review

Use when you want to check whether a code change follows the repository's documented conventions (Standards) and aligns with the originating issue or PRD (Spec) — compared against a pinned git reference

8 stars

Best use case

review is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Use when you want to check whether a code change follows the repository's documented conventions (Standards) and aligns with the originating issue or PRD (Spec) — compared against a pinned git reference

Teams using review should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/review/SKILL.md --create-dirs "https://raw.githubusercontent.com/drvoss/everything-copilot-cli/main/skills/development/review/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/review/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How review Compares

Feature / AgentreviewStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Use when you want to check whether a code change follows the repository's documented conventions (Standards) and aligns with the originating issue or PRD (Spec) — compared against a pinned git reference

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Review

Review compares the diff between `HEAD` and a pinned git reference along two deliberately separate
axes:

- **Standards** - does the change follow this repository's documented conventions?
- **Spec** - does the change match the originating issue, PRD, or spec?

Run the two axes in separate agent sessions in parallel, then report them side by side. Keeping them
independent prevents coding-standard findings from hiding scope or requirement mismatches, and vice
versa.

## When to Use

- The user asks to "review since X", review a branch, or compare work against a commit, branch, tag,
  or `HEAD~N`
- You need to verify both repository conventions and requirement alignment, not just general code
  quality
- A branch looks plausible, but you need to separate "implemented correctly" from "implemented as
  requested"
- You want a review artifact that distinguishes standards violations from spec drift

## When NOT to Use

| Instead of review | Use |
|-------------------|-----|
| You only need a general quality or correctness pass | `code-review` |
| You want a broad 6-lens PR review across PM, QA, Security, DevOps, and UX | `pr-multi-perspective-review` |
| The task is to verify a delegated implementation against a handoff or task file item-by-item after it landed | `implementation-review` |

## Workflow

### 1. Pin the reference first

Do not review against a fuzzy baseline. Use exactly what the user supplied: a commit SHA, branch,
tag, `main`, `HEAD~5`, or another explicit git reference.

If the user did not specify one, stop and ask what to compare against.

Use one stable comparison for both axes:

```text
git --no-pager diff <reference>...HEAD
git --no-pager log <reference>..HEAD --oneline
```

Use the same diff and commit list for both review axes so the findings stay comparable.

### 2. Find the spec source

Look for the originating spec in this order:

1. Issue or ticket references in commit messages
2. A path the user provided directly
3. A matching doc under `docs/`, `specs/`, or `.scratch/`

If you still cannot find one, ask the user where the spec lives. If there is no spec, skip the
Spec axis explicitly and report that no spec source was available.

### 3. Find the standards sources

Collect the repo's documented conventions before reviewing the diff. Common sources include:

- `COPILOT.md`, `.github/copilot-instructions.md`, `AGENTS.md`, `CONTRIBUTING.md`
- `CONTEXT.md`, `CONTEXT-MAP.md`, and context-specific `CONTEXT.md` files
- `docs/adr/`, `STYLE.md`, `STANDARDS.md`, `STYLEGUIDE.md`
- `.editorconfig`, `eslint.config.*`, `biome.json`, `prettier.config.*`, `tsconfig.json`

Note machine-enforced standards, but do not spend review effort rediscovering violations the tooling
already proves.

### 4. Run the two review axes in parallel

Spawn two separate agent sessions so their findings do not contaminate each other.

#### Standards axis brief

- Read the standards sources first
- Read the pinned diff second
- Report every place the diff violates a documented standard
- Cite the rule source for each finding
- Separate hard violations from judgement calls
- Skip checks already enforced by tooling

#### Spec axis brief

- Read the spec first
- Read the pinned diff second
- Report requirements that are missing or partial
- Report behavior that was not requested
- Report requirements that appear implemented incorrectly
- Quote the relevant spec line or requirement for each finding

### 5. Aggregate without merging the axes

Present the results in two separate sections:

```markdown
## Standards
- ...

## Spec
- ...
```

Do not collapse them into one ranked list. End with a one-line summary that states the finding count
per axis and the worst issue, if any.

