代码评审自动化工具 - 安全、质量、测试覆盖率智能分析 | reviewing-code

reviewing-code by dhruvbaldawa/ccconfigs

1 周安装量

20 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/dhruvbaldawa/ccconfigs --skill reviewing-code

自动化代码质量安全

🇨🇳中文介绍

评审

给定任务文件路径 .plans/<project>/review/NNN-task.md：

评审代理

并行启动 3 个专业代理（仅限 FULL 评审）：

安全守门员 (security-reviewer): OWASP Top 10、注入、认证、密钥
质量守护者 (quality-guardian): 错误处理、边界情况、可维护性
测试审计员 (test-coverage-analyzer): 覆盖率缺口、测试质量、行为覆盖率

每个代理在其代理文件中都有完整的指令。它们对其负责的领域负责。

评审分流

首先，从任务文件中读取 **implementation_metadata:** 并确定评审级别。

FULL 评审触发条件

如果满足以下任何条件，则分流至 FULL 评审（所有 3 个代理）：

基于严重性：

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

LIGHTWEIGHT 评审触发条件

如果满足以下所有条件，则分流至 LIGHTWEIGHT 评审（快速扫描，无代理）：

无 severity_indicators 存在
无 complexity_indicators 存在
was_stuck: false
research_agents_used: none
files_changed < 10
lines_changed < 500

报告分流决策：

评审级别: [LIGHTWEIGHT | FULL]
原因: [选择此级别的原因]

LIGHTWEIGHT 评审流程

无需启动专业代理的快速验证。速度更快，但能捕获明显问题。

加载关键模式（如果存在）：
- 检查是否存在 .plans/<project>/critical-patterns.md
- 如果存在，根据所有模式检查实现
- 任何违规 = CRITICAL 发现 → 升级到 FULL 评审
基线检查：
- 对列出的文件运行 git diff
- 运行测试以验证通过
- 检查标记为 [x] 的验证复选框
- 评分（每项 0-100）：安全、质量、性能、测试
快速扫描明显问题：
- 空的 catch 块：catch \(.*\) \{\s*\}
- 硬编码密钥：password\s*=\s*["'], api_key\s*=\s*["'], secret\s*=\s*["']
- 生产代码中的 Console.log（测试代码中除外）
- 关键路径上缺少错误处理（有 try 无 catch，Promise 无 .catch）
- 业务逻辑中未经解释的魔法数字/字符串
升级检查：
- 如果发现任何 HIGH 或 CRITICAL 问题 → 升级到 FULL 评审
- 报告：⚠️ 升级到 FULL 评审: [原因]
- 然后继续下面的 FULL 评审流程
LIGHTWEIGHT 批准/拒绝：
- 如果没有 HIGH/CRITICAL 问题 → 批准
- 更新状态并附加备注（见下面的 LIGHTWEIGHT 格式）
- 报告：✅ 评审完成 (LIGHTWEIGHT)。状态: [状态]

LIGHTWEIGHT 批准格式

**review (LIGHTWEIGHT):**
安全: [N]/100 | 质量: [N]/100 | 性能: [N]/100 | 测试: [N]/100

评审级别: LIGHTWEIGHT
原因: [无严重性/复杂性指标，范围小]

工作结果已验证: ✓ [描述]
验证: [N]/[N] 通过
完整测试套件: [M]/[M] 通过
差异: [N] 行

快速扫描: 通过
- 无空 catch 块
- 无硬编码密钥
- 生产代码中无 console.log
- 存在错误处理

已批准 → 完成

LIGHTWEIGHT 拒绝格式（升级到 FULL）

如果 LIGHTWEIGHT 发现问题，它会升级到 FULL 评审，而不是直接拒绝。

启动所有 3 个专业代理进行全面评审。用于安全敏感、复杂或高风险变更。

加载关键模式（如果存在）：
- 检查是否存在 .plans/<project>/critical-patterns.md
- 如果存在，验证实现遵循所有模式
- 任何违规 = CRITICAL 发现（阻止批准）
- 在代理上下文中包含模式违规以进行彻底评审
初始评审 :
- 对列出的文件运行 git diff
- 阅读测试文件
- 运行测试以验证通过
- 检查标记为 [x] 的验证复选框
- 评分（每项 0-100）：安全、质量、性能、测试
专业评审（并行代理） : 并行启动所有 3 个代理。每个代理必须：
- 就其负责的领域做出明确的 APPROVE 或 REJECT 决定
- 签署其决定："I, [角色], certify this code is [APPROVED/REJECTED] because..."
- 提供包含 file:line 引用的具体发现
- 评定严重性：CRITICAL（阻止）/ HIGH / MEDIUM / LOW
- 评定置信度：0-100%
- 为每个发现建议修复方案
整合发现 :
- 将初始评审与代理发现合并
- 按置信度/严重性过滤：
  - CRITICAL : 安全 90-100 置信度，质量 CRITICAL，测试缺口 9-10
  - HIGH : 安全 70-89，质量 HIGH，测试缺口 7-8
  - MEDIUM : 安全 50-69，质量 MEDIUM，测试缺口 5-6
- 丢弃低置信度问题 (<50)
总体决定 :
- 批准要求：所有 3 位评审员批准（无 CRITICAL 发现）
- 拒绝如果：任何评审员拒绝或存在任何 CRITICAL 发现
使用编辑工具更新任务状态 :
- 如果批准：找到 **Status:** [当前状态] → 替换为 **Status:** APPROVED
- 如果拒绝：找到 **Status:** [当前状态] → 替换为 **Status:** REJECTED
附加备注（见下文格式）
在项目级日志中跟踪发现（见下文）
报告完成

