catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-05 01:50:27 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
967e3805b7dfd3b6b364e4c81041d5fcf8d2ce9a
Claude-Code-Workflow/.claude/commands/workflow/review.md
catlog22 967e3805b7 docs: 标准化命令文档格式,移除表情符号并添加命令模板规范 
更新所有命令文档以提高可读性和一致性:
- 移除所有表情符号(⚠️, , , ▸等),使用纯文本替代
- 统一标题格式,改进章节结构
- 简化状态指示器和格式标记
- 添加三个新的命令模板规范文档

新增文档:
- COMMAND_FLOW_STANDARD.md - 标准命令流程规范
- COMMAND_TEMPLATE_EXECUTOR.md - 执行器命令模板
- COMMAND_TEMPLATE_ORCHESTRATOR.md - 编排器命令模板

影响范围:
- CLI命令(cli-init, codex-execute, discuss-plan, execute)
- 内存管理命令(skill-memory, tech-research, workflow-skill-memory)
- 任务管理命令(breakdown, create, execute, replan)
- 工作流命令(所有workflow相关命令)

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-05 21:48:43 +08:00

8.6 KiB
Raw Blame History

name, description, argument-hint
name description argument-hint
review Optional specialized review (security, architecture, docs) for completed implementation [--type=security|architecture|action-items|quality] [optional: session-id]

Command Overview: /workflow:review

Optional specialized review for completed implementations. In the standard workflow, passing tests = approved code. Use this command only when specialized review is required (security, architecture, compliance, docs).

Philosophy: "Tests Are the Review"

  • Default: All tests pass -> Code approved
  • Optional: Specialized reviews for:
    • Security audits (vulnerabilities, auth/authz)
    • Architecture compliance (patterns, technical debt)
    • Action items verification (requirements met, acceptance criteria)

Review Types

Type Focus Use Case
quality Code quality, best practices, maintainability Default general review
security Security vulnerabilities, data handling, access control Security audits
architecture Architectural patterns, technical debt, design decisions Architecture compliance
action-items Requirements met, acceptance criteria verified, action items completed Pre-deployment verification

Notes:

  • For documentation generation, use /workflow:tools:docs
  • For CLAUDE.md updates, use /update-memory-related

Execution Template

#!/bin/bash
# Optional specialized review for completed implementation

# Step 1: Session ID resolution
if [ -n "$SESSION_ARG" ]; then
    sessionId="$SESSION_ARG"
else
    sessionId=$(find .workflow/ -name '.active-*' | head -1 | sed 's/.*active-//')
fi

# Step 2: Validation
if [ ! -d ".workflow/${sessionId}" ]; then
    echo "Session ${sessionId} not found"
    exit 1
fi

# Check for completed tasks
if [ ! -d ".workflow/${sessionId}/.summaries" ] || [ -z "$(find .workflow/${sessionId}/.summaries/ -name "IMPL-*.md" -type f 2>/dev/null)" ]; then
    echo "No completed implementation found. Complete implementation first"
    exit 1
fi

# Step 3: Determine review type (default: quality)
review_type="${TYPE_ARG:-quality}"

# Redirect docs review to specialized command
if [ "$review_type" = "docs" ]; then
    echo "For documentation generation, please use:"
    echo "   /workflow:tools:docs"
    echo ""
    echo "The docs command provides:"
    echo "  - Hierarchical architecture documentation"
    echo "  - API documentation generation"
    echo "  - Documentation structure analysis"
    exit 0
fi

# Step 4: Analysis handover → Model takes control
# BASH_EXECUTION_STOPS → MODEL_ANALYSIS_BEGINS

Model Analysis Phase

After bash validation, the model takes control to:

  1. Load Context: Read completed task summaries and changed files

    # Load implementation summaries
cat .workflow/${sessionId}/.summaries/IMPL-*.md

# Load test results (if available)
cat .workflow/${sessionId}/.summaries/TEST-FIX-*.md 2>/dev/null

# Get changed files
git log --since="$(cat .workflow/${sessionId}/workflow-session.json | jq -r .created_at)" --name-only --pretty=format: | sort -u

  2. Perform Specialized Review: Based on review_type

    Security Review (--type=security):

