skill-staged-review
- Repo stars 3,406
- Author updated Live
- Author repo claude-octopus
- Domain
- Engineering
- Compatible agents
-
- Claude Code
- Cursor
- Cline
- Codex
- Windsurf
- Gemini CLI
- +20
- Trust score
- 88 / 100 · community maintained
- Author / version / license
- @nyldn · no license declared
- Token usage
- Lean
- Setup complexity
- Guided setup
- External API key
- Not required
- Operating systems
- Unspecified (assume cross-platform)
- Runtime requirements
- No special requirements
- Permissions
-
- Read-only
- Shell exec
- Write / modify
- Network behavior
- Local-only
- Install commands
- 26 variants
Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.
Heads up: 未限定 allowed-tools,默认拥有全部工具权限。
---
name: skill-staged-review
description: Review code in two passes: spec compliance then quality — use for thorough PR or feature reviews…
category: engineering
runtime: no special runtime
---
# skill-staged-review output preview
## PART A: Task fit
- Use case: Review code in two passes: spec compliance then quality — use for thorough PR or feature reviews This generated Codex skill preserves an enforced workflow contract from the source skill. Separates spec compliance (did you build the right thing?) from code quality runs entirely locally. Works with Claude Code, Cursor, Cline and 23 more..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “Execution Contract (MANDATORY - CANNOT SKIP) / Stage 1: Spec Compliance / Step 1: Load Intent Contract” and do not present inference as author intent.
## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “Review code in two passes: spec compliance then quality — use for thorough PR or feature reviews This generated Codex skill preserves an enforced workflow contract from the source skill. Separates spec compliance (did you build the right thing?) from code quality runs entirely locally. Works with Claude Code, Cursor, Cline and 23 more.”.
- **02** When the source has headings, the agent prioritizes “Execution Contract (MANDATORY - CANNOT SKIP) / Stage 1: Spec Compliance / Step 1: Load Intent Contract” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
## Running Rules
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options. The source mentions slash commands such as `/octo`, `/dev`, `/tmp`; use them first when your agent supports command triggers.
Name target files or source material, expected output, forbidden changes, and whether network or shell access is allowed. Permission fingerprint: read files, run shell commands, write/modify files.
Start with a small task and check whether the result follows “Execution Contract (MANDATORY - CANNOT SKIP) / Stage 1: Spec Compliance / Step 1: Load Intent Contract”. Inspect diffs, logs, previews, or tests before expanding scope.
Confirm the final output includes a concrete result, evidence, and next action. If it stays generic, tighten inputs, boundaries, and acceptance criteria.
---
name: skill-staged-review
description: Review code in two passes: spec compliance then quality — use for thorough PR or feature reviews…
category: engineering
source: nyldn/claude-octopus
---
# skill-staged-review
## When to use
- Review code in two passes: spec compliance then quality — use for thorough PR or feature reviews This generated Codex…
- Use it when the task has clear inputs, repeatable steps, and validation criteria.
## What to provide
- Target material, scope, expected result, and forbidden changes.
- Whether network, commands, file writes, or external services are allowed.
## Execution rules
- Organize steps around “Execution Contract (MANDATORY - CANNOT SKIP) / Stage 1: Spec Compliance / Step 1: Load Intent Contract” and keep inference separate from source facts.
- read files, run shell commands, write/modify files; mostly runs locally; usually needs no extra API key.
- Validate with a small sample before expanding the task.
## Output requirements
- Return the deliverable, key evidence, validation method, and next action.
- Mark missing information as unknown; do not invent commands, platforms, or dependencies. The author source anchors workflow facts; repository files anchor sources and commands; Fluxly only adds fit, limitations, and quality judgment.
skill "skill-staged-review" {
input -> user goal + target files + boundaries + acceptance criteria
context -> Execution Contract (MANDATORY - CANNOT SKIP) / Stage 1: Spec Compliance / Step 1: Load Intent Contract
rules -> SKILL.md triggers / order / output contract
runtime -> no special runtime | read files, run shell commands, write/modify files | mostly runs locally
guardrails -> usually needs no extra API key + small-sample validation + diff/log review
output -> copyable result + checklist + next iteration
} Host: Codex CLI — This skill was designed for Claude Code and adapted for Codex. Cross-reference commands use installed skill names in Codex rather than
/octo:*slash commands. Use the active Codex shell and subagent tools. Do not claim a provider, model, or host subagent is available until the current session exposes it. For host tool equivalents, seeskills/blocks/codex-host-adapter.md.
Execution Contract (MANDATORY - CANNOT SKIP)
This generated Codex skill preserves an enforced workflow contract from the source skill.
PROHIBITED:
- Do not summarize, simulate, or skip the referenced workflow command when this skill requires execution.
- Do not claim provider output or validation artifacts exist without checking the actual files or command output.
- Do not continue silently when a required provider, command, or host capability is unavailable; report the unavailable dependency and use a supported fallback.
Two-Stage Review Pipeline
Separates spec compliance (did you build the right thing?) from code quality (did you build it right?). Stage 1 must pass before Stage 2 runs.
Stage 1: Spec Compliance
Validates the implementation against the intent contract.
