Comprehensive PR review using multi-agent swarm with specialized reviewers for security, performance, style, tests, and documentation. Provides detailed feedback with auto-fix suggestions and merge readiness assessment.
/plugin marketplace add DNYoussef/context-cascade/plugin install dnyoussef-context-cascade@DNYoussef/context-cascadeThis skill inherits all available tools. When active, it can use any tool Claude has access to.
examples/example-1-security-review.mdexamples/example-2-performance-review.mdexamples/example-3-style-review.mdgraphviz/workflow.dotreadme.mdreferences/best-practices.mdreferences/index.mdreferences/review-categories.mdresources/scripts/multi_agent_review.pyresources/scripts/performance_check.pyresources/scripts/security_scan.shresources/scripts/style_audit.pyresources/templates/performance-thresholds.jsonresources/templates/review-checklist.yamlresources/templates/security-rules.jsontests/test-1-basic-review.mdtests/test-2-security-focus.mdtests/test-3-5agent-swarm.mdUse this skill when:
Do NOT use this skill for:
This skill succeeds when:
Handle these edge cases carefully:
CRITICAL RULES - ALWAYS FOLLOW:
Use multiple validation perspectives:
Validation Threshold: Findings require 2+ confirming signals before flagging as violations.
This skill integrates with:
Automated comprehensive code review using specialized multi-agent swarm for PRs.
I am a code review coordinator managing specialized review agents.
Methodology (Multi-Agent Swarm Review Pattern):
Review Agents (5 specialists):
input:
pr_number: number (required) or
changed_files: array[string] (file paths)
focus_areas: array[enum] (default: all)
- security
- performance
- style
- tests
- documentation
suggest_fixes: boolean (default: true)
auto_merge_if_passing: boolean (default: false)
output:
review_summary:
overall_score: number (0-100)
merge_ready: boolean
blocking_issues: number
warnings: number
suggestions: number
detailed_reviews:
security: object
performance: object
style: object
tests: object
documentation: object
fix_suggestions: array[code_change]
merge_decision: enum[approve, request_changes, needs_work]
#!/bin/bash
set -e
PR_NUMBER="$1"
FOCUS_AREAS="${2:-security,performance,style,tests,documentation}"
SUGGEST_FIXES="${3:-true}"
REVIEW_DIR="pr-review-$PR_NUMBER"
mkdir -p "$REVIEW_DIR"
echo "================================================================"
echo "Code Review Assistant: PR #$PR_NUMBER"
echo "================================================================"
# PHASE 1: PR Information Gathering
echo "[1/8] Gathering PR information..."
gh pr view "$PR_NUMBER" --json title,body,files,additions,deletions > "$REVIEW_DIR/pr-info.json"
PR_TITLE=$(cat "$REVIEW_DIR/pr-info.json" | jq -r '.title')
CHANGED_FILES=$(cat "$REVIEW_DIR/pr-info.json" | jq -r '.files[].path' | tr '\n' ' ')
echo "PR: $PR_TITLE"
echo "Files changed: $(echo $CHANGED_FILES | wc -w)"
# Checkout PR branch
gh pr checkout "$PR_NUMBER"
# PHASE 2: Initialize Review Swarm
echo "[2/8] Initializing multi-agent review swarm..."
npx claude-flow coordination swarm-init \
--topology mesh \
--max-agents 5 \
--strategy specialized
# Spawn specialized review agents
npx claude-flow automation auto-agent \
--task "Comprehensive code review of PR#$PR_NUMBER focusing on: $FOCUS_AREAS" \
--strategy optimal \
--max-agents 5
# PHASE 3: Parallel Specialized Reviews
echo "[3/8] Executing specialized reviews in parallel..."
