Stats
Actions
Tags
From candlekeep-cloud
Run a comprehensive code review using CandleKeep books. Launches parallel review agents — code quality (186-rule book), security (webapp security book), and UI/UX (design principles book) — each with its own context window. Trigger on "code review", "review my code", "review this PR", "review the diff", "/code-review".
How this skill is triggered — by the user, by Claude, or both
Slash command
/candlekeep-cloud:code-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Three specialized agents review code simultaneously, each powered by a dedicated CandleKeep book and operating in its own clean context window. The lead (you) orchestrates: prepare the diff, classify it, launch relevant agents, synthesize results.
Three specialized agents review code simultaneously, each powered by a dedicated CandleKeep book and operating in its own clean context window. The lead (you) orchestrates: prepare the diff, classify it, launch relevant agents, synthesize results.
This follows the parallelization (sectioning) pattern from Anthropic's "Building Effective Agents" — each agent focuses on one aspect of the review with dedicated context, then the lead synthesizes.
| Agent | Book ID | Pages | Focus |
|---|---|---|---|
code-reviewer | cmmwi3mo700vlta0zlbfqjtcb | 546 | 186 rules: naming, functions, classes, errors, performance, testing, concurrency, API, database |
security-reviewer | cmmj33tuj00pumw01eqmthzdh | 39 | CSRF, SSRF, BOLA, mass assignment, auth, headers, prototype pollution, GraphQL |
uiux-reviewer | cmmfdl2z503qep10zhi9dp1m4 | 15 | Accessibility, responsive design, component patterns, UX heuristics |
Determine what to review, in order of preference:
gh pr diff <number> > /tmp/code-review-diff.txtgit diff main...HEAD > /tmp/code-review-diff.txtgit diff > /tmp/code-review-diff.txt && git diff --staged >> /tmp/code-review-diff.txtcat <files> > /tmp/code-review-diff.txtAlso get the file list for agent selection:
# From PR
gh pr diff <number> --name-only > /tmp/code-review-files.txt
# From branch
git diff main...HEAD --name-only > /tmp/code-review-files.txt
Not every PR needs all 3 agents. Scan the file list and skip irrelevant agents (this saves cost and context — per Anthropic's "scale effort appropriately" principle).
ALWAYS launch: code-reviewer (covers everything)
Launch security-reviewer IF any file matches:
api/*, route.ts, route.js, middleware/*, auth/*, webhook*,
*.env*, security/*, or any new dependency addition
Launch uiux-reviewer IF any file matches:
*.tsx, *.jsx, *.css, *.scss, *.html, components/*,
pages/*, app/*, layouts/*, styles/*
Skip ALL agents IF only:
*.md, *.txt, *.json (config only), *.yml, docs/*
→ Do a quick manual review instead
Launch selected agents in a single message with multiple Agent tool calls. Each agent writes to its own output file, keeping the lead's context clean.
Each agent prompt must include:
Agent tool call 1:
subagent_type: "candlekeep-cloud:code-reviewer"
run_in_background: true
prompt: |
Review the code diff at /tmp/code-review-diff.txt
PR context: [title and brief description]
File list: [paste file names]
Write your complete review to /tmp/code-review-quality.md
Agent tool call 2 (if security-relevant):
subagent_type: "candlekeep-cloud:security-reviewer"
run_in_background: true
prompt: |
Review the code diff at /tmp/code-review-diff.txt for security issues.
PR context: [title and brief description]
Write your complete review to /tmp/code-review-security.md
Agent tool call 3 (if UI-relevant):
subagent_type: "candlekeep-cloud:uiux-reviewer"
run_in_background: true
prompt: |
Review the code diff at /tmp/code-review-diff.txt for UI/UX issues.
PR context: [title and brief description]
Write your complete review to /tmp/code-review-uiux.md
After all agents complete, read their output files. Present a unified review — deduplicate findings that appear in multiple reviews, merge severity ratings (take the higher severity if agents disagree).
# Code Review: [PR title]
## Summary
| Domain | Findings | Critical/High |
|--------|----------|---------------|
| Code Quality | X | Y |
| Security | X | Y |
| UI/UX | X | Y |
## Verdict: [Block / Request Changes / Approve]
[1-2 sentence justification]
## Must Fix (Critical + High)
[Merged findings with file:line, rule citations, and fix suggestions]
## Should Fix (Medium)
[Merged findings]
## Suggestions (Low)
[Merged findings]
## What's Done Well
[Positive findings — explicitly note secure patterns, good architecture, etc.]
## Audit Trail
[Combined rules-applied tables from all agents]
User: "Review PR #42" → Fetch diff, scan files, launch 2-3 agents, synthesize, present unified review
User: "Code review" (on a feature branch)
→ Use git diff main...HEAD, launch agents, synthesize
User: "Review my changes" → Check for uncommitted changes, launch agents, synthesize
npx claudepluginhub candlekeepagents/candlekeep-marketplace --plugin candlekeep-cloudReviews diffs, PRs, and agent output for bugs, security issues, mocks, and code quality. Automates codebase audits with domain-specific checks and deep scanning.
Reviews GitHub pull requests or git diffs (staged changes/files) by delegating to specialist agents for code quality, security, performance, and documentation in parallel.
Reviews local changes, PRs/MRs, or branch diffs against project coding guidelines using 5-7 parallel review agents (bug detection, security/logic, guideline compliance, code simplification, test coverage, contract quality). High-signal findings only.