// Agent 交叉审查 —— 两个独立视角审查代码变更/计划/实现,合成综合审查报告。安全+正确性视角 vs 架构+可维护性视角,降低单次审查盲区。
| name | sns-workflow:review |
| description | Agent 交叉审查 —— 两个独立视角审查代码变更/计划/实现,合成综合审查报告。安全+正确性视角 vs 架构+可维护性视角,降低单次审查盲区。 |
| user-invocable | true |
| allowed-tools | Bash, Read, Write, Grep, Glob |
通过两个独立视角对代码变更、计划或实现进行交叉审查,降低单次审查盲区。
审查范围:
--diff(默认):审查暂存区变更(git diff --cached)--plan:审查计划产物(.snsplay/task/plan/)--code:审查实现产物(.snsplay/task/impl-result.json)审查视角:
SHELL_DIR="${CLAUDE_PLUGIN_ROOT:-plugins/sns-workflow}/scripts"
source "$SHELL_DIR/skill-logger.sh"
sns_skill_start "review" "$*"
ROOT=$(git rev-parse --show-toplevel 2>/dev/null || echo "${PWD}")
TASK_DIR="$ROOT/.snsplay/task"
MODE="diff"
for arg in "$@"; do
case "$arg" in
--plan) MODE="plan" ;;
--code) MODE="code" ;;
--diff) MODE="diff" ;;
esac
done
echo "=== 交叉审查 ==="
echo "审查模式: $MODE"
# 检查产物依赖
if [[ "$MODE" == "plan" ]] && [[ ! -f "$TASK_DIR/plan/manifest.json" ]]; then
echo "错误: 缺少计划产物 ($TASK_DIR/plan/manifest.json)"
echo "请先运行规划阶段"
exit 1
fi
if [[ "$MODE" == "code" ]] && [[ ! -f "$TASK_DIR/impl-result.json" ]]; then
echo "错误: 缺少实现产物 ($TASK_DIR/impl-result.json)"
echo "请先运行实现阶段"
exit 1
fi
根据审查模式收集相关上下文。
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
REVIEW_ID="review-${TIMESTAMP}"
if [[ "$MODE" == "diff" ]]; then
DIFF=$(git diff --cached --stat 2>/dev/null)
FULL_DIFF=$(git diff --cached 2>/dev/null)
CHANGED_FILES=$(git diff --cached --name-only 2>/dev/null)
echo ""
echo "=== 变更统计 ==="
echo "${DIFF:-(无暂存变更)}"
echo ""
echo "变更文件:"
echo "${CHANGED_FILES:-(无)}"
fi
if [[ "$MODE" == "plan" ]]; then
echo ""
echo "=== 计划产物 ==="
if [[ -f "$TASK_DIR/plan/manifest.json" ]]; then
cat "$TASK_DIR/plan/manifest.json"
fi
echo ""
echo "=== 计划步骤 ==="
ls "$TASK_DIR/plan/steps/"*.json 2>/dev/null || echo "无计划步骤"
echo ""
if [[ -f "$TASK_DIR/user-story/manifest.json" ]]; then
echo "=== 用户故事 ==="
cat "$TASK_DIR/user-story/manifest.json"
fi
fi
if [[ "$MODE" == "code" ]]; then
echo ""
echo "=== 实现结果 ==="
if [[ -f "$TASK_DIR/impl-result.json" ]]; then
cat "$TASK_DIR/impl-result.json"
fi
echo ""
echo "=== 实现步骤 ==="
ls "$TASK_DIR/impl-steps/"*.json 2>/dev/null || echo "无实现步骤文件"
echo ""
if [[ -f "$TASK_DIR/plan/manifest.json" ]]; then
echo "=== 原始计划 ==="
cat "$TASK_DIR/plan/manifest.json"
fi
fi
审查指令: 以下是一个独立的审查任务。请仅从安全和正确性视角审查以下内容,忽略架构和风格问题。
审查范围:
审查对象:
diff: 审查上方 git diff 中的全部变更plan: 审查 $TASK_DIR/plan/manifest.json 及相关步骤文件code: 审查 $TASK_DIR/impl-result.json 及相关实现步骤输出要求: 为每个发现生成以下 JSON 对象:
{
"id": "A-001",
"severity": "critical|high|medium|low|info",
"category": "injection|auth|data_exposure|edge_case|error_handling|dependency",
"location": "相对路径:行号",
"description": "问题描述",
"suggestion": "修复建议",
"evidence": "相关代码片段"
}
如果无任何发现,输出 [] 并声明"安全+正确性审查通过"。
审查指令: 以下是一个独立的审查任务。请仅从架构和可维护性视角审查以下内容,忽略安全和权限问题。这是第二次独立审查,不要重复视角 A 的发现。
审查范围:
审查对象: 与步骤 3 相同的审查对象
输出要求: 为每个发现生成以下 JSON 对象:
{
"id": "B-001",
