Git审查
- 作者仓库星标 0
- 作者更新于 实时读取
- 作者仓库 skills-registry
- 领域
- 工程开发
- 兼容 Agent
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- 信任分
- 88 / 100 · 社区维护
- 作者 / 版本 / 许可
- @tomevault-io · 未声明 license
- Token 消耗评级
- 低消耗
- 接入复杂程度
- 需简单配置
- 是否需要外部 API Key
- 不需要
- 兼容的系统
- 未声明(默认跨平台)
- 底层运行要求
- 无特殊要求
- 文件与系统权限
-
- 只读
- 允许写入 / 修改
- Shell 执行
- 网络行为
- 允许外网请求
- 安装命令数
- 26 条
档案由构建时根据 SKILL.md 与安装命令自动衍生,可能与作者实际意图存在差异。
需要注意: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: external-pr-review
description: One-shot review of an external GitHub PR. Checks out the PR into an isolated worktree (or temp c…
category: 工程开发
runtime: 无特殊运行时
---
# external-pr-review 输出预览
## PART A: 任务判断
- 适用问题:代码实现、重构、调试或代码审查。
- 输入要求:目标材料、限制条件、期望输出和验收方式。
- 证据边界:围绕“Calibrating findings / Arguments / Step 1: Resolve the PR”读取原文规则,不把推断写成作者承诺。
## PART B: 执行结果
- **01** 任务判断:确认你的需求是否属于代码实现、重构、调试或代码审查,并标出输入、限制和预期结果。
- **02** 执行计划:优先按“Calibrating findings / Arguments / Step 1: Resolve the PR”拆成步骤,说明每一步会读取什么、修改什么、产出什么。
- **03** 交付结果:给出可复制的命令、文件改动、检查清单或内容草稿,并说明如何继续迭代。
- **04** 风险边界:结合 读取文件、写入/修改文件、执行终端命令、会按任务需要访问外部网络、通常不需要额外 API Key 给出执行前确认项。
## Running Rules
- 读取文件、写入/修改文件、执行终端命令;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先小样例验证,再放大到真实任务。
- 交付时同时给结果、检查口径和下一步迭代建议。 原文出现了 `/pr-polish`、`/tmp` 这类斜杠命令;如果你的 Agent 支持命令触发,优先用命令开场,再补充目标和边界。
告诉 Agent 目标文件或材料、期望结果、不可改范围、是否允许联网或执行命令。本 Skill 的权限画像是:读取文件、写入/修改文件、执行终端命令。
先用一个小任务确认它会围绕“Calibrating findings / Arguments / Step 1: Resolve the PR”工作;涉及文件或命令时,先看 diff、日志、预览或测试结果。
检查最终产物是否包含明确结果、必要证据和下一步动作;如果输出泛泛而谈,就补充输入、边界和验收标准后重跑。
---
name: external-pr-review
description: One-shot review of an external GitHub PR. Checks out the PR into an isolated worktree (or temp c…
category: 工程开发
source: tomevault-io/skills-registry
---
# external-pr-review
## 什么时候使用
- 用于审阅代码、文档或方案并给出可执行反馈 适合处理工程开发场景下的代码实现、调试、重构、测试或代码审查,核心价值是把输入、判断、执行、验证和交付边界固定下来,避免 Agent 泛泛回答。 把任务拆成可执行、可检查、可继续迭代的步骤;通常…
- 面向代码实现、重构、调试或代码审查,优先处理能明确输入、步骤和验收标准的工作。
## 需要提供什么
- 目标材料、目录范围、期望结果和不可改动内容。
- 是否允许联网、执行命令、读写文件或调用外部服务。
## 执行规则
- 围绕「Calibrating findings / Arguments / Step 1: Resolve the PR」组织步骤,不把推断写成作者事实。
- 读取文件、写入/修改文件、执行终端命令;会按任务需要访问外部网络;通常不需要额外 API Key。
- 先跑小样例,确认结果可检查后再扩大任务范围。
## 输出要求
- 给出最终产物、关键证据、验证方式和下一步动作。
- 信息不足时标记 unknown,不编造命令、平台或依赖。 作者原文负责流程事实;仓库文件负责来源和命令;流狐只补充适用场景、限制和质量判断。
skill "external-pr-review" {
输入层 -> 用户目标 + 目标文件 + 禁止范围 + 验收标准
上下文层 -> Calibrating findings / Arguments / Step 1: Resolve the PR
规则层 -> SKILL.md 触发条件 / 执行顺序 / 输出格式
运行层 -> 无特殊运行时 | 读取文件、写入/修改文件、执行终端命令 | 会按任务需要访问外部网络
安全层 -> 通常不需要额外 API Key + 小任务验证 + diff / 日志复核
输出层 -> 可复制结果 + 检查清单 + 下一步迭代
} External PR Review
Read-only review of someone else's PR. One bramble code-review pass against the diff, calibrated verdict, optionally posted to GitHub.
