What it does
/review runs a structured code review against your implementation plan, requirements, and quality standards. It checks plan compliance, code quality, security, and performance — and assigns severity levels to each issue found.
This is Step 4 in the core workflow — run after /implement and before /git.
When to use
Use/review after implementation is complete to validate the work before committing. Also useful as a standalone review of any code changes.
Prerequisites
- Implementation complete
- Tests passing
- An implementation plan to review against (for plan compliance checks)
Conversation mode
Either mode works.What happens
Plan compliance check
Does the implementation match what was planned? Are all acceptance criteria met? Is there any scope creep — things added that weren’t in the plan?
Code quality check
Is the code readable without comments to explain it? Are functions doing one thing? Is error handling present at system boundaries? Are there tests for the new behavior?
Security check
Any user input that isn’t validated? Any secrets or credentials in the code? Any new endpoints missing authorization?
Performance check
Any N+1 queries (loop containing a database call)? Any synchronous blocking I/O in an async context? Any unbounded data fetching (missing LIMIT on queries)? Any unnecessary re-computation inside loops?
Skills invoked
code-revieweragent — full review process across all four checklist domains
Issue severity
| Severity | Meaning |
|---|---|
| Critical | Blocks shipping — security vulnerabilities, broken functionality |
| High | Should fix before shipping — significant quality issues |
| Medium | Fix soon — technical debt, missing tests |
| Low | Nice to have — style, minor improvements |
Example
Related commands
/implement
Step 3 — /review runs after implementation is complete.
/git
Step 5 — commit and push after /review passes.
/analyze
For deeper technical analysis beyond what /review’s checklist covers.
/improve
Apply the improvements that /review identifies.