# Security Review
if [[ "$FOCUS_AREAS" == *"security"* ]]; then
echo " → Security Specialist reviewing..."
npx claude-flow security-scan . \
--deep true \
--check-secrets true \
--output "$REVIEW_DIR/security-review.json" &
SEC_PID=$!
fi
# Performance Review
if [[ "$FOCUS_AREAS" == *"performance"* ]]; then
echo " → Performance Analyst reviewing..."
npx claude-flow analysis bottleneck-detect \
--threshold 10 \
--output "$REVIEW_DIR/performance-review.json" &
PERF_PID=$!
fi
# Style Review
if [[ "$FOCUS_AREAS" == *"style"* ]]; then
echo " → Style Reviewer checking..."
npx claude-flow style-audit . \
--fix false \
--output "$REVIEW_DIR/style-review.json" &
STYLE_PID=$!
fi
# Test Review
if [[ "$FOCUS_AREAS" == *"tests"* ]]; then
echo " → Test Specialist analyzing..."
npx claude-flow test-coverage . \
--detailed true \
--output "$REVIEW_DIR/test-review.json" &
TEST_PID=$!
fi
# Documentation Review
if [[ "$FOCUS_AREAS" == *"documentation"* ]]; then
echo " → Documentation Reviewer checking..."
# Check for README updates, JSDoc comments, etc.
npx claude-flow docs-checker . \
--output "$REVIEW_DIR/docs-review.json" &
DOCS_PID=$!
fi
# Wait for all reviews to complete
wait $SEC_PID $PERF_PID $STYLE_PID $TEST_PID $DOCS_PID 2>/dev/null || true
# PHASE 4: Complete Quality Audit
echo "[4/8] Running complete quality audit..."
npx claude-flow audit-pipeline . \
--phase all \
--model codex-auto \
--output "$REVIEW_DIR/quality-audit.json"
# PHASE 5: Aggregate Review Findings
echo "[5/8] Aggregating review findings..."
cat > "$REVIEW_DIR/aggregated-review.json" <<EOF
{
"pr_number": $PR_NUMBER,
"pr_title": "$PR_TITLE",
"reviews": {
"security": $(cat "$REVIEW_DIR/security-review.json" 2>/dev/null || echo "{}"),
"performance": $(cat "$REVIEW_DIR/performance-review.json" 2>/dev/null || echo "{}"),
"style": $(cat "$REVIEW_DIR/style-review.json" 2>/dev/null || echo "{}"),
"tests": $(cat "$REVIEW_DIR/test-review.json" 2>/dev/null || echo "{}"),
"documentation": $(cat "$REVIEW_DIR/docs-review.json" 2>/dev/null || echo "{}"),
"quality_audit": $(cat "$REVIEW_DIR/quality-audit.json")
}
}
EOF
# Calculate scores
SECURITY_SCORE=$(cat "$REVIEW_DIR/security-review.json" 2>/dev/null | jq '.score // 100')
PERF_SCORE=$(cat "$REVIEW_DIR/performance-review.json" 2>/dev/null | jq '.score // 100')
STYLE_SCORE=$(cat "$REVIEW_DIR/style-review.json" 2>/dev/null | jq '.quality_score // 100')
TEST_SCORE=$(cat "$REVIEW_DIR/test-review.json" 2>/dev/null | jq '.coverage_percent // 100')
QUALITY_SCORE=$(cat "$REVIEW_DIR/quality-audit.json" | jq '.overall_score // 100')
OVERALL_SCORE=$(echo "($SECURITY_SCORE + $PERF_SCORE + $STYLE_SCORE + $TEST_SCORE + $QUALITY_SCORE) / 5" | bc)
# PHASE 6: Generate Fix Suggestions
if [ "$SUGGEST_FIXES" = "true" ]; then
echo "[6/8] Generating fix suggestions with Codex..."
# Collect all issues
ISSUES=$(cat "$REVIEW_DIR/aggregated-review.json" | jq '[.reviews[] | .issues? // [] | .[]]')
if [ "$(echo $ISSUES | jq 'length')" -gt 0 ]; then
codex --reasoning-mode "Suggest fixes for code review issues" \
--context "$REVIEW_DIR/aggregated-review.json" \
--output "$REVIEW_DIR/fix-suggestions.md"
fi
fi
# PHASE 7: Assess Merge Readiness
echo "[7/8] Assessing merge readiness..."
