// Fast single-pass FXA-specific commit review covering security, conventions, logic/bugs, tests, and migrations. No subagents — runs directly in the main context.
Lists open FXA PRs matching a search term with a rich status table — file/line counts, draft state, review activity, and approval status. Defaults to all open PRs needing review.
Approves the on-hold "Approve Functional Tests (PR)" CircleCI job for the current PR branch, kicking off the gated Playwright functional tests. Requires CIRCLECI_TOKEN in the environment.
Reviews changed React/TSX code for component design, hooks misuse, performance, accessibility, and state management issues. Reports findings with severity and concrete fix recommendations. Operates on files changed vs main.
Thorough FXA-specific commit review using parallel specialist agents. Covers security, TypeScript, logic/bugs, test quality, and architecture. Agents explore call sites, git history, and monorepo conventions.
Drafts Jest tests for changed code. Defaults to staged/unstaged changes or the most recent commit. Output is a starting point for review, not final.
Validates that Jest tests in a given file pass both as a full suite and individually in isolation, catching hidden order dependencies and shared mutable state.
| name | fxa-review-quick |
| description | Fast single-pass FXA-specific commit review covering security, conventions, logic/bugs, tests, and migrations. No subagents — runs directly in the main context. |
| allowed-tools | Bash, Read, Grep, Glob |
| argument-hint | ["commit-ref"] |
| user-invocable | true |
| context | fork |
Review the most recent commit (or the commit specified in $ARGUMENTS) in a single pass, using FXA-specific knowledge.
COMMIT_REF="${ARGUMENTS:-HEAD}"
git show "$COMMIT_REF" --format="%H%n%an%n%ae%n%s%n%b"
COMMIT_REF="${ARGUMENTS:-HEAD}"
git show --stat "$COMMIT_REF"
Use Read and Grep to examine the changed files and their surrounding context. Look at imports, callers, and related types to understand the full picture before judging.
Evaluate the diff through these lenses, in order of priority:
1. Security
Content-Type validation2. FXA Conventions
Error thrown in route handlers instead of AppError from @fxa/accounts/errorsconsole.log instead of the log object (mozlog format)@fxa/<domain>/<package> aliasesfxa-auth-server/** (ESLint blocks this)fxa-content-server) — should be in fxa-settings or SubPlat 3.0fxa-graphql-api was removed, admin-server GraphQL is legacy. Exception: CMS-related GraphQL.require() in .ts files — use import instead. Existing CJS patterns in auth-server .js files are fine.async/await over .then() promise chainsContainer.get()/Container.set() usage — linting rules to disallow these are coming3. Logic & Bugs
await on async calls — note: some fire-and-forget patterns (metrics, logging) are intentional, check context before flagging4. Tests
Apply the FXA testing rules in .claude/skills/fxa-testing-shared/GUIDELINES.md (read it before reviewing test changes). Common quick-review triggers:
*.spec.ts; fxa-settings uses *.test.tsx conventionjest.clearAllMocks() in beforeEach — redundant only when the package's jest.config.* sets clearMocks: true (currently fxa-auth-server and fxa-profile-server); do not flag in other packages without checking their configmockClear/mockReset/jest.clearAllMocks/jest.resetAllMocks called inside an it() body — band-aid for state leakage from prior tests or shared setup; fix the isolation insteadproxyquire in new test code — should use jest.mock()test/local/ or test/remote/ — new tests must be JestX, assertion checks for X, no real logic in betweenjest.Mocked<T>) catch contract driftexpect.anything(), expect.any(Object), broad expect.objectContaining({}) with one trivial keyforEach / for loops driving multiple expect calls inside one it() body — use it.each so each case is independently reportedit('...', async () => {...}, 30_000), jest.setTimeout(...) for a single file) — usually masks a real timer or unmocked I/Ojest.useFakeTimers() and jest.setSystemTime() over setTimeout or mocking Date.now directlyact() wrapping in React test state updatesit.only, describe.only, fit, fdescribe — silently skips the rest of the suite, never acceptable. it.skip, xit, xdescribe, it.todo — flag only when there is no comment explaining the skip; a justified skip (ideally with a Jira/issue reference) is acceptable*.test.tsx in fxa-settings: also apply .claude/skills/fxa-check-react/SKILL.md Section 5 (querying by role, userEvent over fireEvent, no asserting on refs/instances)5. Database Migrations
/fxa-shared/test/db/models/**/*.sql)DELETE/UPDATE without WHERE clauseALTER TABLE on large tables without online DDL consideration6. Migration Direction
proxyquire → jest.mock()async/awaitfxa-shared → libs/* (migration in progress, check both locations for existing code before adding new)7. AI Slop Detection
Commit: hash Author: name Message: commit message Files Changed: count
Write a brief summary of what the commit does based on the diff. Do not repeat the commit message.
Use a table with columns: #, Severity, Category, File, Line, Issue, Recommendation.
Severity definitions:
If no issues are found, skip the table and write: "No issues found."
Recommendation: APPROVE, REQUEST CHANGES, or NEEDS DISCUSSION.
Include blocking issue count (CRITICAL + HIGH) and total issue count.
If clean: "This commit is ready to merge." If not: "Please address the CRITICAL and HIGH issues before merging."