feat: Add orchestrator and state management for code review process

- Implemented orchestrator logic to manage code review phases, including state reading, action selection, and execution loop. - Defined state schema for review process, including metadata, context, findings, and execution tracking. - Created action catalog detailing actions for context collection, quick scan, deep review, report generation, and completion. - Established error recovery strategies and termination conditions for robust review handling. - Developed issue classification and quality standards documentation to guide review severity and categorization. - Introduced review dimensions with detailed checklists for correctness, security, performance, readability, testing, and architecture. - Added templates for issue reporting and review reports to standardize output and improve clarity.
2026-02-13 02:41:50 +08:00 · 2026-01-13 14:39:16 +08:00
parent 76f5311e78
commit 29c8bb7a66
13 changed files with 2611 additions and 0 deletions
--- a/.claude/skills/review-code/phases/actions/action-collect-context.md
+++ b/.claude/skills/review-code/phases/actions/action-collect-context.md
@@ -0,0 +1,139 @@
+# Action: Collect Context
+
+收集审查目标的上下文信息。
+
+## Purpose
+
+在开始审查前，收集目标代码的基本信息：
+- 确定审查范围（文件/目录）
+- 识别编程语言和框架
+- 统计代码规模
+
+## Preconditions
+
+- [ ] state.status === 'pending' || state.context === null
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  // 1. 询问用户审查目标
+  const input = await AskUserQuestion({
+    questions: [{
+      question: "请指定要审查的代码路径：",
+      header: "审查目标",
+      multiSelect: false,
+      options: [
+        { label: "当前目录", description: "审查当前工作目录下的所有代码" },
+        { label: "src/", description: "审查 src/ 目录" },
+        { label: "手动指定", description: "输入自定义路径" }
+      ]
+    }]
+  });
+  
+  const targetPath = input["审查目标"] === "手动指定" 
+    ? input["其他"] 
+    : input["审查目标"] === "当前目录" ? "." : "src/";
+  
+  // 2. 收集文件列表
+  const files = Glob(`${targetPath}/**/*.{ts,tsx,js,jsx,py,java,go,rs,cpp,c,cs}`);
+  
+  // 3. 检测主要语言
+  const languageCounts = {};
+  files.forEach(file => {
+    const ext = file.split('.').pop();
+    const langMap = {
+      'ts': 'TypeScript', 'tsx': 'TypeScript',
+      'js': 'JavaScript', 'jsx': 'JavaScript',
+      'py': 'Python',
+      'java': 'Java',
+      'go': 'Go',
+      'rs': 'Rust',
+      'cpp': 'C++', 'c': 'C',
+      'cs': 'C#'
+    };
+    const lang = langMap[ext] || 'Unknown';
+    languageCounts[lang] = (languageCounts[lang] || 0) + 1;
+  });
+  
+  const primaryLanguage = Object.entries(languageCounts)
+    .sort((a, b) => b[1] - a[1])[0]?.[0] || 'Unknown';
+  
+  // 4. 统计代码行数
+  let totalLines = 0;
+  for (const file of files.slice(0, 100)) {  // 限制前100个文件
+    try {
+      const content = Read(file);
+      totalLines += content.split('\n').length;
+    } catch (e) {}
+  }
+  
+  // 5. 检测框架
+  let framework = null;
+  if (files.some(f => f.includes('package.json'))) {
+    const pkg = JSON.parse(Read('package.json'));
+    if (pkg.dependencies?.react) framework = 'React';
+    else if (pkg.dependencies?.vue) framework = 'Vue';
+    else if (pkg.dependencies?.angular) framework = 'Angular';
+    else if (pkg.dependencies?.express) framework = 'Express';
+    else if (pkg.dependencies?.next) framework = 'Next.js';
+  }
+  
+  // 6. 构建上下文
+  const context = {
+    target_path: targetPath,
+    files: files.slice(0, 200),  // 限制最多200个文件
+    language: primaryLanguage,
+    framework: framework,
+    total_lines: totalLines,
+    file_count: files.length
+  };
+  
+  // 7. 保存上下文
+  Write(`${workDir}/context.json`, JSON.stringify(context, null, 2));
+  
+  return {
+    stateUpdates: {
+      status: 'running',
+      context: context
+    }
+  };
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    status: 'running',
+    context: {
+      target_path: targetPath,
+      files: fileList,
+      language: primaryLanguage,
+      framework: detectedFramework,
+      total_lines: totalLines,
+      file_count: fileCount
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `context.json`
