代码审查手册 - 高效代码审查框架与最佳实践指南 | 提升代码质量与团队协作

code-review-playbook by yonatangross/orchestkit

128 周安装量

141 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/yonatangross/orchestkit --skill code-review-playbook

团队协作开发代码质量

🇨🇳中文介绍

包含钩子

此技能使用 Claude 钩子，可自动响应事件执行代码。安装前请仔细审查。

代码审查手册

此技能提供了一个全面的框架，用于进行有效的代码审查，以提高代码质量、分享知识并促进协作。无论您是提供反馈的审查者，还是准备代码以供审查的作者，本手册都能确保审查过程全面、一致且富有建设性。

概述

审查拉取请求或合并请求
准备待审查的代码（自审）
为团队建立代码审查标准
培训新开发者掌握审查最佳实践
解决关于代码质量的分歧
改进审查流程和效率

代码审查理念

代码审查的目的

代码审查服务于多个目的：

质量保证：捕获错误、逻辑错误和边界情况
知识共享：在团队中传播领域知识
一致性：确保代码库遵循约定和模式
指导：帮助开发者提升技能
集体所有权：建立对代码的共同责任
文档：创建供未来参考的讨论历史

原则

保持友善和尊重：

审查代码，而非审查人
假设积极的意图
赞扬好的解决方案
以建设性的方式提出反馈

保持具体和可操作：

指向具体的代码行
解释 为什么 需要更改
建议具体的改进方案
在必要时提供示例

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

约定俗成的注释

issue [blocking]: Missing error handling for API call
If the API returns a 500 error, this will crash. Add try/catch.

security [blocking]: API endpoint is not authenticated
The /api/admin/users endpoint is missing auth middleware.

加载 Read("${CLAUDE_SKILL_DIR}/references/conventional-comments.md") 以获取完整格式、标签（praise、nitpick、suggestion、issue、question、security、bug、breaking）、修饰符（[blocking]、[non-blocking]、[if-minor]）和示例。

检查上下文：

阅读 PR/MR 描述
理解目的和范围
审查关联的工单或问题
检查 CI/CD 流水线状态

验证自动化检查：

测试通过
代码检查无错误
类型检查通过
代码覆盖率达标
无合并冲突

小型 PR (< 200 行): 15-30 分钟
中型 PR (200-500 行): 30-60 分钟
大型 PR (> 500 行): 1-2 小时（或要求拆分）

高层次审查 (5-10 分钟)
- 阅读 PR 描述并理解意图
- 浏览所有更改的文件以获得概览
- 验证方法在架构上合理
- 检查更改是否符合所述目的
详细审查 (20-45 分钟)
- 逐行代码审查
- 检查逻辑、边界情况、错误处理
- 验证测试覆盖了新代码
- 查找安全漏洞
- 确保代码遵循团队约定
测试考虑 (5-10 分钟)
- 测试是否全面？
- 测试是否验证了正确的内容？
- 边界情况是否覆盖？
- 测试数据是否真实？
文档检查 (5 分钟)
- 复杂部分是否有注释？
- 公共 API 是否有文档？
- 破坏性更改是否注明？
- 如果需要，README 是否已更新？

提供明确决定：

✅ 批准：代码已准备好合并
💬 评论：已提供反馈，无需操作
🔄 请求更改：问题必须在合并前解决

及时回答问题
在更改后进行重新审查
问题解决后批准
感谢作者处理反馈

可读性：代码易于理解
命名：变量和函数具有清晰、描述性的名称
注释：复杂逻辑有解释
格式：代码遵循团队风格指南
DRY：没有不必要的重复
SOLID 原则：代码在适用时遵循 SOLID
函数大小：函数专注且 < 50 行
圈复杂度：函数复杂度 < 10

身份验证：受保护的端点需要身份验证
授权：用户只能访问自己的数据
输入清理：防止 SQL 注入、XSS
密钥管理：没有硬编码的凭据或 API 密钥
加密：敏感数据在存储和传输时加密
速率限制：端点受到保护，防止滥用

对于审查者：

阅读 PR 描述并理解意图
检查自动化检查是否通过
进行高层次审查（架构、方法）
进行详细审查（逻辑、边界情况、测试）
使用约定俗成的注释进行清晰沟通
提供决定：批准、评论或请求更改

