Code Review Skill
Complete 5-step code review workflow for GitCode PRs.
📁 Temp Directory Management
所有审查过程中生成的临时文件必须存放在 temp/ 目录下:
| 文件 | 说明 |
|---|
| INLINECODE1 | Step 1 自动化扫描结果 |
| INLINECODE2 |
Step 3 选择的 Top 问题 |
|
temp/formatted_review.json | Step 4 格式化后的评论 |
|
temp/*.py | 脚本运行时缓存的文件 |
|
temp/* | 获取的 diff 文件,下载的代码文件 |
⚠️ 重要:审查完成后必须清理 temp/ 目录,删除所有临时文件。
5-Step Review Process
Step 1: Automated Scanning
Run script to detect critical issues:
CODEBLOCK0
Detects: SQL injection, command injection, XSS, eval(), hardcoded credentials, resource leaks, infinite loops.
Features:
- - ✅ Automatic line number verification - Downloads the actual file and verifies line numbers match the code snippets
- ✅ Smart caching - Avoids redundant downloads for the same PR
- ✅ Line number correction - Automatically fixes incorrect line numbers and logs changes
Output: temp/review_result.json (with verified line numbers)
Step 2: Manual Review (REQUIRED)
Always read all changed code manually. Script misses:
- - Logic errors and edge cases
- Design flaws
- Performance issues
- Missing error handling
- Business logic errors
- Code duplication
- Test coverage gaps
How to get diff:
CODEBLOCK1
Important: For each issue found, record:
- - File path: e.g., �INLINECODE8
- Line range: e.g.,
L42-L45 (the line numbers of the problematic code) - Problem code: The actual code snippet
- Description: Detailed explanation of the issue
- Suggestion: Specific fix recommendation
How to find the correct line number in the new file:
Use the provided helper script to find exact line numbers:
CODEBLOCK2
Example:
�CODEBLOCK3
Important: The position in your JSON must be the last line of the problematic code range (e.g., if problem spans L103-L105, use 105).
Manual method (if script unavailable):
When reviewing a diff file, the line numbers shown in the diff (after @@ markers) may not match the actual line numbers in the new file. To find the correct position for PR comments:
Understanding diff hunk headers:
@@ -old_start,old_count +new_start,new_count @@
- -
-old_start,old_count: Old file starting line and number of lines - INLINECODE15�: New file starting line and number of lines
How to calculate exact line numbers in the new file:
- 1. Find the hunk header with
+new_start (the number after +) - Count lines from that starting number, including:
- Context lines (no prefix)
- Added lines (starting with
+)
- Modified lines (shown as removed
- then added
+)
- 3. Exclude the hunk header line itself and file metadata lines
Example:
@@ -40,7 +39,7 @@ bool QueryTableDataDetailHandler::HandleRequest(...)
} else if (request.params.type == "1") {
ComputeLinkPageDetail(request, response, database);
}
- session.OnResponse(std::move(responsePtr));
+ SendResponse(std::move(responsePtr), true);
return true;
}
- - New file starts at line 39
- Line 39: �INLINECODE21
- Line 40: �INLINECODE22
- Line 41: �INLINECODE23
- Line 42:
SendResponse(std::move(responsePtr), true); ← This is line 42 - Line 43: �INLINECODE25
- 2. For new files (file mode is
new file mode):
�CODEBLOCK6
- 3. Quick check: The
position should point to the last line of the problematic code range in the new file (after PR changes).
Tip: If GitCode API returns 400 Bad Request with "diff failed to be generated due to invalid params under position param", the line number is likely incorrect.
Important: Always verify by manually counting from the +new_start line number in the hunk header. Do not guess or estimate line numbers.
Step 3: Select Top 3 Issues
⚠️ 流程决策:
| 问题数量 | 后续步骤 |
|---|
| 0 个 | 直接退出,输出"0 问题,审查通过",跳过 Step 3/4/5 |
| 1-3 个 |
继续 Step 3/4,按实际数量处理(不必凑满 3 个) |
|
>3 个 | 选择最严重的 3 个问题,继续后续步骤 |
Combine automated + manual findings:
- - Filter false positives from script
- Add issues found in manual review
- Sort by severity (1-10)
- Select top issues (up to 3, no need to fill exactly 3)
Note: 当问题数量为 0 时,直接退出整个审查流程,无需生成任何 JSON 文件。
Generate json format file temp/top3_issues.json for these issues to use in next step.
INLINECODE31� must be created in the directory of format_review.py for the next step to read.
Important:
- - The
description field must contain the complete description from Step 1 and Step 2 findings, not a simplified version. Include all context and details. - The
position field must be the last line number of the problematic code range (e.g., if problem code is at L42-L45, use 45)
Structure:
CODEBLOCK7
Note: position uses the last line of the code range for GitCode API positioning.
Important: The position must be the line number in the new file (after PR changes), not the line number in the diff file. See Step 2 for how to calculate the correct line number.
