بنقرة واحدة
review-code
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
Safe, project-wide remediation of a dangerous or incorrect code pattern using structured search and replace.
Create an Architectural Decision Record (ADR) to document a design choice or technical strategy.
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Commit (if needed), push the current branch to origin, and generate a pull request description in the chat.
Generate a session handoff document capturing the current working state for the next session.
Proactively audit GitHub Actions workflows and CI/CD logs for deprecations, stale runtimes, and missing best practices.
| name | review-code |
| description | Run a multi-faceted code review on uncommitted changes using specialized review subagents. |
| metadata | {"author":"cascadian-gamers","version":"1.0"} |
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
implement-and-review-loop. Returns structured findings instead of presenting a table. Skips "Want me to fix?" prompt — the orchestrator decides.See Finding Schema for the typed contract.
Max 4 subagents per invocation. This skill uses 5 review subagents, which exceeds the limit. Batch them:
review-security, review-maintainability, review-test-quality, review-infrastructurereview-performancegit diff HEAD --name-only and git ls-files --others --exclude-standard to identify changed files.quick-review skill instead — the full 5-agent review is overkill for docs.Read the full content of every substantive changed/new file. This is critical — subagents need the actual code, not just file names.
Invoke 5 specialized review subagents in 2 batches:
Batch 1 — invoke IN PARALLEL (4 subagents):
review-security — authentication, input validation, secrets, IAM, data exposurereview-maintainability — code organization, naming, duplication, DRY, configurationreview-test-quality — coverage gaps, edge cases, assertion quality, test isolationreview-infrastructure — CDK patterns, CI/CD, deployment, monitoring, costWait for Batch 1 to complete, then:
Batch 2 — invoke (1 subagent):
review-performance — resource allocation, latency, memory, cold starts, algorithmic efficiencyMerge all findings from both batches into a single assessment table in Step 4.
⚠️ CRITICAL — Subagent source code delivery:
Subagents cannot read files, access the filesystem, or see relevant_context reliably. The ONLY way to get code to a subagent is to embed the full source code directly in the query string. This means:
cat or fs_readquery parameter as fenced code blocksrelevant_context — it may not be passed through to the subagentExample query structure:
You are a SECURITY code reviewer. Review the following files for...
FILE 1 - src/tools/data_tools.py:
\`\`\`python
<full file contents here>
\`\`\`
FILE 2 - Database/MyProc.sql:
\`\`\`sql
<full file contents here>
\`\`\`
If subagents fail to produce useful results (e.g., diff too large for subagent context, subagents return "no code provided", or use_subagent cannot resolve agent names from .kiro/agents/), fall back to running the review directly in the main conversation using the same 4 categories. Before falling back, you MUST: (1) attempt use_subagent ListAgents to verify agents are discoverable, (2) attempt at least one InvokeSubagents call, (3) explicitly tell the user "Subagents unavailable — falling back to inline review" with the error message. For inline review, read the full diff with git diff HEAD~1 and produce a single findings table covering all 4 categories.
Note: All 5 review-* agents are invoked every review. Performance was previously consolidated into maintainability but is now a separate agent for deeper analysis. The 4+1 batching respects the subagent concurrency limit.
After receiving the review report, provide an honest assessment of each finding:
For each finding, state:
This prevents rubber-stamping and also prevents over-engineering fixes for non-issues.
⚠️ Don't re-litigate settled decisions. If a finding was assessed as "Disagree" in a previous review pass during this session (e.g., "CFN exports vs SSM" or "broad exception handling by design"), don't raise it again. Subagents don't have memory of prior assessments — you do. Skip findings that repeat previously settled decisions and note "Previously assessed — [reason]" in the table.
Interactive mode: Present findings as a summary table:
| # | Severity | File | Issue | Assessment |
|---|----------|------|-------|------------|
| 1 | 🔴 | file.py | Description | Agree — should fix |
| 2 | 🟡 | file.py | Description | Defer to Task X.Y |
| 3 | 🟡 | file.py | Description | Disagree — by design |
End with:
Loop mode: Return structured findings to the orchestrator as a list:
- severity: 🔴/🟡/🟢
- file: path/to/file
- issue: description
- assessment: Agree/Disagree/Defer
- auto_fixable: yes/no
Only items with assessment "Agree" and severity 🔴 or 🟡 are actionable. 🟢 Nits are logged but not acted on.
Fix all agreed items.
Repetitive Patterns: If a review finding (e.g., Information Exposure via str(e)) appears in many files, invoke the mass-remediate-pattern skill instead of fixing each file manually. This ensures consistency and speed.
Run tests after fixes. Present updated test results.
See Severity Definitions for the full rubric.
reviews/ folder is gitignored — review artifacts don't go into source control."ENABLED" vs "enabled" bug shipped because no reviewer checked the Bedrock API spec. If you see a hardcoded API value, ask: "Has this been verified against the official docs?"signing_name from the boto3 service model, NOT a guess based on the service name. Example: bedrock-agentcore is correct (not bedrock-agent). Run python3 -c "import boto3; print(boto3.client('service-name').meta.service_model.signing_name)" to verify. The Wave 2 infrastructure subagent incorrectly flagged bedrock-agentcore:InvokeAgentRuntime as wrong — tool verification would have prevented this.var(--color-*) references resolve correctly. Tailwind 4's @layer base reset can override component background-color and color. Flag any component using CSS custom properties for background/color that hasn't been visually verified.