Pre-Release Polish

Current branch: !git rev-parse --abbrev-ref HEAD Uncommitted changes: !git diff --stat 2>/dev/null | tail -1

Rules

• Read every changed file fully before reviewing - never assess code you haven't opened
• Only flag real issues, not style preferences already handled by the formatter
• Do NOT add comments, docstrings, or type annotations to code that doesn't have them
• Distinguish legitimate operational logging (logger.info, logger.error) from debug leftovers (console.log, console.debug)
• When fixing, make minimal targeted edits - don't refactor surrounding code
• Only flag issues in changed/added lines, not pre-existing code
• Reuse suggestions must point to a specific existing function/utility in the codebase, not hypothetical "you could extract this"
• Do not flag efficiency on cold paths, one-time setup code, or scripts that run once

Phase 1: Automated Checks

Run the project's lint + type-check command. Check CLAUDE.md for the correct validation command (commonly pnpm check, just check, cargo clippy, uv run ruff check, etc.).

If checks fail:

1. Fix all errors
2. Re-run checks until clean
3. Then proceed to Phase 2

If no validation command is found in CLAUDE.md, ask the user what to run.

Phase 2: Diff Analysis

Determine what changed:

1. Check for uncommitted changes: git diff + git diff --cached
2. If no uncommitted changes, diff against main: git diff main...HEAD
3. If no changes at all, report "nothing to review" and stop

Read every changed file fully. Understand what each change does and why.

When a change relocates or rewrites an existing code path (a moved file, a handler split into middleware, a renamed/replaced function), open the prior version - the file it moved from, or git show <ref>:<path> for a deleted/renamed file - and compare behavior, not just lines. Note any dropped validation, reordered side-effects, or removed guards; pass those to the agents.

Phase 3: Parallel Review

Use the Agent tool to launch all four agents concurrently in a single message. Pass each agent the full diff and the list of changed files so it has the complete context.

Agent 1: Cleanliness

Fast, mechanical, high-confidence. Looks for junk that should be removed.

• Debug leftovers: console.log, console.debug, console.warn added during development; temporary debug variables, hardcoded test values. NOT structured logger calls (logger.info, logger.error, c.var.logger)
• AI slop: comments explaining obvious code ("// increment counter", "// return the result") - flag each such comment individually, even if the code it describes is also flagged under another category; JSDoc on internal/private functions that aren't part of a public API; verbose docstrings on simple helpers; TODO/FIXME/HACK markers left by Claude (not by the user); unnecessary type annotations where the language infers correctly; emoji in code or comments (unless the project uses them)
• Dead code: unreferenced functions, variables, types; commented-out code blocks (git has history); unused function parameters (unless required by interface/callback signature)
• Unused imports: imports added but never referenced, imports left behind after refactoring (linter catches most - verify edge cases)
• Hardcoded values: magic numbers or strings that should be in constants; URLs, prices, limits that belong in config. NOT obvious constants like 0, 1, true, HTTP status codes

Agent 2: Design & Reuse

Requires codebase exploration beyond the diff. Looks for structural and design issues.

• Reuse opportunities: search the codebase for existing utilities, helpers, and shared modules that could replace newly written code. Look in utility directories, shared modules, and files adjacent to the changed ones. Flag hand-rolled logic where a utility already exists (string manipulation, path handling, type guards, env checks)
• Over-engineering: helper functions used exactly once (should be inlined); abstractions wrapping a single call with no added value; try/catch adding nothing (re-throwing same error, catching impossibilities); validation of internal data already validated at route boundary; feature flags or config for things that could just be code; backwards-compat shims for code that was just written
• Redundant state: state that duplicates existing state; cached values that could be derived; observers/effects that could be direct calls
• Parameter sprawl: adding new parameters to a function instead of generalizing or restructuring existing ones
• Copy-paste with slight variation: near-duplicate code blocks that should be unified
• Leaky abstractions: exposing internal details that should be encapsulated, or breaking existing abstraction boundaries
• Stringly-typed code: using raw strings where constants, enums, or branded types already exist in the codebase
• Structural issues: functions that grew too long during changes (>50 lines, consider splitting); inconsistent naming with existing codebase conventions
• Behavior drift in relocated code: when the diff moves or rewrites an existing path, compare it against the code it replaced (see Phase 2). Flag dropped input validation, removed guards or early-returns, and changed error semantics (status codes, return shapes). A refactor that changes behavior is a regression even when every line looks clean.

Agent 3: Efficiency

Looks for runtime performance and resource issues.

• Redundant work: redundant computations, repeated file reads, duplicate network/API calls, N+1 patterns
• Missed concurrency: independent operations run sequentially when they could run in parallel
• Hot-path bloat: new blocking work added to startup or per-request/per-render hot paths
• No-op updates: state/store updates inside polling loops, intervals, or event handlers that fire unconditionally without change detection. Also: wrapper functions that take updater/reducer callbacks but don't honor same-reference returns
• TOCTOU anti-patterns: pre-checking file/resource existence before operating - operate directly and handle the error
• Memory: unbounded data structures, missing cleanup, event listener leaks
• Overly broad operations: reading entire files when only a portion is needed, loading all items when filtering for one
• Unchecked system boundaries: fetch/HTTP calls without response status checks (r.ok), unhandled promise rejections on external calls, missing error handling at I/O boundaries

Agent 4: Side-Effect Gating

Closed-scope correctness check. Finds costly or irreversible side-effects that run before the checks meant to gate them. Does NOT judge whether business logic is correct - that is /review's job.

• Inventory the side-effects: list every costly or irreversible side-effect introduced or relocated in the diff - charges/payments, DB writes/deletes, mutating external calls, file writes, notifications/emails, irreversible state changes
• Inventory the gates: for each side-effect, list the checks that must precede it - input validation (shape/type/range), authentication, authorization, precondition/existence checks, idempotency/dedup
• Cross-check ordering: flag any side-effect reachable on a control-flow path where a gate runs after it, or not at all. Trace ACROSS the middleware/handler boundary - middleware that fires a side-effect before calling next() is the prime suspect; the validation that should gate it often lives in the downstream handler
• Missing rollback: flag a committed side-effect with no compensation when a later step on the same request can still fail (e.g. charged, then the request errors)
• Out of scope - route to /review: whether the business logic is correct, pricing math, algorithmic correctness, anything without a crisp invariant

Every finding must cite the side-effect line, the gate it precedes (or "ungated"), and the contro