Companion to /pr-polish (which iterates fixes on your own branch). This one never edits the PR's files, never pushes.
Calibrating findings
A finding is blocking only when merging the diff as-is would cause something observable to break or regress:
- Real bug introduced by the diff (wrong condition, off-by-one, missing await).
- Security regression introduced by the diff.
- Missing/broken tests for behavior the diff explicitly changes.
- Obvious perf regression (N+1 on a hot path, sync I/O in async hot loop).
- Change to a documented contract without a matching doc/test update.
Everything else — naming, structure, style, optional refactors, pre-existing issues — is Optional, and doesn't gate the verdict.
The blocking test: if this merges as-is, will something observable break or regress? Code-smell answers no. Wrong SQL predicate answers yes.
Arguments
<pr>(required): full URLhttps://github.com/owner/repo/pull/N, or bare#N/Nwhen invoked from inside a clone of that repo.--backend:codex(default),cursor, orgemini.--model: backend-specific override.--effort: codex-only.low/medium(default) /high.mediumcatches cross-call-site coverage gaps thatlowmisses;highfor genuinely subtle correctness.
Step 1: Resolve the PR
mkdir -p /tmp/external-pr-review-$PR_NUM
gh pr view "$PR_INPUT" --repo "$OWNER/$REPO" \
--json number,title,body,headRefOid,headRefName,baseRefName,url,author,isDraft,state \
> /tmp/external-pr-review-$PR_NUM/pr.json
Closed/merged → ask before continuing. Draft → proceed, note in verdict.
Step 2: Check out the code
Need an isolated worktree at the head SHA. Try in order.
Method A — worktree from local clone (when git config remote.origin.url matches $OWNER/$REPO):
git fetch origin "pull/$PR_NUM/head:refs/remotes/origin/pr-$PR_NUM"
WORKTREE_DIR="/tmp/external-pr-review-$PR_NUM-$(date +%s)"
git worktree add --detach "$WORKTREE_DIR" "refs/remotes/origin/pr-$PR_NUM"
Method B — fresh shallow clone:
WORKTREE_DIR="/tmp/external-pr-review-$OWNER-$REPO-$PR_NUM-$(date +%s)"
gh repo clone "$OWNER/$REPO" "$WORKTREE_DIR" -- --depth 50
cd "$WORKTREE_DIR"
gh pr checkout "$PR_NUM" || \
git checkout -b "pr-$PR_NUM" "origin/$(jq -r .headRefName /tmp/external-pr-review-$PR_NUM/pr.json)"
gh pr checkout fails on shallow clones with cannot set up tracking information — the fallback works because the fetch already created the remote-tracking ref. If bramble later complains about missing base, git fetch --unshallow.
Verify git rev-parse HEAD matches the head SHA from step 1 before continuing.
If both methods fail, report the error and stop.
Step 3: Build the review goal
--goal is the highest-leverage knob. Without a tight goal, codex/cursor wander into infra/lockfile/cross-repo audits and burn 5–8 minutes on a small PR.
Write this to $WORKTREE_DIR/.external-review-goal.txt:
Review of GitHub PR #<N>: "<title>"
Repo: <owner>/<repo>
Base: <baseRef> Head: <headRefShort>
Author: <login>
## What the author says this PR does
<verbatim PR body, capped at ~50 lines; truncate with "(truncated)" note>
## Diff stat
<git diff --stat origin/<base>..HEAD, capped at 10 lines>
## Review brief
Calibrate findings against real impact. Mark a finding as blocking only if
merging this diff as-is would cause something OBSERVABLE to break or
regress: real bug, security regression, missing/broken test for changed
behavior, obvious perf regression, or a change to a documented contract
without matching doc/test update.
Style notes, structural preferences, and pre-existing issues belong
under optional improvements, not blockers.
Stay inside the diff. Do not audit Pulumi/infra, lockfiles, generated
code, or cross-repo prompts unless this PR explicitly changes them. If
you find yourself reading a file not in `git diff --name-only`, stop.
One pass. Don't re-verify the same plumbing across multiple turns.
If the PR body is empty or one-liner, substitute title + first commit subject. Don't let the model invent intent from the branch name.
