Files
affaan-m--everything-claude…/commands/rust-review.md
T
wehub-resource-sync d48cda4081
CI / Test (ubuntu-latest, Node 18.x, bun) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, npm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, pnpm) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 18.x, yarn) (push) Failing after 15m1s
CI / Test (ubuntu-latest, Node 20.x, bun) (push) Failing after 17m13s
CI / Test (ubuntu-latest, Node 20.x, npm) (push) Failing after 18m42s
CI / Test (ubuntu-latest, Node 20.x, pnpm) (push) Failing after 15m0s
CI / Test (ubuntu-latest, Node 20.x, yarn) (push) Failing after 49m44s
CI / Test (ubuntu-latest, Node 22.x, bun) (push) Failing after 51m55s
CI / Test (ubuntu-latest, Node 22.x, pnpm) (push) Failing after 21m57s
CI / Test (ubuntu-latest, Node 22.x, npm) (push) Failing after 37m39s
CI / Test (ubuntu-latest, Node 22.x, yarn) (push) Failing after 34m7s
CI / Validate Components (push) Failing after 37m15s
CI / Python Tests (push) Failing after 10m1s
CI / Security Scan (push) Failing after 10m1s
CI / Lint (push) Failing after 17m12s
CI / Coverage (push) Failing after 20m19s
CI / Test (macos-latest, Node 18.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 18.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 20.x, yarn) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, bun) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (macos-latest, Node 22.x, yarn) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, npm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, pnpm) (push) Has been cancelled
CI / Test (windows-latest, Node 22.x, yarn) (push) Has been cancelled
chore: import upstream snapshot with attribution
2026-07-13 11:55:55 +08:00

3.8 KiB

description
description
Comprehensive Rust code review for ownership, lifetimes, error handling, unsafe usage, and idiomatic patterns. Invokes the rust-reviewer agent.

Rust Code Review

This command invokes the rust-reviewer agent for comprehensive Rust-specific code review.

What This Command Does

  1. Verify Automated Checks: Run cargo check, cargo clippy -- -D warnings, cargo fmt --check, and cargo test — stop if any fail
  2. Identify Rust Changes: Find modified .rs files via git diff HEAD~1 (or git diff main...HEAD for PRs)
  3. Run Security Audit: Execute cargo audit if available
  4. Security Scan: Check for unsafe usage, command injection, hardcoded secrets
  5. Ownership Review: Analyze unnecessary clones, lifetime issues, borrowing patterns
  6. Generate Report: Categorize issues by severity

When to Use

Use /rust-review when:

  • After writing or modifying Rust code
  • Before committing Rust changes
  • Reviewing pull requests with Rust code
  • Onboarding to a new Rust codebase
  • Learning idiomatic Rust patterns

Review Categories

CRITICAL (Must Fix)

  • Unchecked unwrap()/expect() in production code paths
  • unsafe without // SAFETY: comment documenting invariants
  • SQL injection via string interpolation in queries
  • Command injection via unvalidated input in std::process::Command
  • Hardcoded credentials
  • Use-after-free via raw pointers

HIGH (Should Fix)

  • Unnecessary .clone() to satisfy borrow checker
  • String parameter where &str or impl AsRef<str> suffices
  • Blocking in async context (std::thread::sleep, std::fs)
  • Missing Send/Sync bounds on shared types
  • Wildcard _ => match on business-critical enums
  • Large functions (>50 lines)

MEDIUM (Consider)

  • Unnecessary allocation in hot paths
  • Missing with_capacity when size is known
  • Suppressed clippy warnings without justification
  • Public API without /// documentation
  • Consider #[must_use] on non-must_use return types where ignoring values is likely a bug

Automated Checks Run

# Build gate (must pass before review)
cargo check

# Lints and suggestions
cargo clippy -- -D warnings

# Formatting
cargo fmt --check

# Tests
cargo test

# Security audit (if available)
if command -v cargo-audit >/dev/null; then cargo audit; else echo "cargo-audit not installed"; fi

Example Usage

User: /rust-review

Agent:
# Rust Code Review Report

## Files Reviewed
- src/service/user.rs (modified)
- src/handler/api.rs (modified)

## Static Analysis Results
- Build: Successful
- Clippy: No warnings
- Formatting: Passed
- Tests: All passing

## Issues Found

[CRITICAL] Unchecked unwrap in Production Path
File: src/service/user.rs:28
Issue: Using `.unwrap()` on database query result
```rust
let user = db.find_by_id(id).unwrap();  // Panics on missing user
```
Fix: Propagate error with context
```rust
let user = db.find_by_id(id)
    .context("failed to fetch user")?;
```

[HIGH] Unnecessary Clone
File: src/handler/api.rs:45
Issue: Cloning String to satisfy borrow checker
```rust
let name = user.name.clone();
process(&user, &name);
```
Fix: Restructure to avoid clone
```rust
let result = process_name(&user.name);
use_user(&user, result);
```

## Summary
- CRITICAL: 1
- HIGH: 1
- MEDIUM: 0

Recommendation: Block merge until CRITICAL issue is fixed

Approval Criteria

Status Condition
Approve No CRITICAL or HIGH issues
Warning Only MEDIUM issues (merge with caution)
Block CRITICAL or HIGH issues found

Integration with Other Commands

  • Use /rust-test first to ensure tests pass
  • Use /rust-build if build errors occur
  • Use /rust-review before committing
  • Use /code-review for non-Rust-specific concerns
  • Agent: agents/rust-reviewer.md
  • Skills: skills/rust-patterns/, skills/rust-testing/