Goodvibes Codebase Review & Remediation
Systematic codebase analysis with parallelized remediation using goodvibes agents.
CRITICAL: Be objective & completely honest. No sugar coating, EVER.
Honest Review: Honest reviews yield better results. Never consider emotions or feelings in your assessments. Filesystem Boundaries
CRITICAL: Write-local, read-global.
WRITE/EDIT/CREATE: ONLY within the current working directory and its subdirectories. This is the project root. All changes must be git-trackable. READ: Can read any file anywhere for context (node_modules, global configs, other projects for reference, etc.) NEVER WRITE to: parent directories, home directory, system files, other projects, anything outside project root.
The working directory when you were spawned IS the project root. Stay within it for all modifications.
MCP Tool Checklist (MANDATORY)
STOP. Before doing ANYTHING, complete this checklist.
CRITICAL PREREQUISITE: You MUST call mcp-cli info
Task Start
ALWAYS check schema first
mcp-cli info plugin_goodvibes_analysis-engine/detect_stack mcp-cli info plugin_goodvibes_registry-engine/recommend_skills mcp-cli info plugin_goodvibes_project-engine/project_issues
Then make the calls
mcp-cli call plugin_goodvibes_analysis-engine/detect_stack '{}' mcp-cli call plugin_goodvibes_registry-engine/recommend_skills '{"task":"codebase review quality audit"}' mcp-cli call plugin_goodvibes_project-engine/project_issues '{}'
Review Phase
Check schemas first
mcp-cli info plugin_goodvibes_analysis-engine/find_circular_deps mcp-cli info plugin_goodvibes_analysis-engine/scan_for_secrets mcp-cli info plugin_goodvibes_project-engine/analyze_dependencies mcp-cli info plugin_goodvibes_analysis-engine/find_dead_code mcp-cli info plugin_goodvibes_project-engine/get_test_coverage
Then execute
mcp-cli call plugin_goodvibes_analysis-engine/find_circular_deps '{}' mcp-cli call plugin_goodvibes_analysis-engine/scan_for_secrets '{}' mcp-cli call plugin_goodvibes_project-engine/analyze_dependencies '{}' mcp-cli call plugin_goodvibes_analysis-engine/find_dead_code '{}' mcp-cli call plugin_goodvibes_project-engine/get_test_coverage '{}'
Before Every Edit
Check schemas
mcp-cli info plugin_goodvibes_analysis-engine/scan_patterns mcp-cli info plugin_goodvibes_project-engine/find_tests_for_file mcp-cli info plugin_goodvibes_analysis-engine/validate_edits_preview
Execute
mcp-cli call plugin_goodvibes_analysis-engine/scan_patterns '{}' mcp-cli call plugin_goodvibes_project-engine/find_tests_for_file '{"file":"path/to/file.ts"}' mcp-cli call plugin_goodvibes_analysis-engine/validate_edits_preview '{}'
After Every Edit
Check schema
mcp-cli info plugin_goodvibes_project-engine/project_issues
Execute
mcp-cli call plugin_goodvibes_project-engine/project_issues '{}'
THE LAW: If a goodvibes MCP tool can do it, USE THE TOOL. No exceptions.
Precision Tools (MANDATORY)
CRITICAL: Use precision tools, NOT system tools.
Instead Of Use Why Read precision_read Extract modes, line ranges, outline/symbols Grep precision_grep Output modes, batch queries, context control Glob precision_glob Output modes, filters, preview Edit precision_edit Atomic transactions, validation, hints Write precision_write Atomic, templates, validation Bash precision_exec Batch commands, expectations, output control Precision Tool Patterns
Find files with pattern (minimal output)
precision_grep: queries: - pattern: "TODO|FIXME|HACK" glob: "src/*/.ts" output: mode: files_only
Read file structure without content
precision_read: files: ["src/index.ts", "src/app.ts"] extract: outline output: mode: minimal
Batch edit multiple files atomically
precision_edit: edits: - file: "src/api.ts" find: "const API_URL = 'http://localhost'" replace: "const API_URL = process.env.API_URL" - file: "src/config.ts" find: "debug: true" replace: "debug: process.env.NODE_ENV !== 'production'" transaction: mode: atomic rollback_on_fail: true output: mode: minimal
Execute commands with expectations
precision_exec: commands: - cmd: "npm run typecheck" expect: exit_code: 0 - cmd: "npm run lint" expect: exit_code: 0 output: mode: minimal
Discovery -> Batch Workflow
CRITICAL: Always discover before batching.
The discover tool runs multiple queries in parallel to gather context before building a batch. This prevents wasted operations and ensures you target exactly the right files.
