// Formal quality gate with multi-persona review, confidence thresholds, and QA routing based on fresh verification evidence.
Lightweight task compressor. Turn messy input into a one-page brief that can route to roundtable or writing-plan without replacing direction decisions.
Direction convergence skill. Use brainstorm, align, or challenge mode to turn messy questions or existing proposals into a clear directional decision.
Use this when direction is already clear and the next job is to compress it into an executable block with scope, done criteria, and routing.
Fast failure classifier. Decide whether the problem is a spec gap, an implementation bug, or a rollback candidate before routing to writing-plan, diagnose, or ship.
Use this when the system is broken, tests are failing, or behavior is abnormal and the root cause is still unknown. No investigation, no fix.
Use this when the current block is already clear and the job is to complete it. Default route comes from test-first; only controlled low-risk exceptions may enter directly.
| name | ks-review |
| description | Formal quality gate with multi-persona review, confidence thresholds, and QA routing based on fresh verification evidence. |
| layer | decision |
| owner | review |
| inputs | ["diff","plan_document","verification_report"] |
| outputs | ["review_report","findings","review_verdict"] |
| entry_modes | ["build-ready","release-ready"] |
Preamble: see templates/preamble.md
Turns verification evidence into a formal quality decision. Verify collects evidence; review interprets it.
Responsible for: structured multi-specialist review, finding dedup, confidence gating, qa_required decision, verdict. Not responsible for: collecting evidence (verify), fixing code (implement), runtime testing (qa).
_KS_CLI="${KEYSTONE_CLI:-./keystone}"
_VERIFY_RESULT=$($_KS_CLI state get verify_result 2>/dev/null | tr -d '"')
_PLAN_DOC=$($_KS_CLI state get artifacts.plan_document 2>/dev/null | tr -d '"')
echo "Verify result: $_VERIFY_RESULT"
echo "Plan document: $_PLAN_DOC"
_BASE=$(git merge-base HEAD origin/main 2>/dev/null || git merge-base HEAD main 2>/dev/null || echo "HEAD~10")
_FILE_COUNT=$(git diff --name-only $_BASE | wc -l | tr -d ' ')
_LINES=$(git diff --numstat $_BASE | awk '{sum += $1 + $2} END {print sum}')
echo "Changed files: $_FILE_COUNT | Changed lines: $_LINES"
Specialist files live in decision/review/specialists/. Reference each by path.
Always-on (read every review):
specialists/correctness.mdspecialists/testing.mdspecialists/maintainability.mdspecialists/project-standards.mdConditional (activate based on diff content):
| Specialist | Activate when |
|---|---|
specialists/security.md | diff touches auth, public endpoints, user input, permissions, credentials |
specialists/performance.md | diff touches DB queries, caching, async, loops over collections, rendering |
specialists/data-migration.md | diff touches migration files, schema, model definitions |
specialists/reliability.md | diff touches retries, timeouts, background jobs, error handling, concurrency |
specialists/adversarial.md | diff >200 lines OR high-risk surface (auth, payments, data integrity) |
Skip check: before running each specialist, read its skip condition. If the diff does not match its activation trigger, skip it and log why.
For each selected specialist, read the file and execute its check scope against the diff.
Each specialist returns structured findings:
{
"reviewer": "specialist-name",
"findings": [
{
"file": "path:line",
"issue": "concrete problem statement",
"severity": "P0|P1|P2|P3",
"confidence": 0.0-1.0,
"evidence": ["fact 1", "fact 2"],
"autofix_class": "safe_auto|gated_auto|manual|advisory"
}
],
"residual_risks": [],
"testing_gaps": []
}
Execution modes (detect which mode to use):
| Mode | When | How |
|---|---|---|
| Sequential (inline) | default, all hosts except Claude Code | read each specialist file, apply its check scope one at a time |
| Parallel (subagent) | Claude Code (detected by .claude/ directory existing in project) | dispatch each specialist as a subagent with the specialist file as its prompt |
Mode detection:
if [ -d ".claude" ]; then
_REVIEW_MODE="parallel"
echo "Review mode: parallel (Claude Code detected)"
else
_REVIEW_MODE="sequential"
echo "Review mode: sequential"
fi
When _REVIEW_MODE=parallel, dispatch each specialist using the Task tool. Each specialist becomes an independent subagent.
Task call format:
Task(
subagent_type: "worker",
description: "review specialist: [name]",
prompt: "You are the [specialist name] reviewer.\n\nRead the specialist instructions:\n[SPECIALIST_FILE_CONTENT]\n\nReview this diff against the current plan:\n\n[DIFF_CONTENT]\n\nReturn ONLY structured JSON findings in the format specified by the specialist file."
)
Collection:
Advantages of parallel dispatch:
Sequential execution (all other hosts):
Discard every finding with confidence < 0.60. No severity exception.
