@chorus-aidlc/chorus 0.11.0 → 0.11.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (201) hide show
  1. package/.next/standalone/.next/BUILD_ID +1 -1
  2. package/.next/standalone/.next/app-build-manifest.json +307 -307
  3. package/.next/standalone/.next/app-path-routes-manifest.json +40 -40
  4. package/.next/standalone/.next/build-manifest.json +5 -5
  5. package/.next/standalone/.next/prerender-manifest.json +27 -27
  6. package/.next/standalone/.next/server/app/(dashboard)/project-groups/[uuid]/page_client-reference-manifest.js +1 -1
  7. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/activity/page_client-reference-manifest.js +1 -1
  8. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/dashboard/[ideaUuid]/page_client-reference-manifest.js +1 -1
  9. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/dashboard/page.js +2 -2
  10. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/dashboard/page_client-reference-manifest.js +1 -1
  11. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/documents/[documentUuid]/page.js +1 -1
  12. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/documents/[documentUuid]/page_client-reference-manifest.js +1 -1
  13. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/documents/page.js +1 -1
  14. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/documents/page_client-reference-manifest.js +1 -1
  15. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/proposals/[proposalUuid]/page.js +1 -1
  16. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/proposals/[proposalUuid]/page_client-reference-manifest.js +1 -1
  17. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/proposals/new/page_client-reference-manifest.js +1 -1
  18. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/proposals/page.js +1 -1
  19. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/proposals/page_client-reference-manifest.js +1 -1
  20. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/tasks/[taskUuid]/page_client-reference-manifest.js +1 -1
  21. package/.next/standalone/.next/server/app/(dashboard)/projects/[uuid]/tasks/page_client-reference-manifest.js +1 -1
  22. package/.next/standalone/.next/server/app/(dashboard)/projects/page_client-reference-manifest.js +1 -1
  23. package/.next/standalone/.next/server/app/(dashboard)/settings/page_client-reference-manifest.js +1 -1
  24. package/.next/standalone/.next/server/app/_not-found/page_client-reference-manifest.js +1 -1
  25. package/.next/standalone/.next/server/app/_not-found.html +1 -1
  26. package/.next/standalone/.next/server/app/_not-found.rsc +2 -2
  27. package/.next/standalone/.next/server/app/admin/companies/[uuid]/page_client-reference-manifest.js +1 -1
  28. package/.next/standalone/.next/server/app/admin/companies/new/page_client-reference-manifest.js +1 -1
  29. package/.next/standalone/.next/server/app/admin/companies/new.html +1 -1
  30. package/.next/standalone/.next/server/app/admin/companies/new.rsc +2 -2
  31. package/.next/standalone/.next/server/app/admin/companies/page_client-reference-manifest.js +1 -1
  32. package/.next/standalone/.next/server/app/admin/companies.html +1 -1
  33. package/.next/standalone/.next/server/app/admin/companies.rsc +2 -2
  34. package/.next/standalone/.next/server/app/admin/page_client-reference-manifest.js +1 -1
  35. package/.next/standalone/.next/server/app/admin.html +1 -1
  36. package/.next/standalone/.next/server/app/admin.rsc +2 -2
  37. package/.next/standalone/.next/server/app/api/admin/companies/[uuid]/route_client-reference-manifest.js +1 -1
  38. package/.next/standalone/.next/server/app/api/admin/companies/route_client-reference-manifest.js +1 -1
  39. package/.next/standalone/.next/server/app/api/admin/login/route_client-reference-manifest.js +1 -1
  40. package/.next/standalone/.next/server/app/api/admin/session/route_client-reference-manifest.js +1 -1
  41. package/.next/standalone/.next/server/app/api/agent-connections/route_client-reference-manifest.js +1 -1
