| name | review |
| description | Review incoming PRs, agent-generated changes, or diffs. Structured review with security, correctness, performance, and maintainability checks. Triggers: "review", "review PR", "review changes", "code review", "review this PR", "review agent output", "check this diff". |
| skill_api_version | 1 |
| context | {"window":"fork","intent":{"mode":"task"},"sections":{"exclude":["HISTORY"]},"intel_scope":"topic"} |
| metadata | {"tier":"judgment","dependencies":["standards","council"]} |
Review Skill
Quick Ref: /review <PR> reviews a PR, /review --diff reviews local changes, /review --agent <path> reviews agent output with extra scrutiny.
YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it.
This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use /vibe instead.
Modes
/review 42
/review https://github.com/o/r/pull/42
/review --diff
/review --diff --staged
/review --agent .agents/crank/
/review --agent ./output.patch
/review --deep 42
Execution Steps
Step 0: Detect Review Target and Load Standards
Determine the review mode from arguments:
- PR mode (default): argument is a number or GitHub PR URL.
- Diff mode:
--diff flag present.
- Agent mode:
--agent <path> flag present.
Load language-specific conventions from /standards based on file extensions in the diff. If ao is available, pull prior review context:
ao lookup --query "code review patterns $(basename "$PWD")" --limit 3 2>/dev/null || true
Step 1: Fetch the Diff
PR Mode
gh pr view "$PR_REF" --json title,body,author,baseRefName,headRefName,labels,reviewDecision,commits
gh pr diff "$PR_REF"
gh pr diff "$PR_REF" --name-only
If the PR has more than 500 changed lines, prioritize: security-sensitive files, high-complexity changes, new files, then test files.
Diff Mode
git diff HEAD
git diff --cached
git diff HEAD --name-only
Agent Mode
find "$AGENT_PATH" -type f \( -name '*.go' -o -name '*.py' -o -name '*.ts' -o -name '*.sh' -o -name '*.md' \)
git apply --stat "$AGENT_PATH"
Step 2: Context Gathering
Understand the intent behind the changes before reviewing the code:
- PR Mode: Read PR title/body, check linked issues (
fixes #, closes #), read commit messages.
- Diff Mode: Check
git log --oneline -5, branch name, open issues via bd list --status open.
- Agent Mode: Read execution logs in output directory, check
.agents/rpi/ artifacts.
Output a one-line intent summary before proceeding:
INTENT: <what the change is trying to accomplish>
If intent is unclear, flag it: "PR description does not explain the purpose of this change."
Step 3: Systematic Review Pass (SCORED)
Review every changed file against the SCORED checklist. For each category, actively look for problems. Do not skim -- read each changed line.
S -- Security
C -- Correctness
- Logic errors: off-by-one, wrong operator, inverted condition
- Edge cases: nil/null handling, empty collections, boundary values
- Error handling: errors checked, not swallowed, wrapped with context
- Race conditions: shared mutable state, concurrent access patterns
- Resource leaks: unclosed files, connections, goroutines, channels
- Type safety: unchecked casts, implicit conversions, overflow potential
- Contract compliance: does the change match the stated intent?
O -- Observability
R -- Readability
E -- Efficiency
D -- Design
Step 4: Agent-Specific Checks (--agent mode only)
When reviewing agent-generated code, apply additional scrutiny for common agent failure modes:
Hallucinated References
Over-Engineering
Missing Fundamentals
Test Quality
Codebase Consistency
Step 5: Generate Structured Review Output
Create a review artifact:
REVIEW_DIR=".agents/review"
mkdir -p "$REVIEW_DIR"
REVIEW_FILE="$REVIEW_DIR/$(date +%Y-%m-%d)-review-$(echo "$PR_REF" | tr '/' '-').md"
Review Document Structure
# Review: <PR title or change description>
**Date:** YYYY-MM-DD | **Verdict:** APPROVE | REQUEST_CHANGES | COMMENT
**Target:** PR #N / local diff / agent output at <path>
## Intent
<one-line summary>
## SCORED Assessment
| Category | Rating | Notes |
|----------|--------|-------|
| Security | pass/warn/fail | ... |
| Correctness | pass/warn/fail | ... |
| Observability | pass/warn/fail | ... |
| Readability | pass/warn/fail | ... |
| Efficiency | pass/warn/fail | ... |
| Design | pass/warn/fail | ... |
## Findings
### Critical (must fix)
- **[file:line]** Issue. Suggested fix: ...
### Warning (should fix)
- **[file:line]** Issue. Suggested fix: ...
### Suggestion / Nit
- **[file:line]** Description.
## Missing
<expected but absent: tests, docs, error handling, migration>
Verdict Rules
- APPROVE: No critical or warning findings. All SCORED categories pass.
- REQUEST_CHANGES: Any critical finding, OR 3+ warnings, OR any SCORED category rated "fail".
- COMMENT: 1-2 warnings with no critical findings. Worth discussing but not blocking.
PR Mode: Post Comments
If reviewing a PR and the verdict is REQUEST_CHANGES or COMMENT, offer to post the review:
gh pr review "$PR_REF" --comment --body "$(cat "$REVIEW_FILE")"
gh pr review "$PR_REF" --request-changes --body "$(cat "$REVIEW_FILE")"
Only post if the user confirms. Never auto-post a review without explicit approval.
Deep Mode (--deep)
When --deep is specified, after the initial SCORED pass, spawn a council for a second opinion:
/council validate "Review these changes for issues I might have missed: <summary of changes>"
Merge council findings into the review document under a "## Council Findings" section.
Integration with Other Skills
| Skill | Relationship |
|---|
/vibe | Self-review (your own code). /review is for others' code. |
/council | Optional second opinion via --deep flag. |
/standards | Auto-loaded for language-specific rules. |
/bug-hunt | /review does a structured pass; /bug-hunt does deep investigation of suspected bugs. |
/pr-validate | PR-specific validation (isolation, scope creep). Complementary to /review. |
See Also
- vibe — Self-review and code quality validation
- council — Multi-model consensus council
- standards — Language-specific coding conventions
- bug-hunt — Deep bug investigation
- pr-validate — PR scope and isolation checks
Examples
Standard PR review
/review
Reviews current diff against main: correctness, security, performance, style.
Deep review with multi-model council
/review --deep
Same as standard but spawns council for adversarial second opinion on critical code.
Review a specific file
/review src/auth/middleware.go
Focused review of one file — useful for security-sensitive modules.
Extended review criteria and checklist: references/support.md
Troubleshooting
| Problem | Cause | Fix |
|---|
| Review misses context about a module | File not in diff but critical to understand | Pass --context-files src/auth/ to include adjacent files |
Council doesn't activate on --deep | Runtime doesn't support subagent spawning | Falls back to single-model review automatically; output notes degradation |
| Review flagging false positives | Standards loaded for wrong language | Verify language detection at top of output; pass --lang go to force |
| Diff too large for one review pass | PR is too big | Split the PR. /review works best on diffs under 500 LOC |
Guardrails
- Do not approve PRs with critical-severity SCORED findings unresolved
- Scope review to the diff only; do not audit unrelated code
- Preserve SCORED rubric order and do not skip categories
- In
--agent mode, flag hallucinated file references as critical findings