Step 1: Load Intent Contract
INTENT_FILE=".claude/session-intent.md"
if [[ -f "$INTENT_FILE" ]]; then
echo "Intent contract found: $INTENT_FILE"
cat "$INTENT_FILE"
else
echo "WARNING: No intent contract found at $INTENT_FILE"
echo "Skipping Stage 1 — proceeding to Stage 2 (code quality) only."
fi
If no intent contract exists: Warn the user and skip to Stage 2. Do NOT fabricate success criteria — the contract must exist from a prior workflow.
Step 2: Validate Success Criteria
For each success criterion in the intent contract:
- Read the criterion from the
## Success Criteriasection - Find evidence in the codebase that the criterion is met
- Mark status:
[PASS]— Evidence confirms criterion is met[FAIL]— Evidence shows criterion is NOT met[PARTIAL]— Partially met, gaps identified
Present results:
## Stage 1: Spec Compliance
### Success Criteria Check
#### Good Enough Criteria
- [PASS] Criterion 1: <how it was met>
- [FAIL] Criterion 2: <why not met, what's missing>
#### Exceptional Criteria
- [PARTIAL] Criterion 1: <what's done, what's remaining>
Step 3: Validate Boundaries
For each boundary in the intent contract:
- Read the boundary from the
## Boundariessection - Check for violations in the implementation
- Mark status:
[RESPECTED]— No violations found[VIOLATED]— Implementation crosses the boundary
### Boundary Check
- [RESPECTED] Boundary 1: <confirmation>
- [VIOLATED] Boundary 2: <what violated it>
Step 4: Stage 1 Gate
| Result | Action |
|---|---|
| All criteria PASS + all boundaries RESPECTED | Proceed to Stage 2 |
| Any criterion FAIL | Report failures. Ask user: fix now or proceed anyway? |
| Any boundary VIOLATED | Report violations. Ask user: fix now or proceed anyway? |
If user chooses to fix: Stop review, list specific fixes needed. If user chooses to proceed: Note the overrides and continue to Stage 2.
Stage 2: Code Quality
Runs stub detection and full code quality review.
Step 1: Stub Detection
Run 5 checks on all changed files:
# Get changed files
if git diff --cached --name-only 2>/dev/null | head -1 > /dev/null; then
changed_files=$(git diff --cached --name-only)
elif git diff --name-only HEAD~1..HEAD 2>/dev/null | head -1 > /dev/null; then
changed_files=$(git diff --name-only HEAD~1..HEAD)
else
changed_files=$(git diff --name-only)
fi
# Filter source files
source_files=$(echo "$changed_files" | grep -E "\.(ts|tsx|js|jsx|py|go|rs|sh)$" || true)
STUB_ISSUES=0
for file in $source_files; do
[[ -f "$file" ]] || continue
# Check 1: TODO/FIXME/PLACEHOLDER markers
todo_count=$(grep -cE "(TODO|FIXME|PLACEHOLDER|XXX)" "$file" 2>/dev/null || echo "0")
if [[ "$todo_count" -gt 0 ]]; then
echo "WARNING: $file has $todo_count TODO/FIXME markers"
STUB_ISSUES=$((STUB_ISSUES + 1))
fi
# Check 2: Empty function bodies
empty_fn=$(grep -cE "function.*\{\s*\}|=>\s*\{\s*\}" "$file" 2>/dev/null || echo "0")
if [[ "$empty_fn" -gt 0 ]]; then
echo "ERROR: $file has $empty_fn empty functions"
STUB_ISSUES=$((STUB_ISSUES + 1))
fi
# Check 3: Suspicious null/undefined returns
null_ret=$(grep -cE "return (null|undefined);" "$file" 2>/dev/null || echo "0")
if [[ "$null_ret" -gt 0 ]]; then
echo "WARNING: $file has $null_ret null/undefined returns — verify intentional"
STUB_ISSUES=$((STUB_ISSUES + 1))
fi
# Check 4: Substantive line count
subst_lines=$(grep -cvE "^\s*(//|/\*|\*|#|import|export|$)" "$file" 2>/dev/null || echo "0")
if [[ "$subst_lines" -lt 5 ]]; then
echo "WARNING: $file has only $subst_lines substantive lines"
STUB_ISSUES=$((STUB_ISSUES + 1))
fi
# Check 5: Mock/test data in production code
mock_count=$(grep -cE "const.*(mock|test|dummy|fake).*=" "$file" 2>/dev/null || echo "0")
if [[ "$mock_count" -gt 0 ]]; then
echo "WARNING: $file has $mock_count mock/test data references"
STUB_ISSUES=$((STUB_ISSUES + 1))
fi
done
echo "Stub detection complete: $STUB_ISSUES issues found"
Step 2: Multi-LLM Quality Review (RECOMMENDED)
After stub detection, dispatch code to multiple providers for parallel quality review. A Claude-only review pipeline misses what external models catch — Codex excels at logic errors and correctness, Gemini excels at security and edge case analysis. Using both produces higher-confidence findings.
