S
SkillsMD 发现、学习和掌握最新的 AI 技术 Skills。基于真实社区数据,为开发者提供最权威的 AI 工具导航。
关于 聚焦 AI 技术 Skills 每周数据更新 中英双语文档 © 2026 SkillsMD. All rights reserved.
Preen Review 使用说明:自动化代码审查文档同步与合规性检查工具 | SkillsMD
首页 / Skills / preen-review-instructions Preen Review 使用说明:自动化代码审查文档同步与合规性检查工具 preen-review-instructions by a2f0/tearleads
npx skills add https://github.com/a2f0/tearleads --skill preen-review-instructions🇨🇳 中文介绍 Preen Review 使用说明
审核 REVIEW.md 和 .gemini/INSTRUCTIONS.md 中的审查说明,确保其完整性、准确性,并与代码库模式保持同步。更新说明以反映当前的约定。
何时运行
在以下情况下运行此技能:
向代码库添加新模式或新约定时
更改 API 安全要求时
添加新包类型时(例如,新的共享库)
进行重大架构变更后
在定期清理过程中,以发现偏差
源文件
文件 用途 REVIEW.md主审查说明(仓库根目录) .gemini/INSTRUCTIONS.mdGemini Code Assist 特定说明 CLAUDE.mdClaude 代码约定(事实来源)
🇺🇸 English Preen Review Instructions
Audit the review instructions in REVIEW.md and .gemini/INSTRUCTIONS.md for completeness, accuracy, and sync with codebase patterns. Update instructions to reflect current conventions.
When to Run
Run this skill when:
Adding new patterns or conventions to the codebase
Changing API security requirements
Adding new package types (e.g., new shared libraries)
After significant architectural changes
During regular preen passes to catch drift
Source Files
File Purpose REVIEW.mdMaster review instructions (repo root) .gemini/INSTRUCTIONS.mdGemini Code Assist specific instructions
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
联系我们 AGENTS.md
compliance/infrastructure-controls.md跨框架哨兵索引
发现阶段
1. 检查 REVIEW.md 部分是否存在且为最新版本 echo "=== REVIEW.md sections ==="
rg '^##' REVIEW.md | head -20
echo "=== Last modified ==="
git log -1 --format="%ci" -- REVIEW.md
2. 查找审查说明中未涵盖的新模式 # 未提及的新路由文件
echo "=== Recent route additions ==="
git log --since="30 days ago" --name-only --pretty=format: -- 'packages/api/src/routes/**/*.ts' | sort -u | head -10
# 未提及的新共享组件
echo "=== Recent component additions ==="
git log --since="30 days ago" --name-only --pretty=format: -- 'packages/*/src/components/**/*.tsx' | sort -u | head -10
# 新包目录
echo "=== Package structure ==="
ls -d packages/*/ 2>/dev/null | head -10
3. 检查 CLAUDE.md/AGENTS.md 中 REVIEW.md 未包含的规则 # TypeScript 规则
echo "=== CLAUDE.md TypeScript mentions ==="
rg -i 'typescript|any|cast|@ts-' CLAUDE.md | head -10
# 安全规则
echo "=== CLAUDE.md security mentions ==="
rg -i 'security|auth|permission|injection' CLAUDE.md | head -10
4. 检查 .gemini/INSTRUCTIONS.md 与 REVIEW.md 的同步情况 echo "=== Gemini INSTRUCTIONS sections ==="
rg '^##' .gemini/INSTRUCTIONS.md | head -20
# 比较部分数量
echo "=== Section comparison ==="
echo "REVIEW.md sections: $(rg '^##' REVIEW.md | wc -l)"
echo "Gemini sections: $(rg '^##' .gemini/INSTRUCTIONS.md | wc -l)"
5. 验证审查脚本是否引用了说明 echo "=== Review script prompt analysis ==="
rg -A5 'PROMPT=' scripts/solicitClaudeCodeReview.sh | head -15
rg -A5 'PROMPT=' scripts/solicitCodexReview.sh 2>/dev/null | head -15 || true
6. 检查审查说明中的安全和合规性覆盖范围 # 检查 REVIEW.md 是否有安全部分
echo "=== REVIEW.md security coverage ==="
rg -c 'Security|OWASP|injection|auth' REVIEW.md
# 检查合规文档引用
echo "=== Compliance references in REVIEW.md ==="
rg -c 'compliance/|sentinel|TL-' REVIEW.md
# 检查 infrastructure-controls.md 是否存在并包含哨兵
echo "=== Infrastructure controls sentinel count ==="
rg -c 'TL-[A-Z]+-[0-9]+' compliance/infrastructure-controls.md
# 检查框架对等性
echo "=== Framework document counts ==="
for fw in HIPAA NIST.SP.800-53 SOC2; do
echo "$fw policies: $(ls compliance/$fw/policies/*.md 2>/dev/null | wc -l | tr -d ' ')"
done
# 检查 REVIEW.md 是否提及哨兵工作流
echo "=== Sentinel workflow in REVIEW.md ==="
rg 'Adding New Sentinel|COMPLIANCE_SENTINEL' REVIEW.md | head -5
