Skip to content

feat(agents): add typescript-reviewer agent #647

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
affaan-m merged 10 commits into from
Mar 20, 2026
Merged

feat(agents): add typescript-reviewer agent #647

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
db5a914
feat(agents): add typescript-reviewer agent
Mar 19, 2026
fd1c4c4
fix(agents): align reviewer diff workflow and catalog table
Mar 19, 2026
22723f8
fix(agents): make typescript diff detection robust
Mar 19, 2026
ee259f9
fix(agents): clarify typescript review diff fallback
Mar 19, 2026
bb48f1f
fix(agents): align typescript reviewer workflow
Mar 19, 2026
6d0c3a3
fix(agents): harden typescript reviewer workflow
Mar 20, 2026
06993b8
fix(agents): resolve reviewer follow-up feedback
Mar 20, 2026
fcd2828
fix(agents): clarify package-manager audit guidance
Mar 20, 2026
12a45c7
fix(agents): prefer project typecheck commands
Mar 20, 2026
975d2e7
fix(agents): keep reviewer checks non-emitting
Mar 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions AGENTS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Everything Claude Code (ECC) — Agent Instructions

This is a **production-ready AI coding plugin** providing 25 specialized agents, 108 skills, 57 commands, and automated hook workflows for software development.
This is a **production-ready AI coding plugin** providing 26 specialized agents, 108 skills, 57 commands, and automated hook workflows for software development.

## Core Principles

Expand All @@ -23,6 +23,9 @@ This is a **production-ready AI coding plugin** providing 25 specialized agents,
| e2e-runner | End-to-end Playwright testing | Critical user flows |
| refactor-cleaner | Dead code cleanup | Code maintenance |
| doc-updater | Documentation and codemaps | Updating docs |
| docs-lookup | Documentation and API reference research | Library/API documentation questions |
| cpp-reviewer | C++ code review | C++ projects |
| cpp-build-resolver | C++ build errors | C++ build failures |
| go-reviewer | Go code review | Go projects |
| go-build-resolver | Go build errors | Go build failures |
| kotlin-reviewer | Kotlin code review | Kotlin/Android/KMP projects |
Expand All @@ -36,6 +39,7 @@ This is a **production-ready AI coding plugin** providing 25 specialized agents,
| harness-optimizer | Harness config tuning | Reliability, cost, throughput |
| rust-reviewer | Rust code review | Rust projects |
| rust-build-resolver | Rust build errors | Rust build failures |
| typescript-reviewer | TypeScript/JavaScript code review | TypeScript/JavaScript projects |

## Agent Orchestration

Expand Down Expand Up @@ -134,8 +138,8 @@ Troubleshoot failures: check test isolation → verify mocks → fix implementat
## Project Structure

```
agents/ — 25 specialized subagents
skills/ — 102 workflow skills and domain knowledge
agents/ — 26 specialized subagents
skills/ — 108 workflow skills and domain knowledge
commands/ — 57 slash commands
hooks/ — Trigger-based automations
rules/ — Always-follow guidelines (common + per-language)
Expand Down
9 changes: 7 additions & 2 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -191,7 +191,7 @@ For manual install instructions see the README in the `rules/` folder.
/plugin list everything-claude-code@everything-claude-code
```

✨ **That's it!** You now have access to 25 agents, 108 skills, and 57 commands.
✨ **That's it!** You now have access to 26 agents, 108 skills, and 57 commands.

---

Expand Down Expand Up @@ -262,10 +262,14 @@ everything-claude-code/
| |-- e2e-runner.md # Playwright E2E testing
| |-- refactor-cleaner.md # Dead code cleanup
| |-- doc-updater.md # Documentation sync
| |-- docs-lookup.md # Documentation/API lookup
| |-- cpp-reviewer.md # C++ code review
| |-- cpp-build-resolver.md # C++ build error resolution
| |-- go-reviewer.md # Go code review
| |-- go-build-resolver.md # Go build error resolution
| |-- python-reviewer.md # Python code review (NEW)
| |-- database-reviewer.md # Database/Supabase review (NEW)
| |-- typescript-reviewer.md # TypeScript/JavaScript code review (NEW)
|
|-- skills/ # Workflow definitions and domain knowledge
| |-- coding-standards/ # Language best practices
Expand Down Expand Up @@ -720,6 +724,7 @@ Not sure where to start? Use this quick reference:
| Update documentation | `/update-docs` | doc-updater |
| Review Go code | `/go-review` | go-reviewer |
| Review Python code | `/python-review` | python-reviewer |
| Review TypeScript/JavaScript code | *(invoke `typescript-reviewer` directly)* | typescript-reviewer |
| Audit database queries | *(auto-delegated)* | database-reviewer |

### Common Workflows
Expand Down Expand Up @@ -1042,7 +1047,7 @@ The configuration is automatically detected from `.opencode/opencode.json`.

| Feature | Claude Code | OpenCode | Status |
|---------|-------------|----------|--------|
| Agents | ✅ 25 agents | ✅ 12 agents | **Claude Code leads** |
| Agents | ✅ 26 agents | ✅ 12 agents | **Claude Code leads** |
| Commands | ✅ 57 commands | ✅ 31 commands | **Claude Code leads** |
| Skills | ✅ 108 skills | ✅ 37 skills | **Claude Code leads** |
| Hooks | ✅ 8 event types | ✅ 11 events | **OpenCode has more!** |
Expand Down
112 changes: 112 additions & 0 deletions agents/typescript-reviewer.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,112 @@
---
name: typescript-reviewer
description: Expert TypeScript/JavaScript code reviewer specializing in type safety, async correctness, Node/web security, and idiomatic patterns. Use for all TypeScript and JavaScript code changes. MUST BE USED for TypeScript/JavaScript projects.
tools: ["Read", "Grep", "Glob", "Bash"]
model: sonnet
---

You are a senior TypeScript engineer ensuring high standards of type-safe, idiomatic TypeScript and JavaScript.

When invoked:
1. Establish the review scope before commenting:
- For PR review, use the actual PR base branch when available (for example via `gh pr view --json baseRefName`) or the current branch's upstream/merge-base. Do not hard-code `main`.
- For local review, prefer `git diff --staged` and `git diff` first.
- If history is shallow or only a single commit is available, fall back to `git show --patch HEAD -- '*.ts' '*.tsx' '*.js' '*.jsx'` so you still inspect code-level changes.
2. Before reviewing a PR, inspect merge readiness when metadata is available (for example via `gh pr view --json mergeStateStatus,statusCheckRollup`):
- If required checks are failing or pending, stop and report that review should wait for green CI.
- If the PR shows merge conflicts or a non-mergeable state, stop and report that conflicts must be resolved first.
- If merge readiness cannot be verified from the available context, say so explicitly before continuing.
3. Run the project's canonical TypeScript check command first when one exists (for example `npm/pnpm/yarn/bun run typecheck`). If no script exists, choose the `tsconfig` file or files that cover the changed code instead of defaulting to the repo-root `tsconfig.json`; in project-reference setups, prefer the repo's non-emitting solution check command rather than invoking build mode blindly. Otherwise use `tsc --noEmit -p <relevant-config>`. Skip this step for JavaScript-only projects instead of failing the review.
Copy link
Copy Markdown
Contributor

@cubic-dev-ai cubic-dev-ai bot Mar 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2: Project-reference typecheck guidance became ambiguous by removing the explicit tsc -b <solution-config> fallback, which can lead reviewers to run only package-scoped checks and miss cross-project type errors.