Discovery Tool Usage
Run parallel discovery queries
discover: queries: - id: find_components type: glob patterns: ["src/components//*.tsx"] - id: find_api_routes type: glob patterns: ["src/api//.ts", "src/app/api//.ts"] - id: find_issues type: grep pattern: "TODO|FIXME|HACK" glob: "src/*/.{ts,tsx}" - id: find_hooks type: symbols query: "use" kinds: ["function"] output_mode: files_only # count_only | files_only | locations
Workflow Pattern
Discover - Run queries to understand scope
Use count_only first to gauge magnitude Then files_only to get target list
Plan - Build batch operations using discovery results
Reference discovered files in batch operations Scope work to exactly what was found
Execute - Run batch with full context
Example: Feature Implementation
Step 1: Discover current state
discover: queries: - id: existing_files type: glob patterns: ["src/features/auth//*.ts"] - id: existing_patterns type: grep pattern: "export (function|const|class)" glob: "src/features//*.ts" output_mode: files_only
Step 2: Use results to build targeted batch
batch: id: implement-feature operations: read: - id: analyze type: files targets: "{{existing_files.files}}" # From discovery extract: outline
Benefits:
Prevents blind operations on wrong files Ensures consistent patterns across the codebase Reduces token usage by targeting exactly what's needed Enables informed decisions about implementation approach Mode-Aware Behavior
Your behavior adapts based on the current mode:
vibecoding Mode Communicate: Show progress, explain decisions, report results in detail Ask: On ambiguity or risk, ask the user before proceeding Checkpoint: Create checkpoints per batch Output: Standard verbosity, show diffs justvibes Mode Silent: Minimal communication, log to .goodvibes/logs/activity.md Autonomous: Make best-guess decisions, proceed with checkpoints on risk Auto-chain: Continue to next logical batch automatically Output: Minimal verbosity, no diffs Workflow Overview ┌─────────────────────────────────────────────────────────────┐ │ CODEBASE REVIEW │ ├─────────────────────────────────────────────────────────────┤ │ Phase 1: Review │ Run MCP tools, analyze all code │ │ Phase 2: Report │ Generate codebase-review-report.md │ │ Phase 3: Plan │ Create remediation-plan.md │ │ Phase 4: Execute │ WORK-REVIEW-FIX-CHECK (max 6) │ └─────────────────────────────────────────────────────────────┘
Phase 1: Codebase Review MCP Tool Mapping Category Primary Tools Fallback Quality find_dead_code, scan_patterns grep for patterns Architecture find_circular_deps, get_api_surface manual analysis Security scan_for_secrets, check_permissions grep for patterns Performance get_prisma_operations, analyze_bundle none Documentation explain_codebase file scan Testing get_test_coverage, find_tests_for_file, suggest_test_cases jest --coverage Config read_config, env_audit env file scan Dependencies analyze_dependencies npm audit Errors parse_error_stack, explain_type_error tsc output Style scan_patterns, get_conventions eslint output Review Checklist
Minimum per category:
5 specific file:line findings OR explicit "no issues found" Quantified measurements (counts, percentages, LOC) Severity classification (critical/high/medium/low) Phase 2: Master Report
Generate codebase-review-report.md:
Codebase Review Report
Project: {name from detect_stack} Stack: {technologies detected} Generated: {ISO 8601 timestamp} Overall Score: {X.X}/10
Executive Summary
| Severity | Count | Description |
|----------|-------|-------------|
| 🔴 Critical | N | Issues requiring immediate attention |
| 🟠 High | N | Issues blocking production readiness |
| 🟡 Medium | N | Issues impacting maintainability |
| 🔵 Low | N | Minor improvements |
Score Breakdown
| Category | Weight | Raw | Deductions | Score | Grade |
|----------|--------|-----|------------|-------|-------|
| Quality | 15% | 10 | -X.X | X.X | A-F |
| Architecture | 15% | 10 | -X.X | X.X | A-F |
| Security | 20% | 10 | -X.X | X.X | A-F |
| Performance | 10% | 10 | -X.X | X.X | A-F |
| Documentation | 5% | 10 | -X.X | X.X | A-F |
| Testing | 15% | 10 | -X.X | X.X | A-F |
| Config | 5% | 10 | -X.X | X.X | A-F |
| Dependencies | 5% | 10 | -X.X | X.X | A-F |
| Errors | 5% | 10 | -X.X | X.X | A-F |
| Style | 5% | 10 | -X.X | X.X | A-F |
| TOTAL | 100% | - | - | X.X | X |
Score Calculation
{Show the math for each category deduction}
Detailed Findings
{Category Name}
Finding:
| Field | Value |
|-------|-------|
| Severity | critical|high|medium|low |
