Ce Code Review
Run structured agent code review with autofix_class severity buckets and optional suggested fixes before merge or release.
Overview
CE Code Review is an agent skill most often used in Ship (also Build) that structures code review findings with autofix_class and owner metadata so callers know what to apply, defer, or escalate.
Install
npx skills add https://github.com/everyinc/compound-engineering-plugin --skill ce-code-reviewWhat is this skill?
- autofix_class rubric: gated_auto, manual, advisory (explicitly not safe_auto)
- Owner field: downstream-resolver, human, release for follow-up routing
- mode:agent leaves apply decisions to caller; default interactive mode can apply safe fixes (Stage 5c)
- Requires concrete suggested_fix when proposing gated_auto localized changes
- Persona guidance separates report-only advisory from design-dependent manual work
- 3 autofix_class values: gated_auto, manual, advisory
- 3 owner values: downstream-resolver, human, release
Adoption & trust: 1.6k installs on skills.sh; 20.5k GitHub stars; 2/3 security scanners passed (skills.sh audits).
What problem does it solve?
Agent code reviews come back as unstructured commentary, so you cannot tell which fixes are safe, which need design decisions, and who should own follow-up.
Who is it for?
Indie developers using the Compound Engineering plugin who want repeatable review semantics before merging feature work.
Skip if: Teams that only need a one-off style pass without structured autofix_class or owner fields, or repos with no review stage in their workflow.
When should I use this skill?
Use when Compound Engineering review mode should classify each finding with autofix_class and owner, especially before merge or when mode:agent requires caller-owned apply decisions.
What do I get? / Deliverables
You receive classified findings with optional suggested_fix text and owner routing, so merge blockers and rollout notes are actionable in one pass.
- Structured review findings with autofix_class and owner per item
- suggested_fix strings for gated_auto and defensible manual items
- Advisory and release-tagged residual risk notes
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Canonical shelf is Ship because the skill's core job is pre-merge review, classification of follow-ups, and safe fix application in interactive mode. Review subphase matches rubric-driven findings (gated_auto, manual, advisory) and owner routing—not generic debugging or security scanning alone.
Where it fits
After finishing a feature branch, run review to bucket manual architecture items before you write the merge checklist.
Pre-merge pass that tags gated_auto nits with suggested_fix while flagging cross-cutting refactors as manual.
Capture release-owner advisory notes on rollout risk without blocking the deploy decision.
How it compares
Use instead of free-form 'review my PR' prompts that omit severity classes and apply gates.
Common Questions / FAQ
Who is ce-code-review for?
Solo and small-team builders on the Compound Engineering marketplace plugin who want agent-driven reviews with explicit fix classes and ownership.
When should I use ce-code-review?
In Ship review before merging; during Build when validating a large change set; when you need gated_auto versus manual versus advisory buckets on every finding.
Is ce-code-review safe to install?
Check the Security Audits panel on this page; autofix_class is signal not permission—in agent mode you still own what gets applied to the repo.
SKILL.md
READMESKILL.md - Ce Code Review
# `autofix_class` rubric (personas) `autofix_class` describes the **intrinsic shape** of follow-up work — it is signal, **not an apply gate or permission**. In `mode:agent` the caller interprets findings and owns apply; in default (interactive) mode the review applies safe fixes itself by judgment (SKILL.md Stage 5c). Either way the class informs *what to do first* and *what to flag* — it does not mechanically decide what gets applied. | `autofix_class` | Meaning | |-----------------|---------| | `gated_auto` | A concrete change is proposed in `suggested_fix`. Callers may apply after their own judgment. | | `manual` | Actionable work that needs design input or a decision before code changes. Include `suggested_fix` when you can propose a defensible default. | | `advisory` | Report-only — learnings, residual risk, rollout notes. | ## Persona guidance - Prefer `gated_auto` when you can write a defensible `suggested_fix` for a localized change. - Use `manual` when the right fix depends on product intent, architecture, or cross-cutting refactors. - Use `advisory` when nothing breaks if left unfixed but the observation has value. - Do **not** emit `safe_auto` — callers decide what to apply; reviewers classify and propose. ## Owner field | `owner` | Meaning | |---------|---------| | `downstream-resolver` | Caller or human should act after review. | | `human` | Judgment required before implementation. | | `release` | Operational / rollout follow-up. | Do not use `review-fixer`. # Diff Scope Rules These rules apply to every reviewer. They define what is "your code to review" versus pre-existing context. ## Scope Discovery Determine the diff to review using this priority order: 1. **User-specified scope.** If the caller passed `BASE:`, `FILES:`, or `DIFF:` markers, use that scope exactly. 2. **Working copy changes.** If there are unstaged or staged changes (`git diff HEAD` is non-empty), review those. 3. **Unpushed commits vs base branch.** If the working copy is clean, review `git diff $(git merge-base HEAD <base>)..HEAD` where `<base>` is the default branch (main or master). The scope step in the SKILL.md handles discovery and passes you the resolved diff. You do not need to run git commands yourself unless PR scope mode requires it (below). ## Remote scope (`pr-remote` and `branch-remote`) When the review context includes `<pr-scope-mode>pr-remote</pr-scope-mode>` or `<pr-scope-mode>branch-remote</pr-scope-mode>`, the working tree is **not** the reviewed head. Do **not** use Read/Grep on workspace paths for files in the changed-file list — they may not match the branch or PR under review. Instead: - Prefer `git show <remote-head-ref>:<path>` when `<pr-head-ref>` or `<branch-head-ref>` is provided in context. - Otherwise rely on diff hunks in the provided `<diff>` only. - Do not treat local workspace contents as evidence for findings on changed files. ## Finding Classification Tiers Every finding you report falls into one of three tiers based on its relationship to the diff: ### Primary (directly changed code) Lines added or modified in the diff. This is your main focus. Report findings against these lines at full confidence. ### Secondary (immediately surrounding code) Unchanged code within the same function, method, or block as a changed line. If a change introduces a bug that's only visible by reading the surrounding context, report it -- but note that the issue exists in the interaction between new and existing code. ### Pre-existing (unrelated to this diff) Issues in unchanged code that the diff didn't touch and doesn't interact with. Mark these as `"pre_existing": true` in your output. They're reported separately and don't count toward the review verdict. **The rule:** If you'd flag the same issue on an identical diff that didn't include the surrounding file, it's pre-existing. If the diff makes the issue *newly relevant* (e.g., a new caller hits an existing buggy function), it's secondary. { "$sc