smart-review 1.0.1

package/lib/utils/strip.js

@@ -0,0 +1,221 @@
+import path from 'path';
+
+// 复用 reviewer 中的注释范围计算逻辑的轻量版本
+export async function stripCommentsForAI(content, filePath) {
+  const ext = path.extname(filePath).toLowerCase();
+  const ranges = computeCommentRanges(content, ext);
+  if (ranges.length === 0) return content;
+  // 直接删除注释内容，并在末尾统一折叠多余空白行
+  let result = content;
+  ranges.sort((a,b) => b.start - a.start).forEach(r => {
+    result = result.slice(0, r.start) + result.slice(r.end);
+  });
+  // 删除所有空白行：移除行尾空白，滤掉空行
+  result = result.replace(/[ \t]+\r?\n/g, '\n');
+  result = result.split('\n').filter(line => line.trim().length > 0).join('\n');
+  return result;
+}
+
+function computeCommentRanges(content, ext) {
+  const ranges = [];
+  const pushRange = (start, end) => {
+    if (start >= 0 && end > start) ranges.push({ start, end });
+  };
+  const addByRegex = (regex) => {
+    let m;
+    while ((m = regex.exec(content)) !== null) {
+      pushRange(m.index, m.index + m[0].length);
+    }
+  };
+  const jsLike = ['.js','.jsx','.ts','.tsx','.java','.go','.c','.cpp','.h','.rs','.php'];
+  if (jsLike.includes(ext)) {
+    addByRegex(/\/\/.*|\/\*[\s\S]*?\*\//g);
+    // 在 JSX/TSX 中移除注释包裹：{/* ... */}，避免残留孤立的大括号
+    if (ext === '.jsx' || ext === '.tsx') {
+      // 仅匹配单行的注释包裹：限制为 { + 空格/Tab + /*...*/ + 空格/Tab + }
+      // 防止错误地从上一行的 {（如 enum {...}）起始到后续任意注释块闭合的 } 形成巨大范围
+      addByRegex(/\{[ \t]*\/\*[\s\S]*?\*\/[ \t]*\}/g);
+    }
+  } else if (ext === '.py' || ext === '.rb') {
+    addByRegex(/(^|\s)#.*$/gm);
+  } else if (ext === '.html' || ext === '.svelte') {
+    addByRegex(/<!--[\s\S]*?-->/g);
+  } else if (ext === '.css' || ext === '.scss' || ext === '.less') {
+    addByRegex(/\/\*[\s\S]*?\*\//g);
+  } else {
+    addByRegex(/\/\/.*|\/\*[\s\S]*?\*\//g);
+    addByRegex(/(^|\s)#.*$/gm);
+    addByRegex(/<!--[\s\S]*?-->/g);
+  }
+  // 合并重叠区间，避免重复剥离导致索引错位
+  if (ranges.length > 1) {
+    ranges.sort((a, b) => a.start - b.start);
+    const merged = [];
+    let prev = ranges[0];
+    for (let i = 1; i < ranges.length; i++) {
+      const cur = ranges[i];
+      if (cur.start <= prev.end) {
+        prev.end = Math.max(prev.end, cur.end);
+      } else {
+        merged.push(prev);
+        prev = cur;
+      }
+    }
+    merged.push(prev);
+    return merged;
+  }
+  return ranges;
+}
+
+// 剔除“代码内禁用”范围以避免AI分析受影响（保留换行，稳定行号）
+export async function stripNoReviewForAI(content, filePath) {
+  const ext = path.extname(filePath).toLowerCase();
+  const commentRanges = computeCommentRanges(content, ext);
+  // 固定令牌：与 reviewer 的 computeDisableRanges 保持一致
+  const nextToken = 'review-disable-next-line';
+  const startToken = 'review-disable-start';
+  const endToken = 'review-disable-end';
+
+  // 每行起始偏移
+  const lineOffsets = [];
+  const lines = content.split('\n');
+  let offset = 0;
+  for (const ln of lines) { lineOffsets.push(offset); offset += ln.length + 1; }
+
+  const suppressRanges = [];
+  let pendingBlockStart = null;
+  for (const r of commentRanges) {
+    const lower = content.slice(r.start, r.end).toLowerCase();
+    if (lower.includes(nextToken)) {
