Add multi-dimensional code review rules for architecture, correctness, performance, readability, security, and testing

- Introduced architecture rules to detect circular dependencies, god classes, layer violations, and mixed concerns. - Added correctness rules focusing on null checks, empty catch blocks, unreachable code, and type coercion. - Implemented performance rules addressing nested loops, synchronous I/O, memory leaks, and unnecessary re-renders in React. - Created readability rules to improve function length, variable naming, deep nesting, magic numbers, and commented code. - Established security rules to identify XSS risks, hardcoded secrets, SQL injection vulnerabilities, and insecure random generation. - Developed testing rules to enhance test quality, coverage, and maintainability, including missing assertions and error path testing. - Documented the structure and schema for rule files in the index.md for better understanding and usage.
2026-02-14 02:42:04 +08:00 · 2026-01-13 14:53:20 +08:00
parent 29c8bb7a66
commit 15514c8f91
10 changed files with 1530 additions and 174 deletions
--- a/.claude/skills/review-code/specs/rules/index.md
+++ b/.claude/skills/review-code/specs/rules/index.md
@@ -0,0 +1,140 @@
+# Code Review Rules Index
+
+This directory contains externalized review rules for the multi-dimensional code review skill.
+
+## Directory Structure
+
+```
+rules/
+├── index.md                    # This file
+├── correctness-rules.json      # CORR - Logic and error handling
+├── security-rules.json         # SEC  - Security vulnerabilities
+├── performance-rules.json      # PERF - Performance issues
+├── readability-rules.json      # READ - Code clarity
+├── testing-rules.json          # TEST - Test quality
+└── architecture-rules.json     # ARCH - Design patterns
+```
+
+## Rule File Schema
+
+Each rule file follows this JSON schema:
+
+```json
+{
+  "dimension": "string",        // Dimension identifier
+  "prefix": "string",           // Finding ID prefix (4 chars)
+  "description": "string",      // Dimension description
+  "rules": [
+    {
+      "id": "string",           // Unique rule identifier
+      "category": "string",     // Rule category within dimension
+      "severity": "critical|high|medium|low",
+      "pattern": "string",      // Detection pattern
+      "patternType": "regex|includes|ast",
+      "negativePatterns": [],   // Patterns that exclude matches
+      "caseInsensitive": false, // For regex patterns
+      "contextPattern": "",     // Additional context requirement
+      "contextPath": [],        // Path patterns for context
+      "lineThreshold": 0,       // For size-based rules
+      "methodThreshold": 0,     // For complexity rules
+      "description": "string",  // Issue description
+      "recommendation": "string", // How to fix
+      "fixExample": "string"    // Code example
+    }
+  ]
+}
+```
+
+## Dimension Summary
+
+| Dimension | Prefix | Rules | Focus Areas |
+|-----------|--------|-------|-------------|
+| Correctness | CORR | 5 | Null checks, error handling, type safety |
+| Security | SEC | 5 | XSS, injection, secrets, crypto |
+| Performance | PERF | 5 | Complexity, I/O, memory leaks |
+| Readability | READ | 5 | Naming, length, nesting, magic values |
+| Testing | TEST | 5 | Assertions, coverage, mock quality |
+| Architecture | ARCH | 5 | Dependencies, layering, coupling |
+
+## Severity Levels
+
+| Severity | Description | Action |
+|----------|-------------|--------|
+| **critical** | Security vulnerability or data loss risk | Must fix before release |
+| **high** | Bug or significant quality issue | Fix in current sprint |
+| **medium** | Code smell or maintainability concern | Plan to address |
+| **low** | Style or minor improvement | Address when convenient |
+
+## Pattern Types
+
+### regex
+Standard regular expression pattern. Supports flags via `caseInsensitive`.
+
+```json
+{
+  "pattern": "catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}",
+  "patternType": "regex"
+}
+```
+
+### includes
+Simple substring match. Faster than regex for literal strings.
+
+```json
+{
+  "pattern": "innerHTML",
+  "patternType": "includes"
+}
+```
+
+### ast (Future)
+AST-based detection for complex structural patterns.
+
+```json
+{
+  "pattern": "function[params>5]",
+  "patternType": "ast"
+}
+```
+
+## Usage in Code
+
+```javascript
+// Load rules
+const rules = JSON.parse(fs.readFileSync('correctness-rules.json'));
+
+// Apply rules
+for (const rule of rules.rules) {
+  const matches = detectByPattern(content, rule.pattern, rule.patternType);
+  for (const match of matches) {
+    // Check negative patterns
+    if (rule.negativePatterns?.some(np => match.context.includes(np))) {
+      continue;
+    }
+    findings.push({
+      id: `${rules.prefix}-${counter++}`,
+      severity: rule.severity,
+      category: rule.category,
+      description: rule.description,
+      recommendation: rule.recommendation,
+      fixExample: rule.fixExample
+    });
+  }
+}
+```
+
+## Adding New Rules
+
+1. Identify the appropriate dimension
+2. Create rule with unique `id` within dimension
+3. Choose appropriate `patternType`
+4. Provide clear `description` and `recommendation`
+5. Include practical `fixExample`
+6. Test against sample code
+
+## Rule Maintenance
+
+- Review rules quarterly for relevance
+- Update patterns as language/framework evolves
+- Track false positive rates
+- Collect feedback from users