Quick, standard, or thorough?

Scale the depth to the risk.

Three intensity modes

The skills /review, /qa, and /security each support three modes. The mode controls how deep the analysis goes, how strict the gates are, and how drift is handled.

/review --quick
/review --standard    # default
/review --thorough

Comparison across skills

/review

  • Quick— single structural pass. Checks for obvious issues: missing error handling, unused imports, inconsistent naming. Confidence gate: 0.6. Drift: ignored.
  • Standard— two passes (structural + adversarial). The adversarial pass tries to break the code with edge cases. Confidence gate: 0.7. Drift: warning.
  • Thorough— two passes plus scope verification. Every finding must include a specific file and line number. Confidence gate: 0.85. Drift: blocking.

/qa

  • Quick— runs existing tests only. No new test generation. Reports pass/fail counts.
  • Standard— generates tests for uncovered paths. Runs all tests. Reports coverage delta.
  • Thorough— generates tests, runs them, then generates adversarial tests from /review findings. Mutation testing if the project supports it.

/security

  • Quick— OWASP Top 10 checklist against changed files only. Pattern matching for common vulnerabilities.
  • Standard— OWASP Top 10 plus STRIDE threat model. Checks all files in the change set plus their direct imports.
  • Thorough— full STRIDE, data flow analysis, dependency audit, and attack surface mapping. Checks the entire project, not just the diff.

How to choose

Match the mode to the risk profile of the change:

  • Changes under 50 lines, markdown edits, config tweaks: --quick. You want a sanity check, not a deep audit.
  • Standard feature work, 50 to 500 lines of code: --standard. This is the default for a reason. Two-pass review catches most real issues without burning time on unlikely edge cases.
  • Auth flows, payment processing, infrastructure changes, anything that touches secrets or user data: --thorough. The extra time is worth it. Blocking drift ensures nothing unexpected crept into a sensitive area.

Agent auto-suggestion

If you run /review without a mode flag, the agent picks one based on the diff size and file types. It tells you what it chose and why:

> /review

Auto-selected: --standard
Reason: 247 lines changed across 5 files, includes route handlers
Override: /review --thorough

You can always override. The auto-suggestion is a starting point, not a constraint.

Confidence gates explained

The confidence gate is the minimum confidence score a finding needs to be reported. At --quick (0.6 threshold), the agent reports anything it is more likely true than not. At --thorough (0.85), only high-confidence findings make the cut. This reduces noise in thorough mode, where you want precision over recall.

Findings below the gate are not discarded. They are saved in the artifact under suppressed_findings in case you want to review them manually.

PreviousKnowledgeNext/guard