code-review
Mandatory code reviews via /code-review before commits and deploys
What this skill does
# Code Review Skill **Purpose:** Enforce automated code reviews as a mandatory guardrail before every commit and deployment. Choose between Claude, OpenAI Codex, Google Gemini, or multiple engines for comprehensive analysis. **Sub-skills:** - [adr-gate.md](./adr-gate.md) — Pre-review ADR and spec enforcement --- ## Pre-Review: ADR Gate (Mandatory) Before any review engine runs, the ADR gate executes automatically: 1. **Classify** — trivial changes (typos, deps, tests-only) skip the gate 2. **Discover** — scan `docs/adr/`, `_project_specs/`, iCPG ReasonNodes, git history for linked ADRs and specs 3. **Enforce** — if no ADRs found for non-trivial changes: - **Interactive** (default): draft ADR from git history, ask user to confirm - **Unattended** (CI): write as `Status: proposed`, proceed - **Strict**: block review until ADR exists 4. **Inject** — feed discovered ADRs + specs into the review prompt as architectural context ### ADR Compliance Review Dimension Added to the standard 7 review categories: | Category | What It Checks | |----------|----------------| | **ADR Compliance** | Change conforms to documented decisions, no undocumented architectural shifts | | Finding | Severity | |---------|----------| | Change contradicts accepted ADR | Critical | | Architectural decision not in any ADR | High | | ADR exists but is outdated/stale | Medium | | Minor drift from ADR intent | Low | See [adr-gate.md](./adr-gate.md) for full protocol, reverse-engineering rules, and configuration. --- ## Review Engine Choice When running `/code-review`, users can choose their preferred review engine: ``` ┌─────────────────────────────────────────────────────────────────┐ │ CODE REVIEW - Choose Your Engine │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ○ Claude (default) │ │ Built-in, no extra setup, full conversation context │ │ │ │ ○ OpenAI Codex CLI │ │ GPT-5.2-Codex specialized for code review, 88% detection │ │ Requires: npm install -g @openai/codex │ │ │ │ ○ Google Gemini CLI │ │ Gemini 2.5 Pro with 1M token context, free tier available │ │ Requires: npm install -g @google/gemini-cli │ │ │ │ ○ Dual Engine (any two) │ │ Run two engines, compare findings, catch more issues │ │ │ │ ○ All Three (maximum coverage) │ │ Run Claude + Codex + Gemini for critical/security code │ │ │ └─────────────────────────────────────────────────────────────────┘ ``` ### Engine Comparison | Aspect | Claude | Codex | Gemini | Multi-Engine | |--------|--------|-------|--------|--------------| | **Setup** | None | npm + OpenAI API | npm + Google Account | All setups | | **Speed** | Fast | Fast | Fast | 2-3x time | | **Context** | Conversation | Fresh per review | 1M tokens | N/A | | **Detection** | Good | 88% (best) | 63.8% SWE-Bench | Combined | | **Free Tier** | N/A | Limited | 1,000/day | Varies | | **Best for** | Quick reviews | High accuracy | Large codebases | Critical code | ### Set Default Engine ```toml # ~/.claude/settings.toml or project CLAUDE.md [code-review] default_engine = "claude" # Options: claude, codex, gemini, dual, all ``` ### Usage Examples ```bash # Use default engine /code-review # Explicitly choose engine /code-review --engine claude /code-review --engine codex /code-review --engine gemini # Dual engine (pick any two) /code-review --engine claude,codex /code-review --engine claude,gemini /code-review --engine codex,gemini # All three engines /code-review --engine all # Quick shortcuts /code-review # Uses default /code-review --codex # Use Codex /code-review --gemini # Use Gemini /code-review --all # All three engines ``` --- ## Multi-Engine Output When using multiple engines, findings are compared and deduplicated: ### Dual Engine Example ``` ┌─────────────────────────────────────────────────────────────────┐ │ CODE REVIEW RESULTS - DUAL ENGINE (Claude + Codex) │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ✅ AGREED (Found by both): │ │ 🔴 SQL injection in auth.ts:45 │ │ 🟡 Missing error handling in api.ts:112 │ │ │ │ 🔷 CLAUDE ONLY: │ │ 🟠 Potential race condition in worker.ts:89 │ │ 🟢 Consider extracting helper function │ │ │ │ 🔶 CODEX ONLY: │ │ 🟠 Memory leak - unclosed stream in upload.ts:34 │ │ 🟡 N+1 query pattern in orders.ts:156 │ │ │ ├─────────────────────────────────────────────────────────────────┤ │ SUMMARY │ │ Agreed: 2 | Claude only: 2 | Codex only: 2 │ │ Critical: 1 | High: 2 | Medium: 2 | Low: 1 │ │ Status: ❌ BLOCKED - Fix critical/high issues │ └─────────────────────────────────────────────────────────────────┘ ``` ### Triple Engine Example (All Three) ``` ┌─────────────────────────────────────────────────────────────────┐ │ CODE REVIEW RESULTS - TRIPLE ENGINE │ ├─────────────────────────────────────────────────────────────────┤ │ │ │ ✅ UNANIMOUS (All 3 found): │ │ 🔴 SQL injection in auth.ts:45 │ │ │ │ ✅ MAJORITY (2 of 3 found): │ │ 🟠 Memory leak - unclosed stream in upload.ts:34 (Codex+Gemini)│ │ 🟡 Missing error handling in api.ts:112 (Claude+Codex) │ │ │ │ 🔷 CLAUDE ONLY: │ │ 🟠 Potential race condition in worker.ts:89 │ │ │ │ 🔶 CODEX ONLY: │ │ 🟡 N+1 query pattern in orders.ts:156 │ │ │ │ 🟢 GEMINI ONLY: │ │ 🟡 Consider using batch API for better performance │ │ 🟢 Type could be more specific in types.ts:23 │ │ │ ├─────────────────────────────────────────────────────────────────┤ │ SUMMARY │ │ Unanimous: 1 | Majority: 2 | Single: 5 │ │ Critical: 1 | High: 2 | Medium: 3 | Low: 2 │ │ Status: ❌ BLOCKED - Fix critical/high issues │ └─────────────────────────────────────────────────────────────────┘ ``` ### When to Use Each Mode | Mode | Use When | |------|----------| | **Single (Claude)** | Quick in-flow reviews,
Related in Code Review
gstack
IncludedFast headless browser for QA testing and site dogfooding. Navigate pages, interact with elements, verify state, diff before/after, take annotated screenshots, test responsive layouts, forms, uploads, dialogs, and capture bug evidence. Use when asked to open or test a site, verify a deployment, dogfood a user flow, or file a bug with screenshots. (gstack)
startup-due-diligence
IncludedLegal due diligence review for seed-stage and Series A startups (US, Delaware C-Corp focus). Supports both investor and founder perspectives. Capabilities include: (1) Interactive document review and issue spotting; (2) Document request list generation; (3) Cap table and SAFE/convertible note analysis; (4) Red flag identification with severity ratings; (5) Diligence report generation. TRIGGERS: due diligence, DD, startup investment, cap table review, Series A, seed round, investor diligence, legal review startup, SAFE analysis, convertible note, 409A, founder vesting.
interview-master
IncludedThis skill should be used when the user asks to "generate interview questions", "prepare for interview", "optimize resume", "conduct mock interview", "analyze git commits for resume", "generate resume from code", "review my resume", or mentions interview preparation, career assistance, or extracting project experience from git history. Provides comprehensive interview and career development guidance for both job seekers and interviewers.
fix-issue
IncludedFixes GitHub issues using parallel analysis agents for root cause investigation, code exploration, and regression detection. Reads issue context from gh CLI, searches codebase and memory for related patterns, generates a fix with tests, and links the resolution back to the issue via PR. Includes prevention analysis to avoid recurrence. Use when debugging errors, resolving regressions, fixing bugs, or triaging issues.
sf-apex
IncludedGenerates and reviews Salesforce Apex code with 150-point scoring. TRIGGER when: user writes, reviews, or fixes Apex classes, triggers, test classes, batch/queueable/schedulable jobs, or touches .cls/.trigger files. DO NOT TRIGGER when: LWC JavaScript (use sf-lwc), Flow XML (use sf-flow), SOQL-only queries (use sf-soql), or non-Salesforce code.
swift-development
IncludedComprehensive Swift development for building, testing, and deploying iOS/macOS applications. Use when Claude needs to: (1) Build Swift packages or Xcode projects from command line, (2) Run tests with XCTest or Swift Testing framework, (3) Manage iOS simulators with simctl, (4) Handle code signing, provisioning profiles, and app distribution, (5) Format or lint Swift code with SwiftFormat/SwiftLint, (6) Work with Swift Package Manager (SPM), (7) Implement Swift 6 concurrency patterns (async/await, actors, Sendable), (8) Create SwiftUI views with MVVM architecture, (9) Set up Core Data or SwiftData persistence, or any other Swift/iOS/macOS development tasks.