القائمة
Code quality check with adaptive effort scaling. Includes security scanning.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Show token / tool usage stats from the local telemetry log. Use when you want to know "which tools am I burning context on", "which skills are expensive", or "was yesterday's session mostly Read/Grep or actually productive".
Parallel quality audit with 7 specialized agents (Opus). Finds bugs, violations, and quality issues. Use audit for fixes, brainstorm for features.
Manage environment variables with Doppler — auto-install CLI, login, link projects, wrap commands with `doppler run`. Replaces scattered .env files with a hub/spoke architecture.
Scaffolds new projects or onboards existing ones. Detects stack, creates monorepo/single-app, configures strict tooling. Use for greenfield or first-time setup.
Archives completed stories from prd.json to reduce token usage.
Autonomous task execution with testing and security. Works through all tasks without stopping.
| name | review |
| description | Code quality check with adaptive effort scaling. Includes security scanning. |
| triggers | ["review","verify","check"] |
| allowed-tools | Bash, Read, Grep, Glob, Task |
| model | opus |
| user-invocable | true |
| argument-hint | [quick|deep] |
Quality check on current/recent changes. Scales effort to the task.
| Command | What It Does | When to Use |
|---|---|---|
review | Adaptive effort based on change type (default) | Before committing |
review quick | Build + typecheck only | Typos, one-liners, low-risk changes |
review deep | Full 7-step verification + UI check | After implementing features, before shipping |
| Task Type | Review Depth |
|---|---|
| Typo, one-liner | Does it work? Ship it. |
| Feature, component | Build + types + looks right |
| Architecture, refactor | All above + system impact |
More review for: money, security, user data, unfamiliar code. Less review for: isolated changes, low risk, well-understood code.
After any change:
npm run typecheck && npm run build — must passIf yes to all, move on.
git diff --name-only HEAD~3
git diff --staged --name-only
npm run typecheck
npm run build
npm run lint # If available
npm test -- --watchAll=false --passWithNoTests 2>/dev/null | tail -10
For each changed file, check:
any types or @ts-ignoreas unknown as unsafe casts on API/DB datafetch() without error handling (missing res.ok check or try/catch)<label> or aria-labelif (session) without default deny)npm audit --production 2>/dev/null | grep -E "critical|high" | head -5
For each changed file, check:
Scan the diff for these 12 patterns:
# Run on staged/changed files only
git diff --name-only HEAD~3 | xargs grep -n "as unknown as\|fetch(.*)\.\(then\|catch\)\?$\|dangerouslySetInnerHTML\|eval(\|innerHTML\|document.write\|console\.log\|text-white\|bg-black\|text-gray-" 2>/dev/null | head -20
Review: [X files changed]
==========================
Build: Pass/Fail
Types: Pass/Fail
Lint: Pass/Fail (or N/A)
Issues Found:
- src/component.tsx:45 - console.log left in
- src/hook.ts:12 - Missing error handling
Suggestions:
- Consider extracting duplicate logic in X and Y
Overall: Ready to commit / Needs fixes
Confirm the work is done well, not just done. A task is complete when it works, solves the actual problem, and is production-ready.
Flag opportunities to improve UX, performance, or error messages — but do not implement them during review. Report them as findings for a future task.
Verify visually:
Use agent-browser for verification when helpful:
for port in 3000 3001 5173 8080; do
curl -s http://localhost:$port > /dev/null && break
done
agent-browser open http://localhost:$port/path
agent-browser snapshot -i
Run each check in order. Stop and fix on any failure.
0. Optional: Specialist agent review (for significant diffs)
If the diff touches 5+ files or includes auth/billing/data-mutation code, spawn a code-reviewer agent in parallel with steps 1-6:
Task({ subagent_type: "code-reviewer", model: "opus", run_in_background: true,
prompt: "Review staged changes in [PROJECT_PATH] for bugs, logic errors, security vulnerabilities, and convention drift. Limit to 60 tool calls. Focus on: the diff (git diff --staged), what the change is supposed to do vs. what it actually does, edge cases the author may have missed. Report only high-confidence findings — skip style nits. Format: Severity, File:line, Issue, Why it matters." })
Read its findings before issuing a verdict. Skip for typos/one-liners.
1. Build Check
npm run build 2>&1 | tail -20
Zero errors required. Note warnings.
2. Type Safety
npm run typecheck 2>/dev/null || npx tsc --noEmit 2>/dev/null
Zero type errors required.
3. Test Suite
npm test -- --passWithNoTests --watchAll=false 2>/dev/null
All tests pass. Report: X passed, Y failed, Z skipped.
4. Code Hygiene Scan
grep -rn "console\.log\|console\.warn\|debugger\|TODO\|FIXME\|HACK" src/ --include="*.ts" --include="*.tsx" | grep -v node_modules | grep -v "\.test\." | head -20
Report count and locations. console.error is acceptable.
5. UI Quality Scan
grep -rn "text-white\|text-black\|bg-white\|bg-black\|text-gray-\|bg-gray-" src/ --include="*.tsx" | grep -v node_modules | head -20
grep -rn "<img\|<Image" src/ --include="*.tsx" | grep -v "width\|height\|fill" | head -10
6. Diff Review
git diff --stat
git diff --name-only
Only expected files modified. Flag unexpected changes.
7. Verdict
## Verification Result
| Check | Status | Notes |
|-------|--------|-------|
| Build | PASS/FAIL | |
| Types | PASS/FAIL | X errors |
| Tests | PASS/FAIL | X passed, Y failed |
| Hygiene | PASS/WARN | X debug statements |
| UI Quality | PASS/WARN | X hardcoded colors |
| Diff | PASS/WARN | X files modified |
**Overall: PASS / FAIL**
If PASS: "Ready for commit." If FAIL: list specific items to fix.
Apply principles from related skills when reviewing:
| Skill | Check For |
|---|---|
standards | Type safety, design tokens, all UI states, React patterns |
design | Avoid AI slop (no purple gradients, no Inter/Roboto) |
security | Secrets, RLS, input validation, XSS |
Would a senior developer approve this PR? If not, improve it.