+- **Location**: `${workDir}/context.json`
+- **Format**: JSON
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 路径不存在 | 提示用户重新输入 |
+| 无代码文件 | 返回错误，终止审查 |
+| 读取权限问题 | 跳过该文件，记录警告 |
+
+## Next Actions
+
+- 成功: action-quick-scan
+- 失败: action-abort
--- a/.claude/skills/review-code/phases/actions/action-complete.md
+++ b/.claude/skills/review-code/phases/actions/action-complete.md
@@ -0,0 +1,115 @@
+# Action: Complete
+
+完成审查，保存最终状态。
+
+## Purpose
+
+结束代码审查流程：
+- 保存最终状态
+- 输出审查摘要
+- 提供报告路径
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] state.report_generated === true
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  // 1. 计算审查时长
+  const duration = Date.now() - new Date(state.started_at).getTime();
+  const durationMinutes = Math.round(duration / 60000);
+  
+  // 2. 生成最终摘要
+  const summary = {
+    ...state.summary,
+    review_duration_ms: duration,
+    completed_at: new Date().toISOString()
+  };
+  
+  // 3. 保存最终状态
+  const finalState = {
+    ...state,
+    status: 'completed',
+    completed_at: summary.completed_at,
+    summary: summary
+  };
+  
+  Write(`${workDir}/state.json`, JSON.stringify(finalState, null, 2));
+  
+  // 4. 输出摘要信息
+  console.log('========================================');
+  console.log('        CODE REVIEW COMPLETED');
+  console.log('========================================');
+  console.log('');
+  console.log(`📁 审查目标: ${state.context.target_path}`);
+  console.log(`📄 文件数量: ${state.context.file_count}`);
+  console.log(`📝 代码行数: ${state.context.total_lines}`);
+  console.log('');
+  console.log('--- 问题统计 ---');
+  console.log(`🔴 Critical: ${summary.critical}`);
+  console.log(`🟠 High:     ${summary.high}`);
+  console.log(`🟡 Medium:   ${summary.medium}`);
+  console.log(`🔵 Low:      ${summary.low}`);
+  console.log(`⚪ Info:     ${summary.info}`);
+  console.log(`📊 Total:    ${summary.total_issues}`);
+  console.log('');
+  console.log(`⏱️  审查用时: ${durationMinutes} 分钟`);
+  console.log('');
+  console.log(`📋 报告位置: ${state.report_path}`);
+  console.log('========================================');
+  
+  // 5. 返回状态更新
+  return {
+    stateUpdates: {
+      status: 'completed',
+      completed_at: summary.completed_at,
+      summary: summary
+    }
+  };
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    status: 'completed',
+    completed_at: new Date().toISOString(),
+    summary: {
+      total_issues: state.summary.total_issues,
+      critical: state.summary.critical,
+      high: state.summary.high,
+      medium: state.summary.medium,
+      low: state.summary.low,
+      info: state.summary.info,
+      review_duration_ms: duration
+    }
+  }
+};
+```
+
+## Output
+
+- **Console**: 审查完成摘要
+- **State**: 最终状态保存到 `state.json`
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 状态保存失败 | 输出到控制台 |
+
+## Next Actions
+
+- 无（终止状态）
+
+## Post-Completion
+
+用户可以：
+1. 查看完整报告: `cat ${workDir}/review-report.md`
+2. 查看问题详情: `cat ${workDir}/findings/*.json`
+3. 导出报告到其他位置
--- a/.claude/skills/review-code/phases/actions/action-deep-review.md
+++ b/.claude/skills/review-code/phases/actions/action-deep-review.md
@@ -0,0 +1,256 @@
+# Action: Deep Review
+
+深入审查指定维度的代码质量。
+
+## Purpose
+
+针对单个维度进行深入审查：
+- 逐文件检查
+- 记录发现的问题
+- 提供具体的修复建议
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] state.scan_completed === true
+- [ ] 存在未审查的维度
+
+## Dimension Focus Areas
+
+### Correctness (正确性)
+- 逻辑错误和边界条件
+- Null/undefined 处理
+- 错误处理完整性
+- 类型安全
+- 资源泄漏
+
+### Readability (可读性)
+- 命名规范
+- 函数长度和复杂度
+- 代码重复
+- 注释质量
+- 代码组织
+
+### Performance (性能)
+- 算法复杂度
+- 不必要的计算
+- 内存使用
+- I/O 效率
+- 缓存策略
+
+### Security (安全性)
+- 注入风险 (SQL, XSS, Command)
+- 认证和授权
+- 敏感数据处理
+- 加密使用
+- 依赖安全
+
+### Testing (测试)
+- 测试覆盖率
+- 边界条件测试
+- 错误路径测试
+- 测试可维护性
+- Mock 使用
+
+### Architecture (架构)
+- 分层结构
+- 依赖方向
+- 单一职责
+- 接口设计
+- 扩展性
+
+## Execution
+
+```javascript
+async function execute(state, workDir, currentDimension) {
+  const context = state.context;
+  const dimension = currentDimension;
+  const findings = [];
+  
+  // 获取维度特定的检查规则
+  const rules = getDimensionRules(dimension);
+  
+  // 优先审查高风险区域
+  const filesToReview = state.scan_summary?.risk_areas
