🧠 TuringMind Code Review

Catch bugs before they catch you.

A Claude Code skill for AI-powered code review of your uncommitted changes. Install from the marketplace, review instantly.

Quick Start • Features • Examples • Contributing

---

📦 What is This?

TuringMind Code Review is a Claude Code skill — a reusable, shareable plugin that extends Claude Code with specialized code review capabilities.

Claude Code skills are installed via the built-in plugin marketplace and add new slash commands to your Claude Code environment.

---

💡 Why TuringMind?

You're about to commit. ESLint passes. Types check. Tests are green.

But there's a SQL injection on line 23.

TuringMind catches what linters miss:

• 🐛 Logic errors that compile but fail at runtime
• 🔐 Security vulnerabilities (OWASP Top 10)
• 📐 Architecture violations your team agreed to avoid
• 🎯 Issues in your diff, not pre-existing tech debt

"Like having a senior engineer review every commit — in seconds."

---

🚀 Quick Start

Install from Marketplace

Open Claude Code in your terminal and run:

# Step 1: Add the TuringMind marketplace
/plugin marketplace add turingmindai/turingmind-code-review

# Step 2: Install the skill
/plugin install turingmind@turingmind

Use the Commands

# Quick review — fast, pre-commit check
/turingmind-code-review:review

# Deep review — thorough analysis before PRs
/turingmind-code-review:deep-review

That's it. No config files. No setup. Just code review.

Requirements

• Claude Code installed and configured
• Git repository with uncommitted changes

Optional: Git Hooks

Pre-Commit Hook (Recommended)

Automatically run code review on staged changes before every commit:

# Manual install
cp hooks/pre-commit .git/hooks/pre-commit
chmod +x .git/hooks/pre-commit

What it does:

• 🔴 Critical issues (95-100) → Blocks the commit
• 🟠 Warning issues (80-94) → Shows warning, allows commit
• ✅ No issues → Commit proceeds normally

To uninstall: rm .git/hooks/pre-commit

Pre-Push Hook

Automatically run code review before every git push:

# One-liner install (run in your project)
curl -sSL https://raw.githubusercontent.com/turingmindai/turingmind-code-review/main/scripts/install-hooks.sh | bash

What it does:

• 🔴 Critical issues (95-100) → Blocks the push
• 🟠 Warning issues (80-94) → Shows warning, allows push
• ✅ No issues → Push proceeds normally

To uninstall: rm .git/hooks/pre-push

---

✨ Features

Two Review Modes

	Quick Review	Deep Review
Command	/turingmind-code-review:review	/turingmind-code-review:deep-review
Speed	⚡ Fast	🔍 Thorough
Best for	Pre-commit checks	Before PRs
Agents	4 Sonnet	6 Sonnet + 3 Haiku
Architecture analysis	—	✅
Impact analysis	—	✅
Test coverage check	—	✅

What Gets Checked

🐛 Bugs & Logic Null/undefined access Off-by-one errors Race conditions Resource leaks	🔐 Security (OWASP Top 10) SQL/Command injection XSS vulnerabilities Hardcoded secrets Auth bypass
📐 Architecture (deep only) Pattern consistency Abstraction violations Circular dependencies	🎯 Project Rules CLAUDE.md compliance Team conventions Naming standards

Smart Filtering

TuringMind won't waste your time. It automatically filters:

• ❌ Pre-existing issues (not your fault)
• ❌ Linter territory (let ESLint handle it)
• ❌ Pedantic nitpicks (no "add semicolon" spam)
• ❌ Intentional changes (you meant to do that)

---

📸 Example Output

Quick Review

## Code Review

**Summary:** Reviewed 3 files, 47 lines changed

### Critical (95-100) 🔴
Must fix before committing:

1. **api/auth.ts:23** - SQL injection vulnerability

   User input directly interpolated into SQL query.
   
   ```diff
   - const query = `SELECT * FROM users WHERE email = '${email}'`;
   + const query = `SELECT * FROM users WHERE email = $1`;
   + const result = await db.query(query, [email]);

Warning (80-94) 🟠

Should fix:

1. utils/parse.ts:15 - Unchecked null access

   data.user.name accessed without null check. Will throw if user is undefined.

   Suggested fix: data.user?.name ?? 'Unknown'

### Deep Review

Includes everything above, plus:

Architectural Notes 📐

• Pattern consistency: ✅ Follows existing patterns
• Test coverage: ⚠️ No tests for new validateEmail function
• Documentation: ✅ JSDoc comments present

Impact Analysis 💥

• Affected files: routes/login.ts, middleware/auth.ts
• Blast radius: Auth flow - high business impact
• Breaking changes: None detected

---

## 🏗️ Architecture

Modular design for easy customization:

```text
plugins/turingmind/
├── commands/           # Review orchestration
│   ├── review.md
│   └── deep-review.md
├── agents/             # Specialized reviewers
│   ├── bugs.md
│   ├── security.md
│   ├── compliance.md
│   ├── architecture.md
│   └── language-*.md
└── templates/          # Output & filtering
    ├── output-format.md
    └── false-positive-rules.md

Extending

# Add Go support
cp agents/language-typescript.md agents/language-go.md
# Edit with Go-specific checks

# Add custom security rules
# Edit agents/security.md

---

⚠️ Limitations

This is AI-assisted code review. It's powerful, but:

• 🔧 Complements, doesn't replace SAST tools (Semgrep, CodeQL, Snyk)
• 🔗 Can't trace complex multi-file data flows
• 🧪 Doesn't run tests or type checking

For security-critical code, layer this with dedicated security scanners.

---

🤝 Contributing

Contributions welcome! Here's how:

1. Add language support — Create agents/language-{lang}.md
2. Improve detection — Enhance agent prompts in agents/
3. Fix false positives — Tune templates/false-positive-rules.md
4. Report issues — Open a GitHub issue

---

📄 License

MIT © TuringMind

---

⬆ Back to top

Made with 🧠 by developers, for developers.