con un clic
review
Run evaluator and security reviewer concurrently for comprehensive quality gate.
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Menú
Run evaluator and security reviewer concurrently for comprehensive quality gate.
Instalar con Codex o Claude Copia este prompt, pégalo en Codex, Claude u otro asistente, y deja que revise la página de la skill y la instale por ti.
Basado en la clasificación ocupacional SOC
Discover and map an existing codebase before planning or changing it.
Change the behavior of existing code — story-driven by default, or --issue N for a GitHub bug fix. Test-first, full verification, code review.
Use when a planned change touches persisted data shape — ORM models, migration files, schema definitions, serialized formats, or message contracts — in /change, /refactor, or /implement on an existing codebase. Routes schema changes through expand-contract and proves reversibility before any deploy.
Generate production code and tests for a story group using agent teams for parallel execution.
Refactor existing code for quality, performance, or maintainability. Enforces core quality principles with ratchet gate.
Generate test plan, test cases, test data fixtures, and Playwright E2E tests mapped to acceptance criteria.
| name | review |
| description | Run evaluator and security reviewer concurrently for comprehensive quality gate. |
| argument-hint | [story-id] |
| context | fork |
On-demand, pre-merge entry point to the harness's one quality gate: it spawns the same evaluator + security-reviewer agents that /evaluate (Layer 4) and /auto (Gate 7) run in-pipeline, with identical verdict semantics. This skill owns only the on-demand orchestration; the gate's definitions live in /evaluate.
Ultracode tip: Multi-dimension review with adversarial verification is a natural fan-out, so
/effort ultracodepays off on this plain skill form.
/review # reviews the current group in context
/review E3-S1 # reviews a specific story and its group
Use the Agent tool to spawn both agents in a single call — concurrent execution is the point of this skill:
specs/reviews/evaluator-report.md and updates features.json.specs/reviews/security-review.md and the canonical specs/reviews/security-verdict.json.Both agents get the same changed-file set and group context. Every changed file in the group is in scope for both — never pass a subset to avoid findings.
Severity levels (BLOCK/WARN/INFO), the BLOCK self-healing loop (generator fix → full re-run, max 3 cycles, then escalate), and the security verdict format are defined once in /evaluate (.claude/skills/evaluate/SKILL.md) — follow them exactly from there. Do not merge or mark a group complete while any BLOCK finding remains open, and always re-run the full review after fixes.
specs/reviews/evaluator-report.md — PASS/FAIL with per-check detailspecs/reviews/security-review.md — BLOCK/WARN/INFO findings with file referencesspecs/reviews/security-verdict.json — the canonical machine-readable security verdictAll three must exist before the review is complete; a missing output is itself a BLOCK finding.
/evaluate)There are two entry points to the same gate, not two gates:
/evaluate Layer 4 / /auto Gate 7 — the authoritative in-pipeline owner./review — the on-demand pre-merge entry point (this skill).In /auto, Gate 7 already covers it — a separate /review is only needed for manual gating before a merge.