+    ?.map(r => r.file)
+    ?.filter(f => context.files.includes(f)) || context.files;
+  
+  const filesToCheck = [...new Set([
+    ...filesToReview.slice(0, 20),
+    ...context.files.slice(0, 30)
+  ])].slice(0, 50);  // 最多50个文件
+  
+  let findingCounter = 1;
+  
+  for (const file of filesToCheck) {
+    try {
+      const content = Read(file);
+      const lines = content.split('\n');
+      
+      // 应用维度特定规则
+      for (const rule of rules) {
+        const matches = rule.detect(content, lines, file);
+        for (const match of matches) {
+          findings.push({
+            id: `${getDimensionPrefix(dimension)}-${String(findingCounter++).padStart(3, '0')}`,
+            severity: match.severity,
+            dimension: dimension,
+            category: rule.category,
+            file: file,
+            line: match.line,
+            code_snippet: match.snippet,
+            description: match.description,
+            recommendation: rule.recommendation,
+            fix_example: rule.fixExample
+          });
+        }
+      }
+    } catch (e) {
+      // 跳过无法读取的文件
+    }
+  }
+  
+  // 保存维度发现
+  Write(`${workDir}/findings/${dimension}.json`, JSON.stringify(findings, null, 2));
+  
+  return {
+    stateUpdates: {
+      reviewed_dimensions: [...(state.reviewed_dimensions || []), dimension],
+      current_dimension: null,
+      [`findings.${dimension}`]: findings
+    }
+  };
+}
+
+function getDimensionPrefix(dimension) {
+  const prefixes = {
+    correctness: 'CORR',
+    readability: 'READ',
+    performance: 'PERF',
+    security: 'SEC',
+    testing: 'TEST',
+    architecture: 'ARCH'
+  };
+  return prefixes[dimension] || 'MISC';
+}
+
+function getDimensionRules(dimension) {
+  // 参见 specs/review-dimensions.md 获取完整规则
+  const allRules = {
+    correctness: [
+      {
+        category: 'null-check',
+        detect: (content, lines) => {
+          const issues = [];
+          lines.forEach((line, i) => {
+            if (line.match(/\w+\.\w+/) && !line.includes('?.') && !line.includes('if') && !line.includes('null')) {
+              // 简化检测：可能缺少 null 检查
+            }
+          });
+          return issues;
+        },
+        recommendation: 'Add null/undefined check before accessing properties',
+        fixExample: 'obj?.property or if (obj) { obj.property }'
+      },
+      {
+        category: 'empty-catch',
+        detect: (content, lines) => {
+          const issues = [];
+          const regex = /catch\s*\([^)]*\)\s*{\s*}/g;
+          let match;
+          while ((match = regex.exec(content)) !== null) {
+            const lineNum = content.substring(0, match.index).split('\n').length;
+            issues.push({
+              severity: 'high',
+              line: lineNum,
+              snippet: match[0],
+              description: 'Empty catch block silently swallows errors'
+            });
+          }
+          return issues;
+        },
+        recommendation: 'Log the error or rethrow it',
+        fixExample: 'catch (e) { console.error(e); throw e; }'
+      }
+    ],
+    security: [
+      {
+        category: 'xss-risk',
+        detect: (content, lines) => {
+          const issues = [];
+          lines.forEach((line, i) => {
+            if (line.includes('innerHTML') || line.includes('dangerouslySetInnerHTML')) {
+              issues.push({
+                severity: 'critical',
+                line: i + 1,
+                snippet: line.trim().substring(0, 100),
+                description: 'Direct HTML injection can lead to XSS vulnerabilities'
+              });
+            }
+          });
+          return issues;
+        },
+        recommendation: 'Use textContent or sanitize HTML before injection',
+        fixExample: 'element.textContent = userInput; // or sanitize(userInput)'
+      },
+      {
+        category: 'hardcoded-secret',
+        detect: (content, lines) => {
+          const issues = [];
+          const regex = /(?:password|secret|api[_-]?key|token)\s*[=:]\s*['"]([^'"]{8,})['"]/gi;
+          lines.forEach((line, i) => {