    • Use ripgrep for security patterns: 
      rg "password|token|secret|auth" -g "*.{ts,js,py}"
rg "eval|exec|innerHTML|dangerouslySetInnerHTML" -g "*.{ts,js,tsx}"
    • Use Gemini for security analysis: 
      cd .workflow/${sessionId} && gemini -p "
PURPOSE: Security audit of completed implementation
TASK: Review code for security vulnerabilities, insecure patterns, auth/authz issues
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Security findings report with severity levels
RULES: Focus on OWASP Top 10, authentication, authorization, data validation, injection risks
" --approval-mode yolo

    Architecture Review (--type=architecture):

    • Use Qwen for architecture analysis: 
      cd .workflow/${sessionId} && qwen -p "
PURPOSE: Architecture compliance review
TASK: Evaluate adherence to architectural patterns, identify technical debt, review design decisions
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Architecture assessment with recommendations
RULES: Check for patterns, separation of concerns, modularity, scalability
" --approval-mode yolo

    Quality Review (--type=quality):

    • Use Gemini for code quality: 
      cd .workflow/${sessionId} && gemini -p "
PURPOSE: Code quality and best practices review
TASK: Assess code readability, maintainability, adherence to best practices
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Quality assessment with improvement suggestions
RULES: Check for code smells, duplication, complexity, naming conventions
" --approval-mode yolo

    Action Items Review (--type=action-items):

    • Verify all requirements and acceptance criteria met: 
      # Load task requirements and acceptance criteria
find .workflow/${sessionId}/.task -name "IMPL-*.json" -exec jq -r '
  "Task: " + .id + "\n" +
  "Requirements: " + (.context.requirements | join(", ")) + "\n" +
  "Acceptance: " + (.context.acceptance | join(", "))
' {} \;

# Check implementation summaries against requirements
cd .workflow/${sessionId} && gemini -p "
PURPOSE: Verify all requirements and acceptance criteria are met
TASK: Cross-check implementation summaries against original requirements
CONTEXT: @.task/IMPL-*.json,.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED:
- Requirements coverage matrix
- Acceptance criteria verification
- Missing/incomplete action items
- Pre-deployment readiness assessment
RULES:
- Check each requirement has corresponding implementation
- Verify all acceptance criteria are met
- Flag any incomplete or missing action items
- Assess deployment readiness
" --approval-mode yolo

  3. Generate Review Report: Create structured report

    # Review Report: ${review_type}

**Session**: ${sessionId}
**Date**: $(date)
**Type**: ${review_type}

## Summary
- Tasks Reviewed: [count IMPL tasks]
- Files Changed: [count files]
- Severity: [High/Medium/Low]

## Findings

### Critical Issues
- [Issue 1 with file:line reference]
- [Issue 2 with file:line reference]

### Recommendations
- [Recommendation 1]
- [Recommendation 2]

### Positive Observations
- [Good pattern observed]

## Action Items
- [ ] [Action 1]
- [ ] [Action 2]

  4. Output Files:

    # Save review report
Write(.workflow/${sessionId}/REVIEW-${review_type}.md)

# Update session metadata
# (optional) Update workflow-session.json with review status

  5. Optional: Update Memory (if docs review or significant findings):

    # If architecture or quality issues found, suggest memory update
if [ "$review_type" = "architecture" ] || [ "$review_type" = "quality" ]; then
    echo "Consider updating project documentation:"
    echo "   /update-memory-related"
fi

Usage Examples

# General quality review after implementation
/workflow:review

# Security audit before deployment
/workflow:review --type=security

# Architecture review for specific session
/workflow:review --type=architecture WFS-payment-integration

# Documentation review
/workflow:review --type=docs

Features

  • Simple Validation: Check session exists and has completed tasks
  • No Complex Orchestration: Direct analysis, no multi-phase pipeline
  • Specialized Reviews: Different prompts and tools for different review types
  • MCP Integration: Fast code search for security and architecture patterns
  • CLI Tool Integration: Gemini for analysis, Qwen for architecture
  • Structured Output: Markdown reports with severity levels and action items
  • Optional Memory Update: Suggests documentation updates for significant findings

Integration with Workflow

Standard Workflow:
  plan -> execute -> test-gen -> execute (complete)

Optional Review (when needed):
  plan -> execute -> test-gen -> execute -> review (security/architecture/docs)

When to Use:

  • Before production deployment (security review + action-items review)
  • After major feature (architecture review)
  • Before code freeze (quality review)
  • Pre-deployment verification (action-items review)

When NOT to Use:

  • Regular development (tests are sufficient)
  • Simple bug fixes (test-fix-agent handles it)
  • Minor changes (update-memory-related is enough)
Reference in New Issue View Git Blame Copy Permalink