fix-review

# Fix Review Skill

Verifies that security fixes **actually resolve the vulnerability** without introducing new issues or regressions.

## Why Fix Review?

Common problems with security fixes:

1. **Incomplete fix** - Only fixes one code path, bug exists elsewhere
2. **Regression** - Fix breaks existing functionality
3. **New vulnerability** - Fix introduces different security issue
4. **Cosmetic fix** - Looks fixed but vulnerability still exploitable
5. **Wrong layer** - Fixed in UI but not in API

## How It Works

1. Takes the original vulnerability report
2. Analyzes the fix commit(s)
3. Verifies the fix addresses the root cause
4. Checks for regressions and new issues
5. Suggests additional hardening if needed

## Usage

```bash
# Review a specific fix
/security-audit:fix-review <commit-hash>

# Review fix for a specific issue
/security-audit:fix-review --issue "RLS bypass in orders table"

# Review all security-related commits since last release
/security-audit:fix-review --since v1.2.0

# Interactive mode - paste vulnerability description
/security-audit:fix-review
```

## Review Checklist

### 1. Root Cause Analysis

| Check | Question |
|-------|----------|
| Correct location | Is the fix in the right file/layer? |
| Root cause | Does it fix the cause, not just symptom? |
| All instances | Are all occurrences of this pattern fixed? |
| Similar patterns | Are related vulnerabilities also fixed? |

### 2. Fix Completeness

| Check | Question |
|-------|----------|
| All code paths | Does fix cover all execution paths? |
| Error handling | What happens if the fix code throws? |
| Edge cases | NULL, empty, negative, overflow handled? |
| Async behavior | Race conditions still possible? |

### 3. Regression Analysis

| Check | Question |
|-------|----------|
| Existing tests | Do all existing tests still pass? |
| New tests | Were tests added for this vulnerability? |
| Related features | Do related features still work? |
| Performance | Does fix impact performan