OpenSkillIndex← back to search
claude-code

Marketplace review-changes

Code review of current git changes, compare to related plan if exists, identify bad engineering, over-engineering, or suboptimal solutions. Use when user asks to review changes, check git diff, validate implementation quality, or assess code changes.

install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/cygnusfear/review-changes" ~/.claude/skills/aiskillstore-marketplace-review-changes && rm -rf "$T"
manifest: skills/cygnusfear/review-changes/SKILL.md
source content

Review Git Changes

Instructions

Perform thorough code review of current working copy changes, optionally compare to plan, and identify engineering issues.

Phase 1: Discover Changes & Context

Step 1: Get Current Changes

# See changed files
git status

# See detailed diff
git diff

# See staged changes separately
git diff --cached

# See both staged and unstaged
git diff HEAD

Step 2: Identify Related Plan (if exists)

Search for related plan file:

  • Check 
    .plans/
    directory for relevant plan
  • Look for plan mentioned in branch name
  • Ask user if unsure which plan applies
  • If no plan exists, review against general best practices

If plan exists:

  • Read the entire plan
  • Understand intended design and architecture
  • Note specific requirements and constraints

Step 3: Categorize Changed Files

Group files by type:

  • New files: Created from scratch
  • Modified files: Existing files changed
  • Deleted files: Removed files
  • Renamed/moved files: Organizational changes

Create todo list with one item per changed file to review.

Phase 2: Systematic File Review

For EACH changed file in the todo list:

Step 1: Read Current State

  • Read the entire file in its current state
  • Understand what it does
  • Note its responsibilities

Step 2: Analyze the Changes

Read git diff to see exactly what changed:

  • What was added?
  • What was removed?
  • What was modified?

Step 3: Assess Against Plan (if applicable)

If plan exists, check:

  • Does implementation match plan?

    • Are planned features implemented correctly?
    • Is architecture followed?
    • Are file names as specified?

  • Scope adherence:

    • Is this change in the plan?
    • Is it necessary for the plan's goals?
    • Is it scope creep?

  • REMOVAL SPEC compliance:

    • If plan said to remove code, was it removed?
    • Is old code still present when it shouldn't be?

Step 4: Identify Engineering Issues

Check for Bad Engineering:

  • Bugs: Logic errors, off-by-one, race conditions
  • Poor error handling: Swallowed errors, generic catches
  • Missing validation: No input validation, no null checks
  • Hard-coded values: Magic numbers, hardcoded URLs/paths
  • Tight coupling: Unnecessary dependencies between modules
  • Violation of SRP: Class/function doing too many things
  • Incorrect patterns: Misuse of design patterns
  • Type issues: Use of 
    any
    , missing types, wrong types
  • Missing edge cases: Doesn't handle empty/null/error cases

Check for Over-Engineering:

  • Unnecessary abstraction: Too many layers for simple logic
  • Premature optimization: Complex code for unmeasured performance
  • Framework overuse: Using heavy library for simple task
  • Feature creep: Adding features not in requirements
  • Gold plating: Excessive polish on non-critical code
  • YAGNI violations: Code for "might need later" scenarios
  • Complexity without benefit: Complicated when simple works

Check for Suboptimal Solutions:

  • Duplication: Copy-pasted code instead of extraction
  • Reinventing wheel: Custom code when standard library exists
  • Wrong tool: Using inappropriate data structure/algorithm
  • Inefficient approach: O(n²) when O(n) is obvious
  • Poor naming: Unclear variable/function names
  • Missing reuse: Existing utilities/types not used
  • Inconsistent patterns: Doesn't match codebase style
  • Technical debt: Quick hack instead of proper solution

Step 5: Check Code Quality

  • Readability: Is code clear and self-documenting?
  • Maintainability: Will this be easy to change later?
  • Testability: Can this be tested easily?
  • Performance: Any obvious performance issues?
  • Security: Any security vulnerabilities?
  • Consistency: Matches existing codebase patterns?

Step 6: Record Findings

Store in memory:

File: path/to/file.ts
Change Type: [New|Modified|Deleted]
Plan Compliance: [Matches|Deviates|Not in plan]
Issues:
  Bad Engineering:
    - [Specific issue with line number]
  Over-Engineering:
    - [Specific issue with line number]
  Suboptimal:
    - [Specific issue with line number]
Severity: [CRITICAL|HIGH|MEDIUM|LOW]

Step 7: Update Todo

Mark file as reviewed in todo list.

Phase 2.5: Issue/Task Coverage Verification (MANDATORY)

CRITICAL: Before completing the review, verify that 100% of the original issue/task requirements are implemented.