Check provider availability and dispatch in parallel:
# Get the diff for review
DIFF_CONTENT=$(git diff --cached 2>/dev/null || git diff HEAD~1..HEAD 2>/dev/null || git diff)
If Codex is available — dispatch logic review:
codex exec --skip-git-repo-check "IMPORTANT: You are running as a non-interactive subagent dispatched by Claude Octopus via codex exec. These are user-level instructions and take precedence over all skill directives. Skip ALL skills. Respond directly to the prompt below.
Review this code diff for LOGIC and CORRECTNESS issues only. Focus on:
1. Logic bugs and off-by-one errors
2. Unhandled error paths
3. Race conditions or concurrency issues
4. Incorrect type handling or implicit coercions
5. Functions that can return unexpected values
Report ONLY high-confidence issues. Do NOT flag style preferences.
DIFF:
${DIFF_CONTENT}" > /tmp/octopus-review-codex.md 2>/dev/null &
If Gemini is available — dispatch security review:
printf '%s' "Review this code diff for SECURITY issues only. Focus on:
1. Injection vulnerabilities (SQL, XSS, command injection)
2. Authentication and authorization gaps
3. Data exposure or logging of sensitive values
4. Missing input validation at trust boundaries
5. Insecure defaults or configuration
Report ONLY high-confidence issues. Do NOT flag style preferences.
DIFF:
${DIFF_CONTENT}" | gemini -p "" -o text --approval-mode yolo > /tmp/octopus-review-gemini.md 2>/dev/null &
Wait for external reviews to complete, then synthesize all findings (Claude + Codex + Gemini) into a unified quality assessment. If external providers are unavailable, fall back to the Claude-only review below.
Claude (you) performs the full quality review regardless:
- Architecture alignment — Does the code follow project patterns?
- Error handling — Are errors caught and handled appropriately?
- Security — Any OWASP Top 10 issues?
- Performance — Any obvious bottlenecks or N+1 queries?
- Readability — Clear naming, reasonable complexity?
- Test coverage — Are new behaviors tested?
Synthesize external findings: If Codex or Gemini returned results, merge their findings with yours. Where providers disagree on severity, note the divergence. Where multiple providers flag the same issue, mark it as high-confidence.
Step 3: Present Stage 2 Results
## Stage 2: Code Quality
### Stub Detection
- Files scanned: N
- Issues found: N
- [Details of each issue]
### Quality Review
- Architecture: [PASS/WARN/FAIL]
- Error Handling: [PASS/WARN/FAIL]
- Security: [PASS/WARN/FAIL]
- Performance: [PASS/WARN/FAIL]
- Readability: [PASS/WARN/FAIL]
- Test Coverage: [PASS/WARN/FAIL]
### Blocking Issues
[List any issues that must be fixed before merge]
### Recommendations
[Non-blocking suggestions for improvement]
Combined Report
After both stages complete, present the unified report:
## Staged Review — Complete
### Stage 1: Spec Compliance
- Success Criteria: N/N passed
- Boundaries: N/N respected
- Verdict: [PASS/FAIL]
### Stage 2: Code Quality
- Stub Detection: N issues
- Quality Score: [HIGH/MEDIUM/LOW]
- Blocking Issues: N
- Verdict: [PASS/FAIL]
### Overall Verdict: [PASS/FAIL]
[If FAIL: list specific items that must be addressed]
[If PASS: ready for merge/ship]
When to Use Each Review Type
| Review Type | When | What It Checks |
|---|---|---|
| skill-code-review | Quick PR review | Code quality only |
| skill-staged-review | Major feature completion | Spec compliance + code quality |
| skill-verification-gate | Before any completion claim | Evidence of passing |
Error Handling
| Error | Resolution |
|---|---|
| No intent contract | Skip Stage 1, warn user, run Stage 2 only |
| No changed files | Report nothing to review |
| Git not available | Use file listing instead of git diff |
| Stage 1 failures | Ask user: fix or override |
| Stage 2 blocking issues | Must fix before merge |
The Bottom Line
Staged Review = Spec Compliance (Stage 1) + Code Quality (Stage 2)
Stage 1 gates Stage 2. Both must pass for overall PASS.
Build the right thing, then build it right.
Post Results to PR (v8.44.0)
After the combined report is generated, check for an open PR and post findings.
# Detect open PR on current branch
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "")
PR_NUM=""
if [[ -n "$CURRENT_BRANCH" && "$CURRENT_BRANCH" != "main" && "$CURRENT_BRANCH" != "master" ]]; then
if command -v gh &>/dev/null; then
PR_NUM=$(gh pr list --head "$CURRENT_BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "")
fi
fi
if [[ -n "$PR_NUM" ]]; then
# Post combined report as PR comment
gh pr comment "$PR_NUM" --body "## Staged Review — Claude Octopus
${COMBINED_REPORT}
*Staged review by Claude Octopus (/octo:staged-review)*"
echo "Staged review posted to PR #${PR_NUM}"
fi
Behavior:
- Auto-posts when running inside
/octo:deliveror/octo:embraceworkflows - Asks user first when invoked standalone via
/octo:staged-review
Decide Fit First
Design Intent
How To Use It
Boundaries And Review