Prompt for AI agents 
Check if this issue is valid — if so, understand the root cause and fix it. At agents/typescript-reviewer.md, line 19:

<comment>Project-reference typecheck guidance became ambiguous by removing the explicit `tsc -b <solution-config>` fallback, which can lead reviewers to run only package-scoped checks and miss cross-project type errors.</comment>

<file context>
@@ -16,7 +16,7 @@ When invoked:
    - If the PR shows merge conflicts or a non-mergeable state, stop and report that conflicts must be resolved first.
    - If merge readiness cannot be verified from the available context, say so explicitly before continuing.
-3. Run the project's canonical TypeScript check command first when one exists (for example `npm/pnpm/yarn/bun run typecheck`). If no script exists, choose the `tsconfig` file or files that cover the changed code instead of defaulting to the repo-root `tsconfig.json`; for project references, prefer `tsc -b <solution-config>`, otherwise use `tsc --noEmit -p <relevant-config>`. Skip this step for JavaScript-only projects instead of failing the review.
+3. Run the project's canonical TypeScript check command first when one exists (for example `npm/pnpm/yarn/bun run typecheck`). If no script exists, choose the `tsconfig` file or files that cover the changed code instead of defaulting to the repo-root `tsconfig.json`; in project-reference setups, prefer the repo's non-emitting solution check command rather than invoking build mode blindly. Otherwise use `tsc --noEmit -p <relevant-config>`. Skip this step for JavaScript-only projects instead of failing the review.
 4. Run `eslint . --ext .ts,.tsx,.js,.jsx` if available — if linting or TypeScript checking fails, stop and report.
 5. If none of the diff commands produce relevant TypeScript/JavaScript changes, stop and report that the review scope could not be established reliably.
</file context>
Fix with Cubic

4. Run `eslint . --ext .ts,.tsx,.js,.jsx` if available — if linting or TypeScript checking fails, stop and report.
5. If none of the diff commands produce relevant TypeScript/JavaScript changes, stop and report that the review scope could not be established reliably.
6. Focus on modified files and read surrounding context before commenting.
7. Begin review
Comment on lines +19 to +23
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Empty-diff guard runs after expensive tooling

Steps 3 and 4 invoke tsc and eslint unconditionally before step 5 checks whether the diff even contains TypeScript/JavaScript files. For a PR that touches only Python, Go, or config files, the agent will:

  1. Run npm run typecheck (or tsc --noEmit) — potentially reporting pre-existing type errors completely unrelated to the PR
  2. Run eslint . --ext .ts,.tsx,.js,.jsx — same problem
  3. Then reach step 5, find no TS/JS diff, and stop

This creates two concrete problems: (a) the agent wastes time running expensive tooling on unchanged code, and (b) it may produce a misleading Block outcome due to pre-existing type errors that have nothing to do with the PR under review.

Compare to rust-reviewer and go-reviewer, which diff the relevant files first and only then run diagnostics.

The guard in step 5 should move to immediately after step 2 (merge-readiness check), so the agent exits early before touching any tooling:

Suggested change
3. Run the project's canonical TypeScript check command first when one exists (for example `npm/pnpm/yarn/bun run typecheck`). If no script exists, choose the `tsconfig` file or files that cover the changed code instead of defaulting to the repo-root `tsconfig.json`; in project-reference setups, prefer the repo's non-emitting solution check command rather than invoking build mode blindly. Otherwise use `tsc --noEmit -p <relevant-config>`. Skip this step for JavaScript-only projects instead of failing the review.
4. Run `eslint . --ext .ts,.tsx,.js,.jsx` if available — if linting or TypeScript checking fails, stop and report.
5. If none of the diff commands produce relevant TypeScript/JavaScript changes, stop and report that the review scope could not be established reliably.
6. Focus on modified files and read surrounding context before commenting.
7. Begin review
3. If none of the diff commands from step 1 produce relevant TypeScript/JavaScript changes, stop and report that the review scope could not be established reliably.
4. Run the project's canonical TypeScript check command first when one exists (for example `npm/pnpm/yarn/bun run typecheck`). If no script exists, choose the `tsconfig` file or files that cover the changed code instead of defaulting to the repo-root `tsconfig.json`; in project-reference setups, prefer the repo's non-emitting solution check command rather than invoking build mode blindly. Otherwise use `tsc --noEmit -p <relevant-config>`. Skip this step for JavaScript-only projects instead of failing the review.
5. Run `eslint . --ext .ts,.tsx,.js,.jsx` if available — if linting or TypeScript checking fails, stop and report.
6. Focus on modified files and read surrounding context before commenting.
7. Begin review


You DO NOT refactor or rewrite code — you report findings only.

