From st4ck-lite
Review a Product Requirements Document end-to-end in iterative rounds — self-review + three independent reviewer agents (PO / QA / Dev angles) — and converge when findings reach diminishing returns. Pairs with the `prd-from-source` skill but is reusable for any PRD authored in the file-based, source-grounded shape. Use after a PRD module or set of modules has been authored and before treating it as ready for consumption (test authoring, planning, sign-off).
How this skill is triggered — by the user, by Claude, or both
Slash command
/st4ck-lite:prd-reviewThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
**Announce at start:** "I'm using the prd-review skill — running self-review, three independent reviewer agents, then a code-extraction pass on deferred gaps and a bug-routing pass on product findings."
Announce at start: "I'm using the prd-review skill — running self-review, three independent reviewer agents, then a code-extraction pass on deferred gaps and a bug-routing pass on product findings."
The completeness gate for any PRD authored by an agent. Four phases run in order, not just review-and-stop:
The orchestrator does NOT stop after phase 2. Stopping there hands the user back a backlog of "deferred to KNOWN_GAPS" items that often have answers in the code. Phases 3 and 4 turn the review loop into a closed-loop quality pipeline.
After phases 1–4 are complete, the orchestrator presents the user with a curated list of only the items that genuinely need human input:
Everything else has been resolved into the PRD or into dev tasks. The user's remaining job is small and specific — not a stack of "you decide" deferrals.
prd-from-source or equivalent.Do not use for trivial edits (typo fixes, single-section refactors) — that's overkill.
| Reviewer | Audience perspective | What they look for |
|---|---|---|
| PO / Stakeholder | Non-technical product owner reading the PRD to confirm the system does what it should | Plain-language clarity, missing scenarios, business logic gaps, role coverage, "would a user understand this?" |
| QA | Test engineer planning what to cover | Missing "Test implications" sections, untested error paths, vague success states, missing edge cases, untraceable acceptance criteria, state transitions that lack verifiable side effects |
| Dev | Engineer needing to verify or modify the system | Source provenance correctness, missing files in source: lists, claims not grounded in cited source, cross-link breakage, decomposition that's too shallow to anchor implementation work, dead-code claims |
Each reviewer must not see the other reviewers' reports until they file their own. Parallel dispatch, independent findings.
The review loop runs in rounds. Each round:
[GAP] markers, or rejects findings with rationale).Stop when:
Concretely, diminishing returns means a round where:
Typical convergence: 2–4 rounds for a well-authored PRD. A first-pass PRD might need 5+ rounds.
Reviewers tag each finding with a severity:
| Severity | Meaning | Examples |
|---|---|---|
| CRITICAL | Blocks PRD's purpose | Claim contradicts the source; security/privacy gate documented wrong; dead-code documented as live feature; entire user flow missing |
| HIGH | Significant gap, must address before sign-off | Missing "Test implications" on a leaf used by multiple flows; major business rule absent; entity field with business meaning missing |
| MEDIUM | Quality issue, address in next pass | Vague language fails Stranger-Implementer Test; cross-link missing; node summary not 2–3 sentences |
| LOW | Nice-to-have polish | Inconsistent terminology between two nodes; minor typo; non-essential detail missing |
| NIT | Trivial | Localization gloss missing for one minor label; example would be nice |
The reviewers ARE agents, dispatched by the orchestrator. There are two valid architectures — pick based on how often you'll run reviews:
The orchestrator dispatches generic agents (e.g., general-purpose) with the reviewer prompts inlined from this skill. No custom infrastructure. Works out of the box.
Define prd-reviewer-po, prd-reviewer-qa, prd-reviewer-dev as proper subagent types under ~/.claude/agents/ (or the equivalent for your environment). Each carries its system prompt, tool allow-list, and any model preferences. The orchestrator then dispatches them by name (Agent(subagent_type: prd-reviewer-po, prompt: <PRD path + round info>)).
Benefits:
Cost: a one-time setup. Worth it if you run PRD reviews more than a handful of times.
