代码审查是软件开发中最耗时又最重要的环节。Claude Code 可以做你的第一道审查——发现低级错误、安全漏洞、性能问题,让人工审查专注在架构和业务逻辑。
方式一:本地快速审查
对单个文件或改动做快速检查:
bash
# 审查单个文件
claude -p "Review this file for bugs, security issues, and style problems" < src/auth.py
# 审查 git diff
git diff HEAD~1 | claude -p "Review these changes. Focus on: 1) bugs 2) security 3) missing error handling"
# 审查整个 PR
git diff main...feature-branch | claude -p "Comprehensive code review"方式二:Pre-commit Hook 自动审查
每次 git commit 前自动让 Claude 检查:
bash
# .git/hooks/pre-commit
#!/bin/bash
STAGED=$(git diff --cached --name-only --diff-filter=ACM | grep -E '\.(py|js|ts)$')
if [ -z "$STAGED" ]; then exit 0; fi
echo "Running AI code review..."
REVIEW=$(git diff --cached -- $STAGED | claude -p \
"Review for critical issues only (bugs/security). If OK output PASS. If issues found, describe briefly.")
echo "$REVIEW"
if echo "$REVIEW" | grep -q "PASS"; then
exit 0
else
echo "AI review found issues. Fix them or use git commit --no-verify to skip."
exit 1
fibash
chmod +x .git/hooks/pre-commit方式三:GitHub Actions 自动 PR Review
yaml
# .github/workflows/ai-review.yml
name: AI Code Review
on:
pull_request:
types: [opened, synchronize]
jobs:
ai-review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: {fetch-depth: 0}
- name: Install Claude Code
run: npm install -g @anthropic-ai/claude-code
- name: Run AI Review
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git diff origin/${{ github.base_ref }}...HEAD > /tmp/pr.diff
REVIEW=$(claude -p "Review this PR diff. Format: severity (high/medium/low), file, line, description" < /tmp/pr.diff)
gh pr comment ${{ github.event.number }} --body "## AI Review\n\n$REVIEW"常用审查 Prompt 模板
安全审查
Perform a security review of this code. Look for:
- SQL injection vulnerabilities
- XSS attack vectors
- Authentication/authorization bypass
- Sensitive data exposure (passwords, tokens, PII in logs)
- Insecure dependencies
Rate each issue: CRITICAL / HIGH / MEDIUM / LOW
性能审查
Review for performance issues:
- N+1 database query patterns
- Missing indexes (based on query patterns)
- Unnecessary loops or nested complexity
- Memory leaks (unclosed resources, large object retention)
- Blocking I/O that should be async
Estimate impact: HIGH (user-visible) / MEDIUM / LOW
完整性检查
Check code completeness:
- Missing error handling (what happens when X fails?)
- Edge cases not covered (empty input, null, overflow)
- Missing tests for critical paths
- TODO/FIXME comments that should be addressed
- Missing documentation for public APIs
在 Claude Code 会话中做审查
bash
cd your-project
claudeReview the changes in the last commit. I want to know:
1. Any bugs or logic errors
2. Security concerns
3. What tests should be added
4. One suggestion to improve code clarity
让 Claude 直接修改问题
You found these issues in the last review:
[粘贴审查结果]
Please fix all HIGH and CRITICAL issues. For MEDIUM issues, just add TODO comments.
人机协作最佳实践
| 任务 | Claude 负责 | 人工负责 |
|---|---|---|
| 语法和风格 | 全部 | 无需 |
| 低级 Bug | 大部分 | 确认修复 |
| 安全漏洞 | 发现 | 评估和决策 |
| 架构合理性 | 提建议 | 最终决策 |
| 业务逻辑正确性 | 无法判断 | 必须人工 |
| 代码可读性 | 提建议 | 主要人工 |
关键原则:Claude 是你的第一轮审查,不是最终审查。安全相关的修改和核心业务逻辑变更,必须人工复核。
来源:Anthropic 官方文档 + GitHub Actions 集成文档