Comprehensive code review workflow coordinating quality, security, performance, and documentation reviewers. 4-hour timeline for thorough multi-agent review.
Sign in to like and favorite skills
Comprehensive code review using specialized reviewers for different quality aspects.
Phases:
Parallel Automated Testing:
// Initialize review swarm await mcp__ruv-swarm__swarm_init({ topology: 'star', // Coordinator pattern for reviews maxAgents: 6, strategy: 'specialized' }); // Run all automated checks in parallel const [lint, tests, coverage, build] = await Promise.all([ Task("Linter", ` Run linting checks: - ESLint for JavaScript/TypeScript - Pylint for Python - RuboCop for Ruby - Check for code style violations Store results: code-review/${prId}/lint-results `, "reviewer"), Task("Test Runner", ` Run test suite: - Unit tests - Integration tests - E2E tests (if applicable) - All tests must pass Store results: code-review/${prId}/test-results `, "tester"), Task("Coverage Analyzer", ` Check code coverage: - Overall coverage > 80% - New code coverage > 90% - No critical paths uncovered Generate coverage report Store: code-review/${prId}/coverage-report `, "reviewer"), Task("Build Validator", ` Validate build: - Clean build (no warnings) - Type checking passes - No broken dependencies - Bundle size within limits Store build results: code-review/${prId}/build-status `, "reviewer") ]); // If any automated check fails, stop and request fixes if (hasFailures([lint, tests, coverage, build])) { await Task("Review Coordinator", ` Automated checks failed. Request fixes from author: ${summarizeFailures([lint, tests, coverage, build])} Store feedback: code-review/${prId}/automated-feedback `, "pr-manager"); return; // Stop review until fixed }
Deliverables:
Sequential coordination of parallel reviews:
// Spawn specialized reviewers in parallel const [codeQuality, security, performance, architecture, docs] = await Promise.all([ Task("Code Quality Reviewer", ` Review for code quality: **Readability**: - Clear, descriptive names (variables, functions, classes) - Appropriate function/method length (< 50 lines) - Logical code organization - Minimal cognitive complexity **Maintainability**: - DRY principle (no code duplication) - SOLID principles followed - Clear separation of concerns - Proper error handling **Best Practices**: - Following language idioms - Proper use of design patterns - Appropriate comments (why, not what) - No code smells (magic numbers, long parameter lists) Store review: code-review/${prId}/quality-review Rating: 1-5 stars `, "code-analyzer"), Task("Security Reviewer", ` Review for security issues: **Authentication & Authorization**: - Proper authentication checks - Correct authorization rules - No privilege escalation risks - Secure session management **Data Security**: - Input validation (prevent injection attacks) - Output encoding (prevent XSS) - Sensitive data encryption - No hardcoded secrets or credentials **Common Vulnerabilities** (OWASP Top 10): - SQL Injection prevention - XSS prevention - CSRF protection - Secure dependencies (no known vulnerabilities) Store review: code-review/${prId}/security-review Severity: Critical/High/Medium/Low for each finding `, "security-manager"), Task("Performance Reviewer", ` Review for performance issues: **Algorithmic Efficiency**: - Appropriate time complexity (no unnecessary O(n²)) - Efficient data structures chosen - No unnecessary iterations - Lazy loading where appropriate **Resource Usage**: - No memory leaks - Proper cleanup (connections, files, timers) - Efficient database queries (avoid N+1) - Batch operations where possible **Optimization Opportunities**: - Caching potential - Parallelization opportunities - Database index needs - API call optimization Store review: code-review/${prId}/performance-review Impact: High/Medium/Low for each finding `, "perf-analyzer"), Task("Architecture Reviewer", ` Review for architectural consistency: **Design Patterns**: - Follows established patterns in codebase - Appropriate abstraction level - Proper dependency injection - Clean architecture principles **Integration**: - Fits well with existing code - No unexpected side effects - Backward compatibility maintained - API contracts respected **Scalability**: - Design supports future growth - No hardcoded limits - Stateless where possible - Horizontally scalable Store review: code-review/${prId}/architecture-review Concerns: Blocker/Major/Minor for each finding `, "system-architect"), Task("Documentation Reviewer", ` Review documentation: **Code Documentation**: - Public APIs documented (JSDoc/docstring) - Complex logic explained - Non-obvious behavior noted - Examples provided where helpful **External