From quantum-loop
Aggregates multi-perspective reviews from 2-7 AI agents for quantum-loop features based on risk score, with actionability filters and deduplication. Use after per-story reviews pass and before feature PR merge.
npx claudepluginhub andyzengmath/quantum-loop --plugin quantum-loopThis skill is limited to using the following tools:
quantum-loop's built-in two-stage review gate (`ql-review`: spec-compliance → code-quality) operates on ONE story at a time inside ONE worktree. It does not detect:
Performs structured code reviews on git branches or PRs using tiered persona agents, confidence-gated findings, and a merge/dedup pipeline. Use before creating PRs or for feedback on changes.
Conducts single-pass code reviews enforcing test evidence gates (e.g., passing E2E tests), spec compliance, quality checks, and confidence-based issue reporting.
Performs structured code reviews using tiered persona agents, confidence-gated findings, and merge/dedup pipeline on code changes or PRs before merging.
Share bugs, ideas, or general feedback.
quantum-loop's built-in two-stage review gate (ql-review: spec-compliance → code-quality) operates on ONE story at a time inside ONE worktree. It does not detect:
'google' as a secret key while story B uses 'google-api-key' for the same constant).ql-deep-review closes these gaps with a whole-feature review that runs AFTER all stories in a wave / feature pass the per-story gate.
ql-execute emits COMPLETE for a wave and before merging the feature branch to master.ql-review per story, then this.Risk factors and weights (inspired by soliton's risk-adaptive dispatch):
| Factor | Weight | Measurement |
|---|---|---|
| Blast radius | 25 | count of files touched in wave × (max transitive callers of any touched symbol ÷ 100) |
| Change complexity | 15 | difftastic or cloc diff line count; tree-sitter function edit count |
| Sensitive paths | 20 | glob match: auth/, payment/, *.env*, *secret*, *password*, *token* |
| File size / scope | 10 | total LOC touched / number of files |
| AI-authored signal | 10 | git commit trailer Co-Authored-By: Claude, uniform-style heuristic |
| Test coverage gap | 10 | production files touched without corresponding test edits |
| Intent-drift signal | 10 | ql-intent-check CRITICAL findings count (optional input) |
Score → dispatch tier:
/ask). 10-15 min plus manual inspection.All agents are invoked via the Agent tool in parallel. Each receives:
BASE_SHA..HEAD_SHA — whole-feature diff scopePRD_PATH — path to the feature PRDSTORY_LIST — JSON list of stories executed with their IDs and statusINTENT_SNAPSHOT — verbatim user intent (from quantum.json.userIntent if present)CHANGED_FILES — file-list manifestoh-my-claudecode:code-reviewer — severity-rated findings (CRITICAL / HIGH / MEDIUM / LOW) with line-level evidence.soliton:synthesizer — risk-adaptive PR-style review; contributes a reviewer-side risk score and a READY_TO_MERGE / NEEDS_REWORK / BLOCKED verdict.oh-my-claudecode:security-reviewer — OWASP Top 10 + secret exposure + input validation; hard-dispatched when sensitive-paths factor > 0.oh-my-claudecode:test-engineer — test-quality audit: AC-to-test mapping, over-mock detection (Hora & Robbes 2026), missing edge cases.oh-my-claudecode:critic — multi-perspective adversarial critique; self-audit + Realist Check.oh-my-claudecode:architect — architectural review: SOLID, layering, cross-cutting concerns.omc ask codex --agent-prompt critic (Codex reviews Claude's output) OR omc ask gemini. Different failure modes → higher catch rate.Every finding returned by a reviewer MUST include:
file (string, path)line or line_start + line_end (integer)evidence_type: one of code-reference / command-output / spec-citation / test-failure / diff-hunkseverity: critical / high / medium / low / infoconfidence: 0-100Findings missing any required field are moved to a suppressed[] array with reason "no actionable evidence." Surface count to the user; do not silently drop.
