Review Skill Quick Ref: reviews a PR, reviews local changes, reviews agent output with extra scrutiny. YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it. This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use instead. --- Modes --- Execution Steps Step 0: Detect Review Target and Load Standards Determine the review mode from arguments: 1. PR mode (default): argument is a number or GitHub PR URL. 2. Diff mode : flag present. 3. Agent mode : flag present. Load language-specific conventions from based on file extensions in the diff. If is a…

--type py .\n\n# TypeScript / JavaScript\nrg -n 'throw new Error\\(.*(not implemented|TODO|stub)|return undefined\\b' --type ts --type js .\n\n# Go\nrg -n 'panic\\(\"not implemented|panic\\(\"TODO|// TODO|return nil, nil\\b' --type go .\n\n# Java\nrg -n 'throw new UnsupportedOperationException|throw new RuntimeException\\(\"TODO|// TODO' --type java .\n```\n\n### Suspicious Return Values\n\n```bash\n# Functions returning hardcoded trivial values (likely placeholders)\nrg -n 'return true$|return false$|return 0$|return -1$|return \"\"$|return \\[\\]$|return \\{\\}$|return None$|return nil

Review Skill Quick Ref: reviews a PR, reviews local changes, reviews agent output with extra scrutiny. YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it. This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use instead. --- Modes --- Execution Steps Step 0: Detect Review Target and Load Standards Determine the review mode from arguments: 1. PR mode (default): argument is a number or GitHub PR URL. 2. Diff mode : flag present. 3. Agent mode : flag present. Load language-specific conventions from based on file extensions in the diff. If is a…

\\\n --type rust --type py --type ts --type js --type go .\n\n# Rust-specific: Ok(()) in functions that should return real data\nrg -n 'Ok\\(Default::default\\(\\)\\)|Ok\\(vec!\\[\\]\\)|Ok\\(String::new\\(\\)\\)|Ok\\(HashMap::new\\(\\)\\)' --type rust .\n```\n\n---\n\n## Method 2: AST Structural Analysis (ast-grep)\n\n### Finding Suspiciously Short Functions\n\nThe insight: a function with only 1-2 statements is suspicious if it's supposed to do real work. Use ast-grep to find these structurally.\n\n```bash\n# Rust — single-statement functions (likely stubs)\nast-grep run -l Rust -p 'fn $NAME($$ARGS) { $SINGLE }' --json\n\n# Rust — functions with only todo!/unimplemented!\nast-grep run -l Rust -p 'fn $NAME($$ARGS) -> $RET { todo!() }' --json\nast-grep run -l Rust -p 'fn $NAME($$ARGS) -> $RET { unimplemented!() }' --json\n\n# Rust — empty impl blocks\nast-grep run -l Rust -p 'impl $TYPE { }' --json\n\n# Python — pass-only functions\nast-grep run -l Python -p 'def $NAME($$ARGS):\n pass' --json\n\n# Python — ellipsis-only functions (protocol stubs)\nast-grep run -l Python -p 'def $NAME($$ARGS):\n ...' --json\n\n# TypeScript — empty/trivial functions\nast-grep run -l TypeScript -p 'function $NAME($$ARGS) { }' --json\nast-grep run -l TypeScript -p 'function $NAME($$ARGS) { return; }' --json\nast-grep run -l TypeScript -p '($$ARGS) => { }' --json\n\n# Go — empty functions\nast-grep run -l Go -p 'func $NAME($$ARGS) $RET { }' --json\n```\n\n### Measuring Function Length\n\nUse ast-grep JSON output to extract function bodies and measure line count:\n\n```bash\n# Extract all function definitions with their ranges\nast-grep run -l Rust -p 'fn $NAME($$) $$BODY' --json | \\\n jq '[.[] | {name: .metaVariables.NAME.text, file: .file, lines: (.range.end.line - .range.start.line)}] | sort_by(.lines) | .[:20]'\n```\n\nFunctions under 3 lines in a non-trivial codebase deserve scrutiny.\n\n---\n\n## Method 3: Cross-Reference Analysis\n\n### Finding Dead / Uncalled Functions\n\n```bash\n# List all function definitions\nrg -n \"^(pub )?(fn|def|function|func) \\w+\" --type rust --type py --type ts --type go . > /tmp/fn_defs.txt\n\n# For each function name, check if it's called anywhere else\n# (manual step — read the function name, grep for call sites)\n```\n\n### Finding Functions With No Tests\n\n```bash\n# List functions in src/\nrg -on \"fn (\\w+)\" --type rust src/ | sed 's/.*fn //' | sort -u > /tmp/src_fns.txt\n\n# List functions mentioned in tests/\nrg -on \"\\w+\" --type rust tests/ | sort -u > /tmp/test_refs.txt\n\n# Functions in src not referenced in tests\ncomm -23 /tmp/src_fns.txt /tmp/test_refs.txt\n```\n\n---\n\n## Method 4: Heuristic Patterns\n\n### Comment-Heavy, Logic-Light\n\nFunctions that are mostly comments suggesting what should happen but contain minimal actual logic:\n\n```bash\n# Find functions where comment lines outnumber code lines\n# (manual analysis — read the function, count comments vs code)\nrg -n \"// TODO|# TODO|// PLACEHOLDER|# PLACEHOLDER\" --type rust --type py --type ts .\n```\n\n### Configuration Stubs\n\n```bash\n# Default configs that look too simple\nrg -n \"default.*\\{|Default for\" --type rust .\nrg -n \"DEFAULT_.*=|config\\[.default.\\]\" --type py .\n```\n\n### Error Handling Stubs\n\n```bash\n# Swallowed errors (catch-and-ignore)\nrg -n \"catch.*\\{\\s*\\}|except.*pass|\\.unwrap_or_default\\(\\)|_ =>\" --type rust --type py --type ts .\n\n# Empty error arms in match/switch\nast-grep run -l Rust -p 'Err(_) => {}' --json\nast-grep run -l Rust -p 'Err(_) => Ok(())' --json\n```\n\n---\n\n## Method 5: Behavioral Detection (From Real Session Mining)\n\nDiscovered across sessions in midas-edge, rch, ntm, mcp-agent-mail-rust, frankensearch:\n\n### Simulated Work (sleep/delay as placeholder for real operations)\n\n```bash\n# sleep() used to fake real work (SSH, network calls, processing)\nrg -n \"sleep\\(|thread::sleep|time\\.sleep|tokio::time::sleep|setTimeout\" \\\n --type rust --type py --type ts --type go . | \\\n grep -vi \"test\\|spec\\|bench\\|retry\\|backoff\\|rate.limit\\|throttle\"\n\n# Functions that log \"simulating\" or \"fake\" or \"mock\"\nrg -n \"simulat|faking|mocking|pretend\" --type rust --type py --type ts --type go .