This skill provides the prompt templates below — usable inline (Option A) OR as the system prompts for the three subagent types (Option B). Either way, the orchestrator's logic (when to dispatch, how to consolidate, diminishing-returns detection) lives in this skill.
This is NOT in AGENTS.md. AGENTS.md is per-project steering for any agent working in that project — it tells agents what the project is, not what the agent's job is.
Each reviewer prompt must include the attestation requirement (per the prd-from-source skill's iron rule #4). The author dispatches three agents in parallel with prompts like:
You are reviewing a Product Requirements Document from the perspective of a non-technical Product Owner. The PRD is at
<path>/docs/prd/. Read every_index.mdplus every leaf-level node. For each finding, cite the specific PRD file path you read. Focus on:
- Could a stakeholder understand this without engineering help?
- Are role-based behaviors clearly described in user terms?
- Are business rules expressed in plain language with concrete examples?
- Are there scenarios (especially failure modes) the PRD doesn't address?
- Does the cross-module narrative cohere? (e.g., do the role-to-role handoffs read as one coherent story across modules?)
Report each finding with: severity (CRITICAL/HIGH/MEDIUM/LOW/NIT), PRD file path, the issue in one sentence, suggested fix. Cite the source for every claim — if you say "this is missing", say where you looked and didn't find it. Do not blend severities into a single bucket.
You are reviewing a Product Requirements Document from the perspective of a QA engineer planning what to test. The PRD is at
<path>/docs/prd/. Each leaf node should have a "Test implications" section. For each finding, cite the specific PRD file path you read. Focus on:
- Every leaf node has a "Test implications" section.
- State transitions document side effects explicitly (not just "and stuff happens").
- Success states are testable (specific, observable assertions).
- Error paths are enumerated, not handwaved.
- Cross-tenant / cross-company isolation scenarios are addressed where relevant.
- Database trigger behavior is documented with the exact condition that fires it.
- Acceptance criteria can be encoded as Given/When/Then.
Report each finding with: severity, PRD file path, the issue in one sentence, suggested fix. Cite the source for every claim.
You are reviewing a Product Requirements Document from the perspective of a developer needing to verify the system. The PRD is at
<path>/docs/prd/. Pick at least 5 random claims that name a specific behavior, file, or workflow, and verify each against the cited source files under the project's source root. For each finding, cite both the PRD file path you read AND the source file you checked against. Focus on:
- Source provenance correctness: do the
source:paths in frontmatter actually exist?- Do the body claims hold against the cited source?
- Are there claims that look plausible but aren't actually in the source? (Spot-check at least 5.)
- Are cross-links to other PRD nodes valid (the target files exist)?
- Is the decomposition deep enough to anchor implementation work?
- Are there obvious dead-code claims being treated as live?
Report each finding with: severity, PRD file path, claim being verified, source file checked, verdict (CONFIRMED / CONTRADICTED / UNVERIFIABLE), suggested fix if needed. Be specific. Cite file paths and line numbers.
Run this pass first — it catches the obvious things and prevents reviewers from spending their attention on low-hanging fruit:
_index.md lists its children explicitly.[NEEDS CLARIFICATION] for things the source can answer.source: paths point at files that exist.cross_links: target resolves to a real PRD file.00_shared/, cross-module concepts duplicated with cross-links.After reviewers report, the author makes one of four calls per finding:
| Resolution | When | What to do |
|---|---|---|
| Accept (PRD fix) | Finding is correct AND it's a documentation gap | Update the PRD node, mark the finding addressed in the review log |
| Accept (bug → dev task) | Finding is correct AND it describes a behavior in the running code that's wrong | Open a dev task against the correct project; document the bug in the PRD (with cross-link to the dev task) so the PRD captures the as-built behavior accurately |
| Defer (only if code-unanswerable) | Finding is correct, the source code cannot answer it, and it genuinely needs stakeholder input | Add to KNOWN_GAPS.md with a clear "what's needed" line. Re-check during phase 3 before finalizing — most "defer" candidates can be resolved by reading more code. |
| Reject | Finding is incorrect | Document why, with cited source evidence; do NOT silently dismiss |
Note that "Defer" is the rarest valid resolution in a reverse-engineered PRD — most apparent gaps are answerable from the source. A finding silently dismissed (or lazily deferred) is a sign the loop isn't healthy — every finding gets one of these four calls explicitly, with the deferral path being the exception, not the default.
Run this AFTER the review-loop has converged on diminishing returns — but BEFORE telling the user the work is done.
For each item in KNOWN_GAPS.md, ask: can the source code answer this?
| Gap type | Code-answerable? | Examples |
|---|---|---|
| Missing decomposition of a component / workflow | YES — read the source folder | "popup chain not decomposed", "reusable element not walked" |
| Permission matrix unverified | YES — read the element conditions | "Admin vs Editor split is (likely)" |
| Caller of a workflow unknown | YES — grep across pages + reusables + workflows | "who invokes the daily cleanup workflow?" |
| State transition mechanism unclear | YES — grep for the status-setting action | "Submitted → Approved trigger?" |
| Obfuscated option-set codes | YES — grep for usage in workflows where the code IS readable | "only one status value confirmed to be assignable from code" |
| Field semantics unclear | YES — read the data type definition + grep for writers | "is this field still used?" |
| Component layout | YES — read the element tree | "wireframe sketch missing" |
| SLA / response time expectations | NO — stakeholder decision | "support escalation path for a recoverable error state" |
| Copy / translation | NO — stakeholder/design | "localized label for the empty state" |
| Whether to fix vs. accept | NO — stakeholder | "is this behavior intended or a bug?" |
| Unbuilt feature intent | NO — product | "what should the next status transition do?" |
For every YES row in KNOWN_GAPS, the orchestrator MUST attempt resolution before finalizing. The reverse-engineering scope is the source — investing 30 minutes of code-reading prevents the user from being handed back work the orchestrator could have done.
Items that genuinely cannot be code-answered remain in KNOWN_GAPS as stakeholder questions with a clear "what's needed" line per item. These are what the user sees at the end of phase 4.
Reviewers and code-extraction often surface real product bugs — behaviors in the running system that are wrong. These belong in a tracked bug record, not in KNOWN_GAPS. Bug findings must never be silently demoted into KNOWN_GAPS as a workaround for missing tooling — see the fallback below.
For each bug-shaped finding:
create_dev_task available, or any equivalent MCP/API tool): open the bug there against the right project / version.BUGS.md file at the PRD root. One entry per finding, structured like ### <title> + body matching the dev-task description format (impact, source files, suggested fix). Same cross-link discipline as below.BUGS.md entry.Don't open bug records for documentation gaps, missing decomposition, or stakeholder questions. Those aren't bugs in the running system — they're work the orchestrator owes.
Anti-pattern to watch for: putting a real bug into KNOWN_GAPS because create_dev_task isn't available. KNOWN_GAPS is for items the source can't answer; bugs are items the source did answer (with broken behavior). Use BUGS.md or the equivalent local file instead — never blur the two.
Each review round produces:
REVIEW_ROUND_<N>.md at the PRD root — captures the three reviewers' findings verbatim, the author's resolution call per finding, and the round signal (counts, severity distribution, diminishing-returns metric).KNOWN_GAPS.md — deferrals accumulated.The final round's REVIEW_ROUND_<N>.md serves as the sign-off record: "the PRD reached diminishing returns at round N with these residual gaps".
The three reviewers must not see each other's findings during their pass. Practically:
If reviewers converge on the same finding, that finding is doubly weighted — it's been independently surfaced by two audiences, so it's robust. Single-reviewer findings should be evaluated more cautiously (might be that reviewer's idiosyncratic priority).
Hard stops:
Soft signals:
npx claudepluginhub edo-ceder/st4ck-lite --plugin st4ck-liteGuides completion of development work by verifying tests, detecting environment, and presenting structured options for merge, PR, or cleanup.
Enforces test-driven development: write failing test first, then minimal code to pass. Use when implementing features or bugfixes.
Guides creation and editing of skills using test-driven development with pressure scenarios and subagents to verify agent compliance.