9.8 KiB
9.8 KiB
allowed-tools, description
| allowed-tools | description |
|---|---|
| Bash, Read, Write, Edit, Grep, Glob | Analyze code changes with detailed feedback on quality, patterns, and improvement opportunities |
Code Review Assistant Command
Provide intelligent code analysis and actionable improvement recommendations for code changes.
Usage
/code-review-assistant <target>
Examples:
/code-review-assistant @$ARGUMENTS # Review with context
/code-review-assistant src/api/auth.js # Review specific file
/code-review-assistant . # Review all changes
What This Command Does
Analyzes code to provide:
- Pattern Recognition: Identify design patterns and architectural approaches
- Quality Assessment: Evaluate code structure and maintainability
- Improvement Suggestions: Specific, actionable recommendations
- Best Practice Guidance: Industry standards and proven patterns
- Learning Opportunities: Educational insights for team growth
Analysis Framework
Step 1: Context Gathering
Collect information about the code:
# File information
git log --oneline <file> -10
git blame <file>
# Related files
git diff --name-only HEAD~5..HEAD
# Code metrics
cloc <file>
Step 2: Pattern Analysis
Identify patterns in the code:
Design Patterns:
- Singleton, Factory, Strategy, Observer, etc.
- Proper implementation and usage
- Opportunities for pattern application
Architectural Patterns:
- MVC, MVVM, Clean Architecture
- Layered architecture adherence
- Separation of concerns
Anti-Patterns:
- God objects
- Spaghetti code
- Tight coupling
- Magic numbers
- Hardcoded values
Step 3: Quality Evaluation
Code Structure:
// Example: Function complexity analysis
function analyzeComplexity(code) {
return {
cyclomaticComplexity: calculateCC(code),
cognitiveComplexity: calculateCognitive(code),
nestingDepth: calculateNesting(code),
recommendation: getRecommendation()
};
}
Maintainability Factors:
- Clear naming conventions
- Function/method length
- Parameter count
- Return complexity
- Side effects
Step 4: Generate Recommendations
Provide structured feedback:
## Analysis Results
### Architecture & Design
**Current Approach**: MVC with service layer
**Strengths**: Clear separation of concerns
**Improvements**:
- Consider dependency injection for better testability
- Extract business logic from controllers to services
### Code Quality
**Complexity**: 3 functions exceed complexity threshold
- `processUserData()` CC: 12 (target: <10)
- `validateInput()` CC: 11 (target: <10)
**Recommendations**:
1. Extract validation logic into separate validators
2. Use early returns to reduce nesting
3. Apply strategy pattern for different data types
### Performance
**Potential Issues**:
- Database queries in loop (lines 45-52)
- Unnecessary object cloning (line 78)
**Optimizations**:
- Batch database queries
- Use shallow copy where deep copy not needed
### Testing
**Coverage**: 75% (target: >80%)
**Missing Tests**:
- Edge cases for empty input
- Error handling scenarios
- Concurrent access patterns
Review Categories
1. Code Structure
What to Check:
- Function size (< 50 lines ideal)
- Class size (< 300 lines ideal)
- Parameter count (< 5 ideal)
- Nesting depth (< 4 levels)
- Cyclomatic complexity (< 10)
Example Feedback:
# Current: High complexity
def process_order(order, user, payment, shipping, promo):
if user.is_verified:
if payment.is_valid:
if shipping.is_available:
# ... deep nesting
# Suggested: Simplified
def process_order(order_request: OrderRequest) -> OrderResult:
validate_order_request(order_request)
payment = process_payment(order_request.payment)
shipping = arrange_shipping(order_request.shipping)
return create_order(order_request, payment, shipping)
2. Security Analysis
Check For:
- Input validation
- SQL injection risks
- XSS vulnerabilities
- Authentication/authorization
- Sensitive data exposure
- Secure password handling
Example Feedback:
// Issue: SQL injection vulnerability
const query = `SELECT * FROM users WHERE email = '${email}'`;
// Fix: Use parameterized queries
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [email]);
// Or use ORM
const user = await User.findOne({ where: { email } });
3. Performance Review
Analyze:
- Algorithm efficiency
- Database query patterns
- Memory usage
- Caching opportunities
- Async/await usage
Example Feedback:
# Issue: N+1 query problem
def get_user_orders(user_ids):
users = User.query.filter(User.id.in_(user_ids)).all()
for user in users:
orders = user.orders # Separate query for each user!
