claude-code-workflow 6.3.22 → 6.3.24

package/.claude/skills/review-code/phases/actions/action-deep-review.md

@@ -0,0 +1,302 @@
+# Action: Deep Review
+
+深入审查指定维度的代码质量。
+
+## Purpose
+
+针对单个维度进行深入审查：
+- 逐文件检查
+- 记录发现的问题
+- 提供具体的修复建议
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] state.scan_completed === true
+- [ ] 存在未审查的维度
+
+## Dimension Focus Areas
+
+### Correctness (正确性)
+- 逻辑错误和边界条件
+- Null/undefined 处理
+- 错误处理完整性
+- 类型安全
+- 资源泄漏
+
+### Readability (可读性)
+- 命名规范
+- 函数长度和复杂度
+- 代码重复
+- 注释质量
+- 代码组织
+
+### Performance (性能)
+- 算法复杂度
+- 不必要的计算
+- 内存使用
+- I/O 效率
+- 缓存策略
+
+### Security (安全性)
+- 注入风险 (SQL, XSS, Command)
+- 认证和授权
+- 敏感数据处理
+- 加密使用
+- 依赖安全
+
+### Testing (测试)
+- 测试覆盖率
+- 边界条件测试
+- 错误路径测试
+- 测试可维护性
+- Mock 使用
+
+### Architecture (架构)
+- 分层结构
+- 依赖方向
+- 单一职责
+- 接口设计
+- 扩展性
+
+## Execution
+
+```javascript
+async function execute(state, workDir, currentDimension) {
+  const context = state.context;
+  const dimension = currentDimension;
+  const findings = [];
+
+  // 从外部 JSON 文件加载规则
+  const rulesConfig = loadRulesConfig(dimension, workDir);
+  const rules = rulesConfig.rules || [];
+  const prefix = rulesConfig.prefix || getDimensionPrefix(dimension);
+
+  // 优先审查高风险区域
+  const filesToReview = state.scan_summary?.risk_areas
+    ?.map(r => r.file)
+    ?.filter(f => context.files.includes(f)) || context.files;
+
+  const filesToCheck = [...new Set([
+    ...filesToReview.slice(0, 20),
+    ...context.files.slice(0, 30)
+  ])].slice(0, 50);  // 最多50个文件
+
+  let findingCounter = 1;
+
+  for (const file of filesToCheck) {
+    try {
+      const content = Read(file);
+      const lines = content.split('\n');
+
+      // 应用外部规则文件中的规则
+      for (const rule of rules) {
+        const matches = detectByPattern(content, lines, file, rule);
+        for (const match of matches) {
+          findings.push({
+            id: `${prefix}-${String(findingCounter++).padStart(3, '0')}`,
+            severity: rule.severity || match.severity,
+            dimension: dimension,
+            category: rule.category,
+            file: file,
+            line: match.line,
+            code_snippet: match.snippet,
+            description: rule.description,
+            recommendation: rule.recommendation,
+            fix_example: rule.fixExample
+          });
+        }
+      }
+    } catch (e) {
+      // 跳过无法读取的文件
+    }
+  }
+
+  // 保存维度发现
+  Write(`${workDir}/findings/${dimension}.json`, JSON.stringify(findings, null, 2));
+
+  return {
+    stateUpdates: {
+      reviewed_dimensions: [...(state.reviewed_dimensions || []), dimension],
+      current_dimension: null,
+      [`findings.${dimension}`]: findings
+    }
+  };
+}
+
+/**
+ * 从外部 JSON 文件加载规则配置
+ * 规则文件位于 specs/rules/{dimension}-rules.json
+ * @param {string} dimension - 维度名称 (correctness, security, etc.)
+ * @param {string} workDir - 工作目录 (用于日志记录)
+ * @returns {object} 规则配置对象，包含 rules 数组和 prefix
+ */
+function loadRulesConfig(dimension, workDir) {
+  // 规则文件路径：相对于 skill 目录
+  const rulesPath = `specs/rules/${dimension}-rules.json`;
+
+  try {
+    const rulesFile = Read(rulesPath);
+    const rulesConfig = JSON.parse(rulesFile);
+    return rulesConfig;
+  } catch (e) {
+    console.warn(`Failed to load rules for ${dimension}: ${e.message}`);
+    // 返回空规则配置，保持向后兼容
+    return { rules: [], prefix: getDimensionPrefix(dimension) };
+  }
+}
+
+/**
+ * 根据规则的 patternType 检测代码问题
+ * 支持的 patternType: regex, includes
+ * @param {string} content - 文件内容
+ * @param {string[]} lines - 按行分割的内容
+ * @param {string} file - 文件路径
+ * @param {object} rule - 规则配置对象
+ * @returns {Array} 匹配结果数组
+ */
+function detectByPattern(content, lines, file, rule) {
+  const matches = [];
+  const { pattern, patternType, negativePatterns, caseInsensitive } = rule;
+
+  if (!pattern) return matches;
+
+  switch (patternType) {
+    case 'regex':
+      return detectByRegex(content, lines, pattern, negativePatterns, caseInsensitive);
+
+    case 'includes':
+      return detectByIncludes(content, lines, pattern, negativePatterns);
+
+    default:
+      // 默认使用 includes 模式
+      return detectByIncludes(content, lines, pattern, negativePatterns);
+  }
+}
+
+/**
+ * 使用正则表达式检测代码问题
+ * @param {string} content - 文件完整内容
+ * @param {string[]} lines - 按行分割的内容
+ * @param {string} pattern - 正则表达式模式
+ * @param {string[]} negativePatterns - 排除模式列表
+ * @param {boolean} caseInsensitive - 是否忽略大小写
+ * @returns {Array} 匹配结果数组
+ */
+function detectByRegex(content, lines, pattern, negativePatterns, caseInsensitive) {
+  const matches = [];
+  const flags = caseInsensitive ? 'gi' : 'g';
+
+  try {
+    const regex = new RegExp(pattern, flags);
+    let match;
+
+    while ((match = regex.exec(content)) !== null) {
+      const lineNum = content.substring(0, match.index).split('\n').length;
+      const lineContent = lines[lineNum - 1] || '';
+
+      // 检查排除模式 - 如果行内容匹配任一排除模式则跳过
+      if (negativePatterns && negativePatterns.length > 0) {
+        const shouldExclude = negativePatterns.some(np => {
+          try {
+            return new RegExp(np).test(lineContent);
+          } catch {
+            return lineContent.includes(np);
+          }
+        });
+        if (shouldExclude) continue;
+      }
+
+      matches.push({
+        line: lineNum,
+        snippet: lineContent.trim().substring(0, 100),
+        matchedText: match[0]
+      });
+    }
+  } catch (e) {
+    console.warn(`Invalid regex pattern: ${pattern}`);
+  }
+
+  return matches;
+}
+
+/**
+ * 使用字符串包含检测代码问题
+ * @param {string} content - 文件完整内容 (未使用但保持接口一致)
+ * @param {string[]} lines - 按行分割的内容
+ * @param {string} pattern - 要查找的字符串
+ * @param {string[]} negativePatterns - 排除模式列表
+ * @returns {Array} 匹配结果数组
+ */
+function detectByIncludes(content, lines, pattern, negativePatterns) {
+  const matches = [];
+
+  lines.forEach((line, i) => {
+    if (line.includes(pattern)) {
+      // 检查排除模式 - 如果行内容包含任一排除字符串则跳过
+      if (negativePatterns && negativePatterns.length > 0) {
+        const shouldExclude = negativePatterns.some(np => line.includes(np));
+        if (shouldExclude) return;
+      }
+
+      matches.push({
+        line: i + 1,
+        snippet: line.trim().substring(0, 100),
+        matchedText: pattern
+      });
+    }
+  });
+
+  return matches;
+}
+
+/**
+ * 获取维度前缀（作为规则文件不存在时的备用）
+ * @param {string} dimension - 维度名称
+ * @returns {string} 4字符前缀
+ */
+function getDimensionPrefix(dimension) {
