Dev Code Review

Focused review on the current git working tree right before a commit. Goal: catch 规范、功能、闭环、注释、废代码 problems before they enter history.

This is NOT a full architecture review. Stay scoped to what actually changed in this diff.

Trigger routing

Use this skill when the user is preparing to commit code or asks to review the current git working tree before committing.

Trigger phrases include:

帮我 commit
我要 commit
commit 一下
commit 这个改动
准备 commit
准备提交
pre-commit
提交前检查
这次改动 review 一下
看下这次修改
commit 前看一下
I want to commit
let's commit
check before commit
review my changes

Ambiguous commit requests such as 帮我 commit / commit 一下 mean "go through the full commit flow: review first, commit message only if ready". This is the safer default path because team policy requires review before commit.

Only route to dev-commit-writer when the user explicitly says skip review, 跳过 review, 我自审过了, only message, or 只要 message.

For other workflow stages, route to the matching skill:

Fuzzy requirements before code → dev-spec
Spec to implementation plan → dev-plan
Bug investigation / root cause fix → dev-fix

Optional arguments:

--staged: limit to staged changes only
--path=<glob>: limit scope to a path glob

Step 0 — Load baseline

执行前先加载 references/dev-baseline.md。以下行为准则在本 skill 全程生效:不假设、最小代码、外科手术式改动、可验证成功标准。

baseline 与本 skill 的关联点:

不假设 —— diff 意图不明确时,在报告里以一句话标注「我对意图的理解可能是 A 或 B,请确认」,而不是默默选一个写进 commit message。
外科手术式改动 —— 评审时额外做一道 scope check:diff 是否夹带与主改动无关的「顺手优化」(格式化、邻近重构、无关注释清理)?若有,作为 P1 finding 提示拆 commit。
可验证成功标准 —— 「闭环」轴的 grep 验证就是这条准则的具体应用:新符号必须有可见 caller,这是「完成」的可验证判据。

skill 内部规则在与 baseline 冲突时以局部为准(例如严重度 rubric)。

Step 1 — Gather the change set

Run these read-only commands. They never mutate the working tree:

git status --short
git diff --stat
git diff                  # unstaged
git diff --cached         # staged
git log --oneline -10     # recent commit message style

Scope rules

If both staged and unstaged changes exist, review both but call out which is which in the report.
If $ARGUMENTS contains --staged / staged / --cached → restrict to git diff --cached.
If $ARGUMENTS contains --path=<glob> (or a bare path) → restrict to that path.
If there are zero changes → stop and tell the user. Do not invent findings.

File-reading rules

For each modified file, read the full file (not just the hunks) when the diff touches logic, so you can judge whether the change is closed-loop. Skim-only is acceptable for pure config / lockfile / generated code.

Skip / flag patterns

Skip these files' contents (mention they exist in Scope, but don't review):

Binary files (images, fonts, archives, compiled artifacts)
Lockfiles: *.lock, pnpm-lock.yaml, package-lock.json, yarn.lock, Cargo.lock, Gemfile.lock, poetry.lock, go.sum
Generated code: *.g.dart, *.freezed.dart, *.pb.go, *.pb.ts, *_pb2.py, *.gen.ts
Pure data files > 500 lines

If the diff includes paths that are usually gitignored (node_modules/, .next/, target/, dist/, build/, .venv/, __pycache__/, .DS_Store), emit a P1 finding (axis: 废码) prompting the user to check .gitignore.

Step 2 — Severity rubric (read this BEFORE judging findings)

Use this rubric to keep severity consistent across runs:

P0 (BLOCK) — any of:
- 未闭环 (new symbol / route / component / config key with no consumer)
- Secret / credential / API key / token leaked
- Clear functional defect that will fail on the first real call (null-deref guaranteed, inverted condition, broken auth check, SQL injection)
- Destructive change that breaks others' working tree (broken migration, deleted public API still in use)
P1 (FIX) — any of:
- Unhandled edge case (null / empty / 0 / negative / overflow / concurrent re-entry) where the path is reachable
- Silently swallowed errors (catch {}, except: pass, _ = err)
- Residual debug output (console.log, print, debugPrint, println!, fmt.Println, NSLog, debugger)
- Project lint config violation
- Naming / style severely inconsistent with surrounding file
- Missing input validation at a trust boundary
P2 (NIT) — any of:
- Redundant / stale / decorative comments
- Small duplicated block (one helper would do)
- Style preference, formatting, ordering
- TODO / FIXME without owner or ticket

When uncertain, prefer the lower severity. Don't inflate to look thorough.

