Cubic CLI - AI Code Review

Detect bugs, security issues, and code quality problems in local changes by running cubic review via Bash.

When to Use

• User asks to review code changes, diffs, or branches
• Pre-commit quality checks or bug detection
• Security vulnerability scanning on changed files
• Code style and best practice validation
• Comparing branch changes before creating a PR

Prerequisites

Cubic CLI must be installed. If cubic is not found in PATH, inform the user with installation options:

• curl -fsSL https://cubic.dev/install | bash
• npm install -g @cubic-dev-ai/cli

Do not run the installation command automatically. Let the user decide.

If cubic returns an authentication error, inform the user to run cubic login or complete browser-based authentication.

CLI Quick Reference

Always pass --json for structured output. Key modes:

• cubic review --json -- review uncommitted changes (default)
• cubic review --base main --json -- compare against a branch (PR-style)
• cubic review --commit HEAD~1 --json -- review a specific commit
• cubic review --prompt "focus area" --json -- custom review focus

Constraint: --base, --commit, and --prompt are mutually exclusive.

JSON Output Format

{
  "issues": [
    {
      "priority": "P0",
      "file": "src/api/auth.ts",
      "line": 45,
      "title": "SQL injection vulnerability in user lookup",
      "description": "User input is concatenated directly into SQL query without parameterization."
    }
  ]
}

Priority levels: P0 (critical) > P1 (high) > P2 (medium) > P3 (low).

Workflow

1. Run cubic review --json (or with --base/--commit as appropriate)
2. Parse the JSON output to identify issues
3. Sort issues by priority (P0 first)
4. For each issue, read the referenced file and line
5. Present proposed fixes to the user for approval before applying
6. Apply approved fixes using Edit tool
7. Re-run cubic review --json to verify fixes

For the full command reference and step-by-step workflow, use /cubic:review.