| Location | file:line or file:startLine-endLine |
| Measurement | {exact number or percentage} |
| Threshold | {acceptable value} |
| Impact | {business/technical consequence} |
| Points Deducted | {-X.X from Category} |
Evidence:
{code snippet or tool output}
Required Fix:
{specific remediation code or steps}
{repeat for all findings}
What's Working Well
{List genuinely good patterns found, with file references}
Improvement Roadmap
| Phase | Focus | Expected Impact | New Score |
|---|---|---|---|
| 1 | Critical fixes | +X.X points | X.X |
| 2 | High priority | +X.X points | X.X |
| 3 | Medium priority | +X.X points | X.X |
| 4 | Polish | +X.X points | X.X |
Phase 3: Remediation Plan
Generate remediation-plan.md:
Remediation Plan
Generated: {timestamp} Total Tasks: {N} Execution Strategy: WORK-REVIEW-FIX-CHECK with parallel goodvibes agents (max 6 concurrent)
Execution Rules
| Rule | Value |
|------|-------|
| Max concurrent agents | 6 |
| Agent type | goodvibes background |
| Context model | Fresh per task (no accumulation) |
| Tool priority | MCP tools > bash |
| Monitoring | Self-report via SubagentStop hook |
| Workflow | WORK → REVIEW → PASS/FAIL → (FIX → CHECK) |
Task Definitions
Wave 1: Critical [P0] - Execute Immediately
TASK-001:
| Field | Value |
|-------|-------|
| Severity | critical |
| Target Files | file1.ts, file2.ts |
| Related Finding | {reference to report finding} |
| MCP Tools | tool1, tool2 |
| Estimated Duration | Xm |
Context from Report:
{relevant finding details}
{repeat for all tasks, grouped by wave}
Wave 2: High [P1]
Wave 3: Medium [P2]
Wave 4: Low [P3]
Dependency Graph
{Show task dependencies if any exist}
Phase 4: Parallel Agent Execution WORK-REVIEW-FIX-CHECK Workflow For each remediation task:
WORK Agent ─────────────────────> REVIEW Agent (goodvibes:engineer) (goodvibes:reviewer) │ │ │ ├─> PASS ─> Commit ─> Update Log ─> Next Task │ │ │ └─> FAIL ─> FIX Agent ─> CHECK Agent │ │ │ ├─> PASS ─> Commit │ │ └──────────────┴─> FAIL (loop)
Agent Role Mapping Phase Agent Purpose WORK goodvibes:engineer Implements remediation task REVIEW goodvibes:reviewer Verifies work quality (100% required) FIX goodvibes:engineer Addresses ALL review issues CHECK goodvibes:reviewer Re-verifies fixes Waiting for Agents (CRITICAL)
NEVER use these to check agent status:
tail command on transcript files TaskOutput tool Any form of polling
INSTEAD, the orchestrator:
Spawns agent with run_in_background: true Stops taking actions (turn ends) Receives SubagentStop hook notification when agent completes Hook message appears in context with status Concurrency Rules Rule Value Max concurrent agents 6 Agents per task 1 (one agent works on a task at a time) Completion requirement 100% (not 99.9%) WORK Agent Prompt Template
Remediation Task:
MCP Tool Checklist (MANDATORY)
CRITICAL PREREQUISITE: You MUST call mcp-cli info <server>/<tool> BEFORE ANY mcp-cli call <server>/<tool>.
Before ANY edit: ```bash
Check schemas first
mcp-cli info plugin_goodvibes_analysis-engine/scan_patterns mcp-cli info plugin_goodvibes_project-engine/find_tests_for_file
Then execute
mcp-cli call plugin_goodvibes_analysis-engine/scan_patterns '{}' mcp-cli call plugin_goodvibes_project-engine/find_tests_for_file '{"file":"{TARGET_FILE}"}'
After EVERY edit:
Check schema first
mcp-cli info plugin_goodvibes_project-engine/project_issues
Then execute
mcp-cli call plugin_goodvibes_project-engine/project_issues '{}'
Assignment Field Value Task ID {TASK_ID} Severity {SEVERITY} Description {DESCRIPTION} Files {FILE_LIST} Context from Report
{FINDING_DETAILS}
Instructions Complete ONLY this assigned task Use goodvibes MCP tools BEFORE bash Use precision tools (precision_edit, precision_exec) for all operations Run validation tools after every edit If edit causes new errors, fix them before completing Tool Priority (MANDATORY) First: Check mcp-cli info then mcp-cli call plugin_goodvibes_* Second: Use precision tools (precision_edit, precision_read, etc.) Only then: Fall back to standard tools if no MCP/precision tool exists Completion Report
When done, output:
{ "task_id": "{TASK_ID}", "status": "success|failed", "files_modified": ["file1.ts", "file2.ts"], "tests_passed": true|false, "type_check_passed": true|false, "notes": "Any relevant context" }
REVIEW Agent Prompt Template
```markdown
Review Task:
MCP Tool Checklist (MANDATORY)
CRITICAL PREREQUISITE: You MUST call mcp-cli info <server>/<tool> BEFORE ANY mcp-cli call <server>/<tool>.
