From octo
Multi-AI validation and review using Codex and Gemini CLIs (Double Diamond Deliver phase). Use when: AUTOMATICALLY ACTIVATE when user requests validation or review:. "review X" or "validate Y" or "test Z". "check if X works correctly"
How this skill is triggered — by the user, by Claude, or both
Slash command
/octo:flow-deliverThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Before starting delivery:
Before starting delivery:
.octo/STATE.md to verify Develop phase complete# Verify Develop phase is complete
if [[ -f ".octo/STATE.md" ]]; then
develop_status=$("${CLAUDE_PLUGIN_ROOT}/scripts/octo-state.sh" get_phase_status 3)
if [[ "$develop_status" != "complete" ]]; then
echo "⚠️ Warning: Develop phase not marked complete. Consider completing development first."
fi
fi
# Update state for Delivery phase
"${CLAUDE_PLUGIN_ROOT}/scripts/octo-state.sh" update_state \
--phase 4 \
--position "Delivery" \
--status "in_progress"
This skill uses ENFORCED execution mode. You MUST follow this exact sequence.
Analyze the user's prompt and project to determine context:
Knowledge Context Indicators:
Dev Context Indicators:
Also check: What is being reviewed? Code files → Dev, Documents → Knowledge
Capture context_type = "Dev" or "Knowledge"
DO NOT PROCEED TO STEP 2 until context determined.
Check provider availability:
command -v codex &> /dev/null && codex_status="Available ✓" || codex_status="Not installed ✗"
command -v gemini &> /dev/null && gemini_status="Available ✓" || gemini_status="Not installed ✗"
Display this banner BEFORE orchestrate.sh execution:
For Dev Context:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation mode
✅ [Dev] Deliver Phase: [Brief description of code review]
Provider Availability:
🔴 Codex CLI: ${codex_status} - Code quality analysis
🟡 Gemini CLI: ${gemini_status} - Security and edge cases
🔵 Claude: Available ✓ - Synthesis and recommendations
💰 Estimated Cost: $0.02-0.08
⏱️ Estimated Time: 3-7 minutes
For Knowledge Context:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation mode
✅ [Knowledge] Deliver Phase: [Brief description of document review]
Provider Availability:
🔴 Codex CLI: ${codex_status} - Structure and logic analysis
🟡 Gemini CLI: ${gemini_status} - Content quality and completeness
🔵 Claude: Available ✓ - Synthesis and recommendations
💰 Estimated Cost: $0.02-0.08
⏱️ Estimated Time: 3-7 minutes
Validation:
/octo:setupDO NOT PROCEED TO STEP 3 until banner displayed.
Before executing the workflow, read full project context:
# Initialize state if needed
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" init_state
# Set current workflow
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" set_current_workflow "flow-deliver" "deliver"
# Get all prior decisions (critical for validation)
prior_decisions=$("${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" get_decisions "all")
# Get context from all prior phases
discover_context=$("${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" get_context "discover")
define_context=$("${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" get_context "define")
develop_context=$("${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" get_context "develop")
# Display what you found (validation needs full context)
echo "📋 Validation Context Summary:"
if [[ "$discover_context" != "null" ]]; then
echo " Discovery: $discover_context"
fi
if [[ "$define_context" != "null" ]]; then
echo " Definition: $define_context"
fi
if [[ "$develop_context" != "null" ]]; then
echo " Development: $develop_context"
fi
if [[ "$prior_decisions" != "[]" && "$prior_decisions" != "null" ]]; then
echo " Decisions to validate against:"
echo "$prior_decisions" | jq -r '.[] | " - \(.decision) (\(.phase))"'
fi
This provides full context for validation:
DO NOT PROCEED TO STEP 4 until state read.
You MUST execute this command via the Bash tool:
${CLAUDE_PLUGIN_ROOT}/scripts/orchestrate.sh deliver "<user's validation request>"
CRITICAL: You are PROHIBITED from:
This is NOT optional. You MUST use the Bash tool to invoke orchestrate.sh.
If running in Claude Code v2.1.16+, users will see real-time progress indicators in the task spinner:
Phase 1 - External Provider Execution (Parallel):
Phase 2 - Synthesis (Sequential):
These spinner verb updates happen automatically - orchestrate.sh calls update_task_progress() before each agent execution. Users see exactly which provider is working and what it's doing.
If NOT running in Claude Code v2.1.16+: Progress indicators are silently skipped, no errors shown.
After orchestrate.sh completes, verify it succeeded:
# Find the latest validation file (created within last 10 minutes)
VALIDATION_FILE=$(find ~/.claude-octopus/results -name "ink-validation-*.md" -mmin -10 2>/dev/null | head -n1)
if [[ -z "$VALIDATION_FILE" ]]; then
echo "❌ VALIDATION FAILED: No validation file found"
echo "orchestrate.sh did not execute properly"
exit 1
fi
echo "✅ VALIDATION PASSED: $VALIDATION_FILE"
cat "$VALIDATION_FILE"
If validation fails:
~/.claude-octopus/logs/After validation is complete, record final metrics:
# Update deliver phase context with validation summary
validation_summary=$(head -30 "$VALIDATION_FILE" | grep -A 2 "## Summary\|Pass\|Fail" | tail -2 | tr '\n' ' ')
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" update_context \
"deliver" \
"$validation_summary"
# Update final metrics (completion of full workflow)
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" update_metrics "phases_completed" "1"
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" update_metrics "provider" "codex"
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" update_metrics "provider" "gemini"
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" update_metrics "provider" "claude"
# Display final state summary
echo ""
echo "📊 Session Complete - Final Metrics:"
"${CLAUDE_PLUGIN_ROOT}/scripts/state-manager.sh" show_summary
DO NOT PROCEED TO STEP 7 until state updated.
Read the validation file and present:
Include attribution:
---
*Multi-AI Validation powered by Claude Octopus*
*Providers: 🔴 Codex | 🟡 Gemini | 🔵 Claude*
*Full validation report: $VALIDATION_FILE*
BEFORE executing ANY workflow actions, you MUST:
Analyze the user's prompt and project to determine context:
Knowledge Context Indicators (in prompt):
Dev Context Indicators (in prompt):
Also check: What is being reviewed? Code files → Dev, Documents → Knowledge
For Dev Context:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation mode
✅ [Dev] Deliver Phase: [Brief description of code review]
📋 Session: ${CLAUDE_SESSION_ID}
Providers:
🔴 Codex CLI - Code quality analysis
🟡 Gemini CLI - Security and edge cases
🔵 Claude - Synthesis and recommendations
For Knowledge Context:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation mode
✅ [Knowledge] Deliver Phase: [Brief description of document review]
📋 Session: ${CLAUDE_SESSION_ID}
Providers:
🔴 Codex CLI - Structure and logic analysis
🟡 Gemini CLI - Content quality and completeness
🔵 Claude - Synthesis and recommendations
This is NOT optional. Users need to see which AI providers are active and understand they are being charged for external API calls (🔴 🟡).
Part of Double Diamond: DELIVER (convergent thinking)
DELIVER (ink)
\ /
\ /
\ /
\ /
\ /
Converge to
delivery
The deliver phase validates and reviews implementations using external CLI providers:
This is the convergent phase for delivery - we ensure quality before shipping.
Use deliver when you need:
Don't use deliver for:
Before execution, you'll see:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation
✅ Deliver Phase: Reviewing and validating implementation
Providers:
🔴 Codex CLI - Code quality and best practices
🟡 Gemini CLI - Security and edge cases
🔵 Claude - Synthesis and validation report
${CLAUDE_PLUGIN_ROOT}/scripts/orchestrate.sh deliver "<user's validation request>"
The orchestrate.sh script will:
The ink phase includes automatic quality validation via PostToolUse hook:
Results are saved to:
~/.claude-octopus/results/${SESSION_ID}/ink-validation-<timestamp>.md
Read the synthesis and present findings with quality scores to the user.
When this skill is invoked, follow the EXECUTION CONTRACT above exactly. The contract includes:
Each step is mandatory and blocking - you cannot proceed to the next step until the current one completes successfully.
Create tasks to track execution progress:
// At start of skill execution
TaskCreate({
subject: "Execute deliver workflow with multi-AI providers",
description: "Run orchestrate.sh deliver for validation",
activeForm: "Running multi-AI deliver workflow"
})
// Mark in_progress when calling orchestrate.sh
TaskUpdate({taskId: "...", status: "in_progress"})
// Mark completed ONLY after validation report presented
TaskUpdate({taskId: "...", status: "completed"})
If any step fails:
/octo:setup and STOPNever fall back to direct review if orchestrate.sh execution fails. Report the failure and let the user decide how to proceed.
After successful execution, present validation report with:
# Validation Report: <task>
## Overall Status: ✅ PASSED / ⚠️ PASSED WITH WARNINGS / ❌ FAILED
**Quality Score**: XX/100
## Summary
[Brief summary of validation findings]
## Critical Issues (Must Fix)
- [ ] Issue 1: [Description]
- [ ] Issue 2: [Description]
## Warnings (Should Fix)
- [ ] Warning 1: [Description]
- [ ] Warning 2: [Description]
## Recommendations (Nice to Have)
- [ ] Recommendation 1: [Description]
- [ ] Recommendation 2: [Description]
## Validation Details
### Code Quality (Codex Analysis)
**Score**: XX/100
- [Specific findings about code quality]
- [Best practice violations]
- [Improvement suggestions]
### Security Audit (Gemini Analysis)
**Score**: XX/100
- [Security vulnerabilities found]
- [Authentication/authorization issues]
- [Input validation concerns]
### Final Validation (Claude Synthesis)
**Score**: XX/100
- [Integrated assessment]
- [Risk analysis]
- [Go/no-go recommendation]
## Quality Gates
- [X] Code Quality: XX/100 (PASSED/FAILED)
- [X] Security: XX/100 (PASSED/FAILED)
- [X] Best Practices: XX/100 (PASSED/FAILED)
- [X] Completeness: XX/100 (PASSED/FAILED)
## Next Steps
[Recommended actions based on findings]
Full validation report saved to: <validation file path>
User: Review the authentication implementation in src/auth/
Claude:
🐙 **CLAUDE OCTOPUS ACTIVATED** - Multi-provider validation
✅ Deliver Phase: Reviewing authentication implementation
[Executes: ${CLAUDE_PLUGIN_ROOT}/scripts/orchestrate.sh deliver "Review authentication implementation in src/auth/"]
[After completion, reads validation and presents:]
# Validation Report: Authentication Implementation
## Overall Status: ⚠️ PASSED WITH WARNINGS
**Quality Score**: 78/100
## Summary
The authentication implementation is functional and follows most best practices, but has security concerns with token storage and missing rate limiting. Code quality is good with TypeScript types and error handling. Recommend addressing security warnings before production deployment.
## Critical Issues (Must Fix)
- [ ] **Security**: JWT secret is hardcoded in auth/config.ts (should use env variable)
- [ ] **Security**: No rate limiting on /login endpoint (vulnerability to brute force)
## Warnings (Should Fix)
- [ ] **Best Practice**: Password validation regex could be stronger (min 12 chars, special chars)
- [ ] **Testing**: Missing unit tests for token refresh logic
- [ ] **Error Handling**: Generic error messages leak whether email exists (account enumeration)
## Recommendations (Nice to Have)
- [ ] **UX**: Add "remember me" functionality for longer sessions
- [ ] **Monitoring**: Add logging for failed login attempts
- [ ] **Documentation**: Add JSDoc comments for public API methods
## Validation Details
### Code Quality (Codex Analysis)
**Score**: 85/100
**Strengths**:
- Clean TypeScript with proper types
- Good separation of concerns (controller/service/middleware)
- Proper async/await error handling
- Express middleware pattern used correctly
**Issues**:
- Missing JSDoc documentation
- Some functions exceed 50 lines (refactor recommended)
- No unit tests for edge cases
**Code Examples**:
```typescript
// Good: Proper error handling
try {
const token = jwt.sign(payload, JWT_SECRET, { expiresIn: '15m' });
return token;
} catch (error) {
logger.error('Token generation failed', error);
throw new AuthError('Failed to generate token');
}
// Issue: Hardcoded secret (security risk)
const JWT_SECRET = 'my-secret-key-123'; // Should be process.env.JWT_SECRET
Score: 68/100
Critical Vulnerabilities:
Good Security Practices:
Recommendations:
Score: 78/100
Risk Assessment:
Go/No-Go Recommendation:
Architecture Assessment:
Immediate (Before Deploy):
Short Term (Next Sprint):
Long Term (Future):
Full validation report saved to: ~/.claude-octopus/results/abc-123/ink-validation-20250118-145600.md
### Example 2: Validate API Endpoints
User: Validate the new API endpoints are ready to ship
Claude: 🐙 CLAUDE OCTOPUS ACTIVATED - Multi-provider validation ✅ Deliver Phase: Validating API endpoints
[Executes ink workflow]
[Presents detailed validation with:]
[Provides go/no-go decision with quality scores]
---
## Quality Gate Integration
The ink phase automatically runs comprehensive quality checks via `.claude/hooks/quality-gate.sh`:
```bash
# Triggered after ink execution (PostToolUse hook)
./hooks/quality-gate.sh
Quality Dimensions:
| Dimension | Weight | Criteria |
|---|---|---|
| Code Quality | 25% | Complexity, maintainability, documentation |
| Security | 35% | OWASP compliance, auth, input validation |
| Best Practices | 20% | Error handling, logging, testing |
| Completeness | 20% | Feature completeness, edge cases |
Scoring Thresholds:
Ink is the final phase of the Double Diamond:
PROBE (Discover) → GRASP (Define) → TANGLE (Develop) → INK (Deliver)
Complete workflow example:
Or use ink standalone for validation of existing code.
Before marking validation complete, ensure:
External API Usage:
Ink workflows typically cost $0.02-0.08 per validation depending on codebase size and complexity.
After delivery validation completes:
.octo/STATE.md:
/octo:ship to finalize and archive."# Update state after Delivery completion
"${CLAUDE_PLUGIN_ROOT}/scripts/octo-state.sh" update_state \
--status "complete" \
--history "All phases complete, ready to ship"
# Display completion message with next steps
echo ""
echo "🎉 **EMBRACE WORKFLOW COMPLETE**"
echo ""
echo "All four phases have been completed:"
echo " ✅ Discover - Research and exploration"
echo " ✅ Define - Requirements and scope"
echo " ✅ Develop - Implementation"
echo " ✅ Deliver - Validation and quality"
echo ""
echo "📦 **Project ready! Run \`/octo:ship\` to finalize and archive.**"
Ready to validate! This skill activates automatically when users request code review, validation, or quality checks.
npx claudepluginhub bitdancelabels/claude-octopus-skillsCreates structured, bite-sized implementation plans from specs or requirements before writing code. Useful for breaking down multi-step tasks into testable steps with file structure and task boundaries.
3plugins reuse this skill
First indexed Jul 13, 2026