Stats
Actions
Tags
'%20stop-opacity%3D'0.16'%2F%3E%3Cstop%20offset%3D'1'%20stop-color%3D'rgb(200%2C90%2C60)'%20stop-opacity%3D'0.03'%2F%3E%3C%2FlinearGradient%3E%3C%2Fdefs%3E%3Crect%20width%3D'320'%20height%3D'200'%20fill%3D'url(%23g)'%2F%3E%3Ccircle%20cx%3D'250'%20cy%3D'56'%20r%3D'92'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.06'%2F%3E%3Ccircle%20cx%3D'64'%20cy%3D'172'%20r%3D'58'%20fill%3D'rgb(200%2C90%2C60)'%20fill-opacity%3D'0.05'%2F%3E%3C%2Fsvg%3E)
From auto-audit
Records operator feedback to influence future triager and fixer runs. Use when a user rejects a fix, reverts a PR, or overrides a triage. The reviewer remains blind to the feedback log.
How this skill is triggered — by the user, by Claude, or both
Slash command
/auto-audit:feedback <kind> <note> [json-extra]<kind> <note> [json-extra]This skill is limited to the following tools:
The summary Claude sees in its skill listing — used to decide when to auto-load this skill
Append a single line to `${repo_dir}/feedback.jsonl`. The triager and fixer subagents read this file on each future tick and weigh past entries when forming their verdicts and fixes. The reviewer **does not** read it — its independence is the safety net.
Append a single line to ${repo_dir}/feedback.jsonl. The triager and fixer subagents read this file on each future tick and weigh past entries when forming their verdicts and fixes. The reviewer does not read it — its independence is the safety net.
| Kind | When to use |
|---|---|
fix_pattern_rejected | "Don't ever use this pattern on this repo again." Example: regex-based HTML sanitisation in a project where DOMParser allowlist is the agreed approach. |
fix_pattern_approved | "Keep using this pattern when this class of finding comes up." Example: SHA3-256 hash-then-compare in this codebase, even if alternatives look superficially shorter. |
human_revert | A previously-merged auto-audit PR was manually reverted because it broke something. Include the finding_id and PR number in the json-extra ref. |
triage_override | The triager's verdict was wrong and a human reversed it. The next triage on a similar finding should weigh this. |
reviewer_disagreed | The reviewer approved a fix the human later decided was wrong (or vice versa). Generic flag for "the LLM-layer review was off here". |
note | Free-form context that doesn't fit the others. Avoid over-using; specific kinds are more useful for the agents. |
bash "${CLAUDE_PLUGIN_ROOT}/scripts/record-feedback.sh" "$1" "$2" "${3:-{}}"
Where $1 is the kind, $2 is the human-readable note, and $3 (optional) is extra structured JSON. Common shapes for $3:
{"ref": {"finding_id": "SEC-0042", "pr_number": 79}}
{"ref": {"category": "xss"}, "pattern": "regex sanitiser", "preferred": "DOMParser allowlist"}
After recording:
This is the same rule that keeps .triage and .fix.diff_summary out of the PR body. The reviewer must not see operator preferences any more than it sees the fixer's reasoning, otherwise the independent-review checkpoint becomes "the reviewer agrees with the operator", which is not what we want. The reviewer's role card says explicitly: do not read feedback.jsonl. The fixer and triager role cards say explicitly: do read it.
npx claudepluginhub wrxck/claude-plugins --plugin auto-auditStructures PR review feedback, code comments, or issue tracker items for verification before implementation. Verifies suggestions against codebase; triages issues into agent-ready or human states.
Processes external code review feedback from LLMs, humans, or CI tools by verifying claims with tools, evaluating via decision matrix, and executing implement/reject/defer with tracked disposition.
Handles code review feedback rigorously: verifies suggestions, resolves unclear items, implements fixes in priority order. Useful when addressing review comments.