code-review
# ClaudeWave Code Review The code-review command performs automated security and quality analysis of uncommitted code changes in a Git repository. Use this command before committing to identify critical security vulnerabilities like hardcoded credentials and injection risks, plus code quality issues such as oversized functions and missing error handling across changed files.
mkdir -p ~/.claude/commands && curl -fsSL https://raw.githubusercontent.com/sangrokjung/claude-forge/HEAD/commands/code-review.md -o ~/.claude/commands/code-review.mdcode-review.md
# Code Review Comprehensive security and quality review of uncommitted changes: 1. Get changed files: git diff --name-only HEAD 2. For each changed file, check for: **Security Issues (CRITICAL):** - Hardcoded credentials, API keys, tokens - SQL injection vulnerabilities - XSS vulnerabilities - Missing input validation - Insecure dependencies - Path traversal risks **Code Quality (HIGH):** - Functions > 50 lines - Files > 800 lines - Nesting depth > 4 levels - Missing error handling - console.log statements - TODO/FIXME comments - Missing JSDoc for public APIs **Best Practices (MEDIUM):** - Mutation patterns (use immutable instead) - Emoji usage in code/comments - Missing tests for new code - Accessibility issues (a11y) 3. Generate report with: - Severity: CRITICAL, HIGH, MEDIUM, LOW - File location and line numbers - Issue description - Suggested fix 4. Block commit if CRITICAL or HIGH issues found Never approve code with security vulnerabilities! --- ## 다음 단계 | 리뷰 후 | 커맨드 | |:--------|:-------| | 빌드/테스트 검증 | `/handoff-verify` | | 바로 커밋 | `/commit-push-pr` |
Software architecture specialist for system design, scalability, and technical decision-making. Use PROACTIVELY when planning new features, refactoring large systems, or making architectural decisions.
Build and TypeScript error resolution specialist. Use PROACTIVELY when build fails or type errors occur. Fixes build/type errors only with minimal diffs, no architectural edits. Focuses on getting the build green quickly.
Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code. MUST BE USED for all code changes.
PostgreSQL database specialist for query optimization, schema design, security, and performance. Use PROACTIVELY when writing SQL, creating migrations, designing schemas, or troubleshooting database performance. Incorporates Supabase best practices.
Documentation and codemap specialist. Use PROACTIVELY for updating codemaps and documentation. Runs /update-codemaps and /update-docs, generates docs/CODEMAPS/*, updates READMEs and guides.
End-to-end testing specialist using Vercel Agent Browser (preferred) with Playwright fallback. Use PROACTIVELY for generating, maintaining, and running E2E tests. Manages test journeys, quarantines flaky tests, uploads artifacts (screenshots, videos, traces), and ensures critical user flows work.
Expert planning specialist for complex features and refactoring. Use PROACTIVELY when users request feature implementation, architectural changes, or complex refactoring. Automatically activated for planning tasks.
Dead code cleanup and consolidation specialist. Use PROACTIVELY for removing unused code, duplicates, and refactoring. Runs analysis tools (knip, depcheck, ts-prune) to identify dead code and safely removes it.