bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Architecture/Modern Review Workflow.md
T
koriweb d8a80f6272 chore(wiki): dangling 링크 canonical 정규화 (768파일/1200건) 
이름만 다른(표기 변형) [[위키링크]]를 대상 문서의 canonical 제목으로 치환해
끊겼던 1,200개 링크를 연결. 제목/파일명 정규화 일치만 적용하고 별칭 매칭은
과병합 위험으로 제외(애매성 가드). 원본은 _link_reconcile_backup/ 에 백업.
도구: Datacollect/scripts/link_reconcile_apply.mjs

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 12:24:15 +09:00

183 lines
5.6 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-modern-review-workflow
title: Modern Review Workflow
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [AI Code Review, PR Review 2026, Augmented Review]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [code-review, ci-cd, ai-augmented, pr-workflow]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: typescript
framework: github-actions
---
# Modern Review Workflow
## 매 한 줄
> **"매 review = human judgment + AI scaffolding"**. 2026년 PR review 매 single-reviewer linting → multi-agent triage 의 진화. Claude Opus 4.7 / Codex 가 매 first-pass (style, security, regression) 를 처리, human 의 매 architectural / product 판단에 집중.
## 매 핵심
### 매 단계
- **Pre-PR**: 매 author-side `claude review` local 의 self-check.
- **CI gate**: 매 automated agent 의 매 diff scan — security, perf, test coverage.
- **Human review**: 매 design intent / API contract / UX trade-off 의 deep dive.
- **Post-merge**: 매 deploy preview + canary metrics 의 watch.
### 매 agent layer
- **Linter agent**: style, type, dead code.
- **Security agent**: secret scan, OWASP, dependency CVE.
- **Test agent**: coverage delta, flaky detect, mutation score.
- **Review agent**: 매 prose summary + risk flag (Claude Opus 4.7).
### 매 응용
1. Solo dev: 매 CI agent 만 = 매 reviewer 효과.
2. 팀 (10+): tiered — agent gate → senior architect.
3. OSS: 매 maintainer triage 의 cost 감소.
## 💻 패턴
### GitHub Actions: Claude review hook
```yaml
name: ai-review
on:
pull_request:
types: [opened, synchronize]
jobs:
review:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with: { fetch-depth: 0 }
- uses: anthropics/claude-code-action@v1
with:
api-key: ${{ secrets.ANTHROPIC_API_KEY }}
model: claude-opus-4-7
mode: review
target-base: ${{ github.base_ref }}
comment-style: inline
```
### Inline comment poster
```typescript
import Anthropic from "@anthropic-ai/sdk";
import { Octokit } from "@octokit/rest";
const a = new Anthropic();
const gh = new Octokit({ auth: process.env.GH_TOKEN });
export async function reviewDiff(owner: string, repo: string, pr: number) {
const { data: files } = await gh.pulls.listFiles({ owner, repo, pull_number: pr });
const diff = files.map((f) => `### ${f.filename}\n${f.patch ?? ""}`).join("\n\n");
const res = await a.messages.create({
model: "claude-opus-4-7",
max_tokens: 4096,
system: "You are a senior reviewer. Output JSON: {comments: [{path, line, body, severity}]}.",
messages: [{ role: "user", content: diff }],
});
const { comments } = JSON.parse((res.content[0] as any).text);
for (const c of comments) {
await gh.pulls.createReviewComment({
owner, repo, pull_number: pr, ...c,
commit_id: process.env.HEAD_SHA!,
});
}
}
```
### Local pre-PR self-check
```bash
# .git/hooks/pre-push
#!/usr/bin/env bash
set -e
git diff origin/main...HEAD | claude -p "Review this diff. Flag bugs, security, perf only. No style." --model claude-opus-4-7
```
### Risk-tiered routing
```typescript
type Risk = "low" | "medium" | "high";
function classify(diff: string): Risk {
if (/migrations\/|schema\./.test(diff)) return "high";
if (/auth|payment|crypto/i.test(diff)) return "high";
if (diff.split("\n").length > 500) return "medium";
return "low";
}
function reviewers(r: Risk): string[] {
return {
low: ["ai-bot"],
medium: ["ai-bot", "@team-lead"],
high: ["ai-bot", "@security", "@architect"],
}[r];
}
```
### Mutation-test gate
```yaml
- name: stryker
run: npx stryker run --threshold.break 70
```
### Coverage delta comment
```typescript
const before = await coverage("main");
const after = await coverage("HEAD");
const delta = after.lines - before.lines;
if (delta < -1) await gh.issues.createComment({
...ctx, body: `⚠️ Coverage dropped ${delta.toFixed(1)}%`,
});
```
### Auto-merge on green + AI ack
```yaml
- if: ${{ steps.ai-review.outputs.severity == 'none' && steps.tests.outcome == 'success' }}
run: gh pr merge ${{ github.event.pull_request.number }} --squash --auto
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Solo / OSS | AI agent only, human spot-check |
| Small team | AI gate + 1 human (rotating) |
| Regulated (fin/health) | AI + 2 humans + audit log |
| Hot path / migrations | Mandatory architect review |
**기본값**: AI first-pass + 1 human reviewer + risk-tiered escalation.
## 🔗 Graph
- 부모: [[CI CD]]
- 변형: [[Pair-Programming]] · [[Mob-Programming]]
- 응용: [[Trunk-Based-Development]]
- Adjacent: [[Static-Analysis]] · [[Mutation-Testing]]
## 🤖 LLM 활용
**언제**: 매 diff scan, security triage, coverage summary, prose explanation 의 PR description.
**언제 X**: 매 architectural decision, API contract negotiation, domain-specific business rule — human 의 judgment.
## ❌ 안티패턴
- **AI rubber-stamp**: 매 agent approve = 매 human 의 skip. 매 critical path 의 review 누락.
- **Comment flood**: agent 의 매 nitpick → noise. Severity threshold 의 setting.
- **No risk tiering**: schema migration 매 typo fix 와 동급 review → bottleneck.
- **Secrets in prompt**: diff 의 secret 의 leak. Pre-scan + redact.
## 🧪 검증 / 중복
- Verified (GitHub blog 2025, Anthropic Claude Code docs 2026, Google Eng Practices).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — AI-augmented PR review workflow with Claude Opus 4.7 patterns |
Reference in New Issue View Git Blame Copy Permalink