<command_purpose> Perform exhaustive backend code reviews using multi-agent analysis, ultra-thinking, and Git worktrees for deep local inspection of APIs, databases, and services. </command_purpose>
Performs exhaustive backend code reviews using multi-agent analysis and Git worktrees for deep API, database, and service inspection.
/plugin marketplace add shivrajkumar/traya-plugin/plugin install traya-backend-engineering@traya-plugin<command_purpose> Perform exhaustive backend code reviews using multi-agent analysis, ultra-thinking, and Git worktrees for deep local inspection of APIs, databases, and services. </command_purpose>
<role>Senior Backend Architect with expertise in API design, database optimization, security, performance, and distributed systems</role>
<review_target> #$ARGUMENTS </review_target>
<critical_requirement> MUST create worktree FIRST to enable local code analysis. No exceptions. </critical_requirement>
<thinking> First, I need to determine the review target type and set up the worktree. This enables all subsequent agents to analyze actual backend code, database schemas, API implementations, not just diffs. </thinking><task_list>
Determine review type: PR number (numeric), GitHub URL, file path (.md), or empty (latest PR)
Create worktree directory structure at $git_root/.worktrees/reviews/pr-$identifier
Check out PR branch in isolated worktree using gh pr checkout
Navigate to worktree - ALL subsequent analysis happens here
Fetch PR metadata using gh pr view --json for title, body, files, linked issues
Clone PR branch into worktree with full history gh pr checkout $identifier
Set up backend analysis tools (TypeScript compiler, ESLint, database schema tools)
Prepare security scanning environment (OWASP checks, dependency audit)
Ensure that the worktree is set up correctly and that the PR is checked out. ONLY then proceed to the next step.
</task_list>
<project_type_detection>
Check for these indicators to determine backend project type:
NestJS Project:
nest-cli.jsonpackage.json with @nestjs/core, @nestjs/common@Module(), @Controller(), @Injectable()*.controller.ts, *.service.ts, *.module.tsExpress.js Project:
package.json with expressapp.js, server.js, routes/*.jsTypeORM Database:
ormconfig.json or ormconfig.tspackage.json with typeorm*.entity.tsmigrations/*.tsPostgreSQL/MongoDB:
API Documentation:
swagger.json, openapi.yamlBased on detection, set appropriate reviewers for parallel execution.
</project_type_detection>
<parallel_tasks>
Run ALL or most of these backend-specific agents at the same time:
Backend Framework Reviewers (choose based on project type):
For NestJS projects:
For Express projects: 2. Task express-specialist(PR content)
Database & ORM Reviewers: 3. Task database-modeler(PR content) 4. Task typeorm-specialist(PR content) 5. Task redis-cache-specialist(PR content)
API & Documentation Reviewers: 6. Task api-designer(PR content) 7. Task api-documenter(PR content)
Quality & Testing Reviewers: 8. Task testing-specialist(PR content) 9. Task typescript-reviewer(PR content)
Performance & Security: 10. Task performance-analyzer(PR content) 11. Task security-auditor(PR content)
Universal Backend Reviewers: 12. Task architecture-strategist(PR content)
</parallel_tasks>
<ultrathink_instruction> For each phase below, spend maximum cognitive effort. Think step by step. Consider all angles. Question assumptions. Bring all reviews in a synthesis to the user.</ultrathink_instruction>
<thinking_prompt> ULTRA-THINK: Analyze API design, contracts, versioning, and backward compatibility. What could break for API consumers? </thinking_prompt>
<api_analysis_checklist>
</api_analysis_checklist>
<deliverable> Complete API contract analysis with endpoint-by-endpoint review </deliverable><thinking_prompt> ULTRA-THINK: Analyze database schema design, migrations, query performance, and data integrity. What could cause data corruption or performance issues? </thinking_prompt>
<database_analysis_checklist>
</database_analysis_checklist>
<deliverable> Complete database architecture map with schema diagrams and performance analysis </deliverable><thinking_prompt> ULTRA-THINK: Put yourself in each stakeholder's shoes. What matters to them? What are their pain points? </thinking_prompt>
<stakeholder_perspectives>
API Consumer Perspective <questions>
Backend Developer Perspective <questions>
Database Administrator Perspective <questions>
DevOps/Operations Perspective <questions>
Security Team Perspective <questions>
Performance Team Perspective <questions>
Business Perspective <questions>
<thinking_prompt> ULTRA-THINK: Explore edge cases and failure scenarios specific to backend systems. What could go wrong? How does the system behave under stress? </thinking_prompt>
<scenario_checklist>
API Scenarios:
Database Scenarios:
Integration Scenarios:
Scale & Performance:
Security Scenarios:
</scenario_checklist>
npm audit)Run the Task code-simplicity-reviewer() to identify opportunities to simplify backend code:
<critical_requirement> All findings MUST be converted to actionable todos in the CLI todo system </critical_requirement>
<synthesis_tasks>
For EACH finding, present in this format:
---
Finding #X: [Brief Title]
Severity: 🔴 P1 / 🟡 P2 / 🔵 P3
Category: [API-Design/Database/Security/Performance/Testing/Code-Quality]
Description:
[Detailed explanation of the issue or improvement]
Location: [file_path:line_number]
Problem:
[What's wrong or could be better]
Impact:
- API consumers: [How this affects API users]
- Database: [Schema/performance impact]
- Security: [Vulnerability or compliance issue]
- Performance: [Response time/throughput impact]
Proposed Solution:
[How to fix it with code examples]
Backend-Specific Details:
- Migration required: [Yes/No]
- Breaking change: [Yes/No]
- Database indexes: [Add/modify/remove]
- API version: [Affected versions]
Effort: Small/Medium/Large
---
Do you want to add this to the todo list?