初始评审后，使用 Task 工具并行调用所有三个代理。

必需的输出格式（所有代理）：

决定：APPROVE 或 REJECT
签名："I, [角色], certify this code is [APPROVED/REJECTED] because..."
发现：file:line，严重性/关键性，置信度，描述，修复方案

Task( description: "安全评审", prompt: "任务文件: [路径] | 文件: [列表] | 使用标准输出格式。", subagent_type: "experimental:review:security-reviewer" )

Task( description: "质量评审", prompt: "任务文件: [路径] | 文件: [列表] | 使用标准输出格式。", subagent_type: "experimental:review:quality-guardian" )

Task( description: "测试覆盖率评审", prompt: "任务文件: [路径] | 测试文件: [列表] | 实现文件: [列表] | 使用标准输出格式。", subagent_type: "experimental:review:test-coverage-analyzer" )

在单个消息中调用所有三个 Task 以并行运行它们。

**review:**
安全: 90/100 | 质量: 95/100 | 性能: 95/100 | 测试: 90/100

工作结果已验证: ✓ [描述]
验证: 4/4 通过
完整测试套件: [M]/[M] 通过
差异: [N] 行

**评审员决定:**
- 安全守门员: 批准 - "I, Security Gatekeeper, certify this code is APPROVED because [原因]"
- 质量守护者: 批准 - "I, Quality Guardian, certify this code is APPROVED because [原因]"
- 测试审计员: 批准 - "I, Test Auditor, certify this code is APPROVED because [原因]"

**发现（用于跟踪）:**
- [任何不阻止但应跟踪的 HIGH/MEDIUM 发现]

已批准 → 完成

**review:**
安全: 65/100 | 质量: 85/100 | 性能: 90/100 | 测试: 75/100

**评审员决定:**
- 安全守门员: 拒绝 - "I, Security Gatekeeper, certify this code is REJECTED because [原因]"
- 质量守护者: 批准 - "I, Quality Guardian, certify this code is APPROVED because [原因]"
- 测试审计员: 拒绝 - "I, Test Auditor, certify this code is REJECTED because [原因]"

**CRITICAL 问题（必须修复）:**
1. [安全/质量/测试] - [描述] - [file:line] - [置信度/严重性]
2. [安全/质量/测试] - [描述] - [file:line] - [置信度/严重性]

**HIGH 问题（应修复）:**
1. [安全/质量/测试] - [描述] - [file:line] - [置信度/严重性]

**必需操作:**
- [操作 1 - 处理 CRITICAL 发现]
- [操作 2 - 处理阻止性问题]
- [操作 3 - 考虑 HIGH 发现]

已拒绝 → 实现

评审后，追加到 .plans/<project>/review-findings.md：

## [任务 NNN] - [时间戳]

**决定:** [APPROVED/REJECTED]

**评审员决定:**
- 安全守门员: [APPROVED/REJECTED]
- 质量守护者: [APPROVED/REJECTED]
- 测试审计员: [APPROVED/REJECTED]

**发现:**
- [已修复/已延期]: [发现] - [解决方案或延期原因]

这将在项目中创建所有评审发现的永久记录。

如果出现以下任何情况，必须拒绝：

任何评审员拒绝
安全评分 <80
任何 CRITICAL 发现（安全 90-100 置信度，质量 CRITICAL，测试缺口 9-10）
测试失败
验证未完成
工作结果未达成

在以下情况下，可以批准（即使有 HIGH 发现）：

所有 3 位评审员批准
安全评分 ≥80
无 CRITICAL 发现
HIGH 发现包含可接受的理由说明
所有测试通过
验证完成

当评审完成（状态更新为 APPROVED 或 REJECTED）时：

LIGHTWEIGHT: 报告 ✅ 评审完成 (LIGHTWEIGHT)。状态: [状态]
FULL: 报告 ✅ 评审完成 (FULL)。状态: [状态]

🇺🇸English

Review

Given task file path .plans/<project>/review/NNN-task.md:

Review Agents

Launch 3 specialized agents in parallel (FULL review only):

Security Gatekeeper (security-reviewer): OWASP Top 10, injection, auth, secrets
Quality Guardian (quality-guardian): Error handling, edge cases, maintainability
Test Auditor (test-coverage-analyzer): Coverage gaps, test quality, behavioral coverage

Each agent has full instructions in its agent file. They are accountable for their domain.

