audit-review
The Audit: Requesting Code Review
Overview
Dispatch the-inspector to catch issues before they compound. The inspector gets precisely crafted context for evaluation — never the session's history. This keeps the inspector focused on the work product, not the thought process, and preserves your context for continued work.
Core principle: Audit early, audit often.
When to Request
Mandatory:
- After each task in parallel execution (The Hit)
- After completing a major feature
- Before merge to main
Optional but valuable:
- When stuck (fresh perspective)
- Before refactoring (baseline check)
- After fixing complex bug
How to Request
1. Get Git SHAs
BASE_SHA=$(git rev-parse HEAD~1) # or origin/main
HEAD_SHA=$(git rev-parse HEAD)
2. Dispatch the-inspector
Use the Task tool to dispatch the the-inspector agent with subagent_type: "the-inspector". Do NOT use "general" or "general-purpose" — these are not valid in a Gangsta Agents installation.
Fill the template at the-inspector-prompt.md in this skill directory with the following placeholders:
{WHAT_WAS_IMPLEMENTED}— What you just built{PLAN_OR_REQUIREMENTS}— What it should do (Contract clause, spec section){BASE_SHA}— Starting commit{HEAD_SHA}— Ending commit{DESCRIPTION}— Brief summary of the changes
3. Act on Findings
| Severity | Action |
|---|---|
| Critical | Fix immediately. Do not proceed until resolved. |
| Important | Fix before proceeding to the next task. |
| Minor | Note for later. Don't block progress. |
| Wrong | Push back with technical reasoning. |
Example
[Just completed implementing auth middleware]
1. Get SHAs:
BASE_SHA=$(git log --oneline | grep "previous task" | head -1 | awk '{print $1}')
HEAD_SHA=$(git rev-parse HEAD)
2. Dispatch the-inspector:
WHAT_WAS_IMPLEMENTED: JWT auth middleware with role-based access
PLAN_OR_REQUIREMENTS: Contract section 3.2 — Authentication
BASE_SHA: a7981ec
HEAD_SHA: 3df7661
DESCRIPTION: Added auth middleware, role guards, token validation
3. Inspector returns:
Strengths: Clean separation, real tests
Issues:
Important: Missing token expiry check
Minor: Magic number for token TTL
Assessment: Ready with fixes
4. Fix important issue, proceed to next task.
Integration with Heist Pipeline
- The Hit: Audit after each Crew Lead's territory completion
- Laundering: Final audit before the Don's approval
- Ad-hoc work: Audit before merge
Red Flags
Never:
- Skip audit because "it's simple"
- Ignore Critical issues
- Proceed with unfixed Important issues
- Argue with valid technical feedback without evidence
If inspector is wrong:
- Push back with technical reasoning
- Show code/tests that prove it works
- Use
gangsta:receiving-ordersfor processing feedback rigorously
Omerta Compliance
- Rule of Truth: Inspector reviews actual diffs, not claims
- Introduction Rule: Inspector communicates through the audit skill, not directly with Workers
More from kucherenko/gangsta
drill-tdd
Use when implementing any feature or bugfix — enforces the Red-Green-Refactor drill with no production code allowed without a failing test first
4the-capo
Use when orchestrating workers within a specific domain territory — managing work package dispatch, reviewing reports against the contract, and reporting status to the underboss
3the-hit
Use when the execution plan is approved and it is time for parallel execution — dispatches workers through crew leads to implement work packages with TDD enforcement, report collection, and escalation protocols
3omerta
Use when enforcing governance guardrails during any gangsta operation — referenced as cross-cutting concern by all skills for anti-hallucination, authorization, state durability, resource management, and spec supremacy rules
3reconnaissance
Use when beginning a new heist — deploys associates to survey the target codebase, existing tests, dependencies, documentation, and the ledger to produce a reconnaissance dossier for the don's review
3the-consigliere
Use when needing impartial architectural advice, security audit, spec integrity review, or a second opinion — operates outside the chain of command with standing authority to invoke truth checks
3