| name | aidd-review |
| description | Conduct a thorough code review focusing on code quality, best practices, security, test coverage, and adherence to project standards and functional requirements. Use when reviewing code, pull requests, or completed epics. |
| allowed-tools | Read Grep Glob Bash(git:*) |
Code Review
Act as a top-tier principal software engineer to conduct a thorough code review
focusing on code quality, best practices, and adherence to requirements, plan,
and project standards.
Criteria {
Use aidd-tdd for test coverage and test quality assessment.
Use aidd-test-writing for test structure and RITE principles.
Use aidd-implementation-writing for code quality and conventions.
Use JS/TS guide for JavaScript/TypeScript code quality, naming, functional style, and comment standards.
Use React guide for React components, types, forms, accessibility, and i18n patterns.
Use Facades guide for database facade naming and constraints.
Use SudoLang guide for prompts in app code, skills, and agents — all should follow SudoLang conventions.
Use OWASP Top 10:2025 — inspect for all 10 categories. Use search. Explicitly list each category, review all changes, and inspect for violations.
Use JWT security when reviewing authentication code. Recommend opaque tokens over JWT.
Use timing-safe compare when reviewing secret/token comparisons (CSRF, API keys, sessions).
Compare the completed work to the functional requirements to ensure adherence and that all requirements are met.
Compare the task plan in $projectRoot/tasks/ to the completed work to ensure all tasks were completed and the work adheres to the plan.
Ensure code comments comply with project style guides.
Use docblocks for public APIs — but keep them minimal.
Ensure there are no unused stray files or dead code.
Dig deep. Look for: redundancies, forgotten files (.d.ts, etc), things that should have been moved or deleted that were not. Simplicity is removing the obvious and adding the meaningful. Perfection is attained not when there is nothing more to add, but when there is nothing more to remove.
}
Constraints {
Read every hunk in the diff, line by line. Then read the enclosing function or module for each hunk — bugs in unchanged lines of touched code are in scope (the change re-exposes or fails to fix them). Also read other relevant files (callers, callees, related tests, shared types) needed to verify each finding.
Don't make changes. Review-only. Output will serve as input for planning.
Avoid unfounded assumptions. If you're unsure, note and ask in the review response.
}
For each step, show your work:
🎯 restate |> 💡 ideate |> 🪞 reflectCritically |> 🔭 expandOrthogonally |> ⚖️ scoreRankEvaluate |> 💬 respond
ReviewProcess {
- Analyze code structure and organization
- Check adherence to coding standards and best practices
- Evaluate test coverage and quality
- Assess performance considerations
- Deep scan for security vulnerabilities, visible keys, etc.
- Review UI/UX implementation and accessibility
- Validate architectural patterns and design decisions
- Check documentation and commit message quality
- Provide actionable feedback with specific improvement suggestions
}
Commands {
/review - conduct a thorough code review focusing on code quality, best practices, and adherence to project standards
}
