| name | workspace-scoped-cr-loop |
| description | Repository-local workflow for executing a scoped task, sprint, or project with mandatory delegated code-review loops and boundary-level local commits in this workspace. Use when the user asks to execute a specific task, sprint, or project and explicitly requires "调起子 agent 做 CR,主 agent 复核并修复,再循环直到没有问题". |
Workspace Scoped CR Loop
Overview
Use this skill when the user explicitly wants:
- a specific
task, sprint, or project executed to a clean state
- a fresh sub-agent CR round after each review boundary
- the main agent to verify findings, fix accepted issues, and re-run validation
- repeated CR loops until no actionable problem remains
- a final clean recheck before the target scope is considered complete
- a boundary-level local commit after each clean execution + CR cycle
If the user does not explicitly ask for delegated review or sub-agent loops, do not force this skill. Follow the normal project execution flow instead.
Required Inputs
Always load:
AGENTS.md
.repo-ai-governor/context/current-context.md
.repo-ai-governor/normative_knowledge_sources/normative-loading-manifest.yaml
.repo-ai-governor/normative_knowledge_sources/product-requirements-brief.md
.repo-ai-governor/normative_knowledge_sources/governance/code_standards.md
.repo-ai-governor/normative_knowledge_sources/governance/cr-lifecycle-threshold-spec.md
.repo-ai-governor/normative_knowledge_sources/governance/execution-gate-layering-spec.md
.repo-ai-governor/normative_knowledge_sources/governance/task-ledger-single-write-source-contract.md
.repo-ai-governor/normative_knowledge_sources/governance/long-term-maintenance-guide.md
.codex/skills/workspace-code-review-workflow/SKILL.md
.codex/skills/workspace-delivery-finisher/SKILL.md
Load additional normative docs required by AGENTS.md for the current scope, especially when sprint closeout, handoff, artifact updates, or task-ledger changes are involved.
When you are about to spawn the reviewer sub-agent, also load:
references/reviewer-subagent-prompt-template.md
scripts/resume-or-bootstrap-cr-round.mjs
scripts/render-reviewer-subagent-prompt.mjs
scripts/bootstrap-cr-round.mjs
scripts/normalize-reviewer-findings.mjs(当 reviewer 能提供 machine-readable findings 时)
Generated CR task cards and reviewer prompts should stay aligned with this baseline. If you customize required inputs, prefer adding scope-specific docs on top of the generated defaults instead of replacing them wholesale.
Ownership Split
The main agent owns:
- project and sprint execution planning
- code and documentation changes
- verification runs
- writing or updating
CR-xxx task cards
- writing or updating review artifacts in the canonical
review/ directory
- deciding whether findings are
accepted, rejected, or deferred
- fixing accepted findings
- sprint closeout and next-sprint activation
- final project closeout
- boundary-level local commits after each clean execution + CR cycle
The sub-agent owns only the review pass:
- inspect the scoped diff or working tree
- surface risk-first findings with evidence
- avoid code edits unless the user separately asks for delegated implementation work
Use a fresh sub-agent for every CR round. Do not reuse a completed reviewer across rounds.
Default Reviewer Configuration
When the user does not override reviewer settings, spawn the reviewer with:
- model:
gpt-5.4
- reasoning effort:
xhigh
- role:
default
This skill assumes the user has explicitly allowed sub-agents by asking for delegated CR loops.
Reviewer Wait Guidance
When waiting for a reviewer sub-agent round:
- default to
wait_agent with timeout_ms=900000 (15 minutes) for each CR round unless the user explicitly wants a different wait policy
- do not treat the reviewer as stalled just because the first
1 to 2 minutes are quiet; scoped CR rounds can legitimately take longer
- do not close or replace the reviewer early unless there is concrete failure evidence, the user asked to stop, or the runtime reports a terminal error
- if you want a progress check before the full wait elapses, use non-destructive polling and keep the same reviewer alive
Phase 1: Resolve Scope
Resolve the target unit first:
task scope:
- explicit
TK-xxx
- a single task card path
- a user request clearly narrower than a sprint
- in this repo, task cards are often named
TK-xxx-<slug>.md, so resolve by task-id prefix and fall back to a full task-card path when legacy duplicates exist
sprint scope:
- explicit sprint path or sprint id
- the active sprint in
current-context.md
project scope:
- explicit project path or project id
- a user request to execute the whole remaining project
Then:
- If the target is outside the active primary stream, update
current-context.md first.
