// Use when reviewing a PR or branch diff. Security, correctness, test coverage, architecture drift. Produces structured verdicts with line references.
[HINT] SKILL.md 및 모든 관련 파일을 포함한 전체 스킬 디렉토리를 다운로드합니다
| name | code-review |
| stable-id | code-review |
| description | Use when reviewing a PR or branch diff. Security, correctness, test coverage, architecture drift. Produces structured verdicts with line references. |
| tags | ["review","code-quality","security"] |
| authors | ["ship"] |
Structured code review for PRs and branch diffs.
# PR number
gh pr diff <number>
# Or branch diff
git diff main..HEAD
Build a change map:
<!-- .artifacts/review-map.md -->
# Review Map
| File | Type | Risk | Reviewer focus |
|------|------|------|---------------|
| src/auth.ts | feature | high | security, auth flow |
| src/utils.ts | refactor | low | behavior preservation |
| migrations/001.sql | schema | high | data safety, rollback |
For each changed file, check in order:
Security (blocks merge):
Correctness (blocks merge):
Tests:
Architecture:
Style (non-blocking):
<!-- .artifacts/review.md -->
# Review: <PR title or branch>
## Verdict: APPROVE | REQUEST_CHANGES | COMMENT
## Blockers
- **[security]** `src/auth.ts:42` — user input passed directly to SQL query
```diff
- db.query(`SELECT * FROM users WHERE id = ${id}`)
+ db.query(`SELECT * FROM users WHERE id = ?`, [id])
src/utils.ts — parseDate has no test for invalid inputsrc/api.ts:15 — unused import Responsemigrations/001.sql — clean schema change, rollback safesrc/components/ — UI changes match spec
### 5. Post or surface
{% if post_to_github %}
Post to GitHub:
```bash
gh pr review <number> --request-changes --body-file .artifacts/review.md
# or
gh pr review <number> --approve --body-file .artifacts/review.md
{% else %} Surface the review inline or to mission-control. Blockers = gate fail. Suggestions = pass with notes.
To post directly to GitHub: ship vars set code-review post_to_github true
{% endif %}