\n```\n\n### Hardcoded Scores/Metrics (Should Be Computed)\n\n```bash\n# Hardcoded numeric scores that should be calculated from data\nrg -n \"score\\s*[:=]\\s*[0-9]|rarity.*[:=]\\s*[0-9]|count.*[:=]\\s*0[^.]|dau.*[:=]\\s*0\" \\\n --type rust --type py --type ts .\n\n# Always-zero metrics (DAU, MRR, counters that never increment)\nrg -n \"always.*0|= 0.*//|= 0.*#.*todo\\|stub\\|placeholder\\|hack\" \\\n --type rust --type py --type ts .\n```\n\n### API Route Stubs (Return 501/Not Implemented)\n\n```bash\n# HTTP endpoints that return 501 or \"Not Implemented\"\nrg -n \"501|Not Implemented|not.yet.implemented|NextResponse.*501\" \\\n --type ts --type py --type rust --type go .\n```\n\n### Caching/Storage Stubs (Functions That Skip Real I/O)\n\n```bash\n# Functions that should persist but don't (return false, skip, no-op)\nrg -n \"cacheToR2.*return false|checkCache.*return null|return false.*//.*cache|return null.*//.*cache\" \\\n --type ts --type rust --type py .\n\n# \"warm\" config disabled (feature not wired up)\nrg -n \"warm.*false|enable.*false|config.*false.*//.*todo\\|stub\\|later\\|disabled\" \\\n --type ts --type rust --type py .\n```\n\n### Divergent Code Paths (Real Logic Exists Elsewhere)\n\nThis is the subtlest form — the function is a stub, but a *different* code path already does the real work:\n\n```bash\n# Find functions with same/similar names in different files\n# Example from midas-edge: batch-enrichment.ts returned redFlagsDetected=0\n# but the API route transcript-sentiment/route.ts actually counted them\nrg -n \"redFlags|red_flags\" --type ts --type rust --type py .\n# If two files have the same concept but different implementations, one is likely a stub\n```\n\n### Stub Tests (Test Files That Are Themselves Stubs)\n\n```bash\n# Test files with very few assertions (likely placeholder tests)\nrg -c \"assert|expect|should\" tests/ --type rust --type ts --type py | \\\n sort -t: -k2 -n | head -20\n# Files with \u003c 5 assertions are suspicious\n```\n\n---\n\n## Triage: Real Stub vs False Positive\n\n| Signal | Likely Real Stub | Likely False Positive |\n|--------|-----------------|----------------------|\n| `todo!()` / `unimplemented!()` | Always real | — |\n| `pass` / empty body | In production code | In abstract base class / protocol |\n| `return true` | In validation function | In feature flag check |\n| Short function (1-2 lines) | In complex module | Legitimate accessor/getter |\n| `// TODO` | With description of missing work | Old resolved TODO left behind |\n| Hardcoded return | In function that should compute | In test fixture / constant |\n\n**Rule of thumb:** Trace callers. If the function's callers depend on real output, it's a stub. If callers only need the type signature (trait impl, protocol), it may be intentional.\n# Resolution Strategies\n\n## Decision Tree: How to Resolve Each Finding\n\n```\nFinding identified\n│\n├─ Is it an explicit TODO/FIXME with description?\n│ └─ YES → Implement what the comment describes, remove the comment\n│\n├─ Is it todo!()/unimplemented!()/NotImplementedError?\n│ └─ YES → Trace callers to understand expected behavior, implement fully\n│\n├─ Is it a function returning a hardcoded value?\n│ ├─ Validation function returning `true` → Implement real validation logic\n│ ├─ Fetch function returning `{}` → Implement real data fetching\n│ └─ Conversion returning default → Implement real conversion\n│\n├─ Is it an empty error handler?\n│ └─ YES → Implement proper error propagation or recovery\n│\n├─ Is it a `pass`/empty body in production code?\n│ ├─ Abstract method → May be intentional (verify)\n│ └─ Concrete method → Implement real logic\n│\n└─ Is it a suspiciously short function?\n ├─ Getter/accessor → Likely fine (false positive)\n ├─ Builder pattern → Likely fine (false positive)\n └─ Business logic → Needs real implementation\n```\n\n---\n\n## Resolution with Beads (br)\n\n### Creating the Bead Structure\n\nFor each stub/mock found, create a bead with enough detail that a future agent can implement it without any additional context:\n\n```bash\n# Parent epic\nbr create \\\n --title=\"Resolve all mocks/stubs/placeholders\" \\\n --type=epic \\\n --priority=1 \\\n --comment=\"Systematic resolution of N stubs/mocks/placeholders identified by mock-code-finder scan on $(date +%Y-%m-%d). See individual child tasks for details.\"\n\n# Child task (one per finding)\nbr create \\\n --title=\"Implement real logic for validate_input() in src/parser.rs:42\" \\\n --type=task \\\n --priority=2 \\\n --comment=\"CURRENT STATE: fn validate_input() -> bool { true }\nPROBLEM: Always returns true — no actual validation occurs.\nCALLERS: Called from process_request() at src/handler.rs:88. Callers depend on this returning false for malformed input.