+      const lineIdx = content.substring(0, r.start).split('\n').length - 1;
+      const nextStart = lineOffsets[lineIdx + 1];
+      const nextEnd = lineOffsets[lineIdx + 2] ?? content.length;
+      if (Number.isFinite(nextStart)) suppressRanges.push({ start: nextStart, end: nextEnd });
+      continue;
+    }
+    if (lower.includes(startToken)) {
+      const lineIdx = content.substring(0, r.start).split('\n').length - 1;
+      const nextStart = lineOffsets[lineIdx + 1];
+      if (Number.isFinite(nextStart)) pendingBlockStart = nextStart;
+      continue;
+    }
+    if (lower.includes(endToken)) {
+      const lineIdx = content.substring(0, r.start).split('\n').length - 1;
+      const endStart = lineOffsets[lineIdx];
+      if (Number.isFinite(pendingBlockStart)) {
+        const startPos = pendingBlockStart;
+        const endPos = Number.isFinite(endStart) ? endStart : content.length;
+        if (startPos < endPos) suppressRanges.push({ start: startPos, end: endPos });
+      }
+      pendingBlockStart = null;
+      continue;
+    }
+  }
+  if (Number.isFinite(pendingBlockStart)) {
+    suppressRanges.push({ start: pendingBlockStart, end: content.length });
+  }
+
+  if (suppressRanges.length === 0) return content;
+  // 直接删除禁用范围，并折叠空白行以减少无意义的空行
+  let result = content;
+  suppressRanges.sort((a,b) => b.start - a.start).forEach(r => {
+    result = result.slice(0, r.start) + result.slice(r.end);
+  });
+  // 删除所有空白行：去除行尾空白，并移除空行
+  result = result.replace(/[ \t]+\r?\n/g, '\n');
+  result = result.split('\n').filter(line => line.trim().length > 0).join('\n');
+  return result;
+}
+
+// 组合剥离并返回行号映射：对AI输入进行“先映射后剥离”
+// 返回的 lineMap 是按照清洗后每一行对应的源文件行号（1-based）。
+export async function prepareForAIWithLineMap(content, filePath) {
+  const ext = path.extname(filePath).toLowerCase();
+  const commentRanges = computeCommentRanges(content, ext);
+  // 不保留单行文档注释（/** ... */），统一作为注释剔除
+  const isPreservedDocBlock = () => false;
+
+  // 计算每行起始偏移，便于在行维度内裁剪注释片段
+  const lines = content.split('\n');
+  const lineOffsets = [];
+  let offset = 0;
+  for (const ln of lines) { lineOffsets.push(offset); offset += ln.length + 1; }
+
+  // 识别禁用标记所作用的行（保持与 stripNoReviewForAI 语义一致）
+  const nextToken = 'review-disable-next-line';
+  const startToken = 'review-disable-start';
+  const endToken = 'review-disable-end';
+  const disabled = new Set();
+  let pendingBlockStartLine = null;
+  for (const r of commentRanges) {
+    const lower = content.slice(r.start, r.end).toLowerCase();
+    const lineIdx = content.substring(0, r.start).split('\n').length - 1; // token 所在行索引
+    if (lower.includes(nextToken)) {
+      const nx = lineIdx + 1;
+      if (nx >= 0 && nx < lines.length) disabled.add(nx);
+      continue;
+    }
+    if (lower.includes(startToken)) {
+      const nx = lineIdx + 1; // 从下一行开始禁用
+      if (nx >= 0 && nx < lines.length) pendingBlockStartLine = nx;
+      continue;
+    }
+    if (lower.includes(endToken)) {
+      const endLine = Math.max(0, lineIdx); // 到 end 标记所在行的上一行结束
+      if (pendingBlockStartLine !== null) {
+        for (let i = pendingBlockStartLine; i < endLine; i++) {
+          disabled.add(i);
+        }
+      }