CRITICAL_SECURITY=$(cat "$REVIEW_DIR/security-review.json" 2>/dev/null | jq '.critical_issues // 0')
TESTS_PASSING=$(cat "$REVIEW_DIR/quality-audit.json" | jq '.functionality_audit.all_passed // false')
MERGE_READY="false"
MERGE_DECISION="request_changes"
if [ "$CRITICAL_SECURITY" -eq 0 ] && [ "$TESTS_PASSING" = "true" ] && [ "$OVERALL_SCORE" -ge 80 ]; then
MERGE_READY="true"
if [ "$OVERALL_SCORE" -ge 90 ]; then
MERGE_DECISION="approve"
else
MERGE_DECISION="approve_with_suggestions"
fi
fi
# PHASE 8: Create Review Comment
echo "[8/8] Creating review comment..."
cat > "$REVIEW_DIR/review-comment.md" <<EOF
# 🤖 Automated Code Review
**Overall Score**: $OVERALL_SCORE/100
**Merge Ready**: $([ "$MERGE_READY" = "true" ] && echo "✅ Yes" || echo "⚠️ No")
## Review Summary
| Category | Score | Status |
|----------|-------|--------|
| 🔒 Security | $SECURITY_SCORE/100 | $([ "$SECURITY_SCORE" -ge 80 ] && echo "✅" || echo "⚠️") |
| ⚡ Performance | $PERF_SCORE/100 | $([ "$PERF_SCORE" -ge 80 ] && echo "✅" || echo "⚠️") |
| 🎨 Style | $STYLE_SCORE/100 | $([ "$STYLE_SCORE" -ge 80 ] && echo "✅" || echo "⚠️") |
| 🧪 Tests | $TEST_SCORE/100 | $([ "$TEST_SCORE" -ge 80 ] && echo "✅" || echo "⚠️") |
| 📊 Quality | $QUALITY_SCORE/100 | $([ "$QUALITY_SCORE" -ge 80 ] && echo "✅" || echo "⚠️") |
## Detailed Findings
### 🔒 Security Review
$(cat "$REVIEW_DIR/security-review.json" 2>/dev/null | jq -r '.summary // "No issues found ✅"')
### ⚡ Performance Review
$(cat "$REVIEW_DIR/performance-review.json" 2>/dev/null | jq -r '.summary // "No bottlenecks detected ✅"')
### 🎨 Style Review
$(cat "$REVIEW_DIR/style-review.json" 2>/dev/null | jq -r '.summary // "Code style looks good ✅"')
### 🧪 Test Review
- Test Coverage: $TEST_SCORE%
- All Tests Passing: $([ "$TESTS_PASSING" = "true" ] && echo "✅ Yes" || echo "❌ No")
## Fix Suggestions
$(cat "$REVIEW_DIR/fix-suggestions.md" 2>/dev/null || echo "No suggestions needed - code looks great! 🎉")
---
## When to Use This Skill
Use this skill when:
- Code quality issues are detected (violations, smells, anti-patterns)
- Audit requirements mandate systematic review (compliance, release gates)
- Review needs arise (pre-merge, production hardening, refactoring preparation)
- Quality metrics indicate degradation (test coverage drop, complexity increase)
- Theater detection is needed (mock data, stubs, incomplete implementations)
## When NOT to Use This Skill
Do NOT use this skill for:
- Simple formatting fixes (use linter/prettier directly)
- Non-code files (documentation, configuration without logic)
- Trivial changes (typo fixes, comment updates)
- Generated code (build artifacts, vendor dependencies)
- Third-party libraries (focus on application code)
## Success Criteria
This skill succeeds when:
- **Violations Detected**: All quality issues found with ZERO false negatives
- **False Positive Rate**: <5% (95%+ findings are genuine issues)
- **Actionable Feedback**: Every finding includes file path, line number, and fix guidance
- **Root Cause Identified**: Issues traced to underlying causes, not just symptoms
- **Fix Verification**: Proposed fixes validated against codebase constraints
## Edge Cases and Limitations
Handle these edge cases carefully:
- **Empty Files**: May trigger false positives - verify intent (stub vs intentional)
- **Generated Code**: Skip or flag as low priority (auto-generated files)
- **Third-Party Libraries**: Exclude from analysis (vendor/, node_modules/)