+            if (regex.test(line)) {
+              issues.push({
+                severity: 'critical',
+                line: i + 1,
+                snippet: line.trim().substring(0, 100),
+                description: 'Hardcoded credentials detected'
+              });
+            }
+            regex.lastIndex = 0;  // Reset regex
+          });
+          return issues;
+        },
+        recommendation: 'Use environment variables or secret management',
+        fixExample: 'const apiKey = process.env.API_KEY;'
+      }
+    ],
+    // ... 其他维度规则参见 specs/review-dimensions.md
+  };
+  
+  return allRules[dimension] || [];
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    reviewed_dimensions: [...state.reviewed_dimensions, currentDimension],
+    current_dimension: null,
+    findings: {
+      ...state.findings,
+      [currentDimension]: newFindings
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `findings/{dimension}.json`
+- **Location**: `${workDir}/findings/`
+- **Format**: JSON array of Finding objects
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 文件读取失败 | 跳过该文件，记录警告 |
+| 规则执行错误 | 跳过该规则，继续其他规则 |
+
+## Next Actions
+
+- 还有未审查维度: 继续 action-deep-review
+- 所有维度完成: action-generate-report
--- a/.claude/skills/review-code/phases/actions/action-generate-report.md
+++ b/.claude/skills/review-code/phases/actions/action-generate-report.md
@@ -0,0 +1,263 @@
+# Action: Generate Report
+
+汇总所有发现，生成结构化审查报告。
+
+## Purpose
+
+生成最终的代码审查报告：
+- 汇总所有维度的发现
+- 按严重程度排序
+- 提供统计摘要
+- 输出 Markdown 格式报告
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] 所有维度已审查完成 (reviewed_dimensions.length === 6)
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  const context = state.context;
+  const findings = state.findings;
+  
+  // 1. 汇总所有发现
+  const allFindings = [
+    ...findings.correctness,
+    ...findings.readability,
+    ...findings.performance,
+    ...findings.security,
+    ...findings.testing,
+    ...findings.architecture
+  ];
+  
+  // 2. 按严重程度排序
+  const severityOrder = { critical: 0, high: 1, medium: 2, low: 3, info: 4 };
+  allFindings.sort((a, b) => severityOrder[a.severity] - severityOrder[b.severity]);
+  
+  // 3. 统计
+  const stats = {
+    total_issues: allFindings.length,
+    critical: allFindings.filter(f => f.severity === 'critical').length,
+    high: allFindings.filter(f => f.severity === 'high').length,
+    medium: allFindings.filter(f => f.severity === 'medium').length,
+    low: allFindings.filter(f => f.severity === 'low').length,
+    info: allFindings.filter(f => f.severity === 'info').length,
+    by_dimension: {
+      correctness: findings.correctness.length,
+      readability: findings.readability.length,
+      performance: findings.performance.length,
+      security: findings.security.length,
+      testing: findings.testing.length,
+      architecture: findings.architecture.length
+    }
+  };
+  
+  // 4. 生成报告
+  const report = generateMarkdownReport(context, stats, allFindings, state.scan_summary);
+  
+  // 5. 保存报告
+  const reportPath = `${workDir}/review-report.md`;
+  Write(reportPath, report);
+  
+  return {
+    stateUpdates: {
+      report_generated: true,
+      report_path: reportPath,
+      summary: {
+        ...stats,
+        review_duration_ms: Date.now() - new Date(state.started_at).getTime()
+      }
+    }
+  };
+}
+
+function generateMarkdownReport(context, stats, findings, scanSummary) {
+  const severityEmoji = {
+    critical: '🔴',
+    high: '🟠',
+    medium: '🟡',
+    low: '🔵',
+    info: '⚪'
+  };
+  
+  let report = `# Code Review Report
+
+## 审查概览
+
+| 项目 | 值 |
+|------|------|
+| 目标路径 | \`${context.target_path}\` |
+| 文件数量 | ${context.file_count} |
+| 代码行数 | ${context.total_lines} |
+| 主要语言 | ${context.language} |
+| 框架 | ${context.framework || 'N/A'} |
+
+## 问题统计
+
+| 严重程度 | 数量 |
+|----------|------|
+| 🔴 Critical | ${stats.critical} |
+| 🟠 High | ${stats.high} |
+| 🟡 Medium | ${stats.medium} |
+| 🔵 Low | ${stats.low} |
+| ⚪ Info | ${stats.info} |
+| **总计** | **${stats.total_issues}** |
+
+### 按维度统计
+
+| 维度 | 问题数 |
+|------|--------|
