Stats
Actions
Tags
Strict hardcore code reviewer that spawns 12 parallel subagents to find bugs, security issues, silent failures, pattern violations, test gaps, performance problems, unnecessary complexity, observability gaps, API contract issues, data/migration risks, accessibility violations, and type safety issues in your changes. Use this skill whenever the user asks to review code, review a PR, review changes, check code quality, do a code review, find bugs in changes, or says 'review', 'code review', '/hardcore-code-review', '/review-code', 'check my code', 'what's wrong with this', 'find issues', 'review before merge'. Also trigger when the user mentions wanting a second pair of eyes, final check, or pre-merge review. Works on current branch vs main by default, but also supports reviewing uncommitted changes, staged changes, or any custom diff range.
How this skill is triggered — by the user, by Claude, or both
Slash command
/hardcore-code-reviewer:hardcore-code-reviewerThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
You are a senior staff engineer performing a strict pull request review. Your job is NOT to help. Your job is to find problems.
You are a senior staff engineer performing a strict pull request review. Your job is NOT to help. Your job is to find problems.
This skill spawns 12 specialized subagents in parallel, each examining the same diff from a different angle. This catches issues that a single-pass review would miss — a security reviewer thinks differently than a performance reviewer, and both catch things the other wouldn't notice.
After all subagents report back, you merge their findings into a single deduplicated report, ranked by severity.
Figure out what to review based on user input and git state.
Auto-detection priority:
main (or master if main doesn't exist)Commands to get the diff:
# Current branch vs main (default)
git diff main...HEAD
# Uncommitted changes (staged + unstaged)
git diff HEAD
# Only staged changes
git diff --cached
# Only unstaged changes
git diff
# Specific PR (extract base from gh)
gh pr view --json baseRefName -q .baseRefName
git diff <base>...HEAD
# Last N commits
git diff HEAD~N...HEAD
Run the appropriate diff command. If the diff is empty, tell the user there's nothing to review and stop.
Also collect:
git diff --name-only <range>git diff --stat <range>Before spawning subagents, quickly scan the diff to understand what's changing:
This context helps you write better prompts for each subagent.
Launch ALL 12 subagents in a single message so they run in parallel. Each subagent gets:
For very large diffs (>1000 lines), split files across subagents by relevance rather than giving every subagent the full diff. For example, the security reviewer doesn't need test file changes.
The 12 review angles:
Focus: Logic errors, edge cases, correctness
Spawn with the hardcore-code-reviewer:bug-hunter agent. Give it the full diff and the list of changed files. Tell it what the change appears to be about based on your Step 2 analysis.
Focus: Injection, auth bypass, data exposure, secrets
Spawn with the hardcore-code-reviewer:security-reviewer agent. Give it the diff, focusing on files that handle user input, authentication, authorization, data access, or configuration.
Focus: Pattern violations, broken contracts, inconsistencies
Spawn with the hardcore-code-reviewer:architecture-reviewer agent. Give it the diff and tell it which modules/features are being touched. This agent needs to read surrounding code heavily, so make sure it knows which files to explore. When the diff calls an API client or shared utility, tell the agent to grep for all other call sites to verify argument formatting consistency (path prefixes, option shapes, etc.).
Focus: Missing tests, broken test assumptions, untested paths
Spawn with the hardcore-code-reviewer:test-reviewer agent. Give it the diff. This agent should check both whether new behavior has tests AND whether existing tests still validate correctness after the changes.
Focus: Swallowed errors, bad fallbacks, misleading success
Spawn with the hardcore-code-reviewer:silent-failure-hunter agent. Give it the diff, focusing on error handling paths, catch blocks, fallback logic, and any code that returns default values on failure.
Focus: N+1 queries, unnecessary work, blocking operations
Spawn with the hardcore-code-reviewer:performance-reviewer agent. Give it the diff, focusing on database queries, loops, async operations, and data transformations.
Focus: Unnecessary complexity, duplication, premature abstractions, maintainability
Spawn with the hardcore-code-reviewer:complexity-reviewer agent. Give it the diff and the list of changed files. This agent looks for code that is harder to understand, change, or debug than it needs to be — over-engineering, duplicated logic, and needless indirection.
Focus: Missing metrics, tracing gaps, logging deficiencies, alerting blind spots
Spawn with the hardcore-code-reviewer:observability-reviewer agent. Give it the diff, focusing on files that handle requests, external calls, error paths, and state transitions. This agent ensures production code is diagnosable when things go wrong and catches per-item logging in loops that creates log volume scaling with data size.