\nREQUIRED IMPLEMENTATION:\n 1. Parse input according to schema defined in src/schema.rs\n 2. Validate required fields present\n 3. Validate field types match schema\n 4. Return false with error details on failure\nFILES TO MODIFY: src/parser.rs\nTESTS TO ADD: tests/parser_validation_test.rs — test valid input (returns true), missing fields (returns false), wrong types (returns false), edge cases (empty input, unicode, max-length)\"\n\n# Add dependency\nbr dep add \u003ctask-id> \u003cdepends-on-id>\n```\n\n### Bead Comment Template\n\nEach bead comment should include ALL of these sections:\n\n```\nCURRENT STATE: [What the stub currently does — exact code]\nPROBLEM: [Why this is insufficient]\nCALLERS: [Who calls this function, what they expect]\nREQUIRED IMPLEMENTATION: [Numbered steps for the real implementation]\nFILES TO MODIFY: [Exact paths]\nTESTS TO ADD: [What tests, what they assert]\nDEPENDENCIES: [Other stubs that must be resolved first, if any]\nCONSIDERATIONS: [Edge cases, performance, compatibility notes]\n```\n\n### Validation with bv\n\nAfter creating all beads:\n\n```bash\n# Check dependency graph health\nbv --robot-triage | jq '.quick_ref'\n\n# Find circular dependencies (must fix!)\nbv --robot-insights | jq '.Cycles'\n\n# Find quick wins (stubs with no dependencies, easy to resolve)\nbv --robot-triage | jq '.quick_wins'\n\n# Optimal execution order\nbv --robot-plan | jq '.plan.tracks'\n```\n\n---\n\n## Resolution with TODO Tracking (No Beads)\n\nFor smaller lists or projects without beads, maintain a markdown checklist:\n\n```markdown\n## Mock/Stub Resolution Plan\n\n### 1. src/parser.rs:42 — validate_input() always returns true\n- [ ] Implement real validation against schema\n- [ ] Add test: valid input returns true\n- [ ] Add test: missing fields returns false\n- [ ] Add test: wrong types returns false\n- [ ] Remove stub comment\n\n### 2. src/handler.rs:100 — process_error() is empty\n- [ ] Implement error logging\n- [ ] Implement error recovery / retry\n- [ ] Add test: errors are logged\n- [ ] Add test: transient errors trigger retry\n```\n\n---\n\n## Post-Resolution Verification\n\nAfter resolving all stubs:\n\n```bash\n# Re-run the full detection scan\nrg -n \"TODO|FIXME|HACK|XXX|STUB|PLACEHOLDER|MOCK|DUMMY|FAKE\" \\\n --type-not json --type-not lock -g '!target/' -g '!node_modules/' .\n\n# Re-run ast-grep short-function scan\nast-grep run -l Rust -p 'fn $NAME($$) -> $RET { todo!() }' --json\n\n# Run test suite\ncargo test --all # or npm test, pytest, etc.\n\n# Confirm zero remaining stubs\necho \"Target: 0 findings on rescan\"\n```\n\n---\n\n## Common Pitfalls in Resolution\n\n| Pitfall | Why It's Bad | Do Instead |\n|---------|-------------|------------|\n| Replace stub with slightly better stub | Still not real code | Implement fully or defer explicitly |\n| Skip tests for resolved stubs | No proof it works | Every resolution needs at least one test |\n| Resolve in random order | May hit dependency issues | Use `bv --robot-plan` or resolve leaves first |\n| Oversimplify the implementation | Loses functionality | Trace callers to understand full requirements |\n| Forget to remove TODO comments | Future scans find stale markers | Delete the marker when the work is done |\n| Create beads without enough detail | Future agent can't implement independently | Use the bead comment template above |\n","content_type":"text/markdown; charset=utf-8","language":"markdown","size":32568,"content_sha256":"610c88681df8674be27d996d014ca27444149064b86a74bb3a413a7a79a72de8"},{"filename":"scripts/validate.sh","content":"#!/usr/bin/env bash\nset -euo pipefail\nSKILL_DIR=\"$(cd \"$(dirname \"$0\")/..\" && pwd)\"\nPASS=0; FAIL=0\n\ncheck() { if bash -c \"$2\"; then echo \"PASS: $1\"; PASS=$((PASS + 1)); else echo \"FAIL: $1\"; FAIL=$((FAIL + 1)); fi; }\n\ncheck \"SKILL.md exists\" \"[ -f '$SKILL_DIR/SKILL.md' ]\"\ncheck \"SKILL.md has YAML frontmatter\" \"head -1 '$SKILL_DIR/SKILL.md' | grep -q '^---

Review Skill Quick Ref: reviews a PR, reviews local changes, reviews agent output with extra scrutiny. YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it. This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use instead. --- Modes --- Execution Steps Step 0: Detect Review Target and Load Standards Determine the review mode from arguments: 1. PR mode (default): argument is a number or GitHub PR URL. 2. Diff mode : flag present. 3. Agent mode : flag present. Load language-specific conventions from based on file extensions in the diff. If is a…

\"\ncheck \"SKILL.md has name: review\" \"grep -q '^name: review' '$SKILL_DIR/SKILL.md'\"\ncheck \"SKILL.md covers security check dimension\" \"grep -qi 'security' '$SKILL_DIR/SKILL.md'\"\ncheck \"SKILL.md covers correctness check dimension\" \"grep -qi 'correctness' '$SKILL_DIR/SKILL.md'\"\ncheck \"SKILL.md mentions PR or diff review\" \"grep -qiE 'PR|diff' '$SKILL_DIR/SKILL.md'\"\n\necho \"\"; echo \"Results: $PASS passed, $FAIL failed\"\n[ $FAIL -eq 0 ] && exit 0 || exit 1\n","content_type":"application/x-sh; charset=utf-8","language":"bash","size":812,"content_sha256":"d50901802bc94f548ee732926251977cbb66ae0573e60eca27ca99cd1056eac5"}],"content_json":{"type":"doc","content":[{"type":"heading","attrs":{"level":1},"content":[{"text":"Review Skill","type":"text"}]},{"type":"blockquote","content":[{"type":"paragraph","content":[{"text":"Quick Ref:","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"/review \u003cPR>","type":"text","marks":[{"type":"code_inline"}]},{"text":" reviews a PR, ","type":"text"},{"text":"/review --diff","type":"text","marks":[{"type":"code_inline"}]},{"text":" reviews local changes, ","type":"text"},{"text":"/review --agent \u003cpath>","type":"text","marks":[{"type":"code_inline"}]},{"text":" reviews agent output with extra scrutiny.