review
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseReview Orchestrator
审查编排器
When to use
使用场景
- User wants a comprehensive review but doesn't know where to start
- Pre-launch readiness assessment
- Post-incident review planning
- New team member wants to understand review coverage
- 用户想要全面审查但不知从何入手
- 上线前就绪评估
- 事后审查规划
- 新团队成员想要了解审查覆盖范围
How it works
工作原理
Three modes:
- Interactive triage (default) — asks context questions, recommends a review plan
- Full suite () — runs all applicable categories
/review --all - Targeted — user invokes a specific review directly
三种模式:
- 交互式分类(默认)——询问上下文问题,推荐审查计划
- 全套件模式 () ——运行所有适用类别的审查
/review --all - 定向模式——用户直接调用特定审查
Steps
步骤
1. Gather context
1. 收集上下文
- Read the project: tech stack, framework, package.json, routes, components
- Check git diff for recent changes
- Look for existing review reports in
shiplight/reports/ - Check for compliance markers (HIPAA mentions, PCI references, GDPR cookies)
- 读取项目信息:技术栈、框架、package.json、路由、组件
- 检查git diff查看近期变更
- 查找中的现有审查报告
shiplight/reports/ - 检查合规标记(HIPAA提及、PCI参考、GDPR cookie)
2. Ask targeted questions (max 4)
2. 提出针对性问题(最多4个)
Ask one at a time, with auto-detected defaults:
- What type of application? (SaaS, healthcare, fintech, e-commerce, internal tool, marketing site, API-only)
- What triggered this review? (pre-launch, new feature, dependency update, security incident, audit prep, routine)
- Any compliance requirements? (none, HIPAA, SOC2, PCI-DSS, GDPR, multiple) — auto-detect from codebase
- Specific concerns? (open-ended, optional)
逐个提问,并提供自动检测的默认选项:
- 应用程序类型?(SaaS、医疗健康、金融科技、电子商务、内部工具、营销站点、仅API)
- 触发本次审查的原因?(上线前、新功能、依赖更新、安全事件、审计准备、例行检查)
- 是否有合规要求?(无、HIPAA、SOC2、PCI-DSS、GDPR、多项)——从代码库自动检测
- 特定关注点?(开放式问题,可选)
3. Generate review plan
3. 生成审查计划
Based on answers, categorize all 8 review types as:
- CRITICAL — must run, high risk of issues
- RECOMMENDED — should run, meaningful value
- OPTIONAL — nice to have
Present the plan with rationale for each recommendation. Include estimated depth (quick/standard/thorough) for each.
SEO vs GEO prioritization by product type:
| Product type | SEO | GEO |
|---|---|---|
| Developer tools, API products, SaaS | RECOMMENDED | CRITICAL |
| E-commerce, local business, marketplace | CRITICAL | OPTIONAL |
| Content/media, documentation, blog | CRITICAL | CRITICAL |
| Internal tools | — | — |
Provide a decision matrix table:
| Review | Priority | Rationale | Depth |
|---|---|---|---|
| /security-review | CRITICAL | New auth feature + SaaS app | thorough |
| /privacy-review | CRITICAL | Handles user PII, GDPR applies | standard |
| etc. |
根据回答,将所有8种审查类型分类为:
- CRITICAL(关键)——必须运行,存在高风险问题
- RECOMMENDED(推荐)——应该运行,具有重要价值
- OPTIONAL(可选)——锦上添花
呈现计划时需说明每个推荐的理由。包含每个审查的预计深度(快速/标准/全面)。
按产品类型区分SEO与GEO的优先级:
| 产品类型 | SEO | GEO |
|---|---|---|
| 开发者工具、API产品、SaaS | RECOMMENDED | CRITICAL |
| 电子商务、本地商家、市场平台 | CRITICAL | OPTIONAL |
| 内容/媒体、文档、博客 | CRITICAL | CRITICAL |
| 内部工具 | — | — |
提供决策矩阵表格:
| 审查 | 优先级 | 理由 | 深度 |
|---|---|---|---|
| /security-review | CRITICAL | 新增认证功能 + SaaS应用 | thorough |
| /privacy-review | CRITICAL | 处理用户PII,适用GDPR | standard |
| etc. |
4. Execute
4. 执行
Ask: "Run all CRITICAL reviews now? [Y/n] Or pick specific ones."
Run selected reviews sequentially. After each, show a brief summary before proceeding to the next.
询问:"立即运行所有CRITICAL审查?[Y/n] 或选择特定审查。"
按顺序运行选定的审查。每次审查完成后,显示简要摘要再进行下一个。
5. Unified report
5. 统一报告
After all reviews complete, generate a unified report:
- Overall readiness score (0-10)
- Per-category scores
- Top 5 findings across all categories (by severity)
- Regression test summary (total YAML tests generated)
- Report saved to
shiplight/reports/review-{date}.md
所有审查完成后,生成统一报告:
- 整体就绪评分(0-10分)
- 各分类评分
- 所有类别中最严重的5项发现(按严重性排序)
- 回归测试摘要(生成的YAML测试总数)
- 报告保存至
shiplight/reports/review-{date}.md
Available Reviews
可用审查
| Skill | Category | What it checks |
|---|---|---|
| Visual/UI | Responsive, a11y, design consistency, i18n readiness |
| Security | OWASP Top 10, auth, headers, supply chain, pen testing |
| Privacy | PII handling, tracking, data flow, consent |
| Compliance | HIPAA, SOC2, PCI-DSS, GDPR checklists |
| Reliability | Error handling, degradation, API contracts |
| Performance | Core Web Vitals, bundle size, runtime perf |
| Discoverability | Meta tags, structured data, crawlability |
| AI Discoverability | LLM citation readiness, entity authority, structured claims |
| Skill | 分类 | 检查内容 |
|---|---|---|
| 视觉/UI | 响应式设计、无障碍(a11y)、设计一致性、国际化(i18n)就绪情况 |
| 安全 | OWASP Top 10、认证、请求头、供应链、渗透测试 |
| 隐私 | PII处理、追踪、数据流、用户同意 |
| 合规 | HIPAA、SOC2、PCI-DSS、GDPR检查清单 |
| 可靠性 | 错误处理、降级机制、API契约 |
| 性能 | Core Web Vitals、包大小、运行时性能 |
| 可发现性 | 元标签、结构化数据、可抓取性 |
| AI可发现性 | LLM引用就绪情况、实体权威性、结构化声明 |
Report Format
报告格式
All review skills produce reports in a consistent format saved to . The orchestrator merges these into a unified report.
shiplight/reports/{review-name}-{date}.md所有审查Skill生成的报告均采用一致格式,保存至。编排器会将这些报告合并为一份统一报告。
shiplight/reports/{review-name}-{date}.mdTips
提示
- Run before every major launch
/review - Individual reviews can be invoked directly when you know what you need
- Review reports accumulate over time — the orchestrator can show trends
- YAML regression tests from reviews accumulate in
shiplight/tests/
- 每次重大上线前运行
/review - 当您明确需求时,可以直接调用单个审查
- 审查报告随时间累积——编排器可显示趋势
- 审查生成的YAML回归测试会累积在中
shiplight/tests/