```bash
Check schemas first
mcp-cli info plugin_goodvibes_project-engine/project_issues mcp-cli info plugin_goodvibes_analysis-engine/scan_patterns mcp-cli info plugin_goodvibes_project-engine/get_test_coverage
Then execute
mcp-cli call plugin_goodvibes_project-engine/project_issues '{}' mcp-cli call plugin_goodvibes_analysis-engine/scan_patterns '{}' mcp-cli call plugin_goodvibes_project-engine/get_test_coverage '{}'
Assignment Field Value Task ID {TASK_ID} Work Agent {WORK_AGENT_ID} Files Modified {FILE_LIST} Context from WORK Agent
{WORK_COMPLETION_REPORT}
Review Criteria Criterion Weight Description Correctness 30% Does it solve the problem correctly? Completeness 25% Are all aspects addressed? Quality 20% Is the code clean, maintainable? Safety 15% No new errors, security issues? Tests 10% Tests pass, coverage maintained? Review Process Read all modified files Run MCP validation tools Check for: Type errors Test failures Security issues Code quality issues Incomplete fixes Calculate score based on criteria weights Provide verdict Review Output { "task_id": "{TASK_ID}", "verdict": "PASS|FAIL", "score": 8.5, "issues": [ { "severity": "critical|major|minor", "file": "path/to/file.ts", "line": 47, "issue": "Description of the issue", "fix_guidance": "Specific guidance on how to fix" } ], "recommendation": "Details for FIX agent if FAIL" }
Verdict Rules PASS: Score >= 8.0 AND no critical issues AND all criteria pass FAIL: Score < 8.0 OR any critical issue OR any criterion fails
CRITICAL: Be honest. Better to catch issues now than in production.
FIX Agent Prompt Template
```markdown
Fix Task: {TASK_ID} (Iteration {N})
MCP Tool Checklist (MANDATORY)
CRITICAL PREREQUISITE: You MUST call mcp-cli info <server>/<tool> BEFORE ANY mcp-cli call <server>/<tool>.
Before ANY edit: ```bash
Check schemas first
mcp-cli info plugin_goodvibes_analysis-engine/scan_patterns mcp-cli info plugin_goodvibes_project-engine/find_tests_for_file
Then execute
mcp-cli call plugin_goodvibes_analysis-engine/scan_patterns '{}' mcp-cli call plugin_goodvibes_project-engine/find_tests_for_file '{"file":"{TARGET_FILE}"}'
After EVERY edit:
Check schema first
mcp-cli info plugin_goodvibes_project-engine/project_issues
Then execute
mcp-cli call plugin_goodvibes_project-engine/project_issues '{}'
Review Feedback
{ISSUES_FROM_REVIEW}
Instructions Address EVERY issue from the review - no skipping Follow the fix_guidance provided for each issue Use precision tools for all operations Run validation after each fix If you cannot fix an issue, document WHY and mark as blocked Completion Report { "task_id": "{TASK_ID}", "iteration": {N}, "status": "success|blocked", "issues_addressed": N, "issues_remaining": N, "blocked_issues": [ { "issue": "Description", "reason": "Why it cannot be fixed" } ], "notes": "Any relevant context" }
CHECK Agent Prompt Template
```markdown
Check Task: {TASK_ID} (Verification Round {N})
MCP Tool Checklist (MANDATORY)
CRITICAL PREREQUISITE: You MUST call mcp-cli info <server>/<tool> BEFORE ANY mcp-cli call <server>/<tool>.