- Read the target scope's
plan.md, unresolved TK-xxx.md / CR-xxx.md, and the task-ledger surfaces required by the current repo truth model. In the current repo baseline this includes task cards, canonical task-ledger sqlite, and rendered tasks/checklist.md / tasks/tasks.csv.
- If the target is a project, build the remaining sprint queue in execution order.
- If the target is a task, resolve its containing sprint because review artifacts and
CR-xxx task tracking still belong to the enclosing sprint unless the user explicitly requests another canonical path.
Phase 2: Execute The Target Scope Before Review
Review only starts after the implementation work for the current boundary is finished.
- For
task scope:
- finish the target task and any directly required governance updates
- sync that task's truth through the current canonical task-ledger write path, then refresh any derived views
- For
sprint scope:
- finish all remaining implementation and governance tasks required before sprint closeout
- sync sprint task truth through the current canonical task-ledger write path, then refresh any derived views
- For
project scope:
- execute sprint by sprint
- each sprint must be fully implemented before entering that sprint's CR loop
Before starting review, run the relevant verification commands for the current boundary.
Do not start closeout for the current boundary yet. Review comes first.
Task Ledger Mode Resolution
Before any ledger write-back, commit evidence suggestion, or closeout claim:
- load
task-ledger-single-write-source-contract.md
- resolve the current repo truth model from that contract. In the current repo baseline, task cards remain the semantic source while sqlite is the canonical ledger truth.
- do not treat checklist /
tasks.csv-only edits as sufficient; write the canonical sqlite surface first, then refresh rendered or derived views
- if docs and operational reality disagree, either:
- use an explicit override for the current run and record the governance mismatch
- or update governance before claiming the ledger is fully synced
Phase 3: Boundary CR Loop
After the current boundary's implementation is complete, run this loop until a fresh review returns no actionable findings.
Single-Command Entry Point
Prefer the single-command wrapper for normal CR rounds. It is the default ergonomic entrypoint because it keeps --resume and --write-task-card on by default, accepts TK-xxx / sprint-xxx / project-xxx or a concrete task/sprint/project path, and tries to infer the containing tasks/ directory from current-context.md or the supplied scope path.
node ./.codex/skills/workspace-scoped-cr-loop/scripts/resume-or-bootstrap-cr-round.mjs
node ./.codex/skills/workspace-scoped-cr-loop/scripts/resume-or-bootstrap-cr-round.mjs \
--scope TK-615 \
--review-surface "apps/cli/src/commands" \
--verification "pnpm run build"
node ./.codex/skills/workspace-scoped-cr-loop/scripts/resume-or-bootstrap-cr-round.mjs \
--scope sprint-001-real-target-repo-adopter-pilot
node ./.codex/skills/workspace-scoped-cr-loop/scripts/resume-or-bootstrap-cr-round.mjs \
--scope project-055-ga-evidence-and-adopter-pilot-closeout
Use this wrapper when you want the main agent to remember only:
- the target scope, if it is not the active sprint
- any verification commands worth recording
- optional
--review-surface hints
Escalate to the lower-level bootstrap script only when you need to force advanced fields such as --scope-kind, --scope-label, --scope-path, --cr-task-id, --report-slug, or custom commit automation knobs.
Round Bootstrap Script
Use the round bootstrap script for advanced/manual control. It remains the authoritative CR-round allocator and generates the next CR-xxx, suggested review artifact filenames, a task-card skeleton, and the reviewer prompt in one call.