Review Triage

FIRST , read **implementation_metadata:** from task file and determine review tier.

FULL Review Triggers

Route to FULL review (all 3 agents) if ANY of these are true:

Severity-based:

severity_indicators contains: auth, password, token, session, jwt, crypto, encrypt, secret, payment, billing, migration, permission, api_key

Complexity-based:

complexity_indicators contains: state-machine, external-api, async-patterns, database-migration

History-based:

was_stuck: true
research_agents_used is not empty/none

Quantitative (supporting):

files_changed >= 10
lines_changed >= 500

LIGHTWEIGHT Review Triggers

Route to LIGHTWEIGHT review (quick scan, no agents) if ALL of these are true:

No severity_indicators present
No complexity_indicators present
was_stuck: false
research_agents_used: none
files_changed < 10
lines_changed < 500

Report triage decision:

Review tier: [LIGHTWEIGHT | FULL]
Reason: [why this tier was selected]

LIGHTWEIGHT Review Process

Quick validation without launching specialized agents. Faster but catches obvious issues.

Load Critical Patterns (if exists):
- Check for .plans/<project>/critical-patterns.md
- If exists, check implementation against ALL patterns
- Any violation = CRITICAL finding → escalate to FULL review
Baseline checks:
- Run git diff on Files listed
- Run tests to verify passing
- Check Validation checkboxes marked [x]
- Score (0-100 each): Security, Quality, Performance, Tests
Quick scan for obvious issues:
- Empty catch blocks: catch \(.*\) \{\s*\}
- Hardcoded secrets: password\s*=\s*["'], api_key\s*=\s*["'], secret\s*=\s*["']

LIGHTWEIGHT Approval Format

**review (LIGHTWEIGHT):**
Security: [N]/100 | Quality: [N]/100 | Performance: [N]/100 | Tests: [N]/100

Review tier: LIGHTWEIGHT
Reason: [No severity/complexity indicators, small scope]

Working Result verified: ✓ [description]
Validation: [N]/[N] passing
Full test suite: [M]/[M] passing
Diff: [N] lines

Quick scan: PASSED
- No empty catch blocks
- No hardcoded secrets
- No console.log in production code
- Error handling present

APPROVED → completed

LIGHTWEIGHT Rejection Format (Escalates to FULL)

If LIGHTWEIGHT finds issues, it escalates to FULL review rather than rejecting directly.

FULL Review Process

Launch all 3 specialized agents for comprehensive review. Use for security-sensitive, complex, or high-risk changes.

Load Critical Patterns (if exists):
- Check for .plans/<project>/critical-patterns.md
- If exists, verify implementation follows ALL patterns
- Any violation = CRITICAL finding (blocks approval)
- Include pattern violations in agent context for thorough review
Initial Review :
- Run git diff on Files listed
- Read test files
- Run tests to verify passing
- Check Validation checkboxes marked [x]
- Score (0-100 each): Security, Quality, Performance, Tests
Specialized Review (Parallel Agents) : Launch all 3 agents in parallel. Each must:
- Make a clear APPROVE or REJECT decision for their domain
- Sign their decision: "I, [Role], certify this code is [APPROVED/REJECTED] because..."
- Provide specific findings with file:line references
- Rate severity: CRITICAL (blocks) / HIGH / MEDIUM / LOW
- Rate confidence: 0-100%
- Suggest fixes for each finding
Consolidate Findings :
- Combine initial review with agent findings
- Filter by confidence/severity:

Invoking Specialized Agents

After initial review, invoke all three agents in parallel using the Task tool.

Required output format (all agents):

Decision: APPROVE or REJECT
Signed: "I, [Role], certify this code is [APPROVED/REJECTED] because..."
Findings: file:line, Severity/Criticality, Confidence, Description, Fix

Task( description: "Security review", prompt: "Task file: [path] | Files: [list] | Use standard output format.", subagent_type: "experimental:review:security-reviewer" )

Task( description: "Quality review", prompt: "Task file: [path] | Files: [list] | Use standard output format.", subagent_type: "experimental:review:quality-guardian" )

Task( description: "Test coverage review", prompt: "Task file: [path] | Test files: [list] | Impl files: [list] | Use standard output format.", subagent_type: "experimental:review:test-coverage-analyzer" )

Call all three Task invocations in a single message to run them in parallel.

