comprehensive-review

Comprehensive Review

Orchestrates five specialized review agents in parallel to provide a complete, multi-dimensional analysis of recent code changes:

1. Requirements Compliance — Verifies all requirements are implemented
2. Test Coverage — Ensures business logic is testable and tested
3. Edge Case Handling — Identifies unhandled edge cases and boundary conditions
4. Architectural Alignment — Checks compliance with clean architecture principles
5. Security — Identifies vulnerabilities and risks (OWASP Top 10)

Review Workflow

Step 1: Identify Review Scope

1. Find requirements documents — look in requirements/, docs/, planning/, or phase plan files (phase-1.md through phase-8.md). If none found, ask the user.
2. Identify recent changes — use git log and git diff to understand scope
3. Confirm scope — if unclear which requirements or commits to include, ask

Step 2: Launch All Five Agents in Parallel

Launch all agents in a single message using multiple Task tool calls. Include specific file paths and context in each prompt so agents don't waste time on discovery.

product-reviewer:

"Review recent changes against [requirements-file]. Map each requirement to its implementation. Flag anything missing or partially implemented. The project uses an 8-phase clean architecture structure."

code-reviewer-business-logic:

"Review recent changes for business logic testability and unit test coverage. Focus on services, use cases, and domain logic. Flag untestable patterns (hard-coded dependencies, global state, non-determinism) and missing unit tests."

code-reviewer-edge-case:

"Review recent changes for unhandled edge cases: null/undefined access, empty collections, boundary values, error scenarios (network timeout, DB failure, API errors), date/time issues, and concurrency problems."

code-reviewer-architecture:

"Review recent changes for clean architecture compliance. Check dependency direction (inner layers must not depend on outer), layer separation (business logic out of UI), and correct phase placement using the 8-phase structure: Phase 1 Foundational → Phase 2 Models → Phase 3 Services → Phase 4 Data → Phase 5 Rules → Phase 6 State → Phase 7 UI → Phase 8 Tests."

code-reviewer-security:

"Review recent changes for security vulnerabilities: injection flaws (SQL, command, template), authentication/authorization issues, sensitive data exposure, hardcoded secrets, weak cryptography (MD5/SHA1/DES), XSS, CSRF, and missing input validation. Reference OWASP Top 10."

Step 3: Collect Agent Reports

Wait for all five agents. Capture full reports and note critical issues.

Step 4: Present Consolidated Report

Use the following structure. Status icons reflect actual findings — do not default to ✅ if there are issues.

# Comprehensive Review Report

## Executive Summary

**Review Scope:**
- Requirements: [which documents]
- Changes: [commit range or files]
- Files Reviewed: [count]

**Overall Status:** [Pass / Pass with Warnings / Needs Attention / Critical Issues]

**Critical Issues:** [count] | **Warnings:** [count] | **Recommendations:** [count]

## Review Dimensions

| Dimension | Status | Summary |
|---|---|---|
| Requirements Compliance | [✅/⚠️/❌] | [X]% implemented, [N] missing |
| Test Coverage | [✅/⚠️/❌] | [X]% coverage, [N] untestable |
| Edge Case Handling | [✅/⚠️/❌] | [N] critical, [N] warning |
| Architecture Alignment | [✅/⚠️/❌] | [N] violations, [N] warnings |
| Security | [✅/⚠️/❌] | [N] critical, [N] high |

**Status icons:** ✅ Good | ⚠️ Needs Attention | ❌ Critical Issues

## Priority Actions

### Must Fix Immediately
1. [Critical issue — source agent, file:line]

### Should Fix Soon
1. [Important issue]

### Consider for Future
1. [Recommendation]

---

## Detailed Reports

### 1. Requirements Compliance
[Full product-reviewer report]

### 2. Test Coverage
[Full code-reviewer-business-logic report]

### 3. Edge Case Analysis
[Full code-reviewer-edge-case report]

### 4. Architecture Review
[Full code-reviewer-architecture report]

### 5. Security Review
[Full code-reviewer-security report]

---

## Next Steps
[Prioritized action list based on combined findings]

Handling Special Cases

No requirements found: Ask the user to provide a requirements file path, master plan, or confirm whether to skip the requirements review.

No recent changes detected: Ask the user for a commit range (e.g., main..feature-branch) or specific files to review.

An agent fails: Note the failure, continue with the remaining agents, and present a partial report. Suggest running the failed review separately.

Reference Files

• references/agent-capabilities.md — Read this when you need to understand what a specific agent analyzes or how to interpret its metrics (e.g., what "critical" vs "warning" means per dimension).
• references/review-interpretation.md — Read this when consolidating findings: contains decision matrices for go/no-go decisions, cross-cutting patterns (issues appearing in multiple reports), and how to prioritize fixes across dimensions.

Limitations

This skill identifies issues but cannot fix them, modify code, or replace human judgment. Use it as part of your quality process, not as a substitute for it.