  42. package/.next/standalone/.next/server/app/api/agents/[uuid]/route_client-reference-manifest.js +1 -1
  43. package/.next/standalone/.next/server/app/api/agents/[uuid]/sessions/route_client-reference-manifest.js +1 -1
  44. package/.next/standalone/.next/server/app/api/agents/route_client-reference-manifest.js +1 -1
  45. package/.next/standalone/.next/server/app/api/api-keys/[uuid]/route_client-reference-manifest.js +1 -1
  46. package/.next/standalone/.next/server/app/api/api-keys/route_client-reference-manifest.js +1 -1
  47. package/.next/standalone/.next/server/app/api/auth/callback/route_client-reference-manifest.js +1 -1
  48. package/.next/standalone/.next/server/app/api/auth/check-default/route_client-reference-manifest.js +1 -1
  49. package/.next/standalone/.next/server/app/api/auth/company-oidc/route_client-reference-manifest.js +1 -1
  50. package/.next/standalone/.next/server/app/api/auth/default-login/route_client-reference-manifest.js +1 -1
  51. package/.next/standalone/.next/server/app/api/auth/identify/route_client-reference-manifest.js +1 -1
  52. package/.next/standalone/.next/server/app/api/auth/logout/route_client-reference-manifest.js +1 -1
  53. package/.next/standalone/.next/server/app/api/auth/me/route_client-reference-manifest.js +1 -1
  54. package/.next/standalone/.next/server/app/api/auth/refresh/route_client-reference-manifest.js +1 -1
  55. package/.next/standalone/.next/server/app/api/auth/session/route_client-reference-manifest.js +1 -1
  56. package/.next/standalone/.next/server/app/api/auth/sync-token/route_client-reference-manifest.js +1 -1
  57. package/.next/standalone/.next/server/app/api/comments/route_client-reference-manifest.js +1 -1
  58. package/.next/standalone/.next/server/app/api/daemon/control/route_client-reference-manifest.js +1 -1
  59. package/.next/standalone/.next/server/app/api/daemon/execution-state/route_client-reference-manifest.js +1 -1
  60. package/.next/standalone/.next/server/app/api/daemon/executions/route_client-reference-manifest.js +1 -1
  61. package/.next/standalone/.next/server/app/api/daemon/pending-turns/route_client-reference-manifest.js +1 -1
  62. package/.next/standalone/.next/server/app/api/daemon/report-interrupt/route_client-reference-manifest.js +1 -1
  63. package/.next/standalone/.next/server/app/api/daemon/resume/route_client-reference-manifest.js +1 -1
  64. package/.next/standalone/.next/server/app/api/daemon/transcript/route_client-reference-manifest.js +1 -1
  65. package/.next/standalone/.next/server/app/api/daemon/turn-advance/route_client-reference-manifest.js +1 -1
  66. package/.next/standalone/.next/server/app/api/daemon-sessions/[sessionUuid]/instruction/route_client-reference-manifest.js +1 -1
  67. package/.next/standalone/.next/server/app/api/daemon-sessions/[sessionUuid]/route_client-reference-manifest.js +1 -1
  68. package/.next/standalone/.next/server/app/api/daemon-sessions/ad-hoc/route_client-reference-manifest.js +1 -1
  69. package/.next/standalone/.next/server/app/api/daemon-sessions/route_client-reference-manifest.js +1 -1
  70. package/.next/standalone/.next/server/app/api/documents/[uuid]/route_client-reference-manifest.js +1 -1
  71. package/.next/standalone/.next/server/app/api/entities/[type]/[uuid]/root-idea/route_client-reference-manifest.js +1 -1
  72. package/.next/standalone/.next/server/app/api/events/notifications/route_client-reference-manifest.js +1 -1
  73. package/.next/standalone/.next/server/app/api/events/route_client-reference-manifest.js +1 -1
  74. package/.next/standalone/.next/server/app/api/health/route_client-reference-manifest.js +1 -1
  75. package/.next/standalone/.next/server/app/api/ideas/[uuid]/claim/route_client-reference-manifest.js +1 -1
  76. package/.next/standalone/.next/server/app/api/ideas/[uuid]/move/preview/route_client-reference-manifest.js +1 -1
  77. package/.next/standalone/.next/server/app/api/ideas/[uuid]/move/route_client-reference-manifest.js +1 -1
