actionable-review-format-standards
3
总安装量
2
周安装量
#60374
全站排名
安装命令
npx skills add https://github.com/thapaliyabikendra/ai-artifacts --skill actionable-review-format-standards
Agent 安装分布
cursor
1
github-copilot
1
claude-code
1
Skill 文档
Actionable Review Format Standards
Standardized output format for code reviews ensuring consistent, actionable, and prioritized feedback across all reviewer agents.
When to Use This Skill
- Generating code review reports
- Formatting PR feedback
- Creating security audit reports
- Producing performance review outputs
- Any review output requiring severity classification
Core Principles
- Every issue has a severity – Never leave findings unclassified
- Every issue has a location – Always include
file:linereferences - Every blocking issue has a fix – Provide code snippets for Critical/High
- Summary before details – Lead with counts and verdicts
- Categorize by concern – Group Security, Performance, Patterns separately
Severity Classification
Severity Levels
| Level | Icon | Criteria | Action Required |
|---|---|---|---|
| CRITICAL | ð´ | Security vulnerabilities, data loss risk, system crashes | Must fix before merge |
| HIGH | ð | Significant bugs, missing authorization, performance blockers | Should fix before merge |
| MEDIUM | ð¡ | Code quality issues, minor bugs, missing validation | Fix soon, not blocking |
| LOW | ð¢ | Style issues, minor improvements, suggestions | Nice to have |
| INFO | ð¡ | Educational comments, alternative approaches | No action required |
Severity Decision Tree
Is it a security vulnerability?
âââ Yes â CRITICAL
âââ No â Can it cause data loss or corruption?
âââ Yes â CRITICAL
âââ No â Can it cause system crash/downtime?
âââ Yes â HIGH
âââ No â Does it break functionality?
âââ Yes â HIGH
âââ No â Does it affect performance significantly?
âââ Yes â MEDIUM
âââ No â Is it a code quality issue?
âââ Yes â MEDIUM/LOW
âââ No â LOW/INFO
Severity Examples
ð´ CRITICAL - Security
- SQL injection vulnerability
- Missing authorization on delete endpoint
- Hardcoded credentials in source code
- PII exposure in logs
ð HIGH - Must Fix
- Missing null checks causing NullReferenceException
- N+1 query in frequently called method
- Business logic error causing wrong calculations
- Missing input validation on public API
ð¡ MEDIUM - Should Fix
- Blocking async call (.Result, .Wait())
- Missing error handling
- Inefficient LINQ query
- Duplicate code that should be extracted
ð¢ LOW - Nice to Have
- Variable naming improvements
- Missing XML documentation
- Code formatting inconsistencies
- Minor refactoring opportunities
ð¡ INFO - Educational
- Alternative pattern suggestion
- Performance optimization tip
- Best practice recommendation
Location Format
Standard Format
{FilePath}:{LineNumber}
Examples
â
Good:
- `src/Application/PatientAppService.cs:45`
- `src/Domain/Patient.cs:23-28` (range)
- `src/Application/Validators/CreatePatientDtoValidator.cs:12`
â Bad:
- `PatientAppService.cs` (missing path)
- `line 45` (missing file)
- `src/Application/` (missing file and line)
Multi-Location Issues
When an issue spans multiple files:
**[MEDIUM]** Duplicate validation logic
- `src/Application/PatientAppService.cs:45`
- `src/Application/DoctorAppService.cs:52`
- `src/Application/AppointmentAppService.cs:38`
**Suggestion**: Extract to shared `ValidationHelper` class.
Issue Format
Single Issue Template
**[{SEVERITY}]** `{file:line}` - {Category}
{Brief description of the issue}
**Problem**:
```{language}
// Current code
{problematic code}
Fix:
// Suggested fix
{corrected code}
Why: {Explanation of impact/risk}
### Compact Issue Format (for tables)
```markdown
| Severity | Location | Category | Issue | Fix |
|----------|----------|----------|-------|-----|
| ð´ CRITICAL | `File.cs:42` | Security | Missing `[Authorize]` | Add `[Authorize(Permissions.Delete)]` |
| ð HIGH | `File.cs:67` | Performance | N+1 query in loop | Use `.Include()` or batch query |
Report Structure
Full Review Report Template
# Code Review: {PR Title}
**Date**: {YYYY-MM-DD}
**Reviewer**: {agent-name}
**Files Reviewed**: {count}
**Lines Changed**: +{added} / -{removed}
---
## Verdict
{â
APPROVE | ð¬ APPROVE WITH COMMENTS | ð REQUEST CHANGES}
**Summary**: {1-2 sentence overview}
---
## Issue Summary
| Severity | Count | Blocking |
|----------|-------|----------|
| ð´ CRITICAL | {n} | Yes |
| ð HIGH | {n} | Yes |
| ð¡ MEDIUM | {n} | No |
| ð¢ LOW | {n} | No |
---
## ð´ Critical Issues
{If none: "No critical issues found."}
### [CRITICAL] `{file:line}` - {Title}
{Description}
**Problem**:
```{lang}
{code}
Fix:
{code}
ð High Issues
{Issues in same format}
ð¡ Medium Issues
{Issues in same format or table format for brevity}
ð¢ Low Issues / Suggestions
{file:line}[nit]: {suggestion}{file:line}[style]: {suggestion}
ð Security Summary
| Check | Status | Notes |
|---|---|---|
| Authorization | â Pass / â Fail | {details} |
| Input Validation | â Pass / â Fail | {details} |
| Data Exposure | â Pass / â Fail | {details} |
| Secrets | â Pass / â Fail | {details} |
â¡ Performance Summary
| Check | Status | Notes |
|---|---|---|
| N+1 Queries | â Pass / â Fail | {details} |
| Async Patterns | â Pass / â Fail | {details} |
| Pagination | â Pass / â Fail | {details} |
| Query Optimization | â Pass / â Fail | {details} |
â What’s Good
- {Positive observation 1}
- {Positive observation 2}
- {Positive observation 3}
Action Items
Must fix before merge:
- {Critical/High issue 1}
- {Critical/High issue 2}
Should fix soon:
- {Medium issue 1}
- {Medium issue 2}
Technical Debt Noted
- {Future improvement 1}
- {Future improvement 2}
---
## Category Labels
Use consistent category labels to classify issues:
| Category | Description | Examples |
|----------|-------------|----------|
| **Security** | Vulnerabilities, auth issues | Missing auth, SQL injection, XSS |
| **Performance** | Efficiency issues | N+1, blocking async, missing pagination |
| **DDD** | Domain design issues | Public setters, anemic entities |
| **ABP** | Framework pattern violations | Wrong base class, missing GuidGenerator |
| **Validation** | Input validation issues | Missing validators, weak rules |
| **Error Handling** | Exception handling issues | Silent catch, wrong exception type |
| **Async** | Async/await issues | Blocking calls, missing cancellation |
| **Testing** | Test quality issues | Missing tests, flaky tests |
| **Style** | Code style issues | Naming, formatting |
| **Documentation** | Doc issues | Missing comments, outdated docs |
---
## Feedback Language
### Use Constructive Language
```markdown
â Bad:
"This is wrong."
"You should know better."
"Why didn't you use X?"
â
Good:
"Consider using X because..."
"This could cause Y. Here's a fix:"
"Have you considered X? It would improve Y."
Differentiate Blocking vs Non-Blocking
ð« [blocking]: Must fix before merge
ð [suggestion]: Consider for improvement
ð [nit]: Minor style preference, not blocking
ð [learning]: Educational note, no action needed
Quick Reference
Minimum Requirements
Every review output MUST include:
- Verdict – Approve/Request Changes
- Issue count by severity
- All Critical/High issues with fixes
- File:line references for all issues
- At least one positive observation
Severity Quick Guide
| If you find… | Severity |
|---|---|
| Security vulnerability | ð´ CRITICAL |
| Missing authorization | ð´ CRITICAL |
| Data corruption risk | ð´ CRITICAL |
| Null reference exception | ð HIGH |
| N+1 query pattern | ð HIGH |
| Blocking async | ð¡ MEDIUM |
| Missing validation | ð¡ MEDIUM |
| Naming issues | ð¢ LOW |
| Missing docs | ð¢ LOW |
Example Output
# Code Review: Add Patient CRUD API
**Date**: 2025-12-13
**Reviewer**: abp-code-reviewer
**Files Reviewed**: 5
**Lines Changed**: +245 / -12
---
## Verdict
ð REQUEST CHANGES
**Summary**: Good implementation of Patient CRUD with proper ABP patterns. Found 1 critical security issue (missing authorization) and 2 performance concerns that need attention.
---
## Issue Summary
| Severity | Count | Blocking |
|----------|-------|----------|
| ð´ CRITICAL | 1 | Yes |
| ð HIGH | 2 | Yes |
| ð¡ MEDIUM | 1 | No |
| ð¢ LOW | 2 | No |
---
## ð´ Critical Issues
### [CRITICAL] `src/Application/PatientAppService.cs:67` - Security
**Missing authorization on DeleteAsync**
**Problem**:
```csharp
public async Task DeleteAsync(Guid id)
{
await _repository.DeleteAsync(id);
}
Fix:
[Authorize(ClinicManagementSystemPermissions.Patients.Delete)]
public async Task DeleteAsync(Guid id)
{
await _repository.DeleteAsync(id);
}
Why: Any authenticated user can delete patients without permission check.
ð High Issues
[HIGH] src/Application/PatientAppService.cs:34 – Performance
N+1 query pattern in GetListAsync
Problem:
foreach (var patient in patients)
{
patient.Appointments = await _appointmentRepository.GetListAsync(a => a.PatientId == patient.Id);
}
Fix:
var patientIds = patients.Select(p => p.Id).ToList();
var appointments = await _appointmentRepository.GetListAsync(a => patientIds.Contains(a.PatientId));
var grouped = appointments.GroupBy(a => a.PatientId).ToDictionary(g => g.Key, g => g.ToList());
foreach (var patient in patients)
{
patient.Appointments = grouped.GetValueOrDefault(patient.Id, new List<Appointment>());
}
ð Security Summary
| Check | Status | Notes |
|---|---|---|
| Authorization | â Fail | DeleteAsync missing [Authorize] |
| Input Validation | â Pass | FluentValidation in place |
| Data Exposure | â Pass | DTOs properly scoped |
| Secrets | â Pass | No hardcoded values |
â¡ Performance Summary
| Check | Status | Notes |
|---|---|---|
| N+1 Queries | â Fail | Loop in GetListAsync |
| Async Patterns | â Pass | Proper async/await |
| Pagination | â Pass | Using PageBy |
| Query Optimization | â Pass | WhereIf pattern used |
â What’s Good
- Excellent entity encapsulation with private setters
- Proper use of
GuidGenerator.Create() - Clean FluentValidation implementation
- Good separation of concerns
Action Items
Must fix before merge:
- Add
[Authorize]to DeleteAsync - Fix N+1 query in GetListAsync
Should fix soon:
- Add XML documentation to public methods