--- description: Review code for quality, security, and best practices - delegates to code-reviewer agent allowed-tools: Read(*), Grep(*), Glob(*), Task(*) argument-hint: [file-or-path] --- # Review Command Perform comprehensive code review using the specialized code-reviewer agent. ## Technology Adaptation **Configuration Source**: [CLAUDE.md](../../CLAUDE.md) This command delegates to the code-reviewer agent, which automatically adapts to the project's technology stack from CLAUDE.md. ## Instructions 1. **Determine Scope** - If $ARGUMENTS provided: Review that specific file/path - If user has recent changes: Review uncommitted changes - Otherwise: Ask what needs review 2. **Load Past Review Lessons** - The code-reviewer agent will automatically load past lessons - This ensures institutional knowledge is applied to the review 3. **Invoke Code Reviewer Agent** - Use Task tool with `code-reviewer` subagent - Pass the target files/path to review - Agent will check: - Code quality and best practices - Potential bugs or issues - Performance improvements - Security vulnerabilities - Documentation needs - Adherence to CLAUDE.md standards 3. **Present Results** - Display agent's findings organized by severity - Highlight critical issues requiring immediate attention - Provide actionable recommendations ## Why Use This Command The `/review` command provides a quick way to invoke the code-reviewer agent for code quality checks. The agent: - Adapts to your tech stack from CLAUDE.md - Uses MCP servers for deep analysis (serena, context7) - Follows OWASP and security best practices - Provides structured, actionable feedback ## Usage Examples ```bash # Review a specific file /review src/services/payment-processor.ts # Review a directory /review src/components/ # Review current changes /review ``` ## What Gets Reviewed The code-reviewer agent checks: ### Code Quality - Code smells and anti-patterns - Naming conventions (from CLAUDE.md) - DRY principle violations - Proper separation of concerns - Design pattern usage ### Security - Injection vulnerabilities - Authentication/authorization issues - Hardcoded secrets - Input validation - Secure data handling ### Performance - Algorithm efficiency - Database query optimization - Unnecessary computations - Resource management ### Maintainability - Code complexity - Test coverage - Documentation completeness - Consistency with project style ## MCP Server Usage The code-reviewer agent automatically uses: - **serena**: For semantic code analysis - **context7**: For framework best practices - **memory**: For project-specific patterns ## Output Format The agent provides structured output: ```markdown ### Summary [Overview of findings] ### Critical Issues 🔴 [Must fix before merge] ### Warnings 🟡 [Should address] ### Suggestions 💡 [Nice-to-have improvements] ### Positive Observations ✅ [Good practices found] ### Compliance Check - [ ] Code style - [ ] Security - [ ] Tests - [ ] Documentation ``` ## Lessons Learned The code-reviewer agent will automatically: 1. Document lessons learned from the review 2. Ask if you want to save insights to Serena memory 3. Store findings for future reference if you agree This helps build institutional knowledge and improve code quality over time. ## Alternative: Direct Agent Invocation You can also invoke the agent directly in conversation: ``` "Please use the code-reviewer agent to review src/auth/login.ts" ``` The `/review` command is simply a convenient shortcut.