From correctless
Orchestrates multi-agent adversarial review of specs by spawning red team, assumptions auditor, testability auditor, and design contract checker. Requires high intensity; use after /cspec or /cmodel.
npx claudepluginhub joshft/correctless --plugin correctlessThis skill is limited to using the following tools:
This skill requires effective intensity `high` or above. Compute effective intensity as `max(project_intensity, feature_intensity)` using the ordering `standard < high < critical`.
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
This skill requires effective intensity high or above. Compute effective intensity as max(project_intensity, feature_intensity) using the ordering standard < high < critical.
workflow.intensity from .correctless/config/workflow-config.json (project_intensity). If absent, default to standard..correctless/hooks/workflow-advance.sh status and read the Intensity: line (feature_intensity). If absent, use project_intensity alone.max(project_intensity, feature_intensity).Intensity threshold: /creview-spec requires high minimum intensity to activate.
--force to override the intensity gate, or set workflow.intensity to high or above in .correctless/config/workflow-config.json--force, proceed normally — skip the gate entirely, no gate output.When to use: This is the standard review at high+ intensity. Spawns 4 adversarial agents (10-20 min). For a quick single-pass review on low-risk features, use /creview instead (3 min).
You are the review-spec lead agent. You orchestrate a team of adversarial reviewers that each read the spec with a different hostile lens. You did NOT write this spec.
This review spawns multiple parallel agents and can take 10-20 minutes. The user must see progress throughout.
Before starting, create a task list:
When spawning agents, tell the user: "Spawning 4 adversarial agents in parallel: Red Team, Assumptions Auditor, Testability Auditor, Design Contract Checker. Each reads the spec with a different hostile lens."
As each agent completes, announce immediately — don't wait for all to finish:
Mark each task complete as agents return results.
First-run check: If .correctless/config/workflow-config.json does not exist, tell the user: "Correctless isn't set up yet. Run /csetup first — it configures the workflow and populates your project docs." If the config exists but .correctless/ARCHITECTURE.md contains {PROJECT_NAME} or {PLACEHOLDER} markers, offer: ".correctless/ARCHITECTURE.md is still the template. I can populate it with real entries from your codebase right now (takes 30 seconds), or run /csetup for the full experience." If the user wants the quick scan: glob for key directories, identify 3-5 components and patterns, use Edit to replace placeholder content with real entries, then continue.
After reading the spec artifact (step 2 below), check for .correctless/artifacts/checkpoint-creview-spec-{slug}.json (derive slug from the spec file basename). Also check that the checkpoint branch matches the current branch — ignore checkpoints from other branches.
completed_phases. Phases: self-assessment, red-team, assumptions, testability, design-contract. For parallel agents, checkpoint only after ALL 4 complete, not individually — partial agent results are not useful without synthesis. Verification is weak here (agent output lives in conversation context, not artifacts), so if the checkpoint says agents completed but you cannot access their findings: "Checkpoint found but agent outputs are not recoverable. Restarting agent team." Re-spawning is safer than skipping.
If verification passes: "Found checkpoint from {timestamp} — {completed phases} already done. Resuming from {next phase}."After each major phase completes, write/update the checkpoint:
{
"skill": "creview-spec",
"slug": "{task-slug}",
"branch": "{current-branch}",
"completed_phases": ["self-assessment", "red-team", "assumptions", "testability", "design-contract"],
"current_phase": "synthesis",
"timestamp": "ISO"
}
Clean up the checkpoint file when the review completes and state advances.
.correctless/AGENT_CONTEXT.md for project context..correctless/ARCHITECTURE.md..correctless/antipatterns.md..correctless/config/workflow-config.json for intensity level and external review settings..correctless/meta/workflow-effectiveness.json (if exists) — which phases historically miss bugs.correctless/meta/drift-debt.json (if exists) — outstanding drift.correctless/artifacts/qa-findings-*.json (if any exist) — QA patternsBefore spawning the team, spawn a single self-assessment subagent (forked context). This agent reads the spec cold and produces the assessment the spec author was not allowed to write:
You are reading this spec for the first time. You did NOT write it. Assess:
- Which invariants are hardest to test and why?
- Which assumptions are most likely wrong?
- Where does .correctless/ARCHITECTURE.md have gaps relative to this spec?
- Which invariants should be flagged for external review?
- What's the overall risk profile?
Pass this assessment to all team members as input.
Spawn these agents in parallel each as a forked subagent:
Standard preamble for all team members — prepend this to each agent's prompt when spawning:
Before starting your review, read these files in order:
.correctless/AGENT_CONTEXT.md— project overview- The spec artifact at {spec_path}
.correctless/ARCHITECTURE.md— design patterns and trust boundaries.correctless/antipatterns.md— known bug classes- The self-assessment brief (provided by the lead)
Use Read to examine files, Grep to search for patterns, Glob to find files. Return your findings as your final text response.
