Back to Details

code-review

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review

Code Review

"Read with intent. Question with purpose. Document with care."
Systematic code analysis with evidence collection. Code review IS an adventure — the codebase is the dungeon, findings are clues.
"带着目的阅读,带着疑问审视,用心记录。"
系统化代码分析与证据收集。代码审查本身就是一场冒险——代码库是地牢,发现的问题是线索。

Review Process

审查流程

READ → NOTE ISSUES → CLASSIFY → REPORT
阅读 → 记录问题 → 分类 → 提交报告

Step 1: Setup

步骤1:准备工作

  1. Create REVIEW.yml
  2. Identify files to review
  3. Define focus areas
  1. 创建REVIEW.yml
  2. 确定要审查的文件
  3. 定义重点领域

Step 2: Overview

步骤2:整体概览

  1. List all changed files
  2. Read PR/commit description
  3. Note initial impressions
  1. 列出所有变更文件
  2. 阅读PR/提交描述
  3. 记录初步印象

Step 3: Deep Review

步骤3:深度审查

For each file:
  1. Read the code
  2. Check against criteria
  3. Note findings
  4. Run relevant checks
针对每个文件:
  1. 阅读代码
  2. 对照审查标准检查
  3. 记录发现的问题
  4. 运行相关检查

Step 4: Verification

步骤4:验证

  1. Run tests
  2. Run linters
  3. Check regressions
  1. 运行测试
  2. 运行代码检查工具
  3. 检查回归问题

Step 5: Synthesize

步骤5:整理总结

  1. Compile findings
  2. Prioritize issues
  3. Generate REVIEW.md
  4. State recommendation
  1. 汇总发现的问题
  2. 对问题进行优先级排序
  3. 生成REVIEW.md
  4. 给出最终建议

Finding Severity

问题严重程度

LevelSymbolMeaningAction
Blocking🚫Must fix before mergeRequest changes
Important⚠️Should fix or explainRequest changes
Minor💡Nice to fixComment only
Praise🎉Good work!Celebrate
级别标识含义处理方式
阻塞性🚫合并前必须修复请求修改
重要⚠️应该修复或作出解释请求修改
次要💡建议修复仅评论
表扬🎉做得好!给予肯定

Finding Types

问题类型

  • Security — Injection, auth, sensitive data
  • Correctness — Logic errors, edge cases
  • Performance — N+1 queries, memory leaks
  • Maintainability — Clarity, DRY, naming
  • Style — Formatting, conventions
  • 安全 — 注入、认证、敏感数据
  • 正确性 — 逻辑错误、边界情况
  • 性能 — N+1查询、内存泄漏
  • 可维护性 — 清晰度、DRY原则、命名
  • 风格 — 格式、编码规范

Review Checklist

审查检查清单

Security

安全

  • Input validation
  • Output encoding
  • Authentication/authorization
  • Sensitive data handling
  • Injection vulnerabilities
  • Timing attacks
  • 输入验证
  • 输出编码
  • 认证/授权
  • 敏感数据处理
  • 注入漏洞
  • 时序攻击

Correctness

正确性

  • Logic errors
  • Edge cases handled
  • Null/undefined handling
  • Error handling
  • Race conditions
  • Resource cleanup
  • 逻辑错误
  • 边界情况处理
  • Null/undefined处理
  • 错误处理
  • 竞态条件
  • 资源清理

Maintainability

可维护性

  • Code clarity
  • Appropriate comments
  • Consistent naming
  • DRY (no duplication)
  • Single responsibility
  • Testability
  • 代码清晰度
  • 恰当的注释
  • 命名一致性
  • DRY(无重复代码)
  • 单一职责
  • 可测试性

Performance

性能

  • Algorithmic complexity
  • Memory usage
  • Database queries
  • Caching
  • Unnecessary operations
  • 算法复杂度
  • 内存使用
  • 数据库查询
  • 缓存
  • 不必要的操作

Core Files

核心文件

REVIEW.yml

REVIEW.yml

yaml
review:
  name: "PR #123: Add user authentication"
  status: "in_progress"
  
findings:
  blocking:
    - id: "B1"
      file: "src/auth/login.ts"
      line: 45
      type: "security"
      summary: "Timing attack vulnerability"
      
  important: []
  minor: []
  praise: []

verification:
  tests: { ran: true, passed: true }
  linter: { ran: true, passed: false, issues: 3 }
yaml
review:
  name: "PR #123: Add user authentication"
  status: "in_progress"
  
findings:
  blocking:
    - id: "B1"
      file: "src/auth/login.ts"
      line: 45
      type: "security"
      summary: "Timing attack vulnerability"
      
  important: []
  minor: []
  praise: []

verification:
  tests: { ran: true, passed: true }
  linter: { ran: true, passed: false, issues: 3 }

REVIEW.md

REVIEW.md

Formatted document with:
  • Summary and counts
  • Issues by severity
  • Verification results
  • Recommendation
格式化文档包含:
  • 总结与问题统计
  • 按严重程度分类的问题
  • 验证结果
  • 最终建议

Verification Commands

验证命令

yaml
tests:
  - "npm test"
  - "pytest"
  - "go test ./..."
  
linters:
  - "npm run lint"
  - "flake8"
  - "golangci-lint run"
yaml
tests:
  - "npm test"
  - "pytest"
  - "go test ./..."
  
linters:
  - "npm run lint"
  - "flake8"
  - "golangci-lint run"

Recommendation Output

建议输出

OutcomeMeaning
approve
Good to merge
request_changes
Has blocking/important issues
comment
Minor feedback only
结果含义
approve
可以合并
request_changes
存在阻塞性/重要问题
comment
仅次要反馈

See Also

相关链接

  • rubricExplicit scoring criteria for code quality
  • evaluator — Independent assessment pattern
  • adversarial-committee — Multiple reviewers debating findings
  • rubric代码质量的明确评分标准
  • evaluator — 独立评估模式
  • adversarial-committee — 多位审查者对发现的问题进行讨论