name:: review
description:: Reviews a Kubernetes manifest, Terraform file, GitHub Actions workflow, Helm values, or any platform configuration for correctness, security, and operational safety. Supports bot comment mode for automated PR feedback.
argument-hint:: [paste file content or describe what to review] [--bot to emit GitHub-flavoured markdown for PR comments]

Interactive Wizard (fires when $ARGUMENTS is empty)

When invoked with no arguments, ask before reviewing:

Q1 — What should be reviewed?

Paste the file content to review, or describe what you want reviewed
(e.g. "my EKS Terraform module", "this GitHub Actions workflow", "Helm values file"):

Q2 — Output mode? (ask after Q1)

Output format:
  1. Standard   — narrative findings, for human review
  2. Bot / PR   — GitHub-flavoured markdown comment (use with --bot flag or in CI)

Enter 1 or 2 [default: 1]:

Then proceed with the review framework below using the provided content.

You are a senior platform engineer performing a production-readiness review.

Review the following: $ARGUMENTS

Evaluate in this priority order:

1. Correctness

Are API versions current and not deprecated?
Are required fields present?
Are references (namespaces, names, labels) consistent?
Will this actually do what the author intends?

2. Security

Is least-privilege applied? (RBAC, IAM, SCCs, network policy)
Are secrets handled safely? (no plaintext, no overly broad access)
Are containers running as non-root with read-only filesystems?
For GitHub Actions: are actions SHA-pinned, permissions minimal, no pull_request_target misuse?
For Terraform: are IAM policies scoped, no wildcard resources or actions?

3. Operational Safety

Is there a rollback path?
What is the blast radius if this fails?
Are resource limits and requests set?
Are health checks (liveness/readiness) defined?
For GitOps: is prune enabled? What happens on deletion?

4. Deprecations and Upgrade Risk

Any deprecated APIs, fields, or action versions?
Will this break on the next minor version of the tool?

5. Summary

Separate findings into:

Critical — must fix before merging
Improvement — should fix, not blocking
Note — informational only

Bot Comment Mode

When invoked with --bot or from a GitHub Actions context, emit the review as a GitHub-flavoured markdown PR comment using this exact structure so the workflow can post it with gh pr comment:

## 🔍 Platform Skills Review

<!-- platform-skills-review -->

### Result: {MERGE_READY | NEEDS_FIX | BLOCKED}

| Severity | Finding | File / Line |
|---|---|---|
| 🔴 Critical | <finding> | <file:line or n/a> |
| 🟡 Improvement | <finding> | <file:line or n/a> |
| 🔵 Note | <finding> | <file:line or n/a> |

#### Critical issues
<!-- one subsection per Critical finding with: problem, evidence, fix -->

#### Improvements
<!-- one subsection per Improvement with: problem, suggested fix -->

---
*Generated by [platform-skills](https://github.com/nitinjain999/platform-skills) · [docs](https://github.com/nitinjain999/platform-skills/wiki)*

Result values:

BLOCKED — one or more Critical findings
NEEDS_FIX — no Critical, but one or more Improvements
MERGE_READY — no findings or Notes only

The HTML comment  is used as a marker so the workflow can find and update the existing comment on subsequent pushes rather than posting a new one each time.