sop-code-review
Installation
SKILL.md
SOP: Code Review Workflow
Comprehensive code review using specialized reviewers for different quality aspects.
Timeline: 4 Hours
Phases:
- Automated Checks (30 min)
- Specialized Reviews (2 hours)
- Integration Review (1 hour)
- Final Approval (30 min)
Phase 1: Automated Checks (30 minutes)
Quick Quality Checks
Parallel Automated Testing:
// Initialize review swarm
await mcp__ruv-swarm__swarm_init({
topology: 'star', // Coordinator pattern for reviews
maxAgents: 6,
strategy: 'specialized'
});
// Run all automated checks in parallel
const [lint, tests, coverage, build] = await Promise.all([
Task("Linter", `
Run linting checks:
- ESLint for JavaScript/TypeScript
- Pylint for Python
- RuboCop for Ruby
- Check for code style violations
Store results: code-review/${prId}/lint-results
`, "reviewer"),
Task("Test Runner", `
Run test suite:
- Unit tests
- Integration tests
- E2E tests (if applicable)
- All tests must pass
Store results: code-review/${prId}/test-results
`, "tester"),
Task("Coverage Analyzer", `
Check code coverage:
- Overall coverage > 80%
- New code coverage > 90%
- No critical paths uncovered
Generate coverage report
Store: code-review/${prId}/coverage-report
`, "reviewer"),
Task("Build Validator", `
Validate build:
- Clean build (no warnings)
- Type checking passes
- No broken dependencies
- Bundle size within limits
Store build results: code-review/${prId}/build-status
`, "reviewer")
]);
// If any automated check fails, stop and request fixes
if (hasFailures([lint, tests, coverage, build])) {
await Task("Review Coordinator", `
Automated checks failed. Request fixes from author:
${summarizeFailures([lint, tests, coverage, build])}
Store feedback: code-review/${prId}/automated-feedback
`, "pr-manager");
return; // Stop review until fixed
}
Deliverables:
- All automated checks passing
- Test results documented
- Coverage report generated
Phase 2: Specialized Reviews (2 hours)
Parallel Expert Reviews
Sequential coordination of parallel reviews:
// Spawn specialized reviewers in parallel
const [codeQuality, security, performance, architecture, docs] = await Promise.all([
Task("Code Quality Reviewer", `
Review for code quality:
**Readability**:
- Clear, descriptive names (variables, functions, classes)
- Appropriate function/method length (< 50 lines)
- Logical code organization
- Minimal cognitive complexity
**Maintainability**:
- DRY principle (no code duplication)
- SOLID principles followed
- Clear separation of concerns
- Proper error handling
**Best Practices**:
- Following language idioms
- Proper use of design patterns
- Appropriate comments (why, not what)
- No code smells (magic numbers, long parameter lists)
Store review: code-review/${prId}/quality-review
Rating: 1-5 stars
`, "code-analyzer"),
Task("Security Reviewer", `
Review for security issues:
**Authentication & Authorization**:
- Proper authentication checks
- Correct authorization rules
- No privilege escalation risks
- Secure session management
**Data Security**:
- Input validation (prevent injection attacks)
- Output encoding (prevent XSS)
- Sensitive data encryption
- No hardcoded secrets or credentials
**Common Vulnerabilities** (OWASP Top 10):
- SQL Injection prevention
- XSS prevention
- CSRF protection
- Secure dependencies (no known vulnerabilities)
Store review: code-review/${prId}/security-review
Severity: Critical/High/Medium/Low for each finding
`, "security-manager"),
Task("Performance Reviewer", `
Review for performance issues:
**Algorithmic Efficiency**:
- Appropriate time complexity (no unnecessary O(n²))
- Efficient data structures chosen
- No unnecessary iterations
- Lazy loading where appropriate
**Resource Usage**:
- No memory leaks
- Proper cleanup (connections, files, timers)
- Efficient database queries (avoid N+1)
- Batch operations where possible
**Optimization Opportunities**:
- Caching potential
- Parallelization opportunities
- Database index needs
- API call optimization
Store review: code-review/${prId}/performance-review
Impact: High/Medium/Low for each finding
`, "perf-analyzer"),
Task("Architecture Reviewer", `
Review for architectural consistency:
**Design Patterns**:
- Follows established patterns in codebase
- Appropriate abstraction level
- Proper dependency injection
- Clean architecture principles
**Integration**:
- Fits well with existing code
- No unexpected side effects
- Backward compatibility maintained
- API contracts respected
**Scalability**:
- Design supports future growth
- No hardcoded limits
- Stateless where possible
- Horizontally scalable
Store review: code-review/${prId}/architecture-review
Concerns: Blocker/Major/Minor for each finding
`, "system-architect"),
Task("Documentation Reviewer", `
Review documentation:
**Code Documentation**:
- Public APIs documented (JSDoc/docstring)
- Complex logic explained
- Non-obvious behavior noted
- Examples provided where helpful
**External Documentation**:
- README updated (if needed)
- API docs updated (if API changed)
- Migration guide (if breaking changes)
- Changelog updated
**Tests as Documentation**:
- Test names are descriptive
- Test coverage demonstrates usage
- Edge cases documented in tests
Store review: code-review/${prId}/docs-review
Completeness: 0-100%
`, "api-docs")
]);
// Aggregate all reviews
await Task("Review Aggregator", `
Aggregate specialized reviews:
- Quality: ${codeQuality}
- Security: ${security}
- Performance: ${performance}
- Architecture: ${architecture}
- Documentation: ${docs}
Identify:
- Blocking issues (must fix before merge)
- High-priority suggestions
- Nice-to-have improvements
Generate summary
Store: code-review/${prId}/aggregated-review
`, "reviewer");
Deliverables:
- 5 specialized reviews completed
- Issues categorized by severity
- Aggregated review summary
Phase 3: Integration Review (1 hour)
End-to-End Impact Assessment
Sequential Analysis:
// Step 1: Integration Testing
await Task("Integration Tester", `
Test integration with existing system:
- Does this change break any existing functionality?
