P
🤖AutomatisationIntermediate4 steps

Automatic Multi-File Code Review Agent

This agent performs automated code review across multiple files simultaneously, analyzing quality, security, performance, and architectural consistency. It produces a structured report with recommendations prioritized by severity, refactoring suggestions, and corrected code snippets ready to integrate.

review codesécurité coderefactoring codedebug codeclean code

For who

Developers, tech leads, and development teams looking to automate and systematize their code reviews before merge or deployment.

Input

Type: text
Format: code

Le code source de 2 à 10 fichiers à reviewer, collés avec leur nom de fichier en en-tête (ex: // fichier: src/auth.ts). Peut inclure tout langage : JavaScript, TypeScript, Python, Java, Go, etc.

steps (4)

1

File Inventory and Mapping

prompt

Analyzes the structure of submitted files and identifies dependencies between them.

2

Quality Analysis and Bug Detection

prompt

Examines each file to detect bugs, code smells, and best practice violations.

3

Security Audit and Compliance

prompt

Detects security vulnerabilities and verifies compliance with standards.

4

Recommendations and Corrected Code

prompt

Synthesizes all analyses and produces fixes ready to integrate.

Output

Type: text
Format: structuré

Rapport de code review complet en Markdown contenant : cartographie des fichiers, liste des bugs et code smells priorisés, audit de sécurité OWASP, correctifs de code prêts à intégrer, recommandations de refactoring et checklist de validation.

Example

Input

// file: src/controllers/userController.ts
import { db } from '../db';
export async function getUser(req, res) {
  const user = await db.query(`SELECT * FROM users WHERE id = ${req.params.id}`);
  res.json({ password: user.password, ...user });
}

// file: src/routes/api.ts
import { getUser } from '../controllers/userController';
router.get('/user/:id', getUser);

// file: src/middleware/auth.ts
export function checkAuth(req, res, next) {
  if (req.headers.token == 'admin123') next();
  else res.status(401).send('Unauthorized');
}

Output

## Executive Summary
**Score: 22/100** — Changes required
- 3 critical, 2 major, 1 minor

### Top 3 Urgent Issues
1. **SQL Injection** (userController.ts:3) — Direct concatenation of req.params.id
2. **Password Exposure** (userController.ts:4) — Password hash is returned in the API response
3. **Hardcoded Secret** (auth.ts:2) — Admin token in plain text in source code

### Critical Fix #1 — SQL Injection
```typescript
// BEFORE (vulnerable)
const user = await db.query(`SELECT * FROM users WHERE id = ${req.params.id}`);
// AFTER (secure)
const user = await db.query('SELECT id, email, name FROM users WHERE id = $1', [req.params.id]);
```
[...full report with all fixes, recommendations and checklist]

Customization

ParameterDescriptionDefault
review_standardStandard ou guide de style Ă  appliquer lors de la review (ex: Airbnb, Google, conventions internes)Bonnes pratiques universelles (SOLID, Clean Code, OWASP Top 10)
severity_filterNiveau minimum de sévérité à inclure dans le rapport (critique, majeur, mineur, tous)tous
focus_areasDomaines d'analyse prioritaires séparés par virgules (sécurité, performance, maintenabilité, tests)sécurité, qualité, maintenabilité

Technical Notes

<p>This agent is designed to process between 2 and 10 files simultaneously. For larger codebases, split into coherent batches by module or feature. Paste each file with a header comment indicating its relative path (e.g., <code>// file: src/auth/middleware.ts</code>) to allow the agent to reconstruct the dependency graph.</p><p>The security audit step is based on the OWASP Top 10 2021 framework. For specific compliance audits (PCI-DSS, HIPAA, SOC 2), specify the standard in the review_standard parameter. Generated code fixes are directly applicable but should be validated by tests before merging.</p><p>For CI/CD usage, you can chain this agent with a unit test generation agent to automatically cover critical cases identified during the review.</p>

Glossary Terms

ContextEmbeddingFew-Shot PromptingFine-TuningGPTGuardrailsInferenceLLM