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it.","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use ","type":"text"},{"text":"/vibe","type":"text","marks":[{"type":"code_inline"}]},{"text":" instead.","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Modes","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"/review 42 # PR mode — review PR #42\n/review https://github.com/o/r/pull/42 # PR mode — review by URL\n/review --diff # Diff mode — review unstaged/staged changes\n/review --diff --staged # Diff mode — staged only\n/review --agent .agents/crank/ # Agent mode — review agent-generated output\n/review --agent ./output.patch # Agent mode — review a patch file\n/review --deep 42 # Deep mode — spawns council for second opinion\n/review --mocks # Find stubs, mocks, placeholders, TODOs\n/review --bugs # Bug scanner: null derefs, leaks, security holes\n/review --audit security # Domain audit: security, perf, UX, API, CLI\n/review --deep-scan # Iterative audit-fix-rescan until clean","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Execution Steps","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 0: Detect Review Target and Load Standards","type":"text"}]},{"type":"paragraph","content":[{"text":"Determine the review mode from arguments:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PR mode","type":"text","marks":[{"type":"strong"}]},{"text":" (default): argument is a number or GitHub PR URL.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Diff mode","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"--diff","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag present.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Agent mode","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"text":"--agent \u003cpath>","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag present.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Load language-specific conventions from ","type":"text"},{"text":"/standards","type":"text","marks":[{"type":"code_inline"}]},{"text":" based on file extensions in the diff. If ","type":"text"},{"text":"ao","type":"text","marks":[{"type":"code_inline"}]},{"text":" is available, pull prior review context:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"ao lookup --query \"code review patterns $(basename \"$PWD\")\" --limit 3 2>/dev/null || true","type":"text"}]},{"type":"paragraph","content":[{"text":"Apply retrieved knowledge (mandatory when results returned):","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"If learnings are returned, do NOT just load them as passive context. For each returned item:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Check: does this learning apply to the code under review? (answer yes/no)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"If yes: include it as a ","type":"text"},{"text":"known_risk","type":"text","marks":[{"type":"code_inline"}]},{"text":" — state the pattern, what to look for, and whether the diff exhibits it","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Cite the learning by filename in your review output when it influences a finding","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"After applying, record the citation:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"ao metrics cite \"\u003clearning-path>\" --type applied 2>/dev/null || true","type":"text"}]},{"type":"paragraph","content":[{"text":"Skip silently if ao is unavailable or returns no results.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 0.5: Apply Behavioral Discipline","type":"text"}]},{"type":"paragraph","content":[{"text":"Load the behavioral discipline standard from ","type":"text"},{"text":"/standards","type":"text","marks":[{"type":"code_inline"}]},{"text":" before reviewing the diff. Use it to answer four questions:","type":"text"}]},{"type":"ordered_list","attrs":{"order":1,"listStyle":"number"},"content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"What assumptions does this change make, and were they surfaced or silently chosen?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Could the same outcome be achieved with a smaller or more local change?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Does every changed line trace back to the stated goal?","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Does the verification prove the claimed behavior, or only that the code builds?","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"If any answer is weak, record the problem as a finding. Hidden assumptions, speculative abstractions, drive-by edits, and weak verification are review defects, not style preferences.","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 1: Fetch the Diff","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"PR Mode","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"gh pr view \"$PR_REF\" --json title,body,author,baseRefName,headRefName,labels,reviewDecision,commits\ngh pr diff \"$PR_REF\"\ngh pr diff \"$PR_REF\" --name-only","type":"text"}]},{"type":"paragraph","content":[{"text":"If the PR has more than 500 changed lines, prioritize: security-sensitive files, high-complexity changes, new files, then test files.","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Diff Mode","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"git diff HEAD # unstaged + staged\ngit diff --cached # staged only (with --staged flag)\ngit diff HEAD --name-only # changed file list","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Agent Mode","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Directory: find all generated files\nfind \"$AGENT_PATH\" -type f \\( -name '*.go' -o -name '*.py' -o -name '*.ts' -o -name '*.sh' -o -name '*.md' \\)\n# Patch file: inspect stats\ngit apply --stat \"$AGENT_PATH\"","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 2: Context Gathering","type":"text"}]},{"type":"paragraph","content":[{"text":"Understand the intent behind the changes before reviewing the code:","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"PR Mode:","type":"text","marks":[{"type":"strong"}]},{"text":" Read PR title/body, check linked issues (","type":"text"},{"text":"fixes #","type":"text","marks":[{"type":"code_inline"}]},{"text":", ","type":"text"},{"text":"closes #","type":"text","marks":[{"type":"code_inline"}]},{"text":"), read commit messages.