원클릭으로
review
Run evaluator and security reviewer concurrently for comprehensive quality gate.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
메뉴
Run evaluator and security reviewer concurrently for comprehensive quality gate.
Codex 또는 Claude로 설치 이 Prompt를 복사해 Codex, Claude 또는 다른 어시스턴트에 붙여 넣으면 Skill 페이지를 검토하고 설치를 진행할 수 있습니다.
SOC 직업 분류 기준
Discover and map an existing codebase before planning or changing it.
Change the behavior of existing code — story-driven by default, or --issue N for a GitHub bug fix. Test-first, full verification, code review.
Use when a planned change touches persisted data shape — ORM models, migration files, schema definitions, serialized formats, or message contracts — in /change, /refactor, or /implement on an existing codebase. Routes schema changes through expand-contract and proves reversibility before any deploy.
Generate production code and tests for a story group using agent teams for parallel execution.
Refactor existing code for quality, performance, or maintainability. Enforces core quality principles with ratchet gate.
Generate test plan, test cases, test data fixtures, and Playwright E2E tests mapped to acceptance criteria.
| name | review |
| description | Run evaluator and security reviewer concurrently for comprehensive quality gate. |
| argument-hint | [story-id] |
| context | fork |
On-demand, pre-merge entry point to the harness's one quality gate: it spawns the same evaluator + security-reviewer agents that /evaluate (Layer 4) and /auto (Gate 7) run in-pipeline, with identical verdict semantics. This skill owns only the on-demand orchestration; the gate's definitions live in /evaluate.
Ultracode tip: Multi-dimension review with adversarial verification is a natural fan-out, so
/effort ultracodepays off on this plain skill form.
/review # reviews the current group in context
/review E3-S1 # reviews a specific story and its group
Use the Agent tool to spawn both agents in a single call — concurrent execution is the point of this skill:
specs/reviews/evaluator-report.md and updates features.json.specs/reviews/security-review.md and the canonical specs/reviews/security-verdict.json.Both agents get the same changed-file set and group context. Every changed file in the group is in scope for both — never pass a subset to avoid findings.
Severity levels (BLOCK/WARN/INFO), the BLOCK self-healing loop (generator fix → full re-run, max 3 cycles, then escalate), and the security verdict format are defined once in /evaluate (.claude/skills/evaluate/SKILL.md) — follow them exactly from there. Do not merge or mark a group complete while any BLOCK finding remains open, and always re-run the full review after fixes.
specs/reviews/evaluator-report.md — PASS/FAIL with per-check detailspecs/reviews/security-review.md — BLOCK/WARN/INFO findings with file referencesspecs/reviews/security-verdict.json — the canonical machine-readable security verdictAll three must exist before the review is complete; a missing output is itself a BLOCK finding.
/evaluate)There are two entry points to the same gate, not two gates:
/evaluate Layer 4 / /auto Gate 7 — the authoritative in-pipeline owner./review — the on-demand pre-merge entry point (this skill).In /auto, Gate 7 already covers it — a separate /review is only needed for manual gating before a merge.