# /ultrareview — six-agent PR review

One slash command that fans the current diff out to six specialized review
agents — each looking for exactly one class of problem — and synthesizes
their findings into a single ranked report. This is the pipeline described
in **Workshop 15 (SaaS with Claude Code)** and used by the CI gate in the
Capstone Track.

## The six reviewers

| Agent | Looks for |
|---|---|
| `security`     | Injection, secrets, auth gaps, SSRF, path traversal, unsafe deserialization. |
| `performance`  | N+1 queries, work inside loops, unbounded allocations, sync I/O on hot paths. |
| `tests`        | Coverage gaps for new or changed behavior; missing edge and error cases. |
| `types`        | Types that fail to enforce invariants; illegal states left representable. |
| `comments`     | Comments that have drifted from the code, stale TODOs, comments that lie. |
| `simplify`     | Dead code, duplication, needless complexity, reuse opportunities. |

Each runs in its own subagent context, so one reviewer's findings never
crowd out another's, and they can run in parallel.

## Install

These are user-level (or project-level) Claude Code files. Copy them into
your `.claude/` directory:

```bash
# from this directory (workshops/code-examples/ultrareview/)
mkdir -p .claude/commands .claude/agents
cp commands/ultrareview.md .claude/commands/ultrareview.md
cp agents/*.md            .claude/agents/
```

For a single project, put `.claude/` at the repo root. To make `/ultrareview`
available everywhere, copy into `~/.claude/commands/` and `~/.claude/agents/`
instead.

## Run

Stage or make some changes, then in Claude Code:

```
/ultrareview            # reviews the working-tree diff vs HEAD
/ultrareview main       # reviews everything since main
```

You get back one report with six sections (one per reviewer) plus a ranked
"Top issues" list at the top. Each finding carries a severity
(BLOCKER / HIGH / MEDIUM / LOW), a `file:line`, the offending line quoted,
and a suggested fix.

## Wiring it into CI

The Capstone gate treats `/ultrareview` as a merge blocker:

```
# CI gate (must pass before promotion):
#   - pytest + type-check + lint all green
#   - /ultrareview reports no BLOCKER or HIGH security findings
```

Run it locally before every push; the two minutes it costs are cheaper than
the bug it catches.

## Customizing

Each agent is a plain markdown file with frontmatter and a focused system
prompt. Edit the prompt to match your stack (swap the security checklist for
your framework's footguns, point `performance` at your ORM's N+1 patterns,
etc.). Keep each agent to one dimension — the value is in the separation.