Comprehensive multi-aspect code review (security, quality, performance, testing)
Performs comprehensive multi-aspect code review across security, quality, performance, testing, and architecture.
/plugin marketplace add squirrelsoft-dev/agency/plugin install agency@squirrelsoft-dev-toolspr-number, URL, or file-pathMulti-aspect code review with parallel specialist evaluation and aggregated recommendations.
Review: $ARGUMENTS
Perform comprehensive multi-aspect code review: security → quality → performance → testing → architecture.
Use TodoWrite tool to create todo list:
TodoWrite({
todos: [
{
content: "Detect review target and fetch details",
status: "in_progress",
activeForm: "Detecting review target and fetching details"
},
{
content: "Analyze changed files and complexity",
status: "pending",
activeForm: "Analyzing changed files and complexity"
},
{
content: "Launch parallel multi-aspect reviews",
status: "pending",
activeForm: "Launching parallel multi-aspect reviews"
},
{
content: "Aggregate and categorize findings",
status: "pending",
activeForm: "Aggregating and categorizing findings"
},
{
content: "Generate and save review report",
status: "pending",
activeForm: "Generating and saving review report"
}
]
});
IMMEDIATELY activate the code review standards skill:
Use the Skill tool to activate: code-review-standards
This skill contains critical review patterns, security checklists, and quality standards you MUST follow.
Analyze $ARGUMENTS to determine what to review:
GitHub Pull Request if:
123 → Assumes current repohttps://github.com/owner/repo/pull/123#123, PR 123, pull/123GitLab Merge Request if:
https://gitlab.com/owner/repo/-/merge_requests/123!123, MR 123Bitbucket Pull Request if:
https://bitbucket.org/owner/repo/pull-requests/123Local Files if:
src/components/Button.tsxsrc/features/auth/src/**/*.tsFor GitHub:
# Get PR details
gh pr view $ARGUMENTS --json number,title,body,state,author,files
# Get PR diff
gh pr diff $ARGUMENTS
# Get changed files list
gh pr view $ARGUMENTS --json files --jq '.files[].path'
For GitLab:
# Assuming glab CLI is installed
glab mr view $ARGUMENTS
glab mr diff $ARGUMENTS
For Bitbucket:
# Use Bitbucket API via curl
curl -u user:token https://api.bitbucket.org/2.0/repositories/owner/repo/pullrequests/$ARGUMENTS
For Local Files:
# Use git diff to see changes
git diff main -- $ARGUMENTS
# Or if uncommitted
git diff -- $ARGUMENTS
From the PR/MR/files, gather:
Update Progress:
TodoWrite({
todos: [
{content: "Detect review target and fetch details", status: "completed", activeForm: "..."},
{content: "Analyze changed files and complexity", status: "in_progress", activeForm: "Analyzing changed files and complexity"},
{content: "Launch parallel multi-aspect reviews", status: "pending", activeForm: "..."},
{content: "Aggregate and categorize findings", status: "pending", activeForm: "..."},
{content: "Generate and save review report", status: "pending", activeForm: "..."}
]
});
Group changed files by type:
Frontend Files:
*.tsx, *.jsx, *.ts, *.js (in components/, pages/, app/)*.css, *.scss, *.module.cssBackend Files:
*.ts, *.js (in api/, server/, lib/, services/)Configuration Files:
package.json, tsconfig.json, .env*next.config.js, vite.config.ts.eslintrc, .prettierrcTest Files:
*.test.ts, *.test.tsx, *.spec.ts*.test.js, __tests__/*Documentation:
*.md, README, CHANGELOGOther:
Assess review complexity:
Simple (< 100 lines, 1-3 files):
Medium (100-500 lines, 4-10 files):
Complex (> 500 lines, > 10 files):
Very Complex (> 1000 lines, > 20 files):
Based on changed files:
Security Review - ALWAYS for:
Quality Review - ALWAYS for:
Performance Review - When:
Testing Review - When:
Architecture Review - When:
20 files changed
Update Progress:
TodoWrite({
todos: [
{content: "Detect review target and fetch details", status: "completed", activeForm: "..."},
{content: "Analyze changed files and complexity", status: "completed", activeForm: "..."},
{content: "Launch parallel multi-aspect reviews", status: "in_progress", activeForm: "Launching parallel multi-aspect reviews"},
{content: "Aggregate and categorize findings", status: "pending", activeForm: "..."},
{content: "Generate and save review report", status: "pending", activeForm: "..."}
]
});
IMPORTANT: Spawn ALL relevant agents in parallel (single message, multiple Task calls) for maximum efficiency.
