commands/code-review.md

# Code Review

Comprehensive security and quality review of uncommitted changes:

1. Get changed files: git diff --name-only HEAD

2. For each changed file, check for:

**Security Issues (CRITICAL):**
- Hardcoded credentials, API keys, tokens
- SQL injection vulnerabilities
- XSS vulnerabilities  
- Missing input validation
- Insecure dependencies
- Path traversal risks

**Code Quality (HIGH):**
- Functions > 50 lines
- Files > 800 lines
- Nesting depth > 4 levels
- Missing error handling
- console.log statements
- TODO/FIXME comments
- Missing JSDoc for public APIs

**Best Practices (MEDIUM):**
- Mutation patterns (use immutable instead)
- Emoji usage in code/comments
- Missing tests for new code
- Accessibility issues (a11y)

3. Generate report with:
   - Severity: CRITICAL, HIGH, MEDIUM, LOW
   - File location and line numbers
   - Issue description
   - Suggested fix

4. Block commit if CRITICAL or HIGH issues found

Never approve code with security vulnerabilities!
Initial release: Complete Claude Code configuration collection Battle-tested configs from 10+ months of daily Claude Code usage. Won Anthropic x Forum Ventures hackathon building zenith.chat. Includes: - 9 specialized agents (planner, architect, tdd-guide, code-reviewer, etc.) - 9 slash commands (tdd, plan, e2e, code-review, etc.) - 8 rule files (security, coding-style, testing, git-workflow, etc.) - 7 skills (coding-standards, backend-patterns, frontend-patterns, etc.) - Hooks configuration (PreToolUse, PostToolUse, Stop) - MCP server configurations (15 servers) - Plugin/marketplace documentation - Example configs (project CLAUDE.md, user CLAUDE.md, statusline) Read the full guide: https://x.com/affaanmustafa/status/2012378465664745795 2026-01-17 17:49:33 -08:00			`# Code Review`

			`Comprehensive security and quality review of uncommitted changes:`

			`1. Get changed files: git diff --name-only HEAD`

			`2. For each changed file, check for:`

			`Security Issues (CRITICAL):`
			`- Hardcoded credentials, API keys, tokens`
			`- SQL injection vulnerabilities`
			`- XSS vulnerabilities`
			`- Missing input validation`
			`- Insecure dependencies`
			`- Path traversal risks`

			`Code Quality (HIGH):`
			`- Functions > 50 lines`
			`- Files > 800 lines`
			`- Nesting depth > 4 levels`
			`- Missing error handling`
			`- console.log statements`
			`- TODO/FIXME comments`
			`- Missing JSDoc for public APIs`

			`Best Practices (MEDIUM):`
			`- Mutation patterns (use immutable instead)`
			`- Emoji usage in code/comments`
			`- Missing tests for new code`
			`- Accessibility issues (a11y)`

			`3. Generate report with:`
			`- Severity: CRITICAL, HIGH, MEDIUM, LOW`
			`- File location and line numbers`
			`- Issue description`
			`- Suggested fix`

			`4. Block commit if CRITICAL or HIGH issues found`

			`Never approve code with security vulnerabilities!`