+  const prefixes = {
+    correctness: 'CORR',
+    readability: 'READ',
+    performance: 'PERF',
+    security: 'SEC',
+    testing: 'TEST',
+    architecture: 'ARCH'
+  };
+  return prefixes[dimension] || 'MISC';
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    reviewed_dimensions: [...state.reviewed_dimensions, currentDimension],
+    current_dimension: null,
+    findings: {
+      ...state.findings,
+      [currentDimension]: newFindings
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `findings/{dimension}.json`
+- **Location**: `${workDir}/findings/`
+- **Format**: JSON array of Finding objects
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 文件读取失败 | 跳过该文件，记录警告 |
+| 规则执行错误 | 跳过该规则，继续其他规则 |
+
+## Next Actions
+
+- 还有未审查维度: 继续 action-deep-review
+- 所有维度完成: action-generate-report

package/.claude/skills/review-code/phases/actions/action-generate-report.md

@@ -0,0 +1,263 @@
+# Action: Generate Report
+
+汇总所有发现，生成结构化审查报告。
+
+## Purpose
+
+生成最终的代码审查报告：
+- 汇总所有维度的发现
+- 按严重程度排序
+- 提供统计摘要
+- 输出 Markdown 格式报告
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] 所有维度已审查完成 (reviewed_dimensions.length === 6)
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  const context = state.context;
+  const findings = state.findings;
+  
+  // 1. 汇总所有发现
+  const allFindings = [
+    ...findings.correctness,
+    ...findings.readability,
+    ...findings.performance,
+    ...findings.security,
+    ...findings.testing,
+    ...findings.architecture
+  ];
+  
+  // 2. 按严重程度排序
+  const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+  allFindings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+  
+  // 3. 统计
+  const stats = {
+    total_issues: allFindings.length,
+    critical: allFindings.filter(f => f.severity === 'critical').length,
+    high: allFindings.filter(f => f.severity === 'high').length,
+    medium: allFindings.filter(f => f.severity === 'medium').length,
+    low: allFindings.filter(f => f.severity === 'low').length,
+    info: allFindings.filter(f => f.severity === 'info').length,
+    by_dimension: {
+      correctness: findings.correctness.length,
+      readability: findings.readability.length,
+      performance: findings.performance.length,
+      security: findings.security.length,
+      testing: findings.testing.length,
+      architecture: findings.architecture.length
+    }
+  };
+  
+  // 4. 生成报告
+  const report = generateMarkdownReport(context, stats, allFindings, state.scan_summary);
+  
+  // 5. 保存报告
+  const reportPath = `${workDir}/review-report.md`;
+  Write(reportPath, report);
+  
+  return {
+    stateUpdates: {
+      report_generated: true,
+      report_path: reportPath,
+      summary: {
+        ...stats,
+        review_duration_ms: Date.now() - new Date(state.started_at).getTime()
+      }
+    }
+  };
+}
+
+function generateMarkdownReport(context, stats, findings, scanSummary) {
+  const severityEmoji = {
+    critical: '🔴',
+    high: '🟠',
+    medium: '🟡',
+    low: '🔵',
+    info: '⚪'
+  };
+  
+  let report = `# Code Review Report
+
+## 审查概览
+
+| 项目 | 值 |
+|------|------|
+| 目标路径 | \`${context.target_path}\` |
+| 文件数量 | ${context.file_count} |
+| 代码行数 | ${context.total_lines} |
+| 主要语言 | ${context.language} |
+| 框架 | ${context.framework || 'N/A'} |
+
+## 问题统计
+
+| 严重程度 | 数量 |
+|----------|------|
+| 🔴 Critical | ${stats.critical} |
+| 🟠 High | ${stats.high} |
+| 🟡 Medium | ${stats.medium} |
+| 🔵 Low | ${stats.low} |
+| ⚪ Info | ${stats.info} |
+| **总计** | **${stats.total_issues}** |
+
+### 按维度统计
+
+| 维度 | 问题数 |
+|------|--------|
+| Correctness (正确性) | ${stats.by_dimension.correctness} |