## Why Two Axes Matter

Either axis can pass while the other fails:

- A change can match the spec but break local standards
- A change can follow local standards but implement the wrong thing

Keeping the reports separate makes both failure modes obvious.

## Common Rationalizations

| Rationalization | Reality |
|----------------|---------|
| "A normal code review already covers this." | General quality review often misses whether the change actually matches the originating spec. |
| "If tests pass, the spec must be satisfied." | Tests can pass while the wrong requirement was implemented. |
| "Standards and spec are basically the same thing." | One governs how the repo wants code written; the other governs what the change was meant to do. |

## Red Flags

- The review starts before the comparison point is pinned
- Findings mention standards without citing where the standard is documented
- The spec axis silently disappears instead of explicitly reporting "no spec available"
- The final report mixes standards and spec findings into one merged severity list

## Verification

- [ ] A pinned git reference was supplied or confirmed
- [ ] Both axes reviewed the same diff and commit range
- [ ] Standards findings cite repository guidance
- [ ] Spec findings cite the original issue, PRD, or spec when available
- [ ] The final output keeps `## Standards` and `## Spec` separate

## See Also

- [`code-review`](../code-review/SKILL.md) - single-pass review for correctness, quality, and security
- [`pr-multi-perspective-review`](../pr-multi-perspective-review/SKILL.md) - six-lens PR review
- [`implementation-review`](../../workflow/implementation-review/SKILL.md) - post-implementation review against a task spec or handoff

Related Skills

implementation-review

8
from drvoss/everything-copilot-cli

Use after an implementation pass lands — compare the original task spec or handoff against the delivered diff, classify each requested item, and produce an actionable follow-up report.

qa-review

8
from drvoss/everything-copilot-cli

Use when reviewing or planning QA strategy for a feature, PR, or release so test coverage, test quality, reliability, and defect reporting are handled as a coherent engineering discipline instead of ad hoc checks.

pr-security-review

8
from drvoss/everything-copilot-cli

Use when reviewing a pull request for security issues — automatically analyzes the diff for vulnerabilities, hardcoded secrets, injection risks, and broken access control before merging

gha-security-review

8
from drvoss/everything-copilot-cli

Use when reviewing GitHub Actions workflows for exploitable vulnerabilities — finds pwn-request patterns, expression injection, credential escalation, config poisoning, and supply chain risks, and reports only HIGH and MEDIUM confidence findings with concrete attack paths.

pr-multi-perspective-review

8
from drvoss/everything-copilot-cli

Review a pull request from 6 perspectives (PM, Dev, QA, Security, DevOps, UX) for comprehensive, bias-free feedback

code-review

8
from drvoss/everything-copilot-cli

Use when reviewing code changes for quality, correctness, and security — runs a structured checklist with severity-rated findings

verification-before-completion

8
from drvoss/everything-copilot-cli

Use before claiming any task is done — run the exact command that proves the fix works, read the output, and only then report success.

using-git-worktrees

8
from drvoss/everything-copilot-cli

Use when you need multiple branches checked out at once — create isolated working directories for parallel development without cloning the repository repeatedly

triage

8
from drvoss/everything-copilot-cli

Use when a single issue needs structured triage — classify it, reproduce if needed, request missing information, and leave a durable brief or close-out note in the tracker.

to-issues

8
from drvoss/everything-copilot-cli

Use when a plan, spec, or PRD must become an actionable backlog — break it into thin dependency-aware issues that each deliver a verifiable vertical slice

sprint-workflow

8
from drvoss/everything-copilot-cli

Use when starting a new feature, refactor, or multi-step dev task — runs the full sprint cycle (Think → Plan → Build → Review → Test → Ship → Monitor) using Copilot CLI's plan/autopilot modes.

sprint-retro

8
from drvoss/everything-copilot-cli

Use at the end of a sprint to run a data-driven retrospective — analyzes session history and git metrics to surface what shipped, what slowed you down, and concrete improvements.