From octo
Performs multi-LLM code reviews analyzing quality, security vulnerabilities, performance, architecture, and TDD compliance. Quick mode for small PRs and changes.
npx claudepluginhub nyldn/claude-octopus --plugin octoThis skill uses the workspace's default tool permissions.
**When this skill is invoked, you MUST execute the multi-LLM review pipeline. You are PROHIBITED from:**
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
When this skill is invoked, you MUST execute the multi-LLM review pipeline. You are PROHIBITED from:
Your first output line MUST be: ๐ **CLAUDE OCTOPUS ACTIVATED** - Multi-LLM Code Review
Invokes the code-reviewer persona for thorough code analysis during the ink (deliver) phase.
For fast sanity checks (staged changes, small PRs), skip the full review pipeline and run just two phases:
# Quick: grasp (consensus on scope) โ tangle (parallel review)
${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh grasp "[review request]"
${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh tangle "[synthesized scope]"
Use quick mode when user says "check this PR", "quick review", "sanity check my changes", or for pre-commit checks. Use the full review for PRs with security/architecture impact.
# Via orchestrate.sh
${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh spawn code-reviewer "Review this pull request for security issues"
# Via auto-routing (detects review intent)
${HOME}/.claude-octopus/plugin/scripts/orchestrate.sh auto "review the authentication implementation"
This skill wraps the code-reviewer persona defined in:
agents/personas/code-reviewer.mdcodex-reviewgpt-5.2-codexink"Review this PR for OWASP Top 10 vulnerabilities"
"Analyze the error handling in src/api/"
"Check for memory leaks in the connection pool"
"Review the test coverage for the auth module"
Before starting the code review pipeline, run the scope drift detection skill (skill-scope-drift) to compare the diff against stated intent. This surfaces scope creep and missing requirements before the multi-LLM review begins.
See skills/skill-scope-drift/SKILL.md for the full detection process.
This is informational โ it never blocks the review. Display the scope drift report, then proceed with the full review pipeline. Include the drift findings in the final review synthesis if drift was detected.
When the review context indicates AI-assisted, Autonomous / Dark Factory, or unclear provenance, raise the rigor bar. Do not treat generated code as trustworthy just because it is polished.
Check for concrete signs that the change followed red-green-refactor rather than test-after implementation:
Elevate or add findings when you see patterns common in high-autonomy output:
Add a short section to the review synthesis when autonomy or TDD is in scope:
## TDD / Autonomy Assessment
- Provenance: Human-authored | AI-assisted | Autonomous / Dark Factory | Unknown
- TDD evidence: Confirmed | Partial | Unknown
- Autonomous risk signals: None | Minor | Significant
- Recommendation: Ship | Fix before merge | Re-run with /octo:tdd or tighter supervision
After the code-reviewer persona completes, run stub detection to verify implementation completeness.
Step 1: Get changed files
# Get files changed in the commit/PR
if [ -n "$COMMIT_RANGE" ]; then
changed_files=$(git diff --name-only "$COMMIT_RANGE")
else
changed_files=$(git diff --name-only HEAD~1..HEAD)
fi
# Filter for source code files
source_files=$(echo "$changed_files" | grep -E "\.(ts|tsx|js|jsx|py|go)$")
Step 2: Check for stub patterns
For each changed file, check for common stub indicators:
for file in $source_files; do
echo "Checking $file for stubs..."
