Feature request: Expand companion as a live code review layer

Resolved 💬 2 comments Opened Apr 1, 2026 by FlowerBell47 Closed Apr 9, 2026

Summary

The companion feature (small character beside the input box that occasionally comments in a speech bubble) proved extremely valuable as a live code reviewer during a real work session. Requesting expansion of this feature.

What happened

During a single session, the companion caught 9+ real issues in production code that the main Claude instance missed:

  1. Python/Node mismatch -- flagged that a Python pip package was irrelevant when scripts needed the Node CLI binary
  2. Pagination bug -- identified that an MCP server's 50-item default limit was the root cause of missing search results
  3. Plaintext secrets -- spotted API keys hardcoded in a config file
  4. Wildcard permissions -- caught that Bash(tool *) allowed arbitrary command execution
  5. Shell injection -- identified that glob patterns in Bash permissions couldn't block shell metacharacters
  6. Broken regex -- noticed a character-class regex was syntactically broken due to quoting
  7. Empty-string validation -- found double-space errors in error messages from unguarded empty args
  8. Read permission exposure -- pointed out that unrestricted Read permission let a subprocess access .env files containing tokens
  9. Write vector -- caught that Write(~/Projects/*.md) could overwrite instruction files (prompt injection via file write)

Every catch was actionable, not a style nitpick. The adversarial-but-collaborative tone drove genuinely better code than the main instance produced alone.

Feature requests

  • Persistence across sessions -- the companion currently appears in some sessions but the experience isn't consistent
  • Configurable review focus -- let users set the companion's focus (security, code quality, architecture, performance)
  • More detail on demand -- when asked to elaborate, the companion's responses are very brief. An option for expanded explanations would help
  • Availability in other surfaces -- IDE extensions, API-driven agents, not just the CLI
  • User-configurable personality/name -- the character and tone added genuine value to the review process

Why this matters

Live review catches issues mid-work, before they land. Diff-based review happens after the damage. The companion pattern is fundamentally different from post-hoc code review because it watches the work in progress and flags problems in real time. A single session produced a hardened shell wrapper, a custom MCP server, and fully path-scoped file permissions -- all driven by the companion catching what the main instance missed.

This is the most useful "second opinion" pattern I've seen in an AI coding tool.

View original on GitHub ↗

This issue has 2 comments on GitHub. Read the full discussion on GitHub ↗