One-page cheatsheet for daily use
Essential Commands¶
| Command | Example | Description |
|---|---|---|
/help |
/help review |
Show help |
/scenarios |
/scenarios security |
List scenarios |
/select |
/select 02 |
Switch scenario |
/stat |
/stat |
Show DB stats |
/query |
/query SELECT * FROM nodes_method LIMIT 5 |
Run SQL |
/review |
/review git |
Code review |
/config |
/config llm temperature 0.5 |
Edit config |
/project |
/project list |
Manage projects |
/cpg |
/cpg callers heap_insert |
GoCPG queries |
/explain |
/explain heap_insert |
Deep method analysis |
/watch |
/watch start |
Live dashboard |
/exit |
/exit |
Save and quit |
Scenarios by Role¶
Developer¶
/select 01 → Onboarding "Where is function X?"
/select 04 → Feature Dev "Where to add hook?"
/select 05 → Refactoring "Find dead code"
/select 06 → Performance "Find slow functions"
/select 15 → Debugging "Trace execution path"
QA/Tester¶
/select 07 → Test Coverage "What's untested?"
/select 09 → Code Review "Review this patch"
/select 12 → Tech Debt "Quantify debt"
/select 13 → Mass Refactoring "Find all uses of X"
Security¶
/select 02 → Security Audit "Find SQL injection"
/select 08 → Compliance "Check OWASP Top 10"
/select 14 → Incident "Trace attack vector"
/select 16 → Entry Points "List API endpoints"
Architect¶
/select 03 → Documentation "Document function X"
/select 10 → Cross-Repo Impact "Impact of changing Y?"
/select 11 → Architecture "Find layer violations"
Scenarios S17–S21 (file editing, code optimization, standards check, dependencies, interface docs sync) are available via forced routing but not shown in the CLI
/scenariospanel.
Common Queries¶
Find Functions¶
> Where is palloc defined?
> Show callers of heap_insert
> What does ExecProcNode call?
Security Analysis¶
> Find SQL injection vulnerabilities
> Trace data flow from user input to query
> Show functions without input validation
Code Understanding¶
> Explain the executor subsystem
> How does memory allocation work?
> Show dependencies of module X
Structural Pattern Commands¶
# CLI pattern commands
python -m src.cli patterns scan # Scan with all rules
python -m src.cli patterns search "malloc($x)" --lang c # Ad-hoc search
python -m src.cli patterns list # List loaded rules
python -m src.cli patterns stats # Pattern statistics
python -m src.cli patterns fix --dry-run # Autofix preview
python -m src.cli patterns generate "description" --lang c # LLM rule generation
Code Review¶
OpenCode¶
/review git # Local changes
/review github 123 # GitHub PR
/review gitlab 456 # GitLab MR
/review file patch.diff # Patch file
/review diff # Paste diff interactively
# With options
/review git --format json --inline
CLI¶
python -m src.cli review --base-ref HEAD~3
python -m src.cli review --staged
python -m src.cli review --files src/api/main.py src/auth.py
python -m src.cli review --format sarif --sarif-file out.sarif
python -m src.cli review --no-security
Exit codes: 0 = clean or medium/low only, 1 = critical or high findings.
SQL Queries¶
-- Count functions
/query SELECT COUNT(*) FROM nodes_method
-- Find functions by name
/query SELECT name, filename FROM nodes_method
WHERE name LIKE 'heap%' LIMIT 10
-- Find callers
/query SELECT caller.name FROM edges_call e
JOIN nodes_method caller ON e.src = caller.id
WHERE e.dst = (SELECT id FROM nodes_method WHERE name='palloc')
LIMIT 5
Configuration¶
# View all
/config
# Edit LLM settings
/config llm provider gigachat
/config llm temperature 0.7
# Environment variables
export GIGACHAT_AUTH_KEY="..."
export OPENAI_API_KEY="..."
Quick Workflows¶
Morning Security Check¶
/select 02
> Find vulnerabilities in recent commits
/review git
New Developer Start¶
/select 01
> What is the main architecture?
> Where should I start reading?
Pre-Release Audit¶
/select 08
> Generate OWASP compliance report
python -m src.cli review --base-ref origin/main --format json --output-file audit.json
Troubleshooting¶
| Issue | Solution |
|---|---|
| “No results” | Check /stat, verify CPG loaded |
| Slow response | Reduce n_ctx in config |
| Connection refused | Check GoCPG binary and DuckDB |
| API timeout | Increase timeout in config |
Full documentation: CLI Guide