"severity": "critical|high|medium|low|info",
"category": "cohesion|coupling|naming|testability|abstraction|duplication|organization|tech_debt",
"location": "相对路径:行号",
"description": "问题描述",
"suggestion": "修复建议",
"evidence": "相关代码片段"
}
如果无任何发现,输出 [] 并声明"架构+可维护性审查通过"。
将视角 A 和视角 B 的发现合并:
must_fix(critical/high severity,阻止批准)advisory(medium/low/info,信息性建议)overall_status: "needs_changes"overall_status: "approved"将完整结果写入 $TASK_DIR/review-${TIMESTAMP}.json,格式如下:
{
"id": "review-${TIMESTAMP}",
"review_type": "${MODE}",
"timestamp": "$(date -u +%Y-%m-%dT%H:%M:%SZ)",
"files_reviewed": ["变更文件列表"],
"diff_summary": "简要变更说明",
"pass_a": {
"perspective": "security+correctness",
"findings": [视角 A 的全部发现]
},
"pass_b": {
"perspective": "architecture+maintainability",
"findings": [视角 B 的全部发现]
},
"synthesis": {
"must_fix": [必须修复的发现],
"advisory": [建议性发现],
"deduplicated": 去重数量,
"overall_status": "approved|needs_changes",
"summary": "综合审查结论(2-3 句话)"
}
}
确保 artifact 文件存在且内容完整。如果 $TASK_DIR 不存在,先 mkdir -p "$TASK_DIR"。
如果步骤 5 判定为 approved,跳过此步骤,直接进入步骤 6。
如果步骤 5 判定为 needs_changes(存在 must_fix 发现),执行修复循环:
MAX_ROUNDS=3
current_round=0
review_artifact="$TASK_DIR/review-${TIMESTAMP}.json"
循环逻辑(agent 执行,非 bash):
对于每一轮(最多 MAX_ROUNDS 轮):
读取 $TASK_DIR/review-${TIMESTAMP}.json(或最新 review artifact),提取 synthesis.must_fix 列表。
如果 must_fix 为空或 overall_status 为 approved,退出循环。
对 must_fix 中的每条发现:
location(文件:行号)suggestion 执行修复(使用 Edit 工具)修复完成后,git add 变更文件。
对修复后的变更重新执行步骤 3(视角 A)和步骤 4(视角 B),但仅审查修复相关的变更(git diff --cached),而非全部原始变更。
按步骤 5 的逻辑重新去重、分类、排序,生成新的 review artifact:
$TASK_DIR/review-${TIMESTAMP}-round{N}.jsonround 字段标记轮次must_fix 为空 → overall_status: "approved",退出循环current_round=$((current_round + 1))
ROUND_ARTIFACT="$TASK_DIR/review-${TIMESTAMP}-round${current_round}.json"
echo ""
echo "--- 修复重审第 $current_round 轮 ---"
echo "Artifact: $ROUND_ARTIFACT"
达到 MAX_ROUNDS 后仍有 must_fix 发现时:
overall_status: "needs_changes"max_rounds_reached: trueecho ""
echo "修复重审: 已达最大轮次 ($MAX_ROUNDS)"
echo "剩余 must_fix 问题已记录,请手动处理"
输出审查结论:
ARTIFACT="$TASK_DIR/review-${TIMESTAMP}.json"
if [[ -f "$ARTIFACT" ]]; then
echo ""
echo "=== review 完成 ==="
echo "审查 ID: ${REVIEW_ID}"
echo "审查模式: $MODE"
echo "Artifact: $ARTIFACT"
# 统计发现
MUST_FIX_COUNT=$(grep -c '"severity": "critical"\|"severity": "high"' "$ARTIFACT" 2>/dev/null || echo "0")
ADVISORY_COUNT=$(grep -c '"severity": "medium"\|"severity": "low"\|"severity": "info"' "$ARTIFACT" 2>/dev/null || echo "0")
echo ""
echo "审查结果:"
echo " must_fix: $MUST_FIX_COUNT 项"
echo " advisory: $ADVISORY_COUNT 项"
echo ""
if [[ "$MUST_FIX_COUNT" -gt 0 ]]; then
echo "状态: needs_changes — 需要修复 $MUST_FIX_COUNT 项问题后再提交"
else
echo "状态: approved — 审查通过"
fi
else
echo "错误: 审查 artifact 未生成"
sns_skill_error "审查 artifact 未生成"
exit 1
fi
sns_skill_end "success"
[HINT] Download the complete skill directory including SKILL.md and all related files