+| Correctness (正确性) | ${stats.by_dimension.correctness} |
+| Security (安全性) | ${stats.by_dimension.security} |
+| Performance (性能) | ${stats.by_dimension.performance} |
+| Readability (可读性) | ${stats.by_dimension.readability} |
+| Testing (测试) | ${stats.by_dimension.testing} |
+| Architecture (架构) | ${stats.by_dimension.architecture} |
+
+---
+
+## 高风险区域
+
+`;
+
+  if (scanSummary?.risk_areas?.length > 0) {
+    report += `| 文件 | 原因 | 优先级 |
+|------|------|--------|
+`;
+    for (const area of scanSummary.risk_areas.slice(0, 10)) {
+      report += `| \`${area.file}\` | ${area.reason} | ${area.priority} |\n`;
+    }
+  } else {
+    report += `未发现明显的高风险区域。\n`;
+  }
+
+  report += `
+---
+
+## 问题详情
+
+`;
+
+  // 按维度分组输出
+  const dimensions = ['correctness', 'security', 'performance', 'readability', 'testing', 'architecture'];
+  const dimensionNames = {
+    correctness: '正确性 (Correctness)',
+    security: '安全性 (Security)',
+    performance: '性能 (Performance)',
+    readability: '可读性 (Readability)',
+    testing: '测试 (Testing)',
+    architecture: '架构 (Architecture)'
+  };
+
+  for (const dim of dimensions) {
+    const dimFindings = findings.filter(f => f.dimension === dim);
+    if (dimFindings.length === 0) continue;
+    
+    report += `### ${dimensionNames[dim]}
+
+`;
+    
+    for (const finding of dimFindings) {
+      report += `#### ${severityEmoji[finding.severity]} [${finding.id}] ${finding.category}
+
+- **严重程度**: ${finding.severity.toUpperCase()}
+- **文件**: \`${finding.file}\`${finding.line ? `:${finding.line}` : ''}
+- **描述**: ${finding.description}
+`;
+      
+      if (finding.code_snippet) {
+        report += `
+\`\`\`
+${finding.code_snippet}
+\`\`\`
+`;
+      }
+      
+      report += `
+**建议**: ${finding.recommendation}
+`;
+      
+      if (finding.fix_example) {
+        report += `
+**修复示例**:
+\`\`\`
+${finding.fix_example}
+\`\`\`
+`;
+      }
+      
+      report += `
+---
+
+`;
+    }
+  }
+
+  report += `
+## 审查建议
+
+### 必须修复 (Must Fix)
+
+${stats.critical + stats.high > 0 
+  ? `发现 ${stats.critical} 个严重问题和 ${stats.high} 个高优先级问题，建议在合并前修复。`
+  : '未发现必须立即修复的问题。'}
+
+### 建议改进 (Should Fix)
+
+${stats.medium > 0 
+  ? `发现 ${stats.medium} 个中等优先级问题，建议在后续迭代中改进。`
+  : '代码质量良好，无明显需要改进的地方。'}
+
+### 可选优化 (Nice to Have)
+
+${stats.low + stats.info > 0 
+  ? `发现 ${stats.low + stats.info} 个低优先级建议，可根据团队规范酌情处理。`
+  : '无额外建议。'}
+
+---
+
+*报告生成时间: ${new Date().toISOString()}*
+`;
+
+  return report;
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    report_generated: true,
+    report_path: reportPath,
+    summary: {
+      total_issues: totalCount,
+      critical: criticalCount,
+      high: highCount,
+      medium: mediumCount,
+      low: lowCount,
+      info: infoCount,
+      review_duration_ms: duration
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `review-report.md`
+- **Location**: `${workDir}/review-report.md`
+- **Format**: Markdown
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 写入失败 | 尝试备用位置 |
+| 模板错误 | 使用简化格式 |
+
+## Next Actions
+
+- 成功: action-complete
--- a/.claude/skills/review-code/phases/actions/action-quick-scan.md
+++ b/.claude/skills/review-code/phases/actions/action-quick-scan.md
@@ -0,0 +1,164 @@
+# Action: Quick Scan
+
+快速扫描代码，识别高风险区域。
+
+## Purpose
+
+进行第一遍快速扫描：
+- 识别复杂度高的文件
+- 标记潜在的高风险区域
+- 发现明显的问题模式
+
+## Preconditions
+
+- [ ] state.status === 'running'
+- [ ] state.context !== null
+
+## Execution
+
+```javascript
+async function execute(state, workDir) {
+  const context = state.context;
+  const riskAreas = [];
+  const quickIssues = [];
+  
+  // 1. 扫描每个文件
+  for (const file of context.files) {
+    try {
+      const content = Read(file);
+      const lines = content.split('\n');
+      
+      // --- 复杂度检查 ---
+      const functionMatches = content.match(/function\s+\w+|=>\s*{|async\s+\w+/g) || [];
+      const nestingDepth = Math.max(...lines.map(l => (l.match(/^\s*/)?.[0].length || 0) / 2));
+      
+      if (lines.length > 500 || functionMatches.length > 20 || nestingDepth > 8) {
+        riskAreas.push({
+          file: file,
