catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-12 02:37:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c0c1a2eb92dca1e95c67fee1d2dc4e4b9eb74ffc
Claude-Code-Workflow/.claude/skills/review-code/specs/rules/index.md
catlog22 15514c8f91 Add multi-dimensional code review rules for architecture, correctness, performance, readability, security, and testing 
- Introduced architecture rules to detect circular dependencies, god classes, layer violations, and mixed concerns.
- Added correctness rules focusing on null checks, empty catch blocks, unreachable code, and type coercion.
- Implemented performance rules addressing nested loops, synchronous I/O, memory leaks, and unnecessary re-renders in React.
- Created readability rules to improve function length, variable naming, deep nesting, magic numbers, and commented code.
- Established security rules to identify XSS risks, hardcoded secrets, SQL injection vulnerabilities, and insecure random generation.
- Developed testing rules to enhance test quality, coverage, and maintainability, including missing assertions and error path testing.
- Documented the structure and schema for rule files in the index.md for better understanding and usage.
2026-01-13 14:53:20 +08:00

141 lines
4.0 KiB
Markdown
Raw Blame History

# Code Review Rules Index
This directory contains externalized review rules for the multi-dimensional code review skill.
## Directory Structure
```
rules/
├── index.md # This file
├── correctness-rules.json # CORR - Logic and error handling
├── security-rules.json # SEC - Security vulnerabilities
├── performance-rules.json # PERF - Performance issues
├── readability-rules.json # READ - Code clarity
├── testing-rules.json # TEST - Test quality
└── architecture-rules.json # ARCH - Design patterns
```
## Rule File Schema
Each rule file follows this JSON schema:
```json
{
"dimension": "string", // Dimension identifier
"prefix": "string", // Finding ID prefix (4 chars)
"description": "string", // Dimension description
"rules": [
{
"id": "string", // Unique rule identifier
"category": "string", // Rule category within dimension
"severity": "critical|high|medium|low",
"pattern": "string", // Detection pattern
"patternType": "regex|includes|ast",
"negativePatterns": [], // Patterns that exclude matches
"caseInsensitive": false, // For regex patterns
"contextPattern": "", // Additional context requirement
"contextPath": [], // Path patterns for context
"lineThreshold": 0, // For size-based rules
"methodThreshold": 0, // For complexity rules
"description": "string", // Issue description
"recommendation": "string", // How to fix
"fixExample": "string" // Code example
}
]
}
```
## Dimension Summary
| Dimension | Prefix | Rules | Focus Areas |
|-----------|--------|-------|-------------|
| Correctness | CORR | 5 | Null checks, error handling, type safety |
| Security | SEC | 5 | XSS, injection, secrets, crypto |
| Performance | PERF | 5 | Complexity, I/O, memory leaks |
| Readability | READ | 5 | Naming, length, nesting, magic values |
| Testing | TEST | 5 | Assertions, coverage, mock quality |
| Architecture | ARCH | 5 | Dependencies, layering, coupling |
## Severity Levels
| Severity | Description | Action |
|----------|-------------|--------|
| **critical** | Security vulnerability or data loss risk | Must fix before release |
| **high** | Bug or significant quality issue | Fix in current sprint |
| **medium** | Code smell or maintainability concern | Plan to address |
| **low** | Style or minor improvement | Address when convenient |
## Pattern Types
### regex
Standard regular expression pattern. Supports flags via `caseInsensitive`.
```json
{
"pattern": "catch\\s*\\([^)]*\\)\\s*\\{\\s*\\}",
"patternType": "regex"
}
```
### includes
Simple substring match. Faster than regex for literal strings.
```json
{
"pattern": "innerHTML",
"patternType": "includes"
}
```
### ast (Future)
AST-based detection for complex structural patterns.
```json
{
"pattern": "function[params>5]",
"patternType": "ast"
}
```
## Usage in Code
```javascript
// Load rules
const rules = JSON.parse(fs.readFileSync('correctness-rules.json'));
// Apply rules
for (const rule of rules.rules) {
const matches = detectByPattern(content, rule.pattern, rule.patternType);
for (const match of matches) {
// Check negative patterns
if (rule.negativePatterns?.some(np => match.context.includes(np))) {
continue;
}
findings.push({
id: `${rules.prefix}-${counter++}`,
severity: rule.severity,
category: rule.category,
description: rule.description,
recommendation: rule.recommendation,
fixExample: rule.fixExample
});
}
}
```
## Adding New Rules
1. Identify the appropriate dimension
2. Create rule with unique `id` within dimension
3. Choose appropriate `patternType`
4. Provide clear `description` and `recommendation`
5. Include practical `fixExample`
6. Test against sample code
## Rule Maintenance
- Review rules quarterly for relevance
- Update patterns as language/framework evolves
- Track false positive rates
- Collect feedback from users
Reference in New Issue View Git Blame Copy Permalink