deep-review

claude-deep-review

A research-backed code review plugin for Claude Code that orchestrates parallel concern-specialized agents, cross-validates findings with deterministic verification, and produces unified review reports.

What it does

Deep Review dispatches up to seven specialized agents in parallel, each examining your code changes through a different lens:

Agent	Optimized	Frontier	Focus
bug-detector	Sonnet	Opus	Logic errors, edge cases, error handling, resource leaks
security-reviewer	Opus	Opus	OWASP top 10, injection, auth, SSRF, deserialization
cross-file-impact	Sonnet	Opus	How changes affect callers and dependents across the codebase
test-analyzer	Sonnet	Opus	Test coverage gaps, test quality, missing edge cases
conventions-and-intent	Sonnet	Opus	CLAUDE.md compliance, spec alignment, comment accuracy
type-design-analyzer	Sonnet	Opus	Type encapsulation and invariant design (conditional)
code-simplifier	Sonnet	Opus	Simplification opportunities

Two review modes are available. Optimized (default) uses Sonnet for most agents and Opus for security, balancing depth with cost. Frontier uses Opus for every agent. Security always runs on Opus in both modes because different models have complementary vulnerability-class detection profiles.

After agents report findings, a six-stage deterministic pipeline filters and reconciles them:

1. merge_findings.py — collects findings from agent NDJSON files, deduplicates, validates schema
2. verify_findings.py — git-blame classification (new vs surfaced), factual verification against the actual code, diff-line validation
3. apply_validations.py — applies independent validator confidence assessments
4. filter_findings.py — confidence/severity thresholds (default 70, security 60), injection filtering, cross-agent dedup, consensus detection, routing (main report vs improvement suggestions)
5. apply_challenges.py — applies blind-challenge results, severity downgrades, surfaced re-routing, final dedup, ranking
6. post_review.py — delivers findings as PR/MR comments, markdown, or chat

Between stages, findings live on disk as JSON. There is no LLM JSON reconstruction in the pipeline.

Key features

• Concern-parallel, not file-parallel — each agent sees the full diff with cross-file context, because bugs at module boundaries are invisible to file-scoped reviewers.
• Full-codebase investigation — security and cross-file-impact agents trace data flows beyond the diff into the entire repository.
• New vs. surfaced findings — git blame classifies whether each finding is new code you wrote or pre-existing code exposed by your changes. Surfaced findings are downgraded and grouped separately so they don't drown out real issues.
• Incremental review — when re-reviewing a PR with new commits, the skill offers to review only the changes since the last review instead of starting over.
• Prompt-injection defense — code under review is treated as untrusted input, wrapped in trust-boundary delimiters with output scanning for injection artifacts.
• Context-pulling — agents actively investigate using Read/Grep/LSP rather than receiving a passive context dump.
• GitHub and GitLab — auto-detects the platform from the git remote, supports both gh and glab CLIs.
• REVIEW.md configuration — hierarchical config that mirrors CLAUDE.md locations. The skill scaffolds REVIEW.md files for you and maintains the ignore list as you dismiss findings.
• Flexible delivery — PR/MR comments, markdown file, chat, task board, or any combination.
• Task-board integration — create tasks from findings with user-controlled selection (all, 1,3,5, all critical and high, all except 6).
• Graceful degradation — if an agent fails, the review continues with the remaining agents and notes the gap.

Installation

Add the marketplace and install the plugin:

claude plugin marketplace add https://github.com/liatrio-labs/claude-deep-review.git
claude plugin install deep-review@deep-review

To update later:

claude plugin update deep-review@deep-review

Usage

The skill triggers automatically when you ask for a code review in Claude Code:

# Review a PR (GitHub)
deep review PR #42

# Review a merge request (GitLab)
review MR !89 thoroughly

# Review local uncommitted changes
comprehensive review of my changes

# Focused review
deep review PR #42, focus only on security and error handling

Or invoke it directly: