audit-project
Multi-agent iterative code review that loops until zero issues remain.
Why
Manual code reviews miss things. Single-pass automated reviews find issues but leave fixing to you. audit-project runs up to 10 specialized review agents, fixes the issues it finds, re-reviews the fixes, and repeats until the codebase is clean - or you tell it to stop.
Use it when you want:
- A thorough review before a release or major merge
- Security-focused auditing of a specific area
- Quick feedback on recent commits
- Automated cleanup of accumulated code quality issues
Installation
agentsys install audit-project
Requires agentsys as the plugin runtime.
Quick Start
/audit-project # Full iterative review of the entire project
/audit-project --quick # Single pass, findings only, no fixes
/audit-project --recent # Review last 5 commits only
How It Works
- Context gathering - Detects project type, framework, languages, and infrastructure (DB, API, CI/CD, frontend/backend).
- Agent selection - Activates 4 core agents plus up to 6 conditional agents based on what the project contains.
- Multi-agent review - Each agent reviews only the files relevant to its domain and produces structured findings with file:line locations, severity, and suggested fixes.
- Automated fixes - Applies fixes in severity order (critical first), batched by file. Rolls back any fix that breaks tests or build.
- Re-review - Runs agents again on changed files. If new issues appear, fixes and re-reviews again.
- Decision gate - After each iteration, reports remaining issues and asks whether to continue, create GitHub issues, update TECHNICAL_DEBT.md, or save the queue for later.
Review Agents
Always active:
| Agent | Focus |
|---|
| code-quality-reviewer | Error handling, maintainability, code patterns |
| security-expert | Vulnerabilities, auth, input validation |
| performance-engineer | Bottlenecks, algorithms, memory usage |
| test-quality-guardian | Test coverage gaps, test quality |
Conditional (activated by project signals):
| Agent | Activated when |
|---|
| architecture-reviewer | 50+ tracked files |
| database-specialist | Sequelize, Prisma, or TypeORM detected |
| api-designer | Express, Fastify, or NestJS detected |
| frontend-specialist | .tsx, .jsx, .vue, or .svelte files present |
| backend-specialist | Server framework detected |
| devops-reviewer | CI/CD configuration files present |
Finding Format
Every finding includes file:line location, severity (critical/high/medium/low), a code quote, a suggested fix, and an effort estimate (small/medium/large).
Usage
/audit-project # Full iterative review
/audit-project src/api # Review a specific path
/audit-project --domain security # Run only the security-expert agent
/audit-project --quick # Single pass, no fixes applied
/audit-project --recent # Scope to last 5 commits
/audit-project --create-tech-debt # Force TECHNICAL_DEBT.md creation
/audit-project --resume # Resume from a saved review queue
Repo Intelligence
When agent-analyzer repo-intel data is available, audit-project uses test-gap signals to prioritize review. Files with high churn but no co-changing test file receive extra scrutiny.
Requirements
- agentsys runtime
- Git repository
- Works with Claude Code, OpenCode, Codex, and Cursor
Related Plugins
- enhance - Plugin structure and config analysis
- perf - Dedicated performance investigation with profiling
- repo-map - AST-based repository map for deeper code understanding
- ship - PR workflow from commit to production
License
MIT
agent-sh