Familiar logo
Familiar usefamiliar.com
Documentation / Fleet

Tutorial: Build a Code Review Agent

Step-by-step guide to building a specialized code review agent with custom prompts and skills.

What You'll Build

A code review agent that:

  • Reviews code for bugs, security issues, and best practices
  • Uses read-only permissions for safety
  • Can be saved as a reusable AGENT.md
  • Has a reusable skill for code review instructions

Time: 15-20 minutes

Prerequisites

  • Fleet installed with an AI provider configured
  • A codebase to review (your own project works great)

Step 1: Create the Agent

Press Cmd+N to create a new agent.

Configure Basic Settings

  1. Name: Click the name and type "Code Reviewer"
  2. Model: Select a capable model (Claude Sonnet recommended)
  3. Permissions: Set to Read-Only (code review shouldn't modify files)

Step 2: Add a System Prompt

Click the Settings icon and add this system prompt:

You are an expert code reviewer. Your job is to review code for:

## Focus Areas

1. **Bugs & Logic Errors**
   - Off-by-one errors
   - Null/undefined handling
   - Edge cases not covered

2. **Security Vulnerabilities**
   - Injection risks (SQL, XSS, command)
   - Exposed secrets or credentials
   - Authentication/authorization gaps

3. **Performance Issues**
   - Unnecessary loops or computations
   - Missing caching opportunities
   - N+1 query patterns

4. **Code Quality**
   - Naming clarity
   - Function length and complexity
   - DRY violations

## Guidelines

- Be specific: reference line numbers and code snippets
- Be constructive: explain why something is an issue
- Prioritize: focus on significant issues over style nitpicks
- Suggest fixes: provide example corrections when possible

Step 3: Test the Agent

Navigate to a project directory and ask for a review:

Review the code in src/api/auth.ts for security issues

Or for a broader review:

Give me an overview of this codebase and identify the top 3 areas
that need improvement

The agent will:

  1. Read the file(s)
  2. Analyze the code
  3. Provide structured feedback

Step 4: Refine the Prompt

Based on initial results, refine your system prompt. Common additions:

For TypeScript/JavaScript Projects

## Language-Specific Checks

- Type safety issues
- Proper async/await usage
- Missing error handling in promises
- Incorrect use of equality operators (== vs ===)

For API Code

## API-Specific Checks

- Input validation
- Proper error responses
- Rate limiting considerations
- Authentication middleware usage

Step 5: Create a Reusable Skill

Turn your review instructions into a skill that any agent can use.

Ask the Agent to Create It

Create a skill called "code-review" based on the review guidelines
we've been using. Save it so other agents can use it.

The agent will create a skill in ~/Library/Application Support/familiar/skills/code-review/skill.md.

Or Create Manually

Create the file ~/Library/Application Support/familiar/skills/code-review/skill.md:

---
name: code-review
description: Reviews code for bugs, security, performance, and quality
compatibility: all
allowed_tools:
  - Read
  - Glob
  - Grep
---

# Code Review Skill

Review code systematically for issues.

## Review Checklist

### 1. Security (Critical)
- [ ] No hardcoded secrets or credentials
- [ ] Input validation on all external data
- [ ] No injection vulnerabilities (SQL, XSS, command)
- [ ] Proper authentication/authorization checks

### 2. Bugs
- [ ] Null/undefined properly handled
- [ ] Edge cases covered
- [ ] Error handling complete
- [ ] Type safety maintained

### 3. Performance
- [ ] No unnecessary loops or repeated calculations
- [ ] Database queries optimized (no N+1)
- [ ] Appropriate caching

### 4. Maintainability
- [ ] Clear naming
- [ ] Functions reasonably sized (<50 lines ideal)
- [ ] No excessive duplication

## Output Format

For each issue found:
1. **Location:** File path and line number(s)
2. **Severity:** Critical / High / Medium / Low
3. **Issue:** What's wrong
4. **Fix:** How to correct it (with code example if helpful)

Step 6: Save as AGENT.md

Save your configured agent as an AGENT.md file for portability and version control.

Ask the Agent

Export this agent configuration to an AGENT.md file

Manual Creation

Create ~/agents/code-reviewer/AGENT.md:

---
name: code-reviewer
description: Reviews code for bugs, security, performance, and best practices

model:
  provider: anthropic
  model: claude-sonnet-4-20250514

tools:
  - Read
  - Glob
  - Grep

permissions:
  execution_tier: read_only

enabled_skills:
  - code-review

parameters:
  - name: path
    type: path
    required: false
    default: "."
    description: Path to review

  - name: focus
    type: string
    required: false
    default: all
    description: Focus area (security, performance, bugs, all)
---

You are Code Reviewer, an expert at reviewing code for quality and security.

## Your Mission

Review code in  with focus on: 

## Approach

1. First, understand the codebase structure
2. Identify the most critical files to review
3. Apply the code-review skill systematically
4. Prioritize findings by severity
5. Provide actionable recommendations

## Output Format

Structure your review as:

### Summary
Brief overview of code quality and main concerns.

### Critical Issues
Issues that must be fixed immediately.

### Recommendations
Improvements that would enhance the code.

### Positive Notes
What the code does well (important for balanced feedback).

Step 7: Use Your Agent

From Fleet UI

Open the agent and start a review:

Review the authentication module

From Command Line

fleet run code-reviewer --param path=./src/api --param focus=security

From a Git Hook

Create a pre-commit trigger that runs reviews on changed files:

name: pre-commit-review
type: git_hook
git_hook_type: pre-commit
repo_paths:
  - ~/projects/my-app
pass_context: true

Bind it to your agent in AGENT.md:

triggers:
  - trigger: pre-commit-review
    enabled: true

Complete Example

Here's the full AGENT.md for reference:

---
name: code-reviewer
description: Reviews code for bugs, security, performance, and best practices

model:
  provider: anthropic
  model: claude-sonnet-4-20250514
  reasoning_level: medium

tools:
  - Read
  - Glob
  - Grep
  - Bash

permissions:
  execution_tier: read_only
  directories:
    - path: ""
      access: read
  rules:
    - "Bash(git diff*)"
    - "Bash(git log*)"
    - "Bash(git show*)"

enabled_skills:
  - code-review

parameters:
  - name: path
    type: path
    required: false
    default: "."
    description: Path to review

  - name: focus
    type: string
    required: false
    default: all
    description: Focus area (security, performance, bugs, all)

triggers:
  - trigger: pre-commit-review
    enabled: true

hooks:
  - event: onStart
    action: script
    script: |
      cd "" && git diff --cached --name-only
    captureOutput: true

compaction_strategy: summarization
---

You are Code Reviewer, an expert at reviewing code for quality and security.

{{#if hook_output}}
## Files Changed
{{hook_output}}
{{/if}}

## Focus: 

Apply the code-review skill to analyze the code at .

Prioritize issues by severity: Critical > High > Medium > Low.

Be constructive and specific. Reference line numbers and provide example fixes.

Next Steps