Skill

customer-fit-review

Runs expert persona reviews on generated output (configs, code, reports) against customer deployment profiles to catch operational mismatches before delivery.

devops

deployment

npx claudepluginhub assafkip/kipi-system

Tool Access

This skill uses the workspace's default tool permissions.

Preview

Run expert persona reviews against any generated output, anchored to the customer's actual deployment reality. Catches technically correct but operationally wrong output before it reaches the customer.

SKILL.md

Similar Skills

review

Runs parallel reviews from 6 reviewers (security, UX/DX, external Codex/Gemini CLIs, domain experts) on code, plans, or requirements for quality gates. Invoke via /review --mode code/plan/clarify.

6 files

cwf

santa-method

173.8k

Runs multi-agent adversarial verification: two independent reviewers apply same rubric to output; loops fixing issues until both pass. For prod code ships, docs, compliance.

everything-claude-code

review

Runs parallel specialized reviewers for code, content, strategy, or plan validation using presets like code, security, content, full, with optional mmbridge security integration.

2 files

second-claude-code

Stats

Parent Repo Stars53

Parent Repo Forks10

Last CommitApr 3, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Customer Fit Review

Purpose

When to Use

Invoke when:

Generated output (reports, configs, rules, policies, code) is ready for customer delivery
A demo, POC, or pilot package needs validation
User says "review for [customer]", "customer fit check", "validate output for [name]"
After any automated generation pipeline completes

What This Is NOT

This is not a code review. It does not check whether the code compiles or the tests pass. Those are CI gates. This checks whether the OUTPUT fits the CUSTOMER -- whether it assumes infrastructure they don't have, defaults that would break their environment, or expertise they don't possess.

Input Required

1. Output Files

The files to review. Can be any format: configs, scripts, reports, policies, CSVs, markdown, JSON.

2. Customer Profile

A structured profile with deployment reality fields. Reviews without this profile are prohibited. The SJI Fire incident proved that expert reviews without customer context produce technically correct but operationally wrong results (approved a policy that would have locked out firefighters, assumed infrastructure that didn't exist, claimed coverage on devices with no agent).

customer_profile:
  # Identity
  name: ""
  sector: ""                    # fire_department, healthcare, financial, saas, etc.
  employee_count: 0
  security_team_size: 0         # 0 = solo operator

  # Deployment Reality
  managed_device_count: 0       # devices with your agent/tool installed
  unmanaged_device_count: 0     # BYOD, personal devices, contractor machines
  byod_policy: ""               # allowed, restricted, blocked
  licensing_tier: ""            # what tier of your product/platform they have
  infrastructure_present:       # what they ACTUALLY have running
    - ""
  infrastructure_absent:        # what they DON'T have (common assumptions that are wrong)
    - ""
  integrations_configured:      # what's actually connected and sending data
    - ""
  integrations_not_configured:  # known gaps in their setup
    - ""

  # Context
  compliance_frameworks: []     # derived from sector
  prior_incidents: []           # relevant history
  contact_background: ""        # their expertise level
  contact_constraints: ""       # time, budget, team size limitations
  primary_risk_surface: ""      # where attacks most likely enter their environment

Execution

Wave 1: Profile Validation

Before any reviews, validate the customer profile is complete. If any deployment reality field is empty, STOP and ask. Do not review with assumptions.

Wave 2: Persona Reviews (Parallel)

Spawn one agent per persona. Each agent receives:

The output files relevant to their domain
The full customer profile
The task: "Review this output for [customer name]. They have [X employees], [Y managed devices], [Z unmanaged devices], [licensing tier], [infrastructure present/absent]. Evaluate whether this output helps THIS SPECIFIC customer, not a generic enterprise."

Wave 3: Fix Pass (Sequential)

Collect all findings. Apply fixes. Re-validate affected files.

Persona Definitions

Shared Review Criteria (All Personas)

Every persona checks:

Format correctness - Right file format for the platform?
Syntactic validity - Would this parse/import without errors?
Customer actionability - Can THIS CUSTOMER use this without rewriting?
False positive risk - Would this create noise in an org of THIS SIZE?
Infrastructure fit - Does this assume services/licensing the customer actually has?
Coverage honesty - Do claims account for unmanaged devices and unconfigured integrations?
Response guidance - Does every detection/alert include what to do when it fires?
Triage gates - Does every prerequisite-dependent output include a "does this apply to you?" check?
Provenance - Can the customer trace this back to a source?
Plain language - Could the customer's contact person understand and act on this?

Deviation Rules (Auto-Applied)

These trigger automatically during review. The persona STOPS and flags:

Infrastructure assumption - Output assumes a service, license, or integration the customer doesn't have. Flag it. Add a triage gate or skip the output.
Dangerous default - Output would break the customer's environment (lock out users, delete data, block legitimate access). Flag it. Adjust to safe defaults.
Coverage lie - Output claims "all devices" or "fully covered" when coverage is partial (unmanaged devices, unconfigured integrations). Flag it. Qualify the claim.
Expertise assumption - Output requires knowledge the customer's contact doesn't have, with no explanation or portal path. Flag it. Add plain-language guidance.

Persona List

Personas are domain-specific. Define them based on the output being reviewed. Common set:

Domain Expert Personas (technical review with customer context):

One persona per major output domain (e.g., detection rules, identity policies, compliance, infrastructure configs)
Each persona is an expert in that domain who has worked with small/resource-constrained organizations
Each reviews for technical correctness AND customer fit simultaneously

The Customer Persona (non-negotiable, always included):

Constructed from the customer profile's contact_background and contact_constraints
Reviews AS the customer, not FOR the customer
Asks: "Can I do this with my resources? Do I know what to do if something goes wrong? Does this make me feel stupid? Would I pay for this?"
This persona's "would use" verdict is the ultimate gate

Persona Output Format

## [Persona Name] Review
Pass/Fail: [PASS | FAIL | PASS WITH NOTES]
Customer-fit: [Does this help THIS SPECIFIC customer?]
Issues: [numbered list with severity]
Fixes: [numbered list with specific file/line changes]
Confidence: [Would deploy as-is | Needs minor edits | Needs rework]

Output

[output-dir]/
  persona-reviews.md          # All reviews with scorecard
  customer_profile.yaml       # Profile used for reviews
  fixes-applied.md            # List of fixes applied after reviews

Completion Gate

All domain expert personas pass (PASS or PASS WITH NOTES)
Customer persona says "would use"
No deviation rule was triggered without resolution
No output assumes infrastructure the customer doesn't have without a triage gate
No output would break the customer's environment with current defaults
Every finding is either fixed or documented as a known limitation