菜单
Ad-hoc PR/diff/file review. No track context needed. Four dimensions — security, performance, correctness, maintainability. Use for one-off reviews when you don't have or don't need a Draft track.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Performs an exhaustive 14-dimension bug hunt across the codebase using Draft context (architecture, tech-stack, product) for false-positive elimination. Generates a severity-ranked report with code evidence, data flow traces, and suggested fixes. Optionally writes regression tests. Use when the user asks to find bugs, audit code for defects, scan for vulnerabilities, or says 'hunt bugs', 'find bugs', or 'code audit'.
Structured debugging session. Reproduce, isolate, diagnose, and fix bugs using systematic investigation. Invoked by /draft:new-track for bug tracks or directly for ad-hoc debugging.
Decompose project or track into modules with dependency mapping. Project scope updates architecture.md and derives .ai-context.md. Track scope generates hld.md (always) and lld.md (when --lld or High-complexity module triggers it) — design-mandated artifacts that drive implement, deploy-checklist, and upload sign-off.
Single-module production readiness audit (ACID, resilience, observability). Use to audit one service/module end-to-end — NOT for diff/PR review (use review / quick-review) or bug-finding sweeps (use bughunt).
Pre-deployment verification checklist. Generates customized checklists based on tech-stack with rollback triggers. Auto-invoked by /draft:upload.
Lists Draft's canonical workflow commands, explains the Context-Driven Development flow (init, plan, implement, review), and recommends the appropriate next step. Use when the user asks about available Draft commands, needs help choosing a workflow step, or says 'what can Draft do', 'help', or 'show commands'.
| name | quick-review |
| description | Ad-hoc PR/diff/file review. No track context needed. Four dimensions — security, performance, correctness, maintainability. Use for one-off reviews when you don't have or don't need a Draft track. |
You are performing a lightweight, ad-hoc code review. This is the fast alternative to /draft:review — no track context needed, focused on a specific PR, diff, or file set.
When draft/graph/schema.yaml exists, this skill must follow the graph-first lookup contract in core/shared/graph-query.md §Mandatory Lookup Contract. Quick-review keeps the graph load light:
draft/graph/hotspots.jsonl for every changed file (Step 2 blast-radius pre-check below).scripts/tools/graph-callers.sh --repo . --symbol <name> to enumerate the call sites before claiming "no other usages".Filesystem grep is reserved for source-text scans (literal strings, regex patterns). Symbol and caller discovery go through the graph.
See shared red flags — applies to all code-touching skills.
Skill-specific:
Read the code. Ground every finding in a specific line.
Before starting, capture the current git state:
git branch --show-current # Current branch name
git rev-parse --short HEAD # Current commit hash
Store this for the review report header. The review is scoped to this specific branch/commit.
ls draft/ 2>/dev/null
If draft/ exists, read and follow core/shared/draft-context-loading.md. This enriches review with project patterns, guardrails, and accepted patterns from tech-stack.md. Layer 0.5 of that procedure includes loading the relevant core/guardrails/language-standards.md section for the project stack — apply those standards in Dimension 4 (Maintainability) and Dimension 3 (Correctness) for language-specific patterns.
If no draft context, proceed with generic review — still valuable.
Check for arguments:
/draft:quick-review — Review staged changes (git diff --cached) or current branch diff/draft:quick-review <file> — Review specific file(s)/draft:quick-review <PR-URL> — Review a pull request (via GitHub/GitHub MCP)/draft:quick-review <commit-range> — Review specific commitsDetermine the diff to review:
get_change_detail, get_change_diff) or GitHubgit diff <range>git diff HEAD~1..HEAD (last commit)draft/graph/hotspots.jsonl exists)Before the four-dimension review, check if any files in scope appear in draft/graph/hotspots.jsonl. If any file has a fanIn in the top 20% of the list, add this warning at the top of the review report:
⚠ HIGH IMPACT: {file} is a high-fanIn hotspot (fanIn={N}). Changes here propagate to many callers — review with extra care.
If no hotspot data exists or no file matches, skip silently.
Review the code across four dimensions. For each finding, cite the specific file:line.
Load core/guardrails/security.md before this dimension. Apply the 5-step security reasoning chain (identify goal → check hard red lines SEC-01…SEC-10 → assess blast radius → trace generative paths → classify). Any hard red line violation is automatically Critical.
If a violation has a // SECURITY-OVERRIDE: <ticket> <justification> annotation, downgrade to Important and include the ticket in the finding.
[RC-005, SEC-10][RC-003][RC-002, RC-011, SEC-03][RC-001, SEC-01][SEC-04][SEC-06][RC-006, SEC-05]Classify each finding:
| Severity | Action | Description |
|---|---|---|
| Critical | Must fix before merge | Security vulnerabilities, data corruption risks, crashes |
| Important | Should fix | Performance issues, logic bugs, error handling gaps |
| Suggestion | Nice to have | Style improvements, refactoring opportunities, documentation |
Present findings organized by severity:
## Quick Review: {scope description}
**Reviewer:** Draft Quick Review
**Scope:** {files/PR/commits reviewed}
**Date:** {ISO_TIMESTAMP}
### Summary
- Critical: {count}
- Important: {count}
- Suggestion: {count}
### Verdict: {PASS | PASS WITH NOTES | NEEDS CHANGES}
### Findings
#### Critical
1. **[finding title]** — `file:line`
[description and recommendation]
#### Important
...
#### Suggestion
...
### What Went Well
[2-3 positive observations about the code — good patterns, clean logic, thorough error handling]
If track-scoped, save to draft/tracks/<id>/quick-review-<timestamp>.md.
Also check core/guardrails/dependency-triage.md if the diff modifies a dependency manifest file.
MANDATORY: Include YAML frontmatter with git metadata when saving. Follow core/shared/git-report-metadata.md.
Include the report header table immediately after frontmatter:
| Field | Value |
|-------|-------|
| **Branch** | `{LOCAL_BRANCH}` → `{REMOTE/BRANCH}` |
| **Commit** | `{SHORT_SHA}` — {COMMIT_MESSAGE} |
| **Generated** | {ISO_TIMESTAMP} |
| **Synced To** | `{FULL_SHA}` |
Before printing the review report, internally verify and report:
grep/find run, state the concept it searched for.If draft/graph/schema.yaml does not exist, set Graph files queried: NONE and use justification graph data unavailable.
Emit the canonical footer from core/shared/graph-usage-report.md §Canonical footer. The lint hook scripts/tools/check-graph-usage-report.sh validates the section on save.
/draft:implement at phase boundaries as lightweight alternative to full review/draft:review if critical findings require deeper analysis/draft:learn (findings update guardrails via pattern learning)/draft:review for full three-stage analysis"/draft:deep-review for security audit"core/shared/jira-sync.mdIf no diff/file found: "No changes to review. Specify a file, PR URL, or commit range."
If MCP unavailable for PR: Fall back to local git diff. "GitHub/GitHub MCP unavailable. Reviewing local diff instead."
If no draft context: Proceed with generic review patterns. Note: "Review enriched when draft context is available (run /draft:init)."