Comprehensive multi-agent code review system that examines code from multiple specialized perspectives to catch bugs, security issues, and quality problems before they reach production.
- Multi-perspective analysis - Six specialized agents examine code from different angles
- Early bug detection - Catch bugs before commits and pull requests
- Security auditing - Identify vulnerabilities and attack vectors
- Quality enforcement - Maintain code standards and best practices
The Code Review plugin implements a multi-agent code review system where specialized AI agents examine code from different perspectives. Six agents work in parallel: Bug Hunter, Security Auditor, Test Coverage Reviewer, Code Quality Reviewer, Contracts Reviewer, and Historical Context Reviewer. This provides comprehensive, professional-grade code review before commits or pull requests.
# Install the plugin
/plugin install code-review@NeoLabHQ/context-engineering-kit
# Review uncommitted local changes
> /code-review:review-local-changes
# Review a pull request
> /code-review:review-pr #123You can intergreate this plugin with your CI/CD pipeline by using Offical Anthropics Claude Code Action. See CI/CD Integration for more details.
Code Review Command
│
├──> Bug Hunter (parallel)
├──> Security Auditor (parallel)
├──> Test Coverage Reviewer (parallel)
├──> Code Quality Reviewer (parallel)
├──> Contracts Reviewer (parallel)
└──> Historical Context Reviewer (parallel)
│
▼
Aggregated Report
- /code-review:review-local-changes - Local Changes Review
- /code-review:review-pr - Pull Request Review
Focus: Identifies potential bugs and edge cases through root cause analysis
What it catches:
- Null pointer exceptions
- Off-by-one errors
- Race conditions
- Memory and resource leaks
- Unhandled error cases
- Logic errors
Focus: Security vulnerabilities and attack vectors
What it catches:
- SQL injection risks
- XSS vulnerabilities
- CSRF missing protection
- Authentication/authorization bypasses
- Exposed secrets or credentials
- Insecure cryptography usage
Focus: Test quality and coverage
What it evaluates:
- Test coverage gaps
- Missing edge case tests
- Integration test needs
- Test quality and meaningfulness
Focus: Code structure and maintainability
What it evaluates:
- Code complexity
- Naming conventions
- Code duplication
- Design patterns usage
- Code smells
Focus: API contracts and interfaces
What it reviews:
- API endpoint definitions
- Request/response schemas
- Breaking changes
- Backward compatibility
- Type safety
Focus: Changes relative to codebase history
What it analyzes:
- Consistency with existing patterns
- Previous bug patterns
- Architectural drift
- Technical debt indicators
You can use anthropics/claude-code-action to run this plugin for PR reviews in github actions.
- Use
/install-github-appcommand to setup workflow and secrets. - Set content of
.github/workflows/claude-code-review.ymlto the following:
name: Claude Code Review
on:
pull_request:
types:
- opened
- synchronize # remove if want to run only, when PR is opened
- ready_for_review
- reopened
# Uncomment to limit which files can trigger the workflow
# paths:
# - "**/*.ts"
# - "**/*.tsx"
# - "**/*.js"
# - "**/*.jsx"
# - "**/*.py"
# - "**/*.sql"
# - "**/*.SQL"
# - "**/*.sh"
jobs:
claude-review:
name: Claude Code Review
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: read
issues: write
id-token: write
actions: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 1
- name: Run Claude Code Review
id: claude-review
uses: anthropics/claude-code-action@v1
with:
claude_code_oauth_token: ${{ secrets.CLAUDE_CODE_OAUTH_TOKEN }}
track_progress: true # attach tracking comment
use_sticky_comment: true
plugin_marketplaces: https://github.com/NeoLabHQ/context-engineering-kit.git
plugins: "code-review@context-engineering-kit\ngit@context-engineering-kit\ntdd@context-engineering-kit\nsadd@context-engineering-kit\nddd@context-engineering-kit\nsdd@context-engineering-kit\nkaizen@context-engineering-kit"
prompt: '/code-review:review-pr ${{ github.repository }}/pull/${{ github.event.pull_request.number }} Note: The PR branch is already checked out in the current working directory.'
# Skill and Bash(gh pr comment:*) is required for review, the rest is optional, but recommended for better context and quality of the review.
claude_args: '--allowed-tools "Skill,Bash,Glob,Grep,Read,Task,mcp__github_inline_comment__create_inline_comment,Bash(gh issue view:*),Bash(gh search:*),Bash(gh issue list:*),Bash(gh pr comment:*),Bash(gh pr edit:*),Bash(gh pr diff:*),Bash(gh pr view:*),Bash(gh pr list:*),Bash(gh api:*)"'Produces a structured report organized by severity:
# Code Review Report
## Executive Summary
[Overview of changes and quality assessment]
## Critical Issues (Must Fix)
- [Issue with location and suggested fix]
## High Priority (Should Fix)
- [Issue with location and suggested fix]
## Medium Priority (Consider Fixing)
- [Issue with location]
## Low Priority (Nice to Have)
- [Issue with location]
## Action Items
- [ ] Critical action 1
- [ ] High priority action 1Posts inline comments directly on PR lines - no overall report. Each comment follows this format:
🔴/🟠/🟡 [Critical/High/Medium]: [Brief description]
[Evidence: What was observed and consequence if unfixed]
```suggestion
[code fix if applicable]