feat: 集成code-review skill到项目
- 项目级 skill: .claude/skills/code-review/ (398行SKILL.md + 参考文件) - 自动触发: AI修改.py/.cbl/.cpy/.lark后自动review - CLAUDE.md: 定义触发规则、review流程、严重级别 - .code-review.yaml: tier=standard, 高风险模块配置 效果: clone即用, 每次代码变更后自动审查, 防止低质量代码入库 Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
NB-076
@@ -0,0 +1,47 @@
|
||||
# Python FastAPI Review Checklist
|
||||
|
||||
Extends the generic checklist with FastAPI-specific items.
|
||||
|
||||
## Interface Layer (FastAPI Routes)
|
||||
|
||||
- [ ] Pydantic models used for request/response schemas
|
||||
- [ ] Pydantic validators (`@validator`, `@field_validator`) for custom logic
|
||||
- [ ] `response_model` specified on all endpoints
|
||||
- [ ] Query/Path parameters have `title`, `description`, `examples`
|
||||
- [ ] `status_code` set explicitly on non-200 responses
|
||||
- [ ] Dependency injection used for shared logic (auth, DB session)
|
||||
|
||||
## Business Layer
|
||||
|
||||
- [ ] Business logic separated from route handlers
|
||||
- [ ] `Depends(get_db)` pattern for database session management
|
||||
- [ ] Background tasks (`BackgroundTasks`) used for non-blocking operations
|
||||
|
||||
## Data Layer (SQLAlchemy / asyncpg)
|
||||
|
||||
- [ ] SQLAlchemy: session management via dependency injection
|
||||
- [ ] SQLAlchemy: `selectinload()` / `joinedload()` for eager loading
|
||||
- [ ] SQLAlchemy async: proper async session usage (`AsyncSession`)
|
||||
- [ ] Raw SQL: always parameterized, never f-string interpolation
|
||||
|
||||
## Error Handling
|
||||
|
||||
- [ ] Custom exception handlers registered (`@app.exception_handler`)
|
||||
- [ ] HTTPException with appropriate status codes
|
||||
- [ ] Validation errors return structured response (Pydantic error format)
|
||||
- [ ] Unhandled exceptions caught by global handler
|
||||
|
||||
## Security
|
||||
|
||||
- [ ] `CORSMiddleware` with specific origins, not `allow_origins=["*"]`
|
||||
- [ ] OAuth2 / JWT integration via FastAPI security utilities
|
||||
- [ ] `Security()` or `Depends()` for auth checks (not manual header parsing)
|
||||
- [ ] Rate limiting middleware (e.g., slowapi)
|
||||
- [ ] Secrets loaded from environment or secret manager
|
||||
|
||||
## Performance
|
||||
|
||||
- [ ] Async endpoints (`async def`) where I/O-bound
|
||||
- [ ] `httpx.AsyncClient` with connection pooling for external API calls
|
||||
- [ ] Response compression middleware (`GZipMiddleware`)
|
||||
- [ ] Database connection pool size tuned
|
||||
Reference in New Issue
Block a user