pwsh-code-review

One-time bootstrap for a PowerShell repo. Walks the codebase, drafts the project profile (architecture.md, standards.md, glossary.md, patterns/), copies the linter settings template, and computes the initial AST index. Use this when first installing pwsh-code-review on a project, when the user asks to "set up" or "initialise" the reviewer, or when the existing profile has gone stale and needs regeneration.

Multi-agent code review for PowerShell 7+ changes. Runs a deterministic static-analysis pre-pass, computes diff context via AST, dispatches five specialised agents in parallel (conventions, pwsh idioms, diff bugs, security, history), calibrates findings, and emits a single review with severity and confidence scores. Use this whenever the user asks to review PowerShell code, review a PR, check staged changes, or audit a pwsh script. Always use this for any PowerShell review task even if the user does not explicitly say "review".

Calibrates findings from the five review agents to prevent inflation. Reviews each finding's severity and confidence against its evidence, may confirm, downgrade, or drop, but never upgrades. Runs after the agents complete and before the merger.

Reviews PowerShell changes for compliance with the project's documented standards, patterns, and naming conventions. Loads .pwsh-review/standards.md, patterns/, and glossary.md as authoritative. Does not flag generic "best practices" that are not in the project profile.

Reviews PowerShell changes for bugs introduced by the diff itself. Reasons about contracts that changed (signatures, output types, error behaviour, pipeline semantics) and what that breaks for callers. The agent that uses Ring 1 context (callers, callees, tests) most heavily.

Reviews PowerShell changes against git history. Catches regressions of previously-fixed bugs, partial reverts, churn hotspots, and changes that contradict prior architectural decisions logged in commit history.

Reviews JavaScript / TypeScript changes for content correctness and the security-class traps eslint and tsc cannot catch by themselves. Dispatched only when the diff touches `.js`, `.mjs`, `.cjs`, or `.ts` (and `.tsx`). Reads the project's `.pwsh-review/standards.md` to discover project-specific names (e.g. the canonical HTML-escaper) and emits `PWSH-JS-NNN` findings.

How to run the deterministic static-analysis pre-pass for pwsh-code-review. Covers PSScriptAnalyzer, InjectionHunter, Gitleaks, Pester, and optional auxiliary tools. Defines the output schema agents consume. Use when invoking the static phase of a review or when explaining what the static layer covers.

How to bootstrap a PowerShell project with pwsh-code-review. Use when the user is setting up the reviewer on a new repo, when /pwsh-review-bootstrap runs, or when the existing profile needs refreshing.

How pwsh-code-review computes diff context using PowerShell's AST. Defines the Ring 0/Ring 1 context model, the AST index format, the call graph algorithm, and the diff-context.json schema. Use when computing diff context for a review or when explaining how the reviewer reasons about staged changes.