Documentation**: - README updated (if needed) - API docs updated (if API changed) - Migration guide (if breaking changes) - Changelog updated **Tests as Documentation**: - Test names are descriptive - Test coverage demonstrates usage - Edge cases documented in tests Store review: code-review/${prId}/docs-review Completeness: 0-100% `, "api-docs") ]); // Aggregate all reviews await Task("Review Aggregator", ` Aggregate specialized reviews: - Quality: ${codeQuality} - Security: ${security} - Performance: ${performance} - Architecture: ${architecture} - Documentation: ${docs} Identify: - Blocking issues (must fix before merge) - High-priority suggestions - Nice-to-have improvements Generate summary Store: code-review/${prId}/aggregated-review `, "reviewer");
Deliverables:
Sequential Analysis:
// Step 1: Integration Testing await Task("Integration Tester", ` Test integration with existing system: - Does this change break any existing functionality? - Are all integration tests passing? - Does it play well with related modules? - Any unexpected side effects? Run integration test suite Store results: code-review/${prId}/integration-tests `, "tester"); // Step 2: Deployment Impact await Task("DevOps Reviewer", ` Assess deployment impact: - Infrastructure changes needed? - Database migrations required? - Configuration updates needed? - Backward compatibility maintained? - Rollback plan clear? Store assessment: code-review/${prId}/deployment-impact `, "cicd-engineer"); // Step 3: User Impact await Task("Product Reviewer", ` Assess user impact: - Does this change improve user experience? - Are there any user-facing changes? - Is UX/UI consistent with design system? - Are analytics/tracking updated? Store assessment: code-review/${prId}/user-impact `, "planner"); // Step 4: Risk Assessment await Task("Risk Analyzer", ` Overall risk assessment: - What's the blast radius of this change? - What's the worst-case failure scenario? - Do we have rollback procedures? - Should this be feature-flagged? - Monitoring and alerting adequate? Store risk assessment: code-review/${prId}/risk-analysis Recommendation: Approve/Conditional/Reject `, "reviewer");
Deliverables:
Sequential Finalization:
// Step 1: Generate Final Summary await Task("Review Coordinator", ` Generate final review summary: **Automated Checks**: ✅ All passing **Quality Review**: ${qualityScore}/5 **Security Review**: ${securityIssues} issues (${criticalCount} critical) **Performance Review**: ${perfIssues} issues (${highImpactCount} high-impact) **Architecture Review**: ${archConcerns} concerns (${blockerCount} blockers) **Documentation Review**: ${docsCompleteness}% complete **Integration Tests**: ${integrationStatus} **Deployment Impact**: ${deploymentImpact} **User Impact**: ${userImpact} **Risk Level**: ${riskLevel} **Blocking Issues**: ${listBlockingIssues()} **Recommendations**: ${generateRecommendations()} **Overall Decision**: ${decision} (Approve/Request Changes/Reject) Store final summary: code-review/${prId}/final-summary `, "pr-manager"); // Step 2: Author Notification await Task("Notification Agent", ` Notify PR author: - Review complete - Summary of findings - Action items (if any) - Next steps Send notification Store: code-review/${prId}/author-notification `, "pr-manager"); // Step 3: Decision Actions if (decision === 'Approve') { await Task("Merge Coordinator", ` Approved for merge: - Add "approved" label - Update PR status - Queue for merge (if auto-merge enabled) - Notify relevant teams Store: code-review/${prId}/merge-approval `, "pr-manager"); } else if (decision === 'Request Changes') { await Task("Feedback Coordinator", ` Request changes: - Create detailed feedback comment - Label as "changes-requested" - Assign back to author - Schedule follow-up review Store: code-review/${prId}/change-request `, "pr-manager"); } else { await Task("Rejection Handler", ` Reject PR: - Create detailed explanation - Suggest alternative approaches - Label as "rejected" - Close PR (or request fundamental rework) Store: code-review/${prId}/rejection `, "pr-manager"); }
Deliverables:
DO Review:
DON'T Nitpick:
Effective Feedback:
Ineffective Feedback:
Tone:
Total Agents Used: 12-15 Execution Pattern: Star topology (coordinator with specialists) Timeline: 4 hours Memory Namespaces: code-review/{pr-id}/*
Key Agents:
// Invoke this SOP skill for a PR Skill("sop-code-review") // Or execute with specific PR Task("Code Review Orchestrator", ` Execute comprehensive code review for PR #${prNumber} Repository: ${repoName} Author: ${authorName} Changes: ${changesSummary} `, "pr-manager")
Status: Production-ready SOP Complexity: Medium (12-15 agents, 4 hours) Pattern: Star topology with specialized reviewers