---
name: code-review
trigger: /impl review
description: Review code changes for quality, correctness, and security
---

# Skill: Code Review

## Trigger
`/impl review [file path, PR reference, or description of changes]`

## Description
Review code changes using a structured checklist. Produce a review with CRITICAL, IMPORTANT, and MINOR findings.

## Inputs
- target: string, file path, PR reference, or description of what to review (required)

## Process
1. Read the code changes (diff or full files)
2. Apply the review checklist:
   - **Logic correctness**: does the code do what it claims? Edge cases handled?
   - **Code style**: ESLint and Prettier compliance; TypeScript strict mode adherence
   - **Security (OWASP Top 10)**: input validation, output encoding, auth checks, secrets handling, dependency vulnerabilities
   - **Performance**: O(n) complexity, N+1 query patterns, unbounded loops, missing pagination
   - **Test coverage**: are new code paths covered? Coverage decreased?
   - **Documentation**: public interfaces documented? Complex logic explained?
3. Categorise findings:
   - CRITICAL: must resolve before merge; blocks PR
   - IMPORTANT: should resolve; human reviewer decides
   - MINOR: suggestions for improvement; non-blocking
4. For each finding: specify file, line, category, description, and suggested remediation
5. Escalate: OWASP findings, ambiguous logic, performance requiring load testing

## Output
Structured review comment with CRITICAL, IMPORTANT, and MINOR sections.

## Autonomy
- Tier 1: producing the review
- At L4: blocking authority on CRITICAL findings; can approve PRs meeting all quality gates

## Error Handling
- If target not found: ask for clarification