nicolas-codemate/skills/deep-review
skills/deep-review/SKILL.md
--- name: deep-review description: Performs deep code review via an isolated fresh agent (triple perspective, anti-bias). Use when the user asks for an in-depth review of current branch changes, or when invoked by /resolve step 08. Do NOT use for reviewing PRs from GitHub (use review-pr skill instead) or for a quick correctness scan with effort levels (use bundled /code-review instead). argument-hint: [--ticket <id>] [--base <branch>] [--fix] [--severity <level>] allowed-tools: Read, Glob, Grep,
tools
Updated May 25, 2026
$ install --global
skillsauthnpx skillsauth add nicolas-codemate/claudecodeconfig skills/deep-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 25, 2026, 5:38 AM296.1s1 file scanned
SKILL.md
- name:
- deep-review
- description:
- Performs deep code review via an isolated fresh agent (triple perspective, anti-bias). Use when the user asks for an in-depth review of current branch changes, or when invoked by /resolve step 08. Do NOT use for reviewing PRs from GitHub (use review-pr skill instead) or for a quick correctness scan with effort levels (use bundled /code-review instead).
- argument-hint:
- [--ticket <id>] [--base <branch>] [--fix] [--severity <level>]
- allowed-tools:
- Read, Glob, Grep, Bash, Edit, Write, AskUserQuestion, Agent
Deep Review Skill
Orchestrates code review by delegating to an isolated code-reviewer agent.
Purpose
The review MUST be performed by a fresh agent with NO prior conversation context. This prevents confirmation bias - an agent that participated in the implementation unconsciously validates its own approach instead of questioning it.
<constraints> - Do not review the code yourself in the current context — confirmation bias from "having seen" the implementation is exactly what we're guarding against. - Delegate to an Agent (`subagent_type: "code-reviewer"`). - The agent receives only: ticket content, plan content, git diff, and project CLAUDE.md. No conversation history, no implementation reasoning, no debugging context. - The agent prompt must be fully self-contained (all text inline, no file paths to read). - Display the agent's review report verbatim — do not filter or soften findings. </constraints>Inputs
Required context (gathered by YOU, passed inline to the agent):
- Ticket content (ticket.md text)
- Implementation plan (plan.md text)
- Git diff of changes
- Project CLAUDE.md (conventions)
Process
Step 1: Gather Context (you do this)
- Read ticket from
.claude-work/{ticket-id}/ticket.md->TICKET_CONTENT - Read plan from
.claude-work/{ticket-id}/plan.md->PLAN_CONTENT - Read project CLAUDE.md from project root ->
PROJECT_RULES - Get git diff and stats:
git diff {base-branch}...HEAD git diff {base-branch}...HEAD --stat
Step 2: Delegate to Fresh Agent
Agent:
subagent_type: code-reviewer
description: "Fresh code review {ticket-id}"
prompt: |
You are reviewing code for ticket {ticket-id}.
You have NO prior knowledge of this implementation. Review with fresh eyes.
<ticket>
{TICKET_CONTENT}
</ticket>
<implementation_plan>
{PLAN_CONTENT}
</implementation_plan>
<project_conventions>
{PROJECT_RULES}
</project_conventions>
<diff_stats>
{DIFF_STATS}
</diff_stats>
<diff>
{DIFF_CONTENT}
</diff>
Perform a complete code review following your review process.
Return the full review report in markdown format.
Step 3: Present Results
Display the review report returned by the agent verbatim.
Step 4: Save Report
Write review report to .claude-work/{ticket-id}/review.md
Configuration
From .claude/ticket-config.json:
{
"review": {
"enabled": true,
"auto_fix": false,
"severity_threshold": "important",
"block_on_critical": true
}
}
Status Values
pending: Review not yet startedin_progress: Review in progresscompleted: Review finished successfullyskipped: Review skipped (disabled or no implementation)failed: Review encountered an error
Integration
Invoked by /resolve workflow (step 08-review) or directly by the user.
Related Skills
nicolas-codemate/fix-rebase-conflicts
tools
VerifiedTrustedCommunity
Resolve git rebase conflicts methodically. Classifies each conflict (imports/namespace cleanup vs real logic clash), analyzes the commit introducing the change against the current ticket context, auto-fixes only trivial cases with a per-file summary, and asks the user when ambiguous. Verifies static analysis tools pass at the end and optionally runs functional tests. Use after `git rebase` triggers conflicts, or when the user asks to "resolve conflicts", "fix rebase", "j'ai des conflits", "aide-moi sur ce rebase".
SKILL.mdUpdated May 1, 2026
nicolas-codemate/qa-sync
development
VerifiedTrustedCommunity
Synchronize the markdown test plan in docs/qa/ with the current state of the codebase. Use after adding or modifying features to keep the plan up to date, or to bootstrap a test plan for the first time. Do NOT use to execute tests (use /qa-run instead) and do NOT use to design product specs (use /express-need instead).
SKILL.mdUpdated Apr 28, 2026
nicolas-codemate/qa-run
tools
VerifiedTrustedCommunity
Execute the markdown test plan in docs/qa/ via Playwright MCP and create a ticket on each failing scenario. Use after /qa-sync, before a release, or to validate a feature end-to-end. Do NOT use to design or update scenarios (use /qa-sync instead) and do NOT use for visual regression (use visual-verify agent instead).
SKILL.mdUpdated Apr 28, 2026
nicolas-codemate/deploy-to-codemate-vps
development
VerifiedTrustedCommunity
Onboard a project repository to the Codemate VPS multi-project hosting stack (vps-infra, Hetzner-hosted, shared Traefik + per-project rootless Docker). Use when the user asks to "deploy this project to the vps", "onboard on codemate-vps", "add this repo to the production VPS", "setup GHA deploy to my VPS", or when the user is clearly preparing a project (PHP/Symfony, Node, Python, Go, static) for hosting on codemate.consulting. Produces a production compose.yml, a GitHub Actions deploy workflow, and a clear out-of-repo checklist covering Ansible inventory, DNS (Gandi), GitHub secrets, and VPS .env seeding. Do NOT use for the vps-infra repo itself (which hosts the Ansible roles) — this skill is for the downstream project repos.
SKILL.mdUpdated Apr 26, 2026