code-review
SKILL.md
Review code changes using parallel Haiku detection agents, with Opus fixes when issues are found.
Usage
/code-review # Review uncommitted changes
/code-review <issue-id> # Review changes for specific beads issue
/code-review --files src/api src/auth # Review specific directories/files
/code-review --quick # Fast mode: lint + type check only
Architecture
┌─────────────────────────────────────────────────────┐
│ DETECTION PHASE (5 parallel Haiku agents) │
│ │
│ 1. claude-md-scan - CLAUDE.md compliance │
│ 2. bug-scan - Bug detection │
│ 3. security-scan - Security vulnerabilities │
│ 4. silent-failure-scan - Error handling issues │
│ 5. git-context-scan - Git history context │
│ │
│ → Aggregate findings, filter ≥80% confidence │
└─────────────────────────────────────────────────────┘
│
▼
┌─────────────────┐
│ Issues found? │
└────────┬────────┘
│
┌───────────┴───────────┐
│ │
▼ ▼
┌──────────┐ ┌──────────┐
│ Yes │ │ No │
└────┬─────┘ └────┬─────┘
│ │
▼ ▼
┌───────────────┐ ┌──────────┐
│ OPUS: fixer │ │ Done! │
│ (apply fixes) │ │ (cheap) │
└───────────────┘ └──────────┘
Process
1. Determine Scope
If --files <paths> provided (for project-wide reviews):
# List all files in specified paths
find <paths> -type f \( -name "*.ts" -o -name "*.tsx" -o -name "*.js" -o -name "*.py" \) | head -100
# Read relevant CLAUDE.md files
cat CLAUDE.md 2>/dev/null
for path in <paths>; do
cat "$path/CLAUDE.md" 2>/dev/null
done
Review ALL code in specified paths, not just changes.
If <issue-id> provided:
bd show <issue-id>
git diff <base>..<head>
If no arguments:
git diff HEAD
git status --short
2. Quick Mode Check (--quick)
For trivial changes, run fast checks only:
npx tsc --noEmit 2>&1 | grep -i error
npm run lint 2>&1 | grep -i error
grep -rn "api.key\|secret\|password" --include="*.ts" <changed-files>
If all pass, return immediately:
{"passed": true, "mode": "quick", "summary": "Quick checks passed"}
3. Launch Detection Agents (Parallel)
Launch ALL 5 agents in parallel using Task tool:
Task(subagent_type="code-review:claude-md-scan", model="haiku",
prompt="Check CLAUDE.md compliance for: <files>")
Task(subagent_type="code-review:bug-scan", model="haiku",
prompt="Scan for bugs in: <files>")
Task(subagent_type="code-review:security-scan", model="haiku",
prompt="Security scan for: <files>")
Task(subagent_type="code-review:silent-failure-scan", model="haiku",
prompt="Check error handling in: <files>")
Task(subagent_type="code-review:git-context-scan", model="haiku",
prompt="Check git history context for: <files>")
IMPORTANT: Launch all 5 in a SINGLE message to run in parallel.
4. Aggregate Results
Collect JSON from all agents and merge:
- Combine findings - Merge all
flaggedandblockersarrays - Deduplicate - Same file:line from multiple agents = keep highest confidence
- Filter - Remove anything <80% confidence
- Sort - By confidence descending
5. Decision Point
If no issues ≥80% confidence:
✅ Code Review PASSED
- Scanned by 5 agents
- No issues found
- Ready to proceed
STOP HERE - no Opus needed.
If issues found ≥80% confidence: Continue to Step 6.
6. Launch Fixer Agent (Opus)
Only if issues were found:
Task(subagent_type="code-review:fixer", model="opus",
prompt="Fix these issues: <aggregated JSON>")
The fixer will:
- Auto-fix issues ≥90% confidence
- Add TODO comments for 80-89% confidence
- Skip issues requiring design decisions
- Verify fixes compile
7. Report Results
If blockers remain:
❌ Code Review FAILED
BLOCKERS (must fix):
- [SECURITY] Exposed API key in src/config.ts:12
- [CRITICAL] SQL injection in src/db/query.ts:45
Fix these issues and run /code-review again.
If all fixed:
✅ Code Review PASSED
Auto-fixed (3):
- Empty catch block in src/api/user.ts:67
- Missing await in src/utils/data.ts:23
- Unused import in src/components/Form.tsx:5
TODOs added (1):
- Possible race condition in src/state/store.ts:89
Ready to proceed.
If warnings only:
⚠️ Code Review PASSED with warnings
Skipped for manual review (2):
- Broad exception handling in src/api/auth.ts:34 (85% confidence)
- Possible logic error in src/utils/calc.ts:12 (82% confidence)
Review these when convenient.
Cost Optimization
| Scenario | Agents Used | Cost |
|---|---|---|
| Clean code | 5 Haiku | $ (cheap) |
| Issues found | 5 Haiku + 1 Opus | $$ (only when needed) |
| Quick mode | 0 agents | Free (just bash) |
Confidence Scoring
All agents use consistent scoring:
| Score | Meaning | Action |
|---|---|---|
| 0-79 | Uncertain / false positive | Skip |
| 80-89 | Verified issue | Flag + TODO comment |
| 90-94 | High confidence | Auto-fix if safe |
| 95-100 | Certain | Auto-fix |
Integration with Beads
# After worker completes issue
bd show <issue-id>
/code-review <issue-id>
# If passed
bd update <issue-id> --status=reviewed
# If blockers
bd create --title="Fix review blockers for <issue-id>" --type=bug
Project-Wide Review (with Conductor)
For large projects, conductor can parallelize:
Conductor divides project:
├─→ Worker 1: /code-review --files src/api src/models
├─→ Worker 2: /code-review --files src/components src/hooks
└─→ Worker 3: /code-review --files src/utils src/lib
Each worker spawns its own 5 Haiku agents = 15 parallel scanners.
Example conductor prompt:
Divide this project and run /code-review on each section:
- src/api, src/models → high priority (auth, data)
- src/components → medium priority
- src/utils, src/lib → lower priority
Notes
- Always launch detection agents in parallel (single message, 5 Task calls)
- Opus fixer only runs when issues are found (cost optimization)
- Use
--quickfor config/docs changes - Use
--filesfor project-wide reviews or conductor parallelization - Detection agents return JSON - parse and aggregate
- Fixer agent makes minimal changes, preserves style
Weekly Installs
1
Repository
ggprompts/my-pluginsGitHub Stars
2
First Seen
Today
Security Audits
Installed on
amp1
cline1
opencode1
cursor1
kimi-cli1
codex1