# Filter: keep only findings where confidence >= 0.60
# Rationale: a confident wrong finding is worse than no finding
Fingerprint algorithm:
fingerprint = normalize(file_path) + line_bucket(line, +/-3) + normalize(title)
Confidence boosting:
| autofix_class | Who applies | When |
|---|---|---|
safe_auto | review skill directly | deterministic local fix (typo, missing import, unused variable) |
gated_auto | user approves first | fix is known but changes behavior |
manual | human in follow-up | requires judgment, design decision, or multi-file change |
advisory | report only | low-impact note, no action required |
Interactive mode (default):
Step 8a: present P0 findings
→ user accepts, rejects, or modifies each
→ accepted safe_auto items may be applied immediately
Step 8b: present P1 findings
→ same flow
Step 8c: present P2 findings
→ accept or mark advisory
Step 8d: present P3 findings
→ report only, no action needed
Report-only mode: skip interaction, just list all findings sorted by severity.
Autofix mode: apply all safe_auto fixes without confirmation, report gated_auto and manual items.
| Condition | qa_required |
|---|---|
| Diff touches user-facing path (browser, form, navigation) | true |
| Diff touches critical integration chain (payment, auth flow, data pipeline) | true |
| Diff is internal script, config, non-interactive backend fix | false |
| Uncertain | true (safer default) |
$_KS_CLI state set qa_required "$_QA_REQUIRED" >/dev/null
| Verdict | Condition |
|---|---|
pass | no unresolved P0/P1 findings |
pass_with_risks | only P2/P3 remain, all disclosed |
blocked | unresolved P0/P1 findings exist |
## Review Report
**Scope**: [files changed, line count]
**Intent**: [purpose of the change]
**Specialists run**: [list of specialists that ran]
**Specialists skipped**: [list with skip reasons]
**Mode**: sequential / parallel (Claude Code)
**Review mode**: interactive / report-only / autofix
**Isolation**: single-agent / multi-agent (specialist isolation)
### P0 - Critical
| # | File | Issue | Specialist | Confidence | Route |
|---|---|---|---|---|---|
| 1 | path:line | description | name | 0.XX | safe_auto/gated_auto/manual |
### P1 - High
[same table format]
### P2 - Moderate
[same table format]
### P3 - Low
[summary only, no table]
### Applied Fixes
- [list of auto-applied fixes]
### Residual Work
- [manual/advisory items remaining]
### Verdict
- **[pass / pass_with_risks / blocked]**
### QA Routing
- **qa_required**: [true / false]
- **reason**: [why]
_REVIEW_RESULT="${REVIEW_RESULT:?pass|pass_with_risks|blocked}"
_QA_REQUIRED="${QA_REQUIRED:?true|false}"
_KS_CLI="${KEYSTONE_CLI:-./keystone}"
$_KS_CLI state set current_stage "review" >/dev/null
$_KS_CLI state set review_result "$_REVIEW_RESULT" >/dev/null
$_KS_CLI state set qa_required "$_QA_REQUIRED" >/dev/null
case "$_REVIEW_RESULT" in
pass)
_EXIT_NEXT=$([ "$_QA_REQUIRED" = "true" ] && echo "qa" || echo "ship")
_EXIT_REASON="Review passed"
;;
pass_with_risks)
_EXIT_NEXT=$([ "$_QA_REQUIRED" = "true" ] && echo "qa" || echo "ship")
_EXIT_REASON="Review passed with disclosed risks"
;;
blocked)
_EXIT_NEXT="implement"
_EXIT_REASON="Review blocked by P0/P1 findings"
;;
esac
$_KS_CLI state set exit_code "ok" >/dev/null
$_KS_CLI state set exit_reason "$_EXIT_REASON" >/dev/null
$_KS_CLI state set next_skill "$_EXIT_NEXT" >/dev/null
mkdir -p .keystone/telemetry/events
echo "{\"skill\":\"review\",\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"decision\":\"review-$_REVIEW_RESULT\",\"confidence\":0.9,\"review_result\":\"$_REVIEW_RESULT\",\"qa_required\":$_QA_REQUIRED,\"findings_p0\":${P0_COUNT:-0},\"findings_p1\":${P1_COUNT:-0},\"specialists_run\":${SPECIALIST_COUNT:-4}}" >> .keystone/telemetry/events/$(date +%Y-%m).jsonl
git diff shows no changesTo add a domain-specific specialist:
decision/review/specialists/ (e.g., accessibility.md)decision: review-[pass|pass-with-risks|blocked]
confidence: 0.9
rationale: Verification evidence exists, specialist findings were confidence-gated and deduplicated, qa_required is explicit.
fallback: If blocked, return to implement for fixes.
escalate: false
next_skill: qa (if qa_required=true) or ship (if qa_required=false)
next_action: Enter the routed closeout skill.