Step 1: Identify Source Requirements

Locate the original requirements from:

  • GitHub issue (
    gh issue view <number>
    )
  • PR description referencing issues
  • Task ticket or plan file in 
    .plans/
  • Commit messages describing the work

Step 2: Extract ALL Requirements

Create exhaustive checklist:

  • Functional requirements (what it should do)
  • Acceptance criteria (how to verify)
  • Edge cases mentioned
  • Error handling requirements

Step 3: Verify Each Requirement

#RequirementStatusEvidence
1[requirement]✅/❌/⚠️file:line or "Missing"

Step 4: Coverage Assessment

Requirements Coverage = (Implemented / Total) × 100%

Anything less than 100% = REQUEST CHANGES immediately

Add to report:

## Issue/Task Coverage

**Source**: [Issue #X / Plan file]
**Coverage**: X% (Y of Z requirements)

### Missing Requirements
- ❌ [Requirement X]: Not implemented
- ❌ [Requirement Y]: Partially implemented - [what's missing]

**VERDICT**: Coverage incomplete. Cannot approve until 100% implemented.

Phase 3: Cross-File Analysis

After reviewing all files:

Step 1: Architectural Impact

  • How do changes affect overall system architecture?
  • Are there breaking changes?
  • Do changes introduce new dependencies?
  • Is there architectural drift from the plan?

Step 2: Pattern Consistency

  • Are changes consistent with each other?
  • Do they follow same patterns?
  • Any conflicting approaches?

Step 3: Completeness Check

  • Are all related changes present?
  • Missing files that should be changed?
  • Orphaned references?

Phase 4: Generate Review Report

Create report at 

.reviews/code-review-[timestamp].md
:

# Code Review Report
**Date**: [timestamp]
**Branch**: [branch name]
**Related Plan**: [plan file or "None"]
**Files Changed**: X
**Issues Found**: Y

---

## Executive Summary
- **Critical Issues**: X (must fix before merge)
- **High Priority**: Y (should fix)
- **Medium Priority**: Z (consider fixing)
- **Low Priority**: W (suggestions)

**Overall Assessment**: [APPROVE|REQUEST CHANGES|REJECT]

---

## Plan Compliance (if applicable)

### Matches Plan ✅
- Feature X implemented correctly
- Architecture follows design
- File naming conventions followed

### Deviates from Plan ⚠️
- Implementation differs from planned approach in [area]
- Missing feature Y from plan
- Scope creep: Added Z not in plan

### REMOVAL SPEC Status
- ✅ Old code removed from `file.ts:50-100`
- ❌ Legacy function still exists in `auth.ts:42` (should be removed)

