后端审查
- 作者仓库星标 149,183
- 作者更新于 实时读取
- 作者仓库 langflow
- 领域
- 安全
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @langflow-ai · 未声明 license
- Token 消耗评级
- 中等消耗
- 接入复杂程度
- 需简单配置
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- 未声明(默认跨平台)
- 底层运行要求
- Python >=3.10
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 读取环境变量
- 网络行为
- 仅限本地
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: backend-code-review
description: Review backend code for quality, security, maintainability, and best practices based on establis…
category: 安全
runtime: Python
---
# backend-code-review 输出预览
## PART A: 任务判断
- 适用问题:安全审计、密钥扫描、权限检查或风险分析。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“When to use this skill / How to use this skill / Checklist”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于安全审计、密钥扫描、权限检查或风险分析,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“When to use this skill / How to use this skill / Checklist”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、读取环境变量、主要在本地完成、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;主要在本地完成;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/etc` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令、读取环境变量。
先用一个小任务确认它会围绕“When to use this skill / How to use this skill / Checklist”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: backend-code-review
description: Review backend code for quality, security, maintainability, and best practices based on establis…
category: 安全
source: langflow-ai/langflow
---
# backend-code-review
## 什么时候使用
- 用于审阅代码、文档或方案并给出可执行反馈 适合处理安全审计、密钥扫描、权限检查和风险分析,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤;通常不需要额外 A…
- 面向安全审计、密钥扫描、权限检查或风险分析,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「When to use this skill / How to use this skill / Checklist」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令、读取环境变量;主要在本地完成;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "backend-code-review" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> When to use this skill / How to use this skill / Checklist
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> Python | 读取文件、写入/修改文件、执行终端命令、读取环境变量 | 主要在本地完成
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} Backend Code Review
When to use this skill
Use this skill whenever the user asks to review, analyze, or improve backend code (e.g., .py) under the src/backend/ directory. Supports the following review modes:
- Pending-change review: when the user asks to review current changes (inspect staged/working-tree files slated for commit to get the changes).
- Code snippets review: when the user pastes code snippets (e.g., a function/class/module excerpt) into the chat and asks for a review.
- File-focused review: when the user points to specific files and asks for a review of those files (one file or a small, explicit set of files, e.g.,
src/backend/base/langflow/api/v1/flows.py).
Do NOT use this skill when:
- The request is about frontend code or UI (e.g.,
.tsx,.ts,.js,src/frontend/). - The user is not asking for a review/analysis/improvement of backend code.
- The scope is not under
src/backend/(unless the user explicitly asks to review backend-related changes outsidesrc/backend/).
How to use this skill
Follow these steps when using this skill:
- Identify the review mode (pending-change vs snippet vs file-focused) based on the user's input. Keep the scope tight: review only what the user provided or explicitly referenced.
- Follow the rules defined in Checklist to perform the review. If no Checklist rule matches, apply General Review Rules as a fallback to perform the best-effort review.
- Compose the final output strictly following the Required Output Format.
Notes when using this skill:
- Always include actionable fixes or suggestions (including possible code snippets).
- Use best-effort
File:Linereferences when a file path and line numbers are available; otherwise, use the most specific identifier you can.
Checklist
- db schema design: if the review scope includes code/files under
src/backend/base/langflow/services/database/models/or Alembic migrations undersrc/backend/base/langflow/alembic/versions/, follow references/db-schema-rule.md to perform the review - architecture: if the review scope involves route/service/model layering, dependency direction, or moving responsibilities across modules, follow references/architecture-rule.md to perform the review
- service abstraction: if the review scope contains table/model operations (e.g.,
select(...),session.execute(...), joins, CRUD) and is not already inside a service undersrc/backend/base/langflow/services/, follow references/repositories-rule.md to perform the review - sqlalchemy patterns: if the review scope involves SQLAlchemy/SQLModel session/query usage, db transaction/crud usage,
session_scope()usage, or raw SQL usage, follow references/sqlalchemy-rule.md to perform the review
General Review Rules
1. Security Review
Check for:
- SQL injection vulnerabilities (especially raw
text()queries with string interpolation). Consequence: attacker can read/modify/delete any data in the database. - Server-Side Request Forgery (SSRF) in component HTTP calls. Consequence: attacker uses the server to scan internal networks or access cloud metadata endpoints.
- Command injection (especially in subprocess or shell-executing components). Consequence: attacker gains shell access to the server.
