// Review code for quality, security, performance, and architecture. Supports full codebase, specific features, or changed files.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | review |
| description | Review code for quality, security, performance, and architecture. Supports full codebase, specific features, or changed files. |
| user-invocable | true |
Review code for quality, security, performance, architecture, and consistency with project conventions.
/review — review all uncommitted changes (git diff)/review all — review the entire codebase (high-level scan)/review backend — review all backend code/review frontend — review all frontend code/review backend/apps/accounts — review a specific module/review frontend/src/features/candidates — review a specific feature/review --fix — review and auto-fix issues foundParse the arguments:
git diff + git diff --cached + untracked files)all → scan entire codebase (read key files, check structure)backend / frontend → scan that layer--fix flag → fix issues after reviewBefore reviewing, read:
AGENTS.md for project rulesdocs/CODE_STYLE.md if it existsdocs/BUSINESS_LOGIC.md for domain contextHard limit: 200 lines per file. Any file exceeding 200 lines is a Critical Issue.
Run these checks:
find backend/apps -name "*.py" ! -path "*/migrations/*" -exec wc -l {} + | sort -rn | head -20 — flag any file over 200 linesfind frontend/src -name "*.vue" -o -name "*.ts" | xargs wc -l | sort -rn | head -20 — flag any file over 200 linesFor each oversized file, recommend a split strategy:
apis/profile.py, apis/education.py, apis/work_experience.py)services/vacancy_crud.py, services/vacancy_ai.py)Before the manual review, run automated linters to catch low-hanging fruit:
Backend (Ruff):
Run cd backend && ruff check --select F401,F811,UP,B,DJ . on the files in scope to catch:
F401 — unused importsF811 — redefined unused variablesUP — deprecated Python patterns (old-style typing, unnecessary # coding, typing.Optional → X | None, etc.)B — bugbear (mutable default args, assertions, etc.)DJ — Django-specific issuesIf reviewing a specific path, pass that path instead of .. Report all findings as Warnings in the review output.
If --fix flag is set, run ruff check --fix --select F401,F811,UP . to auto-fix unused imports and deprecated patterns.
Frontend (TypeScript):
Run cd frontend && npx vue-tsc --noEmit 2>&1 | head -80 to catch TypeScript errors including unused imports and type issues. If vue-tsc is not available, run npx tsc --noEmit --pretty 2>&1 | head -80 as fallback.
Additionally, search for common deprecated patterns:
defineComponent() in <script setup> files (unnecessary)@/ imports that could use relative paths within the same featureref, computed, watch imports from VueLinter Config:
backend/pyproject.toml under [tool.ruff]# noqa: S101), not Flake8 codesruff format, not black or autopep8I rules), not standalone isortReview backend Python/Django code against these criteria:
Architecture (GRASP):
Project Patterns:
services.py, not in views or serializersselectors.py, not inline in viewsDead Code & Deprecated Patterns (HIGH PRIORITY — check every file):
ruff check --fix --select F401.typing.Optional[X] → X | None, typing.List[X] → list[X], typing.Dict → dict, typing.Tuple → tuple, typing.Union[X, Y] → X | Y. These are auto-fixable with ruff check --fix --select UP.django.conf.urls.url() → path(), @login_required on API views (use permission classes), JSONField from django.contrib.postgres (use django.db.models.JSONField).Code Quality:
ApplicationError consistently? Catching too broad?select_related/prefetch_related?Django-Specific:
update_fields on save@transaction.atomic where needed).all() when filtering)Review frontend Vue/TypeScript code against FSD principles:
Architecture (FSD Layers):
shared/Feature Structure (per feature):
pages/ — route-level components, minimal logic, compose from componentscomponents/ — presentational + container componentsservices/ — API calls only, no business logicstores/ — Pinia stores with state, getters, actionstypes/ — TypeScript interfaces and type aliasesroutes.ts — route definitionsconstants/ — feature-specific constantsDead Code & Deprecated Patterns (HIGH PRIORITY — check every file):
<script setup> or <template>. Common: importing a component/type/util that was removed from the template but the import remains.const/ref/computed defined but never used in template or script.defineComponent() inside <script setup> (unnecessary), Options API in new code, this.$refs instead of template refs, @click.native (removed in Vue 3).as any, // @ts-ignore (use // @ts-expect-error), enum where as const object suffices.Code Quality:
any, proper interfaces, discriminated unions for status typesref, computed, watch. No reactivity loss.Vue-Specific:
<script setup> used consistentlydefineProps<T>()defineEmits<T>()v-html with user content, no innerHTMLBackend:
select_related/prefetch_related)Frontend:
Output a structured report:
## Review: [scope]
### Critical Issues (must fix)
- [FILE:LINE] Description of the issue
### Warnings (should fix)
- [FILE:LINE] Description
### Suggestions (nice to have)
- [FILE:LINE] Description
### Architecture Notes
- Observations about structure, patterns, coupling
### Summary
- X critical issues, Y warnings, Z suggestions
- Overall assessment: [GOOD / NEEDS WORK / CRITICAL ISSUES]
If --fix was provided: