Deep Review
Comprehensive code review that combines automated checks, AI-powered analysis, and security auditing. Use this before pushing significant changes or creating pull requests.
Usage
cursor
/deep-review
Steps
- •
Run preflight checks
- •Execute
pnpm preflight(format, lint, typecheck, tests, spellcheck, knip) - •If any check fails, report issues and stop
- •All automated checks must pass before AI review
- •Execute
- •
Run security audit
- •Execute
pnpm security:audit(pnpm audit) - •Report any vulnerabilities found (moderate and above)
- •Note: Pre-push hook blocks on high/critical;
/deep-reviewreports all for awareness
- •Execute
- •
Gather change context
- •Run
git diff origin/main...HEADto see all changes vs main - •Run
git log origin/main..HEAD --onelineto see commit history - •Identify which files changed and their purpose
- •Run
- •
Perform comprehensive code review
- •Analyze the diff for:
- •Bugs and logic errors
- •Security vulnerabilities (XSS, injection, auth bypass)
- •Performance issues (N+1 queries, unnecessary renders)
- •Error handling gaps (missing null checks, unhandled promises)
- •Code quality issues (duplicated code, complex logic)
- •Adherence to project conventions
- •Focus only on high-confidence, high-priority issues
- •Verify each issue by reading the actual file contents
- •Analyze the diff for:
- •
Check project-specific rules
- •RULE #1: No emoji anywhere (code, comments, docs, commits)
- •Svelte components have
client:*directives when imported in Astro - •TypeScript uses strict types (no
any- useunknownor proper types) - •Translations exist for both
enandcsif adding content - •Semantic design tokens used (not hardcoded colors)
- •Images have
altattributes - •Animations respect
prefers-reduced-motion - •Type imports use
import typesyntax - •JSDoc comments for exported functions
- •
Generate PR-ready summary
- •Create a summary suitable for PR description
- •Include sections below
Output Format
md
## Pre-Push Review Summary ### Changes Overview - [Brief description of what changed] - Files modified: X - Lines added: +Y, removed: -Z ### Automated Checks - [PASS/FAIL] Format check - [PASS/FAIL] Lint check - [PASS/FAIL] Type check - [PASS/FAIL] Spell check - [PASS/FAIL] Unused exports (knip) - [PASS/FAIL] Security audit ### Code Review Findings #### Critical Issues - [File:Line] Description (must fix before merge) #### Warnings - [File:Line] Description (should address) #### Suggestions - Description (nice to have) ### Security Assessment - Dependency vulnerabilities: [None/List] - Code security concerns: [None/List] ### Impact Analysis - What this change affects - Potential risks or side effects - Areas that may need additional testing ### Test Plan - [ ] Manual testing steps - [ ] Edge cases to verify - [ ] Browser/device testing if applicable ### Verdict [READY TO PUSH / NEEDS FIXES / NEEDS DISCUSSION] Recommendation: [Brief recommendation]
When to Use
- •Before pushing to remote (replaces CodeRabbit review)
- •Before creating a pull request
- •After completing a feature branch
- •When making security-sensitive changes
- •For changes touching multiple areas of the codebase
Comparison to /review
| Aspect | /review | /deep-review |
|---|---|---|
| Speed | Fast (seconds) | Thorough (1-2 minutes) |
| Checks | lint, typecheck, spellcheck | Full preflight + security audit |
| AI Analysis | Rule-based only | Comprehensive manual review |
| Output | Issue list | PR-ready summary |
| Use Case | Quick iteration | Pre-push/PR |
Tips
- •Run
/reviewduring development for quick feedback - •Run
/deep-reviewonce before pushing - •Address all Critical Issues before pushing
- •Warnings can be addressed in follow-up commits
- •Copy the PR-ready summary to your pull request description