軟體開發的快節奏時代，確保程式碼的品質、安全與效率變得至關重要。然而，傳統的手動程式碼審核流程不僅耗時，也容易因人為疏忽而遺漏潛在的漏洞。

一、要解決什麼問題？

此平台主要鎖定軟體開發中的三大痛點：

• 人為疏漏與效率低下： 資深開發者往往需要投入大量時間進行程式碼審核，這不僅影響了新功能的開發進度，也可能因疲勞而錯過複雜的邏輯錯誤或安全漏洞。
• 程式碼品質不一： 在多人協作的專案中，開發者的程式碼風格、習慣與品質參差不齊，導致專案的維護性與可讀性下降。
• 潛在資安風險： 許多常見的資安漏洞，如 SQL Injection 或 XSS，若未在開發初期被發現，可能在產品上線後造成難以彌補的損害。

我們利用強大的 AI 技術，將這些繁瑣的任務自動化，讓開發者能更專注於創造性工作，同時確保程式碼從第一行開始就符合高品質標準。

二、使用 AI 生成產品規格書

Please build an AI-Powered Code Reviewer, with the following core features:

### Core Features & Specifications

1.  **Code Quality Static Analysis**
    * **Error & Issue Detection:** The system must identify and flag potential bugs, logic errors, and common coding issues such as **null pointer references**, **resource leaks**, and unused variables.
    * **Performance Analysis:** It should analyze code to find potential performance bottlenecks, including inefficient data structure use, unnecessary loops, or redundant operations.
    * **Code Style Enforcement:** The tool must check for adherence to predefined or customizable code style guides (e.g., PEP 8 for Python), ensuring consistency in **indentation**, **naming conventions**, and comments.

2.  **Security Vulnerability Detection**
    * **Injection Flaws:** The AI model should be trained to detect injection vulnerabilities like **SQL Injection** and Command Injection.
    * **Web-Based Flaws:** It must identify common web application security weaknesses such as Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF).
    * **Security Misconfigurations:** The system should scan for hardcoded secrets like **API keys** or passwords and improper access controls.

3.  **AI-Powered Recommendation Engine**
    * **Optimization & Refactoring:** The AI must provide concrete code optimization suggestions and refactoring examples to improve code quality and efficiency.
    * **Vulnerability Remediation:** For detected security flaws, it should offer **best-practice code fixes** and detailed explanations of the solution.
    * **Readability & Documentation:** It should suggest improvements to code readability, including adding or refining comments and documentation.

4.  **Development Workflow Integration**
    * **VCS Integration:** The system must integrate seamlessly with major version control systems such as **Git**, **GitHub**, **GitLab**, and **Bitbucket**.
    * **PR/MR Automation:** It should automatically trigger code reviews on every Pull Request or Merge Request and post results as comments or status checks.
    * **CI/CD Pipeline Integration:** It must function as a step within CI/CD pipelines and can be configured to **block deployments** if critical issues are found.

5.  **Supported Languages**
    * **Initial Support:** Python, Java, JavaScript, and TypeScript.
    * **Planned Expansion:** C++, C#, Go, and other popular languages.

---

### User Interface (UI) / User Experience (UX) Flow

* **Project Dashboard:** A clear dashboard provides a high-level overview of project code quality, including a **score**, **issue distribution charts** (by severity and category), and a **trend graph** showing quality changes over time.
* **Review Report Detail:** Users can access detailed reports that highlight issues directly within the code. The report should display the **line number**, **severity level**, problem description, and the AI's suggested fix.
* **Configuration Manager:** An intuitive interface allows administrators to **customize coding style rules**, adjust severity thresholds, and exclude specific files or folders from analysis.
* **Real-time Notifications:** The system should send notifications via **email** or instant messaging apps like **Slack** and **Teams** upon review completion or when a critical vulnerability is discovered.
* **New Theme Switcher:** A theme icon in the top-right corner allows users to select **Light**, **Dark**, or **System** mode. The app will remember the choice and automatically sync with the device's appearance settings.

---

### Technical Requirements

1.  **LLM Model Integration**
    * All AI agents must be able to connect to the latest Large Language Models (LLMs).
    * Users only need to input their personal **API key** to enable and utilize these features.

2.  **Supported Models**
    * **Gemini:** gemini-2.5-flash, gemini-2.5-pro
    * **ChatGPT:** GPT-5, GPT-4o, GPT-4o mini
    * **Grok:** Grok 4, Grok 3
    * **Claude:** Claude 4 Sonnect, Claude 3.7 Sonnect

3.  **AI Model Architecture**
    * The system will use **deep learning** architectures (e.g., Transformer) to understand code semantics.
    * The models must support **continuous learning**, allowing them to improve over time based on user feedback.

4.  **System Architecture**
    * A **microservices** architecture will be used to ensure scalability and high availability.
    * The platform will be **cloud-native** and use **RESTful APIs** for seamless external integration.

5.  **Language Setting**
    * The user interface and all output, including AI-generated suggestions, can be switched between **Traditional Chinese (ZH-TW)** and **English (EN)**.

三、產品原型呈現

1. 儀表板頁面 (Dashboard)

• 核心指標卡片： 頁面頂端有四個醒目的卡片，分別顯示關鍵指標：

  • 程式碼品質分數： 顯示當前專案的整體品質分數，此處為 78%。
  • 警告數量： 標示出需要關注的警告數量，此處為 3 個。
  • 安全漏洞： 標示出安全漏洞的數量，此處為 2 個，並以紅色警示。
  • 品質分數 (90%)： 這張卡片可能用來顯示過去一段時間內的平均品質分數或目標分數，作為參考基準。

• 問題嚴重性分佈圖： 一個長條圖，直觀地呈現不同嚴重性等級的問題分佈。此圖顯示「高」嚴重性的問題最多，其次是「中」，而「低」級問題似乎沒有。這有助於開發者優先處理最 critical 的問題。

• 品質趨勢圖： 另一張圖表顯示過去幾次審查的品質分數變化，幫助團隊追蹤程式碼品質是正在改善還是惡化。此處以單點顯示，可能表示目前只進行過一次審查。

• 最近的審查記錄： 頁面下方是一個表格，列出了最近的審查歷史。表格包含日期、語言、審查結果以及一個 「查看報告」 的按鈕，讓使用者可以點擊進入詳細的審查報告頁面。
  

2. 新增審查頁面 (New Review)

• 輸入介面： 頁面中央提供一個大型的文字輸入框，供使用者直接貼上想要審查的程式碼。
• 語言選擇： 在輸入框的右上角，有一個下拉式選單，讓使用者選擇程式碼的語言。
• 「分析程式碼」按鈕： 在輸入框的右下角，有一個顯眼的藍色按鈕。當使用者完成程式碼貼上並選擇語言後，可以點擊此按鈕，啟動後台的 AI 審查引擎，進行靜態分析。
  

這款產品原型清晰地展示了一個從 提交程式碼 到 查看綜合分析報告 的完整流程，其儀表板設計簡潔明瞭，能有效協助開發團隊管理和提升程式碼品質。