meta-codereview-current-diff
GitHub并行执行安全、测试覆盖和风格三个独立审查器,对当前未提交差异进行多视角代码审查,并仲裁生成最终 verdict。适用于提交前获取多维度代码质量反馈。
Trigger Scenarios
Install
npx skills add opensquilla/opensquilla --skill meta-codereview-current-diff -g -y
SKILL.md
Frontmatter
{
"kind": "meta",
"name": "meta-codereview-current-diff",
"always": false,
"triggers": [
"multi-reviewer diff",
"codereview my diff",
"三路 review",
"审查当前 diff"
],
"provenance": {
"origin": "opensquilla-original",
"license": "Apache-2.0"
},
"composition": {
"steps": [
{
"id": "read_diff",
"kind": "skill_exec",
"with": {
"cwd": "{{ inputs.workspace_dir | default('.') }}",
"mode": "cached_fallback_worktree"
},
"skill": "git-diff"
},
{
"id": "review_safety",
"kind": "llm_chat",
"with": {
"task": "You are the *safety reviewer* for a 3-reviewer codereview bundle.\nApply ONLY the rules below; do not invent additional concerns.\n\nDiff under review:\n---\n{{ outputs.read_diff | truncate(8000) }}\n---\n\nRules (in priority order):\n 1. CRITICAL if the diff introduces SQL injection (string\n concatenation into SQL, unparameterized queries via .format\n or f-strings into execute\/query).\n 2. CRITICAL if the diff introduces shell-injection\n (subprocess with shell=True + user input, or os.system on\n unvalidated strings).\n 3. CRITICAL if the diff hardcodes a credential (sk-…, ghp_…,\n AKIA…, private key, password=… string literal).\n 4. WARNING if the diff templates user-controlled strings into\n tool args \/ prompts WITHOUT `xml_escape` (G1.6 contract).\n 5. CLEAR if none of the above apply.\n\nReply with EXACTLY one line, no preamble:\n CRITICAL: <one-sentence reason>\n WARNING: <one-sentence reason>\n CLEAR: no safety concerns found\n",
"system": "You are a precise code safety reviewer. Reply with exactly one requested verdict line."
},
"depends_on": [
"read_diff"
]
},
{
"id": "review_tests",
"kind": "llm_chat",
"with": {
"task": "You are the *test-coverage reviewer* for a 3-reviewer codereview\nbundle. Apply ONLY the rules below.\n\nDiff under review:\n---\n{{ outputs.read_diff | truncate(8000) }}\n---\n\nRules:\n 1. MISSING_TESTS if the diff adds a new public function \/ class \/\n protocol under `src\/` and does NOT add a corresponding test\n under `tests\/`.\n 2. MISSING_TESTS if the diff is a bug fix (commit message style\n `fix(...):`) and does NOT add a regression test.\n 3. PASS if refactor-only (no behaviour change), even without\n new tests.\n 4. PASS if the diff is doc-only or config-only.\n\nReply with EXACTLY one line, no preamble:\n MISSING_TESTS: <which functions\/classes lack tests>\n PASS: tests adequate (or n\/a)\n",
"system": "You are a precise test-coverage reviewer. Reply with exactly one requested verdict line."
},
"depends_on": [
"read_diff"
]
},
{
"id": "review_style",
"kind": "llm_chat",
"with": {
"task": "You are the *style \/ idiom reviewer* for a 3-reviewer codereview\nbundle. Look for project-specific anti-patterns.\n\nDiff under review:\n---\n{{ outputs.read_diff | truncate(8000) }}\n---\n\nAnti-patterns to flag (do not invent others):\n - Functions > 80 source lines\n - Conditional nesting > 4 deep\n - Magic numeric literals without a named constant\n - Stale TODO\/FIXME comments left in shipped code\n - Bare `except:` clauses (no exception class)\n - `print()` calls instead of structlog `log.info(...)`\n\nReply with EXACTLY one line, no preamble:\n ANTIPATTERNS: <one-line list with line refs>\n CLEAN: no style issues found\n",
"system": "You are a precise style reviewer. Reply with exactly one requested verdict line."
},
"depends_on": [
"read_diff"
]
},
{
"id": "arbitrate",
"kind": "llm_chat",
"with": {
"task": "Three reviewers ran on the diff:\n - Safety: {{ outputs.review_safety }}\n - Tests: {{ outputs.review_tests }}\n - Style: {{ outputs.review_style }}\n\nApply STRICTLY (higher rule wins; do NOT mix or soften):\n 1. If Safety starts with \"CRITICAL\" → final verdict BLOCK.\n Pass through the safety reviewer's reason verbatim.\n 2. Else if Safety starts with \"WARNING\" OR Tests starts with\n \"MISSING_TESTS\" → final verdict BLOCK_WITH_OVERRIDE\n (user may proceed with explicit acknowledgement; pass the\n warning(s) verbatim).\n 3. Else → PASS_WITH_NOTES. If Style starts with \"ANTIPATTERNS\",\n append the style notes; if all three are clean, write\n \"clean\" instead.\n\nReply with EXACTLY this structure on the first line, then\nadditional lines as needed:\n BLOCK: <safety critical reason>\n BLOCK_WITH_OVERRIDE: <warning(s); user must confirm>\n PASS_WITH_NOTES: <style notes; or \"clean\">",
"system": "You arbitrate code review verdicts. Follow the priority rules exactly."
},
"depends_on": [
"review_safety",
"review_tests",
"review_style"
]
}
]
},
"description": "Read the current uncommitted diff, run three independent reviewers (safety + tests-coverage + style) in parallel, then arbitrate a single BLOCK \/ BLOCK_WITH_OVERRIDE \/ PASS_WITH_NOTES verdict. Use before commit when you want a multi-perspective second-opinion instead of a single-reviewer agent loop.",
"meta_priority": 65,
"final_text_mode": "step:arbitrate"
}
Codereview of Current Diff (Meta-Skill)
A combinator-style meta-skill that runs three independent reviewers in parallel over the currently-uncommitted diff, then arbitrates a single verdict with a strict priority rule.
This is the same combinator + arbitrate pattern as
meta-security-review-bundle, applied to a code-review domain. The
three reviewers each carry a tight, project-specific rubric — safety
focuses on injection / credentials / G1.6 contract; tests focuses on
the "new public surface ⇒ corresponding test" expectation; style
flags only a fixed list of antipatterns so it doesn't drift into
free-form opinions.
Trigger surface
Fire by saying multi-reviewer diff, codereview my diff, or one of the
localized triggers listed in the frontmatter. The diff is read from the working
tree (git diff --cached HEAD, falling back to git diff HEAD if nothing is
staged).
Fallback
If read_diff returns NO_DIFF, the downstream reviewers should
reply with their respective clean verdicts ("CLEAR" / "PASS" /
"CLEAN") and arbitrate emits PASS_WITH_NOTES: clean. If a reviewer
LLM step fails, the orchestrator's partial outputs are visible in
step_outputs; operator should manually re-run the failed reviewer.
Version History
- 7f72a32 Current 2026-07-05 18:40


