# Review-Only Workflow # Reviews code or PRs without making any edits # Local: console output only. PR specified: posts inline comments + summary to PR # # Flow: # plan -> reviewers (parallel: arch-review + security-review + ai-review) -> supervise # -> pr-comment -> COMPLETE (PR comment requested) # -> COMPLETE (local: console output only) # -> ABORT (rejected) # # All movements have edit: false (no file modifications) # # Template Variables: # {iteration} - Workflow-wide turn count # {max_iterations} - Maximum iterations allowed # {movement_iteration} - Per-movement iteration count # {task} - Original user request # {previous_response} - Output from the previous movement # {user_inputs} - Accumulated user inputs # {report_dir} - Report directory name name: review-only description: Review-only workflow - reviews code without making edits max_iterations: 10 initial_movement: plan movements: - name: plan edit: false agent: ../agents/default/planner.md allowed_tools: - Read - Glob - Grep - WebSearch - WebFetch rules: - condition: Review scope is clear next: reviewers - condition: User is asking a question (not a review task) next: COMPLETE - condition: Requirements unclear, insufficient info next: ABORT appendix: | Clarifications needed: - {Question 1} - {Question 2} pass_previous_response: true instruction_template: | ## Previous Response (when returned from supervise) {previous_response} Analyze the review request and create a review plan. **This is a review-only workflow.** No code edits will be made. Focus on: 1. Identify which files/modules to review 2. Determine review focus areas (architecture, security, AI patterns, etc.) 3. Note any specific concerns mentioned in the request **If a PR number is mentioned** (e.g., "PR #42"), include it in your plan so reviewers can focus on the PR's changed files. - name: reviewers parallel: - name: arch-review edit: false agent: ../agents/default/architecture-reviewer.md report: name: 01-architect-review.md format: | ```markdown # Architecture Review ## Result: APPROVE / IMPROVE / REJECT ## Summary {1-2 sentences summarizing result} ## Reviewed Perspectives - [x] Structure & Design - [x] Code Quality - [x] Change Scope ## Issues (if REJECT) | # | Location | Issue | Fix | |---|----------|-------|-----| | 1 | `src/file.ts:42` | Issue description | Fix method | ## Improvement Suggestions (optional, non-blocking) - {Future improvement suggestions} ``` **Cognitive load reduction rules:** - APPROVE + no issues -> Summary only (5 lines or less) - APPROVE + minor suggestions -> Summary + suggestions (15 lines or less) - REJECT -> Issues in table format (30 lines or less) allowed_tools: - Read - Glob - Grep - WebSearch - WebFetch rules: - condition: approved - condition: needs_fix instruction_template: | Focus on **architecture and design** review. Do NOT review AI-specific issues (that's the ai_review movement). Review the code and provide feedback. - name: security-review edit: false agent: ../agents/default/security-reviewer.md report: name: 02-security-review.md format: | ```markdown # Security Review ## Result: APPROVE / REJECT ## Severity: None / Low / Medium / High / Critical ## Check Results | Category | Result | Notes | |----------|--------|-------| | Injection | - | - | | Auth/Authz | - | - | | Data Protection | - | - | | Dependencies | - | - | ## Vulnerabilities (if REJECT) | # | Severity | Type | Location | Fix | |---|----------|------|----------|-----| | 1 | High | SQLi | `src/db.ts:42` | Use parameterized query | ## Warnings (non-blocking) - {Security recommendations} ``` **Cognitive load reduction rules:** - No issues -> Check table only (10 lines or less) - Warnings -> + Warnings 1-2 lines (15 lines or less) - Vulnerabilities -> + Table format (30 lines or less) allowed_tools: - Read - Glob - Grep - WebSearch - WebFetch rules: - condition: approved - condition: needs_fix instruction_template: | Perform security review on the code. Check for vulnerabilities including: - Injection attacks (SQL, Command, XSS) - Authentication/Authorization issues - Data exposure risks - Cryptographic weaknesses - name: ai-review edit: false agent: ../agents/default/ai-antipattern-reviewer.md report: name: 03-ai-review.md format: | ```markdown # AI-Generated Code Review ## Result: APPROVE / REJECT ## Summary {One sentence summarizing result} ## Verified Items | Aspect | Result | Notes | |--------|--------|-------| | Assumption validity | - | - | | API/Library existence | - | - | | Context fit | - | - | | Scope | - | - | ## Issues (if REJECT) | # | Category | Location | Issue | |---|----------|----------|-------| | 1 | Hallucinated API | `src/file.ts:23` | Non-existent method | ``` **Cognitive load reduction rules:** - No issues -> Summary 1 line + check table only (10 lines or less) - Issues found -> + Issues in table format (25 lines or less) allowed_tools: - Read - Glob - Grep - WebSearch - WebFetch rules: - condition: approved - condition: needs_fix instruction_template: | Review the code for AI-specific issues: - Assumption validation - Plausible but wrong patterns - Context fit with existing codebase - Scope creep detection rules: - condition: all("approved") next: supervise - condition: any("needs_fix") next: supervise - name: supervise edit: false agent: ../agents/default/supervisor.md report: - Review Summary: 04-review-summary.md allowed_tools: - Read - Glob - Grep - WebSearch - WebFetch rules: - condition: approved, PR comment requested next: pr-comment - condition: approved next: COMPLETE - condition: rejected next: ABORT pass_previous_response: true instruction_template: | ## Review Results {previous_response} **This is a review-only workflow.** Do NOT run tests or builds. Your role is to synthesize the review results and produce a final summary. **Tasks:** 1. Read all review reports in the Report Directory 2. Synthesize findings from architecture, security, and AI reviews 3. Produce a consolidated review summary with overall verdict 4. Determine routing: - If the task mentions posting to a PR (e.g., "post comments to PR", "comment on PR"), route to `pr-comment` movement (condition: "approved, PR comment requested") - If local review only, route to COMPLETE (condition: "approved") - If critical issues found, route to ABORT (condition: "rejected") **Review Summary report format:** ```markdown # Review Summary ## Overall Verdict: APPROVE / REJECT ## Summary {2-3 sentences consolidating all review results} ## Review Results | Review | Result | Key Findings | |--------|--------|--------------| | Architecture | APPROVE/REJECT | {Brief finding} | | Security | APPROVE/REJECT | {Brief finding} | | AI Antipattern | APPROVE/REJECT | {Brief finding} | ## Issues Requiring Attention | # | Severity | Source | Location | Issue | |---|----------|--------|----------|-------| | 1 | High | Security | `file:line` | Description | ## Improvement Suggestions - {Consolidated suggestions from all reviews} ``` - name: pr-comment edit: false agent: ../agents/review/pr-commenter.md allowed_tools: - Read - Glob - Grep - Bash rules: - condition: Comments posted next: COMPLETE - condition: Failed to post comments next: COMPLETE pass_previous_response: true instruction_template: | ## Review Summary {previous_response} Post the review results to the PR as comments. **Procedure:** 1. Extract the PR number from the task description 2. Read all review reports in the Report Directory: - `01-architect-review.md` (Architecture review) - `02-security-review.md` (Security review) - `03-ai-review.md` (AI antipattern review) - `04-review-summary.md` (Consolidated summary) 3. Filter findings by severity and post inline comments for Critical/High/Medium 4. Post a summary comment with the following format: ``` ## Automated Review Summary {Overall verdict and summary from 04-review-summary.md} ### Review Results | Review | Result | |--------|--------| | Architecture | {result} | | Security | {result} | | AI Antipattern | {result} | ### Key Findings {Bulleted list of important findings} ### Improvement Suggestions {Consolidated suggestions} --- *Generated by [takt](https://github.com/toruticas/takt) review-only workflow* ```