--- name: code-review-workflow description: "Structured expert code review for TSL/C++/Python diffs or patches. Triggers: code review, review PR, diff, 评审, 审查, 安全评审, 性能评审." --- # Code Review Workflow ## When to Use This Skill - Review a PR / `git diff` / patch - Pre-merge quality gate (correctness/security/perf/tests) - Risky refactor, behavior change, auth/data path changes ## Inputs (required) - Change set: PR link or `git diff ...` output (must include context) - Goal: expected behavior / acceptance criteria (1–3 sentences) - Risk level: low|med|high (default: med) - Verification: test commands / repro steps (if unknown, ask first) ## Procedure 1. **Triage** - Identify touched areas, public APIs, behavior changes, data/auth paths - Classify risk (blast radius, rollback difficulty) 2. **Correctness** - Invariants, edge cases, error handling, null/empty, concurrency - Backward compatibility (inputs/outputs, wire formats, config) 3. **Security** - AuthZ/AuthN boundaries, least privilege - Input validation, injection surfaces, secrets/log redaction 4. **Maintainability** - Naming/structure/style aligned with Playbook docs - Complexity hotspots, duplication, clarity of intent 5. **Performance** - Hot paths, algorithmic complexity, allocations/IO, N+1 patterns 6. **Tests & Verification** - Map changes → tests; identify missing coverage - Provide minimal verification plan (commands + expected signals) ## Review Standards (Playbook as authority) - Commit message: `docs/common/commit_message.md` - TSL: `docs/tsl/code_style.md`, `docs/tsl/naming.md`, `docs/tsl/toolchain.md` - C++: `docs/cpp/code_style.md`, `docs/cpp/naming.md`, `docs/cpp/toolchain.md` - Python: `docs/python/style_guide.md`, `docs/python/tooling.md`, `docs/python/configuration.md` ## Output Contract (stable) - Summary: what changed & why - Risk: low|med|high + reasoning - Blockers: must-fix before merge (with file/line references when possible) - Non-blocking: Major / Minor / Nit - Questions: missing context / assumptions - Suggested verification: exact commands + what success looks like - Optional patch: minimal diff-style suggestions (only when unambiguous)