# Fix: Eager loading
def get_user_orders(user_ids):
users = User.query\
.options(joinedload(User.orders))\
.filter(User.id.in_(user_ids))\
.all()
4. Testing Assessment
Evaluate:
- Test coverage
- Test quality
- Edge case handling
- Integration tests
- Mock usage
Example Feedback:
// Current: Incomplete testing
describe('calculateDiscount', () => {
it('applies discount', () => {
expect(calculateDiscount(100, 0.1)).toBe(90);
});
});
// Suggested: Comprehensive tests
describe('calculateDiscount', () => {
it('applies valid discount percentage', () => {
expect(calculateDiscount(100, 0.1)).toBe(90);
});
it('handles zero discount', () => {
expect(calculateDiscount(100, 0)).toBe(100);
});
it('throws error for negative discount', () => {
expect(() => calculateDiscount(100, -0.1)).toThrow();
});
it('handles invalid input gracefully', () => {
expect(() => calculateDiscount(null, 0.1)).toThrow(TypeError);
});
});
Improvement Patterns
Extract Method
When: Function does multiple things
// Before
public void processUser(User user) {
// Validate
if (user.name == null) throw new Exception();
// Save
database.save(user);
// Send email
email.send(user.email);
}
// After
public void processUser(User user) {
validateUser(user);
saveUser(user);
notifyUser(user);
}
Replace Conditional with Polymorphism
When: Complex if/else or switch statements
// Before
function getPrice(product: Product): number {
if (product.type === 'book') {
return product.basePrice * 0.9;
} else if (product.type === 'electronics') {
return product.basePrice * 1.1;
}
return product.basePrice;
}
// After
interface Product {
getPrice(): number;
}
class Book implements Product {
getPrice(): number {
return this.basePrice * 0.9;
}
}
class Electronics implements Product {
getPrice(): number {
return this.basePrice * 1.1;
}
}
Introduce Parameter Object
When: Functions have many parameters
// Before
func CreateUser(name string, email string, phone string, addr string, city string) {}
// After
type UserInfo struct {
Name string
Email string
Phone string
Address string
City string
}
func CreateUser(info UserInfo) {}
Best Practices Guidance
Naming Conventions
- Variables: descriptive, camelCase/snake_case
- Functions: verb + noun (getUserById, calculateTotal)
- Classes: noun, PascalCase (UserManager, OrderService)
- Constants: UPPER_SNAKE_CASE (MAX_RETRY_COUNT)
- Booleans: is/has/can prefix (isValid, hasPermission)
Error Handling
// Good: Specific error handling
try {
await processPayment(order);
} catch (error) {
if (error instanceof PaymentError) {
logger.error('Payment failed', { orderId: order.id, error });
await notifyPaymentFailure(order);
} else if (error instanceof NetworkError) {
await queueForRetry(order);
} else {
throw error; // Re-throw unexpected errors
}
}
Documentation
def calculate_shipping_cost(
weight: float,
distance: float,
priority: str = 'standard'
) -> float:
"""
Calculate shipping cost based on package weight and distance.
Args:
weight: Package weight in kilograms
distance: Shipping distance in kilometers
priority: Shipping priority ('standard', 'express', 'overnight')
Returns:
Shipping cost in dollars
Raises:
ValueError: If weight or distance is negative
Example:
>>> calculate_shipping_cost(2.5, 100, 'express')
25.50
"""
pass
Actionable Feedback Format
Structure recommendations clearly:
## Priority: HIGH
**Issue**: SQL injection vulnerability in user authentication
**Location**: auth.js:45
**Impact**: Security breach, data exposure
**Fix**:
```javascript
// Replace
const query = `SELECT * FROM users WHERE email = '${email}'`;
// With
const query = 'SELECT * FROM users WHERE email = ?';
db.query(query, [email]);
Testing: Add security test to verify parameterization
Priority: MEDIUM
Observation: High cyclomatic complexity in validateOrder() Location: order.js:123 Impact: Difficult to test and maintain Suggestion: Extract validation rules into separate validator classes Benefit: Better testability, easier to extend validation rules
## Learning Opportunities
Highlight educational insights:
- **Pattern Recognition**: "This code could benefit from the Strategy pattern"
- **Best Practices**: "Consider using dependency injection here"
- **Performance**: "Eager loading would eliminate the N+1 query issue"
- **Testing**: "Add property-based testing for edge cases"
## Methodology
This command follows these principles:
- **Constructive**: Focus on improvements, not criticism
- **Specific**: Provide exact line numbers and code examples
- **Actionable**: Give clear steps to implement suggestions
- **Educational**: Explain why changes improve code
- **Prioritized**: Rank issues by severity and impact