Code Review
/xavier review spawns multiple persona-driven reviewer agents in parallel. Each reviewer examines your diff from a different angle. Findings are aggregated incrementally as reviewers complete — no waiting for the slowest one before you see results.
How it works
- Vault context load — Xavier reads relevant notes from your vault: team conventions, past review decisions, recurring patterns
- Diff detection — runs
git diffto determine what's being reviewed - Spawn reviewers — 3 background agents (remoras) launch in parallel, each with the diff, vault context, and a distinct persona
- Immediate feedback — you see "Review started, 3 reviewers working..." right away
- Incremental aggregation — the pilot fish categorizes and deduplicates findings as each reviewer completes
- Final verdict — approve, request changes, or rethink — with categorized findings
- Vault write — the review summary is stored in
~/.xavier/knowledge/reviews/
Personas
Personas are markdown files that define a reviewer's perspective. Each contains a system prompt that shapes how the reviewer analyzes code.
Default personas:
| Persona | Focus |
|---|---|
| Correctness | Logic errors, edge cases, missing validations, broken contracts |
| Security | Vulnerabilities, auth issues, injection risks, data exposure |
| Performance | Unnecessary computation, memory leaks, render cycles, query efficiency |
Where personas live
- Global:
~/.xavier/personas/— apply to all repos - Repo-level:
<your-repo>/.xavier/personas/— override globals for that repo
You customize the panel by adding, editing, or removing persona files. Want a reviewer focused on accessibility? Create a11y.md in your personas directory.
Active learning
Xavier scans the 10 most recent review notes for the current repo before spawning reviewers. Patterns that appeared in 2+ reviews are extracted and injected as a ## Recurring Patterns section in each reviewer's prompt.
This means your reviewers get smarter over time. If Xavier has flagged missing error boundaries in your React components three times, it'll proactively look for that pattern in future reviews.
How it degrades gracefully:
- Fewer than 2 reviews for this repo? The recurring patterns section is omitted entirely
- Max 10 patterns, ~200 words — enough context without polluting the prompt
Review notes
Every review is stored as a Zettelkasten note with structured frontmatter:
---repo: my-appmodule: src/authtype: reviewfinding-categories: [security, correctness]recurring: truetags: [auth, token-handling]related: [knowledge/repos/my-app-architecture]created: 2026-04-08updated: 2026-04-08---These notes serve dual purpose:
- Lookup — "what did we flag last time on this module?"
- Active learning — recurring patterns are extracted and fed to future reviewers
Example walkthrough
You're working on an authentication service and have changes ready to review:
# You've made changes to the auth middlewaregit diff --stat# src/middleware/auth.ts | 45 ++++++++--# src/utils/token.ts | 12 ++-# 2 files changed, 42 insertions(+), 15 deletions(-)Run /xavier review:
Review started, 3 reviewers working...
✓ Correctness reviewer complete (1/3)✓ Security reviewer complete (2/3)✓ Performance reviewer complete (3/3)
── Review Verdict: Request Changes ──
## Security (2 findings)- Token refresh logic doesn't invalidate the old token → potential token replay- Session expiry check uses client-side clock → can be bypassed
## Correctness (1 finding)- Missing error handling when refresh token is expired → unhandled promise rejection
## Performance- No findings
## Recurring Patterns⚠ Token handling in this module has been flagged in 2 previous reviews for similar invalidation gaps.The review note is committed to your vault. Next time you touch this module, the reviewers will have this context.
Last updated: 4/8/26, 10:45 PM
Edit this page on GitHub