If total issues = 0: 跳过整个 Step 3/4/5,直接输出审查通过结论。
If total issues 1-3: 按实际数量继续后续步骤,无需凑满 3 个。
After generating temp/top3_issues.json, display the issues in Markdown format:
Top 3 Issues Selected
🔴 问题 #1 | 可维护性问题 | 6/10
文件: server/src/.../CheckProjectValidHandler.cpp\\
问题代码行: �INLINECODE40
问题代码:
CODEBLOCK8�
提取公共函数到 FileUtil 类中 |
🟠 问题 #2 | 测试覆盖问题 | 6/10
文件: server/src/.../CheckProjectValidHandler.cpp\\
问题代码行: �INLINECODE42
问题代码:
CODEBLOCK9�
补充单元测试覆盖各种场景 |
🟡 问题 #3 | 代码一致性问题 | 5/10
文件: server/src/.../TimelineProtocolRequest.h\\
问题代码行: �INLINECODE44
问题代码:
CODEBLOCK10�
| review | 内容 |
|---|
| 描述 | 逻辑不一致,缺少 IsRegularFile 检查 |
| 建议 |
统一使用 FileUtil::CheckPathSafety |
Total: 3 issues selected (or actual count if less than 3)
Note: position in JSON uses the last line number (e.g., L119-L124 → position: 124)
After generating temp/top3_issues.json, immediately proceed to Step 4 to format the output.
If total issues = 0: 直接跳过 Step 3/4/5,输出审查通过结论。
Step 4: Format Output
Format issues to structured JSON:
CODEBLOCK11
Input:
- -
temp/top3_issues.json from Step 3
Output: �INLINECODE48
INLINECODE49� must be created in the directory of post_review.py for the next step to read.
Structure:
CODEBLOCK12
Comment Format (in body field):
CODEBLOCK13
After generating formatted_review.json, display the formatted content:
CODEBLOCK14
Step 5: Post to PR (Optional) - ⚠️ 必须等待用户确认
🚨 重要警告:此步骤涉及向 PR 发布评论,属于外部写入操作。必须先显示预览并等待用户明确确认(yes/no),严禁擅自执行!
Preview and confirm before posting:
CODEBLOCK15
Parameters:
- -
owner: Repository owner (e.g., Ascend) - INLINECODE55�: Repository name (e.g.,
msinsight) - INLINECODE57�: PR number (e.g.,
277) - INLINECODE59�: GitCode access token
- INLINECODE60�: Output from Step 4 (default:
temp/formatted_review.json)
Example:
CODEBLOCK16
Flow (必须严格遵守):
- 1. Read
temp/formatted_review.json from Step 4 - Display preview of all comments
- ⚠️ 必须等待用户明确确认:询问用户 "是否确认提交以上评论?(yes/no)"
- 只有用户回复 'yes' 或 '是' 后才执行提交,否则取消
- 审查完成后清理 temp 目录(见下方)
🧹 Temp Directory Cleanup
⚠️ 审查完成后必须清理 temp 目录:
CODEBLOCK17
清理时机:
- - 当问题数量为 0 时,审查通过后立即清理
- 当问题数量 >0 时,完成 Step 5(发布评论)后清理
- 如果用户拒绝发布评论,也需清理
保留情况:无
Severity Scale
| Score | Level | Action |
|---|
| 9-10 | Critical | Block merge |
| 7-8 |
High | Strongly recommend fix |
| 5-6 | Medium | Recommend fix |
| 3-4 | Low | Optional fix |
| 1-2 | Nit | Style suggestion |
Manual Review Checklist
Logic & Correctness
- - [ ] Edge cases (null, empty, max values)
- [ ] Error handling paths
- [ ] Concurrency/thread safety
- [ ] Resource cleanup
Design & Architecture
- - [ ] Single responsibility
- [ ] No code duplication
- [ ] Clean interfaces
- [ ] Clear dependencies
Performance
- - [ ] Algorithm complexity
- [ ] N+1 queries
- [ ] Large data handling
- [ ] Memory usage
Security
- - [ ] Input validation
- [ ] Output encoding
- [ ] Authorization checks
- [ ] Sensitive data handling
Testing
- - [ ] Tests cover changes
- [ ] Edge cases tested
- [ ] Error paths tested
API Reference
- - Get PR files: �INLINECODE63
- Get diff: �INLINECODE64
- Post comment: �INLINECODE65
Scripts
| Script | Purpose | Step | Input | Output | Features |
|---|
| INLINECODE66 | Automated scanning | 1 | PR URL + Token | INLINECODE67 | Auto line verification, caching |
| INLINECODE68 |
Find code line numbers | 2 | File path + code snippet | Line number(s) | Exact match, multi-line support |
|
format_review.py | Format to JSON | 4 |
temp/top3_issues.json |
temp/formatted_review.json | GitCode API format |
|
post_review.py | Post to PR | 5 |
temp/formatted_review.json| PR comments | Batch posting with confirmation |
Script Details
review_pr.py
New Features (v2.0):
- 1. Automatic Line Number Verification
- Downloads modified files from PR branch
- Uses code snippets to find exact line numbers
- Corrects mismatches automatically
- 2. File Caching
- Caches downloaded files to avoid redundant API calls
- Cache key: �INLINECODE75
- 3. Verification Logging
- Logs line number corrections:
Line number corrected: file.ts:275 -> 167
- Warns if verification fails
