一键导入
code-review-expert
Expert code review of current git changes with a senior engineer lens: SOLID, security, performance, error handling, boundary conditions.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Expert code review of current git changes with a senior engineer lens: SOLID, security, performance, error handling, boundary conditions.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
| name | code-review-expert |
| description | Expert code review of current git changes with a senior engineer lens: SOLID, security, performance, error handling, boundary conditions. |
Expert code review of current git changes with a senior engineer lens. Detects SOLID violations, security risks, performance issues, error handling gaps, boundary condition bugs, and dead code — then proposes actionable improvements.
/code-review-expert [target] [--commit <range>] [--strict]
| Argument | Description |
|---|---|
target | File or directory to review (default: current git changes) |
--commit <range> | Review a specific commit or range (e.g., HEAD~3..HEAD) |
--strict | Apply stricter thresholds — flag P2/P3 issues more aggressively |
| Level | Name | Description | Action |
|---|---|---|---|
| P0 | Critical | Security vulnerability, data loss risk, correctness bug | Must block merge |
| P1 | High | Logic error, significant SOLID violation, performance regression | Should fix before merge |
| P2 | Medium | Code smell, maintainability concern, minor SOLID violation | Fix in this PR or create follow-up |
| P3 | Low | Style, naming, minor suggestion | Optional improvement |
When this skill is invoked:
Autonomy:
Thoroughness:
.claude/rules/ (auto-loaded)prd/00_technology.md for technology-specific patternsgit status -sb, git diff --stat, and git diff to scope changes.target is specified, scope to those files. If --commit is specified, use git diff <range>.rg or grep to find related modules, usages, and contracts.Edge cases:
.claude/references/solid-checklist.md for specific prompts..claude/references/removal-plan.md for template..claude/references/security-checklist.md for coverage..claude/agents/security-reviewer.md for the security perspective..claude/references/code-quality-checklist.md for coverage.Structure the review as follows:
## Code Review Summary
**Files reviewed**: X files, Y lines changed
**Overall assessment**: [APPROVE / REQUEST_CHANGES / COMMENT]
---
## Findings
### P0 — Critical
(none or list)
### P1 — High
1. **[file:line]** Brief title
- Description of issue
- Suggested fix
### P2 — Medium
2. (continue numbering across sections)
- ...
### P3 — Low
...
---
## Removal/Iteration Plan
(if applicable)
## Additional Suggestions
(optional improvements, not blocking)
Inline comments: Use this format for file-specific findings:
::code-comment{file="path/to/file.ts" line="42" severity="P1"}
Description of the issue and suggested fix.
::
Clean review: If no issues found, explicitly state:
After presenting findings, ask user how to proceed:
---
## Next Steps
I found X issues (P0: _, P1: _, P2: _, P3: _).
**How would you like to proceed?**
1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed
Please choose an option or provide specific instructions.
Important: Do NOT implement any changes until user explicitly confirms. This is a review-first workflow.
| File | Purpose |
|---|---|
.claude/references/solid-checklist.md | SOLID smell prompts and refactor heuristics |
.claude/references/security-checklist.md | Web/app security and runtime risk checklist |
.claude/references/code-quality-checklist.md | Error handling, performance, boundary conditions |
.claude/references/removal-plan.md | Template for deletion candidates and follow-up plan |
$ /code-review-expert
Scoping changes... 8 files, 342 lines changed
Loading review checklists...
## Code Review Summary
**Files reviewed**: 8 files, 342 lines changed
**Overall assessment**: REQUEST_CHANGES
---
## Findings
### P0 — Critical
(none)
### P1 — High
1. **src/services/payment.ts:89** Race condition in balance deduction
- Check-then-act pattern: balance is read, checked, then deducted in separate operations
- Suggested fix: Use `SELECT FOR UPDATE` or atomic `UPDATE WHERE balance >= amount`
2. **src/api/users.ts:34** Missing ownership check (IDOR)
- Any authenticated user can access other users' data via `GET /users/:id`
- Suggested fix: Add `where: { id: params.id, orgId: req.user.orgId }`
### P2 — Medium
3. **src/services/order.ts:12-45** SRP violation — mixed concerns
- Order service handles validation, pricing, inventory, and notifications
- Suggested fix: Extract `PricingService` and `NotificationService`
4. **src/api/orders.ts:67** Swallowed exception in error handler
- `catch (e) { return null }` hides failures from callers
- Suggested fix: Log error with context and throw a typed `OrderError`
### P3 — Low
5. **src/models/user.ts:8** Missing max length on `name` field
- Could allow unbounded string storage
- Suggested fix: Add `@MaxLength(255)` constraint
---
## Next Steps
I found 5 issues (P0: 0, P1: 2, P2: 2, P3: 1).
**How would you like to proceed?**
1. **Fix all** — I'll implement all suggested fixes
2. **Fix P0/P1 only** — Address critical and high priority issues
3. **Fix specific items** — Tell me which issues to fix
4. **No changes** — Review complete, no implementation needed
Write a structured handoff at session end. Preserves context so the next agent can resume without human briefing. Invoke before ending any feature session longer than 30 minutes.
Multi-perspective code review against project standards with P1/P2/P3 severity classification. Works in Claude Code (Agent + optional GitHub MCP) and Cursor (Task subagents + gh/git). Use when the user invokes /review, asks for a PR or diff review, or wants a standards-aligned review with severity tags.
Multi-perspective code review (P1/P2/P3) for Cursor: inline checklists plus three parallel Task subagents (perf-auditor, security-reviewer, simplicity-reviewer with combined data-integrity prompt). Use when the user invokes /review, asks for a PR review, or wants repo-standard findings with severity.
Create well-formatted git commits following conventional commit standards.
Red→green→refactor discipline for new behavior — forces a failing test before implementation and a passing test before any claim of done.
Create or manage a git worktree for isolated parallel development — lets multiple agents work in the repo simultaneously without branch collisions.