Install
openclaw skills install @terr123123/code-review-gateAI 代码审查门禁 — 对 git diff 执行全面的静态分析,覆盖功能正确性、安全性、 性能、可读性、可维护性、测试覆盖、文档同步 7 个维度。按 Critical / Important / Minor 三级严重度输出结构化报告,存在 Critical 问题时门禁阻塞(exit code 1)。
openclaw skills install @terr123123/code-review-gateOpenClaw Skill: 自动对 git diff 执行结构化代码审查,输出分级报告并阻塞 Critical 问题。
| 维度 | 严重级别 | 说明 |
|---|---|---|
| 功能正确性 (functional) | Critical | 逻辑错误、边界条件、错误处理、并发问题 |
| 安全性 (security) | Critical | SQL注入、XSS、命令注入、敏感信息泄露、权限控制 |
| 性能 (performance) | Important | O(n²)复杂度、N+1查询、正则回溯、资源泄漏 |
| 可读性 (readability) | Important | 命名规范、职责单一、注释质量、代码简洁 |
| 可维护性 (maintainability) | Important | SOLID原则、依赖关系、配置外部化、日志规范 |
| 测试覆盖 (testing) | Critical | 单元测试、边界测试、异常测试、断言清晰 |
| 文档同步 (documentation) | Minor | API文档、变更记录、README同步 |
openclaw run code-review-gate --base HEAD~1 --head HEAD
openclaw run code-review-gate --base abc1234 --head def5678
openclaw run code-review-gate --files "src/api/*.py,src/services/*.py" --design design.md
openclaw run code-review-gate --base main --head feature-branch --design openspec/changes/feat-001/design.md
| 参数 | 必需 | 说明 |
|---|---|---|
--base | 是* | git diff 基准 commit/branch |
--head | 是* | git diff 目标 commit/branch |
--files | 否 | 限定审查的文件路径(glob 模式) |
--design | 否 | 设计文档路径,用于对比实现一致性 |
--severity | 否 | 最低报告级别: critical / important / minor (默认 important) |
--format | 否 | 输出格式: markdown / json / terminal (默认 markdown) |
--max-lines | 否 | 单次审查最大行数限制 (默认 1000) |
*
--base+--head与--files二选一
审查完成后生成结构化报告:
## Code Review Report — [timestamp]
**Range:** abc1234..def5678
**Files Changed:** 12 | **Lines:** +345 -120
**Design Doc:** openspec/changes/feat-001/design.md
---
### Strengths
- Clean separation of concerns in service layer
- Comprehensive error handling with proper fallbacks
- Well-structured test cases covering edge scenarios
### Issues
#### Critical (Must Fix — 2 issues)
1. **SQL Injection in user query** [src/api/users.py:45]
- What: Raw string formatting used in SQL WHERE clause
- Risk: Allows arbitrary SQL execution via crafted input
- Fix: Use parameterized queries with `?` placeholders
2. **Missing auth check** [src/api/admin.py:120]
- What: Admin endpoint lacks authentication middleware
- Risk: Unauthenticated access to sensitive admin operations
- Fix: Add `@require_auth` decorator
#### Important (Should Fix — 3 issues)
1. **N+1 query in list endpoint** [src/services/order.py:78]
- ...
#### Minor (Nice to Have — 2 issues)
1. **Inconsistent variable naming** [src/utils/parser.py:33]
- ...
### Design Consistency Check
- ✅ API signature matches design doc
- ⚠️ One endpoint (`GET /api/v2/users`) not documented in design
- ✅ Data model matches schema definition
### Recommendations
- Add input sanitization middleware
- Consider query batching for list endpoints
### Assessment
**Gate: ❌ BLOCKED**
**Reasoning:** 2 critical issues must be resolved before merge — SQL injection and missing authentication. Important issues should be addressed but do not block.
| 退出码 | 含义 | CI 行为 |
|---|---|---|
| 0 | 通过 — 无 Critical 问题 | 允许合并 |
| 1 | 阻塞 — 存在 Critical 问题 | 阻止合并 |
| 2 | 错误 — 工具自身异常 | 标记为 CI 失败 |
| 3 | 跳过 — 变更不符合审查条件 | 允许合并 |
git — 命令行工具,用于获取 diffbandit — Python 安全扫描 (可选,增强安全检测)radon — 代码复杂度分析 (可选)本 Skill 可作为 OpenClaw 流水线中的独立阶段:
import { defineAgent } from "openclaw";
import { CodeReviewGateSkill } from "@community/code-review-gate";
const agent = defineAgent({
name: "dev-workflow-agent",
description: "Development workflow with code review gate",
model: "claude-sonnet-4-20250514",
skills: [
new CodeReviewGateSkill({
severity: "critical",
maxLines: 1000,
}),
],
});
通过 gate.config.yaml 自定义检查项:
# gate.config.yaml — 可选配置文件
severity_threshold: critical # 阻塞级别
max_diff_lines: 1000 # 单次最大审查行数
skip_patterns: # 跳过审查的文件模式
- "*.md"
- "*.json"
- "docs/**"
- "*.lock"
require_design_doc: true # 是否强制要求设计文档
enabled_checks: # 启用的检查维度
- functional
- security
- performance
- testing
- documentation
auto_fix_suggestions: true # 是否生成修复建议