FULL Approval Format

**review:**
Security: 90/100 | Quality: 95/100 | Performance: 95/100 | Tests: 90/100

Working Result verified: ✓ [description]
Validation: 4/4 passing
Full test suite: [M]/[M] passing
Diff: [N] lines

**Reviewer Decisions:**
- Security Gatekeeper: APPROVED - "I, Security Gatekeeper, certify this code is APPROVED because [reason]"
- Quality Guardian: APPROVED - "I, Quality Guardian, certify this code is APPROVED because [reason]"
- Test Auditor: APPROVED - "I, Test Auditor, certify this code is APPROVED because [reason]"

**Findings (for tracking):**
- [Any HIGH/MEDIUM findings that don't block but should be tracked]

APPROVED → completed

FULL Rejection Format

**review:**
Security: 65/100 | Quality: 85/100 | Performance: 90/100 | Tests: 75/100

**Reviewer Decisions:**
- Security Gatekeeper: REJECTED - "I, Security Gatekeeper, certify this code is REJECTED because [reason]"
- Quality Guardian: APPROVED - "I, Quality Guardian, certify this code is APPROVED because [reason]"
- Test Auditor: REJECTED - "I, Test Auditor, certify this code is REJECTED because [reason]"

**CRITICAL Issues (must fix):**
1. [Security/Quality/Test] - [Description] - [file:line] - [Confidence/Severity]
2. [Security/Quality/Test] - [Description] - [file:line] - [Confidence/Severity]

**HIGH Issues (should fix):**
1. [Security/Quality/Test] - [Description] - [file:line] - [Confidence/Severity]

**Required actions:**
- [Action 1 - address CRITICAL findings]
- [Action 2 - address blocking issues]
- [Action 3 - consider HIGH findings]

REJECTED → implementation

Review Findings Log

After review, append to .plans/<project>/review-findings.md:

## [Task NNN] - [timestamp]

**Decision:** [APPROVED/REJECTED]

**Reviewer Decisions:**
- Security Gatekeeper: [APPROVED/REJECTED]
- Quality Guardian: [APPROVED/REJECTED]
- Test Auditor: [APPROVED/REJECTED]

**Findings:**
- [FIXED/DEFERRED]: [finding] - [resolution or reason for deferral]

This creates a permanent record of all review findings across the project.

Blocking Thresholds

Must REJECT if any:

Any reviewer REJECTS
Security score <80
Any CRITICAL findings (Security 90-100 confidence, Quality CRITICAL, Test gaps 9-10)
Tests failing
Validation incomplete
Working Result not achieved

Can APPROVE with HIGH findings if:

All 3 reviewers APPROVE
Security score ≥80
No CRITICAL findings
HIGH findings include justification why acceptable
All tests passing
Validation complete

Completion

When review is complete (status updated to APPROVED or REJECTED):

LIGHTWEIGHT: Report ✅ Review complete (LIGHTWEIGHT). Status: [STATUS]
FULL: Report ✅ Review complete (FULL). Status: [STATUS]

Weekly Installs

Repository

dhruvbaldawa/ccconfigs

GitHub Stars

First Seen

1 day ago

Security Audits

Gen Agent Trust HubPass SocketPass SnykPass

Installed on

zencoder1

amp1

cline1

openclaw1

opencode1

cursor1

通过 LiteLLM 代理让 Claude Code 对接 GitHub Copilot 运行 | 高级变通方案指南

31,600 周安装

Console.log in production code (not in tests)

Missing error handling on critical paths (try without catch, Promise without .catch)

Magic numbers/strings without explanation in business logic

Escalation check:

If any HIGH or CRITICAL issues found → Escalate to FULL review
Report: ⚠️ Escalating to FULL review: [reason]
Then proceed to FULL Review Process below

LIGHTWEIGHT Approval/Rejection:

If no HIGH/CRITICAL issues → APPROVE
Update status and append notes (see LIGHTWEIGHT formats below)
Report: ✅ Review complete (LIGHTWEIGHT). Status: [STATUS]

CRITICAL : Security 90-100 confidence, Quality CRITICAL, Test gaps 9-10

HIGH : Security 70-89, Quality HIGH, Test gaps 7-8

MEDIUM : Security 50-69, Quality MEDIUM, Test gaps 5-6

Drop low-confidence issues (<50)

Overall Decision :

APPROVE requires: All 3 reviewers APPROVE (no CRITICAL findings)
REJECT if: Any reviewer REJECTS OR any CRITICAL findings exist

Update task status using Edit tool:

If approved: Find **Status:** [current status] → Replace **Status:** APPROVED
If rejected: Find **Status:** [current status] → Replace **Status:** REJECTED

Append notes (see formats below)

Track findings in project-level log (see below)

Report completion