+          reason: `High complexity: ${lines.length} lines, ${functionMatches.length} functions, depth ${nestingDepth}`,
+          priority: 'high'
+        });
+      }
+      
+      // --- 快速问题检测 ---
+      
+      // 安全问题快速检测
+      if (content.includes('eval(') || content.includes('innerHTML')) {
+        quickIssues.push({
+          type: 'security',
+          file: file,
+          message: 'Potential XSS/injection risk: eval() or innerHTML usage'
+        });
+      }
+      
+      // 硬编码密钥检测
+      if (/(?:password|secret|api_key|token)\s*[=:]\s*['"][^'"]{8,}/i.test(content)) {
+        quickIssues.push({
+          type: 'security',
+          file: file,
+          message: 'Potential hardcoded credential detected'
+        });
+      }
+      
+      // TODO/FIXME 检测
+      const todoCount = (content.match(/TODO|FIXME|HACK|XXX/gi) || []).length;
+      if (todoCount > 5) {
+        quickIssues.push({
+          type: 'maintenance',
+          file: file,
+          message: `${todoCount} TODO/FIXME comments found`
+        });
+      }
+      
+      // console.log 检测（生产代码）
+      if (!file.includes('test') && !file.includes('spec')) {
+        const consoleCount = (content.match(/console\.(log|debug|info)/g) || []).length;
+        if (consoleCount > 3) {
+          quickIssues.push({
+            type: 'readability',
+            file: file,
+            message: `${consoleCount} console statements (should be removed in production)`
+          });
+        }
+      }
+      
+      // 长函数检测
+      const longFunctions = content.match(/function[^{]+\{[^}]{2000,}\}/g) || [];
+      if (longFunctions.length > 0) {
+        quickIssues.push({
+          type: 'readability',
+          file: file,
+          message: `${longFunctions.length} long function(s) detected (>50 lines)`
+        });
+      }
+      
+      // 错误处理检测
+      if (content.includes('catch') && content.includes('catch (') && content.match(/catch\s*\([^)]*\)\s*{\s*}/)) {
+        quickIssues.push({
+          type: 'correctness',
+          file: file,
+          message: 'Empty catch block detected'
+        });
+      }
+      
+    } catch (e) {
+      // 跳过无法读取的文件
+    }
+  }
+  
+  // 2. 计算复杂度评分
+  const complexityScore = Math.min(100, Math.round(
+    (riskAreas.length * 10 + quickIssues.length * 5) / context.file_count * 100
+  ));
+  
+  // 3. 构建扫描摘要
+  const scanSummary = {
+    risk_areas: riskAreas,
+    complexity_score: complexityScore,
+    quick_issues: quickIssues
+  };
+  
+  // 4. 保存扫描结果
+  Write(`${workDir}/scan-summary.json`, JSON.stringify(scanSummary, null, 2));
+  
+  return {
+    stateUpdates: {
+      scan_completed: true,
+      scan_summary: scanSummary
+    }
+  };
+}
+```
+
+## State Updates
+
+```javascript
+return {
+  stateUpdates: {
+    scan_completed: true,
+    scan_summary: {
+      risk_areas: riskAreas,
+      complexity_score: score,
+      quick_issues: quickIssues
+    }
+  }
+};
+```
+
+## Output
+
+- **File**: `scan-summary.json`
+- **Location**: `${workDir}/scan-summary.json`
+- **Format**: JSON
+
+## Error Handling
+
+| Error Type | Recovery |
+|------------|----------|
+| 文件读取失败 | 跳过该文件，继续扫描 |
+| 编码问题 | 以二进制跳过 |
+
+## Next Actions
+
+- 成功: action-deep-review (开始逐维度审查)
+- 风险区域过多 (>20): 可询问用户是否缩小范围
--- a/.claude/skills/review-code/phases/orchestrator.md
+++ b/.claude/skills/review-code/phases/orchestrator.md
@@ -0,0 +1,192 @@
+# Orchestrator
+
+根据当前状态选择并执行下一个审查动作。
+
+## Role
+
+Code Review 编排器，负责：
+1. 读取当前审查状态
+2. 根据状态选择下一个动作
+3. 执行动作并更新状态
+4. 循环直到审查完成
+
+## State Management
+
+### 读取状态
+
+```javascript
+const state = JSON.parse(Read(`${workDir}/state.json`));
+```
+
+### 更新状态
+
+```javascript
+function updateState(updates) {
+  const state = JSON.parse(Read(`${workDir}/state.json`));
+  const newState = {
+    ...state,
+    ...updates,
+    updated_at: new Date().toISOString()
+  };
+  Write(`${workDir}/state.json`, JSON.stringify(newState, null, 2));
+  return newState;
+}
+```
+
+## Decision Logic
+
+```javascript
+function selectNextAction(state) {
+  // 1. 终止条件检查
+  if (state.status === 'completed') return null;
