ultimate-code-review

Use this agent to review interface boundaries: breaking changes, backwards compatibility, schema validation, and API documentation accuracy. <example> Context: A PR changes a REST API endpoint's response format. user: "Check if this API change is backwards compatible" assistant: "I'll use the api-contract-reviewer to check for breaking changes and schema alignment." <commentary> Response format changes can break existing clients. Need backwards compatibility analysis. </commentary> </example>

Use this agent to check whether changes respect existing architecture: layer violations, inappropriate coupling, circular module dependencies, and separation of concerns. <example> Context: A PR has a React component importing directly from the database layer. user: "Check architectural boundaries" assistant: "I'll use the architecture-boundary reviewer to check for layer violations." <commentary> UI components importing database modules violates separation of concerns. </commentary> </example>

Use this agent to identify unnecessary complexity: over-engineering, premature abstractions, dead code, and redundant patterns. Based on Anthropic's code-simplifier. <example> Context: A PR adds a factory pattern for creating a single type of object. user: "Is this over-engineered?" assistant: "I'll use the code-simplification reviewer to identify unnecessary complexity." <commentary> Factory patterns for single types are premature abstractions - simpler construction suffices. </commentary> </example>

Use this agent to check whether code changes honor inline comment directives like "do not modify without updating X" or "this must stay in sync with Y." <example> Context: A file has a comment "WARNING: if you change this function, update the migration script." user: "Check if inline directives were followed" assistant: "I'll use the comment-compliance-checker to verify all inline directives were honored." <commentary> Inline directives represent maintenance contracts that changes must honor. </commentary> </example>

Use this agent to verify factual accuracy of code comments, find misleading documentation, and identify places where complex logic lacks explanation. Based on Anthropic's comment-analyzer. <example> Context: A PR modifies function behavior but doesn't update the JSDoc above it. user: "Check if comments are accurate" assistant: "I'll use the comment-quality-reviewer to verify comments match implementation." <commentary> Stale comments are worse than no comments - they mislead future developers. </commentary> </example>

Use this agent to find parallelism bugs: race conditions, deadlocks, atomicity violations, and async/await correctness issues that other agents miss. <example> Context: A PR modifies shared state accessed by multiple async handlers. user: "Review this for concurrency issues" assistant: "I'll use the concurrency-reviewer to check for race conditions in the shared state access." <commentary> Multiple handlers accessing shared state without synchronization is a classic race condition. </commentary> </example>

Use this agent to fetch and analyze review comments from previous PRs/MRs that touched the same files, surfacing recurring review themes and applicable feedback. <example> Context: A PR modifies files that had review comments on a previous PR. user: "Check previous PR feedback for these files" assistant: "I'll use the cross-pr-learning-agent to find applicable comments from past reviews." <commentary> Previous review comments often highlight patterns and concerns that apply to new changes. </commentary> </example>

Use this agent to trace data from input to storage/output, validate transformations, and check for data loss, PII leaks, and encoding errors. <example> Context: A PR changes how user input is processed and stored. user: "Review this data processing change" assistant: "I'll use the data-flow-analyzer to trace data from input to storage." <commentary> Data transformation changes can introduce loss, corruption, or PII leaks. </commentary> </example>

Use this agent for deep bug detection that traces full call graphs of changed functions. Unlike shallow scanning, this agent follows execution paths through all layers to find bugs that only manifest when the full call chain is considered. <example> Context: A PR changes a validation function used by multiple API endpoints. user: "Review PR #42 for bugs" assistant: "I'll use the deep-bug-scanner to trace the full call graph of the changed validation function." <commentary> The validation change could affect multiple callers - deep scanning traces all paths. </commentary> </example> <example> Context: A utility function's return type changed subtly. user: "Check this branch for issues" assistant: "Let me use the deep-bug-scanner to trace how the changed return value propagates through callers." <commentary> Return type changes can cause bugs several layers up - requires full call graph tracing. </commentary> </example>

Use this agent to review dependency/import graphs for unused imports, circular dependencies, version issues, and license compatibility of new dependencies. <example> Context: A PR adds a new npm dependency. user: "Check the new dependency" assistant: "I'll use the dependency-import-analyzer to check for known issues, license compatibility, and import hygiene." <commentary> New dependencies need CVE checks, license review, and import graph analysis. </commentary> </example>

Use this agent to adversarially challenge every finding in the synthesized report. Verifies technical claims against the web, checks for false positives, and assigns confidence assessments. <example> Context: The synthesizer has produced a unified report with 15 findings. user: "Challenge these findings" assistant: "I'll use the devil's advocate to verify each finding and filter false positives." <commentary> Every finding must survive adversarial scrutiny and web verification before reaching the developer. </commentary> </example>

Use this agent to analyze git blame and commit history for changed lines. Identifies code churn, contradicted intent from prior commits, and historical patterns in the changed files. <example> Context: A PR modifies a function that has been changed 8 times in the last month. user: "Review this high-churn code" assistant: "I'll use the git-history-analyzer to understand why this code keeps changing." <commentary> High churn indicates instability. Historical context reveals why code was written this way. </commentary> </example>

Use this agent to verify changed code against explicit project guidelines in CLAUDE.md, .editorconfig, and linting configurations. ONLY flags violations of explicitly stated rules. <example> Context: A project has a CLAUDE.md requiring all functions to have return type annotations. user: "Check CLAUDE.md compliance" assistant: "I'll use the guidelines-compliance agent to verify adherence to documented standards." <commentary> Project-specific rules in CLAUDE.md are the most actionable review signal. </commentary> </example>

