home / skills / leavesfly / jimi / code-review

code-review skill

safe

This skill guides thorough code reviews by applying best practices across quality, safety, performance, and testing to improve Java code.

npx playbooks add skill leavesfly/jimi --skill code-review

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

2.6 KB

---
name: code-review
description: 代码审查最佳实践指南
version: 1.0.0
category: development
triggers:
  - code review
  - 代码审查
  - review code
  - 审查代码
  - code quality
---

# 代码审查技能包

当进行代码审查时，请遵循以下专业指南和检查清单。

## 审查检查清单

### 1. 代码质量

- **编码规范**：代码是否遵循项目的编码规范和风格指南
- **命名规范**：变量、方法、类名是否清晰易懂，符合语义
- **代码重复**：是否存在重复代码，能否提取公共方法或工具类
- **逻辑清晰**：代码逻辑是否简洁明了，避免过度复杂的嵌套和条件分支
- **注释质量**：关键逻辑是否有适当注释，注释是否准确有效

### 2. 潜在问题

- **空指针安全**：是否正确处理了可能为null的对象
- **边界条件**：数组、列表访问是否检查边界，循环边界是否正确
- **异常处理**：异常是否被正确捕获和处理，是否有异常吞噬
- **并发安全**：多线程环境下是否存在竞态条件、死锁风险
- **资源泄漏**：文件、连接、流等资源是否正确关闭

### 3. 性能考量

- **算法效率**：是否使用了合适的算法和数据结构
- **数据库查询**：是否存在N+1查询问题，是否可以优化SQL
- **内存使用**：是否存在内存泄漏风险，大对象是否及时释放
- **循环优化**：循环中是否有不必要的重复计算或对象创建

### 4. 安全性

- **输入验证**：用户输入是否经过充分验证和过滤
- **SQL注入**：数据库查询是否使用参数化查询防止注入
- **敏感信息**：密码、密钥等敏感信息是否加密存储
- **权限控制**：是否有适当的权限检查和访问控制

### 5. 测试覆盖

- **单元测试**：关键逻辑是否有对应的单元测试
- **边界测试**：是否测试了边界条件和异常情况
- **测试质量**：测试用例是否有效，是否能真正验证功能

## 审查输出格式

请按以下结构化格式输出审查结果：

**严重问题**（如有）：
- [文件名:行号] 问题描述及风险说明

**改进建议**：
- [文件名:行号] 具体的改进建议和推荐做法

**优点**：
- 值得肯定的代码设计和实现亮点

**总体评价**：
简要总结代码质量和建议

## 审查原则

1. **建设性反馈**：提出问题的同时给出具体的改进建议
2. **客观公正**：基于标准和最佳实践，避免主观臆断
3. **优先级明确**：区分严重问题和改进建议
4. **示例代码**：必要时提供改进后的示例代码

Overview

This skill provides a practical, structured code review checklist and template tailored for Java projects. It distills best practices for quality, safety, performance, security, and testing into actionable review steps. The skill is focused on producing constructive, prioritized feedback and a consistent review report format.

How this skill works

The skill inspects code against a concise checklist covering coding style, naming, duplication, logic clarity, null-safety, boundary checks, exception handling, concurrency, resource management, performance, security, and test coverage. It generates a structured review output with sections for severe issues, improvement suggestions, positives, and an overall assessment. Reviewers receive prioritized, concrete recommendations and optional example code snippets when fixes are non-trivial.

When to use it

Before merging feature branches into main or release branches
During pull request reviews to ensure consistency and risk reduction
For periodic codebase health checks and refactor validation
When onboarding new team members to enforce style and design norms
Prior to performance-sensitive releases or security audits

Best practices

Focus on constructive, specific feedback and include suggested fixes or code samples
Prioritize findings: mark critical defects separately from stylistic suggestions
Verify null-safety and boundary conditions where dereferences or indexing occur
Check for duplicated logic and prefer extracting reusable methods or utilities
Validate exception handling paths and ensure resources are closed reliably
Ensure tests cover core logic, edge cases, and failure scenarios

Example use cases

Review a pull request implementing a new REST endpoint to catch SQL injection and missing permission checks
Evaluate a refactor that extracts shared logic to prevent accidental duplication and regressions
Audit concurrency fixes to confirm thread-safety and absence of deadlock risks
Assess performance hotspots by reviewing algorithm choices and database query patterns
Validate test coverage after adding new business rules or boundary conditions

FAQ

How should I format review findings?

Use a structured report: list severe issues with file:line and risk, then improvement suggestions, positives, and a brief overall assessment.

What counts as a severe issue?

Severe issues include correctness bugs, security vulnerabilities, resource leaks, data loss risks, and concurrency defects that can cause crashes or data corruption.