编写清晰的 PR 描述
在请求审查前进行自审
确保所有自动化检查通过
保持 PR 专注且大小合理 (< 400 行)
及时、尊重地回应反馈
进行请求的更改或解释理由

技能版本 : 2.0.0 最后更新 : 2026-01-08 维护者 : AI Agent Hub Team

ork:architecture-patterns - 在代码审查期间强制执行测试和架构最佳实践
security-scanning - 自动化安全检查，以补充手动审查
ork:testing-unit - 在审查期间验证的单元测试模式

每个类别在 rules/ 目录下都有按需加载的独立规则文件：

类别	规则	影响	关键模式
TypeScript 质量	`rules/typescript-quality.md`	HIGH	No `any`、Zod 验证、穷举 switch、React 19
Python 质量	`rules/python-quality.md`	HIGH	Pydantic v2、ruff、mypy strict、async 超时
安全基线	`rules/security-baseline.md`	CRITICAL	无密钥、端点身份验证、输入验证
代码检查	`rules/linting-biome-setup.md`	HIGH	Biome 设置、ESLint 迁移、渐进式采用
代码检查	`rules/linting-biome-rules.md`	HIGH	Biome 配置、类型感知规则、CI 集成

总计：4 个类别中的 5 条规则

scripts/review-pr.md - 使用自动获取的 GitHub 数据进行动态 PR 审查
- 自动获取：PR 标题、作者、状态、更改的文件、差异统计、评论数量
- 用法：/ork:review-pr [PR-number]
- 要求：GitHub CLI (gh)
- 使用 $ARGUMENTS 和 !command 获取实时 PR 数据
assets/review-feedback-template.md - 静态审查反馈模板
assets/pr-template.md - PR 描述模板

🇺🇸English

Contains Hooks

This skill uses Claude hooks which can execute code automatically in response to events. Review carefully before installing.

Code Review Playbook

This skill provides a comprehensive framework for effective code reviews that improve code quality, share knowledge, and foster collaboration. Whether you're a reviewer giving feedback or an author preparing code for review, this playbook ensures reviews are thorough, consistent, and constructive.

Overview

Reviewing pull requests or merge requests
Preparing code for review (self-review)
Establishing code review standards for teams
Training new developers on review best practices
Resolving disagreements about code quality
Improving review processes and efficiency

Code Review Philosophy

Purpose of Code Reviews

Code reviews serve multiple purposes:

Quality Assurance : Catch bugs, logic errors, and edge cases
Knowledge Sharing : Spread domain knowledge across the team
Consistency : Ensure codebase follows conventions and patterns
Mentorship : Help developers improve their skills
Collective Ownership : Build shared responsibility for code
Documentation : Create discussion history for future reference

Principles

Be Kind and Respectful:

Review the code, not the person
Assume positive intent
Praise good solutions
Frame feedback constructively

Be Specific and Actionable:

Point to specific lines of code
Explain why something should change
Suggest concrete improvements
Provide examples when helpful

Balance Speed with Thoroughness:

Aim for timely feedback (< 24 hours)
Don't rush critical reviews
Use automation for routine checks
Focus human review on logic and design

Distinguish Must-Fix from Nice-to-Have:

Use conventional comments to indicate severity
Block merges only for critical issues
Allow authors to defer minor improvements
Capture deferred work in follow-up tickets

Conventional Comments

issue [blocking]: Missing error handling for API call
If the API returns a 500 error, this will crash. Add try/catch.

security [blocking]: API endpoint is not authenticated
The /api/admin/users endpoint is missing auth middleware.

Load Read("${CLAUDE_SKILL_DIR}/references/conventional-comments.md") for the full format, labels (praise, nitpick, suggestion, issue, question, security, bug, breaking), decorations ([blocking], [non-blocking], [if-minor]), and examples.

