菜单
Code quality check with adaptive effort scaling. Includes security scanning.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Show token / tool usage stats from the local telemetry log. Use when you want to know "which tools am I burning context on", "which skills are expensive", or "was yesterday's session mostly Read/Grep or actually productive".
Parallel quality audit with 7 specialized agents (Opus). Finds bugs, violations, and quality issues. Use audit for fixes, brainstorm for features.
Manage environment variables with Doppler — auto-install CLI, login, link projects, wrap commands with `doppler run`. Replaces scattered .env files with a hub/spoke architecture.
Scaffolds new projects or onboards existing ones. Detects stack, creates monorepo/single-app, configures strict tooling. Use for greenfield or first-time setup.
Archives completed stories from prd.json to reduce token usage.
Autonomous task execution with testing and security. Works through all tasks without stopping.
| name | review |
| description | Code quality check with adaptive effort scaling. Includes security scanning. |
| triggers | ["review","verify","check"] |
| allowed-tools | Bash, Read, Grep, Glob, Task |
| model | opus |
| user-invocable | true |
| argument-hint | [quick|deep] |
Quality check on current/recent changes. Scales effort to the task.
| Command | What It Does | When to Use |
|---|---|---|
review | Adaptive effort based on change type (default) | Before committing |
review quick | Build + typecheck only | Typos, one-liners, low-risk changes |
review deep | Full 7-step verification + UI check | After implementing features, before shipping |
| Task Type | Review Depth |
|---|---|
| Typo, one-liner | Does it work? Ship it. |
| Feature, component | Build + types + looks right |
| Architecture, refactor | All above + system impact |
More review for: money, security, user data, unfamiliar code. Less review for: isolated changes, low risk, well-understood code.
After any change:
npm run typecheck && npm run build — must passIf yes to all, move on.
git diff --name-only HEAD~3
git diff --staged --name-only
npm run typecheck
npm run build
npm run lint # If available
npm test -- --watchAll=false --passWithNoTests 2>/dev/null | tail -10
For each changed file, check:
any types or @ts-ignoreas unknown as unsafe casts on API/DB datafetch() without error handling (missing res.ok check or try/catch)<label> or aria-labelif (session) without default deny)npm audit --production 2>/dev/null | grep -E "critical|high" | head -5
For each changed file, check:
Scan the diff for these 12 patterns:
# Run on staged/changed files only
git diff --name-only HEAD~3 | xargs grep -n "as unknown as\|fetch(.*)\.\(then\|catch\)\?$\|dangerouslySetInnerHTML\|eval(\|innerHTML\|document.write\|console\.log\|text-white\|bg-black\|text-gray-" 2>/dev/null | head -20
Review: [X files changed]
==========================
Build: Pass/Fail
Types: Pass/Fail
Lint: Pass/Fail (or N/A)
Issues Found:
- src/component.tsx:45 - console.log left in
- src/hook.ts:12 - Missing error handling
Suggestions:
- Consider extracting duplicate logic in X and Y
Overall: Ready to commit / Needs fixes
Confirm the work is done well, not just done. A task is complete when it works, solves the actual problem, and is production-ready.
Flag opportunities to improve UX, performance, or error messages — but do not implement them during review. Report them as findings for a future task.
Verify visually:
Use agent-browser for verification when helpful:
for port in 3000 3001 5173 8080; do
curl -s http://localhost:$port > /dev/null && break
done
agent-browser open http://localhost:$port/path
agent-browser snapshot -i
Run each check in order. Stop and fix on any failure.
0. Optional: Specialist agent review (for significant diffs)
If the diff touches 5+ files or includes auth/billing/data-mutation code, spawn a code-reviewer agent in parallel with steps 1-6:
Task({ subagent_type: "code-reviewer", model: "opus", run_in_background: true,
prompt: "Review staged changes in [PROJECT_PATH] for bugs, logic errors, security vulnerabilities, and convention drift. Limit to 60 tool calls. Focus on: the diff (git diff --staged), what the change is supposed to do vs. what it actually does, edge cases the author may have missed. Report only high-confidence findings — skip style nits. Format: Severity, File:line, Issue, Why it matters." })
Read its findings before issuing a verdict. Skip for typos/one-liners.
1. Build Check
npm run build 2>&1 | tail -20
Zero errors required. Note warnings.
2. Type Safety
npm run typecheck 2>/dev/null || npx tsc --noEmit 2>/dev/null
Zero type errors required.
3. Test Suite
npm test -- --passWithNoTests --watchAll=false 2>/dev/null
All tests pass. Report: X passed, Y failed, Z skipped.
4. Code Hygiene Scan
grep -rn "console\.log\|console\.warn\|debugger\|TODO\|FIXME\|HACK" src/ --include="*.ts" --include="*.tsx" | grep -v node_modules | grep -v "\.test\." | head -20
Report count and locations. console.error is acceptable.
5. UI Quality Scan
grep -rn "text-white\|text-black\|bg-white\|bg-black\|text-gray-\|bg-gray-" src/ --include="*.tsx" | grep -v node_modules | head -20
grep -rn "<img\|<Image" src/ --include="*.tsx" | grep -v "width\|height\|fill" | head -10
6. Diff Review
git diff --stat
git diff --name-only
Only expected files modified. Flag unexpected changes.
7. Verdict
## Verification Result
| Check | Status | Notes |
|-------|--------|-------|
| Build | PASS/FAIL | |
| Types | PASS/FAIL | X errors |
| Tests | PASS/FAIL | X passed, Y failed |
| Hygiene | PASS/WARN | X debug statements |
| UI Quality | PASS/WARN | X hardcoded colors |
| Diff | PASS/WARN | X files modified |
**Overall: PASS / FAIL**
If PASS: "Ready for commit." If FAIL: list specific items to fix.
Apply principles from related skills when reviewing:
| Skill | Check For |
|---|---|
standards | Type safety, design tokens, all UI states, React patterns |
design | Avoid AI slop (no purple gradients, no Inter/Roboto) |
security | Secrets, RLS, input validation, XSS |
Would a senior developer approve this PR? If not, improve it.