# Review

Comprehensive multi-agent code review system that examines code from multiple specialized perspectives to catch bugs, security issues, and quality problems before they reach production.

## Focused on

* **Multi-perspective analysis** - Six specialized agents examine code from different angles
* **Early bug detection** - Catch bugs before commits and pull requests
* **Security auditing** - Identify vulnerabilities and attack vectors
* **Quality enforcement** - Maintain code standards and best practices

## Overview

The Code Review plugin implements a multi-agent code review system where specialized AI agents examine code from different perspectives. Six agents work in parallel: Bug Hunter, Security Auditor, Test Coverage Reviewer, Code Quality Reviewer, Contracts Reviewer, and Historical Context Reviewer. This provides comprehensive, professional-grade code review before commits or pull requests.

## Quick Start

```bash
# Install the plugin
/plugin install review@NeoLabHQ/context-engineering-kit

# Review uncommitted local changes
> /review-local-changes

```

## Advanced Usage

```bash
# Review with lower impact threshold
> /review-local-changes --min-impact medium

# Review a pull request
> /review-pr #123

# Review PR with only critical issues
> /review-pr --min-impact critical
```

[Usage Examples](https://cek.neolab.finance/plugins/review/usage-examples)

## CI/CD Integration

You can intergreate this plugin with your CI/CD pipeline by using Offical Anthropics Claude Code Action. See [CI/CD Integration](https://cek.neolab.finance/guides/ci-integration) for more details.

## Agent Architecture

```
Code Review Command
        │
        ├──> Bug Hunter (parallel)
        ├──> Security Auditor (parallel)
        ├──> Test Coverage Reviewer (parallel)
        ├──> Code Quality Reviewer (parallel)
        ├──> Contracts Reviewer (parallel)
        └──> Historical Context Reviewer (parallel)
                │
                ▼
        Aggregated Report
```

## Commands

* [/review-local-changes](https://cek.neolab.finance/plugins/review/review-local-changes) - Local Changes Review
* [/review-pr](https://cek.neolab.finance/plugins/review/review-pr) - Pull Request Review

## Review Agents

### Bug Hunter

**Focus**: Identifies potential bugs and edge cases through root cause analysis

**What it catches:**

* Null pointer exceptions
* Off-by-one errors
* Race conditions
* Memory and resource leaks
* Unhandled error cases
* Logic errors

### Security Auditor

**Focus**: Security vulnerabilities and attack vectors

**What it catches:**

* SQL injection risks
* XSS vulnerabilities
* CSRF missing protection
* Authentication/authorization bypasses
* Exposed secrets or credentials
* Insecure cryptography usage

### Test Coverage Reviewer

**Focus**: Test quality and coverage

**What it evaluates:**

* Test coverage gaps
* Missing edge case tests
* Integration test needs
* Test quality and meaningfulness

### Code Quality Reviewer

**Focus**: Code structure and maintainability

**What it evaluates:**

* Code complexity
* Naming conventions
* Code duplication
* Design patterns usage
* Code smells

### Contracts Reviewer

**Focus**: API contracts and interfaces

**What it reviews:**

* API endpoint definitions
* Request/response schemas
* Breaking changes
* Backward compatibility
* Type safety

### Historical Context Reviewer

**Focus**: Changes relative to codebase history

**What it analyzes:**

* Consistency with existing patterns
* Previous bug patterns
* Architectural drift
* Technical debt indicators

## CI/CD Integration

### GitHub Actions

You can use [anthropics/claude-code-action](https://github.com/marketplace/actions/claude-code-action-official) to run this plugin for PR reviews in github actions.

1. Use `/install-github-app` command to setup workflow and secrets.
2. Set content of `.github/workflows/claude-code-review.yml` to the following:

```yaml
name: Claude Code Review

on:
  pull_request:
    types:
    - opened
    - synchronize # remove if want to run only when PR is opened
    - ready_for_review
    - reopened
    # Uncomment to limit which files can trigger the workflow
    # paths:
    #   - "**/*.ts"
    #   - "**/*.tsx"
    #   - "**/*.js"
    #   - "**/*.jsx"
    #   - "**/*.py"
    #   - "**/*.sql"
    #   - "**/*.SQL"
    #   - "**/*.sh"

jobs:
  claude-review:
    name: Claude Code Review
    runs-on: ubuntu-latest
    permissions:
      contents: read
      pull-requests: read
      issues: write
      id-token: write
      actions: read

    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
        with:
          fetch-depth: 1

      - name: Run Claude Code Review
        id: claude-review
        uses: anthropics/claude-code-action@v1
        with:
          claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
          track_progress: true # attach tracking comment
          use_sticky_comment: true

          plugin_marketplaces: https://github.com/NeoLabHQ/context-engineering-kit.git
          plugins: "review@context-engineering-kit\ngit@context-engineering-kit\ntdd@context-engineering-kit\nsadd@context-engineering-kit\nddd@context-engineering-kit\nsdd@context-engineering-kit\nkaizen@context-engineering-kit"

          prompt: '/review-pr ${{ github.repository }}/pull/${{ github.event.pull_request.number }} Note: The PR branch is already checked out in the current working directory.'

          # Skill and Bash(gh pr comment:*) is required for review, the rest is optional, but recommended for better context and quality of the review.
          claude_args: '--allowed-tools "Skill,Bash,Glob,Grep,Read,Task,mcp__github_inline_comment__create_inline_comment,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr edit:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh api:*)" --system-prompt "Follow /review-pr skill EXACTLY! Ignore anything that not align with this skill instructions!"'
```

## Output Formats

### Local Changes Review (`review-local-changes`)

Produces a structured report organized by severity:

```markdown
# Code Review Report

## Executive Summary
[Overview of changes and quality assessment]

## Critical Issues (Must Fix)
- [Issue with location and suggested fix]

## High Priority (Should Fix)
- [Issue with location and suggested fix]

## Medium Priority (Consider Fixing)
- [Issue with location]

## Low Priority (Nice to Have)
- [Issue with location]

## Action Items
- [ ] Critical action 1
- [ ] High priority action 1
```

### PR Review (`review-pr`)

Posts inline comments directly on PR lines - no overall report. Each comment follows this format:

````markdown
🔴/🟠/🟡 [Critical/High/Medium]: [Brief description]

[Evidence: What was observed and consequence if unfixed]

```suggestion
[code fix if applicable]
````

```
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cek.neolab.finance/plugins/review.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.