问题类别 类别 严重性 操作 缺少新模式部分 中等 向 REVIEW.md 添加部分,同步到 Gemini 包结构过时 低 更新 REVIEW.md 中的包列表 Gemini 说明出现偏差 中等 将 .gemini/INSTRUCTIONS.md 与 REVIEW.md 同步 缺少安全规则 高 从 CLAUDE.md 添加安全指导 审查脚本未使用说明 中等 更新脚本以包含 REVIEW.md 内容 缺少合规性部分 高 添加合规文档指导 缺少哨兵工作流 高 添加添加新哨兵的说明 合规性框架对等性差距 中等 确保所有框架具有同等覆盖范围
修复策略
添加新部分
确定要记录的模式或约定
在适当标题下向 REVIEW.md 添加部分
向 .gemini/INSTRUCTIONS.md 添加精简版本
更新 REVIEW.md 底部的版本历史
同步文件 # 比较部分标题
diff <(rg '^##' REVIEW.md | sort) <(rg '^##' .gemini/INSTRUCTIONS.md | sort)
确保 REVIEW.md 中的关键部分在 .gemini/INSTRUCTIONS.md 中有对应的条目。
更新审查脚本 如果 solicitClaudeCodeReview.sh 未引用 REVIEW.md:
# 读取并包含说明
INSTRUCTIONS=$(cat REVIEW.md | head -100)
PROMPT="Review using these guidelines:
$INSTRUCTIONS
[Rest of prompt...]"
添加安全和合规性指导
检查 /preen-api-security 技能 以获取要记录的安全模式检查 compliance/infrastructure-controls.md 以获取哨兵模式添加安全部分 ,涵盖 OWASP 十大安全意识添加合规性部分 ,解释何时更新合规文档添加哨兵工作流 ,解释如何添加新的安全控制
身份验证/授权检查要求
SQL 注入预防(参数化查询)
输入验证要求
敏感数据处理
OWASP 十大快速参考
文档三元组结构(策略/程序/控制映射)
哨兵命名约定(TL-<类别>-<编号>)
何时需要更新合规性(新身份验证、新审计、基础设施变更)
如何向 infrastructure-controls.md 添加新哨兵
更新合规文档工作流
向 compliance/infrastructure-controls.md 添加哨兵 ,包含:
遵循命名约定的哨兵 ID
控制描述
位置(文件路径)
框架映射(SOC2、NIST、HIPAA)
在每个框架中创建/更新文档三元组 :
compliance/<FW>/policies/NN-topic-policy.mdcompliance/<FW>/procedures/NN-topic-procedure.mdcompliance/<FW>/technical-controls/NN-topic-control-map.md
更新每个框架目录中的 POLICY_INDEX.md 在策略文档中添加 COMPLIANCE_SENTINEL 注释 : <!-- COMPLIANCE_SENTINEL: TL-NEW-001 | policy=path | procedure=path | control=description -->
工作流
发现 :运行发现命令以查找差距优先级排序 :首先关注缺少的安全指导创建分支 :git checkout -b docs/review-instructions-<date>更新 REVIEW.md :添加缺少的部分/模式同步 .gemini/INSTRUCTIONS.md :更新以匹配验证 :再次运行发现以确认覆盖范围提交和合并 :运行 /commit-and-push,然后运行 /enter-merge-queue
防护措施
未经明确理由,请勿删除现有部分
保持 .gemini/INSTRUCTIONS.md 简洁(Gemini 有令牌限制)
保持 REVIEW.md 和 .gemini/INSTRUCTIONS.md 之间的同步
请勿逐字复制 CLAUDE.md/AGENTS.md 内容 - 引用或总结
质量标准
REVIEW.md 中记录了所有主要的代码库模式.gemini/INSTRUCTIONS.md 涵盖与 REVIEW.md 相同的主题(精简版)安全指导完整且最新
版本历史为最新
说明文件之间没有矛盾
记录了合规文档工作流(哨兵系统、文档三元组)
包含 OWASP 十大安全意识
提供了添加新安全控制和哨兵的说明
包含对 compliance/infrastructure-controls.md 和 /preen-compliance-docs 的交叉引用
指标 # 计算潜在差距
GAPS=0
# 检查缺失部分
[ -z "$(rg 'TypeScript Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'API Security' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'React Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Database Performance' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Testing Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
# 检查安全和合规性覆盖范围
[ -z "$(rg 'Security and Compliance' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'OWASP' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Adding New Sentinel' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'COMPLIANCE_SENTINEL' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'infrastructure-controls.md' REVIEW.md)" ] && GAPS=$((GAPS + 1))
# 检查 gemini 安全覆盖范围
[ -z "$(rg 'Security' .gemini/INSTRUCTIONS.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'compliance/' .gemini/INSTRUCTIONS.md)" ] && GAPS=$((GAPS + 1))
# 检查 gemini 同步情况
REVIEW_SECTIONS=$(rg '^## ' REVIEW.md | wc -l)
GEMINI_SECTIONS=$(rg '^## ' .gemini/INSTRUCTIONS.md | wc -l)
[ "$GEMINI_SECTIONS" -lt $((REVIEW_SECTIONS / 2)) ] && GAPS=$((GAPS + 1))
echo "$GAPS"
令牌效率 # 限制发现输出
git log --since="30 days ago" --name-only --pretty=format: | head -30
# 抑制验证输出
git commit -S -m "message" >/dev/null
git push >/dev/null
Claude Code conventions (source of truth)
AGENTS.mdCodex conventions (source of truth)
compliance/Compliance documentation (security controls)
compliance/infrastructure-controls.mdCross-framework sentinel index