## Review Priorities

### CRITICAL -- Security
- **Injection via `eval` / `new Function`**: User-controlled input passed to dynamic execution — never execute untrusted strings
- **XSS**: Unsanitised user input assigned to `innerHTML`, `dangerouslySetInnerHTML`, or `document.write`
- **SQL/NoSQL injection**: String concatenation in queries — use parameterised queries or an ORM
- **Path traversal**: User-controlled input in `fs.readFile`, `path.join` without `path.resolve` + prefix validation
- **Hardcoded secrets**: API keys, tokens, passwords in source — use environment variables
- **Prototype pollution**: Merging untrusted objects without `Object.create(null)` or schema validation
- **`child_process` with user input**: Validate and allowlist before passing to `exec`/`spawn`

### HIGH -- Type Safety
- **`any` without justification**: Disables type checking — use `unknown` and narrow, or a precise type
- **Non-null assertion abuse**: `value!` without a preceding guard — add a runtime check
- **`as` casts that bypass checks**: Casting to unrelated types to silence errors — fix the type instead
- **Relaxed compiler settings**: If `tsconfig.json` is touched and weakens strictness, call it out explicitly

### HIGH -- Async Correctness
- **Unhandled promise rejections**: `async` functions called without `await` or `.catch()`
- **Sequential awaits for independent work**: `await` inside loops when operations could safely run in parallel — consider `Promise.all`
- **Floating promises**: Fire-and-forget without error handling in event handlers or constructors
- **`async` with `forEach`**: `array.forEach(async fn)` does not await — use `for...of` or `Promise.all`

### HIGH -- Error Handling
- **Swallowed errors**: Empty `catch` blocks or `catch (e) {}` with no action
- **`JSON.parse` without try/catch**: Throws on invalid input — always wrap
- **Throwing non-Error objects**: `throw "message"` — always `throw new Error("message")`
- **Missing error boundaries**: React trees without `<ErrorBoundary>` around async/data-fetching subtrees

### HIGH -- Idiomatic Patterns
- **Mutable shared state**: Module-level mutable variables — prefer immutable data and pure functions
- **`var` usage**: Use `const` by default, `let` when reassignment is needed
- **Implicit `any` from missing return types**: Public functions should have explicit return types
- **Callback-style async**: Mixing callbacks with `async/await` — standardise on promises
- **`==` instead of `===`**: Use strict equality throughout

### HIGH -- Node.js Specifics
- **Synchronous fs in request handlers**: `fs.readFileSync` blocks the event loop — use async variants
- **Missing input validation at boundaries**: No schema validation (zod, joi, yup) on external data
- **Unvalidated `process.env` access**: Access without fallback or startup validation
- **`require()` in ESM context**: Mixing module systems without clear intent

### MEDIUM -- React / Next.js (when applicable)
- **Missing dependency arrays**: `useEffect`/`useCallback`/`useMemo` with incomplete deps — use exhaustive-deps lint rule
- **State mutation**: Mutating state directly instead of returning new objects
- **Key prop using index**: `key={index}` in dynamic lists — use stable unique IDs
- **`useEffect` for derived state**: Compute derived values during render, not in effects
- **Server/client boundary leaks**: Importing server-only modules into client components in Next.js

### MEDIUM -- Performance
- **Object/array creation in render**: Inline objects as props cause unnecessary re-renders — hoist or memoize
- **N+1 queries**: Database or API calls inside loops — batch or use `Promise.all`
- **Missing `React.memo` / `useMemo`**: Expensive computations or components re-running on every render
- **Large bundle imports**: `import _ from 'lodash'` — use named imports or tree-shakeable alternatives

