一键导入
code-review
Review a PR for quality, security, and standards compliance. Invokes the Code Reviewer agent (Rex).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Review a PR for quality, security, and standards compliance. Invokes the Code Reviewer agent (Rex).
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Review a technical design / migration AgDR / feature spec for architectural soundness BEFORE the Build phase. Invokes the Solution Architect agent (Tariq) — the non-code analog of /code-review.
Score a review agent (Rex/Hakim/Tariq) against a labeled PR corpus — ground-truth defect-set overlap, never a prose rubric. Headline metric is approve-precision.
Security-focused PR review for vulnerabilities and best practices. Invokes the Security Reviewer agent (Shield).
Record per-PR design-review approval (UI merge gate). ONLY on an explicit per-PR designer "approved".
Record per-PR CEO approval and merge in one turn. ONLY on an explicit per-PR "approved" — never on umbrella "go".
Generate C4 L1 (Context) + L2 (Container) Mermaid diagrams from a project's codebase. Structurizr DSL escape hatch (--dsl) for L3+ component precision.
| name | code-review |
| description | Review a PR for quality, security, and standards compliance. Invokes the Code Reviewer agent (Rex). |
| disable-model-invocation | true |
| argument-hint | <pr-number> [repo] |
| allowed-tools | Bash, Read, Grep, Glob |
Review a pull request for quality, security, and adherence to standards.
This skill performs semantic code navigation — finding definitions, walking references, tracing handlers across modules. With LSP enabled (ENABLE_LSP_TOOL=1 + per-language plugin per docs/getting-started.md), queries are ~3-15× cheaper in token cost than grep + Read. Without LSP, the skill falls back to grep + Read transparently — no new failure mode, just optional speed.
Per-language LSP plugins live in Claude Code's marketplace. Install once; the skill detects the active language and dispatches automatically.
When /code-review runs:
.claude/agents/code-reviewer.md — runs on every commit, owns the automated first-pass review.**/auth/**, **/crypto/**, **/secrets/**, .env*, or similar, the Security Auditor also activates and must sign off before merge. Consider chaining /security-review for the deeper pass.See .claude/rules/role-triggers.md for the full activation protocol.
/code-review 30
/code-review 30 your-org/your-repo
Before spawning the Code Reviewer agent (Rex), write the active-reviewer session marker so warn-review-marker-write.sh lets Rex's *-rex.approved write through the blocking marker gate. At skill entry:
ops_root=$(git rev-parse --show-toplevel)
r="$ops_root"
while [ -n "$r" ] && [ "$r" != "/" ]; do
[ -f "$r/.apexyard-fork" ] && { ops_root="$r"; break; }
[ -f "$r/onboarding.yaml" ] && [ -f "$r/apexyard.projects.yaml" ] && { ops_root="$r"; break; }
r=$(dirname "$r")
done
mkdir -p "$ops_root/.claude/session"
printf '%s\n' "<owner/repo>#<pr>:rex" > "$ops_root/.claude/session/active-reviewer"
On skill exit (after Rex posts its verdict, whether APPROVED or CHANGES REQUESTED), clear the marker:
rm -f "$ops_root/.claude/session/active-reviewer"
Without this marker, a build-class sub-agent attempting the same write is correctly blocked — see .claude/hooks/warn-review-marker-write.sh and .claude/rules/pr-workflow.md § "Build agents cannot self-review".
### Fallow Findings table + dry-run fix previewtracker_review_submit (gh PR / glab MR / custom host — #758), not a hardcoded gh pr review, then clear the active-reviewer marker from step 0any typesScan the diff for unrecorded decisions:
If a decision is detected but no AgDR is linked:
/decidePosts a GitHub review comment with:
fallow CLI is available)Invokes: Code Reviewer Agent (Rex)
Part of ApexYard — multi-project SDLC framework for Claude Code · MIT.