review-code
Code Review Workflow
Run a comprehensive, multi-perspective code review on the current branch changes. This skill activates the Review Council and integrates automated security scanning to catch issues before they reach a pull request.
[!CAUTION] Scope boundary: This skill reviews code and commits fixes. It does NOT create pull requests, push to remote, or merge anything. When the review is complete, stop and suggest the user run
/submit-prnext. Do not proceed to PR creation — that is/submit-pr's job.
[!WARNING] Checkpoint protocol. When this workflow reaches a
### CHECKPOINT, you must actively prompt the user for a decision — do not simply present information and continue. Use your agent's interactive prompting mechanism (e.g.,AskUserQuestionin Claude Code) to require an explicit response before proceeding. This prevents queued or in-flight messages from being misinterpreted as approval. If your agent lacks interactive prompting, output the checkpoint content and stop all work until the user explicitly responds.
Step 1: Analyze Current Changes
Identify all changes on the current branch:
- Run
git diff origin/main...HEADto see all changes relative to main - Run
git diffandgit diff --cachedto catch any uncommitted work - Run
git statusto see modified, added, and deleted files
Categorize changed files by layer based on your project's directory structure:
More from andrewvaughan/agent-council
plan-feature
Plan a new feature from concept to approved implementation plan. Activates Product Council for strategic evaluation, then Feature Council for technical planning. Produces a documented decision and scoped task breakdown. Use when starting any new feature work.
22security-audit
Run a comprehensive security audit combining automated SAST scanning, STRIDE threat modeling, and attack tree analysis. Use before major releases, after security-sensitive changes, or on a regular cadence. Can audit the full codebase or specific directories.
21build-api
Build backend API endpoints, services, and database changes. Use for backend-only work like new API routes, business logic, database schema changes, or microservice patterns. Activates the Architecture Council for significant API decisions.
20build-feature
Implement a full-stack feature following an approved plan. Builds database layer, backend API, frontend components, and tests. Use after plan-feature has produced an approved implementation plan, or when you have a clear set of tasks to implement across the stack.
20setup-design-system
Initialize the design system or create new UI components with accessibility, Tailwind/shadcn integration, and documentation. Use when setting up the initial design system, adding component categories, or creating complex UI components that need design review.
20hotfix
Fast-track an urgent fix through a streamlined pipeline. Skips Product/Feature Council, applies the fix, runs a focused review, and creates a PR with optional Deployment Council. Use for production bugs, security patches, or critical regressions that cannot wait for the full planning pipeline.
18