Code Review Workflow

Automated code review for pull requests and changes.

Overview

This workflow performs comprehensive code review:

Analyzes code changes
Checks for common issues
Provides actionable feedback
Suggests improvements

Complete Manifest

{
  "$schema": "https://hydra.opiusai.com/schemas/workflow/v1.0.json",
  "manifest_version": "1.0",
  "name": "Code Review Workflow",
  "intent": "Provide thorough, actionable code review feedback on changes",
  "context": {
    "language": "typescript",
    "framework": "React"
  },
  "steps": [
    {
      "id": "understand_changes",
      "name": "Understand the changes",
      "action": "analyze_code",
      "parameters": {
        "focus": "what changed, why it changed, scope of changes"
      }
    },
    {
      "id": "check_correctness",
      "name": "Check correctness",
      "action": "analyze_code",
      "agent": "correctness_reviewer",
      "depends_on": ["understand_changes"],
      "parameters": {
        "focus": "logic errors, edge cases, error handling, null checks"
      }
    },
    {
      "id": "check_security",
      "name": "Security review",
      "action": "analyze_code",
      "agent": "security_reviewer",
      "depends_on": ["understand_changes"],
      "parameters": {
        "focus": "OWASP top 10, injection, XSS, authentication, authorization"
      }
    },
    {
      "id": "check_performance",
      "name": "Performance review",
      "action": "analyze_code",
      "agent": "performance_reviewer",
      "depends_on": ["understand_changes"],
      "parameters": {
        "focus": "N+1 queries, memory leaks, unnecessary re-renders, complexity"
      }
    },
    {
      "id": "check_style",
      "name": "Style and maintainability",
      "action": "analyze_code",
      "depends_on": ["understand_changes"],
      "parameters": {
        "focus": "naming, readability, DRY, SOLID principles, documentation"
      }
    },
    {
      "id": "compile_feedback",
      "name": "Compile review feedback",
      "action": "generate_code",
      "depends_on": ["check_correctness", "check_security", "check_performance", "check_style"],
      "parameters": {
        "focus": "structured feedback with severity levels and suggestions"
      }
    }
  ],
  "outputs": {
    "type": "analysis",
    "schema": {
      "type": "object",
      "properties": {
        "summary": { "type": "string" },
        "issues": {
          "type": "array",
          "items": {
            "type": "object",
            "properties": {
              "severity": { "type": "string" },
              "file": { "type": "string" },
              "line": { "type": "number" },
              "message": { "type": "string" },
              "suggestion": { "type": "string" }
            }
          }
        },
        "approved": { "type": "boolean" }
      }
    }
  },
  "adapters": {
    "claude": {
      "mode": "sub_agent",
      "config": {
        "spawn_agents_per_step": true,
        "max_parallel_agents": 4
      }
    },
    "cursor": {
      "mode": "parallel"
    }
  }
}

Parallel Review Architecture

understand_changes
       │
       ├──────────────────┬──────────────────┬──────────────────┐
       ▼                  ▼                  ▼                  ▼
check_correctness   check_security   check_performance   check_style
       │                  │                  │                  │
       └──────────────────┴──────────────────┴──────────────────┘
                                    │
                                    ▼
                           compile_feedback

Steps 2-5 run in parallel for faster reviews.

Review Categories

Correctness

Logic errors
Edge cases
Error handling
Null/undefined checks
Type safety

Security

Injection vulnerabilities
XSS risks
Authentication issues
Authorization gaps
Data exposure

Performance

Database query efficiency
Memory management
Unnecessary operations
Algorithmic complexity
Caching opportunities

Style

Naming conventions
Code readability
Documentation
DRY violations
SOLID principles

Usage

With Claude Code

Run Code Review workflow on the changes in this PR.
Focus on the authentication changes in src/auth/

With Cursor

@hydra Review @src/components/DataTable.tsx @src/hooks/useData.ts
Looking for performance issues and React best practices

Output Format

The workflow produces structured feedback:

{
  "summary": "Overall good changes with 2 issues to address",
  "issues": [
    {
      "severity": "high",
      "file": "src/auth/login.ts",
      "line": 45,
      "message": "SQL injection vulnerability",
      "suggestion": "Use parameterized queries instead of string concatenation"
    },
    {
      "severity": "medium",
      "file": "src/components/List.tsx",
      "line": 23,
      "message": "Missing key prop in list rendering",
      "suggestion": "Add unique key prop to mapped elements"
    }
  ],
  "approved": false
}

Customization

Focus on Specific Areas

{
  "steps": [
    {
      "id": "security_only",
      "name": "Security review",
      "action": "analyze_code",
      "agent": "security_expert",
      "parameters": {
        "focus": "OWASP top 10, API security, data validation"
      }
    }
  ]
}

Add Test Coverage Check

{
  "id": "check_tests",
  "name": "Check test coverage",
  "action": "analyze_code",
  "depends_on": ["understand_changes"],
  "parameters": {
    "focus": "test coverage for new code, missing test cases"
  }
}

CI Integration

Run code review automatically on PRs:

# .github/workflows/review.yml
on:
  pull_request:
    types: [opened, synchronize]
 
jobs:
  review:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Hydra Code Review
        run: |
          hydra run code-review \
            --deployment ${{ secrets.HYDRA_DEPLOYMENT_ID }} \
            --files "$(git diff --name-only origin/main)"

Bug Fix Workflow Test Generation