code-auditor-agent

Legacy alias for the ultracode codebase audit. Superseded by /caa-scan (scan-only) and /caa-scan-and-fix (audit + root-cause fixes). Kept so existing "audit the codebase" muscle memory still resolves; it simply redirects to the new ultracode commands.

Legacy alias for the incremental (changed-since-a-ref) ultracode audit. Superseded by /caa-delta. Kept so existing "audit the changes" / "incremental audit" muscle memory still resolves; it simply redirects to the new ultracode command.

Recheck recent changes — scan-only audit of files changed since a git ref (default origin/main…HEAD), via the shared caa-engine (map → filter → reduce). Optionally traces direct dependents of the changed files. No fixes, no git writes. Final report → reports/code-auditor-agent/.

Compare multiple candidate implementations of the same task against ONE fixed input/contract via the shared caa-engine (task=impl-compare): map (one opus evaluator per candidate, scoring correctness/edge-cases/performance/quality) → filter (adversarial verify of each correctness verdict) → reduce (a ranking matrix naming the winner). The fixed input is cache-shared across every candidate; only the candidate script varies. No edits, no git writes. Final report → reports/code-auditor-agent/.

PR review — ultracode audit of a GitHub PR via the shared caa-engine `pr` lens-set: per-file scan of the changed files PLUS two PR-unique once-per-run lenses (claim-verification: PR description vs actual diff; cross-layer: cross-file mismatches) → one PR-review comment with a PASS/CONDITIONAL/FAIL verdict. Scan-only (no fixes). Final report → reports/code-auditor-agent/.

Main entry point for the code-auditor-agent role (quad-match #4). Use when invoked as `claude --agent code-auditor-agent-main-agent` or dispatched as the code-auditor role to audit code headlessly. Routes the request to the right ultracode command (pre-commit gate, PR review, delta audit, whole-codebase scan, scan-and-fix) and drives the shared caa-engine workflow to a consolidated report in reports/code-auditor-agent/.

Trigger with /audit-codebase, 'audit the codebase', 'compliance audit', 'codebase audit', 'scan and fix the code'. Use when auditing a codebase (whole, scoped, or changed-since-a-ref) and optionally applying fixes.

Trigger with 'review and fix the PR', 'review the PR and apply fixes', 'pre-merge review and fix'. Use when reviewing a GitHub PR AND then applying root-cause fixes to its changed files.

Trigger with 'review the PR', 'check the PR', 'audit the PR', 'pre-merge review'. Use when reviewing a GitHub PR or running a pre-merge quality gate.

Trigger with "/caa-extended-audit", "generate scenarios", "discover entry points". Use when an extended audit needs end-to-end scenario walks beyond line review. Emits scenarios.json for the ultracode engine's scenario-walk lens.

Trigger with "ecaa self test", "run efficacy gate". Use when verifying the ultracode engine catches every seeded bug in the bundled fixtures — before release or on a schedule. Runs the pytest gate plus one engine pass.