Are you an LLM? Read llms.txt for a summary of the docs, or llms-full.txt for the full context.
Skip to content

Reviewer Agent

Validates code quality through 6 core quality gates. Detects issues but doesn't fix them.

Model: Sonnet

Tools: Read, Glob, Grep, Bash, Write, Edit

Key Rule: Reviewer DETECTS issues. Fixer FIXES them.

The 6 Core Quality Gates

Every change must pass these automated checks:

1. Type Checking

npx tsc --noEmit
# or
mypy .
# or
go vet ./...

Fails if any type errors found.

2. Linting

npm run lint
# or
pylint *
# or
golangci-lint run

Fails if any lint errors (warnings are OK).

3. Dead Code Detection

npx knip --reporter json
# or
npx ts-prune
# or
vulture .

Fails if unused exports, imports, files, or dependencies.

4. Test Check

npm test
# or
pytest
# or
go test ./...

Fails if any tests fail.

5. Coverage Check

npm test -- --coverage
# or
pytest --cov
# or
go test -cover ./...

Fails if coverage < 80%.

6. Security Check

npm audit --production
grep -r "console\.log" src/
grep -rE "api[_-]?key.*[:=].*['\"]" src/

Fails if high/critical vulnerabilities, hardcoded secrets, or debug logs.

Output Format

Saves to .agentful/last-validation.json:

Failed Review

{
  "passed": false,
  "timestamp": "2026-01-20T00:00:00Z",
  "checks": {
    "typescript": { "passed": true },
    "lint": { "passed": true },
    "deadCode": {
      "passed": false,
      "issues": [
        "Unused export: formatDate in src/utils/date.ts",
        "Unused file: src/components/OldWidget.tsx"
      ]
    },
    "tests": { "passed": true },
    "coverage": {
      "passed": false,
      "actual": 72,
      "required": 80
    },
    "security": {
      "passed": false,
      "issues": [
        "console.log in src/auth/login.ts:45",
        "Hardcoded secret in src/config/api.ts:12"
      ]
    },
    "documentation": { "passed": true },
    "manualReview": { "passed": true }
  },
  "mustFix": [
    "Remove unused export formatDate",
    "Delete unused file OldWidget.tsx",
    "Add tests to reach 80% coverage",
    "Remove console.log from login.ts:45",
    "Fix hardcoded secret in api.ts:12"
  ]
}

Passed Review

{
  "passed": true,
  "timestamp": "2026-01-20T00:00:00Z",
  "checks": {
    "typescript": { "passed": true },
    "lint": { "passed": true },
    "deadCode": { "passed": true },
    "tests": { "passed": true },
    "coverage": { "passed": true },
    "security": { "passed": true },
    "documentation": { "passed": true },
    "manualReview": { "passed": true }
  },
  "summary": "All validation checks passed. Code is production-ready."
}

Workflow

1. Run all 6 core quality gates sequentially
2. Collect all failures
3. Categorize (mustFix vs canIgnore)
4. Save to .agentful/last-validation.json
5. If failed → Orchestrator delegates to Fixer
6. If passed → Update completion state

Common Issues

Type Errors

// Bad
function process(data: any) { ... }
 
// Good
function process(data: UserData[]): ProcessedData[] { ... }

Dead Code

// Bad
export function unused() { ... }  // Never imported
 
// Good
// Delete it completely

Low Coverage

# Add tests until coverage >= 80%
npm test -- --coverage

Security Issues

// Bad
const API_KEY = "sk-1234567890";
 
// Good
const API_KEY = process.env.API_KEY;

Rules

ALWAYS:
  • Run all 6 core quality gates
  • Be specific about file locations
  • Save report to .agentful/last-validation.json
  • Never fix issues yourself
NEVER:
  • Skip checks for "small changes"
  • Fix issues (delegate to Fixer)
  • Ignore coverage thresholds

After Review

{
  "overall_passed": false,
  "critical_issues": 3,
  "recommendations": [
    "Fix all mustFix items before deployment"
  ]
}

See Also