- Insecure deserialization (pickle, yaml.load without SafeLoader). Consequence: arbitrary code execution on the server.
- Hardcoded secrets/credentials. Consequence: secrets leak via git history and are impossible to fully revoke.
- Improper authentication/authorization (missing
CurrentActiveUserdependency). Consequence: unauthenticated users can access protected endpoints. - Insecure direct object references (missing
user_idscoping on queries). Consequence: user A can read/modify user B's flows, variables, API keys. - Path traversal in file storage operations. Consequence: attacker reads arbitrary server files (e.g.,
/etc/passwd,.env).
2. Performance Review
Check for:
- N+1 queries (especially in loops calling
session.execute()). Consequence: 100 flows = 101 DB queries instead of 2; page load goes from 50ms to 5s. - Missing database indexes on frequently queried columns. Consequence: full table scans on large datasets; queries degrade from O(log n) to O(n).
- Memory leaks (unbounded caches, retained references in long-lived services). Consequence: server OOM after hours of operation; pods restart in production.
- Blocking operations in async code (
time.sleep(), synchronous I/O, CPU-bound work withoutrun_in_executor). Consequence: entire event loop stalls; all concurrent requests hang until the blocking call completes. - Missing caching opportunities for expensive computations. Consequence: repeated computation of the same result on every request.
- Large result sets loaded entirely into memory without pagination. Consequence: memory spike + slow response when user has 10K+ flows.
3. Code Quality Review
Check for:
- Code forward compatibility with Python 3.10-3.13
- Code duplication (DRY violations — extract when the exact same business rule is duplicated in 3+ places)
- Functions doing too much (SRP violations — if you need "and" to describe it, split it)
- Deep nesting / complex conditionals (prefer early returns and guard clauses)
- Magic numbers/strings (extract to named constants or enums)
- Poor naming: unclear abbreviations, misleading names, generic names (
data,result,obj,temp). Functions should use verbs (get,create,validate). Booleans should use prefixes (is_,has_,can_,should_). - Missing error handling (bare
except, swallowed exceptions, silent failures) - Incomplete type coverage (use strong typing, avoid
Anywhere a concrete type is known) - Use Python 3.10+ union syntax (
X | YnotUnion[X, Y],X | NonenotOptional[X]) - Use
TYPE_CHECKINGguard for imports only needed for type annotations (prevents circular imports) - Use
Annotated[Type, Depends(...)]with project aliases (CurrentActiveUser,DbSession,DbSessionReadOnly) for FastAPI DI - Google-style docstrings (enforced by Ruff):
Args:,Returns:,Raises:sections for public functions - Violations of SOLID principles
- YAGNI violations (code that anticipates future needs without a present requirement)
- Line length exceeding 120 characters (project Ruff config)
- Comments that explain WHAT instead of WHY (comments should only explain reasoning, not restate code)
- Commented-out code (use version control instead)
- Boolean parameters that switch function behavior (split into two named functions instead)
- Mutable shared state where immutable alternatives exist (prefer returning new objects over mutation)
4. File Structure Review
Check for:
- Production files exceeding ~500 lines of code (excluding imports, types, and docstrings). Files above 600 lines are a red flag and should be split by responsibility. Why: Files above 500 lines have statistically higher defect rates and take longer to review. They signal multiple responsibilities (SRP violation). In Langflow, services like
DatabaseServicethat grow beyond this limit should have their CRUD operations extracted to dedicated modules. - Test files exceeding ~1000 lines. Split by logical grouping if exceeded.
- No more than 5 functions with different responsibilities in a single file (per AGENTS-example.md).
- Each file has a single reason to exist and a single reason to change (SRP).
- No generic file names:
utils.py,helpers.py,misc.py,common.pyas standalone files. Why: A file namedutils.pybecomes a dumping ground for unrelated functions. Within months it has 50+ functions covering formatting, validation, parsing, and HTTP calls — violating SRP. Each function group should be in a file named after its responsibility (formatting.py,validation.py).