node ./.codex/skills/workspace-scoped-cr-loop/scripts/bootstrap-cr-round.mjs \
--tasks-dir <sprint-tasks-dir> \
--scope-kind <task|sprint|project> \
--scope-label <scope-id-or-label> \
--review-surface "apps/cli/src/commands" \
--round-type <initial|post-fix recheck|project-final> \
--verification "pnpm run build" \
--verification "pnpm run test:packages -- --maxWorkers=1 --maxConcurrency=1"
Useful flags:
--json: machine-readable output for agent orchestration
--write-task-card: write the generated CR-xxx.md skeleton into the sprint tasks/ directory
--cr-task-id <CR-xxx>: reuse an already allocated CR id instead of auto-allocating again
--review-surface "<path-or-slice>": narrow reviewer attention to exact paths or boundary slices inside the declared scope; repeatable
--depends-on, --required-input, --traceback, --implementation-step: override or enrich the generated task-card content
--suggest-commit: emit a boundary commit plan, including gate, stage command, and commit command
--auto-commit: run the boundary local commit when the staging scope is explicit and safe
--commit-path <path>: declare the paths owned by the current boundary; repeatable and recommended for --auto-commit
--commit-all: explicitly allow the boundary commit to stage the full working tree
--pre-commit-gate "<command>": override the default pre-commit gate, which is pnpm run check
--task-ledger-mode <contract-default|tk-plus-derived-ledgers|sqlite-canonical>: control how commit evidence suggestions describe canonical ledger write-back; default is contract-default
--help: print CLI usage and exit
The bootstrap result includes:
CR-xxx task id
- suggested
code_review_* / verified_code_review_* / resolved_code_review_* paths
- generated task-card markdown
- reviewer sub-agent prompt
- suggested local commit message for the current boundary
- when requested, a commit readiness analysis or an actual local commit result
- resolved review surface for the reviewer
- when a boundary commit succeeds, canonical task-ledger write-back suggestions keyed to the resolved task-ledger mode
- generated CR task-card metadata that persists
Scope Kind / Scope Label / Round Type for reliable resume matching
Treat bootstrap-cr-round.mjs as the authoritative CR-round allocator. If you later need to re-render the reviewer prompt separately, pass through the returned --cr-task-id and --report-slug instead of allocating a second time.
Prompt Helper Script
Prefer using the helper script instead of hand-assembling the reviewer prompt:
node ./.codex/skills/workspace-scoped-cr-loop/scripts/render-reviewer-subagent-prompt.mjs \
--tasks-dir <sprint-tasks-dir> \
--scope-kind <task|sprint|project> \
--scope-label <scope-id-or-label> \
--cr-task-id <CR-xxx-from-bootstrap> \
--report-slug <slug-from-bootstrap> \
--review-surface "apps/cli/src/commands" \
--round-type <initial|post-fix recheck|project-final> \
--verification "pnpm run build" \
--verification "pnpm run test:packages -- --maxWorkers=1 --maxConcurrency=1"
The helper will:
- reuse the supplied
CR-xxx / report slug when provided, otherwise auto-allocate defaults
- derive the enclosing sprint label and canonical
review/ directory
- render the reviewer prompt from the reference template
- include the declared review surface so the sub-agent stays inside the intended boundary
- emit the structured delegated reviewer handoff contract alongside the rendered prompt so the prompt remains a transport view rather than the only fact source
Use --json when you want machine-readable output for the next orchestration step.
Preferred pattern:
- start with
resume-or-bootstrap-cr-round.mjs unless you truly need manual scope metadata control
- keep the returned
CR_TASK_ID and REPORT_SLUG
- if you later call
render-reviewer-subagent-prompt.mjs, pass both back explicitly
- fall back to
bootstrap-cr-round.mjs only for advanced/manual orchestration
- when the reviewer can return machine-readable findings, normalize them through
normalize-reviewer-findings.mjs before merging them back into the main-agent triage flow
For commit automation:
--suggest-commit is safe by default and never changes git state
--auto-commit will refuse to run unless either:
--commit-path narrows the stage scope and no outside changes remain
--commit-all was explicitly supplied
--auto-commit creates a local commit only; push remains opt-in and outside this skill's default flow
- when operational reality differs from current governance docs, use
--task-ledger-mode sqlite-canonical only as an explicit temporary override and repair the governance contract separately
Round Setup
- Allocate the next available
CR-xxx in the containing sprint tasks/ directory.
- Never reopen an already
resolved CR task.
- Create a new review report slug for the current round.
- Spawn a fresh reviewer sub-agent for the current boundary only.
- When a helper has already allocated the round id, do not run a second allocator for the same round; reuse the existing
CR-xxx and report_slug.
- Fresh auto-allocation should happen through the reservation-aware helper path so concurrent allocators cannot silently claim the same
CR-xxx.
- Generated or hand-maintained CR task cards should preserve
Scope Kind / Scope Label / Round Type metadata so future --resume can match the intended boundary exactly.
Reviewer Prompt Contract
Use references/reviewer-subagent-prompt-template.md as the default assembly template. Fill in the concrete scope, review directory, round number, report slug, and verification baseline instead of improvising the whole reviewer prompt from scratch.
Tell the reviewer:
- review only the current boundary scope
- use
AGENTS.md, current-context.md, normative-loading-manifest.yaml, product-requirements-brief.md, code_standards.md, cr-lifecycle-threshold-spec.md, long-term-maintenance-guide.md, task-ledger-single-write-source-contract.md, and execution-gate-layering-spec.md as the baseline
- produce severity-ordered findings with file references and rule ids when applicable
- avoid implementation edits
- call out residual risks and missing tests separately from hard findings
- prioritize the supplied review surface and avoid drifting into unrelated files
Keep the prompt concrete: mention task, sprint, or project scope; intended review directory; and whether the review is an initial pass or a post-fix recheck.