  78. package/.next/standalone/.next/server/app/api/ideas/[uuid]/parent/route_client-reference-manifest.js +1 -1
  79. package/.next/standalone/.next/server/app/api/ideas/[uuid]/release/route_client-reference-manifest.js +1 -1
  80. package/.next/standalone/.next/server/app/api/ideas/[uuid]/route_client-reference-manifest.js +1 -1
  81. package/.next/standalone/.next/server/app/api/mcp/route_client-reference-manifest.js +1 -1
  82. package/.next/standalone/.next/server/app/api/me/assignments/route_client-reference-manifest.js +1 -1
  83. package/.next/standalone/.next/server/app/api/mentionables/route_client-reference-manifest.js +1 -1
  84. package/.next/standalone/.next/server/app/api/notifications/[uuid]/archive/route_client-reference-manifest.js +1 -1
  85. package/.next/standalone/.next/server/app/api/notifications/[uuid]/read/route_client-reference-manifest.js +1 -1
  86. package/.next/standalone/.next/server/app/api/notifications/preferences/route_client-reference-manifest.js +1 -1
  87. package/.next/standalone/.next/server/app/api/notifications/read-all/route_client-reference-manifest.js +1 -1
  88. package/.next/standalone/.next/server/app/api/notifications/route_client-reference-manifest.js +1 -1
  89. package/.next/standalone/.next/server/app/api/notifications/unread-count/route_client-reference-manifest.js +1 -1
  90. package/.next/standalone/.next/server/app/api/project-groups/[uuid]/dashboard/route_client-reference-manifest.js +1 -1
  91. package/.next/standalone/.next/server/app/api/project-groups/[uuid]/route_client-reference-manifest.js +1 -1
  92. package/.next/standalone/.next/server/app/api/project-groups/route_client-reference-manifest.js +1 -1
  93. package/.next/standalone/.next/server/app/api/projects/[uuid]/activity/route_client-reference-manifest.js +1 -1
  94. package/.next/standalone/.next/server/app/api/projects/[uuid]/available/route_client-reference-manifest.js +1 -1
  95. package/.next/standalone/.next/server/app/api/projects/[uuid]/documents/route_client-reference-manifest.js +1 -1
  96. package/.next/standalone/.next/server/app/api/projects/[uuid]/group/route_client-reference-manifest.js +1 -1
  97. package/.next/standalone/.next/server/app/api/projects/[uuid]/ideas/route_client-reference-manifest.js +1 -1
  98. package/.next/standalone/.next/server/app/api/projects/[uuid]/ideas/tracker/route_client-reference-manifest.js +1 -1
  99. package/.next/standalone/.next/server/app/api/projects/[uuid]/proposals/[proposalUuid]/validate/route_client-reference-manifest.js +1 -1
  100. package/.next/standalone/.next/server/app/api/projects/[uuid]/proposals/route_client-reference-manifest.js +1 -1
  101. package/.next/standalone/.next/server/app/api/projects/[uuid]/proposals/summary/route_client-reference-manifest.js +1 -1
  102. package/.next/standalone/.next/server/app/api/projects/[uuid]/route_client-reference-manifest.js +1 -1
  103. package/.next/standalone/.next/server/app/api/projects/[uuid]/stats/route_client-reference-manifest.js +1 -1
  104. package/.next/standalone/.next/server/app/api/projects/[uuid]/tasks/dependencies/route_client-reference-manifest.js +1 -1
  105. package/.next/standalone/.next/server/app/api/projects/[uuid]/tasks/route_client-reference-manifest.js +1 -1
  106. package/.next/standalone/.next/server/app/api/projects/route_client-reference-manifest.js +1 -1
  107. package/.next/standalone/.next/server/app/api/proposals/[uuid]/approve/route_client-reference-manifest.js +1 -1
  108. package/.next/standalone/.next/server/app/api/proposals/[uuid]/close/route_client-reference-manifest.js +1 -1
  109. package/.next/standalone/.next/server/app/api/proposals/[uuid]/reject/route_client-reference-manifest.js +1 -1
  110. package/.next/standalone/.next/server/app/api/proposals/[uuid]/revoke/route_client-reference-manifest.js +1 -1
  111. package/.next/standalone/.next/server/app/api/proposals/[uuid]/route_client-reference-manifest.js +1 -1
