๐ Code Review Agent โ
FreeExpert code reviewer that identifies bugs, security vulnerabilities, performance issues, and code quality improvements.
When to Use โ
- Before merging a PR
- Auditing legacy code
- Checking for security issues
- Reviewing architecture decisions
Capabilities โ
- Security analysis โ SQL injection, XSS, CSRF, auth bypass
- Performance review โ N+1 queries, memory leaks, unnecessary re-renders
- Code quality โ DRY violations, naming conventions, complexity
- Best practices โ Error handling, type safety, accessibility
CLI Usage โ
bash
# Review a file
luna run code-review --context "$(cat src/auth.ts)"
# Review a git diff
luna run code-review --context "$(git diff HEAD~1)"
# Review a specific function
luna run code-review --context "
function processPayment(amount, currency) {
const query = 'INSERT INTO payments VALUES (' + amount + ')';
db.execute(query);
return { success: true };
}
"API Usage โ
bash
curl -N -X POST https://api.lunaos.ai/agents/execute \
-H "Authorization: Bearer $TOKEN" \
-H "Content-Type: application/json" \
-d '{
"agent": "code-review",
"context": "your code here"
}'Example Output โ
markdown
## Code Review Results
### ๐ด Critical Issues
#### SQL Injection Vulnerability (Line 2)
String concatenation in SQL query allows injection attacks.
**Severity**: Critical
**Fix**:
```javascript
const query = 'INSERT INTO payments VALUES (?)';
db.execute(query, [amount]);๐ก Warnings โ
Missing Input Validation โ
The amount parameter is not validated. Could be negative or non-numeric. Fix: Add Zod schema validation.
Missing Error Handling โ
No try/catch around database operations.
๐ข Suggestions โ
- Add TypeScript types for parameters
- Return proper error codes (not just
{ success: true }) - Add logging for payment events
๐ 3 issues found | 1 critical | 1 warning | 1 suggestion
## Best Practices
- **Provide context** โ the more code you provide, the better the review
- **Include file paths** โ helps the agent understand the project structure
- **Combine with RAG** โ index your codebase first for project-aware reviews