// Check phase. Parallel review: code quality + security + tests. Outputs PASS/WARN/FAIL per dimension. Validates spec coverage.
Bitbucket CLI for Data Center and Cloud. Use when users need to manage repositories, pull requests, branches, issues, webhooks, or pipelines in Bitbucket. Triggers include "bitbucket", "bkt", "pull request", "PR", "repo list", "branch create", "Bitbucket Data Center", "Bitbucket Cloud", "keyring timeout".
Execute epics through waves.
Core router. Always active. Auto-invokes matching skill before every response. Runs confusion protocol on high-risk ambiguity.
Go phase. Reads approved SPEC, maps requirements to tasks, executes via TDD, integrates verifying acceptance criteria.
Complete orbit — autonomous spec through ship. Choose interactive or council mode, then hands-off until PR.
Ship phase. Isolated integration test in fresh worktree, PR creation, CI monitoring, auto-fix on failure.
| name | check |
| description | Check phase. Parallel review: code quality + security + tests. Outputs PASS/WARN/FAIL per dimension. Validates spec coverage. |
CRITICAL: Run HARNESS_DIR=$(epic-harness path) first. NEVER use .harness/ in the project directory.
This skill has 3 internal modes that run in parallel:
Confirm go has run:
git symbolic-ref --short HEAD # must NOT be main/master
Load the spec to know what was supposed to be built:
ls -t $HARNESS_DIR/specs/SPEC-*.md | head -1
Read the Requirements and Acceptance Criteria sections.
git diff --stat $(git merge-base HEAD main)
git diff --name-only $(git merge-base HEAD main)
| Pattern | Scope | Extra checks |
|---|---|---|
*.api.*, *route*, *controller*, *handler* | API | + Contract testing, request validation |
*.tsx, *.jsx, *.vue, *.svelte, *.css | Frontend | + Accessibility, semantic HTML |
*.sql, *migration*, *schema* | Database | + Migration safety, rollback plan |
*.rs, Cargo.toml, *.go, go.mod | Backend | + Build verification, type safety |
*.test.*, *.spec.*, __tests__/ | Tests | + Coverage delta, flaky test detection |
Dockerfile*, *.yml, *.yaml, Makefile | Infra | + Config validation, secret detection |
*.md, *.txt | Docs | + Link checking, freshness |
Launch all 3 modes with run_in_background: true.
## Code Review: <file or area>
- [BLOCKER] <description> (line X)
- [WARN] <description> (line Y)
- [NIT] <description> (line Z)
## Summary
- Blockers: N
- Warnings: N
- Verdict: APPROVE / REQUEST_CHANGES
.env files are in .gitignore## Security Audit
- [CRITICAL] SQL injection risk in <file>:<line>
- [HIGH] Hardcoded secret in <file>:<line>
- [MEDIUM] Missing rate limit on <endpoint>
## Performance Audit
- [HIGH] N+1 query in <file>:<line>
- [MEDIUM] Unbounded array growth in <file>:<line>
## Summary
- Security: PASS / FAIL (N critical, N high)
- Performance: PASS / WARN (N issues)
Combine all findings into a single report:
## Check Report
- Spec: SPEC-{timestamp} ({goal_slug})
- Branch: {current branch}
### Change Scope
- Scopes detected: [API, Frontend, Backend, Database, Infra, Docs, Tests]
- Scope-specific checks: [list what ran]
### Code Quality: [PASS/WARN/FAIL]
### Security: [PASS/WARN/FAIL]
### Performance: [PASS/WARN/FAIL]
### Tests: [X/Y passing, Z% coverage]
### Spec Coverage
- R1: ✅/❌ addressed in diff
- R2: ✅/❌ addressed in diff
- AC1: ✅/❌ verified by test
- AC2: ✅/❌ verified by test
### Action Items
1. [blocker or warning]
/ship to create a PR."/go, then re-run /check."| Excuse | Rebuttal | What to do instead |
|---|---|---|
| "It's a small change, skip security" | Small changes introduce big vulnerabilities | Always run the security checklist |
| "Tests are passing, that's enough" | Tests don't catch security or performance issues | Run all 3 modes |
| "I'll fix the warnings later" | Later never comes | Fix blockers now, warnings before merge |