+| Security (安全性) | ${stats.by_dimension.security} |
+| Performance (性能) | ${stats.by_dimension.performance} |
+| Readability (可读性) | ${stats.by_dimension.readability} |
+| Testing (测试) | ${stats.by_dimension.testing} |
+| Architecture (架构) | ${stats.by_dimension.architecture} |
+
+---
+
+## 高风险区域
+
+`;
+
+  if (scanSummary?.risk_areas?.length > 0) {
+    report += `| 文件 | 原因 | 优先级 |
+|------|------|--------|
+`;
+    for (const area of scanSummary.risk_areas.slice(0, 10)) {
+      report += `| \`${area.file}\` | ${area.reason} | ${area.priority} |\n`;
+    }
+  } else {
+    report += `未发现明显的高风险区域。\n`;
+  }
+
+  report += `
+---
+
+## 问题详情
+
+`;
+
+  // 按维度分组输出
+  const dimensions = ['correctness', 'security', 'performance', 'readability', 'testing', 'architecture'];
+  const dimensionNames = {
+    correctness: '正确性 (Correctness)',
+    security: '安全性 (Security)',
+    performance: '性能 (Performance)',
+    readability: '可读性 (Readability)',
+    testing: '测试 (Testing)',
+    architecture: '架构 (Architecture)'
+  };
+
+  for (const dim of dimensions) {
+    const dimFindings = findings.filter(f => f.dimension === dim);
+    if (dimFindings.length === 0) continue;
+    
+    report += `### ${dimensionNames[dim]}
+
+`;
+    
+    for (const finding of dimFindings) {
+      report += `#### ${severityEmoji[finding.severity]} [${finding.id}] ${finding.category}
+
+- **严重程度**: ${finding.severity.toUpperCase()}
+- **文件**: \`${finding.file}\`${finding.line ? `:${finding.line}` : ''}
+- **描述**: ${finding.description}
+`;
+      
+      if (finding.code_snippet) {
+        report += `
+\`\`\`
+${finding.code_snippet}
+\`\`\`
+`;
+      }
+      
+      report += `
+**建议**: ${finding.recommendation}
+`;
+      
+      if (finding.fix_example) {
+        report += `
+**修复示例**:
+\`\`\`
+${finding.fix_example}
+\`\`\`
+`;
+      }
+      
+      report += `
+---
+
+`;
+    }
+  }
+
+  report += `
+## 审查建议
+
+### 必须修复 (Must Fix)
+
+${stats.critical + stats.high > 0 
+  ? `发现 ${stats.critical} 个严重问题和 ${stats.high} 个高优先级问题，建议在合并前修复。`
+  : '未发现必须立即修复的问题。'}
+
+### 建议改进 (Should Fix)
+
+${stats.medium > 0 
+  ? `发现 ${stats.medium} 个中等优先级问题，建议在后续迭代中改进。`
+  : '代码质量良好，无明显需要改进的地方。'}
+
+### 可选优化 (Nice to Have)
+
+${stats.low + stats.info > 0 
+  ? `发现 ${stats.low + stats.info} 个低优先级建议，可根据团队规范酌情处理。`
+  : '无额外建议。'}
+
+---
+
+*报告生成时间: ${new Date().toISOString()}*
+`;
+
+  return report;
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    report_generated: true,
+    report_path: reportPath,
+    summary: {
+      total_issues: totalCount,
+      critical: criticalCount,
+      high: highCount,
+      medium: mediumCount,
+      low: lowCount,
+      info: infoCount,
+      review_duration_ms: duration
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `review-report.md`
+- **Location**: `${workDir}/review-report.md`
+- **Format**: Markdown
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 写入失败 | 尝试备用位置 |
+| 模板错误 | 使用简化格式 |
+
+## Next Actions
+
+- 成功: action-complete

package/.claude/skills/review-code/phases/actions/action-quick-scan.md

@@ -0,0 +1,164 @@
+# Action: Quick Scan
+
+快速扫描代码，识别高风险区域。
+
+## Purpose
+
+进行第一遍快速扫描：
+- 识别复杂度高的文件
+- 标记潜在的高风险区域
+- 发现明显的问题模式
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] state.context !== null
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  const context = state.context;
+  const riskAreas = [];
+  const quickIssues = [];
+  
+  // 1. 扫描每个文件
+  for (const file of context.files) {
+    try {
+      const content = Read(file);
+      const lines = content.split('\n');
+      
