WEEK 7

AI Code Review
AI代码审查

Manual vs AI-Assisted Review Comparison
人工 vs AI辅助审查对比

Compare manual code review with AI-assisted review techniques. Learn when to trust AI for style, security, and bug detection, and when human review is essential for business logic and performance.

比较人工代码审查与AI辅助审查技术。了解何时信任AI进行风格、安全和Bug检测，以及何时人工审查对业务逻辑和性能至关重要。

Manual vs AI Review Comparison / 人工 vs AI审查对比

Dimension / 维度	Manual Review / 人工审查	AI Review / AI审查
Speed / 速度	Slow / 慢 Hours for large codebases	Fast / 快 Minutes for entire repo
Consistency / 一致性	Variable / 变化 Depends on reviewer	Consistent / 一致 Same rules every time
Coverage / 覆盖率	Selective / 选择性 Focuses on key areas	Comprehensive / 全面 Reviews every file
Context / 上下文	Deep / 深度 Understands business logic	Shallow / 浅层 Limited context window
Cost / 成本	High / 高 Senior engineer time	Low / 低 Automated & scalable
Learning / 学习	Mentorship / 指导 Teaches & explains	Automated / 自动 Reports findings

When to Trust AI / 何时信任AI

✅

Code Style / 代码风格

AI excels at enforcing consistent formatting, naming conventions, and style guide compliance. Use tools like Black, Ruff, or ESLint with AI review.

AI擅长强制一致的格式、命名约定和样式指南合规性。使用Black、Ruff或ESLint等工具与AI审查。

🔒

Security Patterns / 安全模式

AI is great at detecting known vulnerability patterns: SQL injection, XSS, weak cryptography, hardcoded secrets.

AI非常擅长检测已知漏洞模式：SQL注入、XSS、弱加密、硬编码秘密。

🐛

Obvious Bugs / 明显Bug

AI catches typos, syntax errors, null pointer dereferences, unused variables, and simple logic errors.

AI捕捉拼写错误、语法错误、空指针解引用、未使用变量和简单逻辑错误。

📋

Best Practices / 最佳实践

AI suggests modern patterns, proper error handling, type hints, and documentation improvements.

AI建议现代模式、正确的错误处理、类型提示和文档改进。

When to Use Humans / 何时使用人工

💼

Business Logic / 业务逻辑

Humans understand domain requirements, user needs, and whether the code actually solves the right problem.

人类理解领域需求、用户需求，以及代码是否真正解决了正确的问题。

⚡

Performance / 性能

Humans understand bottlenecks, database query optimization, caching strategies, and scalability concerns.

人类理解瓶颈、数据库查询优化、缓存策略和可扩展性问题。

🧮

Complex Algorithms / 复杂算法

Humans verify algorithmic correctness, edge cases, time/space complexity, and mathematical accuracy.

人类验证算法正确性、边缘情况、时间/空间复杂度和数学准确性。

🎨

UX & Design / 用户体验与设计

Humans evaluate usability, accessibility, visual design, and user experience quality.

人类评估可用性、可访问性、视觉设计和用户体验质量。

Recommended Workflow / 推荐工作流

🤖 AI First Pass
Catch 80% of issues

↓

👤 Human Review
Context & complexity

↓

🔒 Dual Review
Security & performance

💡 Workflow Explanation / 工作流说明

                    Step 1 - AI First Pass: AI reviews 100% of code for style, security, and obvious bugs. Catches ~80% of issues quickly.

                    Step 2 - Human Review: Humans focus on business logic, complex algorithms, and architectural decisions.

                    Step 3 - Dual Review: For security-critical and performance-sensitive code, both AI and human review is required.