+      pendingBlockStartLine = null;
+      continue;
+    }
+  }
+  if (pendingBlockStartLine !== null) {
+    for (let i = pendingBlockStartLine; i < lines.length; i++) {
+      disabled.add(i);
+    }
+  }
+
+  // 针对每一行，按注释范围做局部裁剪；若行仅剩空白则丢弃
+  const cleanLines = [];
+  const lineMap = [];
+  for (let i = 0; i < lines.length; i++) {
+    if (disabled.has(i)) continue; // 整行禁用
+    const raw = lines[i];
+    const start = lineOffsets[i];
+    const end = start + raw.length;
+
+    // 以当前行的可保留区间为基础，逐个剔除与之相交的注释区间
+    let segments = [{ start, end }];
+    for (const cr of commentRanges) {
+      // 跳过保留的文档注释块
+      if (isPreservedDocBlock(cr)) continue;
+      if (cr.start >= end || cr.end <= start) continue; // 与该行无交集
+      const rs = Math.max(cr.start, start);
+      const re = Math.min(cr.end, end);
+      const nextSegs = [];
+      for (const s of segments) {
+        if (re <= s.start || rs >= s.end) {
+          nextSegs.push(s);
+        } else {
+          if (rs > s.start) nextSegs.push({ start: s.start, end: rs });
+          if (re < s.end) nextSegs.push({ start: re, end: s.end });
+        }
+      }
+      segments = nextSegs;
+    }
+
+    const rebuilt = segments.map(s => content.slice(s.start, s.end)).join('');
+    // 去除行尾空白（含 CR），保持前导缩进；用于决定是否是“空行”再丢弃
+    const trimmedRight = rebuilt.replace(/[ \t\r]+$/g, '');
+    if (trimmedRight.trim().length === 0) {
+      continue; // 清洗后为空行则跳过
+    }
+    cleanLines.push(trimmedRight);
+    lineMap.push(i + 1); // 使用源文件的行号（1-based）
+  }
+
+  const cleaned = cleanLines.join('\n');
+  return { cleaned, clean: cleaned, lineMap };
+}

package/package.json

@@ -0,0 +1,44 @@
+{
+  "name": "smart-review",
+  "version": "1.0.1",
+  "description": "AI智能代码审查工具，支持静态规则和AI分析",
+  "type": "module",
+  "main": "index.js",
+  "bin": {
+    "smart-review": "./bin/review.js"
+  },
+  "scripts": {
+    "postinstall": "node ./bin/install.js",
+    "dev:install": "node ./bin/install.js",
+    "dev:review": "node ./bin/review.js",
+    "test:local": "cd test && npm run test-review",
+    "test:ai": "node ./bin/review.js --files test/src/index.tsx --ai",
+    "debug": "node --inspect ./bin/review.js --files test/src/test-file.js"
+  },
+  "keywords": ["code-review", "ai", "git-hook", "security"],
+  "author": "vlinr",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/vlinr/smart-review.git"
+  },
+  "homepage": "https://github.com/vlinr/smart-review#readme",
+  "bugs": {
+    "url": "https://github.com/vlinr/smart-review/issues"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "glob": "^10.3.10",
+    "openai": "^4.20.0",
+    "simple-git": "^3.19.1"
+  },
+  "files": [
+    "bin/",
+    "lib/",
+    "templates/",
+    "index.js"
+  ],
+  "engines": {
+    "node": ">=16.0.0"
+  }
+}

package/templates/rules/best-practices.js

@@ -0,0 +1,111 @@
+// 最佳实践规则
+export default [
+  {
+    id: 'BP001',
+    name: '调试代码',
+    pattern: 'console\\.log|print\\(|alert\\(',
+    risk: 'low',
+    message: '发现调试代码，建议在提交前移除',
+    suggestion: '使用日志系统替代console.log',
+    flags: 'gi'
+  },
+  {
+    id: 'BP002',
+    name: '魔法数字',
+    pattern: '\\b(?<!\\.)(?!(?:0|1|10|12|24|30|60|100|200|201|300|400|401|403|404|500|503|1000|3000|5000|8080|9000)\\b)\\d{3,}(?!\\.\\d)\\b',
