# Action: Quick Scan 快速扫描代码,识别高风险区域。 ## Purpose 进行第一遍快速扫描: - 识别复杂度高的文件 - 标记潜在的高风险区域 - 发现明显的问题模式 ## Preconditions - [ ] state.status === 'running' - [ ] state.context !== null ## Execution ```javascript async function execute(state, workDir) { const context = state.context; const riskAreas = []; const quickIssues = []; // 1. 扫描每个文件 for (const file of context.files) { try { const content = Read(file); const lines = content.split('\n'); // --- 复杂度检查 --- const functionMatches = content.match(/function\s+\w+|=>\s*{|async\s+\w+/g) || []; const nestingDepth = Math.max(...lines.map(l => (l.match(/^\s*/)?.[0].length || 0) / 2)); if (lines.length > 500 || functionMatches.length > 20 || nestingDepth > 8) { riskAreas.push({ file: file, reason: `High complexity: ${lines.length} lines, ${functionMatches.length} functions, depth ${nestingDepth}`, priority: 'high' }); } // --- 快速问题检测 --- // 安全问题快速检测 if (content.includes('eval(') || content.includes('innerHTML')) { quickIssues.push({ type: 'security', file: file, message: 'Potential XSS/injection risk: eval() or innerHTML usage' }); } // 硬编码密钥检测 if (/(?:password|secret|api_key|token)\s*[=:]\s*['"][^'"]{8,}/i.test(content)) { quickIssues.push({ type: 'security', file: file, message: 'Potential hardcoded credential detected' }); } // TODO/FIXME 检测 const todoCount = (content.match(/TODO|FIXME|HACK|XXX/gi) || []).length; if (todoCount > 5) { quickIssues.push({ type: 'maintenance', file: file, message: `${todoCount} TODO/FIXME comments found` }); } // console.log 检测(生产代码) if (!file.includes('test') && !file.includes('spec')) { const consoleCount = (content.match(/console\.(log|debug|info)/g) || []).length; if (consoleCount > 3) { quickIssues.push({ type: 'readability', file: file, message: `${consoleCount} console statements (should be removed in production)` }); } } // 长函数检测 const longFunctions = content.match(/function[^{]+\{[^}]{2000,}\}/g) || []; if (longFunctions.length > 0) { quickIssues.push({ type: 'readability', file: file, message: `${longFunctions.length} long function(s) detected (>50 lines)` }); } // 错误处理检测 if (content.includes('catch') && content.includes('catch (') && content.match(/catch\s*\([^)]*\)\s*{\s*}/)) { quickIssues.push({ type: 'correctness', file: file, message: 'Empty catch block detected' }); } } catch (e) { // 跳过无法读取的文件 } } // 2. 计算复杂度评分 const complexityScore = Math.min(100, Math.round( (riskAreas.length * 10 + quickIssues.length * 5) / context.file_count * 100 )); // 3. 构建扫描摘要 const scanSummary = { risk_areas: riskAreas, complexity_score: complexityScore, quick_issues: quickIssues }; // 4. 保存扫描结果 Write(`${workDir}/scan-summary.json`, JSON.stringify(scanSummary, null, 2)); return { stateUpdates: { scan_completed: true, scan_summary: scanSummary } }; } ``` ## State Updates ```javascript return { stateUpdates: { scan_completed: true, scan_summary: { risk_areas: riskAreas, complexity_score: score, quick_issues: quickIssues } } }; ``` ## Output - **File**: `scan-summary.json` - **Location**: `${workDir}/scan-summary.json` - **Format**: JSON ## Error Handling | Error Type | Recovery | |------------|----------| | 文件读取失败 | 跳过该文件,继续扫描 | | 编码问题 | 以二进制跳过 | ## Next Actions - 成功: action-deep-review (开始逐维度审查) - 风险区域过多 (>20): 可询问用户是否缩小范围