  112. package/.next/standalone/.next/server/app/api/search/route_client-reference-manifest.js +1 -1
  113. package/.next/standalone/.next/server/app/api/sessions/[uuid]/route_client-reference-manifest.js +1 -1
  114. package/.next/standalone/.next/server/app/api/tasks/[uuid]/claim/route_client-reference-manifest.js +1 -1
  115. package/.next/standalone/.next/server/app/api/tasks/[uuid]/dependencies/[dependsOnUuid]/route_client-reference-manifest.js +1 -1
  116. package/.next/standalone/.next/server/app/api/tasks/[uuid]/dependencies/route_client-reference-manifest.js +1 -1
  117. package/.next/standalone/.next/server/app/api/tasks/[uuid]/release/route_client-reference-manifest.js +1 -1
  118. package/.next/standalone/.next/server/app/api/tasks/[uuid]/route_client-reference-manifest.js +1 -1
  119. package/.next/standalone/.next/server/app/api/tasks/[uuid]/sessions/route_client-reference-manifest.js +1 -1
  120. package/.next/standalone/.next/server/app/index.html +1 -1
  121. package/.next/standalone/.next/server/app/index.rsc +2 -2
  122. package/.next/standalone/.next/server/app/login/admin/page_client-reference-manifest.js +1 -1
  123. package/.next/standalone/.next/server/app/login/admin.html +1 -1
  124. package/.next/standalone/.next/server/app/login/admin.rsc +2 -2
  125. package/.next/standalone/.next/server/app/login/callback/page_client-reference-manifest.js +1 -1
  126. package/.next/standalone/.next/server/app/login/callback.html +1 -1
  127. package/.next/standalone/.next/server/app/login/callback.rsc +2 -2
  128. package/.next/standalone/.next/server/app/login/page_client-reference-manifest.js +1 -1
  129. package/.next/standalone/.next/server/app/login/pick-workspace/page_client-reference-manifest.js +1 -1
  130. package/.next/standalone/.next/server/app/login/pick-workspace.html +1 -1
  131. package/.next/standalone/.next/server/app/login/pick-workspace.rsc +2 -2
  132. package/.next/standalone/.next/server/app/login/silent-refresh/page_client-reference-manifest.js +1 -1
  133. package/.next/standalone/.next/server/app/login/silent-refresh.html +1 -1
  134. package/.next/standalone/.next/server/app/login/silent-refresh.rsc +2 -2
  135. package/.next/standalone/.next/server/app/login.html +1 -1
  136. package/.next/standalone/.next/server/app/login.rsc +2 -2
  137. package/.next/standalone/.next/server/app/onboarding/page_client-reference-manifest.js +1 -1
  138. package/.next/standalone/.next/server/app/onboarding.html +1 -1
  139. package/.next/standalone/.next/server/app/onboarding.rsc +3 -3
  140. package/.next/standalone/.next/server/app/page_client-reference-manifest.js +1 -1
  141. package/.next/standalone/.next/server/app/projects.html +1 -1
  142. package/.next/standalone/.next/server/app/projects.rsc +3 -3
  143. package/.next/standalone/.next/server/app/settings.html +1 -1
  144. package/.next/standalone/.next/server/app/settings.rsc +3 -3
  145. package/.next/standalone/.next/server/app-paths-manifest.json +40 -40
  146. package/.next/standalone/.next/server/chunks/2213.js +1 -1
  147. package/.next/standalone/.next/server/chunks/2961.js +1 -1
  148. package/.next/standalone/.next/server/chunks/3219.js +1 -1
  149. package/.next/standalone/.next/server/chunks/5631.js +1 -1
  150. package/.next/standalone/.next/server/chunks/6113.js +1 -1
  151. package/.next/standalone/.next/server/chunks/7063.js +2 -2
  152. package/.next/standalone/.next/server/chunks/7368.js +1 -1
  153. package/.next/standalone/.next/server/chunks/920.js +1 -1
  154. package/.next/standalone/.next/server/middleware-build-manifest.js +1 -1
  155. package/.next/standalone/.next/server/middleware-manifest.json +1 -1
  156. package/.next/standalone/.next/server/pages/404.html +1 -1
  157. package/.next/standalone/.next/server/pages/500.html +1 -1
  158. package/.next/standalone/.next/server/pages-manifest.json +1 -1
  159. package/.next/standalone/.next/server/server-reference-manifest.js +1 -1
  160. package/.next/standalone/.next/server/server-reference-manifest.json +1 -1