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Diff Mode:","type":"text","marks":[{"type":"strong"}]},{"text":" Check ","type":"text"},{"text":"git log --oneline -5","type":"text","marks":[{"type":"code_inline"}]},{"text":", branch name, open issues via ","type":"text"},{"text":"bd list --status open","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"Agent Mode:","type":"text","marks":[{"type":"strong"}]},{"text":" Read execution logs in output directory, check ","type":"text"},{"text":".agents/rpi/","type":"text","marks":[{"type":"code_inline"}]},{"text":" artifacts.","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"Output a one-line intent summary before proceeding:","type":"text","marks":[{"type":"strong"}]}]},{"type":"code_block","attrs":{"wrap":false,"language":""},"content":[{"text":"INTENT: \u003cwhat the change is trying to accomplish>","type":"text"}]},{"type":"paragraph","content":[{"text":"If intent is unclear, flag it: \"PR description does not explain the purpose of this change.\"","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 3: Systematic Review Pass (SCORED)","type":"text"}]},{"type":"paragraph","content":[{"text":"Review every changed file against the SCORED checklist. For each category, actively look for problems. Do not skim -- read each changed line.","type":"text"}]},{"type":"paragraph","content":[{"text":"For audit-style reviews, generated-code suspicion, mock leakage, or external-review-tool findings, load ","type":"text"},{"text":"references/audit-and-mock-sweeps.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/audit-and-mock-sweeps.md","title":null}}]},{"text":" before writing final findings.","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"S -- Security","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No hardcoded secrets, API keys, tokens, or passwords","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Input validation on all external data (user input, API responses, file reads)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"SQL/command injection: parameterized queries, no string interpolation in commands","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Auth/authz checks present where needed (not just authn)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Sensitive data not logged or exposed in error messages","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Dependencies: no known-vulnerable versions added","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"File operations: path traversal prevention, safe temp file handling","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"C -- Correctness","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Logic errors: off-by-one, wrong operator, inverted condition","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Edge cases: nil/null handling, empty collections, boundary values","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Error handling: errors checked, not swallowed, wrapped with context","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Race conditions: shared mutable state, concurrent access patterns","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Resource leaks: unclosed files, connections, goroutines, channels","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Type safety: unchecked casts, implicit conversions, overflow potential","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Contract compliance: does the change match the stated intent?","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"O -- Observability","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Errors include enough context for debugging (what failed, with what input)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"New features have appropriate logging at correct levels","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Metrics or health indicators added for new failure modes","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Error messages are actionable (not just \"something went wrong\")","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"R -- Readability","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Names are descriptive and consistent with codebase conventions","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Functions are focused (single responsibility, not doing too much)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Complex logic has comments explaining WHY (not WHAT)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No dead code, commented-out code, or leftover debug statements","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Consistent formatting with the rest of the codebase","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"E -- Efficiency","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No unnecessary allocations in hot paths","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"N+1 query patterns (database calls in loops)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Unbounded growth: maps/slices that grow without limits","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Appropriate use of caching, batching, or