catlog22/Claude-Code-Workflow
1
0
Fork 0
mirror of https://github.com/catlog22/Claude-Code-Workflow.git synced 2026-02-11 02:33:51 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
080c8be87fed4f8bea904cf59dea77fdf82ae9e7
Claude-Code-Workflow/.claude/commands/workflow/review.md
catlog22 da908d8db4 refactor: remove MCP code-index dependency, replace with ripgrep/find 
Replace all mcp__code-index__ calls with native ripgrep and find commands
across workflow and command files for better performance and portability.

Changes:
- Remove 41 mcp__code-index__ function calls from 12 files
- Replace with ripgrep (rg) for content search
- Replace with find for file discovery
- Remove index refresh dependencies (no longer needed)

Modified files:
- workflow/tools: context-gather, test-context-gather, task-generate-agent,
  task-generate, test-task-generate (core workflow tools)
- workflow: review (security scanning)
- memory: load, update-related, docs (memory management)
- cli/mode: plan, bug-index, code-analysis (CLI modes)

Documentation updates:
- Simplify mcp-tool-strategy.md to only Exa usage (5 lines)
- Streamline context-search-strategy.md to 69 lines
- Standardize codebase-retrieval syntax per intelligent-tools-strategy.md

Benefits:
- Faster search with ripgrep (no index overhead)
- Better cross-platform compatibility
- Simpler configuration (fewer MCP dependencies)
- -232 lines of code removed

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-24 15:45:26 +08:00

9.0 KiB
Raw Blame History

name, description, argument-hint
name description argument-hint
review Optional specialized review (security, architecture, docs) for completed implementation [--type=security|architecture|action-items|quality] [optional: session-id]

🚀 Command Overview: /workflow:review

Optional specialized review for completed implementations. In the standard workflow, passing tests = approved code. Use this command only when specialized review is required (security, architecture, compliance, docs).

Philosophy: "Tests Are the Review"

  • Default: All tests pass → Code approved
  • 🔍 Optional: Specialized reviews for:
    • 🔒 Security audits (vulnerabilities, auth/authz)
    • 🏗️ Architecture compliance (patterns, technical debt)
    • 📋 Action items verification (requirements met, acceptance criteria)

Review Types

Type Focus Use Case
quality Code quality, best practices, maintainability Default general review
security Security vulnerabilities, data handling, access control Security audits
architecture Architectural patterns, technical debt, design decisions Architecture compliance
action-items Requirements met, acceptance criteria verified, action items completed Pre-deployment verification

Notes:

  • For documentation generation, use /workflow:tools:docs
  • For CLAUDE.md updates, use /update-memory-related

Execution Template

#!/bin/bash
# Optional specialized review for completed implementation

# Step 1: Session ID resolution
if [ -n "$SESSION_ARG" ]; then
    sessionId="$SESSION_ARG"
else
    sessionId=$(find .workflow/ -name '.active-*' | head -1 | sed 's/.*active-//')
fi

# Step 2: Validation
if [ ! -d ".workflow/${sessionId}" ]; then
    echo "❌ Session ${sessionId} not found"
    exit 1
fi

# Check for completed tasks
if [ ! -d ".workflow/${sessionId}/.summaries" ] || [ -z "$(find .workflow/${sessionId}/.summaries/ -name "IMPL-*.md" -type f 2>/dev/null)" ]; then
    echo "❌ No completed implementation found. Complete implementation first"
    exit 1
fi

# Step 3: Determine review type (default: quality)
review_type="${TYPE_ARG:-quality}"

# Redirect docs review to specialized command
if [ "$review_type" = "docs" ]; then
    echo "💡 For documentation generation, please use:"
    echo "   /workflow:tools:docs"
    echo ""
    echo "The docs command provides:"
    echo "  - Hierarchical architecture documentation"
    echo "  - API documentation generation"
    echo "  - Documentation structure analysis"
    exit 0
fi

# Step 4: Analysis handover → Model takes control
# BASH_EXECUTION_STOPS → MODEL_ANALYSIS_BEGINS

🧠 Model Analysis Phase

After bash validation, the model takes control to:

  1. Load Context: Read completed task summaries and changed files

    # Load implementation summaries
cat .workflow/${sessionId}/.summaries/IMPL-*.md

# Load test results (if available)
cat .workflow/${sessionId}/.summaries/TEST-FIX-*.md 2>/dev/null

# Get changed files
git log --since="$(cat .workflow/${sessionId}/workflow-session.json | jq -r .created_at)" --name-only --pretty=format: | sort -u

  2. Perform Specialized Review: Based on review_type

    Security Review (--type=security):

