From 2acec904474f84d354e01421d8e72b92f24a82ce Mon Sep 17 00:00:00 2001 From: Kirill Korikov <11762090+yourconscience@users.noreply.github.com> Date: Thu, 18 Jun 2026 14:58:17 +0200 Subject: [PATCH 1/3] add review skill, curl installer, model inheritance, external skills config - skills/review: multi-persona code review with structured findings and optional fix loop - scripts/install.sh: POSIX curl installer with checksum verification for GitHub Releases - agents: remove hardcoded model: sonnet so sub-agents inherit parent model by default - dotagents.yaml: add commented-out mattpocock/skills as external_skills example - README: add curl and mise install methods --- README.md | 14 ++- agents/architect.md | 1 - agents/architect.yaml | 1 - agents/builder.md | 1 - agents/builder.yaml | 1 - agents/researcher.md | 1 - agents/researcher.yaml | 1 - agents/reviewer.md | 1 - agents/reviewer.yaml | 1 - dotagents.yaml | 22 ++++ plugins/dotagents/skills/review/SKILL.md | 133 +++++++++++++++++++++++ scripts/install.sh | 119 ++++++++++++++++++++ skills/review/SKILL.md | 133 +++++++++++++++++++++++ 13 files changed, 420 insertions(+), 9 deletions(-) create mode 100644 plugins/dotagents/skills/review/SKILL.md create mode 100755 scripts/install.sh create mode 100644 skills/review/SKILL.md diff --git a/README.md b/README.md index 3a05681..aa8a508 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,19 @@ Go CLI that keeps skills, MCP servers, hooks, and agent roles in one `~/.agents` **Full setup** (all harnesses): ```bash +# curl installer (macOS/Linux, no Go required) +curl -fsSL https://raw.githubusercontent.com/yourconscience/dotagents/main/scripts/install.sh | sh + +# or via mise +mise use -g github:yourconscience/dotagents + +# or with Go go install github.com/yourconscience/dotagents/cmd/dotagents@latest +``` + +Then clone and initialize: + +```bash git clone https://github.com/yourconscience/dotagents ~/.agents dotagents setup ``` @@ -88,6 +100,6 @@ Private additions go in `dotagents.local.yaml` (gitignored). | Agent roles | yes | 23 built-in | 20 built-in | no | | Security audit | yes | no | no | yes | | Multi-harness | 5 managed + 3 compat | Claude Code | Claude Code | 60+ | -| Install | plugin or `go install` | CC plugin | pipx | `go install` | +| Install | plugin, curl, or `go install` | CC plugin | pipx | `go install` | gstack and SuperClaude are content packs for Claude Code. skillshare syncs skills broadly but not MCP, hooks, or roles. dotagents is the full config layer across harnesses. diff --git a/agents/architect.md b/agents/architect.md index 63ee89c..8a2f97b 100644 --- a/agents/architect.md +++ b/agents/architect.md @@ -1,7 +1,6 @@ --- name: "architect" description: "Designs system architecture, telemetry schemas, and technical plans. Use for design docs, architecture reviews, and API surface decisions. Delegates implementation to builders." -model: "sonnet" effort: "high" tools: Read, Glob, Grep, Bash, Write, Edit color: "blue" diff --git a/agents/architect.yaml b/agents/architect.yaml index 3b7d1cc..d63602d 100644 --- a/agents/architect.yaml +++ b/agents/architect.yaml @@ -1,6 +1,5 @@ name: architect description: Designs system architecture, telemetry schemas, and technical plans. Use for design docs, architecture reviews, and API surface decisions. Delegates implementation to builders. -model: sonnet effort: high tools: [Read, Glob, Grep, Bash, Write, Edit] color: blue diff --git a/agents/builder.md b/agents/builder.md index 21f01a6..04dd12f 100644 --- a/agents/builder.md +++ b/agents/builder.md @@ -1,7 +1,6 @@ --- name: "builder" description: "Implements code changes following specs or architect designs. Use for feature implementation, bug fixes, and script writing. Focused on writing correct, minimal code." -model: "sonnet" effort: "high" tools: Read, Glob, Grep, Bash, Write, Edit color: "yellow" diff --git a/agents/builder.yaml b/agents/builder.yaml index ac577eb..33dad8a 100644 --- a/agents/builder.yaml +++ b/agents/builder.yaml @@ -1,6 +1,5 @@ name: builder description: Implements code changes following specs or architect designs. Use for feature implementation, bug fixes, and script writing. Focused on writing correct, minimal code. -model: sonnet effort: high tools: [Read, Glob, Grep, Bash, Write, Edit] color: yellow diff --git a/agents/researcher.md b/agents/researcher.md index a3a35b2..1ce0a80 100644 --- a/agents/researcher.md +++ b/agents/researcher.md @@ -1,7 +1,6 @@ --- name: "researcher" description: "Investigates codebases, APIs, repos, and web sources to produce findings reports. Use for technical research, competitive analysis, and feasibility studies." -model: "sonnet" effort: "high" tools: Read, Glob, Grep, Bash, WebFetch, WebSearch, Write color: "green" diff --git a/agents/researcher.yaml b/agents/researcher.yaml index f7e368c..bdb6533 100644 --- a/agents/researcher.yaml +++ b/agents/researcher.yaml @@ -1,6 +1,5 @@ name: researcher description: Investigates codebases, APIs, repos, and web sources to produce findings reports. Use for technical research, competitive analysis, and feasibility studies. -model: sonnet effort: high tools: [Read, Glob, Grep, Bash, WebFetch, WebSearch, Write] color: green diff --git a/agents/reviewer.md b/agents/reviewer.md index 2613eb2..a9cab8b 100644 --- a/agents/reviewer.md +++ b/agents/reviewer.md @@ -1,7 +1,6 @@ --- name: "reviewer" description: "Reviews code changes, PRs, and implementations against specs and best practices. Use for code review, quality gates, and pre-merge checks. Read-only." -model: "sonnet" effort: "high" tools: Read, Glob, Grep, Bash color: "purple" diff --git a/agents/reviewer.yaml b/agents/reviewer.yaml index c7b67ce..19a030c 100644 --- a/agents/reviewer.yaml +++ b/agents/reviewer.yaml @@ -1,6 +1,5 @@ name: reviewer description: Reviews code changes, PRs, and implementations against specs and best practices. Use for code review, quality gates, and pre-merge checks. Read-only. -model: sonnet effort: high tools: [Read, Glob, Grep, Bash] color: purple diff --git a/dotagents.yaml b/dotagents.yaml index c4a391d..1c4de78 100644 --- a/dotagents.yaml +++ b/dotagents.yaml @@ -238,6 +238,28 @@ sources: enabled: true - name: ra enabled: false +# external_skills: third-party skill libraries fetched by dotagents sync. +# Entries here are opt-in: uncomment or copy to dotagents.local.yaml to enable. +# +# mattpocock/skills (github.com/mattpocock/skills, 135k stars, MIT) +# Selected skills from skills/engineering/: +# tdd - test-driven development workflow +# diagnosing-bugs - structured bug isolation process +# domain-modeling - domain model design sessions +# grill-with-docs - drill a topic using its own documentation +# Note: handoff (in skills/productivity/) requires a separate entry at the same URL, +# which the current config format does not support. Add it manually if needed by +# pointing skill_dir: skills/productivity with skills: [handoff]. +# +# external_skills: +# - url: https://github.com/mattpocock/skills +# branch: main +# skill_dir: skills/engineering +# skills: +# - tdd +# - diagnosing-bugs +# - domain-modeling +# - grill-with-docs hooks: - name: memory-session-start enabled: true diff --git a/plugins/dotagents/skills/review/SKILL.md b/plugins/dotagents/skills/review/SKILL.md new file mode 100644 index 0000000..50ade0e --- /dev/null +++ b/plugins/dotagents/skills/review/SKILL.md @@ -0,0 +1,133 @@ +--- +name: review +description: Multi-persona code review with structured findings. Use when the user says /review, asks for a code review, wants to review a diff/PR/branch before merging, or needs a pre-submit quality check. +--- + +# review + +Proactive multi-persona code review. Produces structured findings before a PR is submitted or merged. + +Not the same as `/pr-triage`, which reacts to existing PR comments and CI failures. Use `/review` when you want fresh review findings on a diff. + +## Usage + +``` +/review # review staged + unstaged changes +/review HEAD~3..HEAD # review last 3 commits +/review main..HEAD # review current branch vs main +/review --fix # review and fix findings (iterative) +/review --persona security # single-persona review +``` + +## Phase 1: Scope + +Determine the diff to review. + +If the user provided a range, use it. Otherwise detect: + +```bash +# If there are staged/unstaged changes, review those +git diff HEAD + +# If clean working tree, review current branch vs base +git log --oneline main..HEAD +git diff main...HEAD +``` + +Identify relevant context files: CONTRIBUTING.md, coding standards, project CLAUDE.md/AGENTS.md, any spec or PRD referenced in recent commit messages. + +If the diff is large (>2000 lines), ask the user whether to review everything or focus on specific files/directories. + +## Phase 2: Parallel Persona Review + +Spawn 2+ reviewer sub-agents in parallel. Each persona writes free-form prose -- do not constrain their output format. + +### Default personas + +**Standards reviewer:** Does the code follow project conventions? Check naming, error handling patterns, test coverage expectations, import ordering, existing abstractions. Reference CONTRIBUTING.md and project style if available. Ignore style issues that a linter would catch. + +**Correctness reviewer:** Are there bugs, edge cases, race conditions, or logic errors? Does the code handle failures correctly? Are there security issues (injection, auth bypass, secret leaks)? Does it do what the commit messages claim? + +### Optional personas (user-requested or auto-detected) + +**Security reviewer:** Activated when the diff touches auth, crypto, user input handling, or API endpoints. Focus on OWASP top 10, secret leaks, permission checks. + +**Performance reviewer:** Activated when the diff touches hot paths, database queries, or algorithms. Focus on complexity, unnecessary allocations, N+1 queries. + +Each persona prompt should include: +- The full diff +- Relevant context files (standards, spec) +- Instruction to write freely, be specific (file:line), and focus on what matters + +## Phase 3: Normalize Findings + +After all persona reviews return, extract structured findings from each persona's prose. Use a separate, cheaper model call for this extraction when possible. + +For each finding, extract: + +``` +File: +Lines: - +Severity: critical | high | medium | low +Confidence: <0.0-1.0> +Problem: +Fix: +``` + +Normalization rules: +- Do not invent findings that the reviewer did not mention +- Do not fabricate line numbers -- if the reviewer was vague, mark lines as "unknown" +- Vague fix text ("add tests", "consider refactoring", "improve error handling") must be expanded to a concrete action or the finding is downgraded to low severity +- If a reviewer flagged the same issue multiple times, deduplicate + +## Phase 4: Aggregate + +Combine findings from all personas. Deduplicate findings that reference the same file:line range with overlapping descriptions. + +Upgrade severity when multiple personas independently flag the same issue. Downgrade when only one persona flagged it and confidence is below 0.5. + +### Output format + +``` +## Review: + +### Must Fix () +Critical severity. Each with file:line, problem, fix. + +### Major Issues () +High severity. Each with file:line, problem, fix. + +### Review Carefully () +Medium severity. Collapsed unless user asks for detail. + +### Minor () +Low severity. One-line summaries only. + +### Summary +- Total findings: ( critical, high, medium, low) +- Personas used: +- Files reviewed: +``` + +## Phase 5: Fix Loop (only with --fix) + +Only runs when the user passes `--fix` or explicitly asks to fix findings. + +For each finding rated critical or high with a concrete fix: + +1. Apply the fix (use the builder role if available, otherwise fix directly) +2. Re-run only the relevant persona on the changed file +3. If the reviewer confirms the fix, mark as resolved +4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding) + +After all fixes, re-run the full aggregate step on the final diff. Report what was fixed, what remains, and what needs the user's decision. + +## Rules + +- Review is read-only by default. Only modify files in `--fix` mode. +- Do not post review comments to GitHub. Output findings to the conversation. The user decides what to do with them. +- When spawning persona sub-agents, use the `reviewer` role if available. Sub-agents inherit the parent model unless the user specifies otherwise. +- If the harness does not support sub-agents, run personas sequentially instead of in parallel. +- Be specific. Every finding must reference a file and ideally a line range. Findings without file references are noise. +- Do not nitpick formatting, whitespace, or style issues that a linter handles. Focus on correctness, security, and spec compliance. +- Large diffs (>5000 lines): warn the user that review quality degrades with size. Suggest splitting by directory or concern. diff --git a/scripts/install.sh b/scripts/install.sh new file mode 100755 index 0000000..2a641a1 --- /dev/null +++ b/scripts/install.sh @@ -0,0 +1,119 @@ +#!/bin/sh +# Install dotagents binary from GitHub Releases. +# Usage: curl -fsSL https://raw.githubusercontent.com/yourconscience/dotagents/main/scripts/install.sh | sh + +set -e + +REPO="yourconscience/dotagents" +BINARY="dotagents" +INSTALL_DIR="${DOTAGENTS_INSTALL_DIR:-$HOME/.local/bin}" + +# Detect OS +OS="$(uname -s)" +case "$OS" in + Darwin) OS="darwin" ;; + Linux) OS="linux" ;; + *) + echo "error: unsupported OS: $OS" >&2 + exit 1 + ;; +esac + +# Detect arch +ARCH="$(uname -m)" +case "$ARCH" in + x86_64) ARCH="amd64" ;; + arm64|aarch64) ARCH="arm64" ;; + *) + echo "error: unsupported architecture: $ARCH" >&2 + exit 1 + ;; +esac + +# Resolve latest release tag +echo "Fetching latest release..." +LATEST_URL="https://api.github.com/repos/${REPO}/releases/latest" +if command -v curl >/dev/null 2>&1; then + VERSION="$(curl -fsSL "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"v\{0,1\}\([^"]*\)".*/\1/')" +elif command -v wget >/dev/null 2>&1; then + VERSION="$(wget -qO- "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"v\{0,1\}\([^"]*\)".*/\1/')" +else + echo "error: curl or wget is required" >&2 + exit 1 +fi + +if [ -z "$VERSION" ]; then + echo "error: could not determine latest release version" >&2 + exit 1 +fi + +echo "Installing ${BINARY} ${VERSION} (${OS}/${ARCH})..." + +ARCHIVE="${BINARY}_${VERSION}_${OS}_${ARCH}.tar.gz" +BASE_URL="https://github.com/${REPO}/releases/download/v${VERSION}" +ARCHIVE_URL="${BASE_URL}/${ARCHIVE}" +CHECKSUM_URL="${BASE_URL}/checksums.txt" + +# Create temp dir, cleaned up on exit +TMP_DIR="$(mktemp -d)" +trap 'rm -rf "$TMP_DIR"' EXIT + +# Download archive and checksums +download() { + url="$1" + dest="$2" + if command -v curl >/dev/null 2>&1; then + curl -fsSL -o "$dest" "$url" + else + wget -qO "$dest" "$url" + fi +} + +echo "Downloading ${ARCHIVE}..." +download "$ARCHIVE_URL" "${TMP_DIR}/${ARCHIVE}" + +echo "Downloading checksums.txt..." +download "$CHECKSUM_URL" "${TMP_DIR}/checksums.txt" + +# Verify checksum +echo "Verifying checksum..." +EXPECTED="$(grep "${ARCHIVE}" "${TMP_DIR}/checksums.txt" | awk '{print $1}')" +if [ -z "$EXPECTED" ]; then + echo "warning: archive not found in checksums.txt; skipping verification" >&2 +elif command -v sha256sum >/dev/null 2>&1; then + ACTUAL="$(sha256sum "${TMP_DIR}/${ARCHIVE}" | awk '{print $1}')" + if [ "$ACTUAL" != "$EXPECTED" ]; then + echo "error: checksum mismatch (expected ${EXPECTED}, got ${ACTUAL})" >&2 + exit 1 + fi +elif command -v shasum >/dev/null 2>&1; then + ACTUAL="$(shasum -a 256 "${TMP_DIR}/${ARCHIVE}" | awk '{print $1}')" + if [ "$ACTUAL" != "$EXPECTED" ]; then + echo "error: checksum mismatch (expected ${EXPECTED}, got ${ACTUAL})" >&2 + exit 1 + fi +else + echo "warning: no sha256sum or shasum found; skipping checksum verification" >&2 +fi + +# Extract binary +echo "Extracting..." +tar -xzf "${TMP_DIR}/${ARCHIVE}" -C "$TMP_DIR" + +# Install +mkdir -p "$INSTALL_DIR" +mv "${TMP_DIR}/${BINARY}" "${INSTALL_DIR}/${BINARY}" +chmod +x "${INSTALL_DIR}/${BINARY}" + +echo "" +echo "${BINARY} ${VERSION} installed to ${INSTALL_DIR}/${BINARY}" + +# PATH hint if needed +case ":$PATH:" in + *":${INSTALL_DIR}:"*) ;; + *) + echo "" + echo "Add ${INSTALL_DIR} to your PATH:" + echo " export PATH=\"${INSTALL_DIR}:\$PATH\"" + ;; +esac diff --git a/skills/review/SKILL.md b/skills/review/SKILL.md new file mode 100644 index 0000000..50ade0e --- /dev/null +++ b/skills/review/SKILL.md @@ -0,0 +1,133 @@ +--- +name: review +description: Multi-persona code review with structured findings. Use when the user says /review, asks for a code review, wants to review a diff/PR/branch before merging, or needs a pre-submit quality check. +--- + +# review + +Proactive multi-persona code review. Produces structured findings before a PR is submitted or merged. + +Not the same as `/pr-triage`, which reacts to existing PR comments and CI failures. Use `/review` when you want fresh review findings on a diff. + +## Usage + +``` +/review # review staged + unstaged changes +/review HEAD~3..HEAD # review last 3 commits +/review main..HEAD # review current branch vs main +/review --fix # review and fix findings (iterative) +/review --persona security # single-persona review +``` + +## Phase 1: Scope + +Determine the diff to review. + +If the user provided a range, use it. Otherwise detect: + +```bash +# If there are staged/unstaged changes, review those +git diff HEAD + +# If clean working tree, review current branch vs base +git log --oneline main..HEAD +git diff main...HEAD +``` + +Identify relevant context files: CONTRIBUTING.md, coding standards, project CLAUDE.md/AGENTS.md, any spec or PRD referenced in recent commit messages. + +If the diff is large (>2000 lines), ask the user whether to review everything or focus on specific files/directories. + +## Phase 2: Parallel Persona Review + +Spawn 2+ reviewer sub-agents in parallel. Each persona writes free-form prose -- do not constrain their output format. + +### Default personas + +**Standards reviewer:** Does the code follow project conventions? Check naming, error handling patterns, test coverage expectations, import ordering, existing abstractions. Reference CONTRIBUTING.md and project style if available. Ignore style issues that a linter would catch. + +**Correctness reviewer:** Are there bugs, edge cases, race conditions, or logic errors? Does the code handle failures correctly? Are there security issues (injection, auth bypass, secret leaks)? Does it do what the commit messages claim? + +### Optional personas (user-requested or auto-detected) + +**Security reviewer:** Activated when the diff touches auth, crypto, user input handling, or API endpoints. Focus on OWASP top 10, secret leaks, permission checks. + +**Performance reviewer:** Activated when the diff touches hot paths, database queries, or algorithms. Focus on complexity, unnecessary allocations, N+1 queries. + +Each persona prompt should include: +- The full diff +- Relevant context files (standards, spec) +- Instruction to write freely, be specific (file:line), and focus on what matters + +## Phase 3: Normalize Findings + +After all persona reviews return, extract structured findings from each persona's prose. Use a separate, cheaper model call for this extraction when possible. + +For each finding, extract: + +``` +File: +Lines: - +Severity: critical | high | medium | low +Confidence: <0.0-1.0> +Problem: +Fix: +``` + +Normalization rules: +- Do not invent findings that the reviewer did not mention +- Do not fabricate line numbers -- if the reviewer was vague, mark lines as "unknown" +- Vague fix text ("add tests", "consider refactoring", "improve error handling") must be expanded to a concrete action or the finding is downgraded to low severity +- If a reviewer