Step 3 — Review along 5 axes

For every finding, cite path:line and tag severity using the rubric above.

SDD artifact check

Before judging the functional axis, scan .claude/artifacts/{designs,plans,fixes}/ when it exists:

If exactly one relevant artifact or one shared slug exists, use it as the review contract.
If both designs/<slug>.md and plans/<slug>.md exist, check the diff against both the spec acceptance criteria and the plan ADR.
If fixes/<slug>.md exists, check the diff against the recorded root cause, fix summary, regression test, and verification evidence.
If multiple unrelated slugs exist, do not guess; mention that artifact alignment could not be determined.

Clear divergence from an active spec, ADR, or fix artifact is a functional finding. If the implementation is reasonable but the artifact is stale, report artifact drift instead of silently accepting the mismatch.

1. 规范 (Code style & conventions)

先识别本次 diff 涉及的语言,再用该语言的官方/社区规范评审。详细的逐语言检查清单见 references/lang-conventions.md —— 只加载与本次 diff 实际涉及语言相关的小节,不要把整个文件读进来。

项目配置优先级最高:如果项目根目录存在 lint 配置(.eslintrc*、analysis_options.yaml、pyproject.toml、.golangci.yml、clippy.toml、rustfmt.toml、.editorconfig、tsconfig.json、.swiftlint.yml 等),以项目配置为准,覆盖 references 中的通用条目。

通用项(语言无关,所有语言都查):

Naming 跟随同文件/同模块邻居 —— 改动的命名风格必须和周围一致,不要一个文件里混用 camelCase 和 snake_case。
Function size sane (< ~50 行)、file size sane (< ~800 行)。仅当本次 diff 让它变得更糟时才 flag。
No deep nesting (>4) introduced by this change.
No hardcoded secrets, API keys, tokens, absolute local paths, personal info.
No 调试输出残留 (console.log / print / debugPrint / println! / fmt.Println / NSLog / debugger 等)。
Imports / use / require 被实际使用,没有新增未使用的导入。
Errors handled explicitly at boundaries; no silently swallowed catch {} / except: pass / _ = err。
Immutability respected where the surrounding codebase uses it.

2. 功能 (Functional correctness)

Read the diff as if you have to ship it:

Does the change actually do what its commit/PR intent suggests?
Are edge cases handled? (null / empty / error / loading / 0 / negative / very large)
Any obvious off-by-one, wrong operator, swapped argument, copy-paste bug?
Async / await / Future / Promise correctness — no fire-and-forget that should be awaited.
State updates: are they safe under concurrent calls / re-entry?
Inputs from network / user / disk validated at the boundary?

3. 闭环 (Is the change actually wired up end-to-end?)

This is the most commonly skipped check. Two-valued — there is no "partially closed loop".

For every new public symbol introduced in this diff (function / class / method / route / component / config key / event type / DB column / error type), verify a consumer exists:

git grep -n "<symbol>" -- ':!<defining_file>'

Evidence before claims(必做):必须真正调用 bash 跑 git grep,在报告里展示 command + output(完整粘贴,或简洁引用「N matches in M files: ...」),不能只说「grep 验证通过」。这是 baseline「Evidence before claims」在闭环轴的最严落地 —— 没真跑 grep 就不算闭环检查。

Decision tree:

Has external callers → ✓ closed loop
No external callers, but symbol is one of the framework-invoked exemptions below → ✓ closed loop
Exported / public, 0 callers, not exempt → P0 未闭环 (dangling), name the missing wire-up
Private / file-local, 0 callers → P1 废码 (unused private symbol)

Framework-invoked exemptions (count as closed loop even with 0 grep hits):