When building the prompt:
- always name the exact target boundary and enclosing sprint
- always tell the reviewer where the report must be written conceptually, even if the main agent will perform the final canonical write
- always state whether the round is
initial, post-fix recheck, or project-final
- always list the verification commands already run and any commands the reviewer should expect to see rerun after fixes
- always remind the reviewer not to edit code or governance files
- when the boundary is narrower than the full scope root, always pass
--review-surface entries for the touched paths or owned modules
Main-Agent Processing
After the reviewer returns:
- write the round's
code_review_<slug>.md into the sprint review/ directory
- create or update the matching
CR-xxx.md task with status review_pending
- recheck each finding yourself
- append a dated recheck section with
accepted / rejected / deferred
- rename to
verified_code_review_<slug>.md
- move the
CR-xxx task to verified
Then:
- fix every
accepted finding
- document any true
deferred item with blocker and follow-up window
- rerun the relevant verification commands
- append the fix record
- rename to
resolved_code_review_<slug>.md
- move the
CR-xxx task to resolved
Loop Exit Rule
If the next fresh reviewer finds new actionable issues:
- allocate a new
CR-xxx
- start another round
- do not reopen the old resolved CR
Exit the current boundary CR loop only when the latest fresh reviewer reports no actionable findings.
When the final recheck is clean, prefer writing the clean round directly as a resolved review artifact and mark that round's CR-xxx as resolved.
Resume Protocol
If execution is interrupted mid-boundary, do not blindly allocate a new CR-xxx. Resume in this order:
- reload
current-context.md, the target plan.md, sprint tasks/, and sprint review/
- inspect the latest non-resolved
CR-xxx task in the owning sprint
- inspect any active reservation under
tasks/.cr-round-reservations/
- only allocate a brand-new
CR-xxx when there is no matching open round and no matching active reservation for the current boundary
Round-state interpretation:
- if the latest matching
CR-xxx is still review_pending, resume that round's review verification and do not create a new CR
- if the latest matching
CR-xxx is verified, resume accepted-finding fixes and post-fix validation for that same round
- if the latest matching
CR-xxx is already resolved, only create a new round when you are intentionally launching a fresh recheck
- if there is no task card yet but there is an active reservation, reuse that reservation's
CR-xxx and report_slug
- resume matching should prefer exact
Scope Kind / Scope Label / Round Type metadata; only use legacy fallbacks for older cards that predate these fields
- task-scope resume should resolve
TK-xxx against slug-suffixed task cards when needed; if multiple legacy matches exist, require an explicit task-card path
Tooling guidance:
- prefer
bootstrap-cr-round.mjs --resume when resuming a boundary
- if bootstrap already produced a round id and slug, pass them through to any later helper call via
--cr-task-id and --report-slug
tasks/.cr-round-reservations/ is a hidden coordination surface for in-flight round ids; do not hand-edit it unless you are intentionally clearing a stale reservation
- a normal
--write-task-card flow should consume and release the matching reservation automatically
- when
--resume reuses an existing task card, --write-task-card should be treated as an idempotent no-op instead of failing
Resume exit rule:
- do not advance to boundary commit, sprint closeout, or project closeout until the resumed round itself reaches a clean terminal state
- if resume inspection reveals conflicting open rounds for the same boundary, pause and reconcile before continuing
Phase 4: Boundary Commit
After the current boundary's execution work is done and its CR loop is clean, create one local commit before moving on to the next boundary.
This commit step is mandatory for this skill unless one of the explicit skip conditions below applies.
Commit Rules
- default to local commit only; do not push unless the user explicitly asks
- follow the guardrails from
workspace-delivery-finisher
- do not amend prior commits unless the user explicitly asks
- if the working tree has no changes for this boundary, record that no commit was needed and continue
- if unrelated concurrent changes exist, commit only the boundary-owned files when that separation is safe; otherwise pause and realign with the user
Commit Gate
Before the boundary commit:
- ensure the boundary's
Delivery Verification is already green
- rerun
pnpm run check as the repository-level delivery sanity gate
- stop if the gate fails
Interpretation:
- the boundary-specific tests/build/evidence remain the primary release proof
- the extra
pnpm run check is the final pre-commit repo sanity pass
Commit Granularity
task scope:
- after the task's CR loop is clean
- if the task completion also triggered sprint closeout in the same boundary, commit after the closeout write-back finishes
sprint scope:
- after sprint closeout and activation write-backs complete
- commit before starting the next sprint's implementation
project scope:
- after each sprint reaches clean closeout, create a sprint commit
- after the final project-level CR loop is clean and final closeout completes, create one final project commit
Commit Message Guidance
Prefer Conventional Commits that reflect the current boundary:
- implementation-heavy boundary:
feat(<scope>): ...
fix(<scope>): ...
