title: Review Then Fix slug: review-then-fix category: workflow-pattern status: proven difficulty: beginner tags: [code-review, two-pass, quality, bug-fixing] prerequisites: [basic-cli-usage] estimated_time: 10min to learn, varies per task cost_per_use: "$0.10-$0.80"

Review Then Fix

Problem

When you ask an agent to "fix the bugs in this file," it jumps straight to editing without understanding the full picture. It may fix one issue while introducing another, or miss systemic problems because it never stepped back to assess. You need a two-pass approach: understand first, then act.

Solution

Separate the task into two distinct phases with an explicit boundary between them.

Step-by-Step

Pass 1 — Review: Ask the agent to read the code and produce a written list of issues. No edits allowed.
Checkpoint: You read the review. Approve, adjust, or prioritize the findings.
Pass 2 — Fix: Feed the approved issue list back to the agent and ask it to fix each one.
Verify: Run tests or ask for a final diff review.

When to Use

Fixing bugs in unfamiliar code
Cleaning up code you inherited
Addressing PR review comments systematically
Security audits or performance reviews
Any time the agent's first attempt at a fix was wrong

When NOT to Use

Trivial one-line fixes where the problem is obvious
When you already have a precise list of changes to make
Time-critical hotfixes where speed matters more than thoroughness

Example: Claude Code

# Pass 1: Review only — no edits
claude -p "Review src/auth/login.ts for bugs, security issues, and code smells. \
  Do NOT make any changes. Output a numbered list of issues with line numbers \
  and severity (critical/warning/info)." > review-findings.txt

# Read the findings yourself
cat review-findings.txt

# Pass 2: Fix approved issues
claude -p "Fix the following issues in src/auth/login.ts. Make minimal, \
  targeted changes. After each fix, explain what you changed and why.

  Issues to fix:
  $(cat review-findings.txt)"

# Interactive version (single session, two phases)
claude

# In the session:
# > Review src/auth/login.ts for bugs and security issues.
# > Output a numbered list. Do not edit anything yet.
# (read the list, then:)
# > Fix issues 1, 3, and 5. Skip issues 2 and 4 for now.

Example: Codex CLI

# Pass 1: Review (read-only mode is the default in codex)
codex -q "Review src/auth/login.ts for bugs and security issues. \
  List each issue with its line number and severity." > review-findings.txt

# Pass 2: Fix
codex -q "Fix these issues in src/auth/login.ts:
$(cat review-findings.txt)"

Cost Estimate

Phase	Typical Cost
Review	~$0.05-$0.20
Fix	~$0.10-$0.50
Total	~$0.15-$0.70

The two-pass approach costs ~30% more than a single pass but catches significantly more issues and produces cleaner fixes.

Maturity Notes

Status: Proven. This is one of the most reliable patterns for code quality work. The key insight is that LLMs produce better fixes when they have already articulated the problems in writing. The review phase forces structured reasoning before action. Works best when you actively curate the review findings before the fix phase.

The Agentic Developer's Playbook

title: Review Then Fix slug: review-then-fix category: workflow-pattern status: proven difficulty: beginner tags: [code-review, two-pass, quality, bug-fixing] prerequisites: [basic-cli-usage] estimated_time: 10min to learn, varies per task cost_per_use: "$0.10-$0.80"