Step 4: Run bramble code-review
export BRAMBLE_BIN="$([ -x "$(pwd)/bazel-bin/bramble/bramble_/bramble" ] \
&& echo "$(pwd)/bazel-bin/bramble/bramble_/bramble" \
|| echo bramble)"
ENVELOPE="$WORKTREE_DIR/.external-review-envelope.json"
LOG_DIR="$WORKTREE_DIR/.external-review-logs"
mkdir -p "$LOG_DIR"
BACKEND="${BACKEND:-codex}"
MODEL_FLAG=""; [ -n "$MODEL" ] && MODEL_FLAG="--model $MODEL"
EFFORT_FLAG=""
[ "$BACKEND" = "codex" ] && EFFORT_FLAG="--effort ${EFFORT:-medium}"
cd "$WORKTREE_DIR" && \
BRAMBLE_RUN_TAG="external-pr-review:$OWNER/$REPO:$PR_NUM:$BACKEND" \
"$BRAMBLE_BIN" code-review \
--backend "$BACKEND" $MODEL_FLAG $EFFORT_FLAG \
--skip-test-execution --verbose --timeout 10m \
--goal "$(cat "$WORKTREE_DIR/.external-review-goal.txt")" \
--envelope-file "$ENVELOPE" \
2> "$LOG_DIR/stderr.txt"
Run it under Monitor (typical 2–6 min):
Monitor({
description: "external PR review (bramble code-review)",
timeout_ms: 720000,
persistent: false,
command: "<the bramble invocation above>"
})
Do not also call ScheduleWakeup or any sleep loop while waiting. Monitor's completion event is the only signal needed. ScheduleWakeup with a slash-command prompt will re-fire the whole skill and double-post the review.
If the envelope reports status: "error" but review.raw_text contains a fenced json block, recover by extracting the inner JSON. Otherwise report stderr path and stop.
Step 5: Triage
Each envelope finding has a severity (high/medium/low/nit), path/line, and description. For each:
- Apply the blocking test from "Approval bias" above.
- Cross-reference the cited file:line. If it isn't in the diff, demote to optional (pre-existing) or drop (stale).
- Disagree with the model's severity when warranted — a
highstyle nit is optional; alowreal bug is blocking.
Step 6: Print the verdict
# Review of <owner>/<repo>#<N> — "<title>"
**Verdict:** ✅ APPROVE (or ⚠️ APPROVE with suggestions / 🛑 REQUEST CHANGES)
**Summary:** <one sentence>
## Blocking issues
<omit when none>
- **`path:line`** — <one-liner>
<2–3 sentences: why blocking, what to change>
## Optional improvements
<omit when none>
- **`path:line`** — <one-liner>
<1–2 sentences, phrased as a suggestion>
Verdict:
- ≥1 blocking → REQUEST CHANGES.
- ≥1 substantive optional (real non-blocking bug, missed migration site, likely-unintended behavior) → APPROVE with suggestions.
- Otherwise → APPROVE. If only pure nits remain, list them under a "Nits (take or leave)" footer and keep the headline plain APPROVE.
Step 7: Ask before posting
First, idempotency check — has the current user already reviewed this SHA?
gh pr view "$PR_NUM" --repo "$OWNER/$REPO" --json reviews,headRefOid \
--jq '.headRefOid as $sha | .reviews[] | select(.commit.oid == $sha) | {author: .author.login, state}'
If yes (likely a re-fire), offer Update existing, Post anyway, Skip — default Skip.
Otherwise ask via AskUserQuestion:
- Approve on GitHub (only when verdict is APPROVE or APPROVE-with-suggestions):
gh pr review --approve --body-file <file>. - Comment only:
gh pr review --comment --body-file <file>. - Request changes (only when verdict is REQUEST CHANGES):
gh pr review --request-changes --body-file <file>. - Skip (default).
Always --body-file, never --body "..." — long markdown breaks shell quoting.
Step 8: Cleanup
- Worktree →
git worktree remove --force <path>thengit update-ref -d refs/remotes/origin/pr-<N>. - Temp clone →
rm -rf <path>.
Keep $ENVELOPE and $LOG_DIR on cleanup failure and tell the user where they are.
Edge cases
- Generated code (lockfiles,
*.pb.go, snapshots): skip findings on these. - Revert PR: confirm revert target matches the description; approve unless the revert itself introduces a bug.
- Docs-only PR: read for accuracy and broken links; default APPROVE.
- Stacked PR: verdict is on this diff in isolation; note the dependency.
Source: bazelment/yoloswe — distributed by TomeVault.
先判断是否适合
作者设计意图
作者的方法与取舍
边界和复核