- governance / closeout / handoff heavy boundary:
docs(<scope>): ...
chore(<scope>): ...
Recommended subjects:
- task:
<type>(TK-194): complete task and clear cr loop
- sprint:
<type>(project-012-sprint-003): complete sprint and clear cr loop
- project:
<type>(project-012): complete project and clear final cr loop
Use the suggestion emitted by bootstrap-cr-round.mjs when it matches the actual boundary changes.
Phase 5: Scope-Specific Exit
Task Scope
After the target task's CR loop is clean:
- mark the task complete and sync task ledgers
- if the containing sprint now has all
TK items completed and all CR items resolved, immediately execute sprint closeout
- otherwise stop unless the user explicitly asked to continue to the broader sprint or project
Sprint Scope
Only after all sprint TK items are completed and all sprint CR items are resolved:
- execute the sprint closeout task
- generate any sprint closeout artifact required by the plan
- activate the next sprint if one exists
- sync
plan.md, canonical task-ledger sqlite, rendered checklist.md / tasks.csv, and any artifact registry updates required by the sprint
Do not leave a sprint in an all-done-but-not-closed state.
Project Scope
For project scope, do not close the project after a single review. Use the project cadence below.
Phase 6: Project Cadence
If the target scope is a project:
- execute each remaining sprint in order
- after each sprint implementation, complete that sprint's CR loop until clean
- close out that sprint before advancing
- create the sprint-level local commit before starting the next sprint
After the last sprint's own CR loop is clean:
- do not execute final project closeout yet
- run one more fresh sub-agent review over the whole remaining project scope
- process findings with the same
review_pending -> verified -> resolved lifecycle
- repeat with a fresh reviewer until the project-level review also returns clean
By default, store the final project-level review rounds under the final sprint's review/ directory and consume the next available CR-xxx in that sprint's tasks/ directory, unless the user specifies another canonical location.
Phase 7: Final Project Closeout
If the target scope is a project, final closeout is allowed only after both conditions are true:
- the final sprint CR loop is clean
- the project-level final CR loop is clean
Then:
- execute the project's final closeout task
- generate the completion audit summary
- generate handoff or freeze artifacts if required
- update
current-context.md and completed history as needed
- sync artifact registry and task ledgers
- create the final project local commit before declaring the project complete
Verification Baseline
At minimum, rerun the commands required by the touched scope. For code changes under apps/**, packages/**, bin/**, or test/**, include:
pnpm run build
- relevant package tests
node ./scripts/governance/sync-task-ledger.js --task-id <TK-xxx|CR-xxx> or the --tasks-dir <sprint/tasks> variant
- governance sync checks required by the sprint
When the active plan defines fixed verification commands, treat those as the round baseline and rerun them after accepted fixes.
Guardrails
- Never let the reviewer sub-agent own canonical governance writes. The main agent must update repository truth.
- Never mark a CR
verified or resolved without matching filename, top-level Status, and CR-xxx task status.
- Never close out a sprint while any
CR-xxx in that sprint is not resolved.
- Never perform final project closeout before the project-level final CR loop is clean.
- For project scope, do not merge sprint review loops together; each sprint must independently reach a clean state first.
- Use new
CR-xxx identifiers per round instead of recycling resolved CR tasks.
- If a reviewer concern is weak or unsupported by standards, record it as rejected or risk-based inference instead of silently accepting it.
- Keep the main agent on the critical path: sub-agents review, main agent decides and integrates.
- Do not push as part of the automatic boundary commit unless the user explicitly asked for push behavior.
- Do not skip the boundary commit just because a later sprint or project commit will exist; every clean boundary should have its own local checkpoint when changes exist.
Quick Invocation Patterns
This skill should trigger for requests like:
执行 TK-201,并且做子 agent CR 循环直到清零
执行当前 sprint,并在 sprint 结束后循环 CR 直到没有问题
把这个项目从当前 sprint 一直执行到结束,每个 sprint 和最终项目都要循环 CR 直到清零