                    步骤1 - AI第一遍：AI审查100%的代码，检查风格、安全和明显Bug。快速捕捉约80%的问题。

                    步骤2 - 人工审查：人类专注于业务逻辑、复杂算法和架构决策。

                    步骤3 - 双重审查：对于安全关键和性能敏感代码，需要AI和人工双重审查。

Exercise: Conducting AI Review / 练习：执行AI审查

Setup AI Code Review Tool / 设置AI代码审查工具

Configure Claude Code or similar AI tool to review your codebase. Use Graphite or GitHub Copilot for integrated PR reviews.

配置Claude Code或类似AI工具审查代码库。使用Graphite或GitHub Copilot进行集成PR审查。

Define Review Criteria / 定义审查标准

Create a review checklist covering:

Code style consistency
Security vulnerabilities (SQL injection, XSS)
Error handling completeness
Test coverage
Documentation quality
代码风格一致性
安全漏洞（SQL注入、XSS）
错误处理完整性
测试覆盖率
文档质量

Run Automated Review / 运行自动审查

Use Claude Code to review the codebase:

# Review the backend code
/backend

Review this FastAPI application for:
1. Security vulnerabilities
2. Code style consistency
3. Error handling
4. Test coverage gaps
5. Documentation completeness
                        

Analyze AI Findings / 分析AI发现

AI will report findings categorized by severity. Review each finding and determine:

Is this a real issue or false positive?
What's the severity and impact?
How should it be fixed?
Should a human verify the fix?
这是真正的问题还是误报？
严重性和影响是什么？
应该如何修复？
人工应该验证修复吗？

Human Verification / 人工验证

For critical findings (security, performance, business logic), have a human reviewer verify:

The AI's understanding is correct
The proposed fix doesn't break anything
There are no related issues missed
AI的理解是正确的
建议的修复不会破坏任何东西
没有遗漏相关问题

Example AI Review Output / AI审查输出示例

🤖 AI Code Review Results

## Critical Issues / 关键问题
1. [SQL Injection] backend/app/routers/notes.py:75
   - Direct string concatenation in SQL query
   - Fix: Use parameterized queries
   - 状态: ⚠️ Requires human verification

2. [XSS Vulnerability] frontend/app.js:14
   - innerHTML with user input
   - Fix: Use textContent instead
   - 状态: ✅ Safe to fix automatically

## Style Issues / 风格问题
1. [Inconsistent Naming] backend/app/models.py:15-30
   - Mix of camelCase and snake_case
   - Suggestion: Use snake_case consistently

2. [Missing Type Hints] backend/app/services/extract.py:42
   - Function lacks return type annotation
   - Suggestion: Add -> list[str] type hint

## Best Practices / 最佳实践
1. [Error Handling] backend/app/routers/notes.py:120
   - Generic exception caught
   - Suggestion: Catch specific exceptions

2. [Test Coverage] backend/tests/test_notes.py
   - Edge cases not tested (empty input, null values)
   - Suggestion: Add boundary condition tests

Summary / 总结:
- Critical: 2 issues
- Style: 5 issues
- Best Practices: 3 issues
- Total: 10 issues found in 15 seconds

Key Learnings / 关键学习

🤖 AI Strengths / AI优势

Code style enforcement
Security pattern detection
Obvious bug identification
Comprehensive coverage
Fast and scalable

👤 Human Strengths / 人工优势

Business logic understanding
Performance optimization
Complex algorithm verification
UX and design evaluation
Mentorship and teaching

⚡ Optimal Workflow / 最佳工作流

AI first pass (80% issues)
Human review for complexity
Dual review for security
Continuous improvement
Trust but verify

Achievements / 成就

✅ Conducted AI code review on Week 6 application
✅ Compared manual vs AI review effectiveness
✅ Identified when to trust AI vs humans
✅ Established hybrid review workflow
✅ Verified AI findings with human review
✅ 对第6周应用进行了AI代码审查
✅ 比较了人工vs AI审查的有效性
✅ 确定了何时信任AI vs 人工
✅ 建立了混合审查工作流
✅ 通过人工审查验证了AI发现

AI Code ReviewAI代码审查