+    risk: 'low',
+    message: '检测到魔法数字，建议使用常量定义',
+    suggestion: '将数字定义为有意义的常量',
+    flags: 'g'
+  },
+  {
+    id: 'BP003',
+    name: '空的异常捕获块',
+    pattern: 'catch\s*\([^)]*\)\s*\{\s*\}',
+    risk: 'medium',
+    message: '检测到空的catch块，可能隐藏错误并导致不可预期行为',
+    suggestion: '记录日志或采取补救措施，避免吞掉异常',
+    flags: 'gi'
+  },
+  {
+    id: 'BP004',
+    name: '忽略TypeScript类型检查',
+    pattern: '\\/\\/\\s*@ts-ignore',
+    risk: 'medium',
+    message: '检测到@ts-ignore，可能掩盖类型错误',
+    suggestion: '修复类型问题或使用更精确的类型定义',
+    flags: 'gi'
+  },
+  {
+    id: 'BP005',
+    name: '使用any类型',
+    pattern: ':\\s*any\\b',
+    risk: 'medium',
+    message: '检测到any类型，可能削弱类型系统保护',
+    suggestion: '使用具体类型或泛型替代any，提高类型安全',
+    flags: 'gi'
+  },
+  {
+    id: 'BP006',
+    name: '禁用ESLint规则',
+    pattern: '\\/\\/\\s*eslint-disable',
+    risk: 'medium',
+    message: '检测到禁用ESLint，可能隐藏代码质量问题',
+    suggestion: '只在必要范围局部禁用，并给出明确原因',
+    flags: 'gi'
+  },
+  {
+    id: 'BP007',
+    name: '调试断点未移除',
+    pattern: '\\bdebugger\\b',
+    risk: 'medium',
+    message: '检测到调试断点，可能影响线上行为',
+    suggestion: '在提交前移除debugger并使用日志或断言',
+    flags: 'gi'
+  },
+  {
+    id: 'BP008',
+    name: '过于宽泛的异常捕获',
+    pattern: 'catch\\s*\\(\\s*(Exception|Throwable|Error|BaseException)\\s+\\w+\\s*\\)\\s*\\{[^}]*(?!.*(?:log|throw|rethrow))[^}]*\\}',
+    risk: 'medium',
+    message: '捕获过于宽泛的异常类型且未进行适当处理',
+    suggestion: '捕获具体的异常类型，并确保进行适当的日志记录或重新抛出',
+    flags: 'gi'
+  },
+  {
+    id: 'BP009',
+    name: '打印堆栈而非日志记录',
+    pattern: '\\.printStackTrace\\s*\\(',
+    risk: 'medium',
+    message: '检测到直接打印堆栈跟踪，可能导致信息丢失与不可控输出',
+    suggestion: '使用结构化日志记录错误，并附带上下文信息',
+    flags: 'gi'
+  },
+  {
+    id: 'BP010',
+    name: '进程级退出调用',
+    pattern: 'System\\.exit\\s*\\(',
+    risk: 'high',
+    message: '检测到System.exit，可能导致服务非预期中断',
+    suggestion: '使用受控的停止流程（优雅关闭）、信号处理与资源回收',
+    flags: 'gi'
+  },
+  {
+    id: 'BP011',
+    name: '使用root数据库用户',
+    pattern: '(user|username)\\s*=\\s*root\\b',
+    risk: 'medium',
+    message: '检测到使用root作为数据库用户，存在安全与审计风险',
+    suggestion: '使用最小权限的应用专用账户，分离权限与职责',
+    flags: 'gi'
+  },
+  {
+    id: 'BP012',
+    name: '禁用CSRF（Spring Security）',
+    pattern: 'csrf\\s*\\(\\)\\.disable\\s*\\(\\)',
+    risk: 'high',
+    message: '检测到全局禁用CSRF保护，可能导致跨站请求伪造风险',
+    suggestion: '在必要的API上采用令牌/同源策略，避免全局关闭',
+    flags: 'gi'
+  }
+];

package/templates/rules/performance.js

@@ -0,0 +1,123 @@
+// 性能规则
+export default [
+  {
+    id: 'PERF001',
+    name: '循环内数据库查询',
+    pattern: '(for|while)\\s*\\([^)]*\\)\\s*\\{[^}]*\\b(find|query|select|findOne|findMany|findFirst|findUnique|create|update|delete|save)\\s*\\([^}]*\\}',
+    risk: 'medium',
+    message: '在循环内执行数据库查询，可能导致N+1查询问题',
+    suggestion: '使用批量查询或预加载数据',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF002',
+    name: '内存泄漏风险（定时器使用）',
+    pattern: 'setInterval\\s*\\([^)]*\\)|setTimeout\\s*\\([^)]*\\)',
+    risk: 'medium',
+    message: '发现定时器使用，若未清理可能导致内存泄漏或残留任务',
+    suggestion: '确保在适当生命周期调用 clearInterval/clearTimeout 进行清理',
+    flags: 'gi',
+    // 为了覆盖内置 PERF002，外部规则增加清理检测，若文件中存在任一清理则跳过此规则