Review Process

1. Before Reviewing

Check Context:

Read the PR/MR description
Understand the purpose and scope
Review linked tickets or issues
Check CI/CD pipeline status

Verify Automated Checks:

Tests are passing
Linting has no errors
Type checking passes
Code coverage meets targets
No merge conflicts

Set Aside Time:

Small PR (< 200 lines): 15-30 minutes
Medium PR (200-500 lines): 30-60 minutes
Large PR (> 500 lines): 1-2 hours (or ask to split)

2. During Review

Follow a Pattern:

High-Level Review (5-10 minutes)
- Read PR description and understand intent
- Skim all changed files to get overview
- Verify approach makes sense architecturally
- Check that changes align with stated purpose
Detailed Review (20-45 minutes)
- Line-by-line code review
- Check logic, edge cases, error handling
- Verify tests cover new code
- Look for security vulnerabilities
- Ensure code follows team conventions
Testing Considerations (5-10 minutes)
- Are tests comprehensive?
- Do tests test the right things?
- Are edge cases covered?
- Is test data realistic?
Documentation Check (5 minutes)
- Are complex sections commented?
- Is public API documented?
- Are breaking changes noted?
- Is README updated if needed?

3. After Reviewing

Provide Clear Decision:

✅ Approve : Code is ready to merge
💬 Comment : Feedback provided, no action required
🔄 Request Changes : Issues must be addressed before merge

Respond to Author:

Answer questions promptly
Re-review after changes made
Approve when issues resolved
Thank author for addressing feedback

Review Checklists

General Code Quality

Readability : Code is easy to understand
Naming : Variables and functions have clear, descriptive names
Comments : Complex logic is explained
Formatting : Code follows team style guide
DRY : No unnecessary duplication
SOLID Principles : Code follows SOLID where applicable
Function Size : Functions are focused and < 50 lines
Cyclomatic Complexity : Functions have complexity < 10

Security

Authentication : Protected endpoints require auth
Authorization : Users can only access their own data
Input Sanitization : SQL injection, XSS prevented
Secrets Management : No hardcoded credentials or API keys
Encryption : Sensitive data encrypted at rest and in transit
Rate Limiting : Endpoints protected from abuse

Quick Start Guide

For Reviewers:

Read PR description and understand intent
Check that automated checks pass
Do high-level review (architecture, approach)
Do detailed review (logic, edge cases, tests)
Use conventional comments for clear communication
Provide decision: Approve, Comment, or Request Changes

For Authors:

Write clear PR description
Perform self-review before requesting review
Ensure all automated checks pass
Keep PR focused and reasonably sized (< 400 lines)
Respond to feedback promptly and respectfully
Make requested changes or explain reasoning

Skill Version : 2.0.0 Last Updated : 2026-01-08 Maintained by : AI Agent Hub Team

Related Skills

ork:architecture-patterns - Enforce testing and architectural best practices during code review
security-scanning - Automated security checks to complement manual review
ork:testing-unit - Unit testing patterns to verify during review

Rules

Each category has individual rule files in rules/ loaded on-demand:

Category	Rule	Impact	Key Pattern
TypeScript Quality	`rules/typescript-quality.md`	HIGH	No `any`, Zod validation, exhaustive switches, React 19
Python Quality	`rules/python-quality.md`	HIGH	Pydantic v2, ruff, mypy strict, async timeouts
Security Baseline	`rules/security-baseline.md`	CRITICAL	No secrets, auth on endpoints, input validation
Linting	`rules/linting-biome-setup.md`

Total: 5 rules across 4 categories

Available Scripts

scripts/review-pr.md - Dynamic PR review with auto-fetched GitHub data
- Auto-fetches: PR title, author, state, changed files, diff stats, comments count
- Usage: /ork:review-pr [PR-number]
- Requires: GitHub CLI (gh)
- Uses $ARGUMENTS and !command for live PR data
assets/review-feedback-template.md - Static review feedback template
assets/pr-template.md - PR description template

Weekly Installs

106

Repository

yonatangross/orchestkit

GitHub Stars

132

First Seen

Jan 22, 2026

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

opencode97

gemini-cli96

codex94

github-copilot93

claude-code90

cursor89

React 组合模式指南：Vercel 组件架构最佳实践，提升代码可维护性

120,000 周安装

代码审查手册 - 高效代码审查框架与最佳实践指南 | 提升代码质量与团队协作

🇨🇳中文介绍

代码审查手册

概述

代码审查理念

代码审查的目的

原则

相关 Skills

约定俗成的注释

审查流程

1. 审查前

2. 审查中

3. 审查后

审查清单

通用代码质量

安全

快速入门指南

相关技能

规则

可用脚本