pagination","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No blocking operations in async/concurrent contexts","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"D -- Design","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Abstraction level is appropriate (not over-engineered, not under-abstracted)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"API surface is minimal and consistent with existing patterns","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Changes are cohesive (single concern per PR, not mixing refactoring with features)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Ambiguity was surfaced instead of silently assumed away","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No speculative flexibility or abstractions beyond the stated need","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Every changed line traces to the requested outcome or required cleanup","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Dependencies flow in the right direction (no circular imports)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test coverage: new code has tests, tests verify behavior (not just coverage)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Breaking changes are documented and intentional","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 4: Agent-Specific Checks (--agent mode only)","type":"text"}]},{"type":"paragraph","content":[{"text":"When reviewing agent-generated code, apply additional scrutiny for common agent failure modes:","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Hallucinated References","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"All imports exist (no invented packages or modules)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"All called functions exist in the codebase or dependencies","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Referenced files and paths actually exist","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"API endpoints and URLs are real","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Over-Engineering","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No unnecessary abstractions (interfaces with one implementation, factory for one type)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No premature generalization (generic solution where specific was asked)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No gold-plating (features not requested)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Reasonable LOC for the task complexity","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Missing Fundamentals","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Error handling is present (agents frequently skip error paths)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Edge cases are handled (agents often only handle the happy path)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Cleanup/teardown logic exists (defer, finally, context cancellation)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Concurrency safety if applicable","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Test Quality","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Tests actually assert meaningful behavior (not just ","type":"text"},{"text":"!= nil","type":"text","marks":[{"type":"code_inline"}]},{"text":" or ","type":"text"},{"text":"!= \"\"","type":"text","marks":[{"type":"code_inline"}]},{"text":")","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Test names describe the scenario being tested","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Tests cover error paths, not just happy paths","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"No ","type":"text"},{"text":"cov*_test.go","type":"text","marks":[{"type":"code_inline"}]},{"text":" naming pattern (coverage-padding anti-pattern)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Mocks are realistic (not returning hardcoded success for everything)","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Codebase Consistency","type":"text"}]},{"type":"checkbox_list","attrs":{"id":null},"content":[{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Follows existing naming conventions (check 3+ similar files for patterns)","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Uses existing helpers/utilities instead of reimplementing","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"Error handling style matches the codebase","type":"text"}]}]},{"type":"checkbox_item","attrs":{"checked":false},"content":[{"type":"paragraph","content":[{"text":"File organization follows project structure","type":"text"}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":3},"content":[{"text":"Step 5: Generate Structured Review Output","type":"text"}]},{"type":"paragraph","content":[{"text":"Create a review artifact:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"REVIEW_DIR=\".agents/review\"\nmkdir -p \"$REVIEW_DIR\"\nREVIEW_FILE=\"$REVIEW_DIR/$(date +%Y-%m-%d)-review-$(echo \"$PR_REF\" | tr '/' '-').md\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Review Document Structure","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"markdown"},"content":[{"text":"# Review: \u003cPR title or change description>\n**Date:** YYYY-MM-DD | **Verdict:** APPROVE | REQUEST_CHANGES | COMMENT\n**Target:** PR #N / local diff / agent output at \u003cpath>\n\n## Intent\n\u003cone-line summary>\n\n## SCORED Assessment\n| Category | Rating | Notes |\n|----------|--------|-------|\n| Security | pass/warn/fail | ... |\n| Correctness | pass/warn/fail | ... |\n| Observability | pass/warn/fail | ... |\n| Readability | pass/warn/fail | ... |\n| Efficiency | pass/warn/fail | ... |\n| Design | pass/warn/fail | ... |\n\n## Findings\n### Critical (must fix)\n- **[file:line]** Issue. Suggested fix: ...