// Use when about to review a pull request, leave comments on a diff, approve a merge, or self-review your own changes before sending them. Applies to any PR from a typo fix to a migration, and to both human reviewers and AI sub-agents.
Generate a high-level weekly status report for a Basecamp project. Reader is a lead or outsider, not someone in the project's daily work. Outputs a lean 4-section markdown report (TL;DR, What happened, Blockers & decisions needed, Gaps Basecamp can't see). Last 7 days only, retrospective. Requires the basecamp CLI installed and authenticated.
Use when an AI agent is itself performing a pull request review (not coaching a human, not fetching the PR). Covers agent-specific tactics: context budget, tool escalation triggers, Explore subagent dispatch (single sidecar and parallel fan-out), when to emit "I cannot review this responsibly", auto-memory integration, and agent failure modes (confabulation, tool-call theater, delegated certainty laundering, evidence laundering, patch sycophancy, premature fan-out). Complements reviewing-pull-requests (universal doctrine) and pr-review (operational PR fetch + per-layer comparison).
Adopt AppRouter (github.com/dimillian/AppRouter) for type-safe SwiftUI navigation with sheets and deep linking. Use when starting an app's nav layer or replacing ad-hoc `NavigationStack` path management. SimpleRouter or tab Router.
Add Apple's on-device Foundation Models (Apple Intelligence) to a SwiftUI app: streaming, `@Generable` structured output, `Tool` protocol, availability checks. iOS / iPadOS / macOS / visionOS 26+. Triggers on `SystemLanguageModel`, `LanguageModelSession`, `@Generable`.
Adopt iOS 26 / iPadOS 26 / macOS 26 SwiftUI APIs: Liquid Glass, modernized toolbars and tab bars, matched transitions, scroll position. Triggers: `glassEffect`, `buttonStyle(.glass)`, `ToolbarSpacer`, `matchedTransitionSource`, `tabBarMinimizeBehavior`.
Migrate legacy SwiftUI code from ObservableObject + @Published + ViewModel patterns to @Observable + @Environment + view-state enums. Use when modernizing an iOS or macOS codebase, removing ViewModel layers, or replacing Combine with async/await.
| name | reviewing-pull-requests |
| description | Use when about to review a pull request, leave comments on a diff, approve a merge, or self-review your own changes before sending them. Applies to any PR from a typo fix to a migration, and to both human reviewers and AI sub-agents. |
A doctrine for spending review attention where it pays. Routes depth from risk, not habit. Refuses to generate noise.
This skill is the philosophy. For the operational mechanics of fetching a GitHub PR and comparing it to this codebase's conventions, see the project's pr-review skill. Use both for a real review.
Not for: writing the change, writing tests, deciding whether to open a PR.
If you are an AI agent: this skill alone is insufficient. Also load pr-review-agent-tactics. The two skills are designed to be loaded together: this one is the philosophy (what to look for, what to ignore, how to comment); the other is how to operate as an agent while applying it (context budget, tool escalation, sub-agent dispatch, when to recuse, agent-specific failure modes). Loading only one produces incomplete reviews: doctrine without tactics burns context on the wrong things; tactics without doctrine is mechanically efficient noise.
Three lines. Everything else in this skill elaborates them. If you forget the skill, keep these.
Classify the PR before reading code. Take no more than 60 seconds.
predict-then-diff and reveal whether the stated goal matches the diff. A PR with no description or a description that doesn't match the diff is its own finding.Assign one of three tiers. The tier decides everything downstream.
| Tier | Triggers | Required moves |
|---|---|---|
| Trivial | <50 lines, no risk surface, fully reversible, single module | Skim for obvious defects. Approve or comment. Done. |
| Standard | Default. Anything not Trivial or High-risk. | predict-then-diff (mandatory). Apply relevant lenses. |
| High-risk | Any risk-surface trigger above, or >500 lines, or hard-to-reverse | predict-then-diff. Apply all lenses. Verify rollback path. Demand test plan if absent. Run it locally if behavior is unclear. |
If a PR mixes a Trivial change with a High-risk change, stop and ask for a split. Bundled PRs hide the high-risk part in the noise of the trivial one.
predict-then-diff is mandatory for Standard and High-risk tiers. Read the ticket or PR description first, form an expectation of what the diff should contain, then diff your expectation against reality. Surprises (things missing, things present that shouldn't be) are the highest-signal moments in review. Without this, you become a spell-checker for the author's framing.
Before applying lenses to the code, interrogate the premise. Cheap, often surfaces the highest-leverage findings.
tenacity is a dep, or a custom parser when pydantic would do it, say so.git log -S or git blame) before approving the removal.If the premise doesn't survive, stop. Address the premise; do not review the implementation of a wrong thing.
Apply these to Standard and High-risk PRs in roughly this order. Skip lenses that don't apply.
return True? Are integration tests hitting real systems where it matters?These are not review work. Spending attention on them is performing diligence, not practicing it.
delete_user that actually disables them).Reach for these when the situation calls for it.
Before posting any comment, ask: will this change the code, or am I performing review? If the second, delete it.
Tag every comment with one severity:
Quality bar for must-fix:
Missing any of these and it's not yet a must-fix. It's a question until you've done the work.
Universal "evidence checked" forms become hallucinated boilerplate on small PRs. Scale the output to the tier.
Tier: trivial. No findings. (or list any trivial defects found).Standard and High-risk reviews must end with a "what I did not verify" line. Examples: "Did not run the migration locally", "Did not exercise the streaming path under load", "Did not check call sites in the lambda handlers." Surfacing scope is more honest than burying it. Reviewers who don't declare gaps are pretending coverage they don't have.
In all tiers: do not summarize what the PR does. The author wrote that already, and the diff is right there. Comments exist to change code or record verification. Praise, summary, and acknowledgment are noise.
"I cannot review this responsibly" is a legitimate output. Use it when:
State what you inspected, what you could not verify, and who or what should verify it. Recusing is not a failure; producing a confident-sounding review you cannot back is.
Stop reviewing and act when:
Named so they can be called out without ambiguity.
If any of these match while you're reviewing, stop and recalibrate:
If a future maintainer is tempted to add these, push back.