```bash
Check schemas first
mcp-cli info plugin_goodvibes_project-engine/project_issues mcp-cli info plugin_goodvibes_analysis-engine/scan_patterns
Then execute
mcp-cli call plugin_goodvibes_project-engine/project_issues '{}' mcp-cli call plugin_goodvibes_analysis-engine/scan_patterns '{}'
Assignment Field Value Task ID {TASK_ID} FIX Agent {FIX_AGENT_ID} Iteration {N} Previous Issues
{ISSUES_TO_VERIFY}
Context from FIX Agent
{FIX_COMPLETION_REPORT}
Verification Process Read all modified files Run MCP validation tools Verify each previous issue is resolved Check for new issues introduced by fixes Provide verdict Verdict Output { "task_id": "{TASK_ID}", "iteration": {N}, "verdict": "PASS|FAIL", "resolved_issues": N, "unresolved_issues": [ { "issue": "Description", "status": "still_present|new_issue" } ], "recommendation": "Next action if FAIL" }
Verdict Rules PASS: ALL previous issues resolved AND no new critical issues FAIL: ANY issue unresolved OR new critical issues found
If FAIL after 3 iterations, escalate to human review.
Commit Protocol
After REVIEW or CHECK verdict is PASS, create commit:
fix({CATEGORY}): {TASK_ID} - {SHORT_DESCRIPTION}
{DETAILED_DESCRIPTION}
Changes {FILE_1}: {WHAT_CHANGED} {FILE_2}: {WHAT_CHANGED} Review Reviewed by: REVIEW agent Score: {SCORE}/10 Iterations: {FIX_ITERATIONS}
Task-ID: {TASK_ID} Severity: {SEVERITY} Co-Authored-By: Claude Opus 4.5 noreply@anthropic.com
Completion Cleanup
After ALL remediation tasks have passed review and been committed, archive the output files:
Archive Location: .goodvibes/completed/
Archive Commands: ```bash
Run all commands together in a single shell session:
Create archive directory if it doesn't exist
mkdir -p .goodvibes/completed
Generate timestamp
TIMESTAMP=$(date +%Y%m%d-%H%M%S)
Move and rename files
mv codebase-review-report.md .goodvibes/completed/code-review-${TIMESTAMP}.md mv remediation-plan.md .goodvibes/completed/remediation-plan-${TIMESTAMP}.md mv remediation-log.md .goodvibes/completed/remediation-log-${TIMESTAMP}.md
Archive Checklist:
All remediation tasks show status: completed in remediation-log.md All commits pushed (if applicable) Memory files updated (.goodvibes/memory/) Archive directory created Files moved with timestamp suffix
File Naming Convention:
Original Archived codebase-review-report.md code-review-{YYYYMMDD-HHMMSS}.md remediation-plan.md remediation-plan-{YYYYMMDD-HHMMSS}.md remediation-log.md remediation-log-{YYYYMMDD-HHMMSS}.md
Why Archive:
Keeps project root clean Preserves historical review data Enables tracking of codebase health over time Prevents confusion with future reviews Completion Logging
Maintain remediation-log.md:
Remediation Log
Active Agents
| Task ID | Description | Agent | Phase | Started | Elapsed |
|---------|-------------|-------|-------|---------|---------|
| TASK-002 | Remove secrets | agent-abc | WORK | 10:05:00 | 5m |
| TASK-003 | Fix auth flow | agent-def | REVIEW | 10:08:00 | 2m |
Completed Tasks
| Task ID | Description | Status | Duration | Iterations | Changes |
|---------|-------------|--------|----------|------------|---------|
| TASK-001 | Fix SQL injection | ✅ PASS | 15m32s | 1 | api/users.ts |
Failed Tasks
| Task ID | Description | Status | Iterations | Reason | Retry? |
|---------|-------------|--------|------------|--------|--------|
| TASK-005 | Fix type errors | ❌ FAIL | 3 | Blocked by external dependency | No |
Summary
- Total Tasks: N
- Completed: N (X%)
- In Progress: N
- Failed: N
- Remaining: N
- Active Agents: N/6
Output Artifacts File Purpose codebase-review-report.md Complete findings with quantified metrics and scores remediation-plan.md Prioritized task checklist by severity with context remediation-log.md Real-time execution tracking with WORK-REVIEW-FIX-CHECK status
Note: After all remediation tasks are completed, these files are archived to .goodvibes/completed/ with timestamp suffixes. See "Completion Cleanup" section for details.
Memory Integration
After review/remediation, update .goodvibes/memory/:
File Update With decisions.md Architectural decisions made during remediation patterns.md Patterns discovered or enforced failures.md Failed remediations with root cause analysis preferences.md Tool preferences that worked well Constraints Constraint Value Rationale Max concurrent agents 6 Resource management Agent type goodvibes background Telemetry via hooks Tasks per agent 1 Fresh context per task Context inheritance None Prevent cross-contamination Monitoring method Self-report SubagentStop hook handles Tool priority MCP > precision > bash Consistency and telemetry Review requirement 100% Ensure quality before commit