self-review - Reveni Skills

Arguments: $ARGUMENTS --- Multi-agent review of the current branch compared to `origin/main`. Launches parallel specialized agents to catch bugs, security issues, design problems, and code quality con

Arguments: $ARGUMENTS

Purpose

Multi-agent review of the current branch compared to origin/main. Launches parallel specialized agents to catch bugs, security issues, design problems, and code quality concerns. Outputs a single prioritized report.

Silent Execution

Do NOT ask permission for ANYTHING. This flow has permissions to read everything.
Do NOT create tasks (no TaskCreate or TaskUpdate).
STRICTLY READ-ONLY: NEVER modify any files. Report only.
Do NOT offer to fix anything. No inline suggestions like "I can fix this for you".

Argument Parsing

Valid flags: --quick, --pr <number>.

--quick: Skip the deep agents (architect, security). Only run code-quality and logic checks. Faster but less thorough.
--pr <number>: Instead of comparing local branch to origin/main, fetch the PR diff from GitHub using gh pr diff <number> and analyze that. Useful for reviewing someone else's PR.
No flags: compare current branch to origin/main.

Unknown flags: log a warning and continue.

Flow

Show the plan once at the start:

====================================
SELF-REVIEW
====================================
Phase: Discovery
[ ] 1. Collect branch changes
Phase: Analysis (parallel)
[ ] 2a. Code quality review
[ ] 2b. Logic & correctness review
[ ] 2c. Security review
[ ] 2d. Architecture review
Phase: Report
[ ] 3. Merge & prioritize findings
====================================

Then show a single progress line per step.

Phase: Discovery

1. Collect branch changes

If --pr <number> was provided:

gh pr view <number> --json title,body,baseRefName,headRefName,files
gh pr diff <number>

Use the PR diff as the source of changes.

Otherwise (default — local branch):

# Branch name
git branch --show-current

# Changed files
git diff --name-only --diff-filter=d origin/main

# Full diff (needed by agents)
git diff origin/main

# Commit history
git log --oneline origin/main..HEAD

If no changes found: show "No changes to review." and stop.

Show: ▶ Step 1: Collecting changes... OK (N files changed, K commits)

Phase: Analysis (parallel agents)

Launch ALL agents in parallel using the Agent tool. Each agent receives the full diff and the file list as context. Do NOT run them sequentially.

If --quick flag: only launch agents 2a and 2b. Skip 2c and 2d.

IMPORTANT: You MUST launch the agents in a single message with multiple Agent tool calls so they run concurrently.

2a. Code Quality Review

Launch agent with subagent_type: "oh-my-claudecode:quality-reviewer".

Prompt the agent with:

The full diff
The list of changed files
Instruction to focus on: code smells, duplication, naming, complexity, missing error handling, anti-patterns, SOLID violations, maintainability concerns
Instruction to output findings as a JSON array: [{"severity": "HIGH|MEDIUM|LOW", "category": "...", "file": "...", "line": N, "title": "...", "detail": "...", "snippet": "..."}]

2b. Logic & Correctness Review

Launch agent with subagent_type: "oh-my-claudecode:code-reviewer".

Prompt the agent with:

The full diff
The list of changed files
Instruction to focus on: bugs, race conditions, off-by-one errors, incorrect logic, missing edge cases, broken error flows, wrong return values, state management issues, API contract violations
Same JSON output format as 2a

2c. Security Review

Launch agent with subagent_type: "oh-my-claudecode:security-reviewer".

Prompt the agent with:

The full diff
The list of changed files
Instruction to focus on: injection vulnerabilities (SQL, XSS, command), authentication/authorization gaps, secrets in code, insecure defaults, CSRF, unsafe deserialization, missing input validation, OWASP Top 10
Same JSON output format as 2a

2d. Architecture Review

Launch agent with subagent_type: "oh-my-claudecode:architect".

Prompt the agent with:

The full diff
The list of changed files
The commit history
Instruction to focus on: separation of concerns, coupling between modules, API design, abstraction leaks, scalability concerns, missing tests for critical paths, backwards compatibility
Same JSON output format as 2a

Show progress as each agent completes:

▶ Step 2a: Code quality review... OK (4 findings)
▶ Step 2b: Logic & correctness review... OK (2 findings)
▶ Step 2c: Security review... OK (1 finding)
▶ Step 2d: Architecture review... OK (0 findings)

Phase: Report

3. Merge & prioritize findings

Collect all findings from all agents. Deduplicate: if two agents flag the same file:line with the same concern, keep the one with higher severity and richer detail.

Determine origin tag for each finding using the diff:

NEW — The finding's line(s) are inside a + hunk in the diff.
PRE-EXISTING — The finding's line(s) are not touched by this branch.

Sort by: severity (CRITICAL > HIGH > MEDIUM > LOW), then NEW before PRE-EXISTING, then by file path.

Display the final report:

====================================
   SELF-REVIEW REPORT
====================================

Branch: feature/sc-12345/add-widget
Base: origin/main
Scope: 12 files changed, 5 commits
Agents: quality, logic, security, architecture

── CRITICAL (1) ─────────────────────

  1. [Security] NEW — SQL injection in raw query
     src/api/views/orders.py:45
     → `cursor.execute(f"SELECT * FROM orders WHERE id = {order_id}")`
     → Use parameterized query: cursor.execute("SELECT ... WHERE id = %s", [order_id])
     (agent: security)

── HIGH (2) ──────────────────────────

  2. [Logic] NEW — Missing null check before access
     src/services/returns.py:78
     → `return order.customer.email` — order.customer can be None
     → Add null check or use optional chaining
     (agent: logic)

  3. [Quality] NEW — Function exceeds 80 lines
     src/api/views/orders.py:12-98
     → OrderViewSet.create is 86 lines with 5 levels of nesting
     → Extract validation and notification logic to separate methods
     (agent: quality)

── MEDIUM (2) ─────────────────────────

  4. [Architecture] NEW — Business logic in view layer
     src/api/views/orders.py:30-55
     → Price calculation should live in the domain/service layer
     (agent: architecture)

  5. [Quality] PRE-EXISTING — Duplicated error handling
     src/services/returns.py:22-35
     src/services/exchanges.py:18-31
     → 14 lines of identical try/except pattern
     (agent: quality)

── LOW (1) ────────────────────────────

  6. [Quality] PRE-EXISTING — Unused import
     src/services/returns.py:3
     → `from datetime import timedelta` not used
     (agent: quality)

====================================
   SUMMARY
   1 CRITICAL · 2 HIGH · 2 MEDIUM · 1 LOW
   New: 4 | Pre-existing: 2
   Agents: quality (3) · logic (1) · security (1) · architecture (1)
====================================

Severity definitions:

CRITICAL: Will cause a bug, data loss, or security vulnerability in production. Must fix before merge.
HIGH: Likely to cause issues or significantly hurts maintainability. Should fix before merge.
MEDIUM: Code smell, design concern, or minor issue. Fix if time allows.
LOW: Nitpick, style, or minor improvement. Optional.

If zero findings: show "No issues found. Code looks clean!"

Rules

If an agent fails or times out, log a warning and continue with the other agents' results. Do not fail the entire review.
Maximum 20 findings in the report. If more, show the top 20 by severity and add: ... and N more findings (M high, K medium, L low). Run with --deep for full report. (Note: --deep is reserved for future use.)
Each finding MUST include the agent that produced it in parentheses at the end.
Do NOT fabricate findings. Only report what the agents actually found.
Do NOT repeat the diff or file contents back to the user outside of small snippets in findings.