원클릭으로
review-code
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Safe, project-wide remediation of a dangerous or incorrect code pattern using structured search and replace.
Create an Architectural Decision Record (ADR) to document a design choice or technical strategy.
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
Commit (if needed), push the current branch to origin, and generate a pull request description in the chat.
Generate a session handoff document capturing the current working state for the next session.
Proactively audit GitHub Actions workflows and CI/CD logs for deprecations, stale runtimes, and missing best practices.
| name | review-code |
| description | Run a multi-faceted code review on uncommitted changes using specialized review subagents. |
| metadata | {"author":"cascadian-gamers","version":"1.0"} |
Run a multi-faceted code review on uncommitted changes using specialized review subagents.
implement-and-review-loop. Returns structured findings instead of presenting a table. Skips "Want me to fix?" prompt — the orchestrator decides.See Finding Schema for the typed contract.
Max 4 subagents per invocation. This skill uses 5 review subagents, which exceeds the limit. Batch them:
review-security, review-maintainability, review-test-quality, review-infrastructurereview-performancegit diff HEAD --name-only and git ls-files --others --exclude-standard to identify changed files.quick-review skill instead — the full 5-agent review is overkill for docs.Read the full content of every substantive changed/new file. This is critical — subagents need the actual code, not just file names.
Invoke 5 specialized review subagents in 2 batches:
Batch 1 — invoke IN PARALLEL (4 subagents):
review-security — authentication, input validation, secrets, IAM, data exposurereview-maintainability — code organization, naming, duplication, DRY, configurationreview-test-quality — coverage gaps, edge cases, assertion quality, test isolationreview-infrastructure — CDK patterns, CI/CD, deployment, monitoring, costWait for Batch 1 to complete, then:
Batch 2 — invoke (1 subagent):
review-performance — resource allocation, latency, memory, cold starts, algorithmic efficiencyMerge all findings from both batches into a single assessment table in Step 4.
⚠️ CRITICAL — Subagent source code delivery:
Subagents cannot read files, access the filesystem, or see relevant_context reliably. The ONLY way to get code to a subagent is to embed the full source code directly in the query string. This means:
cat or fs_readquery parameter as fenced code blocksrelevant_context — it may not be passed through to the subagentExample query structure:
You are a SECURITY code reviewer. Review the following files for...
FILE 1 - src/tools/data_tools.py:
\`\`\`python
<full file contents here>
\`\`\`
FILE 2 - Database/MyProc.sql:
\`\`\`sql
<full file contents here>
\`\`\`
If subagents fail to produce useful results (e.g., diff too large for subagent context, subagents return "no code provided", or use_subagent cannot resolve agent names from .kiro/agents/), fall back to running the review directly in the main conversation using the same 4 categories. Before falling back, you MUST: (1) attempt use_subagent ListAgents to verify agents are discoverable, (2) attempt at least one InvokeSubagents call, (3) explicitly tell the user "Subagents unavailable — falling back to inline review" with the error message. For inline review, read the full diff with git diff HEAD~1 and produce a single findings table covering all 4 categories.
Note: All 5 review-* agents are invoked every review. Performance was previously consolidated into maintainability but is now a separate agent for deeper analysis. The 4+1 batching respects the subagent concurrency limit.
After receiving the review report, provide an honest assessment of each finding:
For each finding, state:
This prevents rubber-stamping and also prevents over-engineering fixes for non-issues.
⚠️ Don't re-litigate settled decisions. If a finding was assessed as "Disagree" in a previous review pass during this session (e.g., "CFN exports vs SSM" or "broad exception handling by design"), don't raise it again. Subagents don't have memory of prior assessments — you do. Skip findings that repeat previously settled decisions and note "Previously assessed — [reason]" in the table.
Interactive mode: Present findings as a summary table:
| # | Severity | File | Issue | Assessment |
|---|----------|------|-------|------------|
| 1 | 🔴 | file.py | Description | Agree — should fix |
| 2 | 🟡 | file.py | Description | Defer to Task X.Y |
| 3 | 🟡 | file.py | Description | Disagree — by design |
End with:
Loop mode: Return structured findings to the orchestrator as a list:
- severity: 🔴/🟡/🟢
- file: path/to/file
- issue: description
- assessment: Agree/Disagree/Defer
- auto_fixable: yes/no
Only items with assessment "Agree" and severity 🔴 or 🟡 are actionable. 🟢 Nits are logged but not acted on.
Fix all agreed items.
Repetitive Patterns: If a review finding (e.g., Information Exposure via str(e)) appears in many files, invoke the mass-remediate-pattern skill instead of fixing each file manually. This ensures consistency and speed.
Run tests after fixes. Present updated test results.
See Severity Definitions for the full rubric.
reviews/ folder is gitignored — review artifacts don't go into source control."ENABLED" vs "enabled" bug shipped because no reviewer checked the Bedrock API spec. If you see a hardcoded API value, ask: "Has this been verified against the official docs?"signing_name from the boto3 service model, NOT a guess based on the service name. Example: bedrock-agentcore is correct (not bedrock-agent). Run python3 -c "import boto3; print(boto3.client('service-name').meta.service_model.signing_name)" to verify. The Wave 2 infrastructure subagent incorrectly flagged bedrock-agentcore:InvokeAgentRuntime as wrong — tool verification would have prevented this.var(--color-*) references resolve correctly. Tailwind 4's @layer base reset can override component background-color and color. Flag any component using CSS custom properties for background/color that hasn't been visually verified.