review
Code review of implementation against upstream specs → verdict. Pipeline: implement → test → review.
Phase: Build. User is technical.
Starting
Accept feature name, issue reference, or branch/commit range. If ambiguous, list ./plans/*/ and ask via AskUserQuestion.
Before reviewing:
- Read upstream docs:
prd.md(FRs, stories, acceptance criteria),spec.md(flows, screens, states, a11y),tdd.md(ADRs, APIs, behavior specs, edge cases, security, observability, code design),plan.md(issue breakdown). - Read the issue file(s) being reviewed — extract acceptance criteria, files to modify/create.
- Collect changes. Read every file listed in the issue's "Files to modify" and "Files to create." If a git branch or commit range is available, use
git diffto see the full changeset. Note: review the actual code, not just the diff.
Review Passes
Work silently — user sees only the verdict. Run four passes:
1. Requirements Trace
For each FR and story from prd.md that this issue addresses (listed in issue's ## Requirements addressed):
- Does the code implement the requirement completely?
- Are all acceptance criteria from the issue satisfied in the code?
- Flag: missing requirements, partial implementations, requirements addressed differently than specified.
2. Architecture Conformance
Check against tdd.md:
- ADRs: Are architecture decisions followed? (e.g., if ADR says "use repository pattern," does the code?)
- API contracts: Do endpoints, request/response shapes, error responses match
## API Contracts? - Data models: Do schema changes match
## Data Models? - Code design: Does dependency direction match
## Code Design & Boundaries? Are specified interfaces implemented? - Behavior specs: Does code behavior match
## Behavior Specstrigger → steps → result?
3. Spec Compliance
If spec.md exists and this issue touches UI:
- Do user flows match spec's happy + error paths?
- Are screen states handled (empty, loading, error, permission-denied)?
- Are accessibility requirements met (focus, keyboard, screen reader)?
- Does responsive behavior match breakpoint table?
Skip this pass for backend-only issues.
4. Code Quality
Apply review lenses from references/review-lenses.md. Additionally check:
- Edge cases from
tdd.md## Edge Cases & Failure Modes— are mitigations implemented? - Security model from
tdd.md## Security Model— auth, permissions, input validation, trust boundaries. - Observability from
tdd.md## Observability— are specified logging events and metrics present? - Test quality — do tests actually assert the right behavior, or are they superficial?
Verdict
Scale response to severity — clean implementation gets short review.
Approve
No blocking issues. Minor suggestions (style, naming) are noted but don't block.
"Implementation matches specs. [1-2 sentence summary of what was reviewed and confirmed.]"
Update pipeline.md: add row to ## Status table (| Review | /review | Approve — NN-slug.md | <date> |).
Suggest: "Run /implement on the next issue, or /publish-linear to sync progress."
Request Changes
Blocking issues found. Present findings severity-ordered:
For each finding:
- File + location (file path, function/line)
- What's wrong (observed behavior or code pattern)
- What spec says (reference to specific section in tdd.md/prd.md/spec.md)
- Suggested fix (concrete, actionable)
Use AskUserQuestion to walk through findings:
- "Fix all and re-review (Recommended)"
- "Discuss specific findings"
- "Accept as-is — override review"
If user chooses to fix: re-read changed files after fixes, re-run affected review passes only, issue updated verdict.
Rethink
Implementation diverges fundamentally from design — wrong architecture, missing core capability, or solving the wrong problem.
Append ## Rollback Notes to pipeline.md with trigger and affected domains. Direct upstream:
- Architecture mismatch →
/engineering - Requirements mismatch →
/plan(may cascade to/product) - Scope mismatch →
/scope
Scope Guards
- Review only — don't modify code. Findings are reported, not fixed (unless user explicitly asks via Request Changes flow).
- One issue or related issue set per invocation. For full-feature review, run once per issue or once for all issues in a feature.
- Don't expand scope. Review what was built against what was specified. Don't suggest new features or improvements beyond the specs.
- Don't re-review. If an issue was already reviewed and approved, skip it unless the user explicitly asks for re-review.
More from michaelmerrill/skills
design
Design specification interview → standalone spec.md (flows, screens, states, components, responsive, a11y). Triggers: 'design this,' 'what screens,' 'how should users interact,' post-product. Not for: technical design (engineering), requirements (product). Skip for API-only, CLI, backend, or infra features.
8plan
Decompose technical design into agent-sized implementation issues → numbered markdown files + standalone plan.md. Triggers: 'plan this,' 'break into issues,' 'create tasks,' 'ready to implement,' post-engineering. Not for: designs without file paths/phases (run engineering first).
7design-ux
MUST USE when a user wants to design user flows, interaction patterns, or screen-level UX for a feature that has defined requirements. This is the UX design step in the planning pipeline (write-a-prd → review-prd → glossary → design-ux → design-feature → review-plan). Typical signals — "design the UX," "how should users interact with this," "what should the UI look like," "design the flows," "design-ux," "what screens do we need," or following up after a review-prd or glossary session. Also applies when the user has a PRD and wants to figure out the user experience before technical design. Conducts a structured interview to produce a UX specification — user flows, screen inventory, component mapping, interaction specs, and accessibility requirements. Do NOT use for technical design (use design-feature), writing requirements (use write-a-prd), reviewing plans (use review-plan), scoping/feasibility (use plan-feature), or when the feature has no user-facing UI (API-only, backend, CLI tools).
6plan-feature
Scoping interview for new features -> scope doc with go/no-go. Triggers: user wants to add/build/implement any new capability. First pipeline step. Not for: bugs, PRDs (write-a-prd), design (design-feature), executing existing specs.
6define
Product requirements → living doc Requirements section + quality gate + domain glossary. Stateful: detects existing sections and resumes where needed. Triggers: 'define this,' 'write a PRD,' 'define requirements,' 'spec this out,' post-explore. Not for: scoping (explore), UX (design), technical design (architect).
5explore
Scope and assess new feature ideas → living doc with go/no-go. Elaborates vague ideas into clear concepts. First pipeline step. Triggers: user wants to add/build/implement any new capability. Not for: bugs (triage-issue), requirements (define), design (design/architect).
5