+  if (state.status === 'user_exit') return null;
+  if (state.error_count >= 3) return 'action-abort';
+  
+  // 2. 初始化阶段
+  if (state.status === 'pending' || !state.context) {
+    return 'action-collect-context';
+  }
+  
+  // 3. 快速扫描阶段
+  if (!state.scan_completed) {
+    return 'action-quick-scan';
+  }
+  
+  // 4. 深入审查阶段 - 逐维度审查
+  const dimensions = ['correctness', 'readability', 'performance', 'security', 'testing', 'architecture'];
+  const reviewedDimensions = state.reviewed_dimensions || [];
+  
+  for (const dim of dimensions) {
+    if (!reviewedDimensions.includes(dim)) {
+      return 'action-deep-review';  // 传递 dimension 参数
+    }
+  }
+  
+  // 5. 报告生成阶段
+  if (!state.report_generated) {
+    return 'action-generate-report';
+  }
+  
+  // 6. 完成
+  return 'action-complete';
+}
+```
+
+## Execution Loop
+
+```javascript
+async function runOrchestrator() {
+  console.log('=== Code Review Orchestrator Started ===');
+  
+  let iteration = 0;
+  const MAX_ITERATIONS = 20;  // 6 dimensions + overhead
+  
+  while (iteration < MAX_ITERATIONS) {
+    iteration++;
+    
+    // 1. 读取当前状态
+    const state = JSON.parse(Read(`${workDir}/state.json`));
+    console.log(`[Iteration ${iteration}] Status: ${state.status}`);
+    
+    // 2. 选择下一个动作
+    const actionId = selectNextAction(state);
+    
+    if (!actionId) {
+      console.log('Review completed, terminating.');
+      break;
+    }
+    
+    console.log(`[Iteration ${iteration}] Executing: ${actionId}`);
+    
+    // 3. 更新状态：当前动作
+    updateState({ current_action: actionId });
+    
+    // 4. 执行动作
+    try {
+      const actionPrompt = Read(`phases/actions/${actionId}.md`);
+      
+      // 确定当前需要审查的维度
+      let currentDimension = null;
+      if (actionId === 'action-deep-review') {
+        const dimensions = ['correctness', 'readability', 'performance', 'security', 'testing', 'architecture'];
+        const reviewed = state.reviewed_dimensions || [];
+        currentDimension = dimensions.find(d => !reviewed.includes(d));
+      }
+      
+      const result = await Task({
+        subagent_type: 'universal-executor',
+        run_in_background: false,
+        prompt: `
+[WORK_DIR]
+${workDir}
+
+[STATE]
+${JSON.stringify(state, null, 2)}
+
+[CURRENT_DIMENSION]
+${currentDimension || 'N/A'}
+
+[ACTION]
+${actionPrompt}
+
+[SPECS]
+Review Dimensions: specs/review-dimensions.md
+Issue Classification: specs/issue-classification.md
+
+[RETURN]
+Return JSON with stateUpdates field containing updates to apply to state.
+`
+      });
+      
+      const actionResult = JSON.parse(result);
+      
+      // 5. 更新状态：动作完成
+      updateState({
+        current_action: null,
+        completed_actions: [...(state.completed_actions || []), actionId],
+        ...actionResult.stateUpdates
+      });
+      
+    } catch (error) {
+      // 错误处理
+      updateState({
+        current_action: null,
+        errors: [...(state.errors || []), {
+          action: actionId,
+          message: error.message,
+          timestamp: new Date().toISOString()
+        }],
+        error_count: (state.error_count || 0) + 1
+      });
+    }
+  }
+  
+  console.log('=== Code Review Orchestrator Finished ===');
+}
+```
+
+## Action Catalog
+
+| Action | Purpose | Preconditions |
+|--------|---------|---------------|
+| [action-collect-context](actions/action-collect-context.md) | 收集审查目标上下文 | status === 'pending' |
+| [action-quick-scan](actions/action-quick-scan.md) | 快速扫描识别风险区域 | context !== null |
+| [action-deep-review](actions/action-deep-review.md) | 深入审查指定维度 | scan_completed === true |
+| [action-generate-report](actions/action-generate-report.md) | 生成结构化审查报告 | all dimensions reviewed |
+| [action-complete](actions/action-complete.md) | 完成审查，保存结果 | report_generated === true |
+
+## Termination Conditions
+
+- `state.status === 'completed'` - 审查正常完成
+- `state.status === 'user_exit'` - 用户主动退出
+- `state.error_count >= 3` - 错误次数超限
+- `iteration >= MAX_ITERATIONS` - 迭代次数超限
+
+## Error Recovery
+
+| Error Type | Recovery Strategy |
+|------------|-------------------|
+| 文件读取失败 | 跳过该文件，记录警告 |
