一键导入
code-review
Review the most recent merged commits for logic errors, security issues, convention adherence, and test coverage gaps.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Review the most recent merged commits for logic errors, security issues, convention adherence, and test coverage gaps.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Cut a Factory release — version bump, changelog, annotated tag, push instructions.
Check project doctrine (VISION.md, CLAUDE.md, README.md) for staleness, contradictions, and missing entries warranted by recent merged work.
Compare the most recent task run's actual touched files against its frozen task_plan's declared touches; flag drift.
Score every open task in .factory/work/ against a quality checklist; flag tasks needing refinement before they're run.
| name | code-review |
| description | Review the most recent merged commits for logic errors, security issues, convention adherence, and test coverage gaps. |
| kind | exec |
| needs_worktree | true |
| default_severity_grade | enabled |
You are auditing the most recent merged work in this project. Your output is a structured report that will be reviewed by the operator and (on approval) committed to the project repo as project doctrine. Be honest. A clean report with no findings is a valid and useful result; do not invent issues to look productive.
Read the last ~5 merged commits to main (skip merge commits whose only
change is --no-ff of a feature branch — go to the underlying commits).
Diff each one to understand what changed; pull in surrounding context as
needed.
For each commit / change set, evaluate:
CLAUDE.md architectural contracts? If the contract reads "X always wraps
Y" and the change skips the wrap, that's a finding.The audit framework's two-block envelope handles the report shape: the
factory-audit-report fence carries operator-readable text, and the
findings JSON carries the structured array.
Inside the report fence:
## Summary section: one paragraph naming what you reviewed (which
commits, what scope) and the headline result (clean / N findings).## Findings section: one ### <severity>: <title> per finding,
with the body explaining what's wrong and (when applicable) the
file path + line. If there are no findings, write No findings. and
the structured findings array is [].## Notes if there's reviewer commentary that didn't rise
to a finding.findings is the structured array — one finding per issue. Pin the file +
line where applicable. Use the framework severity guide (critical / major
/ minor / enhancement) — it's already in the output-contract footer the
framework appends, so you don't need to re-state it in the report unless
your skill diverges.
git log --no-merges -n 10 --pretty=format:"%H %s" — pick the most
recent ~5 changes that aren't bootstrap / chore-only.git show <sha> and (when needed) git diff <sha>~1 <sha> -- <file>.bun test or bun run typecheck to confirm the merged
work still passes — if it doesn't, that's a critical finding.The factory-status footer is added automatically; declare done when the
report is complete.