flagged the same issue multiple times, deduplicate + +## Phase 4: Aggregate + +Combine findings from all personas. Deduplicate findings that reference the same file:line range with overlapping descriptions. + +Upgrade severity when multiple personas independently flag the same issue. Downgrade when only one persona flagged it and confidence is below 0.5. + +### Output format + +``` +## Review: + +### Must Fix () +Critical severity. Each with file:line, problem, fix. + +### Major Issues () +High severity. Each with file:line, problem, fix. + +### Review Carefully () +Medium severity. Collapsed unless user asks for detail. + +### Minor () +Low severity. One-line summaries only. + +### Summary +- Total findings: ( critical, high, medium, low) +- Personas used: +- Files reviewed: +``` + +## Phase 5: Fix Loop (only with --fix) + +Only runs when the user passes `--fix` or explicitly asks to fix findings. + +For each finding rated critical or high with a concrete fix: + +1. Apply the fix (use the builder role if available, otherwise fix directly) +2. Re-run only the relevant persona on the changed file +3. If the reviewer confirms the fix, mark as resolved +4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding) + +After all fixes, re-run the full aggregate step on the final diff. Report what was fixed, what remains, and what needs the user's decision. + +## Rules + +- Review is read-only by default. Only modify files in `--fix` mode. +- Do not post review comments to GitHub. Output findings to the conversation. The user decides what to do with them. +- When spawning persona sub-agents, use the `reviewer` role if available. Sub-agents inherit the parent model unless the user specifies otherwise. +- If the harness does not support sub-agents, run personas sequentially instead of in parallel. +- Be specific. Every finding must reference a file and ideally a line range. Findings without file references are noise. +- Do not nitpick formatting, whitespace, or style issues that a linter handles. Focus on correctness, security, and spec compliance. +- Large diffs (>5000 lines): warn the user that review quality degrades with size. Suggest splitting by directory or concern. From 75cd4045a54c72f39779d9b3ca1e9d3d66a3d6b7 Mon Sep 17 00:00:00 2001 From: Kirill Korikov <11762090+yourconscience@users.noreply.github.com> Date: Thu, 18 Jun 2026 15:02:51 +0200 Subject: [PATCH 2/3] fix review findings: checksum exit, version tag handling, skill count, stale star count --- README.md | 4 ++-- dotagents.yaml | 2 +- plugins/dotagents/skills/review/SKILL.md | 4 ++-- scripts/install.sh | 16 ++++++++++------ skills/review/SKILL.md | 4 ++-- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index aa8a508..0bbbda4 100644 --- a/README.md +++ b/README.md @@ -50,9 +50,9 @@ Prebuilt binaries for macOS and Linux (amd64/arm64) on [Releases](https://github ## Skills -16 skills ship with this repo: +19 skills ship with this repo: -`spawn` `cmux` `tmux` `remote-access` `repo-eval` `tech-search` `x-sim` `grill-me` `humanizer` `spec` `jobs` `pr-triage` `gws` `tg` `x-cli` `dotagents` +`spawn` `cmux` `tmux` `remote-access` `repo-eval` `review` `tech-search` `x-sim` `grill-me` `humanizer` `spec` `jobs` `pr-triage` `gws` `tg` `x-cli` `spotify` `lila` `dotagents` A skill is a `SKILL.md` in a directory under `skills/`. Add one, run `dotagents sync`, it shows up everywhere. diff --git a/dotagents.yaml b/dotagents.yaml index 1c4de78..a5bdf8d 100644 --- a/dotagents.yaml +++ b/dotagents.yaml @@ -241,7 +241,7 @@ sources: # external_skills: third-party skill libraries fetched by dotagents sync. # Entries here are opt-in: uncomment or copy to dotagents.local.yaml to enable. # -# mattpocock/skills (github.com/mattpocock/skills, 135k stars, MIT) +# mattpocock/skills (github.com/mattpocock/skills, MIT) # Selected skills from skills/engineering/: # tdd - test-driven development workflow # diagnosing-bugs - structured bug isolation process diff --git