    • Use ripgrep for security patterns: 
      rg "password|token|secret|auth" -g "*.{ts,js,py}"
rg "eval|exec|innerHTML|dangerouslySetInnerHTML" -g "*.{ts,js,tsx}"
    • Use Gemini for security analysis: 
      cd .workflow/${sessionId} && gemini -p "
PURPOSE: Security audit of completed implementation
TASK: Review code for security vulnerabilities, insecure patterns, auth/authz issues
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Security findings report with severity levels
RULES: Focus on OWASP Top 10, authentication, authorization, data validation, injection risks
" --approval-mode yolo

    Architecture Review (--type=architecture):

    • Use Qwen for architecture analysis: 
      cd .workflow/${sessionId} && qwen -p "
PURPOSE: Architecture compliance review
TASK: Evaluate adherence to architectural patterns, identify technical debt, review design decisions
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Architecture assessment with recommendations
RULES: Check for patterns, separation of concerns, modularity, scalability
" --approval-mode yolo

    Quality Review (--type=quality):

    • Use Gemini for code quality: 
      cd .workflow/${sessionId} && gemini -p "
PURPOSE: Code quality and best practices review
TASK: Assess code readability, maintainability, adherence to best practices
CONTEXT: @.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED: Quality assessment with improvement suggestions
RULES: Check for code smells, duplication, complexity, naming conventions
" --approval-mode yolo

    Action Items Review (--type=action-items):

    • Verify all requirements and acceptance criteria met: 
      # Load task requirements and acceptance criteria
find .workflow/${sessionId}/.task -name "IMPL-*.json" -exec jq -r '
  "Task: " + .id + "\n" +
  "Requirements: " + (.context.requirements | join(", ")) + "\n" +
  "Acceptance: " + (.context.acceptance | join(", "))
' {} \;

# Check implementation summaries against requirements
cd .workflow/${sessionId} && gemini -p "
PURPOSE: Verify all requirements and acceptance criteria are met
TASK: Cross-check implementation summaries against original requirements
CONTEXT: @.task/IMPL-*.json,.summaries/IMPL-*.md,../.. @../../CLAUDE.md
EXPECTED:
- Requirements coverage matrix
- Acceptance criteria verification
- Missing/incomplete action items
- Pre-deployment readiness assessment
RULES:
- Check each requirement has corresponding implementation
- Verify all acceptance criteria are met
- Flag any incomplete or missing action items
- Assess deployment readiness
" --approval-mode yolo

  3. Generate Review Report: Create structured report

    # Review Report: ${review_type}

**Session**: ${sessionId}
**Date**: $(date)
**Type**: ${review_type}

## Summary
- Tasks Reviewed: [count IMPL tasks]
- Files Changed: [count files]
- Severity: [High/Medium/Low]

## Findings

### Critical Issues
- [Issue 1 with file:line reference]
- [Issue 2 with file:line reference]

### Recommendations
- [Recommendation 1]
- [Recommendation 2]

### Positive Observations
- [Good pattern observed]

## Action Items
- [ ] [Action 1]
- [ ] [Action 2]

  4. Output Files:

    # Save review report
Write(.workflow/${sessionId}/REVIEW-${review_type}.md)

# Update session metadata
# (optional) Update workflow-session.json with review status

  5. Optional: Update Memory (if docs review or significant findings):

    # If architecture or quality issues found, suggest memory update
if [ "$review_type" = "architecture" ] || [ "$review_type" = "quality" ]; then
    echo "💡 Consider updating project documentation:"
    echo "   /update-memory-related"
fi

Usage Examples

# General quality review after implementation
/workflow:review

# Security audit before deployment
/workflow:review --type=security

# Architecture review for specific session
/workflow:review --type=architecture WFS-payment-integration

# Documentation review
/workflow:review --type=docs

Features

  • Simple Validation: Check session exists and has completed tasks
  • No Complex Orchestration: Direct analysis, no multi-phase pipeline
  • Specialized Reviews: Different prompts and tools for different review types
  • MCP Integration: Fast code search for security and architecture patterns
  • CLI Tool Integration: Gemini for analysis, Qwen for architecture
  • Structured Output: Markdown reports with severity levels and action items
  • Optional Memory Update: Suggests documentation updates for significant findings

Integration with Workflow

Standard Workflow:
  plan → execute → test-gen → execute ✅

Optional Review (when needed):
  plan → execute → test-gen → execute → review (security/architecture/docs)

When to Use:

  • Before production deployment (security review + action-items review)
  • After major feature (architecture review)
  • Before code freeze (quality review)
  • Pre-deployment verification (action-items review)

When NOT to Use:

  • Regular development (tests are sufficient)
  • Simple bug fixes (test-fix-agent handles it)
  • Minor changes (update-memory-related is enough)

Related Commands

  • /workflow:execute - Must complete implementation first
  • /workflow:test-gen - Primary quality gate (tests)
  • /workflow:tools:docs - Generate hierarchical documentation (use instead of --type=docs)
  • /update-memory-related - Update CLAUDE.md docs after architecture findings
  • /workflow:status - Check session status
Reference in New Issue View Git Blame Copy Permalink