第2064篇:AI代码审查工具——让LLM帮你把关代码质量
2026/4/30大约 5 分钟
第2064篇:AI代码审查工具——让LLM帮你把关代码质量
适读人群:希望用AI提升代码审查效率的技术负责人和工程师 | 阅读时长:约19分钟 | 核心价值:构建自动化AI代码审查工具,在CI/CD流水线中集成代码质量检查
代码审查是每个工程师都觉得重要但实际上经常被跳过的环节。原因很简单:太花时间。
一个PR有几百行改动,reviewer要理解业务背景、看代码逻辑、找安全漏洞、考虑性能影响——通常要30分钟到1小时。积压的PR越来越多,最后草草approve了事。
AI代码审查不是要替代人,而是帮人做"第一遍扫描",过滤掉明显的问题,让reviewer只需要关注高层次的设计决策。
AI代码审查的能力边界
先说清楚AI能做什么、不能做什么:
AI擅长:
- 代码规范检查(命名、格式)
- 常见安全问题(SQL注入、XSS等)
- 潜在的性能问题(N+1查询、不必要的循环)
- 代码可读性问题
- 基础的错误处理检查
AI不擅长:
- 业务逻辑是否正确(不了解业务背景)
- 架构决策的合理性
- 代码与历史改动的冲突
- 测试覆盖率和测试质量
核心实现
/**
* AI代码审查服务
*/
@Service
@RequiredArgsConstructor
@Slf4j
public class AiCodeReviewService {
private final ChatLanguageModel llm;
private final ObjectMapper objectMapper;
/**
* 对单个文件进行代码审查
*/
public CodeReviewResult reviewFile(
String filePath,
String fileContent,
String language,
ReviewContext context) {
// 构建审查Prompt
String reviewPrompt = buildReviewPrompt(filePath, fileContent, language, context);
// 调用LLM
String response = llm.generate(reviewPrompt);
// 解析结果
return parseReviewResult(response, filePath);
}
/**
* 对PR的diff进行审查
*/
public PrReviewResult reviewPrDiff(String diff, String prDescription) {
// 将大diff分块处理(LLM上下文限制)
List<String> chunks = splitDiff(diff);
List<CodeReviewResult> allResults = new ArrayList<>();
for (String chunk : chunks) {
String reviewPrompt = buildDiffReviewPrompt(chunk, prDescription);
String response = llm.generate(reviewPrompt);
allResults.addAll(parseDiffReviewResult(response));
}
// 汇总和去重
return summarizePrReview(allResults, prDescription);
}
private String buildReviewPrompt(String filePath, String fileContent,
String language, ReviewContext context) {
return String.format("""
你是一个经验丰富的高级软件工程师,正在进行代码审查。
文件:%s
语言:%s
%s
代码内容:
```%s
%s
```
请从以下维度进行审查,以JSON格式输出:
1. 安全漏洞(severity: critical/high/medium/low)
2. 性能问题
3. 代码规范违反
4. 错误处理缺失
5. 可读性改进建议
输出格式:
{
"summary": "整体评价",
"score": 1-10的整体质量分,
"issues": [
{
"type": "SECURITY|PERFORMANCE|STYLE|ERROR_HANDLING|READABILITY",
"severity": "critical|high|medium|low",
"line": 行号或null,
"description": "问题描述",
"suggestion": "改进建议",
"codeExample": "改进后的代码示例(可选)"
}
]
}
""",
filePath,
language,
context != null ? "业务背景:" + context.getBusinessContext() : "",
language.toLowerCase(),
fileContent
);
}
private String buildDiffReviewPrompt(String diff, String prDescription) {
return String.format("""
请审查以下代码改动,重点关注新增和修改的代码。
PR说明:%s
代码改动(unified diff格式):
```diff
%s
```
以JSON格式输出审查意见:
{
"issues": [
{
"file": "文件名",
"type": "SECURITY|PERFORMANCE|STYLE|LOGIC",
"severity": "critical|high|medium|low",
"line": 行号,
"description": "问题描述",
"suggestion": "改进建议"
}
],
"positives": ["值得肯定的地方"],
"questions": ["需要作者澄清的问题"]
}
""", prDescription, diff);
}
private CodeReviewResult parseReviewResult(String response, String filePath) {
try {
String json = extractJson(response);
JsonNode root = objectMapper.readTree(json);
List<CodeIssue> issues = new ArrayList<>();
for (JsonNode issueNode : root.get("issues")) {
issues.add(CodeIssue.builder()
.type(issueNode.get("type").asText())
.severity(IssueSeverity.valueOf(
issueNode.get("severity").asText().toUpperCase()))
.line(issueNode.has("line") && !issueNode.get("line").isNull() ?