Group findings by (file, line_start, severity); merge identical claims from different reviewers by concatenating agents array. Increases confidence when multiple reviewers agree (per MARS 2509.20502).
Two findings on the same (file, line) with opposed verdicts (e.g., one says "introduce abstraction", another says "remove abstraction") are flagged in a conflicts[] block for user arbitration.
For every finding that cites a file / symbol / API:
[ -f "$file" ].suggested_fix actually match project toolchain.
Findings that fail this check move to suppressed[] with reason "reviewer hallucinated target."The orchestrator (or this skill's own synthesis step) produces:
APPROVE / APPROVE_WITH_COMMENTS / REQUEST_CHANGES / BLOCKS_MERGE.Emits a single JSON artifact at quantum.reviews[<feature-id>].deepReview:
{
"feature_id": "<prd-id or feature-slug>",
"base_sha": "<before-first-story-commit>",
"head_sha": "<after-last-story-commit>",
"files_changed": 12,
"stories_included": ["US-001", "US-002", ...],
"timestamp": "<ISO 8601>",
"risk_score": 47,
"tier": "MEDIUM",
"reviewers_dispatched": ["code-reviewer", "synthesizer", "security-reviewer", "test-engineer"],
"findings": [
{
"id": "F-001",
"agents": ["code-reviewer", "synthesizer"],
"severity": "high",
"confidence": 88,
"category": "correctness",
"file": "src/auth/session.ts",
"line_start": 42, "line_end": 48,
"evidence_type": "code-reference",
"description": "<what>",
"suggested_fix": "<how>",
"cites": ["PRD AC-3", "tests/auth.test.ts:100"]
}
],
"conflicts": [],
"suppressed": [{"agent": "architect", "reason": "no line citation", "count": 2}],
"kudos": ["Clean separation of concerns in the new token-refresh flow"],
"verdict": "APPROVE_WITH_COMMENTS",
"blockers": [],
"high_priority": ["F-001", "F-003"]
}
Also emits a human-readable markdown summary to docs/reviews/<feature-id>-deep-review.md.
| The agent says… | The truth is… |
|---|---|
| "We already did per-story review, this is redundant" | Per-story review is story-LOCAL. Cross-story + whole-feature review catches different defects. Both are required. |
| "Risk score is LOW, skip the deep review" | Run LOW-tier anyway (2 reviewers, 2-3 min). The cost is a rounding error on a multi-hour autonomous run. |
| "Reviewer didn't cite evidence but it's clearly right" | Without evidence the finding is an opinion. Suppress it. Low-signal findings lower the whole reviewer distribution per Chowdhury 2604.03196. |
| "Conflict between two reviewers means one is wrong — pick the stronger" | No. Log the conflict and let the user arbitrate. Silent pick is a different failure mode. |
| "APPROVE_WITH_COMMENTS means done" | Comments still need addressing before merge unless user explicitly waives them. Treat "approve with comments" as "conditional approve." |
| "Hallucination check failed on one finding — suppress the whole report" | Suppress just the hallucinated finding. Rest of the report is valid. |
/quantum-loop:ql-deep-review
With optional arguments:
/quantum-loop:ql-deep-review --tier=CRITICAL # Force tier escalation
/quantum-loop:ql-deep-review --exclude=architect # Skip one reviewer
/quantum-loop:ql-deep-review --feature=<prd-id> # Explicit feature scope
ql-review (per-story): runs per story inside each worktree. Different scope.ql-verify (Iron Law): runs as the last check inside a story's implementer agent. Different granularity.ql-execute: after emitting COMPLETE, should invoke ql-deep-review before handing the merged branch back to the user (opt-in via --deep-review flag).ql-intent-check: feeds the "intent-drift signal" risk factor. Can be run independently first to pre-populate the signal.ql-housekeep: pre-flight hygiene check; findings here are inputs to the reviewer dispatch context.