| name | code-review |
| description | Comprehensive codebase review for inconsistencies, security vulnerabilities, code quality, and documentation. Use when: submitting PRs, preparing releases, onboarding new team members, or conducting periodic audits. Covers architecture patterns, dependency security, linting, type checking, and Humanet validation. |
| argument-hint | Optional: focus areas (all, security, architecture, quality, docs) or file path |
Code Review Skill
When to Use
- Before submitting pull requests — ensure code meets quality standards
- Release preparation — verify no security issues or breaking changes
- Team onboarding — familiarize with codebase patterns and standards
- Periodic audits — catch drift from architecture decisions
- Dependency updates — scan for vulnerabilities after pnpm update
What This Skill Does
Performs systematic code review across four dimensions:
- Architecture Consistency — Modular patterns, module naming, plugin structure
- Security Vulnerabilities — Dependency audits, secret detection, auth patterns
- Code Quality — Linting, type checking, unused code
- Documentation — Humanet validation, ADR alignment, README accuracy
Procedure
Phase 1: Setup (Minutes)
cd d:\Sanskar\programming\projects\campus-os
pnpm install --save-dev @commitlint/cli eslint prettier typescript
pnpm run analyze:codebase
Phase 2: Security Review (~5 minutes)
Execute security checks script:
pnpm run audit:security
Checks performed:
- ✅ Dependency vulnerability scan (
pnpm audit)
- ✅ Secrets detection (no API keys, tokens, passwords in code)
- ✅ Auth pattern validation (JWT usage, session handling)
- ✅ Environment variable validation
If vulnerabilities found:
- Document severity (critical, high, medium, low)
- Check if already documented in ADRs
- Create issue for remediation
- Run
pnpm update to patch if safe
Phase 3: Architecture Review (~10 minutes)
Use architecture checklist:
pnpm run validate:architecture
Checks performed:
- ✅ Module structure compliance (all code in
/apps/*)
- ✅ No direct module-to-module imports (only via DB or services)
- ✅ Plugin loader usage correctness
- ✅ ADR alignment with code decisions
- ✅ Database schema consistency
If inconsistencies found:
Phase 4: Code Quality Review (~15 minutes)
Execute quality checks:
pnpm run lint:all
pnpm run type:check
pnpm run format:check
Checks performed:
- ✅ ESLint rules compliance
- ✅ TypeScript type correctness
- ✅ Code formatting (Prettier)
- ✅ Unused variables/imports detection
- ✅ Jest test coverage baseline
If issues found:
- Auto-fix with
pnpm run fix:all
- Review failing tests:
pnpm run test
- Update test snapshots only if intentional
Phase 5: Documentation Review (~5 minutes)
Run documentation validation:
humanet validate
pnpm run validate:docs
Checks performed:
- ✅ Humanet YAML frontmatter correctness
- ✅ ADR references in code match reality
- ✅ README command accuracy (copy/paste and run each section)
- ✅
COPILOT.md rules followed
- ✅
ROADMAP.md alignment with implementation
If issues found:
- Update
.humanet/ files
- Run
humanet validate to confirm
- Update README with current command syntax
Phase 6: Generate Report
Create summary for PR/release notes:
pnpm run review:report
Output locations:
review-report.md — Summary of all findingsreview-details.json — Machine-readable results- Git staging — Ready to commit if all passing
Decision Points
| Finding Level | Security | Architecture | Quality | Docs | Action |
|---|
| ✅ Passing | None | None | None | None | Approve & merge |
| ⚠️ Warning | Low | Warning | Minor | Info | Document & proceed |
| 🔴 Blocking | Any | Core pattern | Test failures | Missing | Fix before merge |
Quick Reference
All Checks
pnpm run review:all
Specific Focus
pnpm run audit:security
pnpm run validate:architecture
pnpm run lint:all
humanet validate
Automated Fixes
pnpm run fix:all
pnpm run update:deps
Tools & References
Related Skills
Common Issues & Solutions
| Issue | Root Cause | Solution |
|---|
pnpm audit fails | Outdated dependencies | Run pnpm update to patch versions |
| Architecture warnings | Code outside /apps/ | Move to module or create new app |
| Type errors | Missing TypeScript | Run pnpm install -D typescript |
| Humanet validate fails | YAML frontmatter | Check Humanet spec |
| Secrets detected | Committed credentials | Use .env.local (gitignored) |
Last Updated: March 31, 2026
Project: CampusOS - Campus Management System
Maintained by: NITRR Open Source
