feat: 集成code-review skill到项目
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
NB-076
@@ -0,0 +1,48 @@
|
||||
# Go Gin Review Checklist
|
||||
|
||||
Extends the generic checklist with Go/Gin-specific items.
|
||||
|
||||
## Interface Layer (Gin Handlers)
|
||||
|
||||
- [ ] `ShouldBindJSON` / `ShouldBindQuery` with error handling
|
||||
- [ ] Binding structs have `binding:"required"` tags
|
||||
- [ ] Custom validators registered with `binding.Validator`
|
||||
- [ ] Response helpers used consistently (not raw `c.JSON` everywhere)
|
||||
- [ ] Middleware applied at appropriate scope (global vs group vs handler)
|
||||
|
||||
## Business Layer
|
||||
|
||||
- [ ] Business logic in service structs with interfaces
|
||||
- [ ] Context propagation (`context.Context`) through all layers
|
||||
- [ ] Dependency injection via constructor, not global variables
|
||||
|
||||
## Data Layer (GORM / sqlx / database/sql)
|
||||
|
||||
- [ ] GORM: `Preload()` instead of lazy loading in loops
|
||||
- [ ] GORM: `Where("field = ?", value)` — parameterized queries
|
||||
- [ ] database/sql: prepared statements with placeholders
|
||||
- [ ] Connection pool: `SetMaxOpenConns`, `SetMaxIdleConns`, `SetConnMaxLifetime`
|
||||
- [ ] `rows.Close()` always called (or use `defer`)
|
||||
|
||||
## Error Handling
|
||||
|
||||
- [ ] Errors wrapped with `fmt.Errorf("context: %w", err)` for traceability
|
||||
- [ ] `errors.Is()` and `errors.As()` for error type checking
|
||||
- [ ] No `panic()` in request handlers (use recovery middleware)
|
||||
- [ ] Gin recovery middleware configured
|
||||
|
||||
## Security
|
||||
|
||||
- [ ] `gin-contrib/cors` with specific origins
|
||||
- [ ] Rate limiting middleware (e.g., `gin-contrib/limiter`)
|
||||
- [ ] JWT or session middleware for auth
|
||||
- [ ] Secrets from environment, never committed
|
||||
- [ ] `gin.SetMode(gin.ReleaseMode)` in production
|
||||
|
||||
## Performance
|
||||
|
||||
- [ ] Goroutine pools for concurrent operations (avoid unbounded goroutines)
|
||||
- [ ] `sync.Pool` for frequently allocated objects
|
||||
- [ ] Database query limits on all SELECTs
|
||||
- [ ] `context.WithTimeout` for all external calls
|
||||
- [ ] JSON serialization with `json:"-"` on sensitive fields
|
||||
Reference in New Issue
Block a user