원클릭으로
fde-review
Two-stage code review: did we build what was agreed, then is it safe to ship.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Two-stage code review: did we build what was agreed, then is it safe to ship.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
The operating system for Forward Deployed Engineers. 34 skills across 6 domains — from first meeting to final handoff. Tell it your situation, it routes to the right skill, does the work, and the engagement memory writes itself.
Taking over mid-engagement. Reads what exists, separates what works from what was assumed.
Safe implementation in any codebase. Characterisation tests first, Strangler Fig for fragile code.
End of engagement. Retrospective, pattern extraction, clean handoff so the team can sustain it.
Generate a status dashboard across all active engagements from .fde/ data.
Systematic debugging. Reproduce first, isolate second, fix third. Never guess.
| name | fde-review |
| description | Two-stage code review: did we build what was agreed, then is it safe to ship. |
Load context.md, decisions.md, trust-profile.md, and terrain.md only. Do not load reality.md or stakeholders.md -- they are not relevant to reviewing code against an agreed scope.
Code review on an engagement is not the same as code review at a product company. You're often in a codebase you don't own, deploying to systems you can't fully see, with a customer who can't afford a bad release. This skill reviews through that lens.
context.md: alwaysdecisions.md: what was agreed and whytrust-profile.md: AI code policy, sacred data, what must never changeterrain.md: blast radius context, fragile zonesCheck the change against decisions.md. Not against what seems right, against what was explicitly decided.
trust-profile.md touched?If Stage 1 fails, stop. Don't proceed to quality review on code that doesn't match the agreement.
Five dimensions. Be specific, not "this could be better" but "line 47 will fail under concurrent writes because there's no lock."
Correctness: Does it do what it says? Edge cases handled? Error paths traced?
Blast radius: What breaks if this fails at 2am? Which systems downstream are affected? Is the failure mode loud (errors surface immediately) or silent (data corruption over time)?
Security: Input validation at boundaries. No secrets in logs. No new attack surface. Check trust-profile.md for what's classified as sensitive in this environment.
Rollback: Can this be reverted in under 5 minutes? Is the rollback documented? If the answer is "we'd have to do a data migration to roll back," that's a blocker.
AI policy: Check trust-profile.md. Some modules in this environment may require human review of AI-generated code, or prohibit it in certain areas. If this change touches those areas, flag it before it ships.
AI components: If this change includes AI-generated output in a user-facing or decision-making path, check: does it have a fallback when the model fails? Are inputs and outputs logged? Are outputs bounded so a model hallucination cannot cause a downstream catastrophe? In regulated environments, can a human explain why the AI made a specific decision? Explainability is a compliance requirement in fintech and healthcare, not a preference.
A clear verdict for each stage:
Stage 1: Pass / Blocked (with specific reason) Stage 2: Pass / Concerns (with line-specific notes)
No padding. If it's fine, say it's fine. If something needs fixing, say exactly what and why, not just that it could be improved.
Log the review outcome in decisions.md: what was reviewed, what was flagged, what was resolved.
.fde/decisions.md: review outcome logged -- what was reviewed, what was flagged, what was resolved. If Stage 1 fails, record the specific mismatch.
Before Stage 1, check PR/diff size:
decisions.md and route to @fde-plan or @fde-engineering. Review loops fail on huge diffs.Ask: Is this one agreed task, or did scope merge mid-build?
After the first review pass:
Do not accept every automated review comment blindly. Reject false positives with one sentence why.
Log each cycle in decisions.md: findings, fixes, verification commands.
On AI-heavy or data-touching changes, also check:
trust-profile.md?Be terse: one line problem, one line fix.