admin/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-02-15 10:53:18 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
b86e4a4be6eeedbfb04c04a0b99ff7beb5f5f84e
everything-claude-code/docs/zh-CN/commands/python-review.md
zdoc 88054de673 docs: Add Chinese (zh-CN) translations for all documentation 
* docs: add Chinese versions docs

* update

---------

Co-authored-by: neo <neo.dowithless@gmail.com>
2026-02-05 05:57:54 -08:00

321 lines
6.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
description: 全面的Python代码审查确保符合PEP 8标准、类型提示、安全性以及Pythonic惯用法。调用python-reviewer代理。
---
# Python 代码审查
此命令调用 **python-reviewer** 代理进行全面的 Python 专项代码审查。
## 此命令的功能
1. **识别 Python 变更**:通过 `git diff` 查找修改过的 `.py` 文件
2. **运行静态分析**:执行 `ruff``mypy``pylint``black --check`
3. **安全扫描**:检查 SQL 注入、命令注入、不安全的反序列化
4. **类型安全审查**:分析类型提示和 mypy 错误
5. **Pythonic 代码检查**:验证代码是否遵循 PEP 8 和 Python 最佳实践
6. **生成报告**:按严重程度对问题进行归类
## 使用时机
在以下情况使用 `/python-review`
* 编写或修改 Python 代码后
* 提交 Python 变更前
* 审查包含 Python 代码的拉取请求时
* 接手新的 Python 代码库时
* 学习 Pythonic 模式和惯用法时
## 审查类别
### 关键 (必须修复)
* SQL/命令注入漏洞
* 不安全的 eval/exec 使用
* Pickle 不安全反序列化
* 硬编码的凭证
* YAML 不安全加载
* 隐藏错误的裸 except 子句
### 高 (应该修复)
* 公共函数缺少类型提示
* 可变默认参数
* 静默吞掉异常
* 未对资源使用上下文管理器
* 使用 C 风格循环而非推导式
* 使用 type() 而非 isinstance()
* 无锁的竞态条件
### 中 (考虑)
* 违反 PEP 8 格式规范
* 公共函数缺少文档字符串
* 使用 print 语句而非 logging
* 低效的字符串操作
* 未使用命名常量的魔法数字
* 未使用 f-strings 进行格式化
* 不必要的列表创建
## 运行的自动化检查
```bash
# Type checking
mypy .
# Linting and formatting
ruff check .
black --check .
isort --check-only .
# Security scanning
bandit -r .
# Dependency audit
pip-audit
safety check
# Testing
pytest --cov=app --cov-report=term-missing
```
## 使用示例
````text
User: /python-review
Agent:
# Python Code Review Report
## Files Reviewed
- app/routes/user.py (modified)
- app/services/auth.py (modified)
## Static Analysis Results
✓ ruff: No issues
✓ mypy: No errors
⚠️ black: 2 files need reformatting
✓ bandit: No security issues
## Issues Found
[CRITICAL] SQL Injection vulnerability
File: app/routes/user.py:42
Issue: User input directly interpolated into SQL query
```python
query = f"SELECT * FROM users WHERE id = {user_id}" # Bad
````
修复:使用参数化查询
```python
query = "SELECT * FROM users WHERE id = %s" # Good
cursor.execute(query, (user_id,))
```
\[高] 可变默认参数
文件app/services/auth.py:18
问题:可变默认参数导致共享状态
```python
def process_items(items=[]): # Bad
items.append("new")
return items
```
修复:使用 None 作为默认值
```python
def process_items(items=None): # Good
if items is None:
items = []
items.append("new")
return items
```
\[中] 缺少类型提示
文件app/services/auth.py:25
问题:公共函数缺少类型注解
```python
def get_user(user_id): # Bad
return db.find(user_id)
```
修复:添加类型提示
```python
def get_user(user_id: str) -> Optional[User]: # Good
return db.find(user_id)
```
\[中] 未使用上下文管理器
文件app/routes/user.py:55
问题:异常时文件未关闭
```python
f = open("config.json") # Bad
data = f.read()
f.close()
```
修复:使用上下文管理器
```python
with open("config.json") as f: # Good
data = f.read()
```
## 摘要
* 关键1
* 高1
* 中2
建议:❌ 在关键问题修复前阻止合并
## 所需的格式化
运行:`black app/routes/user.py app/services/auth.py`
````
## Approval Criteria
| Status | Condition |
|--------|-----------|
| ✅ Approve | No CRITICAL or HIGH issues |
| ⚠️ Warning | Only MEDIUM issues (merge with caution) |
| ❌ Block | CRITICAL or HIGH issues found |
## Integration with Other Commands
- Use `/python-test` first to ensure tests pass
- Use `/code-review` for non-Python specific concerns
- Use `/python-review` before committing
- Use `/build-fix` if static analysis tools fail
## Framework-Specific Reviews
### Django Projects
The reviewer checks for:
- N+1 query issues (use `select_related` and `prefetch_related`)
- Missing migrations for model changes
- Raw SQL usage when ORM could work
- Missing `transaction.atomic()` for multi-step operations
### FastAPI Projects
The reviewer checks for:
- CORS misconfiguration
- Pydantic models for request validation
- Response models correctness
- Proper async/await usage
- Dependency injection patterns
### Flask Projects
The reviewer checks for:
- Context management (app context, request context)
- Proper error handling
- Blueprint organization
- Configuration management
## Related
- Agent: `agents/python-reviewer.md`
- Skills: `skills/python-patterns/`, `skills/python-testing/`
## Common Fixes
### Add Type Hints
```python
# Before
def calculate(x, y):
return x + y
# After
from typing import Union
def calculate(x: Union[int, float], y: Union[int, float]) -> Union[int, float]:
return x + y
````
### 使用上下文管理器
```python
# Before
f = open("file.txt")
data = f.read()
f.close()
# After
with open("file.txt") as f:
data = f.read()
```
### 使用列表推导式
```python
# Before
result = []
for item in items:
if item.active:
result.append(item.name)
# After
result = [item.name for item in items if item.active]
```
### 修复可变默认参数
```python
# Before
def append(value, items=[]):
items.append(value)
return items
# After
def append(value, items=None):
if items is None:
items = []
items.append(value)
return items
```
### 使用 f-strings (Python 3.6+)
```python
# Before
name = "Alice"
greeting = "Hello, " + name + "!"
greeting2 = "Hello, {}".format(name)
# After
greeting = f"Hello, {name}!"
```
### 修复循环中的字符串连接
```python
# Before
result = ""
for item in items:
result += str(item)
# After
result = "".join(str(item) for item in items)
```
## Python 版本兼容性
审查者会指出代码何时使用了新 Python 版本的功能:
| 功能 | 最低 Python 版本 |
|---------|----------------|
| 类型提示 | 3.5+ |
| f-strings | 3.6+ |
| 海象运算符 (`:=`) | 3.8+ |
| 仅限位置参数 | 3.8+ |
| Match 语句 | 3.10+ |
| 类型联合 (\`x | None\`) | 3.10+ |
确保你的项目 `pyproject.toml``setup.py` 指定了正确的最低 Python 版本。
Reference in New Issue View Git Blame Copy Permalink