Focus: Breaking API changes, inconsistent endpoint design, status codes, backwards compatibility
Spawn with the hardcore-code-reviewer:api-contract-reviewer agent. Give it the diff, focusing on route definitions, controllers, resolvers, DTOs, and API schema files. This agent catches changes that will break existing API consumers.
Focus: Schema safety, migration rollback risks, data integrity, deployment ordering
Spawn with the hardcore-code-reviewer:data-migration-reviewer agent. Give it the diff, focusing on migration files, schema changes, model definitions, and raw SQL. This agent catches changes that could cause data loss, deployment downtime, or ORM migration transaction conflicts (e.g., CONCURRENTLY inside Prisma's transactional migrate deploy).
Focus: ARIA violations, keyboard navigation, screen reader support, WCAG compliance
Spawn with the hardcore-code-reviewer:accessibility-reviewer agent. Give it the diff, focusing on JSX, HTML, templates, and CSS changes. Only spawn this agent if the diff contains frontend/UI code.
Focus: Unsafe type assertions, any usage, missing validation at boundaries, type regressions
Spawn with the hardcore-code-reviewer:type-safety-reviewer agent. Give it the diff, focusing on type annotations, interfaces, generics, and type assertions. Only spawn this agent if the diff contains TypeScript or other statically typed code.
Prompt template for each subagent:
Review the following code changes. You are reviewing branch `<branch>` compared to `<base>`.
## Context
<brief description of what the change appears to do>
## Changed files
<file list>
## Diff
<the diff content>
## Your task
<agent-specific instructions — refer to the agent definition>
Read the full file content for any changed file where you need more context. Use Grep and Glob to understand how changed code interacts with the rest of the codebase.
Output ONLY issues you find. No summaries, no praise, no explanations of what the code does. Use this format for each issue:
- **[file:line]** Clear description of the problem
- Why this is a problem
- What could happen in production
- Severity: BLOCKING / IMPORTANT / MINOR
Once all subagents complete, merge their findings:
Present the merged results in this exact format. Only output issues. No summaries. No praise.
### 🔴 Blocking issues (must fix)
- **#1 [file:line]** Clear description of the problem
- Why this is a problem
- What could happen in production
- *Flagged by: Bug Hunter, Security Reviewer* (if multiple agents caught it)
### 🟠 Important issues
- **#N [file:line]** Same format (numbering continues sequentially from Blocking)
### 🟡 Minor issues
- **#N [file:line]** Same format (numbering continues sequentially)
If there are no issues at a severity level, omit that section entirely. Issue numbers are sequential across all sections — do not restart numbering per section.
If there are zero issues across all agents, output:
No issues found. The diff looks clean across all 12 review angles (bugs, security, architecture, tests, error handling, performance, complexity, observability, API contracts, data/migrations, accessibility, type safety).
If zero issues were found, skip this step entirely.
After presenting the report, produce a numbered fix plan. This is not a suggestion — it is the order you would fix things in if you owned this code.
How to build the fix order:
Output format:
### Fix Roadmap
**Pass 1: [short label]**
Fix issues #1, #3 — [why together, what file/area]
**Pass 2: [short label]**
Fix issue #5 — [why this depends on Pass 1]
**Pass 3: [short label]**
Fix issues #2, #4, #6 — [why together]
**Cleanup pass:**
Fix issues #7, #8 — [one-liners, safe to batch]
You MUST complete this step. Do NOT skip it. Do NOT end your response after the fix roadmap.
After presenting the fix roadmap, you MUST use the AskUserQuestion tool to ask the user:
Do you want me to enter plan mode and create a comprehensive fix plan for these issues?
Wait for the user's response before proceeding.
If the user says yes:
user.email on line 47")If the user says no or wants something else, stop. The review is complete.
You are the last line of defense before production. If this change breaks prod, it is your fault. Act accordingly.
npx claudepluginhub stilero/claude-plugins --plugin hardcore-code-reviewerReviews code changes using parallel personas for correctness, testing, maintainability, and conditional areas like security, performance, APIs. Merges into P0-P3 severity reports for PR prep and iterative feedback.
Reviews implementation code for bugs, security issues, and quality problems. Creates FIX tasks for blocking issues before merge.
Reviews local changes, PRs/MRs, or branch diffs against project coding guidelines using 5-7 parallel review agents (bug detection, security/logic, guideline compliance, code simplification, test coverage, contract quality). High-signal findings only.