init-review-policy

📁 ajoslin/dot 📅 7 days ago

总安装量

周安装量

#30817

全站排名

安装命令

npx skills add https://github.com/ajoslin/dot --skill init-review-policy

Agent 安装分布

github-copilot 8

codex 8

kimi-cli 8

gemini-cli 8

cursor 8

amp 8

Skill 文档

Initialize Review Policy

Create a repo-local review policy package for use by /code-review and /review.

Goal

Initialize these files:

.opencode/review/policy.md (required)
.opencode/review/checklist.md (optional but recommended)
.opencode/review/severity.yml (optional but recommended)

Behavior

Detect repo root (prefer vcs-detect if available).
Create .opencode/review/ if missing.
If files do not exist, create them from templates below.
If files exist, preserve user content and only add missing sections.
Ask for domain-specific overrides from user input and apply them.
Return a short summary with created/updated file paths.

policy.md template

# Review Policy

## Scope
- Applies to all code reviews in this repository.
- Overrides generic review defaults where explicitly stated.

## Critical Domains
- Authentication and authorization
- Data integrity and migrations
- Secrets, credentials, and PII handling
- Billing, quota, and financial calculations

## Must-Flag Findings
- Security vulnerabilities with practical exploit paths
- Silent data loss or corruption risks
- Backward-incompatible API or schema changes without migration plan
- Missing rollback/guardrails for risky deploy paths

## Usually Ignore
- Pure style nits unless they hide correctness issues
- Hypothetical edge cases without realistic trigger paths

## Repo-Specific Rules
- Add project rules here (framework constraints, architecture boundaries, test expectations)

## Required Review Output
- Severity: critical | high | medium | low
- File and line reference for every issue
- Why this is a bug/risk in this repository
- Concrete fix suggestion

checklist.md template

# Review Checklist

## Correctness
- Logic matches intended behavior and existing contracts
- Error handling is explicit and testable

## Security
- No new injection/authz/secrets/PII exposure paths

## Data and Migrations
- Schema changes include compatibility and rollback notes

## Performance
- No obvious unbounded hot-path regressions

## Operations
- Logging/metrics/alerts are sufficient for new risk areas

## Testing
- Critical paths have adequate coverage for changed behavior

severity.yml template

severity:
  critical:
    - remote code execution
    - auth bypass
    - irreversible data loss
  high:
    - privilege escalation
    - data corruption risk
    - breaking migration without rollback
  medium:
    - reliability regression on common paths
    - significant performance regression
  low:
    - minor maintainability risk
    - non-blocking robustness gaps
rules:
  require_file_line_reference: true
  require_concrete_fix: true
  deduplicate_findings: true

Notes

Keep rules concise and specific to this repository.
Prefer concrete examples over abstract policy language.

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台