You are a security-focused adversary. Find attack paths, bypass vectors, and failure modes the spec doesn't cover. For every trust boundary, describe how you'd attack it. For every invariant, describe a scenario where it holds in tests but fails in production. Your attack paths must be credible for THIS system — read .correctless/AGENT_CONTEXT.md.
You are an assumptions auditor. Find every unstated assumption. Does the spec assume a specific OS? Network connectivity? DNS resolution? Clock synchronization? For each, check if it's in .correctless/ARCHITECTURE.md. Flag what's missing.
You are a test engineering auditor. For every invariant, can you actually write a test that passes when it holds and fails when it doesn't? Flag vague invariants. Propose concrete rewrites.
You are a design contract auditor. Does this spec compose correctly with existing abstractions (ABS-xxx) and patterns (PAT-xxx) in .correctless/ARCHITECTURE.md? Any conflicts? Any new abstractions that should be documented?
At low intensity: spawn only assumptions + testability auditors.
At standard: add red team.
At high/critical: spawn all four.
If require_external_review is true, OR if any invariant is flagged needs_external_review:
workflow-config.json:
{prompt} in the command templatestdin_file is true.correctless/meta/external-review-history.jsonError handling: timeout, non-zero exit, unparsable output → log and continue. Don't block on external failures. Don't retry.
Organize findings by category:
For each finding, present the disposition options:
1. Accept finding (recommended) — add rule or update spec
2. Reject — explain why this doesn't apply
3. Modify — accept the concern but change the proposed rule
4. Defer — log as accepted risk for future feature
Or type your own: ___
Incorporate approved changes into the spec.
.correctless/hooks/workflow-advance.sh tests
After advancing, print the pipeline diagram:
✓ spec → ✓ review → ▶ tdd → verify → arch → docs → audit → merge
│
┌─────┴─────┐
▶ RED GREEN QA
After advancing, tell the human: "Review complete. Run /ctdd to start the TDD cycle. The full pipeline continues: RED → test audit → GREEN → /simplify → QA → done → /cverify → /cdocs → merge. Every step runs."
See "Progress Visibility" section above — task creation and agent announcements are mandatory.
After each subagent completes, capture total_tokens and duration_ms from the completion result. Append an entry to .correctless/artifacts/token-log-{slug}.json (derive slug from the spec file basename):
{
"skill": "creview-spec",
"phase": "{self-assessment|red-team|assumptions-auditor|testability-auditor|design-contract-checker|external-{model}}",
"agent_role": "{self-assessment|red-team|assumptions-auditor|testability-auditor|design-contract-checker|external-{model}}",
"total_tokens": N,
"duration_ms": N,
"timestamp": "ISO"
}
If the file doesn't exist, create it with the first entry. /cmetrics aggregates from raw entries — no totals field needed.
Context enforcement (mandatory): Before spawning the agent team, check context usage. If above 70%: the agents run forked (clean context) but the orchestrator needs to synthesize findings. Warn: "Context at {N}%. Run /compact before I spawn the review team — synthesis quality degrades with full context." If above 85%: stop and require /compact.
After review approval, suggest: "Consider exporting: /export .correctless/decisions/{task-slug}-review.md"
If mcp.serena is true in workflow-config.json, use Serena MCP for symbol-level code analysis when the review agents need to check spec claims against the actual codebase:
find_symbol instead of grepping for function/type namesfind_referencing_symbols to trace callers and dependenciesget_symbols_overview for structural overview of a modulereplace_symbol_body for precise edits (not used in this skill — review is read-only)search_for_pattern for regex searches with symbol contextFallback table — if Serena is unavailable, fall back silently to text-based equivalents:
| Serena Operation | Fallback |
|---|---|
find_symbol | Grep for function/type name |
find_referencing_symbols | Grep for symbol name across source files |
get_symbols_overview | Read directory + read index files |
replace_symbol_body | Edit tool |
search_for_pattern | Grep tool |
Graceful degradation: If a Serena tool call fails, fall back to the text-based equivalent silently. Do not abort, do not retry, do not warn the user mid-operation. If Serena was unavailable during this run, notify the user once at the end: "Note: Serena was unavailable — fell back to text-based analysis. If this persists, check that the Serena MCP server is running (uvx serena-mcp-server)." Serena is an optimizer, not a dependency — no skill fails because Serena is unavailable.
review-spec phase. Re-run /creview-spec — all agents will be re-spawned from scratch (completed agent work is NOT preserved across re-runs)./cstatus to see where you are. If truly stuck: workflow-advance.sh override "reason" bypasses the gate for 10 tool calls.workflow-advance.sh reset clears all state on this branch.