scar-code-review
What this does
A code review system that learns from its own misses. Two layers work together:
- 1. Checklist review — Regex/heuristic checks across 4 dimensions:
-
Security: SQL injection, hardcoded secrets, XSS, eval/exec
-
Performance: N+1 queries, missing pagination, unbounded SELECTs
-
Correctness: Unchecked nulls, off-by-one patterns, unhandled promises
-
Maintainability: Long functions, deep nesting, magic numbers
- 2. Scar reflex arc — Pattern-matching against past review misses. When a review
fails to catch a bug that later causes an incident, record a scar. Next time,
the reflex fires before the LLM even looks at the diff.
No external dependencies. stdlib only. Python 3.9+.
Quick start
Review a file:
�CODEBLOCK0
Check a diff against past scars:
�CODEBLOCK1
Record a missed review finding:
�CODEBLOCK2
File format
JSONL, compatible with tetra-scar:
CODEBLOCK3
Integration
CODEBLOCK4
scar-code-review
功能说明
一套能从自身遗漏中学习的代码审查系统。两层机制协同工作:
- 1. 清单审查 — 基于正则/启发式规则的4维度检查:
-
安全性:SQL注入、硬编码密钥、XSS、eval/exec
-
性能:N+1查询、缺少分页、无限制SELECT
-
正确性:未检查空值、差一错误、未处理的Promise
-
可维护性:过长函数、深层嵌套、魔法数字
- 2. 疤痕反射弧 — 对过往审查遗漏进行模式匹配。当审查未能捕获某个后续引发事故的缺陷时,记录一条疤痕。下次审查时,在LLM查看差异之前,反射机制就会触发。
无外部依赖。仅使用标准库。Python 3.9+。
快速开始
审查文件:
python3 scarcodereview.py review path/to/file.py
对照历史疤痕检查差异:
python3 scarcodereview.py check-diff path/to/changes.diff
记录审查遗漏:
python3 scarcodereview.py record-miss \
--what-missed 遗漏了用户输入处理器中的SQL注入 \
--pattern execute.format.user \
--severity critical
文件格式
JSONL格式,与tetra-scar兼容:
json
{id:rscar1234,whatmissed:...,pattern:...,severity:critical,created_at:...}
集成示例
python
from scarcodereview import review, reflexcheck, recordmiss, loadreviewscars
审查文件
findings = review(app/views.py)
for f in findings:
print(f{f[severity]} [{f[dimension]}] {f[message]} (第{f[line]}行))
对照历史疤痕检查差异
scars = load
reviewscars()
blocks = reflex
check(difftext, scars)
for b in blocks:
print(f已拦截: {b})
事故发生后记录遗漏
record_miss(
what_missed=遗漏了未经验证的重定向,
pattern=redirect.*request\\.GET,
severity=high,
)