  161. package/.next/standalone/.next/static/chunks/4860.8bdb37c964f92e48.js +1 -0
  162. package/.next/standalone/.next/static/chunks/64648-ece4e2a59672cf63.js +1 -0
  163. package/.next/standalone/.next/static/chunks/99373.12370329b9ab6beb.js +1 -0
  164. package/.next/standalone/.next/static/chunks/app/(dashboard)/projects/[uuid]/dashboard/page-a28f0eaa6f4ac94a.js +1 -0
  165. package/.next/standalone/.next/static/chunks/{webpack-87284a4533d77eaf.js → webpack-039590181c63871d.js} +1 -1
  166. package/.next/standalone/.next/static/css/{e78b3c856420a09f.css → 1d9aaac01758b297.css} +1 -1
  167. package/.next/standalone/package.json +1 -1
  168. package/.next/standalone/public/chorus-plugin/.claude-plugin/plugin.json +13 -1
  169. package/.next/standalone/public/chorus-plugin/agents/code-reviewer.md +167 -0
  170. package/.next/standalone/public/chorus-plugin/bin/on-post-verify-task.sh +97 -17
  171. package/.next/standalone/public/chorus-plugin/bin/tests/test-on-post-verify-task.sh +191 -1
  172. package/.next/standalone/public/chorus-plugin/skills/brainstorm/SKILL.md +1 -1
  173. package/.next/standalone/public/chorus-plugin/skills/chorus/SKILL.md +7 -4
  174. package/.next/standalone/public/chorus-plugin/skills/develop/SKILL.md +3 -1
  175. package/.next/standalone/public/chorus-plugin/skills/idea/SKILL.md +1 -1
  176. package/.next/standalone/public/chorus-plugin/skills/openspec-aware/SKILL.md +1 -1
  177. package/.next/standalone/public/chorus-plugin/skills/proposal/SKILL.md +1 -1
  178. package/.next/standalone/public/chorus-plugin/skills/quick-dev/SKILL.md +1 -1
  179. package/.next/standalone/public/chorus-plugin/skills/review/SKILL.md +12 -3
  180. package/.next/standalone/public/chorus-plugin/skills/yolo/SKILL.md +40 -1
  181. package/.next/standalone/public/skill/brainstorm-chorus/SKILL.md +1 -1
  182. package/.next/standalone/public/skill/chorus/SKILL.md +16 -11
  183. package/.next/standalone/public/skill/code-reviewer-chorus/SKILL.md +225 -0
  184. package/.next/standalone/public/skill/develop-chorus/SKILL.md +3 -1
  185. package/.next/standalone/public/skill/idea-chorus/SKILL.md +1 -1
  186. package/.next/standalone/public/skill/package.json +2 -0
  187. package/.next/standalone/public/skill/proposal-chorus/SKILL.md +1 -1
  188. package/.next/standalone/public/skill/proposal-reviewer-chorus/SKILL.md +1 -1
  189. package/.next/standalone/public/skill/quick-dev-chorus/SKILL.md +1 -1
  190. package/.next/standalone/public/skill/review-chorus/SKILL.md +12 -1
  191. package/.next/standalone/public/skill/task-reviewer-chorus/SKILL.md +1 -1
  192. package/.next/standalone/public/skill/yolo-chorus/SKILL.md +35 -1
  193. package/README.md +2 -0
  194. package/README.zh.md +2 -0
  195. package/package.json +1 -1
  196. package/.next/standalone/.next/static/chunks/4860.43f5ad8a3aaed0e8.js +0 -1
  197. package/.next/standalone/.next/static/chunks/64648-81f03be6f9793ab9.js +0 -1
  198. package/.next/standalone/.next/static/chunks/99373.0768feb3a08c7da3.js +0 -1
  199. package/.next/standalone/.next/static/chunks/app/(dashboard)/projects/[uuid]/dashboard/page-e00752a72c31663f.js +0 -1
  200. /package/.next/standalone/.next/static/{519aK55QLHaVN7b1TVDkB → GQvpOux3M9CaxkMjL9GAI}/_buildManifest.js +0 -0
  201. /package/.next/standalone/.next/static/{519aK55QLHaVN7b1TVDkB → GQvpOux3M9CaxkMjL9GAI}/_ssgManifest.js +0 -0
@@ -4,7 +4,7 @@ description: Chorus AI Agent collaboration platform — overview, common tools,
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -308,12 +308,14 @@ The table below shows default tool availability for each preset (no custom permi
308
308
 
309
309
  ### 5. Review Agent Configuration
310
310
 
311
- The plugin includes two independent review agents. After proposal submission or task verification, a PostToolUse hook injects context instructing the main agent to spawn the reviewer. The main agent must spawn it manually — it is NOT auto-launched. Both are **enabled by default**.
