Menü
Hard-ass code review via Gemini. ALL issues must be fixed. No exceptions.
Mit Codex oder Claude installieren Kopieren Sie diesen Prompt, fügen Sie ihn in Codex, Claude oder einen anderen Assistant ein und lassen Sie die Skill-Seite prüfen und installieren.
Basierend auf der SOC-Berufsklassifikation
Read-only quality scan of components. Reports problems without making changes. Uses software-base + domain profile skills.
Refactoring patterns - improving code design without changing behavior
Read-only quality scan of components. Reports problems without making changes. Uses software-base + domain profile skills.
Internal phase: independent Codex review + targeted fixes. Not user-facing.
Find duplicated code and consolidate into shared utilities. Fixes all duplicates.
Reference templates for Codex evaluation. Used by build/improve orchestrators — not executed directly.
| name | gemini-review |
| description | Hard-ass code review via Gemini. ALL issues must be fixed. No exceptions. |
Hard-ass code review using Gemini. Finds issues AND fixes them. Senior Google engineer style - no handholding, no false praise, no excuses.
No arguments? Describe this skill and stop. Do not execute.
mkdir -p .claude && echo '{"skill":"gemini-scan-fix","started":"'$(date -Iseconds)'"}' > .claude/active-workflow.json
Fix code toward what a master craftsperson would be proud of.
When fixing issues, ensure the result looks like it was written by a skilled human engineer, not generated by AI.
Gemini is instructed to find these, and you MUST fix them:
After fixing, code should:
The best fix often removes code rather than adding it.
Fix ALL findings for production readiness. Every issue gets fixed. No deferring, no "backlog for next cycle," no "appropriate for MVP."
ALLOWED:
FORBIDDEN:
If a finding seems to require restructuring: fix it anyway by restructuring within the existing file. The only acceptable unfixed items are findings that require adding new external dependencies — report those with a one-line explanation.
If a path argument is provided, review that file/directory. If no argument, review recently modified files (git diff/log).
Read .claude/rubric/AUTO-DETECT.md for the detection table. Then:
.claude/rubric/base.md and .claude/rubric/product-quality.md.claude/rubric/web-api.md, .claude/rubric/data-persistence.md, .claude/rubric/cli.md, .claude/rubric/microservice.md).## Review Criteria. Combine into a single criteria list for the Gemini context.If a rubric file doesn't exist, skip it and continue.
Find target files:
If NO code exists, output "no code to review" and stop.
Read ALL files in scope completely. Do not skim.
For each source file (one file per call, not concatenated):
mcp__gemini-reviewer__gemini_review
code: <contents of this single file>
focus: "general"
context: "PRODUCTION READINESS review for {filename}. Check against these criteria: {RUBRIC_CRITERIA}. Also note if public APIs lack tests (Test Coverage — handled by testing phase). SEVERITY: CRITICAL = exploitable vulnerability, data loss, crash in production. HIGH = would cause incidents, missing critical validation. MEDIUM = poor practice, minor gaps. LOW = style, naming. OUTPUT FORMAT: FINDING: {category} | {severity} | {description} | {file:line}"
Replace {RUBRIC_CRITERIA} with the combined Review Criteria from all loaded rubric files, numbered sequentially.
If tool unavailable, output: GEMINI_ERROR: tool not available
Output issues in this format:
ISSUES_FOUND:
1. [CRITICAL] description (file:line)
2. [HIGH] description (file:line)
3. [MODERATE] description (file:line)
...
IDENTIFICATION_COMPLETE: yes
After the code review, do a separate product-level review. This catches bad products built with good code.
Call Gemini again with focus "adversarial":
mcp__gemini-reviewer__gemini_review
code: <paste the main entry point / CLI / config code>
focus: "adversarial"
context: "PRODUCTION READINESS — user experience gate. Review as a user deploying this to production. Check against the product quality criteria: {PRODUCT_QUALITY_CRITERIA}. Flag any issue that would cause a production incident or require rollback."
Replace {PRODUCT_QUALITY_CRITERIA} with the Review Criteria from .claude/rubric/product-quality.md (loaded in Step 0), numbered sequentially.
Add any product quality issues to the ISSUES_FOUND list with severity [HIGH] or [MODERATE].
npm run build or npx tsc --noEmit or language-appropriate checkDocument with specific reason (e.g., "requires architectural change", "in third-party code")
Maximum unfixed issues:
## Gemini Scan + Fix: [target]
### Summary
| Metric | Value |
|--------|-------|
| Files scanned | N |
| Issues found | N |
| Issues fixed | N |
| Cannot fix | N |
### Issues Fixed ✅
1. **[file:line]** [SEVERITY] — description
- Fix applied: [what was changed]
### Cannot Fix ⚠️
1. **[file:line]** [SEVERITY] — description
- Reason: [specific reason]
### Files Modified
| File | Changes |
|------|---------|
| path/to/file.ts | Fixed 3 issues |
---
GEMINI_RESULT: called - [N] issues found
ISSUES_FIXED: N
CANNOT_FIX: N
GEMINI_REVIEW_COMPLETE: yes
After fixing all issues, record NEW findings so earlier phases learn from them.
Write to TWO files:
.claude/lessons.mdAppend the specific finding with file paths and context:
## {date} - {target path}
### Gemini Found (phase 6)
- {CATEGORY}: {specific description with file:line} → {which earlier phase should catch this and how}
.claude/universal-lessons.mdRead this file first. If the general pattern is already listed, skip. If it's a NEW general pattern not already covered, append it to the appropriate section (LOGIC Patterns, DESIGN Patterns, CODE_QUALITY Patterns, DUPLICATION Patterns, or Gemini False Positive Patterns). Write the general rule, not the project-specific instance:
### {Pattern Name}
- {General description of the pattern, not tied to specific files} → {how to avoid it}
Categories: LOGIC, DESIGN, CODE_QUALITY, DUPLICATION, AI_SMELL
Also record false positive patterns that Gemini consistently flags incorrectly:
- **"{pattern description}"** — {why it's not applicable in this context}
If no new lessons were learned (already in both files), skip this step.
After fixing all issues, produce two evidence checklists. Write each to .claude/evidence/ (create directory if needed).
Review EVERY console.error, console.log, throw new Error, and reject( call. Write to .claude/evidence/gemini-6a.md:
# Evidence: Gemini 6a — Error Messages
| Location | Item | Verdict | Reasoning |
|----------|------|---------|-----------|
| src/auth.ts:15 | throw new Error("Invalid token") | PASS | Descriptive, no secrets leaked |
| src/db.ts:42 | console.log(query) | FAIL | Logs raw query which may contain user data |
Review EVERY CLI arg read, fs.readFile, and process.env access. Write to .claude/evidence/gemini-6b.md:
# Evidence: Gemini 6b — Input Boundaries
| Location | Item | Verdict | Reasoning |
|----------|------|---------|-----------|
| src/cli.ts:8 | process.argv[2] | PASS | Validated before use |
| src/config.ts:3 | process.env.API_KEY | FAIL | No fallback or error if missing |
Every row must have a PASS or FAIL verdict. No blanks. The machine gate validates row counts against codebase counters — incomplete checklists block the pipeline.
| Skill | Reviews | Fixes |
|---|---|---|
/gemini-scan | ✓ | ✗ (read-only) |
/gemini-review | ✓ | ✓ (mandatory) |
/adversarial-review | ✓ | ✓ (security focus) |