| name | run-by-experts |
| description | Use before opening a SUBSTANTIVE PR (protocol changes, multi-tenant or auth surfaces, adopter-facing examples, refactors that span specialism modules). Fires multiple expert reviewers in parallel and uses convergence as the blocker signal — items flagged by 2+ reviewers are real; single-reviewer findings are usually preferences. Skip for trivial changes (single-line fixes, README typos, mechanical refactors). |
Run by Experts
Overview
Multi-reviewer parallel review where convergence is the load-bearing signal. Items flagged by two or more reviewers are real blockers. Single-reviewer findings are usually preferences worth considering but not gating.
This skill exists because solo Claude review on a non-trivial PR catches obvious bugs but misses domain-specific landmines (multi-tenant isolation, protocol shape, type-system gotchas, adopter-DX cliffs). Each expert reviewer carries different domain priors; running them in parallel and acting on the intersection produces a better signal than any single review.
When to use
Always run before opening:
- Protocol-level changes (request/response shapes, error codes, new specialism interfaces)
- Multi-tenant or auth surfaces (isolation gates, credential handling, sandbox boundaries)
- Adopter-facing examples (
examples/hello_*, skill files, public docs)
- Bug fixes where the root cause might be either side of an interface boundary
Optional but high-value:
- Refactors that span multiple specialism modules
- API surface changes (export shape, type changes, deprecations)
- New subagent prompts or skill files
Skip:
- Trivial changes (changesets, single-line bug fixes with obvious test coverage, README typos)
- Pure mechanical refactors (rename, dead-code removal) where you've verified no behavior change
The reviewer set
Pick the relevant subset for the PR. Default for a substantive change is all four:
| Reviewer | Focus | Fire when |
|---|
ad-tech-protocol-expert | Wire shape vs spec, error code placement, schema conformance, protocol contract | Any protocol-touching change |
code-reviewer | Correctness, type-safety, dead code, casts, edge cases, hidden control flow | All non-trivial code changes |
security-reviewer | Tenant isolation, auth/credential handling, prompt-injection surfaces, fail-open vs fail-closed gates, SSRF | Any change that touches auth, multi-tenancy, or buyer-supplied data flowing through error envelopes |
dx-expert | Forkability, SWAP markers, header doc clarity, copy-paste anti-patterns, README discoverability | Any adopter-facing example or doc change |
For protocol-only / spec-side changes, adtech-product-expert (buy-side / sell-side product fit) is often a fifth.
How to fire
Single message, multiple Agent tool calls in parallel — never sequential. Run-in-background unless the PR is so small that you'll wait on the first one. Each prompt is self-contained: the agent has no memory of the conversation, so include:
- File paths in scope
- Branch name
- Specific items the prior round (if any) claimed to fix — verify each
- Specific concerns you want flagged (don't ask "what do you think?" — that produces shallow review)
- Word budget ("Under 500 words")
- Format expectation ("Report: blockers / concerns / fine, per item")
Example brief shape (excerpted from bokelley/hello-adapters-gov-rights round 2):
Re-review of PR #XXXX. Prior round flagged 17 findings; all blockers + must-fix concerns claimed addressed. Verify, and flag any NEW issues introduced by the fixes.
Files in scope: examples/foo.ts (new, ~1200 lines).
Prior-round items that should be fixed — verify each:
- ...
- ...
New questions for this round:
- ...
Report: blockers / suggestions / nits. Under 500 words. Don't restate prior-round findings unless the fix introduces a new issue.
Reading the results
Convergence (2+ reviewers same finding) = real blocker. Act on these unconditionally.
Single-reviewer must-fix = should-fix. Read the reasoning; usually it's worth doing but defensibly skippable. Push back if the finding contradicts the convergent signals.
Advisory = nice-to-have. Roll into a follow-up issue or comment-only fix.
The convergence signal is doing real work. From the production example (round 1 of the multi-tenant adapter PR):
- The
as unknown as { account?: ... } cast was flagged by THREE of four reviewers (code: "may be reading a runtime-undefined field"; DX: "cargo-cult-bait"; protocol: implicitly endorsed by saying "should pull from ctx.account"). All three independently spotted that the cast was a real bug, not a style preference.
- Single-reviewer concerns were mostly preferences (helper extraction style, comment placement nits). Worth doing but not gating.
Two-round pattern
For substantive PRs, run two rounds:
- Round 1 — initial review. Fire all relevant reviewers on the unreviewed code. Consolidate findings by convergence. Apply blockers + must-fix.
- Round 2 — re-review of fixes. Fire the same reviewers again, asking each to (a) verify each prior-round finding is fixed and (b) flag any NEW issues the fix introduced.
Round-2 finds the regressions fix-blindness misses. Production example: round 2 caught a fail-OPEN tenant gate that round 1's fix had introduced (the gate was if (homeTenantId && tenantId !== homeTenantId) — when homeTenantId is undefined, the check skips; round 1 hadn't considered that path).
Process artifacts to ship with the PR
After all rounds land, the PR description should include:
- A consolidated "Expert review" section listing each round's blockers and how each was addressed
- The reviewer convergence signal (e.g., "3 of 4 flagged X" → "this was the real bug")
- Any single-reviewer items that were intentionally NOT fixed, with reasoning
- Cross-links to upstream-spec issues filed during review (if storyboards or spec gaps surfaced — see
skills/triage-storyboard-failure/)
What this skill is NOT
- A replacement for human reviewers — convergent expert review surfaces issues fast, but humans make the final call on whether to merge
- An excuse to skip writing tests — reviewers can't verify behavior they can't run
- A substitute for
npm run typecheck / npm run format:check / CI — those gate-before-review
See also
skills/triage-storyboard-failure/ — when an expert review (or your own testing) surfaces a storyboard-vs-spec mismatch
examples/CONTRIBUTING.md — the SWAP-marker and DO-NOT-DEPLOY-AS-IS conventions DX reviewers will check for
~/.claude/commands/prep-for-pr.md (personal command) — calls this skill plus the build/test/security-review chain