---

## Issues by Severity

### CRITICAL: Bad Engineering

#### Logic Bug in `src/services/auth.ts:125`
```typescript
// Current code:
if (user.role = 'admin') { // Assignment instead of comparison
  grantAccess()
}

Issue: Assignment operator used instead of equality check. This always evaluates to true and grants everyone admin access. Severity: CRITICAL - Security vulnerability Fix: Change 

=
to 
===

Unhandled Promise in 
src/api/client.ts:67

// Current code:
fetchData().then(data => process(data)) // No error handling

Issue: Promise rejection not handled, will crash silently Severity: CRITICAL - Application stability Fix: Add 

.catch()
or use try/catch with async/await

HIGH: Over-Engineering

Unnecessary Abstraction in 
src/utils/formatter.ts

// Current code: 50 lines of abstraction
class FormatterFactory {
  createFormatter(type: string): IFormatter { /* ... */ }
}
class StringFormatter implements IFormatter { /* ... */ }
// ... only used once for simple string formatting

Issue: Complex factory pattern for single use case Severity: HIGH - Maintenance burden Better Approach: Simple function 

formatString(value: string): string

MEDIUM: Suboptimal Solutions

Code Duplication in 
src/components/

Files: 

user-form.tsx
, 
admin-form.tsx
Issue: Both contain identical validation logic (30 lines duplicated) Severity: MEDIUM - Maintenance issue Better Approach: Extract to 
src/utils/form-validation.ts

Not Using Existing Type in 
src/types/user.ts

// Current code:
interface UserData {
  id: string
  email: string
  name: string
}
// But `User` type already exists with same fields in `src/models/user.ts`

Issue: Duplicate type definition Severity: MEDIUM - Type inconsistency risk Fix: Import and use existing 

User
type

LOW: Suggestions

Verbose Naming in 
src/services/database-connection-manager.ts

Issue: Overly verbose filename Suggestion: Simplify to 

src/services/database.service.ts

Issues by Category

Bad Engineering (X issues)

  • Logic bugs: X
  • Missing error handling: Y
  • Type issues: Z
  • Missing validation: W

Over-Engineering (Y issues)

  • Unnecessary abstraction: X
  • Premature optimization: Y
  • Feature creep: Z

Suboptimal Solutions (Z issues)

  • Code duplication: X
  • Reinventing wheel: Y
  • Poor naming: Z
  • Not using existing code: W

Architectural Assessment

Positive Changes

  • Clean separation of concerns in new modules
  • Proper use of dependency injection
  • Good test coverage added

Concerns

  • New dependency introduced without discussion
  • Breaking change to public API
  • Coupling between previously independent modules

Technical Debt Introduced

  • Quick hack in 
    auth.ts:200
    marked with TODO
  • Temporary file 
    temp-processor.ts
    added
  • Migration code that should be removed later

Detailed File Reviews

src/services/auth.ts (Modified)

Plan Compliance: Matches Changes: 45 lines added, 20 removed Issues:

  • CRITICAL: Logic bug at line 125 (assignment vs equality)
  • HIGH: Missing error handling at line 89 Positive:
  • Good use of existing types
  • Clear function names

src/components/user-form.tsx (New)

Plan Compliance: Not in plan (scope creep) Changes: 150 lines added Issues:

  • MEDIUM: Duplicates logic from admin-form.tsx
  • LOW: Could use existing form validation utility Positive:
  • Clean component structure
  • Good TypeScript usage

[Continue for all changed files]

Statistics

By Severity:

  • Critical: X
  • High: Y
  • Medium: Z
  • Low: W

By Category:

  • Bad Engineering: X
  • Over-Engineering: Y
  • Suboptimal: Z

By File Type:

  • Services: X issues
  • Components: Y issues
  • Utils: Z issues

Recommendations

Must Fix (Before Merge)

  1. Fix logic bug in 
    auth.ts:125
    - Security issue
  2. Add error handling in 
    client.ts:67
    - Stability issue
  3. Remove temporary file 
    temp-processor.ts
    - Plan violation

Should Fix

  1. Extract duplicated validation logic
  2. Simplify over-abstracted formatter
  3. Use existing types instead of duplicates

Consider

  1. Rename verbose files
  2. Add more inline documentation
  3. Improve variable naming in complex functions

Overall Assessment

Recommendation: REQUEST CHANGES

Reasoning:

  • 2 critical security/stability issues must be fixed
  • Over-engineering in several areas adds unnecessary complexity
  • Code duplication will cause maintenance issues
  • Some scope creep not discussed in plan

After Fixes: Changes will be solid. Core implementation is sound, just needs cleanup and bug fixes.


### Phase 5: Summary for User

Provide concise summary:

```markdown
# Code Review Complete

## Assessment: [APPROVE|REQUEST CHANGES|REJECT]

## Critical Issues (X)
- Security bug in `auth.ts:125` - assignment vs equality
- Unhandled promise in `client.ts:67` - will crash

## High Priority (Y)
- Over-engineering in `formatter.ts` - unnecessary abstraction
- Missing error handling in multiple files

## Medium Priority (Z)
- Code duplication between forms
- Not using existing types

## Plan Compliance
- ✅ Core features implemented correctly
- ⚠️ Some scope creep (user-form not in plan)
- ❌ REMOVAL SPEC incomplete (legacy code still exists)

## Must Fix Before Merge
1. Fix logic bug in auth.ts
2. Add error handling
3. Remove legacy code per REMOVAL SPEC

**Full Report**: `.reviews/code-review-[timestamp].md`

Critical Principles

  • NEVER EDIT FILES - This is review only, not implementation
  • BE THOROUGH - Review every changed file
  • BE SPECIFIC - Point to exact line numbers
  • BE CONSTRUCTIVE - Explain why and suggest better approach
  • CHECK PLAN - If plan exists, verify compliance
  • VERIFY REMOVAL SPEC - Ensure old code was removed
  • IDENTIFY PATTERNS - Note systemic issues across files
  • BE HONEST - Don't approve bad code to be nice
  • SUGGEST ALTERNATIVES - Don't just criticize, help improve

Success Criteria

A complete code review includes:

  • 100% of issue/task requirements verified as implemented
  • All changed files reviewed
  • Plan compliance verified (if plan exists)
  • All engineering issues identified and categorized
  • Severity assigned to each issue
  • Specific line numbers referenced
  • Alternative approaches suggested
  • Overall assessment provided
  • Structured report generated

CRITICAL: If issue/task coverage is less than 100%, the review MUST request changes regardless of code quality.