Skip to main content

/code-review

Source: ~/.claude/skills/code-review/SKILL.md

name: code-review version: "2.0" level: 3 trigger: "code review, review this code, check my code, pre-commit review, security review of code" author: john updated: 2026-03-16

Code Review — Level 3 Supervised Skill

Sistematski code review sa if/then control flow. Security-first, actionable feedback.

WHEN TO USE

  • IF "review", "code review", "check code", "pre-commit" → activate this skill
  • IF security-specific request → prioritize Security section, run sentry-security-review first

WORKFLOW

Step 1: Scope Check

IF large PR (>500 lines):
  → Split: delegate security to securion sub-agent, delegate logic to code-reviewer sub-agent
  → Merge reports before final output
ELSE:
  → Single-pass review, continue to Step 2

Step 2: RAG Context

node ~/system/tools/rag-router.js query "code review patterns [tech stack]" --top 3

Check HiveMind for prior decisions on this codebase.

Step 3: Security Scan (ALWAYS FIRST)

IF bash/shell code detected → check for injection patterns
IF database queries → check for SQL injection
IF user input handling → check XSS, validation
IF credentials/keys visible → STOP, report immediately (Level 5 block)

Step 4: Quality Checklist

[ ] Correctness: edge cases, error handling, null safety
[ ] Security: OWASP Top 10, no hardcoded secrets, input validation
[ ] Performance: N+1 queries, unnecessary loops, memory leaks
[ ] Maintainability: DRY, naming, dead code
[ ] Tests: coverage for happy path + 2 edge cases minimum
[ ] GOTCHA: does this introduce regressions?

Step 5: Report Format

IF critical security issue → status: BLOCKED, stop review, escalate
IF blocking bugs (>3) → status: NEEDS_WORK
IF minor issues only → status: APPROVED_WITH_COMMENTS
IF clean → status: APPROVED

OUTPUT FORMAT (report to John, not user)

CODE REVIEW REPORT

Status: APPROVED | APPROVED_WITH_COMMENTS | NEEDS_WORK | BLOCKED
Files reviewed: [list]
Lines reviewed: [count]

🔴 CRITICAL (must fix before merge):
  - [issue]: [file:line] — [fix suggestion]

🟡 SHOULD FIX:
  - [issue]: [file:line] — [suggestion]

🟢 OPTIONAL:
  - [suggestion]

Security: PASS | WARN | FAIL
Tests: [coverage%] | [missing]
Verdict: [one sentence summary]

ESCALATION

  • Security FAIL → delegate to securion agent immediately
  • Architectural concern → delegate to sentinel-architect agent
  • Performance concern → query HiveMind for prior benchmarks first
Back to top