with one click
code-review
[OMX] Run a comprehensive code review
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Menu
[OMX] Run a comprehensive code review
Install with Codex or Claude Copy this prompt, paste it into Codex, Claude, or another assistant, and let it review the skill page and install it for you.
Based on SOC occupation classification
[OMX] Run an anti-slop cleanup/refactor/deslop workflow
[OMX] Run read-only deep repository analysis and return a ranked synthesis with explicit confidence, concrete file references, and clear evidence-vs-inference boundaries. Use when a user says 'analyze', 'investigate', 'why does', 'what's causing', or needs grounded cross-file explanation before any changes are proposed.
[OMX] Ask Claude via local CLI and capture a reusable artifact
[OMX] Ask Gemini via local CLI and capture a reusable artifact
[OMX] Full autonomous execution from idea to working code
[OMX] Stateful validator-gated research loop with native-hook persistence
| name | code-review |
| description | [OMX] Run a comprehensive code review |
Conduct a thorough code review for quality, security, and maintainability with severity-rated feedback.
This skill activates when:
Delegates to the code-reviewer and architect agents in parallel for a two-lane review:
Identify Changes
git diff to find changed filesLaunch Parallel Review Lanes
code-reviewer lane - owns spec compliance, security, code quality, performance, and maintainability findingsarchitect lane - owns the devil's-advocate / design-tradeoff perspectiveReview Categories
Severity Rating
Architectural Status Contract
Specific Recommendations
Final Synthesis
code-reviewer recommendation and the architect status into one final verdictcode-reviewer recommendation is REQUEST CHANGES, final recommendation is REQUEST CHANGEScode-reviewer lanedelegate(
role="code-reviewer",
tier="THOROUGH",
prompt="CODE REVIEW TASK
Review code changes for quality, security, and maintainability.
This is the code/spec/security lane. Do not absorb architectural ownership.
Scope: [git diff or specific files]
Review Checklist:
- Security vulnerabilities (OWASP Top 10)
- Code quality (complexity, duplication)
- Performance issues (N+1, inefficient algorithms)
- Best practices (naming, documentation, error handling)
- Maintainability (coupling, testability)
Output: Code review report with:
- Files reviewed count
- Issues by severity (CRITICAL, HIGH, MEDIUM, LOW)
- Specific file:line locations
- Fix recommendations
- Approval recommendation (APPROVE / REQUEST CHANGES / COMMENT)"
)
delegate(
role="architect",
tier="THOROUGH",
prompt="ARCHITECTURE / DEVIL'S-ADVOCATE REVIEW TASK
Review the same code changes from the architecture/tradeoff perspective.
Scope: [git diff or specific files]
Focus:
- System boundaries and interfaces
- Hidden coupling or long-term maintainability risks
- Tradeoff tension the main reviewer might miss
- Strongest counterargument against approving as-is
Output:
- Architectural Status: CLEAR / WATCH / BLOCK
- File:line evidence for each concern
- Concrete tradeoff or design recommendation"
)
Run both lanes in parallel, then synthesize them with the deterministic rules above.
The code-reviewer agent SHOULD consult Codex for cross-validation.
Before first MCP tool use, call ToolSearch("mcp") to discover deferred MCP tools.
Use mcp__x__ask_codex with agent_role: "code-reviewer".
If ToolSearch finds no MCP tools, fall back to the code-reviewer agent.
Note: Codex calls can take up to 1 hour. Consider the review timeline before consulting.
CODE REVIEW REPORT
==================
Files Reviewed: 8
Total Issues: 12
Architectural Status: WATCH
CRITICAL (0)
-----------
(none)
HIGH (0)
--------
(none)
MEDIUM (7)
----------
1. src/api/auth.ts:42
Issue: Email normalization logic is duplicated instead of reusing the shared helper
Risk: Validation rules can drift between authentication paths
Fix: Route both paths through the shared normalization helper
2. src/components/UserProfile.tsx:89
Issue: Derived permissions are recalculated on every render
Risk: Avoidable work during profile refreshes
Fix: Memoize the derived permissions list or compute it upstream
3. src/utils/validation.ts:15
Issue: Form-layer and server-layer validation messages are defined separately
Risk: User-facing validation guidance can become inconsistent
Fix: Share one validation message helper across both call sites
LOW (5)
-------
...
ARCHITECTURE WATCHLIST
----------------------
- src/review/orchestrator.ts:88
Concern: Review result synthesis relies on implicit ordering rather than an explicit blocker contract
Status: WATCH
Recommendation: Define deterministic merge gating before expanding reviewers
SYNTHESIS
---------
- code-reviewer recommendation: COMMENT
- architect status: WATCH
- final recommendation: COMMENT
RECOMMENDATION: COMMENT
Address any WATCH concerns before treating the change as merge-ready.
The code-reviewer lane checks:
The architect lane checks:
CLEAR, WATCH, or BLOCKBLOCK concern cites the reason merge-ready status should be withheldAPPROVE - code-reviewer returns APPROVE and architect status is CLEAR
REQUEST CHANGES - code-reviewer returns REQUEST CHANGES or architect status is BLOCK
COMMENT - code-reviewer returns COMMENT with architect status CLEAR, architect status is WATCH, or only LOW/MEDIUM improvements remain
Good: The user says continue after the workflow already has a clear next step. Continue the current branch of work instead of restarting or re-asking the same question.
Good: The user changes only the output shape or downstream delivery step (for example make a PR). Preserve earlier non-conflicting workflow constraints and apply the update locally.
Bad: The user says continue, and the workflow restarts discovery or stops before the missing verification/evidence is gathered.
With Team:
/team "review recent auth changes and report findings"
Includes coordinated review execution across specialized agents.
With Ralph:
/ralph code-review then fix all issues
On the explicit Ralph path, review findings should flow into automatic fix follow-up without another permission prompt. Plain code-review itself remains read-only and does not promise auto-fix.
With Ultrawork:
/ultrawork review all files in src/
Parallel code review across multiple files.