a/plugins/dotagents/skills/review/SKILL.md b/plugins/dotagents/skills/review/SKILL.md index 50ade0e..78cd728 100644 --- a/plugins/dotagents/skills/review/SKILL.md +++ b/plugins/dotagents/skills/review/SKILL.md @@ -116,11 +116,11 @@ Only runs when the user passes `--fix` or explicitly asks to fix findings. For each finding rated critical or high with a concrete fix: 1. Apply the fix (use the builder role if available, otherwise fix directly) -2. Re-run only the relevant persona on the changed file +2. Re-run the persona that originally flagged the finding on the changed file 3. If the reviewer confirms the fix, mark as resolved 4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding) -After all fixes, re-run the full aggregate step on the final diff. Report what was fixed, what remains, and what needs the user's decision. +After all fixes, re-run all personas on the final diff to catch issues introduced by fixes. The final aggregate uses only fresh findings from this re-run, not stale output from the original review. ## Rules diff --git a/scripts/install.sh b/scripts/install.sh index 2a641a1..e3db6e3 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -34,23 +34,26 @@ esac echo "Fetching latest release..." LATEST_URL="https://api.github.com/repos/${REPO}/releases/latest" if command -v curl >/dev/null 2>&1; then - VERSION="$(curl -fsSL "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"v\{0,1\}\([^"]*\)".*/\1/')" + TAG="$(curl -fsSL "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/')" elif command -v wget >/dev/null 2>&1; then - VERSION="$(wget -qO- "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"v\{0,1\}\([^"]*\)".*/\1/')" + TAG="$(wget -qO- "$LATEST_URL" | grep '"tag_name"' | sed 's/.*"tag_name": *"\([^"]*\)".*/\1/')" else echo "error: curl or wget is required" >&2 exit 1 fi -if [ -z "$VERSION" ]; then - echo "error: could not determine latest release version" >&2 +if [ -z "$TAG" ]; then + echo "error: could not determine latest release tag" >&2 exit 1 fi +# Strip leading v for archive filename (goreleaser convention) +VERSION="${TAG#v}" + echo "Installing ${BINARY} ${VERSION} (${OS}/${ARCH})..." ARCHIVE="${BINARY}_${VERSION}_${OS}_${ARCH}.tar.gz" -BASE_URL="https://github.com/${REPO}/releases/download/v${VERSION}" +BASE_URL="https://github.com/${REPO}/releases/download/${TAG}" ARCHIVE_URL="${BASE_URL}/${ARCHIVE}" CHECKSUM_URL="${BASE_URL}/checksums.txt" @@ -79,7 +82,8 @@ download "$CHECKSUM_URL" "${TMP_DIR}/checksums.txt" echo "Verifying checksum..." EXPECTED="$(grep "${ARCHIVE}" "${TMP_DIR}/checksums.txt" | awk '{print $1}')" if [ -z "$EXPECTED" ]; then - echo "warning: archive not found in checksums.txt; skipping verification" >&2 + echo "error: archive not found in checksums.txt" >&2 + exit 1 elif command -v sha256sum >/dev/null 2>&1; then ACTUAL="$(sha256sum "${TMP_DIR}/${ARCHIVE}" | awk '{print $1}')" if [ "$ACTUAL" != "$EXPECTED" ]; then diff --git a/skills/review/SKILL.md b/skills/review/SKILL.md index 50ade0e..78cd728 100644 --- a/skills/review/SKILL.md +++ b/skills/review/SKILL.md @@ -116,11 +116,11 @@ Only runs when the user passes `--fix` or explicitly asks to fix findings. For each finding rated critical or high with a concrete fix: 1. Apply the fix (use the builder role if available, otherwise fix directly) -2. Re-run only the relevant persona on the changed file +2. Re-run the persona that originally flagged the finding on the changed file 3. If the reviewer confirms the fix, mark as resolved 4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding) -After all fixes, re-run the full aggregate step on the final diff. Report what was fixed, what remains, and what needs the user's decision. +After all fixes, re-run all personas on the final diff to catch issues introduced by fixes. The final aggregate uses only fresh findings from this re-run, not stale output from the original review. ## Rules From 52b4e4562b258bf20097f50f81c07d7a6f203208 Mon Sep 17 00:00:00 2001 