feat(git): add automated code review command

SachinNinganure-zz · claude · SachinNinganure-zz · commit 723c7a133a78 · 2025-11-10T09:54:43.000+05:30
Add /git:review-changes command that provides AI-powered code review analysis for git changes. Features include security vulnerability detection, performance analysis, and PR-ready formatting. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
diff --git a/PLUGINS.md b/PLUGINS.md
@@ -70,6 +70,7 @@ Git workflow automation and utilities
 - **`/git:cherry-pick-by-patch` `<commit_hash>`** - Cherry-pick git commit into current branch by "patch" command
 - **`/git:commit-suggest` `[N]`** - Generate Conventional Commits style commit messages or summarize existing commits
 - **`/git:debt-scan`** - Analyze technical debt indicators in the repository
+- **`/git:review-changes` `[--staged|--pr-ready|--commits N]`** - Automated code review analysis for git changes
 - **`/git:suggest-reviewers` `[base-branch]`** - Suggest appropriate reviewers for a PR based on git blame and OWNERS files
 - **`/git:summary`** - Show current branch, git status, and recent commits for quick context
 
diff --git a/docs/data.json b/docs/data.json
@@ -31,6 +31,12 @@
           "synopsis": "/git:debt-scan",
           "argument_hint": ""
         },
+        {
+          "name": "review-changes",
+          "description": "Automated code review analysis for git changes",
+          "synopsis": "/git:review-changes                    # Review current working directory changes",
+          "argument_hint": "[--staged|--pr-ready|--commits N]"
+        },
         {
           "name": "suggest-reviewers",
           "description": "Suggest appropriate reviewers for a PR based on git blame and OWNERS files",
diff --git a/plugins/git/commands/review-changes.md b/plugins/git/commands/review-changes.md
@@ -0,0 +1,216 @@
+---
+description: Automated code review analysis for git changes
+argument-hint: [--staged|--pr-ready|--commits N]
+---
+
+## Name
+git:review-changes
+
+## Synopsis
+```
+/git:review-changes                    # Review current working directory changes
+/git:review-changes --staged           # Review staged changes only
+/git:review-changes --pr-ready         # Generate PR-ready review summary
+/git:review-changes --commits N        # Review last N commits
+```
+
+## Description
+AI-powered code review assistant that analyzes git changes and provides structured feedback on code quality, security, performance, and style. Helps maintain consistent code review standards across development teams.
+
+**Key Features:**
+- Security vulnerability detection
+- Performance issue identification  
+- Code style and best practice recommendations
+- Automated review checklist generation
+- PR-ready summary formatting
+
+**Use cases:**
+- Pre-commit quality checks
+- Self-review before creating PRs
+- Mentoring and learning from automated feedback
+- Ensuring consistent review standards
+
+## Implementation
+
+The command analyzes git changes using multiple review perspectives:
+
+**Step 1: Change Detection**
+1. Determine scope based on arguments:
+   - Default: `git diff HEAD` (all uncommitted changes)
+   - `--staged`: `git diff --cached` (staged changes only)
+   - `--commits N`: `git diff HEAD~N..HEAD` (last N commits)
+2. Extract changed files and diff content
+3. Identify file types for language-specific analysis
+
+**Step 2: Multi-Perspective Analysis**
+Analyze changes from these perspectives:
+1. **Security Review**
+   - Check for hardcoded secrets/credentials
+   - Identify potential injection vulnerabilities
+   - Review authentication/authorization changes
+   - Flag unsafe file operations
+
+2. **Performance Review**
+   - Identify inefficient algorithms or data structures
+   - Check for unnecessary database queries
+   - Review memory allocation patterns
+   - Flag potential bottlenecks
+
+3. **Code Quality Review**
+   - Assess code readability and maintainability
+   - Check adherence to established patterns
+   - Review error handling implementation
+   - Validate naming conventions
+
+4. **Testing Coverage**
+   - Identify untested code paths
+   - Suggest test cases for new functionality
+   - Review existing test modifications
+   - Check for regression test needs
+
+**Step 3: Generate Structured Report**
