| name | comprehensive-code-review |
| description | Code review for ACE Engine (OpenHarmony ArkUI) covering C++/JS/TS/ArkTS. Analyzes 19+ dimensions: stability, performance, threading, security, memory, Modern C++ practices, SOLID principles, design patterns, robustness, testability, maintainability, observability, API design, technical debt, backward compatibility. Reports severity levels, refactoring suggestions, and ACE Engine checks (Pattern/Model/Property, component lifecycle, RefPtr/WeakPtr, four-layer architecture). Use when: reviewing PRs, analyzing code quality, enforcing standards, identifying technical debt, validating architecture, generating quality reports. |
Comprehensive Code Review for ACE Engine
Quick Start
Perform comprehensive code review analysis directly with AI:
"Review the code in frameworks/core/components_ng for memory management issues"
"Analyze this pull request focusing on security vulnerabilities"
"Check path/to/code.cpp for ACE Engine architecture compliance"
Review Workflow
Phase 1: Code Analysis
AI will analyze code across all relevant dimensions based on:
- Reading the code files - Understanding implementation details
- Applying reference standards - Using criteria from references/ directory
- Checking against ACE Engine patterns - Validating project-specific conventions
Phase 2: Dimension-Based Review
Review code across 19+ dimensions. See DIMENSIONS.md for complete coverage.
High-Priority Dimensions:
- Security (CRITICAL) - Input validation, command injection, buffer overflows
- Memory (CRITICAL) - Smart pointers, leaks, ownership semantics
- Threading (HIGH) - Data races, deadlocks, callback safety
- Stability (HIGH) - Error handling, boundary conditions
Medium-Priority Dimensions:
- Performance - Algorithm complexity, optimization opportunities
- SOLID Principles - Single responsibility, Open/Closed, etc.
- Code Smells - Long methods, large classes, duplicate code
- Testability - Dependency injection, decoupling
Phase 3: Report Generation
AI generates comprehensive review report including:
- Executive Summary - Issue counts by severity
- Critical Issues (🔴) - Must fix before merge
- High Priority Issues (🟠) - Should fix before merge
- Medium Priority Issues (🟡) - Fix soon
- Low Priority Issues (🟢) - Nice to have
- Dimension Breakdown - Issues grouped by category
- File-by-File Details - Specific line numbers and code snippets
- Recommendations - Prioritized action items with before/after examples
- Review Checklist - Pre-merge verification
Dimension Reference
Quick reference to all dimensions:
ACE Engine Specific Checks
Architecture Validation
Four-Layer Architecture:
Frontend Bridge Layer
↓
Component Framework Layer (Pattern/Model/Property)
↓
Layout/Render Layer
↓
Platform Adapter Layer (OHOS/Preview)
Check:
- No violations of layer boundaries
- Proper use of Pattern/Model/Property separation
- No direct platform calls from framework layer
Component Structure
components_ng/pattern/<component>/
├── *_pattern.h/cpp # Business logic & lifecycle
├── *_model.h/cpp # Data model interface
├── *_layout_property.h/cpp # Layout properties
├── *_paint_property.h/cpp # Render properties
└── *_event_hub.h/cpp # Event handling
RefPtr Usage
auto node = AceType::MakeRefPtr<FrameNode>();
auto pattern = AceType::DynamicCast<MenuPattern>(node->GetPattern());
if (!pattern) {
LOGE("Failed to get pattern");
return false;
}
class Child {
WeakPtr<Parent> parent_;
};
auto weak = AceType::WeakClaim(this);
PostTask([weak]() {
auto pattern = AceType::DynamicCast<MenuPattern>(weak.Upgrade());
if (pattern) pattern->Update();
});
Naming Conventions
class MenuPattern {
public:
void OnModifyDone();
int GetWidth() const;
private:
int width_;
std::string component_id_;
};
constexpr int MAX_MENU_ITEMS = 100;
Severity Levels
🔴 CRITICAL - Must fix before merge
- Security vulnerabilities (command injection, buffer overflow)
- Memory leaks in long-running processes
- Use-after-free, double-free
- Data races
- Crashes / undefined behavior
- Architecture violations
🟠 HIGH - Should fix before merge
- Performance degradation
- API violations
- SOLID principle violations
- Major code smells (Large Class, Shotgun Surgery)
- Improper RefPtr usage
- Unsafe callback captures
🟡 MEDIUM - Fix soon
- Minor performance issues
- Code smells (Long Method, Duplicate Code)
- Style violations
- Missing error handling in non-critical paths
🟢 LOW - Nice to have
- Missing comments
- Minor style issues
- Optimization opportunities
- Code documentation improvements
Common Issue Patterns
| Pattern | Dimension | Severity | Detection |
|---|
| Raw pointer instead of RefPtr | Memory | HIGH | new T() without RefPtr |
| Command injection | Security | CRITICAL | system(user_input) |
| Buffer overflow | Security | CRITICAL | strcpy(), sprintf() |
| Unsafe this capture | Threading | HIGH | [this] in PostTask |
| Long method (>50 lines) | Code Smell | MEDIUM | Function length |
| Large class (>500 lines) | Code Smell | HIGH | Class size |
| Missing null check | Stability | HIGH | Pointer use without validation |
| static_cast instead of DynamicCast | Memory | MEDIUM | static_cast<T*> |
Usage Examples
Review a Pull Request
"Review the changes in this PR with focus on memory management and threading safety"
AI will:
- Analyze all changed files
- Check memory management (RefPtr, WeakPtr, raw pointers)
- Verify threading safety (callback captures, PostTask usage)
- Report issues with line numbers and severity
Security Audit
"Perform a security audit of path/to/code, focusing on input validation and potential vulnerabilities"
AI will check for:
- Command injection risks (system() calls)
- Buffer overflow vulnerabilities (strcpy, sprintf)
- Unvalidated user input
- Unsafe type casts
Memory Leak Detection
"Analyze frameworks/core/components for potential memory leaks and improper RefPtr usage"
AI will identify:
- Raw new/delete without smart pointers
- Circular references without WeakPtr
- Missing null checks after DynamicCast
- Improper ownership semantics
Architecture Compliance Check
"Verify that components_ng/menu follows the four-layer architecture and Pattern/Model/Property separation"
AI will validate:
- Four-layer architecture compliance
- Pattern/Model/Property separation
- No layer boundary violations
- Component lifecycle methods (OnModifyDone, etc.)
Integration Examples
Pre-commit Hook
For pre-commit hooks, consider using traditional static analysis tools:
#!/bin/bash
CHANGED_FILES=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(cpp|cc|cxx|h|hpp|ts|tsx)$')
if [ -n "$CHANGED_FILES" ]; then
echo "Running basic static analysis..."
for file in $CHANGED_FILES; do
if [[ $file == *.cpp || $file == *.h ]]; then
clang-tidy $file --checks='*' || true
elif [[ $file == *.ts ]]; then
eslint $file || true
fi
done
fi
Manual Review Workflow
For comprehensive AI-powered review:
- Identify code to review (PR, specific files, directory)
- Request review with specific focus areas
- AI analyzes code using reference standards
- Review results with severity-tagged issues
- Address critical and high-priority issues
- Re-request review for verification
References
Detailed documentation for all dimensions in references/:
Assets
Review Checklist
Before merging code:
Code Quality:
Architecture:
Memory:
Security:
Testing: