Coordinates parallel multi-expert PR code review. Activates with /zen:pr:review or when user asks for "code review", "PR feedback", "security check", "review my changes", "レビューして", "PRレビュー", "コードチェック", "セキュリティ確認", "変更を確認", "コードレビュー". Spawns specialized reviewers (Security, API, Database, DevOps, Frontend, Test, Dependencies, Prompt Engineer, Tech Writer) based on changed file patterns. Produces unified findings with severity levels.
Coordinates parallel expert code reviews for pull requests based on changed file patterns and content analysis.
npx claudepluginhub b16b1rd/cc-zen-workflowThis skill inherits all available tools. When active, it can use any tool Claude has access to.
api.mdcode-quality.mddatabase.mddependencies.mddevops.mdfrontend.mdperformance.mdprompt-engineer.mdreferences/context-management.mdreferences/cross-validation.mdreferences/output-format.mdsecurity.mdtech-writer.mdtest.mdFile naming convention: SKILL.md is the coordinator file for the skill group. Each expert skill is named in {type}.md format (e.g., security.md, api.md).
This skill coordinates the multi-reviewer PR review process using specialized expert agents.
This skill is activated during /zen:pr:review command execution.
The table below shows primary file patterns. Each skill file's Activation section defines additional detailed patterns.
| Reviewer | Skill File | File Patterns (Primary) |
|---|---|---|
| Security Expert | security.md | **/security/**, **/auth/**, auth*, crypto*, **/middleware/auth* |
| Performance Expert | performance.md | **/*.sh, **/hooks/**, **/api/**, **/services/** |
| DevOps Expert | devops.md | .github/**, Dockerfile*, docker-compose*, *.yml (CI), Makefile |
| Test Expert | test.md | **/*.test.*, **/*.spec.*, **/test/**, **/__tests__/**, jest.config.*, vitest.config.*, cypress/**, playwright/** |
| API Design Expert | api.md | **/api/**, **/routes/**, **/handlers/**, **/controllers/**, openapi.*, swagger.* |
| Frontend Expert | frontend.md | **/*.css, **/*.scss, **/styles/**, **/components/**, *.jsx, *.tsx, *.vue |
| Database Expert | database.md | **/db/**, **/models/**, **/migrations/**, **/*.sql, prisma/**, drizzle/** |
| Dependencies Expert | dependencies.md | package.json, *lock*, requirements.txt, Pipfile, go.mod, Cargo.toml |
| Prompt Engineer | prompt-engineer.md | commands/**/*.md, skills/**/*.md |
| Technical Writer | tech-writer.md | **/*.md (excluding commands/skills), docs/**, README* |
Note: The table above shows representative patterns only. Each skill file's Activation section is the source of truth.
Emoji usage policy: Emojis are used only for the following visibility purposes. Individual skill file Findings output must not use emojis:
🧘 zen レビュー結果)🧘 zen 作業メモリ)⚠️ 矛盾する指摘を検出)Language policy: Section headings use English; descriptions and notes use Japanese. Pattern descriptions in tables may use Japanese for brevity.
All reviewers must follow these quality standards when reporting findings. These are detailed in each skill file's "Finding Quality Guidelines" section.
| Principle | Description |
|---|---|
| No Vague Findings | Vague findings like "needs confirmation" or "may be an issue" are prohibited |
| Investigate First | Investigate before reporting (use Read, Grep, WebSearch, etc.) |
| Concrete Evidence Only | Only report findings with concrete facts and evidence |
| No Finding If Unconfirmed | Do not report findings that could not be confirmed after investigation |
Reviewers should investigate using these tools before reporting:
| Tool | Purpose |
|---|---|
| Read | Check contents of related files/documents |
| Grep | Search patterns within the codebase |
| Glob | Explore related files |
| WebSearch | Gather information via search queries (CVEs, best practices, multi-source comparison) |
| WebFetch | Fetch details from specific URLs (official docs, known references) |
Prohibited (vague): "May need verification", "Possible security risk", "Might affect performance"
Required (concrete): Cite specific evidence from investigation (Grep results, file locations, OWASP references, performance metrics)
Mapping of reviewer identifiers (reviewer_type) to display names. Update this table when adding new reviewers.
| reviewer_type | 日本語表示名 | Skill File |
|---|---|---|
| security | セキュリティ専門家 | security.md |
| performance | パフォーマンス専門家 | performance.md |
| devops | DevOps 専門家 | devops.md |
| test | テスト専門家 | test.md |
| api | API 設計専門家 | api.md |
| frontend | フロントエンド専門家 | frontend.md |
| database | データベース専門家 | database.md |
| dependencies | 依存関係専門家 | dependencies.md |
| prompt-engineer | プロンプトエンジニア | prompt-engineer.md |
| tech-writer | テクニカルライター | tech-writer.md |
| code-quality | コード品質専門家 | code-quality.md |
Note: This table is the source of truth. commands/pr/review.md also references this table. The code-quality reviewer is used exclusively as a fallback when no other reviewers match (see "No Reviewers Match" section below and review.md Phase 3.2).
For each changed file:
1. Match against all reviewer patterns
2. Collect matching reviewers
3. Track file count per reviewer
Analyze diff content for:
- Security keywords (representative): password, token, secret, auth, crypto, hash, encrypt, decrypt, credential, api_key, private_key, cert
- Performance keywords (representative): cache, async, await, promise, worker
- Data keywords (representative): query, migration, schema, index, transaction
Note: The above are representative keyword examples. The authoritative keyword list is defined in commands/pr/review.md Phase 2.3 ("Security keyword detection" section). Detailed activation patterns are defined in each reviewer skill file (security.md, database.md, etc.) under the Activation section.
Select all reviewers that:
1. Match file patterns from Phase 1
2. Match content keywords from Phase 2 (if enabled)
No prioritization by file count.
All matching reviewers are selected.
Apply constraints from zen-config.yml:
- min_reviewers: Minimum reviewers to select
Special rules:
- Security reviewer inclusion depends on zen-config.yml security_reviewer settings (see review.md Phase 3.2)
- If no reviewers match, use code-quality reviewer as fallback (min_reviewers)
Note: For detailed mandatory selection conditions for Security Expert, see commands/pr/review.md Phase 3.2 (Reviewer Selection).
Return only reviewer list and file counts.
Data retention approach:
Claude retains selection results internally for use in subsequent phases. Specifically:
At Phase 2 completion: Remember the following information
Usage in Phase 4: Embed remembered information into each Task tool's prompt parameter
Note: No explicit output as JSON or data structures. Information is retained within Claude's conversation context and referenced in the necessary phases.
Context management strategy:
For context management during large PR reviews, see references/context-management.md. Refer to that file as the source of truth for detailed thresholds and guidelines.
Load complete skill file only when reviewer is activated:
Read skill file: {plugin_root}/skills/reviewers/{type}.md
Extract:
- Review checklist
- Severity definitions
- Output format
Example behavior:
If PR changed files are src/api/users.ts and src/auth/login.ts:
auth, token keywords, boosting Security Expert priorityskills/reviewers/security.md via Read tool, embed in Task tool promptskills/reviewers/api.md via Read tool, embed in another Task tool promptThis skill implements the Generator-Critic pattern for enhanced review quality.
Phase mapping:
commands/pr/review.md Phase 4 (Parallel review execution)commands/pr/review.md Phase 5 (Result validation & integration)Each selected reviewer acts as a Generator:
After all generators complete, a Critic phase validates:
If Critic identifies issues:
Logic to validate and integrate results from multiple reviewers.
See references/cross-validation.md for details.
For review result output format, see references/output-format.md.
Individual Reports: Each reviewer generates Domain-Specific Analysis + Findings table + Summary
Unified Report: Coordinator integrates Overall Assessment + Reviewer Consensus + Cross-Validated Findings
Findings table format (common):
| Severity | File:Line | Issue | Recommendation |
|---|---|---|---|
| {level} | {location} | {description} | {fix suggestion} |
If skill file missing:
1. Log warning
2. Use fallback inline profile
3. Continue with remaining reviewers
Note: Task tool timeout is managed internally by Claude Code. Users cannot directly specify a timeout parameter.
If reviewer task exceeds internal timeout:
1. Task tool returns an error
2. Mark the reviewer as "incomplete"
3. Continue with other reviewers' results
4. Note "{reviewer_type}: タイムアウト" in unified report
When no file patterns match, use code-quality reviewer as fallback. Security Expert inclusion follows zen-config.yml settings (see review.md Phase 3.2).
If no file patterns match:
1. Use code-quality reviewer as fallback (min_reviewers)
2. Apply Security Expert selection rules from zen-config.yml (see review.md Phase 3.2)
3. Warn user about limited review scope
4. Suggest manual reviewer selection if needed
Activates when the user asks about AI prompts, needs prompt templates, wants to search for prompts, or mentions prompts.chat. Use for discovering, retrieving, and improving prompts.
Search, retrieve, and install Agent Skills from the prompts.chat registry using MCP tools. Use when the user asks to find skills, browse skill catalogs, install a skill for Claude, or extend Claude's capabilities with reusable AI agent components.
Creating algorithmic art using p5.js with seeded randomness and interactive parameter exploration. Use this when users request creating art using code, generative art, algorithmic art, flow fields, or particle systems. Create original algorithmic art rather than copying existing artists' work to avoid copyright violations.