Discovery Phase
1. Check REVIEW.md sections exist and are current echo "=== REVIEW.md sections ==="
rg '^##' REVIEW.md | head -20
echo "=== Last modified ==="
git log -1 --format="%ci" -- REVIEW.md
2. Find new patterns not covered in review instructions # New route files not mentioned
echo "=== Recent route additions ==="
git log --since="30 days ago" --name-only --pretty=format: -- 'packages/api/src/routes/**/*.ts' | sort -u | head -10
# New shared components not mentioned
echo "=== Recent component additions ==="
git log --since="30 days ago" --name-only --pretty=format: -- 'packages/*/src/components/**/*.tsx' | sort -u | head -10
# New package directories
echo "=== Package structure ==="
ls -d packages/*/ 2>/dev/null | head -10
3. Check for rules in CLAUDE.md/AGENTS.md not in REVIEW.md # TypeScript rules
echo "=== CLAUDE.md TypeScript mentions ==="
rg -i 'typescript|any|cast|@ts-' CLAUDE.md | head -10
# Security rules
echo "=== CLAUDE.md security mentions ==="
rg -i 'security|auth|permission|injection' CLAUDE.md | head -10
4. Check .gemini/INSTRUCTIONS.md sync with REVIEW.md echo "=== Gemini INSTRUCTIONS sections ==="
rg '^##' .gemini/INSTRUCTIONS.md | head -20
# Compare section counts
echo "=== Section comparison ==="
echo "REVIEW.md sections: $(rg '^##' REVIEW.md | wc -l)"
echo "Gemini sections: $(rg '^##' .gemini/INSTRUCTIONS.md | wc -l)"
5. Verify review scripts reference instructions echo "=== Review script prompt analysis ==="
rg -A5 'PROMPT=' scripts/solicitClaudeCodeReview.sh | head -15
rg -A5 'PROMPT=' scripts/solicitCodexReview.sh 2>/dev/null | head -15 || true
6. Check security and compliance coverage in review instructions # Check REVIEW.md has security section
echo "=== REVIEW.md security coverage ==="
rg -c 'Security|OWASP|injection|auth' REVIEW.md
# Check for compliance documentation references
echo "=== Compliance references in REVIEW.md ==="
rg -c 'compliance/|sentinel|TL-' REVIEW.md
# Check infrastructure-controls.md exists and has sentinels
echo "=== Infrastructure controls sentinel count ==="
rg -c 'TL-[A-Z]+-[0-9]+' compliance/infrastructure-controls.md
# Check for framework parity
echo "=== Framework document counts ==="
for fw in HIPAA NIST.SP.800-53 SOC2; do
echo "$fw policies: $(ls compliance/$fw/policies/*.md 2>/dev/null | wc -l | tr -d ' ')"
done
# Check REVIEW.md mentions sentinel workflow
echo "=== Sentinel workflow in REVIEW.md ==="
rg 'Adding New Sentinel|COMPLIANCE_SENTINEL' REVIEW.md | head -5
Issue Categories Category Severity Action Missing section for new pattern Medium Add section to REVIEW.md, sync to Gemini Outdated package structure Low Update package list in REVIEW.md Gemini instructions drift Medium Sync .gemini/INSTRUCTIONS.md with REVIEW.md Security rule missing High Add security guidance from CLAUDE.md Review script not using instruct. Medium Update script to include REVIEW.md content Missing compliance section High Add compliance documentation guidance Missing sentinel workflow High Add instructions for adding new sentinels Compliance framework parity gap Medium Ensure all frameworks have equal coverage
Fix Strategies
Adding a New Section
Identify the pattern or convention to document
Add section to REVIEW.md under appropriate heading
Add condensed version to .gemini/INSTRUCTIONS.md
Update version history at bottom of REVIEW.md
Syncing Files # Compare section headers
diff <(rg '^##' REVIEW.md | sort) <(rg '^##' .gemini/INSTRUCTIONS.md | sort)
Ensure key sections from REVIEW.md have corresponding entries in .gemini/INSTRUCTIONS.md.