Test functions in test files (*_test.*, *.test.*, *.spec.*, test_*.py)
Framework lifecycle / override methods (Flutter build() / initState() / dispose(), React component default exports, Vue setup(), Android onCreate(), iOS viewDidLoad(), etc.)
Symbols invoked via reflection / annotations / DI (@Override, @Autowired, @Component, @Injectable, Spring beans, etc.)
CLI entry points (main(), files declared as bin in package.json / pubspec.yaml)
Public API surface of a library package (anything re-exported from the package's index file)

Other things to verify in this axis:

New API endpoints / routes / handlers are registered in the router/module.
New UI components are rendered by a parent (or are top-level routes).
New config keys are read by the consuming code.
New event/message types are handled on the receiving side.
New DB migrations are used by queries and have a working rollback.
Tests for new logic exist, OR the user explicitly opted out.

4. 多余注释 (Excess / stale comments)

Comments should explain why, not what. Flag:

Comments that just restate the next line (// increment counter above i++).
Commented-out code blocks. (Remove — git already has the history.)
AI-style narrating comments (// We will now loop through..., // This function...).
TODO / FIXME without an owner or ticket.
Stale comments that no longer match the code below them.
Boilerplate banners / decorative separators added by this diff.
Translation drift (e.g. a Chinese comment describing English code that no longer matches).

Keep: comments that document a non-obvious why, an invariant, a known bug workaround, or a subtle constraint.

5. 多余/无用代码 (Dead code introduced or left behind)

Unused variables, parameters, private methods, helper functions added by this diff.
Unreachable branches (if (false), code after return).
Duplicated logic — same block copied across files when one helper would do.
Re-exports / shims / "for backwards compat" wrappers added without a real consumer.
Empty files, empty classes, placeholder stubs that this diff didn't actually fill in.
Old code path the new code replaced — should it be deleted in this same commit?

Step 4 — Report

输出语言跟随用户提问语言(中文提问出中文报告)。严格按下列模板,不要加寒暄、不要复述用户原话、不要解释自己在做什么。

━━━ Dev Code Review ━━━
Verdict   : ✅ READY  /  ⚠ FIX P1  /  ❌ BLOCK
Scope     : <N> files · +<added> / −<removed> · <staged|unstaged|both>
Intent    : <一句话,基于 diff 自己判断改动在做什么>
Languages : <按 diff 行数降序,例如:Dart, TypeScript>   Lint config : <analysis_options.yaml | none>

Axis Check
  规范   ✓ / ⚠ / ✗   <一行说明,仅在非 ✓ 时填>
  功能   ✓ / ⚠ / ✗   ...
  闭环   ✓ / ✗        ...   ← 二值,不存在"部分闭环"
  注释   ✓ / ⚠
  废码   ✓ / ⚠

Findings  (P0 阻塞 · P1 应修 · P2 可选)
  [P0] path/to/file.dart:42         <axis>   <一句话问题>
       → <一句话修复建议>
  [P1] path/to/other.ts:117         <axis>   ...
       → ...
  [P2] ...

Cleanup   (建议在本次 commit 内一并删除)
  - path:line  <注释 / 死代码 / 调试输出>  — <一句话原因>

Commit
  <type>(<scope>): <subject ≤72 chars>
  <空行>
  <body 可选,列要点;无要点则省略 body>
  <空行>
  Refs: spec/<slug>      ← 自动追溯,见规则 11
  Refs: plan/<slug>      ← 同 slug 的 spec + plan 都列

模板填写规则(非常重要)

