对指定的 Git commit 或 commit 范围进行自动代码审查。当用户要求审查代码变更、检查 commit、或进行 code review 时使用此技能。支持审查单个 commit、commit 范围(commitA..commitB)、分支对比、或未暂存变更。输出结构化报告,聚焦安全性、代码质量与最佳实践的高信号问题。
对 Git commit 进行自动代码审查,识别安全漏洞、代码异味和改进机会。
python3 scripts/review_commits.py <commit-range>
示例:
# 单个 commit
python3 scripts/review_commits.py a1b2c3d
# commit 范围
python3 scripts/review_commits.py a1b2c3d..e5f6g7h
# 最近 N 个提交
python3 scripts/review_commits.py HEAD~5..HEAD
# 分支差异
python3 scripts/review_commits.py main..feature-branch
# 未暂存变更(不带参数)
python3 scripts/review_commits.py
报告示例:
📊 CODE REVIEW REPORT
============================================================
🔴 Critical Issues: 3
🟡 Warnings: 7
🔵 Info: 12
✅ Total Issues: 22
安全性:
eval/exec 使用代码质量:
print(...)最佳实践:
except 块git diff --name-only 获取变更文件当需要更完整的人工审查标准时,查阅:
references/review-standards.md:代码审查标准、严重性分级、语言实践与性能建议references/security-checklist.md:安全审查清单与 OWASP Top 10 覆盖审查报告包含:
📊 CODE REVIEW REPORT
============================================================
🔴 Critical Issues: 3
🟡 Warnings: 7
🔵 Info: 12
✅ Total Issues: 22
============================================================
🔴 CRITICAL ISSUES (Must Fix)
============================================================
🔴 [Security] src/auth.py:45
Hardcoded password detected
Code: password = "admin123"
🟡 [Code Quality] src/utils.js:123
Remove print statement - use proper logging
Code: console.log("Debug info")
❌ Error: Not in a git repository:需要在 Git 仓库目录下运行
✅ No changes found to review.:指定范围或工作区当前无变更
references/review-standards.md 进行完整代码审查references/security-checklist.md 进行安全审查补充