From forge
Multi-stage review with re-review loops. Spec compliance first, then code quality, then security. Issues must be fixed and re-reviewed before proceeding.
npx claudepluginhub caseyrtalbot/forge --plugin forgeThis skill uses the workspace's default tool permissions.
Review completed task implementation across three dimensions: does it match the spec, is the code well-written, and is it secure? This is a structured review, not a rubber stamp.
Verifies tests pass on completed feature branch, presents options to merge locally, create GitHub PR, keep as-is or discard; executes choice and cleans up worktree.
Guides root cause investigation for bugs, test failures, unexpected behavior, performance issues, and build failures before proposing fixes.
Writes implementation plans from specs for multi-step tasks, mapping files and breaking into TDD bite-sized steps before coding.
Review completed task implementation across three dimensions: does it match the spec, is the code well-written, and is it secure? This is a structured review, not a rubber stamp.
Review is not optional and cannot be skipped for "simple" tasks. Every implemented task gets reviewed before being marked complete. The review must cover all three dimensions. Passing on code quality does not excuse a spec compliance failure.digraph inspect_work {
"Read task spec + diff" [shape=box];
"Stage 1: Spec compliance" [shape=box];
"Spec passes?" [shape=diamond];
"Stage 2: Code quality" [shape=box];
"Quality passes?" [shape=diamond];
"Stage 3: Security scan" [shape=box];
"Security passes?" [shape=diamond];
"Report: all clear" [shape=doublecircle];
"Report: issues found" [shape=box];
"Implementer fixes" [shape=box];
"Re-review fixed items" [shape=box];
"3 loops exceeded?" [shape=diamond];
"Escalate to drive-execution" [shape=box];
"Read task spec + diff" -> "Stage 1: Spec compliance";
"Stage 1: Spec compliance" -> "Spec passes?";
"Spec passes?" -> "Stage 2: Code quality" [label="yes"];
"Spec passes?" -> "Report: issues found" [label="no"];
"Stage 2: Code quality" -> "Quality passes?";
"Quality passes?" -> "Stage 3: Security scan" [label="yes"];
"Quality passes?" -> "Report: issues found" [label="no"];
"Stage 3: Security scan" -> "Security passes?";
"Security passes?" -> "Report: all clear" [label="yes"];
"Security passes?" -> "Report: issues found" [label="no"];
"Report: issues found" -> "Implementer fixes";
"Implementer fixes" -> "Re-review fixed items";
"Re-review fixed items" -> "3 loops exceeded?";
"3 loops exceeded?" -> "Escalate to drive-execution" [label="yes"];
"3 loops exceeded?" -> "Spec passes?" [label="no, spec stage"];
"3 loops exceeded?" -> "Quality passes?" [label="no, quality stage"];
"3 loops exceeded?" -> "Security passes?" [label="no, security stage"];
}
When a review stage finds issues, the implementer fixes them and the reviewer re-reviews. This is not optional.
For reviewer prompt templates, see reviewer-prompts.md. For the full protocol, see re-review-protocol.md.
Categorize every finding:
| Severity | Definition | Action |
|---|---|---|
| Critical | Breaks functionality, security vulnerability, data loss risk | Must fix before proceeding |
| Important | Code smell, missing edge case, suboptimal pattern | Should fix, can proceed if acknowledged |
| Suggestion | Style preference, minor optimization, documentation gap | Note for future, proceed |
"Looks good to me" A review with no findings is suspicious. Every piece of code has something worth noting, even if it is a suggestion. If you found nothing, you did not look hard enough.
"I'll just review the final result at the end" Review per task, not per project. Issues compound. A wrong abstraction in task 2 infects tasks 3 through 8.
"The tests pass so the code is correct" Tests verify behavior, not quality. Passing tests with SQL injection vulnerabilities still pass tests.
If all stages pass (no critical issues): return to drive-execution to proceed with the next task. If critical issues found: return to prove-first for the implementer to fix.