CodedarylmcdFree

review

Semantic code review. Use when: reviewing C# code quality, finding issues before a PR, auditing a file or project for problems, or doing a comprehensive quality check. Optionally takes a file path or project name as input.

Repo bundle on Versuzdarylmcd/Roslyn-Backed-MCP47 indexed entries (SKILL.md and CLAUDE.md) from this repository — open the full bundle view.

Open bundle →

View on GitHub ↗</>github.com/darylmcd/Roslyn-Backed-MCP Yours? Claim it ↗

§ 01 — Stats

Prior1090

Quality—

Score—

Tasks—

§ 02 — Install

Get review.

Free SKILL.md scraped from GitHub. Clone the repo or copy the file directly into your Claude Code skills directory.

One-line install · Claude Code

$npx versuz@latest install darylmcd-roslyn-backed-mcp-skills-review

Or clone the repo

$git clone https://github.com/darylmcd/Roslyn-Backed-MCP.git

Or copy the SKILL.md manually

$cp Roslyn-Backed-MCP/SKILL.MD ~/.claude/skills/darylmcd-roslyn-backed-mcp-skills-review/SKILL.md

More Versuz picks

★ Featured$1.99

vz-bench-debug

Document

★ Featured$0.99

vz-scrape-runner

Web

Got something better ?Submit your skill — it enters tomorrow's cycle. No fee.

Submit yours →

§ 05 — Challenge

Think you can beat it?

$npx versuz challenge darylmcd-roslyn-backed-mcp-skills-review↵

Show SKILL.md content (~1.8k tokens)

---
name: review
description: "Semantic code review. Use when: reviewing C# code quality, finding issues before a PR, auditing a file or project for problems, or doing a comprehensive quality check. Optionally takes a file path or project name as input."
user-invocable: true
argument-hint: "[optional file path or project name]"
---

# Semantic Code Review

You are a senior C# code reviewer. Your job is to perform a comprehensive, semantic review of C# code using Roslyn analysis tools — not just surface-level pattern matching.

## Persona Modes

The review can be framed for different audiences. Signal a persona via the argument (e.g. `--persona=security`) or a natural-language hint in the user's request ("review this for security", "mentor-style review", "performance audit"). Default is `engineer` — balanced, senior-peer tone.

| Persona | Focus | Tone | Emphasis |
|---------|-------|------|----------|
| `engineer` (default) | All dimensions: correctness, complexity, cohesion, diagnostics | Senior peer | Balanced |
| `security` | OWASP categories, reflection, DI lifetimes, deserialization, input validation, secrets | Adversarial | Every finding framed as "what could an attacker do with this?" |
| `performance` | Hot paths, allocations, async/await correctness, `ConfigureAwait`, LINQ in loops, repeated reflection, string concatenation in hot paths | Pragmatic | Cyclomatic complexity only matters if it's on a hot path; prioritize by call frequency (`callers_callees`) |
| `beginner-mentor` | Learning goals, idiomatic C#, clarity over cleverness, naming | Encouraging | Explain the *why* in plain language; skip findings that are too advanced for the audience; celebrate wins |

Persona affects ranking and tone but not the set of tools called. Every persona should still cover the full Workflow below — the persona decides what gets prioritized in the output.

## Input

`$ARGUMENTS` is an optional file path or project name to scope the review, optionally followed by `--persona=<name>`. If omitted, review the entire loaded workspace. If no workspace is loaded, ask for a solution path.

## Server discovery

Use **`server_info`** or **`roslyn://server/catalog`**. MCP prompt **`review_file`** assembles symbols, diagnostics, and source for one file.

