From cwf
Runs parallel reviews from 6 reviewers (security, UX/DX, external Codex/Gemini CLIs, domain experts) on code, plans, or requirements for quality gates. Invoke via /review --mode code/plan/clarify.
npx claudepluginhub corca-ai/claude-plugins --plugin cwfThis skill uses the workspace's default tool permissions.
Apply consistent multi-perspective quality gates before implementation (plan) and after implementation (code) via 6 parallel reviewers (2 internal + 2 external slots + 2 domain experts).
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Apply consistent multi-perspective quality gates before implementation (plan) and after implementation (code) via 6 parallel reviewers (2 internal + 2 external slots + 2 domain experts).
/review Code review (default)
/review --mode plan Plan/spec review
/review --mode clarify Requirement review
/review --mode code --base <base-branch> --scenarios .cwf/projects/holdout.md
/review --mode code --correctness-provider gemini --architecture-provider claude
Recommended linkage:
cwf:plan → cwf:review --mode plan before cwf:implcwf:impl → cwf:review --mode code before cwf:shipFor full 4-reviewer coverage, authenticate external CLIs:
codex auth login # OpenAI Codex
npx @google/gemini-cli # Google Gemini (interactive first-run setup)
Both are optional — the skill falls back to Claude Task agents when CLIs are missing or unauthenticated. But real CLI reviews provide diverse model perspectives beyond Claude.
Fallback latency: If both external CLIs fail, the skill incurs a two-round-trip penalty — first the CLI attempts run (up to {cli_timeout}s timeout each, scaled by prompt size), then fallback Task agents are launched sequentially. Error-type classification (Phase 3.2) enables fail-fast for CAPACITY errors, reducing wasted time.
| Input | Mode |
|---|---|
No args or --mode code | Code review |
--mode plan | Plan review |
--mode clarify | Clarify review |
--human | Route to cwf:hitl (do not run review; invoke hitl skill directly) |
Default: --mode code.
When --human is detected (with or without --mode), stop review processing and invoke cwf:hitl instead, passing through any --base flag. This routes the F-8 alias declared in hitl's triggers.
Execute these deterministic sub-steps in order:
--mode, --base, --scenarios, provider overrides)code/plan/clarify) with explicit base strategy provenance--scenarios is providedweb_debug_scope=true when browser-runtime evidence is requiredFull commands, routing matrix, and provenance fields are in references/target-and-routing.md.
Launch six reviewers in parallel: 2 internal (Task agents) + 2 external (CLI or Task fallback) + 2 domain experts (Task agents). Default is a single-message launch; when slot capacity is insufficient, split into deterministic batches after preflight.
Before slot launch, complete deterministic pre-launch routing:
session_dir and apply context-recovery validation for mode-suffixed output filesweb_debug_scope browser block when required)--required 6) and choose single-batch or deterministic multi-batchexpert_roster with tie-break policyFull command templates and routing details are in references/target-and-routing.md.
Launch slots with mode-suffixed output persistence:
Required invariants:
{session_dir}/review-*-{mode}.md and appends <!-- AGENT_COMPLETE -->.Full slot command templates and persistence snippets are in references/orchestration-and-fallbacks.md.
Read review verdicts from the session directory files (not in-memory return values):
| Slot | File |
|---|---|
| 1 | {session_dir}/review-security-{mode}.md |
| 2 | {session_dir}/review-ux-dx-{mode}.md |
| 3 | {session_dir}/review-correctness-{mode}.md |
| 4 | {session_dir}/review-architecture-{mode}.md |
| 5 | {session_dir}/review-expert-alpha-{mode}.md |
| 6 | {session_dir}/review-expert-beta-{mode}.md |
Re-validate all six files with the context recovery protocol before synthesis. If any file remains invalid after one bounded retry, apply a hard fail for the stage and stop with explicit file-level error. Report the gate path explicitly (PERSISTENCE_GATE=HARD_FAIL or equivalent).
For external slot executions, also read metadata from temp dir:
{tmp_dir}/slot3-meta.txt / {tmp_dir}/slot4-meta.txt for provider tool, exit code, and duration{tmp_dir}/slot3-stderr.log / {tmp_dir}/slot4-stderr.log for error detailsFor successful external reviews, override the provenance duration_ms with the actual value from the meta file (not any value the CLI may have generated). Use the actual command executed for the command field.
Apply the deterministic failure flow:
Detailed classifier matrix, exit-code table, and fallback templates are in references/orchestration-and-fallbacks.md.
Collect all 6 outputs from session directory files (mix of REAL_EXECUTION and FALLBACK sources). Internal reviewers and expert reviewers follow the standard reviewer output format from prompts.md. Expert reviewers follow the review mode format from expert-advisor-guide.md.
When --mode code, perform a deterministic session-log cross-check before synthesis.
Before reading session-log artifacts, run a best-effort Codex sync:
bash {CWF_PLUGIN_DIR}/scripts/codex/sync-session-logs.sh --cwd "$PWD" --quiet || true
Inputs:
session-logs/*.mdRequired output fields (for Confidence Note):
session_log_present: true|falsesession_log_lines: integer (0 when missing)session_log_turns: integer count of ^## Turnsession_log_last_turn: last ## Turn header or nonesession_log_cross_check: PASS|WARNPolicy:
session_log_cross_check=WARN and continue.Apply these rules in order (reviewer-count-agnostic — works with 2, 3, or 4 reviewers):
| Condition | Verdict |
|---|---|
| Any unchecked behavioral criterion | Revise |
Any Concern with severity critical or security | Revise |
Any Concern with severity moderate | Conditional Pass |
| Only Suggestions or no issues found | Pass |
Conservative default: when reviewers disagree, the stricter assessment wins.
Output synthesis to the conversation and persist {session_dir}/review-synthesis-{mode}.md.
Synthesis must include:
Use the full markdown template from references/synthesis-and-gates.md.
The Provenance table adapts to actual results: if an external CLI succeeded, show REAL_EXECUTION with the CLI tool name and measured duration. If it fell back, show FALLBACK with claude-task-fallback.
When expert reviewers (Slot 5-6) were used: Follow the Roster Maintenance procedure in {CWF_PLUGIN_DIR}/references/expert-advisor-guide.md.
When --mode code, validate deterministic stage artifacts immediately after synthesis persistence:
bash {CWF_PLUGIN_DIR}/scripts/check-run-gate-artifacts.sh \
--session-dir "{session_dir}" \
--stage review-code \
--strict \
--record-lessons
If this gate fails, stop with file-level errors and require revision before marking review-code complete.
After rendering the synthesis, remove the temp directory:
rm -rf {tmp_dir}
This prevents sensitive review content (diffs, plans) from persisting in /tmp/.
Use the deterministic error-handling matrix in references/synthesis-and-gates.md, including scenario/base validation failures, external prompt cutoff behavior, fallback routing, and code-mode artifact/session-log gate outcomes.
{session_dir}/review-synthesis-{mode}.md alongside the conversation output so retro/handoff can consume it.--scenarios is provided, the
scenario file must be validated and assessed. Never downgrade to "best effort" silently.--base, upstream, or fallback).tidy and behavior-policy changes, recommend separate commit
units and tidy first.Considered-Not-Adopted with reason/reference.session_log_* keys in Confidence Note for --mode code.review-code is not complete unless check-run-gate-artifacts.sh --stage review-code --strict passes.web_debug_scope=true, reviewers must provide reproducible browser evidence following Web Debug Loop Protocol.Use the canonical BDD acceptance checks from references/synthesis-and-gates.md when validating review-skill changes.