- **Domain-Specific Patterns**: What looks like violation may be intentional (DSLs)
- **Legacy Code**: Balance ideal standards with pragmatic technical debt management
## Quality Analysis Guardrails
CRITICAL RULES - ALWAYS FOLLOW:
- **NEVER approve code without evidence**: Require actual execution, not assumptions
- **ALWAYS provide line numbers**: Every finding MUST include file:line reference
- **VALIDATE findings against multiple perspectives**: Cross-check with complementary tools
- **DISTINGUISH symptoms from root causes**: Report underlying issues, not just manifestations
- **AVOID false confidence**: Flag uncertain findings as "needs manual review"
- **PRESERVE context**: Show surrounding code (5 lines before/after minimum)
- **TRACK false positives**: Learn from mistakes to improve detection accuracy
## Evidence-Based Validation
Use multiple validation perspectives:
1. **Static Analysis**: Code structure, patterns, metrics (connascence, complexity)
2. **Dynamic Analysis**: Execution behavior, test results, runtime characteristics
3. **Historical Analysis**: Git history, past bug patterns, change frequency
4. **Peer Review**: Cross-validation with other quality skills (functionality-audit, theater-detection)
5. **Domain Expertise**: Leverage .claude/expertise/{domain}.yaml if available
**Validation Threshold**: Findings require 2+ confirming signals before flagging as violations.
## Integration with Quality Pipeline
This skill integrates with:
- **Pre-Phase**: Load domain expertise (.claude/expertise/{domain}.yaml)
- **Parallel Skills**: functionality-audit, theater-detection-audit, style-audit
- **Post-Phase**: Store findings in Memory MCP with WHO/WHEN/PROJECT/WHY tags
- **Feedback Loop**: Learnings feed dogfooding-system for continuous improvement
🤖 Generated by Claude Code Review Assistant
EOF
# Post review comment
gh pr comment "$PR_NUMBER" --body-file "$REVIEW_DIR/review-comment.md"
# Approve or request changes
if [ "$MERGE_DECISION" = "approve" ]; then
gh pr review "$PR_NUMBER" --approve --body "Code review passed! Overall score: $OVERALL_SCORE/100 ✅"
elif [ "$MERGE_DECISION" = "approve_with_suggestions" ]; then
gh pr review "$PR_NUMBER" --approve --body "Approved with suggestions. See detailed review comment. Score: $OVERALL_SCORE/100 ✅"
else
gh pr review "$PR_NUMBER" --request-changes --body "Please address review findings before merging. Score: $OVERALL_SCORE/100"
fi
echo ""
echo "================================================================"
echo "Code Review Complete!"
echo "================================================================"
echo ""
echo "Overall Score: $OVERALL_SCORE/100"
echo "Merge Ready: $MERGE_READY"
echo "Decision: $MERGE_DECISION"
echo ""
echo "Review artifacts in: $REVIEW_DIR/"
echo "Review comment posted to PR #$PR_NUMBER"
echo ""
/github-automation-workflow cascade/pr-quality-gate cascade/review-pr command/swarm-init, /auto-agent, /security-scan/bottleneck-detect, /style-audit, /test-coverage/audit-pipeline, /codex-reasoninggh pr view, gh pr checkout, gh pr comment, gh pr reviewquick-quality-check, smart-bug-fix (if issues)merge-decision-maker, pr-enhancer# Review PR with all checks
code-review-assistant 123
# Review focusing on security
code-review-assistant 123 security
# Review with auto-merge
code-review-assistant 123 "security,tests" true --auto-merge true