From: Kirill Korikov <11762090+yourconscience@users.noreply.github.com> Date: Thu, 18 Jun 2026 15:04:17 +0200 Subject: [PATCH 3/3] fix bot review: detect default branch, run tests in fix loop --- plugins/dotagents/skills/review/SKILL.md | 13 ++++++++----- skills/review/SKILL.md | 13 ++++++++----- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/plugins/dotagents/skills/review/SKILL.md b/plugins/dotagents/skills/review/SKILL.md index 78cd728..5fe7f05 100644 --- a/plugins/dotagents/skills/review/SKILL.md +++ b/plugins/dotagents/skills/review/SKILL.md @@ -14,7 +14,7 @@ Not the same as `/pr-triage`, which reacts to existing PR comments and CI failur ``` /review # review staged + unstaged changes /review HEAD~3..HEAD # review last 3 commits -/review main..HEAD # review current branch vs main +/review main..HEAD # review current branch vs base /review --fix # review and fix findings (iterative) /review --persona security # single-persona review ``` @@ -29,9 +29,11 @@ If the user provided a range, use it. Otherwise detect: # If there are staged/unstaged changes, review those git diff HEAD -# If clean working tree, review current branch vs base -git log --oneline main..HEAD -git diff main...HEAD +# If clean working tree, review current branch vs default base +BASE="$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/origin/||')" +BASE="${BASE:-main}" +git log --oneline "${BASE}..HEAD" +git diff "${BASE}...HEAD" ``` Identify relevant context files: CONTRIBUTING.md, coding standards, project CLAUDE.md/AGENTS.md, any spec or PRD referenced in recent commit messages. @@ -116,7 +118,8 @@ Only runs when the user passes `--fix` or explicitly asks to fix findings. For each finding rated critical or high with a concrete fix: 1. Apply the fix (use the builder role if available, otherwise fix directly) -2. Re-run the persona that originally flagged the finding on the changed file +2. Run tests or build if available to catch regressions before re-review +3. Re-run the persona that originally flagged the finding on the changed file 3. If the reviewer confirms the fix, mark as resolved 4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding) diff --git a/skills/review/SKILL.md b/skills/review/SKILL.md index 78cd728..5fe7f05 100644 --- a/skills/review/SKILL.md +++ b/skills/review/SKILL.md @@ -14,7 +14,7 @@ Not the same as `/pr-triage`, which reacts to existing PR comments and CI failur ``` /review # review staged + unstaged changes /review HEAD~3..HEAD # review last 3 commits -/review main..HEAD # review current branch vs main +/review main..HEAD # review current branch vs base /review --fix # review and fix findings (iterative) /review --persona security # single-persona review ``` @@ -29,9 +29,11 @@ If the user provided a range, use it. Otherwise detect: # If there are staged/unstaged changes, review those git diff HEAD -# If clean working tree, review current branch vs base -git log --oneline main..HEAD -git diff main...HEAD +# If clean working tree, review current branch vs default base +BASE="$(git symbolic-ref refs/remotes/origin/HEAD 2>/dev/null | sed 's|refs/remotes/origin/||')" +BASE="${BASE:-main}" +git log --oneline "${BASE}..HEAD" +git diff "${BASE}...HEAD" ``` Identify relevant context files: CONTRIBUTING.md, coding standards, project CLAUDE.md/AGENTS.md, any spec or PRD referenced in recent commit messages. @@ -116,7 +118,8 @@ Only runs when the user passes `--fix` or explicitly asks to fix findings. For each finding rated critical or high with a concrete fix: 1. Apply the fix (use the builder role if available, otherwise fix directly) -2. Re-run the persona that originally flagged the finding on the changed file +2. Run tests or build if available to catch regressions before re-review +3. Re-run the persona that originally flagged the finding on the changed file 3. If the reviewer confirms the fix, mark as resolved 4. If the reviewer finds a new issue with the fix, iterate (max 3 rounds per finding)