+1. **Summary Section**: High-level change overview
+2. **Critical Issues**: Security and performance blockers
+3. **Recommendations**: Specific improvement suggestions
+4. **Review Checklist**: Items for human reviewers to verify
+5. **Test Plan**: Suggested testing approach
+
+**Step 4: Format Output**
+- `--pr-ready` flag generates markdown formatted for PR descriptions
+- Standard output uses terminal-friendly formatting with colors/icons
+- Include file references with line numbers for easy navigation
+
+## Examples
+
+```bash
+# Review all uncommitted changes
+/git:review-changes
+
+# Review only staged files before commit
+git add src/auth.ts src/middleware.ts
+/git:review-changes --staged
+
+# Generate PR description with review summary
+/git:review-changes --pr-ready
+
+# Review changes in last 3 commits
+/git:review-changes --commits 3
+```
+
+## Return Value
+
+**Standard Format:**
+```
+🔍 Code Review Analysis
+
+📋 SUMMARY
+- 3 files changed, 45 insertions, 12 deletions
+- Languages: TypeScript (2), Markdown (1)
+- Scope: Authentication system refactoring
+
+🔴 CRITICAL ISSUES
+- src/auth.ts:23 - Potential SQL injection in user query
+- src/middleware.ts:45 - Hardcoded API key detected
+
+⚠️  PERFORMANCE CONCERNS  
+- src/auth.ts:67 - N+1 query pattern in user lookup
+- Consider caching user permissions (lines 89-103)
+
+✅ POSITIVE CHANGES
+- Improved error handling in auth flow
+- Added comprehensive input validation
+- Clear separation of concerns
+
+📝 RECOMMENDATIONS
+1. Use parameterized queries for database operations
+2. Extract configuration to environment variables  
+3. Add rate limiting to authentication endpoints
+4. Consider adding integration tests for auth flow
+
+🧪 SUGGESTED TEST PLAN
+- [ ] Unit tests for new validation functions
+- [ ] Integration tests for auth middleware
+- [ ] Security testing for injection vulnerabilities
+- [ ] Load testing for performance changes
+
+📁 FILES REVIEWED
+- src/auth.ts (32 lines changed)
+- src/middleware.ts (13 lines changed)  
+- README.md (2 lines changed)
+```
+
+**PR-Ready Format (`--pr-ready`):**
+```markdown
+## Code Review Summary
+
+### Changes Overview
+- **Files Modified:** 3 files (2 TypeScript, 1 Markdown)
+- **Lines Changed:** +45/-12
+- **Scope:** Authentication system refactoring
+
+### Security Review ⚠️
+- **CRITICAL**: Potential SQL injection vulnerability in `src/auth.ts:23`
+- **HIGH**: Hardcoded credentials in `src/middleware.ts:45`
+
+### Performance Impact ✅
+- **CONCERN**: N+1 query pattern detected in user lookup
+- **IMPROVEMENT**: Enhanced caching strategy recommended
+
+### Review Checklist
+- [ ] Verify database queries use parameterized statements
+- [ ] Confirm no hardcoded secrets remain
+- [ ] Test authentication flow end-to-end
+- [ ] Validate rate limiting implementation
+
+### Test Plan
+- Unit tests for validation functions
+- Integration tests for middleware  
+- Security penetration testing
+- Performance benchmark comparison
+```
+
+## Security Guidelines
+
+**The command follows these security principles:**
+- Never logs or displays actual secret values
+- Provides generic warnings about credential patterns
+- Suggests secure alternatives for identified issues
+- Focuses on defensive security practices only
+
+## Language-Specific Reviews
+
+**TypeScript/JavaScript:**
+- ESLint rule violations
+- TypeScript strict mode compliance  
+- React/Node.js best practices
+- Package vulnerability checks
+
+**Python:**
+- PEP 8 style compliance
+- Security best practices (bandit-style checks)
+- Performance anti-patterns
+- Type hint coverage
+
+**Go:**
+- Go fmt compliance
+- Race condition detection
+- Error handling patterns
+- Interface design review
+
+**General:**
+- Documentation completeness
+- Git commit message quality
+- Breaking change identification
+- Backward compatibility analysis
+
+## Arguments
+
+- **--staged**: Review only staged changes (git diff --cached)
+- **--pr-ready**: Format output as PR-ready markdown summary
+- **--commits N**: Review changes in last N commits (1-20)
+- **[default]**: Review all uncommitted changes in working directory
+
+## See Also
+- **`/git:commit-suggest`** - Generate conventional commit messages
+- **`/git:summary`** - Display repository status and recent commits
+- **`/utils:generate-test-plan`** - Create comprehensive test plans