Verdict 三选一,判定逻辑:
- ❌ BLOCK ← 闭环 ✗ 或存在 P0 或检出 secret/credential
- ⚠ FIX P1 ← 闭环 ✓ 且无 P0 且存在 P1
- ✅ READY ← 闭环 ✓ 且无 P0/P1 且无残留调试输出且无明显废码
Languages 排序:按本次 diff 中各语言的修改行数降序排列,让用户一眼看出主要改动在哪种语言。
Axis Check 用 ✓ / ⚠ / ✗ 单字符,仅在非 ✓ 时追加一行说明。全部 ✓ 时整张表保留但说明列留空。
Findings 严格按 [P?] path:line <axis> <问题> 单行 + 缩进 → <修复> 单行的两行结构。axis 取值固定:规范 / 功能 / 闭环 / 注释 / 废码。
没有 P0/P1/P2 时,整段 Findings 写一行 none 即可,不要写"无"、"暂无问题"这类废话。
Cleanup 段 仅列出可一次性删除的内容。如无可清理项,整段省略(连标题一起省)。
Commit 段 仅在 Verdict = ✅ READY 时输出。其他 Verdict 下整段省略 —— 还没到提交时机。
Commit message 格式:跟随仓库 git log --oneline -10 观察到的风格;仓库无明显风格时退回 conventional commits(feat|fix|refactor|docs|test|chore|perf|ci|style|build)。subject 不加句号,祈使语气,≤72 字符。
同一文件多个 finding 按行号升序排列。跨文件按 P0 → P1 → P2 排列,同级别内按文件路径字典序。
报告全文 ≤ 60 行;超过则压缩 Findings 描述,不要省略 Verdict / Axis / Cleanup 结构。
Refs 自动追溯(仅 Verdict = ✅ READY 时):扫 .claude/artifacts/{designs,plans,fixes}/,按以下规则在 commit message footer 自动加 Refs: 行:
- 0 个 in-flight artifact → 不加 Refs
- 1 个 → 自动加(Refs: <type>/<slug>,type ∈ {spec, plan, fix})
- 同 slug 的 spec + plan 都存在 → 两条都加
- 多个不同 slug → 不擅自选,在 Commit 段下方加一行 > 检测到多个 in-flight artifact: [...],请告诉我这次 commit 关联哪个,我会把 Refs 加进去
- .claude/artifacts/ 目录不存在 → 不加(用户没用 dev-skills 流程)

极简示例(用户参考用,实际填真实数据)

━━━ Dev Code Review ━━━
Verdict   : ⚠ FIX P1
Scope     : 3 files · +84 / −12 · staged
Intent    : 给 prepAll transfer 增加 aspirate 流速参数并透传到底层 SDK
Languages : Dart                    Lint config : analysis_options.yaml

Axis Check
  规范   ✓
  功能   ⚠   新参数未做 null/负值校验
  闭环   ✓
  注释   ⚠   保留了一行 // TODO: refine later 无 owner
  废码   ✓

Findings
  [P1] lib/.../prepAll_transfer_aspirate_setting.dart:88   功能   flowRate 允许传入负值,会让底层抛异常
       → 在 setter 里 clamp 到 [0, maxFlow] 或 throw ArgumentError
  [P2] lib/.../prepAll_transfer_aspirate_setting.dart:14   注释   `// TODO: refine later` 无 owner/ticket
       → 删除该 TODO 或改成 `// TODO(jason, #123): ...`

Cleanup
  - lib/.../prepAll_transfer_aspirate_setting.dart:14  TODO 注释  — 无 owner/ticket,应删除

Hard rules

不要 mutate working tree(不要 git add / git commit / git stash / 改文件),除非用户在确认报告后明确说"帮我修"。
不要编造 line number —— 没把握就只引用文件名。
不要把"代码能跑"等同于"闭环" —— 必须验证调用方存在(或属于豁免清单)。
不要输出超长报告。没问题的轴线一句话带过即可,把篇幅留给真问题。
不要一次性把整个 references/lang-conventions.md 读进来,只读本次 diff 涉及的语言小节。
用户说"只看 staged" / "只看某路径"时严格遵守,不要扩大范围。
评审与实现分开:本 skill 只评审,不写实现代码。如需修复,由用户在下一轮明确指示后进行。

Multi-Agent Profile

Recommended agent_type: worker

Use when:

A diff is ready for independent review.
The reviewer did not author the implementation being reviewed.
The main agent needs a verdict before commit or handoff.

Do:

Stay read-only.
Review only the requested scope.
Prioritize bugs, regressions, missing wiring, missing tests, secrets, and dead code.
Apply reviewer independence from ../../docs/multi-agent-policy.md.

Do not:

Mutate the working tree.
Re-review implementation choices already outside the requested scope unless they create concrete risk.
Emit a commit message unless the verdict is READY.

Output:

Verdict
Scope
Findings ordered by severity
Test gaps
Commit message only when READY