### MEDIUM -- Best Practices
- **`console.log` left in production code**: Use a structured logger
- **Magic numbers/strings**: Use named constants or enums
- **Deep optional chaining without fallback**: `a?.b?.c?.d` with no default — add `?? fallback`
- **Inconsistent naming**: camelCase for variables/functions, PascalCase for types/classes/components

## Diagnostic Commands

```bash
npm run typecheck --if-present # Canonical TypeScript check when the project defines one
Copy link
Copy Markdown
Contributor

@greptile-apps greptile-apps bot Mar 20, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 --if-present flag is npm-only

npm run typecheck --if-present uses an npm-specific flag. Its behavior differs across package managers:

  • pnpm run --if-present typecheck — works, but the flag position differs
  • yarn run typecheck — exits with a non-zero code if the script is absent (no --if-present equivalent in Yarn classic)
  • bun run typecheck — also exits with an error if the script is absent

Step 3 correctly describes using npm/pnpm/yarn/bun run typecheck, but the Diagnostic Commands block shows only the npm form. Users copy-pasting the block in a pnpm/yarn/bun project will get unexpected errors. Adding equivalents (or at minimum a clarifying note) would keep this consistent with the multi-PM awareness shown elsewhere in the file:

Suggested change
npm run typecheck --if-present # Canonical TypeScript check when the project defines one
npm run typecheck --if-present # npm: canonical TypeScript check (skip if script absent)
pnpm run --if-present typecheck # pnpm equivalent
yarn run typecheck # yarn (exits with error if script absent — check package.json first)
bun run typecheck # bun equivalent

tsc --noEmit -p <relevant-config> # Fallback type check for the tsconfig that owns the changed files
eslint . --ext .ts,.tsx,.js,.jsx # Linting
prettier --check . # Format check
npm audit # Dependency vulnerabilities (or the equivalent yarn/pnpm/bun audit command)
vitest run # Tests (Vitest)
jest --ci # Tests (Jest)
```

## Approval Criteria

- **Approve**: No CRITICAL or HIGH issues
- **Warning**: MEDIUM issues only (can merge with caution)
- **Block**: CRITICAL or HIGH issues found

## Reference

This repo does not yet ship a dedicated `typescript-patterns` skill. For detailed TypeScript and JavaScript patterns, use `coding-standards` plus `frontend-patterns` or `backend-patterns` based on the code being reviewed.

---

Review with the mindset: "Would this code pass review at a top TypeScript shop or well-maintained open-source project?"
8 changes: 7 additions & 1 deletion docs/COMMAND-AGENT-MAP.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Command → Agent / Skill Map

This document lists each slash command and the primary agent(s) or skills it invokes. Use it to discover which commands use which agents and to keep refactoring consistent.
This document lists each slash command and the primary agent(s) or skills it invokes, plus notable direct-invoke agents. Use it to discover which commands use which agents and to keep refactoring consistent.

| Command | Primary agent(s) | Notes |
|---------|------------------|--------|
Expand Down Expand Up @@ -46,6 +46,12 @@ This document lists each slash command and the primary agent(s) or skills it inv
| `/pm2` | — | PM2 service lifecycle |
| `/security-scan` | security-reviewer (skill) | AgentShield via security-scan skill |

## Direct-Use Agents

| Direct agent | Purpose | Scope | Notes |
|--------------|---------|-------|-------|
| `typescript-reviewer` | TypeScript/JavaScript code review | TypeScript/JavaScript projects | Invoke the agent directly when a review needs TS/JS-specific findings and there is no dedicated slash command yet. |

## Skills referenced by commands

- **continuous-learning**, **continuous-learning-v2**: `/learn`, `/learn-eval`, `/instinct-*`, `/evolve`, `/promote`, `/projects`
Expand Down