From cc10x
Performs adversarial code review with severity-rated, confidence-scored findings and file:line evidence. Also provides structured discipline for acting on external review feedback.
How this skill is triggered — by the user, by Claude, or both
Slash command
/cc10x:code-reviewThis skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
- `references/review-order-and-checkpoints.md` — review order, checkpoint discipline
references/review-order-and-checkpoints.md — review order, checkpoint disciplinereferences/code-review-heuristics.md — heuristics, pattern recognition, false-positive preventionreferences/security-review-checklist.md — security review checklistOnly report issues with confidence ≥80. Every finding states category, impact, and why it matters. Present a recommendation, not a menu. Be opinionated.
Signal quality rule: One finding with file:line evidence and a fix is worth more than ten generic observations. Never report a pattern without showing where it lives.
Stage 1: Spec Compliance — Does the code do what the plan/spec asked? Check: phase exit criteria met, interfaces match plan's Consumes/Produces, no scope drift, no missing scenarios.
Stage 2: Code Quality — Is the code well-built? Check: correctness, performance, security, clarity, test coverage.
Top-down (spec → architecture → module → function → line) for first pass. Bottom-up (line → function → module) for detail pass. See references/review-order-and-checkpoints.md.
| Severity | Criteria |
|---|---|
| CRITICAL | Data loss, security breach, silent data corruption |
| HIGH | User-visible broken behavior |
| MEDIUM | Suboptimal but functional |
| LOW | Code smell, style |
| Confidence | Meaning |
|---|---|
| 90-100 | Verified: read the code, confirmed the issue, can cite file:line |
| 80-89 | Strong: read surrounding context, pattern is clear |
| <80 | Do not report — insufficient evidence |
When code-reviewer and failure-hunter run in parallel (BUILD workflow):
status_history.Zero findings on a non-trivial change → insufficient depth, not perfect code. Re-scan against heuristics and security checklist before reporting CLEAN.
Scan for these 12 named smells during review. Each is actionable — not a style preference. "Messy" is not actionable; "Mysterious Name" is:
| Smell | Signal | Fix |
|---|---|---|
| Mysterious Name | Function/variable name doesn't reveal intent | Rename to describe what it does |
| Long Method | Method > 20 lines doing multiple things | Extract sub-methods |
| Long Parameter List | > 4 parameters — consider parameter object | Extract into an object |
| Large Class | Class with too many responsibilities | Split by responsibility |
| Data Class | Holds data, no behavior — anemic domain model | Move behavior in, or inline the class |
| Duplicated Code | Same logic in 3+ places | Extract shared function |
| Feature Envy | Method reads more from another class than its own | Move method to the class it envies |
| Shotgun Surgery | One change requires touching many files | Consolidate responsibility |
| Divergent Change | One class changes for different reasons | Split into separate classes |
| Primitive Obsession | Using primitives where a small value object would add meaning | Create a value object |
| Repeated Switches | Same switch/if-else on a type across files | Replace with polymorphism |
| Speculative Generality | Abstraction for future use that never comes | Delete it (YAGNI) |
| Message Chains | a.b().c().d() — client knows the object graph | Hide the chain behind a method |
| Middle Man | Class just delegates to another — adds no logic | Remove the middleman, use the real object |
| Refused Bequest | Subclass doesn't use parent's methods | Replace inheritance with composition |
| Data Clumps | 3+ values always passed together | Extract into an object |
Repo standards override baseline: if the repo's documented conventions endorse something this baseline would flag, suppress the smell.
Patterns commonly produced by AI code generation — flag with elevated priority:
useMemo/useCallback/React.memo wrapping everything without profiling evidencePromise.all (latency multiplier)as any/as Type instead of narrowing with a runtime checkNever fabricate metrics. An LLM reading static source code cannot measure real-world LCP, INP, CLS, memory usage, or runtime performance.
State what you CAN verify from code. Tag anything else as "potential impact, not measured" — never invent numbers. Recommend specific tools (Lighthouse, profiler, benchmark suite) when runtime measurement is the real answer.
Minor/Medium findings you don't fix in this pass are NOT dropped, but you do NOT need a separate file or a separate CONTRACT field for them. Just report them normally with severity and file:line in your output. The router already handles persistence: it reads your findings, appends every non-blocking Minor item to the workflow artifact's deferred_findings array (source, phase, finding, severity), and surfaces the accumulated list for explicit user triage at BUILD-DONE finishing. Nothing is silently discarded — this is automatic on the router side, not something you need to engineer in your response.
Do NOT flag:
Discipline for acting on external/human review feedback (pasted PR comments, review notes, "can you change X"). This governs the MAIN session, not the internal reviewer→router→fix loop.
Before implementing a suggestion, check:
Before implementing a suggestion, grep the codebase for the pattern the reviewer claims is wrong. If the pattern is project convention (appears in many places, is in patterns.md), push back. If it's genuinely isolated, fix it.
| Situation | Response |
|---|---|
| Reviewer misunderstood the code | Explain with file:line evidence |
| Suggestion contradicts project convention | Cite the convention, push back |
| Suggestion adds unnecessary complexity | YAGNI — state why the simpler approach is better |
| Suggestion is correct but out of scope | Acknowledge, defer to a follow-up |
| Suggestion is a style preference | Acknowledge, apply only if it matches project conventions |
Pushing back ≠ refusing. You must either fix the issue or provide evidence why it's not an issue. "I prefer my way" is not a valid push-back. "This is project convention, see patterns.md line X" is valid.
The Fowler Code Smells catalog, AI-Generated Anti-Patterns, Metric Honesty Rule, and Deferred Findings handling are defined once above under Mode: ADVERSARIAL REVIEW. There is no second copy — apply those sections during both the adversarial pass and any receiving-review triage.
npx claudepluginhub romiluz13/cc10x --plugin cc10xReviews code changes adversarially using parallel layers (Blind Hunter, Edge Case Hunter, Acceptance Auditor) with triage into actionable categories. Invoke on 'run code review' or 'review this code'.
Runs structured code reviews with parallel multi-reviewer fan-out, test output gates, and confidence scoring. Supports adversarial review via Codex or thorough Claude-only review.
Dispatches 5 specialized agents for multi-perspective code review on correctness, architecture, security, production readiness, and test quality. Merges findings, auto-fixes Critical/Important issues up to 3 rounds.