 架构适配性:与现有代码库模式的一致性、合理的抽象层级、依赖方向正确
无需标注的问题:
  • 代码风格/格式问题(交给linter处理)
  • 无明显可读性影响的小型命名偏好问题
  • 测试覆盖缺口(交给CI覆盖率工具处理)
  • 已被失败CI捕获的问题

Step 6: Present Findings

第6步:展示评审结果

Format findings as a structured review:
markdown
undefined
将结果格式化为结构化的评审内容:
markdown
undefined

Code Review: PR #<number> - <title>

代码评审:PR #<number> - <title>

Summary

摘要

<1-2 sentence summary of the change and overall assessment>
<1-2句话说明变更内容和整体评估>

CI Status

CI状态

<passing/failing/pending -- note any failures>
<passing/failing/pending -- 标注所有失败项>

Findings

评审发现

Security

安全

  • <finding with file:line reference>
  • <标注具体文件:行号的问题>

Maintainability

可维护性

  • <finding with file:line reference>
  • <标注具体文件:行号的问题>

Coding Practices

编码实践

  • <finding with file:line reference>
  • <标注具体文件:行号的问题>

Architecture

架构

  • <finding with file:line reference>
  • <标注具体文件:行号的问题>

Verdict

结论

<APPROVE / REQUEST_CHANGES / COMMENT -- with brief rationale>

If the user requests it, post the review as comments on the PR/MR using the platform skill:

**GitHub:**
```bash
gh pr review <number> --comment --body "<review>"
<APPROVE / REQUEST_CHANGES / COMMENT -- 附带简要理由>

如果用户要求,可使用平台技能将评审内容作为评论发布到PR/MR上:

**GitHub:**
```bash
gh pr review <number> --comment --body "<review>"

Or approve/request changes:

或批准/请求变更:

gh pr review <number> --approve --body "<review>" gh pr review <number> --request-changes --body "<review>"

**GitLab:**
```bash
glab mr note <number> --message "<review>"
gh pr review <number> --approve --body "<review>" gh pr review <number> --request-changes --body "<review>"

**GitLab:**
```bash
glab mr note <number> --message "<review>"

Or approve:

或批准:

glab mr approve <number>
undefined
glab mr approve <number>
undefined

Examples

示例

Review a GitHub PR

评审GitHub PR

Review PR #42
The agent will run 
git remote -v
, detect GitHub, fetch the PR with 
skills/github/scripts/github.py prs view 42
, check CI with 
skills/github/scripts/github.py prs checks 42
, fetch the diff with 
gh pr diff 42
, and provide structured review feedback.
Review PR #42
Agent会执行
git remote -v
,检测到GitHub平台,使用
skills/github/scripts/github.py prs view 42
拉取PR信息,使用
skills/github/scripts/github.py prs checks 42
检查CI状态,使用
gh pr diff 42
拉取差异内容,然后提供结构化的评审反馈。

Review a GitLab MR by URL

通过URL评审GitLab MR

Review https://gitlab.com/myorg/myrepo/-/merge_requests/15
Review https://gitlab.com/myorg/myrepo/-/merge_requests/15

Review with Posting Comments

评审并发布评论

Review PR #42 and post your findings as a review comment
Review PR #42 and post your findings as a review comment

Review Focusing on Security Only

仅关注安全问题的评审

Review PR #42, focus only on security concerns
Review PR #42, focus only on security concerns

Save Context for Future Reviews

为后续评审保存上下文

Remember that this repo uses the Twelve-Factor App methodology
Remember https://wiki.example.com/team/coding-standards as a reference
Remember: all database migrations must be backwards-compatible
Remember that this repo uses the Twelve-Factor App methodology
Remember https://wiki.example.com/team/coding-standards as a reference
Remember: all database migrations must be backwards-compatible

Show Saved Context

展示已保存的上下文

Show review context for this repo
Show review context for this repo

Model Guidance

模型指南

This skill coordinates multiple sub-skills and requires reasoning about multi-step workflows. A higher-capability model is recommended for best results.
该技能会协调多个子技能,需要处理多步骤工作流的推理能力。为获得最佳效果,建议使用能力更强的模型。

Troubleshooting

故障排查

Platform not detected

平台未检测

Ensure you are running from within a git repository with a remote configured:
bash
git remote -v
确保你在已配置远程地址的git仓库中运行命令:
bash
git remote -v

Authentication errors

身份验证错误

Verify the underlying platform skill is authenticated:
bash
undefined
验证底层平台技能已完成身份验证:
bash
undefined

GitHub

GitHub

gh auth status
gh auth status

GitLab

GitLab

glab auth status
undefined
glab auth status
undefined

No diff available

无可用差异内容

Ensure the PR/MR number is correct and the change exists:
bash
undefined
确认PR/MR编号正确且变更存在:
bash
undefined

GitHub

GitHub

skills/github/scripts/github.py prs view <number>
skills/github/scripts/github.py prs view <number>

GitLab

GitLab

skills/gitlab/scripts/gitlab.py mrs view <number>
undefined
skills/gitlab/scripts/gitlab.py mrs view <number>
undefined