메뉴
Review changed code for reuse, quality, and efficiency, then fix any issues found.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
| name | simplify |
| description | Review changed code for reuse, quality, and efficiency, then fix any issues found. |
Review all changed files for reuse, quality, and efficiency. Fix any issues found.
Determine what changed and what tooling is available before any analysis.
Run scripts/build-review-packet.py (shipped in this skill's scripts/) to resolve scope and pre-bake one packet — diff plus changed-file list — that the three review agents read by path instead of each re-running git.
It auto-detects staged vs. branch vs. worktree and prints packet_path in its JSON.
Fall back to git diff (or git diff HEAD) for a manual scope.
If there are no git changes, review the most recently modified files that the user mentioned or that you edited earlier in this conversation.
If the code-review-graph MCP plugin is available, probe and ensure freshness:
build_or_update_graph_tool(base=<base>) to run an incremental update.list_graph_stats_tool() to verify the graph has nodes and check last_updated.When the graph is available, follow references/code-review-graph-integration.md for enhanced analysis at each subsequent step.
Always (git-based):
When graph is available (see references/code-review-graph-integration.md Phase 1):
detect_changes_tool(base=<base>) for risk-scored, priority-ordered triage.get_review_context_tool(base=<base>) for token-efficient structural context.get_affected_flows_tool (2+ files) or get_architecture_overview_tool (3+ directories).Pass all available context — diff, and graph triage data if available — to each agent in Phase 2.
Use the Agent tool to launch all three agents concurrently in a single message. Give each agent the packet path from Phase 0 as its starting point (plus graph context from Phase 1 if available): the packet has the diff and changed files, but it is a floor, not a ceiling — agents still read surrounding code, callers, and existing utilities the diff does not show (Agent 1's reuse search is inherently off-diff). When graph data includes risk scores, instruct agents to review highest-risk items first.
For each change:
semantic_search_nodes_tool and query_graph_tool("callers_of") per the integration reference.refactor_tool(mode="dead_code") per the integration reference.Before recommending deletion of code that looks redundant or dead, apply Chesterton's Fence: check git blame, nearby comments, and tests to understand why it was written. If the original reason still applies (platform quirk, perf workaround, edge case), keep it. "I don't see why this is here" is not the same as "this isn't needed."
Review the same changes for hacky patterns:
get_impact_radius_tool per the integration reference.find_large_functions_tool per the integration reference.query_graph_tool("callers_of") and query_graph_tool("inheritors_of") per the integration reference.query_graph_tool("tests_for") per the integration reference.data, result, tmp, val, item) where a content-bearing name fits; non-standard abbreviations (usr, cfg, evt) where full words read better; misleading names (a get* that mutates, an is* that returns a non-boolean).
Match the codebase's existing naming conventions rather than imposing new ones.Review the same changes for efficiency:
query_graph_tool("callees_of") per the integration reference.query_graph_tool("importers_of") per the integration reference.Wait for all three agents to complete. Aggregate their findings and fix each issue directly. If a finding is a false positive or not worth addressing, note it and move on — do not argue with the finding, just skip it.
Preserve behavior exactly. Fixes must keep inputs, outputs, side effects, ordering, and error paths identical. If a fix requires editing existing tests to pass, that's a signal you changed behavior — revert and reconsider rather than updating the tests to match.
Stay in scope. Fix what the agents flagged in the changed code; don't drive-by refactor unrelated code. If a fix's blast radius grows beyond the original diff, surface it to the user instead of silently expanding the change.
When done, briefly summarize what was fixed (or confirm the code was already clean).
references/code-review-graph-integration.md — tool dispatch playbook for code-review-graph MCP plugin (availability gate, required + optional tools per phase, tool quick reference).Use when the user asks for a deep, exhaustive, multi-pass, or variance-reducing repository-wide or scoped-path security scan. Run repeated independent discovery passes over one resolved scope with worker-specific threat models, semantically merge candidates, synthesize one canonical validation threat model, then run validation, attack-path analysis, canonical JSON completion, and generated reporting once. Do not use for PRs, commits, branch diffs, or working-tree diffs.
Use when the user explicitly asks to fix and verify a validated or plausible security finding. Do not use as the primary trigger for full PR, commit, branch, patch, or repository scans.
Use when the user asks for a security scan or review of a repository, a scoped path (package, folder, or submodule), or a Git-backed change set (pull request, commit, branch diff, or working-tree patch). Point it at the target; it runs the full threat-model, discovery, validation, and attack-path pipeline and writes a report. Do not use to triage externally supplied findings or to fix a single finding.
Use when the user supplies existing security findings or vulnerability reports — SARIF results, CVE/GHSA or advisory text, scanner tickets, bug bounty reports, or finding artifacts — and wants static repo-impact triage. Do not use for discovery, duplicate-bug triage, validation, or fixes.
Use when completing and archiving a change after all tasks are done and specs are synced. Triggers: "archive the change", "complete this change", "close out the change", "finish the change", "archive".
Use when the user wants any spec-driven development action — exploring before speccing, deriving specs from code or translating specs from another system, proposing a change, applying or implementing, verifying, syncing delta specs, or archiving. Triggers: 'spec this out', 'create a change', 'apply tasks', 'verify implementation', 'sync specs', 'archive change', or any mention of 'specs' or 'sdd'.