--- id: wiki-2026-0508-automated-quality-review title: "Automated Quality & Review" category: 10_Wiki/Topics status: verified canonical_id: self aliases: [Automated Code Review, AI Code Review, CR Automation] duplicate_of: none source_trust_level: A confidence_score: 0.9 verification_status: applied tags: [code-review, ci, devops, llm] raw_sources: [] last_reinforced: 2026-05-10 github_commit: applied tech_stack: language: TypeScript/Python framework: GitHub Actions/Claude Code/Copilot --- # Automated Quality & Review ## 매 한 줄 > **"매 PR 의 first reviewer 는 machine 이다."**. Automated Quality & Review 는 lint, type-check, test, SAST, AI review 를 PR pipeline 에 stack 하여 human reviewer 가 매 substance 만 보게 하는 매 modern engineering practice. 2026 의 stack: Biome + tsc + Vitest + Semgrep + Claude/Copilot review bot. ## 매 핵심 ### 매 Quality Gate Layer 1. **Format**: Biome / Prettier — 매 zero-arg. 2. **Lint**: Biome / ESLint / Ruff — 매 style + likely-bug rules. 3. **Type**: tsc / mypy / pyright — 매 static contract. 4. **Test**: Vitest / Jest / pytest — 매 unit + integration. 5. **Coverage**: c8 / coverage.py — 매 80%+ delta enforced. 6. **SAST**: Semgrep / CodeQL — 매 security pattern. 7. **AI review**: Claude Code, Copilot Workspace, Cursor — 매 semantic. 8. **Mutation**: Stryker — 매 test quality 검증 (optional). ### 매 AI Review 2026 Capability - **Logic bug detection**: Claude Opus 4.7 finds nil-deref, race, off-by-one. - **Convention enforcement**: 매 codebase context 학습 후 style 위반 flag. - **Security**: SQLi, XSS, IDOR, deserialization 의 dataflow 추적. - **Performance**: N+1 query, O(n²) loop, unbounded recursion. - **Test gap**: 매 코드 변경 vs test coverage delta 분석. ### 매 응용 1. PR comment bot — 매 inline suggestions. 2. Pre-merge gate — 매 critical issue block. 3. Refactor suggester — 매 nightly batch. 4. Onboarding — 매 junior dev 의 mentor. ## 💻 패턴 ### GitHub Actions quality pipeline ```yaml name: pr-quality on: pull_request jobs: quality: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - uses: oven-sh/setup-bun@v2 - run: bun install --frozen-lockfile - run: bun run biome check . - run: bun run tsc --noEmit - run: bun run vitest run --coverage - uses: returntocorp/semgrep-action@v1 with: { config: 'p/owasp-top-ten' } - uses: anthropics/claude-code-action@v1 with: mode: review model: claude-opus-4-7 ``` ### Claude Code review prompt ```markdown You are reviewing PR #{number}. Focus on: 1. Logic bugs (off-by-one, null deref, race conditions) 2. Security (OWASP Top 10) 3. Performance (N+1, unbounded loops) 4. Test coverage for changed lines Output format: file:line — severity — description. Skip: style nits (handled by Biome). ``` ### Reviewdog inline comment ```yaml - run: bun run biome check --reporter=github . | reviewdog -f=github-check -reporter=github-pr-review ``` ### Coverage delta gate ```yaml - uses: ArtiomTr/jest-coverage-report-action@v2 with: threshold: '{"lines":80,"branches":75}' annotations: failed-tests ``` ### Semgrep custom rule ```yaml rules: - id: hardcoded-secret pattern-either: - pattern: const $K = "$VAL" metavariable-regex: $K: '(?i)(api[_-]?key|secret|token|password)' message: Hardcoded secret detected severity: ERROR ``` ## 매 결정 기준 | 상황 | Tool | |---|---| | TS/JS format+lint | Biome (single tool) | | Python format+lint | Ruff | | Type check | tsc strict / pyright strict | | Security SAST | Semgrep + CodeQL | | AI review | Claude Code Action | | PR comment UX | reviewdog | **기본값**: 매 Biome + tsc + Vitest + Semgrep + Claude review. ## 🔗 Graph - 부모: [[CI_CD_Pipeline]] - 변형: [[수동 코드 리뷰]] · [[자동화된 코드 리뷰]] - 응용: [[SAST]] · [[Husky]] · [[lint-staged]] - Adjacent: [[Engineering Metrics (DORA)]] · [[Test_Automation]] ## 🤖 LLM 활용 **언제**: PR review, refactor suggestion, test gap detection, commit message generation. **언제 X**: 매 deterministic check (lint, type) — specialized tool 이 빠르고 정확. ## ❌ 안티패턴 - **AI-only review**: 매 human approval 없이 merge 허용 — accountability 사라짐. - **Slow pipeline**: 매 30분 PR check 면 dev 가 우회. 5분 budget. - **Style nit storm**: 매 AI 가 nit 만 쏟으면 중요한 logic bug 가 묻힘. - **No fail-fast**: 매 lint fail 후에도 test 실행 — 매 sequential gate. ## 🧪 검증 / 중복 - Verified: GitHub Actions docs; Anthropic Claude Code docs; Semgrep playbook 2024. - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — quality gate layers + Claude Code action |