\n### Warning (should fix)\n- **[file:line]** Issue. Suggested fix: ...\n### Suggestion / Nit\n- **[file:line]** Description.\n\n## Missing\n\u003cexpected but absent: tests, docs, error handling, migration>","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Verdict Rules","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"APPROVE","type":"text","marks":[{"type":"strong"}]},{"text":": No critical or warning findings. All SCORED categories pass.","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"REQUEST_CHANGES","type":"text","marks":[{"type":"strong"}]},{"text":": Any critical finding, OR 3+ warnings, OR any SCORED category rated \"fail\".","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"COMMENT","type":"text","marks":[{"type":"strong"}]},{"text":": 1-2 warnings with no critical findings. Worth discussing but not blocking.","type":"text"}]}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"PR Mode: Post Comments","type":"text"}]},{"type":"paragraph","content":[{"text":"If reviewing a PR and the verdict is REQUEST_CHANGES or COMMENT, offer to post the review:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"# Post review comment on the PR\ngh pr review \"$PR_REF\" --comment --body \"$(cat \"$REVIEW_FILE\")\"\n\n# Or for blocking review\ngh pr review \"$PR_REF\" --request-changes --body \"$(cat \"$REVIEW_FILE\")\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Only post if the user confirms. Never auto-post a review without explicit approval.","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Deep Mode (--deep)","type":"text"}]},{"type":"paragraph","content":[{"text":"When ","type":"text"},{"text":"--deep","type":"text","marks":[{"type":"code_inline"}]},{"text":" is specified, after the initial SCORED pass, spawn a council for a second opinion:","type":"text"}]},{"type":"code_block","attrs":{"wrap":false,"language":"bash"},"content":[{"text":"/council validate \"Review these changes for issues I might have missed: \u003csummary of changes>\"","type":"text"}]},{"type":"paragraph","content":[{"text":"Merge council findings into the review document under a \"## Council Findings\" section.","type":"text"}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Integration with Other Skills","type":"text"}]},{"type":"table","attrs":{"layout":null},"content":[{"type":"tr","content":[{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Skill","type":"text"}]}]},{"type":"th","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Relationship","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/vibe","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Self-review (your own code). ","type":"text"},{"text":"/review","type":"text","marks":[{"type":"code_inline"}]},{"text":" is for others' code.","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/council","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Optional second opinion via ","type":"text"},{"text":"--deep","type":"text","marks":[{"type":"code_inline"}]},{"text":" flag.","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/standards","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"Auto-loaded for language-specific rules.","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/bug-hunt","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/review","type":"text","marks":[{"type":"code_inline"}]},{"text":" does a structured pass; ","type":"text"},{"text":"/bug-hunt","type":"text","marks":[{"type":"code_inline"}]},{"text":" does deep investigation of suspected bugs.","type":"text"}]}]}]},{"type":"tr","content":[{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"/pr-validate","type":"text","marks":[{"type":"code_inline"}]}]}]},{"type":"td","attrs":{"colspan":1,"rowspan":1,"colwidth":null,"alignment":""},"content":[{"type":"paragraph","content":[{"text":"PR-specific validation (isolation, scope creep). Complementary to ","type":"text"},{"text":"/review","type":"text","marks":[{"type":"code_inline"}]},{"text":".","type":"text"}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Reference Documents","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/review.feature","type":"text","marks":[{"type":"link","attrs":{"href":"references/review.feature","title":null}}]},{"text":" — Executable spec: risk-ranked diff review, mock/stub detection, bug scan, result.json (soc-qk4b)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/MOCK_FINDER.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/MOCK_FINDER.md","title":null}}]},{"text":" — Find stubs, mocks, placeholders, TODOs","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/BUG_SCANNER.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/BUG_SCANNER.md","title":null}}]},{"text":" — Bug scanner: null derefs, leaks, security","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/DOMAIN_AUDIT.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/DOMAIN_AUDIT.md","title":null}}]},{"text":" — Domain-parameterized audit (security, perf, UX, API, CLI)","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/DEEP_SCAN.