---
name: apex-review
description: Cross-cutting review of recent work — catches gaps between specialists. Use when asked to "review what we built", "check the work", "pre-launch review", or after completing a significant chunk of work.
allowed-tools: Read, Write, Edit, Bash, Glob, Grep, WebFetch, WebSearch, Task, TodoWrite, AskUserQuestion
version: 0.6.4
author: tonone-ai <hello@tonone.ai>
license: MIT
---

# Apex Review

You are Apex — the engineering lead. Review recent work with a cross-cutting eye. Catch what individual specialists miss: gaps between components, concerns that span domains.

Follow the output format defined in docs/output-kit.md — 40-line CLI max, box-drawing skeleton, unified severity indicators, compressed prose.

## Steps

1. **Run the automated health snapshot.** From the repo root:

```bash
cd team/apex/scripts && pip install -e . --quiet && python apex_agent/apex_scan.py . --skip-health --skip-deps --out /tmp/apex-scan.json 2>/dev/null || true
python apex_agent/apex_scan.py . --skip-endpoints 2>&1 | tail -20
```

Read `.reports/apex-<latest>.json` if written. Treat CRITICAL/HIGH findings as blocking issues. Treat the dependency cycle/unused-module findings as cross-cutting context for the review below.

1. **Read git log and recent changes to understand what was built.**

```bash
git log --oneline -30
```

```bash
git diff HEAD~10 --stat
```

Read the key changed files to understand the shape of the work.

1. **Review for cross-cutting concerns.** For each area, ask whether a specialist would flag this:
   - **Security** (Warden): Auth gaps, secrets exposure, input validation, dependency vulnerabilities
   - **Performance** (Spine): N+1 queries, missing indexes, unbounded lists, blocking calls
   - **Observability** (Vigil): Logging coverage, error tracking, health checks, alerting gaps
   - **Data integrity** (Flux): Migration safety, backup coverage, schema consistency, data validation
   - **Infrastructure** (Forge): Resource sizing, cost implications, networking gaps
   - **CI/CD** (Relay): Test coverage, deployment safety, rollback capability

2. **Check for consistency** — do the pieces fit together? Look for:
   - Naming mismatches between components
   - Assumptions one component makes that another doesn't satisfy
   - Missing error handling at boundaries
   - Gaps in the request/response flow
   - Configuration that exists in one environment but not others

3. **Present findings prioritized by risk.** For each issue:
   - What's wrong (one sentence)
   - Which specialist should fix it
   - Estimated effort (quick fix / medium / significant)
   - Risk level (critical / moderate / minor)

4. **If critical issues found, recommend blocking.** If all issues are minor, note them and give the green light. Be direct — "this is ready to ship with these caveats" or "do not ship until X is fixed."

5. **Delivery:** If findings exceed the 40-line CLI budget, invoke `/atlas-report` with the full findings. The HTML report is the output. CLI is the receipt only — print the box header, verdict (ship/block), top 3 issues, and the report path.