Review Changes
Pre-commit quality review of staged or unstaged changes.
Process
- •Run
git diff --cachedfor staged changes, orgit diffif nothing is staged - •Also check
git statusfor new untracked files - •Review all changes for:
Checks
Security
- •Hardcoded secrets, API keys, tokens, passwords
- •SQL injection risks (string concatenation in queries)
- •XSS vectors (unsanitized user input in HTML)
- •Exposed sensitive data in error messages
Bugs
- •Null/undefined access without checks
- •Off-by-one errors
- •Race conditions
- •Missing error handling
- •Unreachable code
Code Quality
- •Leftover debug code (console.log, debugger, print statements)
- •TODO/FIXME/HACK comments that should be addressed
- •Commented-out code that should be deleted
- •Inconsistent naming
- •Overly complex logic that could be simplified
Git Hygiene
- •Files that shouldn't be committed (.env, node_modules, build artifacts)
- •Merge conflict markers
- •Excessively large files
- •Report findings
Output Format
If clean:
code
Review: CLEAN No issues found in 5 changed files (42 lines added, 12 removed). Ready to commit.
If issues found:
code
Review: 2 issues found CRITICAL: src/api/auth.ts:45 - Hardcoded API key: const key = "sk-..." WARNING: src/utils/parse.ts:12 - console.log left in production code Recommendation: Fix critical issues before committing.
Rules
- •Never modify files — this is read-only review
- •Prioritize security issues above all else
- •Be concise — only flag real issues, not style preferences
- •If no changes exist, say so and exit