- Are all integration tests passing?
- Does it play well with related modules?
- Any unexpected side effects?
Run integration test suite
Store results: code-review/${prId}/integration-tests
`, "tester");
// Step 2: Deployment Impact
await Task("DevOps Reviewer", `
Assess deployment impact:
- Infrastructure changes needed?
- Database migrations required?
- Configuration updates needed?
- Backward compatibility maintained?
- Rollback plan clear?
Store assessment: code-review/${prId}/deployment-impact
`, "cicd-engineer");
// Step 3: User Impact
await Task("Product Reviewer", `
Assess user impact:
- Does this change improve user experience?
- Are there any user-facing changes?
- Is UX/UI consistent with design system?
- Are analytics/tracking updated?
Store assessment: code-review/${prId}/user-impact
`, "planner");
// Step 4: Risk Assessment
await Task("Risk Analyzer", `
Overall risk assessment:
- What's the blast radius of this change?
- What's the worst-case failure scenario?
- Do we have rollback procedures?
- Should this be feature-flagged?
- Monitoring and alerting adequate?
Store risk assessment: code-review/${prId}/risk-analysis
Recommendation: Approve/Conditional/Reject
`, "reviewer");
Deliverables:
- Integration test results
- Deployment impact assessment
- User impact assessment
- Risk analysis
Phase 4: Final Approval (30 minutes)
Review Summary & Decision
Sequential Finalization:
// Step 1: Generate Final Summary
await Task("Review Coordinator", `
Generate final review summary:
**Automated Checks**: ✅ All passing
**Quality Review**: ${qualityScore}/5
**Security Review**: ${securityIssues} issues (${criticalCount} critical)
**Performance Review**: ${perfIssues} issues (${highImpactCount} high-impact)
**Architecture Review**: ${archConcerns} concerns (${blockerCount} blockers)
**Documentation Review**: ${docsCompleteness}% complete
**Integration Tests**: ${integrationStatus}
**Deployment Impact**: ${deploymentImpact}
**User Impact**: ${userImpact}
**Risk Level**: ${riskLevel}
**Blocking Issues**:
${listBlockingIssues()}
**Recommendations**:
${generateRecommendations()}
**Overall Decision**: ${decision} (Approve/Request Changes/Reject)
Store final summary: code-review/${prId}/final-summary
`, "pr-manager");
// Step 2: Author Notification
await Task("Notification Agent", `
Notify PR author:
- Review complete
- Summary of findings
- Action items (if any)
- Next steps
Send notification
Store: code-review/${prId}/author-notification
`, "pr-manager");
// Step 3: Decision Actions
if (decision === 'Approve') {
await Task("Merge Coordinator", `
Approved for merge:
- Add "approved" label
- Update PR status
- Queue for merge (if auto-merge enabled)
- Notify relevant teams
Store: code-review/${prId}/merge-approval
`, "pr-manager");
} else if (decision === 'Request Changes') {
await Task("Feedback Coordinator", `
Request changes:
- Create detailed feedback comment
- Label as "changes-requested"
- Assign back to author
- Schedule follow-up review
Store: code-review/${prId}/change-request
`, "pr-manager");
} else {
await Task("Rejection Handler", `
Reject PR:
- Create detailed explanation
- Suggest alternative approaches
- Label as "rejected"
- Close PR (or request fundamental rework)
Store: code-review/${prId}/rejection
`, "pr-manager");
}
Deliverables:
- Final review summary
- Author notification
- Decision and next steps
Success Criteria
Review Quality
- Coverage: All aspects reviewed (quality, security, performance, architecture, docs)
- Consistency: Reviews follow established guidelines
- Actionability: All feedback is specific and actionable
- Timeliness: Reviews completed within 4 hours
Code Quality Gates
- Automated Tests: 100% passing
- Code Coverage: > 80% overall, > 90% for new code
- Linting: 0 violations
- Security: 0 critical issues, 0 high-severity issues
- Performance: No high-impact performance regressions
- Documentation: 100% of public APIs documented
Process Metrics
- Review Turnaround: < 4 hours (business hours)
- Author Satisfaction: > 4/5 (feedback is helpful)
- Defect Escape Rate: < 1% (issues found in production that should have been caught)
Review Guidelines
What Reviewers Should Focus On
DO Review:
- Logic correctness
- Edge case handling
- Error handling robustness
- Security vulnerabilities
- Performance implications
- Code clarity and maintainability
- Test coverage and quality
- API design and contracts
- Documentation completeness
DON'T Nitpick:
- Personal style preferences (use automated linting)
- Minor variable naming (unless truly confusing)
- Trivial formatting (use automated formatting)
- Subjective "better" ways (unless significantly better)
Giving Feedback
Effective Feedback:
- ✅ "This function has O(n²) complexity. Consider using a hash map for O(n)."
- ✅ "This input isn't validated. Add validation to prevent SQL injection."
- ✅ "This error isn't logged. Add error logging for debugging."
Ineffective Feedback:
- ❌ "I don't like this."
- ❌ "This could be better."
- ❌ "Change this." (without explanation)
Tone:
- Be respectful and constructive
- Assume good intent
- Ask questions rather than make demands
- Suggest, don't dictate (unless security/critical issue)
Agent Coordination Summary
Total Agents Used: 12-15 Execution Pattern: Star topology (coordinator with specialists) Timeline: 4 hours Memory Namespaces: code-review/{pr-id}/*
Key Agents:
- reviewer - Lint, build, coordination
- tester - Test execution, integration testing
- code-analyzer - Code quality review
- security-manager - Security review
- perf-analyzer - Performance review
- system-architect - Architecture review
- api-docs - Documentation review
- cicd-engineer - Deployment impact
- planner - Product/user impact
- pr-manager - Review coordination, notifications
Usage
// Invoke this SOP skill for a PR
Skill("sop-code-review")
// Or execute with specific PR
Task("Code Review Orchestrator", `
Execute comprehensive code review for PR #${prNumber}
Repository: ${repoName}
Author: ${authorName}
Changes: ${changesSummary}
`, "pr-manager")
Status: Production-ready SOP Complexity: Medium (12-15 agents, 4 hours) Pattern: Star topology with specialized reviewers
Related skills
More from dnyoussef/ai-chrome-extension
agent-creator
Creates specialized AI agents with optimized system prompts using the official 4-phase SOP methodology from Desktop .claude-flow, combined with evidence-based prompting techniques and Claude Agent SDK implementation. Use this skill when creating production-ready agents for specific domains, workflows, or tasks requiring consistent high-quality performance with deeply embedded domain knowledge.
3github-project-management
Comprehensive GitHub project management with swarm-coordinated issue tracking, project board automation, and sprint planning
3prompt-architect
Comprehensive framework for analyzing, creating, and refining prompts for AI systems. Use when creating prompts for Claude, ChatGPT, or other language models, improving existing prompts, or applying evidence-based prompt engineering techniques. Applies structural optimization, self-consistency patterns, and anti-pattern detection to transform prompts into highly effective versions.
3pptx-generation
Enterprise-grade PowerPoint deck generation system using evidence-based prompting techniques, workflow enforcement, and constraint-based design. Use when creating professional presentations (board decks, reports, analyses) requiring consistent visual quality, accessibility compliance, and integration of complex data from multiple sources. Implements html2pptx workflow with spatial layout optimization, validation gates, and multi-chat architecture for 30+ slide decks.
3style-audit
Audits code against CI/CD style rules, quality guidelines, and best practices, then rewrites code to meet standards without breaking functionality. Use this skill after functionality validation to ensure code is not just correct but also maintainable, readable, and production-ready. The skill applies linting rules, enforces naming conventions, improves code organization, and refactors for clarity while preserving all behavioral correctness verified by functionality audits.
3smart-bug-fix
Intelligent bug fixing workflow combining root cause analysis, multi-model reasoning, Codex auto-fix, and comprehensive testing. Uses RCA agent, Codex iteration, and validation to systematically fix bugs.
3