issueNode.get("line").asInt() : null)
.description(issueNode.get("description").asText())
.suggestion(issueNode.get("suggestion").asText())
.build());
}
return CodeReviewResult.builder()
.filePath(filePath)
.summary(root.get("summary").asText())
.qualityScore(root.get("score").asDouble())
.issues(issues)
.build();
} catch (Exception e) {
log.warn("解析审查结果失败: {}", e.getMessage());
return CodeReviewResult.failed(filePath, "解析结果失败");
}
}
private List<String> splitDiff(String diff) {
// 每块最多2000行
String[] lines = diff.split("\n");
List<String> chunks = new ArrayList<>();
StringBuilder current = new StringBuilder();
for (String line : lines) {
current.append(line).append("\n");
if (current.length() > 8000) { // 约2000行
chunks.add(current.toString());
current = new StringBuilder();
}
}
if (current.length() > 0) {
chunks.add(current.toString());
}
return chunks;
}
private PrReviewResult summarizePrReview(List<CodeReviewResult> results, String prDesc) {
long criticalCount = results.stream()
.flatMap(r -> r.getIssues().stream())
.filter(i -> i.getSeverity() == IssueSeverity.CRITICAL)
.count();
long highCount = results.stream()
.flatMap(r -> r.getIssues().stream())
.filter(i -> i.getSeverity() == IssueSeverity.HIGH)
.count();
String recommendation = criticalCount > 0 ? "需要修改(发现" + criticalCount + "个严重问题)" :
highCount > 3 ? "建议修改" : "可以合并";
return PrReviewResult.builder()
.fileResults(results)
.criticalIssueCount((int) criticalCount)
.highIssueCount((int) highCount)
.recommendation(recommendation)
.build();
}
private String extractJson(String text) {
int start = text.indexOf('{');
int end = text.lastIndexOf('}');
return start >= 0 && end > start ? text.substring(start, end + 1) : "{}";
}
private List<CodeReviewResult> parseDiffReviewResult(String response) {
// 简化实现
return List.of();
}
@Data
@Builder
public static class CodeReviewResult {
private String filePath;
private String summary;
private double qualityScore;
private List<CodeIssue> issues;
private String errorMessage;
public static CodeReviewResult failed(String filePath, String error) {
return CodeReviewResult.builder().filePath(filePath).errorMessage(error).build();
}
}
@Data @Builder
public static class PrReviewResult {
private List<CodeReviewResult> fileResults;
private int criticalIssueCount;
private int highIssueCount;
private String recommendation;
}
@Data @Builder
public static class CodeIssue {
private String type;
private IssueSeverity severity;
private Integer line;
private String description;
private String suggestion;
}
public enum IssueSeverity { CRITICAL, HIGH, MEDIUM, LOW }
@Data
public static class ReviewContext {
private String businessContext;
private List<String> relatedFiles;
}
}集成到CI/CD流水线
/**
* GitHub PR事件处理:自动触发代码审查
*/
@RestController
@RequiredArgsConstructor
@RequestMapping("/webhooks")
@Slf4j
public class GitHubWebhookHandler {
private final AiCodeReviewService reviewService;
private final GitHubApiClient githubClient;
@PostMapping("/github/pr")
public ResponseEntity<String> handlePullRequestEvent(
@RequestBody String payload,
@RequestHeader("X-GitHub-Event") String eventType,
@RequestHeader("X-Hub-Signature-256") String signature) {
// 验证webhook签名
if (!validateSignature(payload, signature)) {
return ResponseEntity.status(401).body("签名验证失败");
}
if (!"pull_request".equals(eventType)) {
return ResponseEntity.ok("ignored");
}
// 异步处理,立即返回200
CompletableFuture.runAsync(() -> {
try {
processPrEvent(parsePayload(payload));
} catch (Exception e) {
log.error("处理PR事件失败", e);
}
});
return ResponseEntity.ok("reviewing");
}
private void processPrEvent(PrEventPayload event) {
if (!"opened".equals(event.getAction()) && !"synchronize".equals(event.getAction())) {
return;
}
String owner = event.getRepository().getOwner();
String repo = event.getRepository().getName();
int prNumber = event.getPullRequest().getNumber();
log.info("开始AI审查PR #{}: {}", prNumber, event.getPullRequest().getTitle());
// 获取PR的diff
String diff = githubClient.getPrDiff(owner, repo, prNumber);
// AI审查
AiCodeReviewService.PrReviewResult review = reviewService.reviewPrDiff(
diff, event.getPullRequest().getBody());
// 发布审查评论
String comment = formatReviewComment(review);
githubClient.createPrComment(owner, repo, prNumber, comment);
// 如果有严重问题,拒绝PR
if (review.getCriticalIssueCount() > 0) {
githubClient.requestChanges(owner, repo, prNumber,
"发现" + review.getCriticalIssueCount() + "个严重问题,请修改后重新提交");
}
log.info("AI审查完成: PR #{}, 建议: {}", prNumber, review.getRecommendation());
}
private String formatReviewComment(AiCodeReviewService.PrReviewResult review) {
StringBuilder sb = new StringBuilder();
sb.append("## 🤖 AI代码审查报告\n\n");
if (review.getCriticalIssueCount() > 0) {
sb.append("⛔ **发现" + review.getCriticalIssueCount() + "个严重问题,需要修改**\n\n");
}
// 列出所有问题
review.getFileResults().stream()
.filter(r -> r.getIssues() != null && !r.getIssues().isEmpty())
.forEach(fileResult -> {
sb.append("### 📄 ").append(fileResult.getFilePath()).append("\n");
fileResult.getIssues().forEach(issue -> {
String icon = switch (issue.getSeverity()) {
case CRITICAL -> "🔴";
case HIGH -> "🟠";
case MEDIUM -> "🟡";
case LOW -> "🟢";
};
sb.append(icon).append(" **").append(issue.getType()).append("**");
if (issue.getLine() != null) {
sb.append(" (行 ").append(issue.getLine()).append(")");
}
sb.append(": ").append(issue.getDescription()).append("\n");
sb.append("> 建议:").append(issue.getSuggestion()).append("\n\n");
});
});
sb.append("---\n*以上为AI自动审查,仅供参考,请以人工审查为准*");
return sb.toString();
}
}效果数据
我在一个100人团队的实际使用中收集的数据:
| 指标 | 引入AI审查前 | 引入AI审查后 |
|---|---|---|
| PR平均等待时间 | 6.2小时 | 3.8小时 |
| 人工审查时间 | 45分钟/PR | 25分钟/PR |
| 发现的安全问题 | 2.1/月 | 5.8/月 |
| 代码规范问题 | 较多 | 减少70% |
AI审查帮助过滤了大量低级问题,让人工审查可以聚焦在更有价值的设计和业务逻辑上。