Use this agent to check that code is properly instrumented for production debugging: appropriate log levels, structured logging, metrics, and correlation IDs. <example> Context: A PR adds a new API endpoint with no logging. user: "Check observability" assistant: "I'll use the logging-observability reviewer to verify production instrumentation." <commentary> New endpoints need logging for debugging production issues. </commentary> </example>

Use this agent to find memory leaks, retain cycles, resource exhaustion, and unbounded growth patterns in changed code. <example> Context: A PR adds event listeners in a React component. user: "Check this for memory issues" assistant: "I'll use the memory-resource-analyzer to check for listener leaks and retain cycles." <commentary> Event listeners added without cleanup in React cause memory leaks on unmount. </commentary> </example>

Use this agent to identify deployment risks: migrations that could fail, config changes requiring environment updates, and backwards-incompatible changes needing coordinated deployment. <example> Context: A PR adds a database migration that renames a column. user: "Check deployment risks" assistant: "I'll use the migration-deployment-risk reviewer to assess the column rename." <commentary> Column renames can cause downtime if old code reads the old column name during deployment. </commentary> </example>

Use this agent for platform-aware performance review. First identifies the framework stack, then searches the web for platform-specific best practices before analyzing the code. <example> Context: A PR adds a new database query inside a loop in a Django view. user: "Review this for performance issues" assistant: "I'll use the performance-analyzer to check for N+1 queries and Django-specific performance pitfalls." <commentary> Database queries in loops are classic N+1 problems. Platform-specific ORM patterns matter. </commentary> </example>

Use this agent to detect out-of-scope code changes in a PR/MR. Reads the PR/MR description and any linked tickets/issues, then assesses whether each changed file and hunk is related to the stated purpose. Cautious by default -- only flags changes when quite confident they are unrelated. <example> Context: A PR titled "Fix login timeout bug" also modifies the user profile CSS. user: "Check if all changes are related to the PR description" assistant: "I'll use the scope-relevance-reviewer to assess whether each change is related to the stated purpose." <commentary> CSS changes to user profiles are unlikely to be related to a login timeout fix. </commentary> </example> <example> Context: A PR titled "Add pagination to search results" fixes a typo in a nearby file. user: "Are all these changes in scope?" assistant: "I'll use the scope-relevance-reviewer to check scope relevance of all changes." <commentary> Minor nearby fixes like typos are acceptable tangential changes and should not be flagged. </commentary> </example>

Use this agent for comprehensive security review covering OWASP Top 10 and beyond. Uses web search to look up CVEs for libraries and verify vulnerability patterns against specific framework versions. <example> Context: A PR adds user input handling to an API endpoint. user: "Review this for security" assistant: "I'll use the security-auditor to check for injection, auth, and input validation issues." <commentary> New user input handling requires OWASP-level security analysis. </commentary> </example>

Use this agent to trace every state mutation caused by changed code and map the blast radius of changes. Identifies unintended side effects where a seemingly local change has far-reaching consequences. <example> Context: A function that updates user preferences was modified. user: "Review this change for side effects" assistant: "I'll use the side-effects-analyzer to trace all state mutations from the preference update." <commentary> Preference changes might trigger cache invalidation, event emissions, or downstream recalculations. </commentary> </example>

Use this agent to find silent failures, swallowed errors, inadequate error handling, and inappropriate fallback behavior. Based on Anthropic's PR Review Toolkit agent. <example> Context: A PR adds error handling to an API client with fallback behavior. user: "Review this PR for error handling issues" assistant: "I'll use the silent-failure-hunter to audit every error handling path." <commentary> New error handling often introduces silent failures through broad catches or inappropriate fallbacks. </commentary> </example>

Use this agent to compare changed code against existing project patterns for consistency in naming, file organization, import ordering, and code structure. <example> Context: A PR uses camelCase in a project that uses snake_case. user: "Check style consistency" assistant: "I'll use the style-consistency reviewer to compare against existing patterns." <commentary> Style consistency reduces cognitive load - the codebase should feel like one author. </commentary> </example>

Use this agent to merge and deduplicate findings from all 23 specialist agents into a unified report with normalized severity, conflict resolution, and executive summary. <example> Context: 23 specialist agents have completed their reviews. user: "Synthesize all review findings" assistant: "I'll use the synthesizer to merge, deduplicate, and organize all findings." <commentary> 23 agents may flag the same issue from different angles - the synthesizer resolves this. </commentary> </example>

Use this agent to map changed code paths to test coverage, identify untested error paths, and review test quality. Rates each gap 1-10 for criticality. <example> Context: A PR adds a new validation function with no tests. user: "Check test coverage" assistant: "I'll use the test-coverage-analyzer to map coverage and identify critical gaps." <commentary> New validation logic needs boundary tests, error cases, and edge case coverage. </commentary> </example>

Use this agent for expert analysis of type design: encapsulation, invariant expression, invariant usefulness, and invariant enforcement. Based on Anthropic's PR Review Toolkit type-design-analyzer with 4-dimension 1-10 rating system. <example> Context: A PR introduces new data model types. user: "Review the type design in this PR" assistant: "I'll use the type-design-reviewer to evaluate encapsulation and invariant quality." <commentary> New types need invariant analysis to prevent illegal states from being representable. </commentary> </example>

Deep code review with 23+ specialist agents. Reviews PRs, MRs, or branch comparisons.