Back to Details

code-review-checklist

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese

Code Review Checklist

代码审查检查清单

Quick Review Checklist

快速审查检查清单

Correctness

正确性

  • Code does what it's supposed to do
  • Edge cases handled
  • Error handling in place
  • No obvious bugs
  • 代码实现了预期功能
  • 已处理边缘情况
  • 已设置错误处理机制
  • 无明显漏洞

Security

安全性

  • Input validated and sanitized
  • No SQL/NoSQL injection vulnerabilities
  • No XSS or CSRF vulnerabilities
  • No hardcoded secrets or sensitive credentials
  • AI-Specific: Protection against Prompt Injection (if applicable)
  • AI-Specific: Outputs are sanitized before being used in critical sinks
  • 输入已验证和清理
  • 无SQL/NoSQL注入漏洞
  • 无XSS或CSRF漏洞
  • 无硬编码的密钥或敏感凭证
  • AI专属: 防范提示注入(如适用)
  • AI专属: 输出在用于关键环节前已清理

Performance

性能

  • No N+1 queries
  • No unnecessary loops
  • Appropriate caching
  • Bundle size impact considered
  • 无N+1查询问题
  • 无不必要的循环
  • 已使用合适的缓存策略
  • 已考虑对包体积的影响

Code Quality

代码质量

  • Clear naming
  • DRY - no duplicate code
  • SOLID principles followed
  • Appropriate abstraction level
  • 命名清晰
  • 遵循DRY原则 - 无重复代码
  • 遵循SOLID原则
  • 抽象层级合理

Testing

测试

  • Unit tests for new code
  • Edge cases tested
  • Tests readable and maintainable
  • 为新代码编写了单元测试
  • 已测试边缘情况
  • 测试用例易读且可维护

Documentation

文档

  • Complex logic commented
  • Public APIs documented
  • README updated if needed
  • 复杂逻辑已添加注释
  • 公共API已编写文档
  • 按需更新了README

AI & LLM Review Patterns (2025)

AI与大语言模型审查模式(2025)

Logic & Hallucinations

逻辑与幻觉问题

  • Chain of Thought: Does the logic follow a verifiable path?
  • Edge Cases: Did the AI account for empty states, timeouts, and partial failures?
  • External State: Is the code making safe assumptions about file systems or networks?
  • 思维链: 逻辑是否遵循可验证的路径?
  • 边缘情况: AI是否考虑了空状态、超时和部分故障?
  • 外部状态: 代码对文件系统或网络的假设是否安全?

Prompt Engineering Review

提示工程审查

markdown
// ❌ Vague prompt in code
const response = await ai.generate(userInput);

// ✅ Structured & Safe prompt
const response = await ai.generate({
  system: "You are a specialized parser...",
  input: sanitize(userInput),
  schema: ResponseSchema
});
markdown
// ❌ Vague prompt in code
const response = await ai.generate(userInput);

// ✅ Structured & Safe prompt
const response = await ai.generate({
  system: "You are a specialized parser...",
  input: sanitize(userInput),
  schema: ResponseSchema
});

Anti-Patterns to Flag

需要标记的反模式

typescript
// ❌ Magic numbers
if (status === 3) { ... }

// ✅ Named constants
if (status === Status.ACTIVE) { ... }

// ❌ Deep nesting
if (a) { if (b) { if (c) { ... } } }

// ✅ Early returns
if (!a) return;
if (!b) return;
if (!c) return;
// do work

// ❌ Long functions (100+ lines)
// ✅ Small, focused functions

// ❌ any type
const data: any = ...

// ✅ Proper types
const data: UserData = ...
typescript
// ❌ 魔法数字
if (status === 3) { ... }

// ✅ 命名常量
if (status === Status.ACTIVE) { ... }

// ❌ 深层嵌套
if (a) { if (b) { if (c) { ... } } }

// ✅ 提前返回
if (!a) return;
if (!b) return;
if (!c) return;
// do work

// ❌ 长函数(超过100行)
// ✅ 小而专注的函数

// ❌ any类型
const data: any = ...

// ✅ 合适的类型
const data: UserData = ...

Review Comments Guide

审查注释指南

// Blocking issues use 🔴
🔴 BLOCKING: SQL injection vulnerability here

// Important suggestions use 🟡
🟡 SUGGESTION: Consider using useMemo for performance

// Minor nits use 🟢
🟢 NIT: Prefer const over let for immutable variable

// Questions use ❓
❓ QUESTION: What happens if user is null here?
// 阻塞问题使用🔴
🔴 阻塞问题:此处存在SQL注入漏洞

// 重要建议使用🟡
🟡 建议:考虑使用useMemo优化性能

// 小问题使用🟢
🟢 小问题:不可变变量优先使用const而非let

// 疑问使用❓
❓ 疑问:如果此处user为null会发生什么?