zhongwei/gh-byborgai-prompt-collection-aitt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
gh-byborgai-prompt-collecti…/commands/code-review.md
Zhongwei Li b79afb344c Initial commit
2025-11-29 18:02:48 +08:00

78 lines
4.3 KiB
Markdown
Raw Permalink Blame History

---
allowed-tools: Read, Grep, Glob, Bash, TodoWrite
description: "Analyze code quality, security, performance, and architecture"
---
# /code-review - Code Review
## Purpose
Execute comprehensive code analysis across quality, security, performance, and architecture domains.
## Usage
```bash
/code-review [branch]
```
## Execution
1. Discover and categorize files for analysis based on the diff between the current branch and the target branch:
- Use `git diff {branch_argument}...$(git branch --show-current)` where `{branch_argument}` is the first argument (defaults to 'master' if not provided)
2. Apply appropriate analysis tools and techniques:
- **Quality**: Code style, complexity, maintainability, technical debt assessment, SOLID principles compliance, error handling patterns
- **Security**: Vulnerability scanning, dependency checks, threat modeling, authentication/authorization flaws, data exposure risks, input validation
- **Performance**: Profiling, bottleneck identification, resource usage analysis, scalability assessment, Core Web Vitals (frontend), memory management (leaks, dangling pointers, buffer overflows)
- **Architecture**: Design patterns, modularity, scalability, coupling analysis, separation of concerns, future-proofing evaluation
- **Testing**: Test quality, edge case handling, test pyramid compliance (DO NOT run tests, just analyze test
- **Maintainability**: Code readability, documentation quality, code comments, naming conventions, modularity
coverage and quality)
- Based on an initial quick analysis, add additional checks if necessary
3. Generate findings with severity ratings
4. Create actionable recommendations with priorities, only if issues are found
- Severity levels:
- High: Critical issues that must be addressed immediately
- Medium: Important issues that should be resolved soon
- Low: Minor issues that can be addressed later
- List should be sorted by severity
- Include file project root relative filepaths and line numbers for each issue
- Focus on changes and the effects of those changes, not the entire file
5. Present ONLY a nicely formatted compact markdown table of text-based analysis report nothing else
- If you have positive findings, just add a tick mark next to the section that you used as a point to review
- Start with the positive findings and then list the improvements at the end
- Only include list of improvements
- Include:
- File paths in a following format: `./path/to/file.js:line_number` (DO NOT include ranges just where the issue
is)
- Issues found
- Severity
- Recommendations
### Example Output
```text
| Category | Assessment | Notes |
|----------------|------------|-------------------------------------------------------|
| Quality ✓ | Good | Clean JWT implementation following best practices |
| Security ⚠️ | Poor | Critical JWT verification vulnerability present |
| Performance ✓ | Good | Efficient key caching and library migration |
| Architecture ✓ | Good | Well-structured auth system with feature flag support |
Improvements Needed
| File | Issue | Severity | Recommendation |
|---------------------------------------------|------------------------------------------|----------|---------------------------------------------------------------------|
| ./src/util/jwt-token.ts:26 | Incorrect key selection for verification | High | Use publicKey instead of checking privateKey for token verification |
| ./src/middlewares/auth-middleware.ts:68 | Hardcoded httpOnly setting | Medium | Use consistent auth v2 flag check like in login route |
| ./src/app/portal/api/user/login/route.ts:82 | Age verification expiry inconsistency | Low | Consider using consistent expiry calculation method |
```
DO NOT include any other text, explanations, or comments outside the markdown table.
## Claude Code Integration
- Uses Glob for systematic file discovery
- Leverages Grep for pattern-based analysis
- Applies Read for deep code inspection
- Maintains structured analysis reporting
Reference in New Issue View Git Blame Copy Permalink