What happens to issues with confidence below 80%?

They are not reported to reduce noise; you can adjust gating thresholds if needed.

How many remediation cycles are allowed?

Up to two remediation cycles; the process exits when no critical or high issues remain.

Which dimensions are checked?

Correctness, Security, Performance, and Maintainability with confidence-based gating and remediation.

code-review-pipeline

npx machina-cli add skill a5c-ai/babysitter/code-review-pipeline --openclaw

Files (1)

SKILL.md

2.0 KB

Code Review Pipeline

Overview

Multi-dimensional code review methodology adapted from the Everything Claude Code project. Reviews across 4 dimensions with confidence-gated issue reporting and automated remediation loops.

Review Dimensions

Dimension 1: Correctness

Logic errors and off-by-one mistakes
Edge case handling (null, undefined, empty, boundary)
Type safety (no implicit any, proper narrowing)
Error handling completeness
Floating promise detection
Race condition analysis

Dimension 2: Security

Injection vectors (SQL, XSS, command, template)
Authentication and authorization gaps
Data exposure (PII, credentials, internal state)
Dependency vulnerabilities (known CVEs)
Input validation completeness

Dimension 3: Performance

Algorithmic complexity (O(n^2) detection)
Memory leaks (event listeners, closures, caches)
Unnecessary allocations in hot paths
Database query optimization (N+1, missing indexes)
Bundle size impact

Dimension 4: Maintainability

Naming clarity and consistency
Documentation completeness (JSDoc, inline comments)
Test coverage adequacy
Coupling analysis (afferent/efferent)
File organization compliance

Confidence Gating

Score each issue 0-100 on confidence
Only report issues >= 80% confidence
Prevents false positive noise
Higher confidence for clear patterns, lower for heuristic matches

Remediation Loop

Prioritize: critical > high > medium > low
Apply fixes via refactor-cleaner agent
Re-review after remediation
Maximum 2 remediation cycles
Exit when no critical/high issues remain

When to Use

Post-implementation review
Pre-merge PR review
Security audit
Technical debt assessment

Agents Used

code-reviewer (primary)
refactor-cleaner (remediation)

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/methodologies/everything-claude-code/skills/code-review-pipeline/SKILL.md

View on GitHub

Overview

Code Review Pipeline performs a four-dimension assessment of code changes—correctness, security, performance, and maintainability—then reports issues with confidence scores and executes remediation loops. It mirrors the Everything Claude Code approach and uses gated reporting to minimize noise and drive actionable fixes.

How This Skill Works

The pipeline analyzes four dimensions for each change: correctness, security, performance, and maintainability. Each issue is scored 0-100 for confidence; only issues at least 80% are reported. The primary agent code-reviewer surfaces findings, and the remediation step via refactor-cleaner applies fixes. The process supports up to two remediation cycles and exits when no critical or high issues remain.

When to Use It

Post-implementation review after a feature lands
Pre-merge PR review to catch regressions before merge
Security audit of new or updated components
Technical debt assessment to surface maintainability issues
Compliance or data-handling checks for regulated environments

Quick Start

Step 1: Configure code-review-pipeline with code-reviewer as the primary agent and refactor-cleaner for remediation; enable confidence gating (80+).
Step 2: Run the pipeline on a pull request or commit to generate a gated report
Step 3: Review issues, apply fixes with the remediation loop, then re-run (up to two cycles) until only low/none remain

Best Practices

Scope each dimension clearly and decide which rules apply to the project
Tune confidence thresholds to balance false positives and omissions
Run in a CI environment so results map to PRs and builds
Require actionable, remediable findings with concrete fixes
Verify remediation by re-running the pipeline and limiting to two cycles

Example Use Cases

New PR for a web API: detect potential SQL injection, race conditions, and missing validation
Audit service handling PII to ensure data exposure is prevented and credentials aren't leaked
Identify N+1 database queries and unnecessary allocations in a microservice
Assess a shared library's maintainability with documentation, tests, and naming consistency
Security-focused review of dependencies and auth/authorization gaps

Frequently Asked Questions

Add this skill to your agents