+    requiresAbsent: ['clearInterval\\s*\\(', 'clearTimeout\\s*\\(']
+  },
+  {
+    id: 'PERF003',
+    name: '同步文件IO阻塞',
+    pattern: 'fs\\.(readFileSync|writeFileSync|appendFileSync|existsSync|statSync|readdirSync)\\s*\\(',
+    risk: 'high',
+    message: '检测到同步文件IO，可能阻塞事件循环并影响吞吐',
+    suggestion: '优先使用异步IO或队列化处理，避免阻塞主线程',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF004',
+    name: '循环内网络请求',
+    pattern: 'for\s*\([^)]*\)\s*\{[^}]*\b(fetch|axios\.(get|post|put|delete)|requests\.(get|post|put|delete)|http\.get)\b[^}]*\}',
+    risk: 'high',
+    message: '检测到循环内执行网络请求，可能导致级联延迟与拥塞',
+    suggestion: '合并请求、并发控制或批量处理，减少往返次数',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF005',
+    name: '循环内JSON序列化',
+    pattern: 'for\s*\([^)]*\)\s*\{[^}]*JSON\.stringify[^}]*\}',
+    risk: 'medium',
+    message: '循环内频繁序列化可能导致CPU开销过大',
+    suggestion: '将序列化移到循环外或进行缓存/批量处理',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF006',
+    name: '循环内正则编译',
+    pattern: 'for\\s*\\([^)]*\\)\\s*\\{[^}]*new\\s+RegExp\\s*\\([^}]*\\}',
+    risk: 'medium',
+    message: '循环内重复编译正则会增加不必要的开销',
+    suggestion: '将正则常量化或预编译，避免在循环中创建',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF007',
+    name: '忙等待循环',
+    pattern: '(while\\s*\\(\\s*true\\s*\\)|for\\s*\\(\\s*;\\s*;\\s*\\))\\s*\\{[^}]*(?!.*(?:sleep|wait|await|setTimeout|setInterval|yield|break|return))[^}]*\\}',
+    risk: 'high',
+    message: '检测到可能的忙等待循环，可能导致CPU飙升与资源浪费',
+    suggestion: '使用事件驱动或阻塞等待机制，避免空循环',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF008',
+    name: '循环内DOM布局抖动',
+    pattern: 'for\s*\([^)]*\)\s*\{[^}]*(offsetWidth|offsetHeight|getBoundingClientRect)[^}]*\}',
+    risk: 'high',
+    message: '循环内读取布局信息会触发频繁回流/重绘',
+    suggestion: '合并DOM读写、使用批处理、减少同步布局查询',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF009',
+    name: '阻塞等待（sleep）',
+    pattern: '(Thread\\.sleep\\s*\\(|time\\.sleep\\s*\\()',
+    risk: 'medium',
+    message: '检测到阻塞等待调用，可能降低服务吞吐和响应',
+    suggestion: '改用异步等待或限流/队列机制，避免阻塞主线程',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF010',
+    name: '无界线程池',
+    pattern: 'Executors\\.newCachedThreadPool\\s*\\(',
+    risk: 'high',
+    message: '检测到无界线程池，可能导致线程爆炸与资源枯竭',
+    suggestion: '使用有界线程池并设置合理最大值与队列长度',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF011',
+    name: '循环内字符串拼接',
+    pattern: '(for|while)\\s*\\([^)]*\\)\\s*\\{[^}]*\\b\\w+\\s*\\+=\\s*[\'"`]',
+    risk: 'medium',
+    message: '循环内频繁字符串拼接会造成较大CPU与内存开销',
+    suggestion: '使用StringBuilder/列表收集再join，或其他批量化策略',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF012',
+    name: '循环内创建数据库连接',
+    pattern: 'for\\s*\\([^)]*\\)\\s*\\{[^}]*\\b(getConnection|openConnection|new\\s+SqlConnection|mysql_connect|pg_connect|MongoClient\\s*\\()\\b',
+    risk: 'high',
+    message: '循环内反复创建数据库连接会导致严重性能问题',
+    suggestion: '使用连接池与复用策略，在循环外预先获取连接',
+    flags: 'gi'
+  },
+  {
+    id: 'PERF013',
+    name: 'HTTP请求缺少超时（Python）',
+    pattern: 'requests\\.(get|post|put|delete)\\s*\\(',
+    risk: 'medium',
+    message: '网络请求未设置超时会造成资源悬挂与吞吐下降',
+    suggestion: '设置合理的timeout参数，并对重试与熔断进行控制',
+    flags: 'gi',
+    requiresAbsent: ['timeout\\s*=']
+  }
+];