Updating Review Scripts If solicitClaudeCodeReview.sh doesn't reference REVIEW.md:
# Read and include instructions
INSTRUCTIONS=$(cat REVIEW.md | head -100)
PROMPT="Review using these guidelines:
$INSTRUCTIONS
[Rest of prompt...]"
Adding Security and Compliance Guidance When security or compliance guidance is missing from review instructions:
Check/preen-api-security skill for security patterns to documentCheckcompliance/infrastructure-controls.md for sentinel patternsAdd security section covering OWASP top 10 awarenessAdd compliance section explaining when to update compliance docsAdd sentinel workflow explaining how to add new security controls Required content for security section:
Authentication/authorization check requirements
SQL injection prevention (parameterized queries)
Input validation requirements
Sensitive data handling
OWASP Top 10 quick reference
Required content for compliance section:
Document triad structure (policy/procedure/control-map)
Sentinel naming convention (TL-<CATEGORY>-<NUMBER>)
When compliance updates are required (new auth, new audit, infra changes)
How to add new sentinels to infrastructure-controls.md
Updating Compliance Documentation Workflow When new security controls need compliance documentation:
Add sentinel to compliance/infrastructure-controls.md with:
Sentinel ID following naming convention
Control description
Location (file path)
Framework mappings (SOC2, NIST, HIPAA)
Create/update document triad in each framework:
compliance/<FW>/policies/NN-topic-policy.mdcompliance/<FW>/procedures/NN-topic-procedure.mdcompliance/<FW>/technical-controls/NN-topic-control-map.md
Update POLICY_INDEX.md in each framework directory
Add COMPLIANCE_SENTINEL comments in policy documents:
<!-- COMPLIANCE_SENTINEL: TL-NEW-001 | policy=path | procedure=path | control=description -->
Workflow
Discovery : Run discovery commands to find gapsPrioritize : Focus on missing security guidance firstCreate branch : git checkout -b docs/review-instructions-<date>Update REVIEW.md : Add missing sections/patternsSync .gemini/INSTRUCTIONS.md : Update to matchValidate : Run discovery again to confirm coverageCommit and merge : Run /commit-and-push, then /enter-merge-queue If no issues found during discovery, do not create a branch.
Guardrails
Do not remove existing sections without explicit justification
Keep .gemini/INSTRUCTIONS.md concise (Gemini has token limits)
Maintain sync between REVIEW.md and .gemini/INSTRUCTIONS.md
Do not duplicate CLAUDE.md/AGENTS.md content verbatim - reference or summarize
Quality Bar
All major codebase patterns documented in REVIEW.md
.gemini/INSTRUCTIONS.md covers same topics as REVIEW.md (condensed)Security guidance complete and up-to-date
Version history current
No contradictions between instruction files
Compliance documentation workflow documented (sentinel system, document triads)
OWASP Top 10 awareness included
Instructions for adding new security controls and sentinels present
Cross-references to compliance/infrastructure-controls.md and /preen-compliance-docs
Metric The quality metric is the count of missing or stale sections:
# Count potential gaps
GAPS=0
# Check for missing sections
[ -z "$(rg 'TypeScript Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'API Security' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'React Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Database Performance' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Testing Standards' REVIEW.md)" ] && GAPS=$((GAPS + 1))
# Check for security and compliance coverage
[ -z "$(rg 'Security and Compliance' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'OWASP' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'Adding New Sentinel' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'COMPLIANCE_SENTINEL' REVIEW.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'infrastructure-controls.md' REVIEW.md)" ] && GAPS=$((GAPS + 1))
# Check gemini security coverage
[ -z "$(rg 'Security' .gemini/INSTRUCTIONS.md)" ] && GAPS=$((GAPS + 1))
[ -z "$(rg 'compliance/' .gemini/INSTRUCTIONS.md)" ] && GAPS=$((GAPS + 1))
# Check gemini sync
REVIEW_SECTIONS=$(rg '^## ' REVIEW.md | wc -l)
GEMINI_SECTIONS=$(rg '^## ' .gemini/INSTRUCTIONS.md | wc -l)
[ "$GEMINI_SECTIONS" -lt $((REVIEW_SECTIONS / 2)) ] && GAPS=$((GAPS + 1))
echo "$GAPS"
Token Efficiency # Limit discovery output
git log --since="30 days ago" --name-only --pretty=format: | head -30
# Suppress validation output
git commit -S -m "message" >/dev/null
git push >/dev/null
On failure, re-run without suppression to see errors.
