| name | pipeline-review-and-plan |
| description | Use after implementation to run a full generic code review, validate findings, and write a prioritized implementation plan for confirmed fixes. |
Pipeline Review And Plan
Stage 5: implementation -> review -> validated fix plan.
Run a full review pipeline and validate findings before reporting or fixing
them. Raw reviewer findings are not final; only validated findings reach the
user or downstream tasks.
Arguments: [target-ref] [base-ref] [plan-path]
target-ref: branch, tag, or commit to review. Default: HEAD.
base-ref: comparison base. Default: main.
plan-path: optional path to spec.md, plan.md, or a feature directory.
Review Packet
Create .pipeline/review/<review-id>/ with:
setup.log
stat.txt
diff.patch
log.txt
criteria-snapshot.md
risk-profile.md
plan-snapshot.md when a plan path is provided
Use git merge-base target base when possible. If merge-base fails, fall back
to target~1..target and record the fallback in setup.log.
Risk profile:
low: docs, comments, examples, formatting-only, or isolated cleanup.
standard: ordinary implementation changes with bounded runtime effect.
high: public API, generated contract, auth, secrets, persistence,
migrations, storage, destructive operations, concurrency, UI request chains,
SDK/CLI/tool surfaces, or broad compatibility risk.
Reviewers
Use these prompt files as authoritative criteria:
| Reviewer | Prompt file | Output |
|---|
| Security | review-security/review-security.md | security.md |
| Maintainability | review-maintainability/review-maintainability.md | maintainability.md |
| Clean code and SOLID | review-clean-code/review-clean-code.md | clean-code.md |
| Tests | review-tests/review-tests.md | tests.md |
| Developer and agent experience | review-developer-experience/review-developer-experience.md | developer-experience.md |
| Bugs and performance | review-bugs/review-bugs.md | bugs.md |
| Frontend | review-frontend/review-frontend.md | frontend.md when frontend files changed |
| Public contracts | review-contracts/review-contracts.md | contracts.md when public contracts changed |
Run reviewers in parallel when the active tool supports it. Otherwise run them
one at a time with the same shared packet.
Reviewers must:
- Read
criteria-snapshot.md and risk-profile.md.
- Use checklists as lenses, not quotas.
- Report only evidence-backed findings.
- Write clean output when no issue clears the bar.
- Not modify source files.
Summary
After reviewer files exist, write .pipeline/review/<review-id>/summary.md
with critical, major, minor, clean, and full report sections.
Validation
Immediately invoke pipeline-validate-reviews with the review id. This stage is
not complete until both files exist:
.pipeline/review/<review-id>/validation.md
.pipeline/review/<review-id>/implementation-plan.md
Final Response
Report review id, review directory, summary path, validation path,
implementation-plan path, risk level, and counts of confirmed findings,
blocking investigations, verification checks, and eliminated findings.