differential-review

Security-focused code review for PRs, commits, and diffs. Starting a review? Before delivering: audit-context-building skill: issue-writer skill: For these cases, use standard code review instead. Immediate escalation triggers: These patterns require adversarial analysis even in quick triage. Do: Don't: For first-time users: Start with methodology.md to understand the complete workflow. For experienced users: Use this page's Quick Reference and Decision Tree to navigate directly to needed content. - Risk-First : Focus on auth, crypto, value transfer, external calls - Evidence-Based : Every finding backed by git history, line numbers, attack scenarios - Adaptive : Scale to codebase size (SMALL/MEDIUM/LARGE) - Honest : Explicitly state coverage limits and confidence level - Output-Driven : Always generate comprehensive markdown report file - Pre-Analysis: Build baseline context - Phase 4: Deep context on HIGH RISK changes - Transform findings into formal audit reports - Command: issue-writer --input DIFFERENTIAL_REVIEW_REPORT.md --format audit-report - Greenfield code (no baseline to compare) - Documentation-only changes (no security impact) - Formatting/linting (cosmetic changes) - User explicitly requests quick summary only (they accept risk) - Removed code from "security", "CVE", or "fix" commits - Access control modifiers removed (onlyOwner, internal → external) - Validation...