Review code changes for quality and best practices
Performs comprehensive code review for quality, security, and best practices. Use after making changes but before running automated validation checks.
/plugin marketplace add benshapyro/cadre-devkit-claude/plugin install benshapyro-cadre-devkit-claude@benshapyro/cadre-devkit-claudePurpose: Qualitative code review - checks code quality, style, security, and best practices.
Distinct from /validate: This command does human-like code review. Use /validate for automated checks (types, lint, tests, build).
Workflow: /review → /validate → /ship
Get the current diff to review:
!git diff --name-only
!git diff --staged --name-only
If there are changes, get the full diff:
!git diff
!git diff --staged
If no changes found, inform the user and stop.
Use the code-reviewer agent for comprehensive review. The agent has skills: code-formatter, error-handler which auto-load.
Task(
subagent_type="code-reviewer",
prompt="Review the following code changes for quality, security, and best practices.
Files changed:
[list files from step 1]
Review focus:
- Code quality and maintainability (DRY, KISS, YAGNI)
- Security vulnerabilities (comprehensive OWASP checklist)
- Style consistency (via code-formatter skill)
- Error handling patterns (via error-handler skill)
- Test coverage for new/changed code
Provide a structured review with:
- Overall assessment (APPROVE / REQUEST CHANGES)
- Positive findings
- Required changes (with file:line references)
- Suggestions for improvement
- Security concerns (if any)"
)
Present the agent's review to the user with clear next steps.
After review is complete:
/validate to verify automated checks, then /ship to commit/reviewUser: /review
Claude:
1. Gathers git diff (3 files changed)
2. Spawns code-reviewer agent with diff context
3. Agent reviews using its skills and security checklist
4. Presents structured review:
## Code Review Summary
**Overall Assessment**: APPROVE
### Positive Findings
- Clean separation of concerns in new utility functions
- Good error handling with descriptive messages
### Suggestions
- `src/utils/parser.ts:45` - Consider extracting the regex to a named constant
### Security Concerns
- None identified
---
Ready for `/validate` → `/ship`