# Check 1: Comment-based stubs
stub_count=$(grep -E "(TODO|FIXME|PLACEHOLDER|XXX)" "$file" 2>/dev/null | wc -l | tr -d ' ')
if [ "$stub_count" -gt 0 ]; then
echo "โ ๏ธ WARNING: Found $stub_count stub indicators in $file"
grep -n -E "(TODO|FIXME|PLACEHOLDER)" "$file" | head -3
fi
# Check 2: Empty function bodies
empty_functions=$(grep -E "function.*\{\s*\}|const.*=>.*\{\s*\}" "$file" 2>/dev/null | wc -l | tr -d ' ')
if [ "$empty_functions" -gt 0 ]; then
echo "โ ERROR: Found $empty_functions empty functions in $file"
echo " Empty functions must be implemented before merge"
fi
# Check 3: Return null/undefined
null_returns=$(grep -E "return (null|undefined);" "$file" 2>/dev/null | wc -l | tr -d ' ')
if [ "$null_returns" -gt 0 ]; then
echo "โ ๏ธ WARNING: Found $null_returns null/undefined returns in $file"
echo " Verify these are intentional, not stubs"
fi
# Check 4: Substantive content check
substantive_lines=$(grep -vE "^\s*(//|/\*|\*|import|export|$)" "$file" 2>/dev/null | wc -l | tr -d ' ')
if [[ "$file" == *.tsx ]] && [ "$substantive_lines" -lt 10 ]; then
echo "โ ๏ธ WARNING: Component $file only has $substantive_lines substantive lines"
echo " Components should typically be >10 lines"
fi
# Check 5: Mock/test data in production
mock_data=$(grep -E "const.*(mock|test|dummy|fake).*=" "$file" 2>/dev/null | wc -l | tr -d ' ')
if [ "$mock_data" -gt 0 ]; then
echo "โ ๏ธ WARNING: Found $mock_data references to mock/test data in $file"
echo " Ensure these are not placeholders for production code"
fi
done
Step 3: Add findings to review synthesis
Include stub detection results in the review output:
## Implementation Completeness
**Stub Detection Results:**
โ
**Fully Implemented Files:**
- src/components/UserProfile.tsx (42 substantive lines)
- src/api/users.ts (67 substantive lines)
โ ๏ธ **Files with Warnings:**
- src/components/Dashboard.tsx
- 3 TODO comments (non-blocking)
- Consider addressing before release
โ **Files Requiring Implementation:**
- src/utils/analytics.ts
- 2 empty functions detected (BLOCKING)
- Must implement before merge
**Verification Levels:**
- Level 1 (Exists): 5/5 files โ
- Level 2 (Substantive): 3/5 files โ ๏ธ
- Level 3 (Wired): 4/5 files โ
- Level 4 (Functional): Tests pending
**Recommendation:**
- Fix empty functions in analytics.ts before merge
- Address TODO comments in Dashboard.tsx in follow-up PR
- All other files meet implementation standards
See .claude/references/stub-detection.md for comprehensive patterns and detection strategies.
BLOCKING Issues (must fix):
NON-BLOCKING Issues (note in review):
After generating the review synthesis, check if the current branch has an open PR and offer to post findings as a PR comment.
# Check if we're on a branch with an open PR
CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "")
PR_NUM=""
if [[ -n "$CURRENT_BRANCH" && "$CURRENT_BRANCH" != "main" && "$CURRENT_BRANCH" != "master" ]]; then
if command -v gh &>/dev/null; then
PR_NUM=$(gh pr list --head "$CURRENT_BRANCH" --json number --jq '.[0].number' 2>/dev/null || echo "")
fi
fi
If an open PR exists, post the review findings as a PR comment:
if [[ -n "$PR_NUM" ]]; then
echo "Found open PR #${PR_NUM} on branch ${CURRENT_BRANCH}"
# Build the review comment body from synthesis
REVIEW_BODY="## Code Review โ Claude Octopus
${REVIEW_SYNTHESIS}
---
*Review generated by Claude Octopus (/octo:review)*
*Providers: ๐ด Codex | ๐ก Gemini | ๐ต Claude*"
# Post as PR comment
gh pr comment "$PR_NUM" --body "$REVIEW_BODY"
echo "Review posted to PR #${PR_NUM}"
# Update agent registry if this agent is tracked
REGISTRY="${HOME}/.claude-octopus/plugin/scripts/agent-registry.sh"
if [[ -x "$REGISTRY" ]]; then
AGENT_ID=$(git rev-parse --abbrev-ref HEAD 2>/dev/null || echo "")
"$REGISTRY" update "$AGENT_ID" --pr "$PR_NUM" 2>/dev/null || true
fi
fi
If no PR exists: Skip posting, present review in terminal only.
If gh CLI not available: Skip posting, suggest user install GitHub CLI.
/octo:deliver, /octo:factory, or /octo:embrace (automated workflows)/octo:review โ use AskUserQuestion:
"PR #N found. Post review findings as a PR comment?"
Options: "Yes, post to PR", "No, terminal only"