1. yes - create todo file
2. next - skip this finding
3. custom - modify before creating
<todo_creation_process>
Determine next issue ID:
ls todos/ | grep -o '^[0-9]\+' | sort -n | tail -1
Generate filename:
{next_id}-pending-{priority}-{brief-description}.md
Example: 042-pending-p1-sql-injection-user-search.md
Create file from template:
cp todos/000-pending-p1-TEMPLATE.md todos/{new_filename}
Populate with finding data:
---
status: pending
priority: p1 # or p2, p3 based on severity
issue_id: "042"
tags: [code-review, security, api, database, nestjs] # add relevant backend tags
dependencies: []
breaking_change: false # or true if API breaking change
migration_required: false # or true if database migration needed
---
# [Finding Title]
## Problem Statement
[Detailed description from finding]
## Findings
- Discovered during backend code review by [agent names]
- Location: [file_path:line_number]
- Category: [API/Database/Security/Performance]
- [Key discoveries from agents]
## Impact Analysis
### API Consumers
- [How this affects API users]
- Breaking change: [Yes/No]
### Database
- Schema changes: [Yes/No]
- Migration required: [Yes/No]
- Performance impact: [Description]
### Security
- Vulnerability: [Type and severity]
- OWASP category: [If applicable]
### Performance
- Response time impact: [Measurement]
- Throughput impact: [Measurement]
## Proposed Solutions
### Option 1: [Primary solution from finding]
- **Pros**: [Benefits]
- **Cons**: [Drawbacks]
- **Effort**: [Small/Medium/Large]
- **Risk**: [Low/Medium/High]
- **Migration**: [Required/Not required]
### Code Example:
```typescript
// Before
[Current code]
// After
[Proposed fix]
[Leave blank - needs manager triage]
By: Claude Backend Code Review System Actions:
Learnings:
Source: Backend code review performed on {date} Review command: /traya-backend-engineering:review {arguments}
Track creation: Add to TodoWrite list if tracking multiple findings
</todo_creation_process>
After processing all findings:
## Backend Code Review Complete
**Review Target:** [PR number or branch]
**Total Findings:** [X]
**Todos Created:** [Y]
### Findings by Category:
- 🌐 API Design: [count]
- 🗄️ Database: [count]
- 🔒 Security: [count]
- ⚡ Performance: [count]
- ✅ Testing: [count]
- 📝 Code Quality: [count]
### Breaking Changes:
- [List any API breaking changes]
### Database Migrations Required:
- [List migrations needed]
### Created Todos:
- `{issue_id}-pending-p1-{description}.md` - {title}
- `{issue_id}-pending-p2-{description}.md` - {title}
...
### Skipped Findings:
- [Finding #Z]: {reason}
...
### Next Steps:
1. Triage pending todos: `ls todos/*-pending-*.md`
2. Use `/traya-backend-engineering:triage` to review and approve
3. Work on approved items: `/traya-backend-engineering:resolve_todo_parallel`
4. Run migration scripts if database changes
5. Update API documentation if API changes
6. Notify API consumers of breaking changes
If user wants to convert all findings to todos without review:
# Ask: "Create todos for all X findings? (yes/no/show-critical-only)"
# If yes: create todo files for all findings in parallel
# If show-critical-only: only present P1 findings for triage
npm audit)