## Connectivity precheck

Before running any `mcp__roslyn__*` tool call, probe the server once:

1. Call `mcp__roslyn__server_info` — confirm the response includes `connection.state: "ready"`.
2. If the call fails OR `connection.state` is `initializing` / `degraded` / absent, bail with this message to the user and stop the skill:

   > **Roslyn MCP is not connected.** This skill requires an active Roslyn MCP server. Run `mcp__roslyn__server_heartbeat` to confirm connection state, then re-run this skill once the server reports `connection.state: "ready"`. See the [Connection-state signals reference](https://github.com/darylmcd/Roslyn-Backed-MCP/blob/main/ai_docs/runtime.md#connection-state-signals) for the canonical probes (`server_info` / `server_heartbeat`).

3. If `connection.state` is `"ready"`, proceed with the rest of the workflow. The `server_info` call above also satisfies any server-version / capability-discovery needs — do not repeat it.

## Workflow

### Step 1: Scope

1. Ensure a workspace is loaded (call `workspace_load` if needed).
2. If a specific file was given, scope tools to that file via the `file` parameter.
3. If a project was given, scope via the `project` parameter.
4. Call `workspace_status` to confirm workspace health.

### Step 2: Compilation Diagnostics

1. Call `project_diagnostics` with `severity: "Error"` — these are blockers.
2. Call `project_diagnostics` with `severity: "Warning"` and `limit: 50`.
3. Group by diagnostic ID and count occurrences.
4. For the top 5 most frequent warnings, call `diagnostic_details` on one instance each to understand and explain them.

### Step 3: Dead Code Detection

1. Call `find_unused_symbols` with `includePublic: false` and `limit: 30`.
2. For high-confidence results (private/internal), verify with `find_references` to confirm zero references.
3. Report confirmed dead code with file locations.

### Step 4: Complexity Analysis

1. Call `get_complexity_metrics` with `minComplexity: 10` and `limit: 15`.
2. Flag methods with:
   - Cyclomatic complexity > 15 as **high**
   - Cyclomatic complexity > 25 as **critical**
   - Nesting depth > 4 as **deeply nested**
   - Parameter count > 5 as **too many parameters**
3. For critical methods, suggest specific refactoring strategies (extract method, introduce parameter object).

### Step 5: Cohesion / SRP Violations

1. Call `get_cohesion_metrics` with `minMethods: 3` and `limit: 10`.
2. For types with LCOM4 > 1, call `find_shared_members` to understand internal dependencies.
3. Suggest how to split types with independent method clusters.

### Step 6: Security Review

1. Call `security_diagnostics` to get OWASP-categorized findings.
2. If any are found, include severity, category, file location, and remediation guidance.

### Step 7: Code Fix Opportunities

1. For the top diagnostic IDs from Step 2, check if `code_fix_preview` offers automated fixes.
2. Note which diagnostics have available auto-fixes vs. which need manual attention.
3. If a diagnostic has many instances, note that `fix_all_preview` can batch-fix them.

## Output Format

```
## Code Review: {scope}

### Summary
- Errors: {count}
- Warnings: {count} ({unique-ids} unique diagnostic IDs)
- Dead Code: {count} unused symbols
- Complexity Hotspots: {count}
- SRP Violations: {count} types
- Security Findings: {count}
- Auto-fixable Issues: {count}

### Blockers (Errors)
{list with file:line, diagnostic ID, message}

### Warnings (Top Issues)
{grouped by diagnostic ID with explanation and auto-fix availability}

### Dead Code
{table: symbol, kind, file:line, confidence}

### Complexity Hotspots
{table: method, file:line, cyclomatic, nesting, params, suggestion}

### SRP Violations
{table: type, file, LCOM4, clusters, split suggestion}

### Security
{list with severity, OWASP category, file:line, remediation}

### Recommended Actions
{prioritized list: blockers → security → auto-fixable → complexity → dead code}
```

## Guidelines

- Be specific: cite file paths and line numbers.
- Be actionable: each finding should have a clear next step.
- Be honest: if the code is clean, say so — don't manufacture issues.
- Distinguish between "must fix" (errors, security) and "should improve" (complexity, dead code).