+| 动作执行失败 | 重试最多 3 次 |
+| 状态不一致 | 重新初始化状态 |
+| 用户中止 | 保存当前进度，允许恢复 |
--- a/.claude/skills/review-code/phases/state-schema.md
+++ b/.claude/skills/review-code/phases/state-schema.md
@@ -0,0 +1,174 @@
+# State Schema
+
+Code Review 状态结构定义。
+
+## Schema Definition
+
+```typescript
+interface ReviewState {
+  // === 元数据 ===
+  status: 'pending' | 'running' | 'completed' | 'failed' | 'user_exit';
+  started_at: string;      // ISO timestamp
+  updated_at: string;      // ISO timestamp
+  completed_at?: string;   // ISO timestamp
+  
+  // === 审查目标 ===
+  context: {
+    target_path: string;       // 目标路径（文件或目录）
+    files: string[];           // 待审查文件列表
+    language: string;          // 主要编程语言
+    framework?: string;        // 框架（如有）
+    total_lines: number;       // 总代码行数
+    file_count: number;        // 文件数量
+  };
+  
+  // === 扫描结果 ===
+  scan_completed: boolean;
+  scan_summary: {
+    risk_areas: RiskArea[];    // 高风险区域
+    complexity_score: number;  // 复杂度评分
+    quick_issues: QuickIssue[]; // 快速发现的问题
+  };
+  
+  // === 审查进度 ===
+  reviewed_dimensions: string[];  // 已完成的审查维度
+  current_dimension?: string;     // 当前审查维度
+  
+  // === 发现的问题 ===
+  findings: {
+    correctness: Finding[];
+    readability: Finding[];
+    performance: Finding[];
+    security: Finding[];
+    testing: Finding[];
+    architecture: Finding[];
+  };
+  
+  // === 报告状态 ===
+  report_generated: boolean;
+  report_path?: string;
+  
+  // === 执行跟踪 ===
+  current_action?: string;
+  completed_actions: string[];
+  errors: ExecutionError[];
+  error_count: number;
+  
+  // === 统计信息 ===
+  summary?: {
+    total_issues: number;
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+    info: number;
+    review_duration_ms: number;
+  };
+}
+
+interface RiskArea {
+  file: string;
+  reason: string;
+  priority: 'high' | 'medium' | 'low';
+}
+
+interface QuickIssue {
+  type: string;
+  file: string;
+  line?: number;
+  message: string;
+}
+
+interface Finding {
+  id: string;                    // 唯一标识 e.g., "CORR-001"
+  severity: 'critical' | 'high' | 'medium' | 'low' | 'info';
+  dimension: string;             // 所属维度
+  category: string;              // 问题类别
+  file: string;                  // 文件路径
+  line?: number;                 // 行号
+  column?: number;               // 列号
+  code_snippet?: string;         // 问题代码片段
+  description: string;           // 问题描述
+  recommendation: string;        // 修复建议
+  fix_example?: string;          // 修复示例代码
+  references?: string[];         // 参考资料链接
+}
+
+interface ExecutionError {
+  action: string;
+  message: string;
+  timestamp: string;
+}
+```
+
+## Initial State
+
+```json
+{
+  "status": "pending",
+  "started_at": "2024-01-01T00:00:00.000Z",
+  "updated_at": "2024-01-01T00:00:00.000Z",
+  "context": null,
+  "scan_completed": false,
+  "scan_summary": null,
+  "reviewed_dimensions": [],
+  "current_dimension": null,
+  "findings": {
+    "correctness": [],
+    "readability": [],
+    "performance": [],
+    "security": [],
+    "testing": [],
+    "architecture": []
+  },
+  "report_generated": false,
+  "report_path": null,
+  "current_action": null,
+  "completed_actions": [],
+  "errors": [],
+  "error_count": 0,
+  "summary": null
+}
+```
+
+## State Transitions
+
+```mermaid
+stateDiagram-v2
+    [*] --> pending: Initialize
+    pending --> running: collect-context
+    running --> running: quick-scan
+    running --> running: deep-review (6x)
+    running --> running: generate-report
+    running --> completed: complete
+    running --> failed: error_count >= 3
+    running --> user_exit: User abort
+    completed --> [*]
+    failed --> [*]
+    user_exit --> [*]
+```
+
+## Dimension Review Order
+
+1. **correctness** - 正确性（最高优先级）
+2. **security** - 安全性（关键）
+3. **performance** - 性能
+4. **readability** - 可读性
+5. **testing** - 测试覆盖
+6. **architecture** - 架构一致性
+
+## Finding ID Format
+
+```
+{DIMENSION_PREFIX}-{SEQUENCE}
+
+Prefixes:
+- CORR: Correctness
+- READ: Readability
+- PERF: Performance
+- SEC:  Security
+- TEST: Testing
+- ARCH: Architecture
+
+Example: SEC-003 = Security issue #3
+```