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/DEEP_SCAN.md","title":null}}]},{"text":" — Iterative audit-fix-rescan cycle","type":"text"}]}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"See Also","type":"text"}]},{"type":"bullet_list","content":[{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"vibe","type":"text","marks":[{"type":"link","attrs":{"href":"../vibe/SKILL.md","title":null}}]},{"text":" — Self-review and code quality validation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"council","type":"text","marks":[{"type":"link","attrs":{"href":"../council/SKILL.md","title":null}}]},{"text":" — Multi-model consensus council","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"standards","type":"text","marks":[{"type":"link","attrs":{"href":"../standards/SKILL.md","title":null}}]},{"text":" — Language-specific coding conventions","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"bug-hunt","type":"text","marks":[{"type":"link","attrs":{"href":"../bug-hunt/SKILL.md","title":null}}]},{"text":" — Deep bug investigation","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"pr-validate","type":"text","marks":[{"type":"link","attrs":{"href":"../pr-validate/SKILL.md","title":null}}]},{"text":" — PR scope and isolation checks","type":"text"}]}]},{"type":"list_item","content":[{"type":"paragraph","content":[{"text":"references/audit-and-mock-sweeps.md","type":"text","marks":[{"type":"link","attrs":{"href":"references/audit-and-mock-sweeps.md","title":null}}]}]}]}]},{"type":"hr","attrs":{"markup":"---"}}]},"metadata":{"date":"2026-06-05","name":"review","author":"@skillopedia","source":{"stars":375,"repo_name":"agentops","origin_url":"https://github.com/boshu2/agentops/blob/HEAD/skills/review/SKILL.md","repo_owner":"boshu2","body_sha256":"a6dbfdf6749f40f686cea50d5758542ec28fedc0a7cd66dbe928d265a1398f53","cluster_key":"4a5699a8e8f04602728efe72f2e3d17eeea4febabe9a5c59a02071e23e9de0fc","clean_bundle":{"format":"clean-skill-bundle-v1","source":"boshu2/agentops/skills/review/SKILL.md","attachments":[{"id":"3948b206-99bd-5c33-9f73-df2dc60008ed","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/3948b206-99bd-5c33-9f73-df2dc60008ed/attachment.md","path":"references/BUG_SCANNER.md","size":23860,"sha256":"e08bfd3f09a9b19f64dd6609a5d03228f244aab6014d2c4d7f6a4bfd4b0a54c3","contentType":"text/markdown; charset=utf-8"},{"id":"fb5cb7a7-24ec-531d-a716-d213a1393b4a","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/fb5cb7a7-24ec-531d-a716-d213a1393b4a/attachment.md","path":"references/DEEP_SCAN.md","size":8912,"sha256":"9e538ff784f15cf1423166bdb6e8b0dd0b65d17c210052810f3397ea217354b8","contentType":"text/markdown; charset=utf-8"},{"id":"eb0fe9ad-bee4-5a66-9139-62f788154581","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/eb0fe9ad-bee4-5a66-9139-62f788154581/attachment.md","path":"references/DOMAIN_AUDIT.md","size":4412,"sha256":"8209161e08ef60d0f9c195fc831a0da875dc3858742cba9b8bb6549797060943","contentType":"text/markdown; charset=utf-8"},{"id":"32a5a821-af48-541e-bad9-bc5faae374ea","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/32a5a821-af48-541e-bad9-bc5faae374ea/attachment.md","path":"references/MOCK_FINDER.md","size":32568,"sha256":"610c88681df8674be27d996d014ca27444149064b86a74bb3a413a7a79a72de8","contentType":"text/markdown; charset=utf-8"},{"id":"033d113d-5c9c-56a4-93d9-85528404c38e","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/033d113d-5c9c-56a4-93d9-85528404c38e/attachment.md","path":"references/audit-and-mock-sweeps.md","size":1475,"sha256":"577cb4447673333afc41367332a23fe99ae0e9b29bccaeb4d9f09da385d7c2a9","contentType":"text/markdown; charset=utf-8"},{"id":"e03e726e-0cdf-5f9f-9857-904e8125179f","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/e03e726e-0cdf-5f9f-9857-904e8125179f/attachment.feature","path":"references/review.feature","size":1363,"sha256":"f6edeb3b4f1d41ef9a902e01ddef8f8e3e81156c67e79aa70eed208d5bb6108e","contentType":"text/plain; charset=utf-8"},{"id":"2079a89e-0fd2-5d53-aa09-038496733618","key":"uploads/10433ee7-ad12-4ae0-b34e-97553e46c6c8/2079a89e-0fd2-5d53-aa09-038496733618/attachment.sh","path":"scripts/validate.sh","size":812,"sha256":"d50901802bc94f548ee732926251977cbb66ae0573e60eca27ca99cd1056eac5","contentType":"application/x-sh; charset=utf-8"}],"bundle_sha256":"d64d11b89c95e5e0763d4acc2eb9527235111d5f90f95e8fcbc726157264d4d3","attachment_count":7,"text_attachments":6,"attachment_storage":"skillopedia-attachments-v1","binary_attachments":1,"excluded_attachments":[]},"cluster_size":1,"skill_md_path":"skills/review/SKILL.md","import_metadata":{"date":"2026-06-05","author":"@skillopedia","version":"v1","category":"security","category_label":"Security"},"exact_dupes_collapsed_into_this":0},"context":{"intent":{"mode":"task"},"window":"fork","sections":{"exclude":["HISTORY"]},"intel_scope":"topic"},"version":"v1","category":"security","consumes":["github-pr","validation"],"metadata":{"tier":"judgment","dependencies":["standards","council"]},"produces":["result.json"],"practices":["code-complete","refactoring","design-by-contract"],"import_tag":"clean-skills-v1","context_rel":[{"kind":"customer-of","with":"validation"}],"description":"Review diffs for risk, find mocks, scan for bugs, and audit codebases.","hexagonal_role":"driving-adapter","output_contract":"skills/council/schemas/verdict.json","skill_api_version":1}},"renderedAt":1782981574253}

Review Skill Quick Ref: reviews a PR, reviews local changes, reviews agent output with extra scrutiny. YOU MUST EXECUTE THIS WORKFLOW. Do not just describe it. This skill is for reviewing OTHER people's or agents' changes. For validating your own code quality, use instead. --- Modes --- Execution Steps Step 0: Detect Review Target and Load Standards Determine the review mode from arguments: 1. PR mode (default): argument is a number or GitHub PR URL. 2. Diff mode : flag present. 3. Agent mode : flag present. Load language-specific conventions from based on file extensions in the diff. If is a…