Review aspects to spawn based on file categorization:
For each review aspect, use the Task tool with this structure:
Task tool with:
- subagent_type: [specialist-for-aspect]
- description: "[Aspect] review for PR $ARGUMENTS"
- prompt: "Perform [aspect] review focusing on:
[Aspect-specific checklist from reality-checker-spawn.md]:
- Security: OWASP Top 10, input validation, authentication, secrets
- Quality: Readability, bugs, best practices, type safety
- Performance: Database queries, bundle size, algorithm efficiency
- Testing: Coverage, test quality, missing tests
- Architecture: Patterns, breaking changes, scalability
Files to review: [filtered-by-aspect]
Severity levels:
- CRITICAL: Must fix before merge
- HIGH: Should fix before merge
- MEDIUM: Consider fixing
- LOW: Nice to have
Report CRITICAL and HIGH issues ONLY."
Key Review Focus Areas (from reality-checker-spawn.md):
Security (backend-architect):
Quality (testing-reality-checker):
Performance (performance-benchmarker):
Testing (test-results-analyzer):
Architecture (domain-specialist):
All review agents run in parallel. Wait for all to finish before proceeding to aggregation.
Update Progress:
TodoWrite({
todos: [
{content: "Detect review target and fetch details", status: "completed", activeForm: "..."},
{content: "Analyze changed files and complexity", status: "completed", activeForm: "..."},
{content: "Launch parallel multi-aspect reviews", status: "completed", activeForm: "..."},
{content: "Aggregate and categorize findings", status: "in_progress", activeForm: "Aggregating and categorizing findings"},
{content: "Generate and save review report", status: "pending", activeForm: "..."}
]
});
From each reviewer agent, extract:
Organize findings by severity and file for clarity.
<!-- Component: prompts/reporting/summary-template.md (adapted for code review) -->Use the following template structure for the review report:
File: .agency/reviews/pr-[number]-review-[timestamp].md
# Code Review Report: [PR/MR Title or Files]
**Reviewer**: Agency Multi-Aspect Review
**Date**: [Current date]
**Review Target**: $ARGUMENTS
**Changed Files**: [X] files, [+Y] additions, [-Z] deletions
**Review Complexity**: [Simple/Medium/Complex/Very Complex]
---
## Executive Summary
**Overall Assessment**: ✅ APPROVED / ⚠️ APPROVED WITH COMMENTS / ❌ CHANGES REQUIRED
**Review Aspects Evaluated**:
- Security: [X] issues
- Quality: [X] issues
- Performance: [X] issues
- Testing: [X] issues
- Architecture: [X] issues
**Severity Breakdown**:
- CRITICAL: [X] (must fix before merge)
- HIGH: [X] (should fix before merge)
- MEDIUM: [X] (consider fixing)
- LOW: [X] (optional improvements)
---
## Critical Issues (Must Fix Before Merge)
[For each critical issue]:
### [N]. [Aspect] [File:Line] - [Issue Title]
**Severity**: CRITICAL
**File**: `path/to/file.ts:123`
**Issue**: [Description]
**Risk**: [Impact if not fixed]
**Recommendation**: [How to fix]
---
## High Priority Issues (Should Fix Before Merge)
[Same structure as Critical Issues]
---
## Medium/Low Priority Issues
[Condensed format]:
- **[File:Line]** - [Brief issue] → [Brief fix]
---
## File-by-File Breakdown
### `[file-path]` ([+X, -Y] lines)
**Issues Found**: [X]
**Strengths**: [Positive observations]
---
## Positive Observations
- ✅ [Good practice observed]
---
## Review Metrics
- **Files Reviewed**: [X]
- **Review Time**: [X] minutes
- **Issues Found**: [X] total
- **Code Quality Score**: [X]/10
- **Security Posture**: [Strong/Good/Needs Work/Weak]
---
<!-- Component: prompts/reporting/next-steps-template.md -->
## Next Steps
[Based on review decision criteria]:
**✅ APPROVED**: Ready to merge
**⚠️ APPROVED WITH COMMENTS**: Safe to merge with noted issues
**❌ CHANGES REQUIRED**: Fix [X] critical issues before merge
Update Progress:
TodoWrite({
todos: [
{content: "Detect review target and fetch details", status: "completed", activeForm: "..."},
{content: "Analyze changed files and complexity", status: "completed", activeForm: "..."},
{content: "Launch parallel multi-aspect reviews", status: "completed", activeForm: "..."},
{content: "Aggregate and categorize findings", status: "completed", activeForm: "..."},
{content: "Generate and save review report", status: "in_progress", activeForm: "Generating and saving review report"}
]
});
# Generate filename
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
PR_NUMBER=[extracted from $ARGUMENTS]
REVIEW_FILE=".agency/reviews/pr-${PR_NUMBER}-review-${TIMESTAMP}.md"
# Create directory if needed
mkdir -p .agency/reviews
Write the unified report from Phase 4 to $REVIEW_FILE using Write tool.
