AI Business Code Review
Overview
Review AI-generated business/application code for correctness, robustness, maintainability, performance, and security. Output a 0-10 score, a risk level, and a must-fix checklist. For C++ code, REQUIRED: use openharmony-cpp and openharmony-security-review as hard constraints.
When to Use
- AI-generated business/app code review or quality evaluation
- Need scoring, risk level, or must-fix checklist
- C++ business code must meet OpenHarmony coding/security requirements
Workflow
- Identify language and code type (business vs test). If test code, use
ai-generated-ut-code-reviewinstead. - For C++: load and apply
openharmony-cpp+openharmony-security-reviewas mandatory constraints. - Inspect behavior vs requirements, edge cases, error handling, resource management, and security.
- Score by rubric, assign risk level, list must-fix items with concrete evidence (file/line or snippet).
Scoring (0-10)
Each dimension 0-2 points. Sum = total score.
| Dimension | 0 | 1 | 2 |
|---|---|---|---|
| Correctness | Wrong/missing key behavior | Partial/assumptions | Meets requirements |
| Robustness | Crashes/leaks/unchecked errors | Some edge handling | Solid edge/error handling |
| Maintainability | Hard to read/modify | Mixed quality | Clear structure & naming |
| Performance | Inefficient hot paths | Acceptable but improvable | Efficient for expected load |
| Security | Clear vulnerabilities | Weak validation/unsafe | Safe-by-default, validated |
Risk Levels
- Blocker: security漏洞、严重逻辑错误、或违反 C++ 强制规范
- High: 关键路径缺失、异常处理不完整、明显资源泄漏
- Medium: 维护性或性能风险显著
- Low: 轻微问题或风格一致性
Must-Fix Checklist
- 外部输入有明确校验与错误反馈
- 关键异常路径可达且可观测(日志/错误码/异常)
- 资源释放或 RAII 保证(C++)
- C++ 场景满足
openharmony-cpp与openharmony-security-review
AI-Generated Code Pitfalls (Check Explicitly)
- 需求误解、隐含前提错误
- 只覆盖 happy-path,忽略异常/边界
- 吞异常或默认值不合理
- 复制粘贴造成重复与不一致
- 过度复杂化或抽象错误
Output Format (Required, Semi-fixed)
Score: x/10 — Correctness x, Robustness x, Maintainability x, Performance x, Security xRisk: Low/Medium/High/Blocker — 简述风险原因(1 行)Must-fix:- [动作 + 证据]
- [动作 + 证据]
Key Evidence:- 引用具体函数/类/路径(1-2 条)
Notes:- 最小修复建议或替代方案(1-2 行)
Rules:
- C++ 必须在
Key Evidence或Must-fix中明确指出违反openharmony-cpp/openharmony-security-review的点 - 至少 2 条证据;证据不足需说明并降分
- 禁止只给总体评价
Common Mistakes
- 只给总体评价,不给证据
- 忽略 C++ 强制规范
- 将风格问题当作阻断风险
Example (Concise)
Score: 6/10 (Correctness 1, Robustness 1, Maintainability 1, Performance 1, Security 2) Risk: High Must-fix:
- Missing input validation in
createUser()(null/empty, length, format) - Error path swallows exceptions without logging Key Evidence:
createUser()accepts raw input without checkscatchblock is empty inpersistUser()Notes:- Add explicit validation and return structured errors.