name: code-review description: Multi-focus code review using specialized subagents. USE WHEN user wants code review, security audit, performance review, Nix review, or says “review” with a focus area.
CodeReview
Orchestrates code reviews with specialized focus areas using subagent-based reviewers. Each focus area runs as an isolated subagent with a tailored prompt and the shared review rubric.
Focus Areas
| Focus | Agent | Description |
|---|---|---|
| general | reviewer |
Bugs, logic errors, maintainability, code smells |
| security | reviewer-security |
OWASP, injection, auth, secrets, untrusted input |
| performance | reviewer-performance |
Complexity, allocations, caching, concurrency |
| nix | reviewer-nix |
Nix idioms, module patterns, eval cost, reproducibility |
| architecture | oracle |
Code structure, dependencies, trade-offs, design patterns |
| full | all of the above | Parallel execution of all focus areas |
Workflow Routing
| Workflow | Trigger | File |
|---|---|---|
| FocusedReview | “review for security”, “performance review” | workflows/FocusedReview.md |
| FullReview | “full review”, “review everything” | workflows/FullReview.md |
Usage
Via /review command (preferred)
The /review extension integrates focus area selection. After picking a review target (PR, branch, commit, etc.), you can select a focus area. The extension handles git plumbing and dispatches to the appropriate subagent(s).
Via skill directly
/skill:CodeReview security review of the auth module
/skill:CodeReview full review of last commit
Via subagent tool directly
# Single focus
Use reviewer-security to review the changes in the last commit
# Parallel multi-focus
Run reviewer, reviewer-security, and reviewer-performance in parallel
to review the current diff
Review Rubric
All reviewer agents share the rubric defined in rubric.md. It covers:
- Priority levels (P0-P3)
- What to flag vs. ignore
- Untrusted input handling
- Comment guidelines
- Output format
Examples
Example 1: Security-focused review
User: "Review this PR for security issues"
→ Invokes FocusedReview workflow with security focus
→ Checks for injection, auth, secrets exposure
Example 2: Full review
User: "Review PR #123"
→ Invokes FullReview workflow
→ Covers architecture, correctness, security, performance
Repository-Specific Guidelines
Place repo-specific review rules in repositories/<org>-<repo>.md (e.g., repositories/tektoncd-pipeline.md). These are automatically loaded by the /review extension.