+      // --- 复杂度检查 ---
+      const functionMatches = content.match(/function\s+\w+|=>\s*{|async\s+\w+/g) || [];
+      const nestingDepth = Math.max(...lines.map(l => (l.match(/^\s*/)?.[0].length || 0) / 2));
+      
+      if (lines.length > 500 || functionMatches.length > 20 || nestingDepth > 8) {
+        riskAreas.push({
+          file: file,
+          reason: `High complexity: ${lines.length} lines, ${functionMatches.length} functions, depth ${nestingDepth}`,
+          priority: 'high'
+        });
+      }
+      
+      // --- 快速问题检测 ---
+      
+      // 安全问题快速检测
+      if (content.includes('eval(') || content.includes('innerHTML')) {
+        quickIssues.push({
+          type: 'security',
+          file: file,
+          message: 'Potential XSS/injection risk: eval() or innerHTML usage'
+        });
+      }
+      
+      // 硬编码密钥检测
+      if (/(?:password|secret|api_key|token)\s*[=:]\s*['"][^'"]{8,}/i.test(content)) {
+        quickIssues.push({
+          type: 'security',
+          file: file,
+          message: 'Potential hardcoded credential detected'
+        });
+      }
+      
+      // TODO/FIXME 检测
+      const todoCount = (content.match(/TODO|FIXME|HACK|XXX/gi) || []).length;
+      if (todoCount > 5) {
+        quickIssues.push({
+          type: 'maintenance',
+          file: file,
+          message: `${todoCount} TODO/FIXME comments found`
+        });
+      }
+      
+      // console.log 检测（生产代码）
+      if (!file.includes('test') && !file.includes('spec')) {
+        const consoleCount = (content.match(/console\.(log|debug|info)/g) || []).length;
+        if (consoleCount > 3) {
+          quickIssues.push({
+            type: 'readability',
+            file: file,
+            message: `${consoleCount} console statements (should be removed in production)`
+          });
+        }
+      }
+      
+      // 长函数检测
+      const longFunctions = content.match(/function[^{]+\{[^}]{2000,}\}/g) || [];
+      if (longFunctions.length > 0) {
+        quickIssues.push({
+          type: 'readability',
+          file: file,
+          message: `${longFunctions.length} long function(s) detected (>50 lines)`
+        });
+      }
+      
+      // 错误处理检测
+      if (content.includes('catch') && content.includes('catch (') && content.match(/catch\s*\([^)]*\)\s*{\s*}/)) {
+        quickIssues.push({
+          type: 'correctness',
+          file: file,
+          message: 'Empty catch block detected'
+        });
+      }
+      
+    } catch (e) {
+      // 跳过无法读取的文件
+    }
+  }
+  
+  // 2. 计算复杂度评分
+  const complexityScore = Math.min(100, Math.round(
+    (riskAreas.length * 10 + quickIssues.length * 5) / context.file_count * 100
+  ));
+  
+  // 3. 构建扫描摘要
+  const scanSummary = {
+    risk_areas: riskAreas,
+    complexity_score: complexityScore,
+    quick_issues: quickIssues
+  };
+  
+  // 4. 保存扫描结果
+  Write(`${workDir}/scan-summary.json`, JSON.stringify(scanSummary, null, 2));
+  
+  return {
+    stateUpdates: {
+      scan_completed: true,
+      scan_summary: scanSummary
+    }
+  };
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    scan_completed: true,
+    scan_summary: {
+      risk_areas: riskAreas,
+      complexity_score: score,
+      quick_issues: quickIssues
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `scan-summary.json`
+- **Location**: `${workDir}/scan-summary.json`
+- **Format**: JSON
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 文件读取失败 | 跳过该文件，继续扫描 |
+| 编码问题 | 以二进制跳过 |
+
+## Next Actions
+
+- 成功: action-deep-review (开始逐维度审查)
+- 风险区域过多 (>20): 可询问用户是否缩小范围