5. Testing Review
Check for:
- Missing test coverage for new code paths
- Tests that don't test behavior (testing implementation details)
- Flaky test patterns (time-dependent, order-dependent, external-service-dependent)
- Proper use of
pytest.mark.asynciofor async tests - Excessive mocking (prefer real integrations per project conventions)
- Coverage target: 80% (minimum acceptable: 75%)
- Test anti-patterns: The Liar (passes but doesn't verify claimed behavior), The Mirror (asserts exactly what code does), The Giant (50+ lines setup), The Mockery (tests only mock setup), The Inspector (coupled to implementation), The Chain Gang (depends on execution order), The Flaky (inconsistent results)
Happy path tests are the foundation but are NOT enough. Tests MUST also challenge the code to find real defects:
- Unexpected inputs:
None,"",[],{},0,-1,UUID("00000000-0000-0000-0000-000000000000") - Boundary values: max length strings, exactly at the limit, one past the limit, zero items, max items
- Malformed data: missing required fields, extra unexpected fields, wrong types, invalid formats
- Error states: what happens when the database is down? When an external API returns 500? When the user doesn't exist?
- What should NOT happen: verify that user A CANNOT access user B's flows. Verify that a deleted flow returns 404. Verify that invalid
endpoint_nameis rejected with 422. - Error messages and types: not just that it fails, but that it fails with the RIGHT exception and the RIGHT message
- Concurrency: what happens when two requests try to update the same flow simultaneously?
Write tests based on REQUIREMENTS/SPEC, not on what the source code currently does. This is how you catch bugs where the code diverges from expected behavior.
When a test fails: first ask if the CODE is wrong, not the test. Do NOT silently change a failing assertion to match the current code without understanding WHY.
6. Observability Review
Check for:
- Use the async logger from
lfx.log.loggerwitha-prefixed methods (adebug,ainfo,awarning,aerror,aexception). Never useprint()or stdliblogging. - Log at key decision points and boundaries, not inside tight loops
- Include: operation name, relevant IDs, outcome (success/failure), duration if relevant
- Correct log levels: ERROR (broken, needs attention), WARN (degraded but recoverable), INFO (significant events), DEBUG (diagnostic, off in prod)
- ZERO PII TOLERANCE: Never log email addresses, user names, phone numbers, tokens, passwords. Only approved identifiers:
user_id,flow_id,session_id - No
print()statements — these go to production logs - Use
{e!s}for string representation of exceptions in log messages
7. Pre-Commit Verification
For pending-change reviews, verify the author has run:
make format_backend(Ruff formatter) — inconsistent formatting creates noisy diffs that hide real changes in code review. Format first, review second.make lint(MyPy type checking) — type errors caught at lint time are 10x cheaper to fix than runtime crashes in production. Langflow services use duck typing viaServicebase class; MyPy catches mismatches early.make unit_tests(pytest) — a failing test means the change breaks existing behavior. Never merge with failing tests; investigate whether the code or the test is wrong.
Required Output Format
When this skill is invoked, the response must exactly follow one of the two templates:
Template A (any findings)
# Code Review Summary
Found <X> critical issues need to be fixed:
## 🔴 Critical (Must Fix)
### 1. <brief description of the issue>
FilePath: <path> line <line>
<relevant code snippet or pointer>
#### Explanation
<detailed explanation and references of the issue>
#### Suggested Fix
1. <brief description of suggested fix>
2. <code example> (optional, omit if not applicable)
---
... (repeat for each critical issue) ...
Found <Y> suggestions for improvement:
## 🟡 Suggestions (Should Consider)
### 1. <brief description of the suggestion>
FilePath: <path> line <line>
<relevant code snippet or pointer>
#### Explanation
<detailed explanation and references of the suggestion>
#### Suggested Fix
1. <brief description of suggested fix>
2. <code example> (optional, omit if not applicable)
---
... (repeat for each suggestion) ...
Found <Z> optional nits:
## 🟢 Nits (Optional)
### 1. <brief description of the nit>
FilePath: <path> line <line>
<relevant code snippet or pointer>
#### Explanation
<explanation and references of the optional nit>
#### Suggested Fix
- <minor suggestions>
---
... (repeat for each nits) ...
## ✅ What's Good
- <Positive feedback on good patterns>
- If there are no critical issues or suggestions or optional nits or good points, just omit that section.
- If the issue number is more than 10, summarize as "Found 10+ critical issues/suggestions/optional nits" and only output the first 10 items.
- Don't compress the blank lines between sections; keep them as-is for readability.
- If there is any issue that requires code changes, append a brief follow-up question to ask whether the user wants to apply the fix(es) after the structured output. For example: "Would you like me to use the Suggested fix(es) to address these issues?"
Template B (no issues)
## Code Review Summary
✅ No issues found.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核