Provide concise summary:
## Code Review Complete: [PR/MR Title]
**Overall**: ✅ APPROVED / ⚠️ APPROVED WITH COMMENTS / ❌ CHANGES REQUIRED
**Issues Summary**:
- CRITICAL: [X] (must fix)
- HIGH: [X] (should fix)
- MEDIUM: [X] (consider fixing)
- LOW: [X] (optional)
**Review Aspects**:
- Security: [X] issues
- Quality: [X] issues
- Performance: [X] issues
- Testing: [X] issues
- Architecture: [X] issues
**Top Issues**:
1. [Critical/High issue 1]
2. [Critical/High issue 2]
3. [Critical/High issue 3]
**Detailed Report**: $REVIEW_FILE
**Next Steps**:
[Recommended actions based on next-steps-template.md]
Mark all review tasks as completed:
TodoWrite({
todos: [
{content: "Detect review target and fetch details", status: "completed", activeForm: "..."},
{content: "Analyze changed files and complexity", status: "completed", activeForm: "..."},
{content: "Launch parallel multi-aspect reviews", status: "completed", activeForm: "..."},
{content: "Aggregate and categorize findings", status: "completed", activeForm: "..."},
{content: "Generate and save review report", status: "completed", activeForm: "Generating and saving review report"}
]
});
GitHub: Use gh pr review to submit review findings
GitLab: Use glab mr note to add review comments
Bitbucket: Use API or web interface to submit review
Local Files: Save review report to .agency/reviews/local-review-[filename]-[timestamp].md
✅ APPROVED: 0 critical, 0 high issues, coverage ≥80%, quality ≥7/10, no security vulnerabilities
⚠️ APPROVED WITH COMMENTS: 0 critical, 1-3 high issues (acceptable trade-offs), coverage 60-79%, quality 5-7/10
❌ CHANGES REQUIRED: 1+ critical OR 4+ high issues OR coverage <60% OR quality <5/10 OR security vulnerabilities present
Detection: gh/glab CLI returns 404 or "not found" error
User Message:
Error: PR/MR not found: $ARGUMENTS
Please check:
1. PR/MR number is correct
2. You have access to the repository
3. PR/MR is not deleted
4. CLI tool is installed (gh, glab, etc.)
Try:
- Full PR URL instead of number
- Different format (e.g., #123 vs 123)
Recovery: Use AskUserQuestion to get corrected PR number or URL.
User Message:
Error: No changed files found in $ARGUMENTS
This could mean:
1. PR/MR is empty
2. All changes have been reverted
3. Wrong PR/MR number
Cannot proceed with review of empty changeset.
Strategy: Continue with partial review from successful agents.
Warning: [Agent] review failed or incomplete
Error: [Error message]
Continuing with partial review from other agents...
Note: Review may be incomplete. Consider:
1. Re-running failed aspect manually
2. Manual review of [aspect] concerns
# Review a GitHub PR by number
/agency:review 123
# Review a GitHub PR by URL
/agency:review https://github.com/owner/repo/pull/456
# Review specific files
/agency:review src/api/auth.ts
# Review a directory of changes
/agency:review src/features/authentication/
# Review local uncommitted changes
/agency:review .
/agency:work [issue] - Full development workflow with built-in review/agency:implement [plan] - Includes code review phase/agency:test [component] - Generate tests to improve coverage