ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity
BMAD-METHOD/bmad-agent/tasks/generate-code-review.md

232 lines
8.2 KiB
Markdown
Raw Blame History

# Generate Code Review Task
## Task Overview
**Task ID:** generate-code-review
**Persona:** Polyglot Code Review Specialist
**Category:** Code Quality Assurance
**Priority:** High
**Estimated Duration:** 15-45 minutes per review
## Task Description
Generate comprehensive code reviews for multi-language codebases, focusing on security, performance, maintainability, and cross-platform consistency across React, TypeScript, Node.js, ASP.NET, and Python implementations.
## Input Parameters
### Required Inputs
- **Code Repository**: Git repository URL or code files
- **Review Scope**: Specific files, modules, or full codebase
- **Technology Stack**: Primary and secondary technologies used
- **Review Type**: Security-focused, performance-focused, or comprehensive
- **Priority Level**: Critical, high, medium, or low priority review
### Optional Inputs
- **Existing Issues**: Known problems or areas of concern
- **Performance Requirements**: Specific performance benchmarks
- **Security Requirements**: Compliance standards or security policies
- **Team Context**: Developer experience level and project timeline
- **Integration Points**: Related systems and cross-platform dependencies
## Processing Steps
### 1. Code Analysis Preparation
\```yaml
analysis_setup:
- repository_clone: "Clone or access code repository"
- dependency_scan: "Analyze package.json, requirements.txt, .csproj files"
- architecture_review: "Understand overall system architecture"
- change_analysis: "Identify modified files and impact scope"
- context_gathering: "Review related documentation and requirements"
```
### 2. Multi-Language Code Review
\```yaml
language_specific_review:
react_typescript:
- component_architecture: "Review component design and lifecycle"
- hooks_usage: "Validate hooks patterns and dependencies"
- performance_patterns: "Check for unnecessary re-renders and optimizations"
- accessibility: "Ensure WCAG compliance and semantic HTML"
- type_safety: "Validate TypeScript usage and type definitions"
nodejs:
- async_patterns: "Review Promise/async-await usage"
- error_handling: "Validate error handling and logging"
- security_practices: "Check for common Node.js vulnerabilities"
- middleware_design: "Review Express/Fastify middleware patterns"
- performance_optimization: "Analyze memory usage and response times"
aspnet:
- mvc_patterns: "Review controller and action design"
- dependency_injection: "Validate DI container usage"
- entity_framework: "Review data access patterns and queries"
- security_implementation: "Check authentication and authorization"
- performance_considerations: "Analyze caching and optimization"
python:
- pythonic_code: "Ensure PEP 8 compliance and Python idioms"
- framework_patterns: "Review Django/Flask implementation patterns"
- data_processing: "Validate data handling and processing efficiency"
- testing_practices: "Review unit tests and test coverage"
- security_practices: "Check for common Python vulnerabilities"
```
### 3. Cross-Platform Analysis
\```yaml
integration_review:
- api_consistency: "Validate API contracts across platforms"
- authentication_patterns: "Review auth implementation consistency"
- error_handling: "Ensure standardized error responses"
- logging_standards: "Validate logging patterns and formats"
- data_serialization: "Review JSON/XML handling consistency"
- performance_alignment: "Check response time consistency"
```
### 4. Security Assessment
\```yaml
security_review:
- vulnerability_scan: "OWASP Top 10 vulnerability assessment"
- dependency_security: "Third-party library security analysis"
- input_validation: "Review data validation and sanitization"
- authentication_security: "Validate auth implementation security"
- authorization_patterns: "Review access control implementation"
- data_protection: "Assess sensitive data handling"
```
### 5. Performance Analysis
\```yaml
performance_review:
- bottleneck_identification: "Identify performance bottlenecks"
- optimization_opportunities: "Suggest performance improvements"
- resource_usage: "Analyze memory and CPU usage patterns"
- caching_strategies: "Review caching implementation"
- database_optimization: "Analyze query performance and indexing"
- scalability_assessment: "Evaluate scalability considerations"
```
## Output Generation
### Comprehensive Review Report
\```markdown
# Code Review Report: [Project/Module Name]
## Executive Summary
- **Overall Rating**: [1-5 stars with explanation]
- **Critical Issues**: [Count and brief description]
- **Security Score**: [Rating with key findings]
- **Performance Score**: [Rating with optimization opportunities]
- **Maintainability Score**: [Rating with improvement suggestions]
## Detailed Findings
### Security Analysis
#### Critical Issues
- [List of critical security vulnerabilities]
#### Recommendations
- [Specific security improvements with code examples]
### Performance Analysis
#### Bottlenecks Identified
- [Performance issues with impact assessment]
#### Optimization Opportunities
- [Specific performance improvements with expected impact]
### Code Quality Assessment
#### Strengths
- [Positive aspects of the codebase]
#### Areas for Improvement
- [Specific code quality issues with solutions]
### Cross-Platform Consistency
#### Integration Issues
- [Cross-platform compatibility concerns]
#### Standardization Opportunities
- [Suggestions for improved consistency]
## Action Items
### High Priority (Must Fix)
- [Critical issues requiring immediate attention]
### Medium Priority (Should Fix)
- [Important improvements for next iteration]
### Low Priority (Nice to Have)
- [Optimization opportunities for future consideration]
## Learning Opportunities
- [Educational resources and best practices]
- [Training recommendations for development team]
## Follow-up Recommendations
- [Suggested next steps and timeline]
- [Additional reviews or assessments needed]
```
### Quick Review Format
\```markdown
## Quick Review: [Component/File Name]
** Focus Areas Reviewed:**
- Security, Performance, Code Quality, Best Practices
** Strengths:**
- [Positive aspects with specific examples]
** Issues Found:**
- **Critical**: [Security vulnerabilities, major performance issues]
- **Important**: [Code quality concerns, minor performance issues]
- **Suggestions**: [Optimization opportunities, best practices]
** Immediate Actions:**
1. [Most critical fix with code example]
2. [Second priority fix with explanation]
3. [Third priority improvement]
** Learning Resources:**
- [Relevant documentation, tutorials, or best practices]
** Estimated Fix Time:** [Time estimate for addressing issues]
```
## Quality Validation
### Review Completeness Checklist
- [ ] All specified files and modules reviewed
- [ ] Security vulnerabilities identified and assessed
- [ ] Performance bottlenecks analyzed
- [ ] Code quality standards validated
- [ ] Cross-platform consistency checked
- [ ] Best practices compliance verified
- [ ] Actionable recommendations provided
- [ ] Learning opportunities identified
### Success Metrics
- **Review Coverage**: Percentage of codebase analyzed
- **Issue Detection Rate**: Number of valid issues identified
- **False Positive Rate**: Accuracy of issue identification
- **Developer Satisfaction**: Feedback on review quality and helpfulness
- **Code Improvement**: Measurable quality improvements post-review
## Integration Points
### BMAD Persona Collaboration
- **Technical Documentation Architect**: Code documentation quality validation
- **DevOps Documentation Specialist**: Infrastructure and deployment code review
- **Cross-Platform Integration Specialist**: Integration pattern validation
- **Development Teams**: Collaborative improvement process
### Tool Integration
- **Version Control**: Git hooks and pull request integration
- **CI/CD Pipeline**: Automated review triggers and quality gates
- **Issue Tracking**: Integration with Jira, GitHub Issues, or similar
- **Communication**: Slack, Teams, or email notifications
## Continuous Improvement
- Regular review of review quality and effectiveness
- Updates to review criteria based on project evolution
- Integration of new tools and techniques
- Feedback incorporation for process improvement
View Git Blame Copy Permalink