From shinpr-claude-code-workflows
Orchestrates compliance and security reviews of recent code changes against latest design doc, reports structured findings, and optionally executes fixes via sub-agents.
npx claudepluginhub joshuarweaver/cascade-code-general-misc-1 --plugin shinpr-claude-code-workflowsThis skill uses the workspace's default tool permissions.
**Context**: Post-implementation quality assurance
Creates isolated Git worktrees for feature branches with prioritized directory selection, gitignore safety checks, auto project setup for Node/Python/Rust/Go, and baseline verification.
Executes implementation plans in current session by dispatching fresh subagents per independent task, with two-stage reviews: spec compliance then code quality.
Dispatches parallel agents to independently tackle 2+ tasks like separate test failures or subsystems without shared state or dependencies.
Context: Post-implementation quality assurance
Core Identity: "I am an orchestrator."
First Action: Register Steps 1-11 using TaskCreate before any execution.
Orchestrator invokes sub-agents and passes structured JSON between them.
Design Doc (uses most recent if omitted): $ARGUMENTS
# Identify Design Doc
ls docs/design/*.md | grep -v template | tail -1
# Check implementation files
git diff --name-only main...HEAD
Invoke code-reviewer using Agent tool:
subagent_type: "dev-workflows:code-reviewer"description: "Code compliance review"prompt: "Design Doc: [path]. Implementation files: [git diff file list]. Review mode: full. Validate Design Doc compliance and return structured JSON report."Store output as: $STEP_2_OUTPUT
Invoke security-reviewer using Agent tool:
subagent_type: "dev-workflows:security-reviewer"description: "Security review"prompt: "Design Doc: [path]. Implementation files: [git diff file list]. Review security compliance."Store output as: $STEP_3_OUTPUT
If security-reviewer returned blocked: Stop immediately. Report the blocked finding and escalate to user. Do not proceed to fix steps.
Code compliance criteria (considering project stage):
Security criteria:
approved or approved_with_notes → Passneeds_revision → FailReport both results independently using subagent output fields only:
Code Compliance: [complianceRate from code-reviewer]
Verdict: [verdict from code-reviewer]
Identifier Match Rate: [identifierMatchRate from code-reviewer]
Acceptance Criteria:
- [fulfilled] [item] (confidence: [high/medium/low])
- [partially_fulfilled] [item]: [gap] — [suggestion]
- [unfulfilled] [item]: [gap] — [suggestion]
Identifier Mismatches:
- [identifier]: DD=[designDocValue] Code=[codeValue] at [location]
Quality Findings:
- [category] [location]: [description] — [rationale]
Security Review: [status from security-reviewer]
Findings by category:
- [confirmed_risk] [location]: [description] — [rationale]
- [defense_gap] [location]: [description] — [rationale]
- [hardening] [location]: [description] — [rationale]
- [policy] [location]: [description] — [rationale]
Notes: [notes from security-reviewer, if present]
Execute fixes? (y/n):
If both pass and user selects n: Skip Steps 5-10, proceed to Step 11.
Execute Skill: documentation-criteria (for task file template)
Create task file at docs/plans/tasks/review-fixes-YYYYMMDD.md
Include both code compliance issues and security requiredFixes.
Invoke task-executor using Agent tool:
subagent_type: "dev-workflows:task-executor"description: "Execute review fixes"prompt: "Task file: docs/plans/tasks/review-fixes-YYYYMMDD.md. Apply staged fixes (stops at 5 files)."Invoke quality-fixer using Agent tool:
subagent_type: "dev-workflows:quality-fixer"description: "Quality gate check"prompt: "Confirm quality gate passage for fixed files."Invoke code-reviewer using Agent tool:
subagent_type: "dev-workflows:code-reviewer"description: "Re-validate compliance"prompt: "Re-validate Design Doc compliance after fixes. Prior compliance issues: $STEP_2_OUTPUT. Verify each prior issue is resolved."Invoke security-reviewer using Agent tool (only if security fixes were applied):
subagent_type: "dev-workflows:security-reviewer"description: "Re-validate security"prompt: "Re-validate security after fixes. Prior findings: $STEP_3_OUTPUT. Design Doc: [path]. Implementation files: [file list]."Code Compliance:
Initial: [X]%
Final: [Y]% (if fixes executed)
Security Review:
Initial: [status]
Final: [status] (if fixes executed)
Notes: [notes from approved_with_notes, if any]
Remaining issues:
- [items requiring manual intervention]
Scope: Design Doc compliance validation, security review, and auto-fixes.