311
+ The plugin includes three independent review agents. After proposal submission, task verification, or the last task of an idea-rooted proposal being verified, a PostToolUse hook injects context instructing the main agent to spawn the reviewer. The main agent must spawn it manually — it is NOT auto-launched. All are **enabled by default**.
312
312
 
313
313
  | Setting | Controls | Default |
314
314
  |---------|----------|---------|
315
315
  | `enableProposalReviewer` | Spawn `chorus:proposal-reviewer` after `chorus_pm_submit_proposal` | `true` (enabled) |
316
316
  | `enableTaskReviewer` | Spawn `chorus:task-reviewer` after `chorus_submit_for_verify` | `true` (enabled) |
317
+ | `enableCodeReviewer` | Spawn `chorus:code-reviewer` over the Idea's aggregate change after its last task is verified (final ship gateway) | `true` (enabled) |
318
+ | `maxCodeReviewRounds` | Max code-review rounds before escalating to a human (0 = unlimited) | `3` |
317
319
 
318
320
  To disable, reconfigure the plugin via `/plugin` settings or manually edit `~/.claude/settings.json`:
319
321
 
@@ -323,14 +325,15 @@ To disable, reconfigure the plugin via `/plugin` settings or manually edit `~/.c
323
325
  "chorus@chorus-plugins": {
324
326
  "options": {
325
327
  "enableProposalReviewer": false,
326
- "enableTaskReviewer": false
328
+ "enableTaskReviewer": false,
329
+ "enableCodeReviewer": false
327
330
  }
328
331
  }
329
332
  }
330
333
  }
331
334
  ```
332
335
 
333
- When enabled, reviewers run as read-only sub-agents and post a VERDICT comment on the proposal/task. Three possible outcomes: **PASS** (no issues), **PASS WITH NOTES** (minor non-blocking notes), or **FAIL** (BLOCKERs found). Results are advisory — they do not block approval or verification. Disabling reduces token usage but removes the independent quality gate.
336
+ When enabled, reviewers run as read-only sub-agents and post a VERDICT comment on the proposal/task/idea. Three possible outcomes: **PASS** (no issues), **PASS WITH NOTES** (minor non-blocking notes), or **FAIL** (BLOCKERs found). Results are advisory — they do not block approval, verification, or ship; the code-review gateway in particular is behavioral (it does not change the Idea's stored status). On a code-review FAIL, fix it via the `/chorus:quick-dev` workflow: `chorus_create_tasks` with `proposalUuid` set to the current approved proposal so the fix tasks attach to it, then execute → verify and re-run the gateway. Disabling reduces token usage but removes the independent quality gate.
334
337
 
335
338
  ---
336
339
 
@@ -4,7 +4,7 @@ description: Chorus Development workflow — claim tasks, report work, manage se
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -237,6 +237,8 @@ Find the most recent comment containing `VERDICT:` and act on it:
237
237
 
238
238
  If no new `VERDICT:` comment appears after the reviewer returns, it exhausted its `maxTurns` budget before posting. Respawn it ONCE with a concise-budget hint in the prompt: *"Stay within turn budget. Skip deep verification. Fetch task/proposal/comments, run only the core tests, and post your VERDICT comment within the first 12 turns."* If the second attempt still produces no VERDICT, review manually using the checklist and proceed.
239
239
 
240
+ > **Final code-review gateway (after the Idea's LAST task is verified):** when the task you just verified is the **last** task of its idea-rooted proposal, the feature is about to ship — the PostToolUse hook injects a reminder to spawn `chorus:code-reviewer` (gated by `enableCodeReviewer`, default on). Spawn it yourself in **foreground**, passing the `ideaUuid` + round number; it reviews the Idea's **aggregate** code change across all its tasks (cross-task integration, architecture, security, regression, feature-level coverage) and posts one `VERDICT` comment on the **idea**. `PASS` / `PASS WITH NOTES` → ship; `FAIL` → fix via `/chorus:quick-dev` (`chorus_create_tasks` with `proposalUuid` set to the current approved proposal so the fix tasks attach to it — do NOT reopen the verified tasks), then re-run the gateway, bounded by `maxCodeReviewRounds`. Advisory/behavioral, like the other reviewers. Run it **before** any idea-completion report.
241
+
240
242
  ### Step 9: Handle Review Feedback
241
243
 
242
244
  If the reviewer returns **FAIL**, or the task is reopened after verification:
@@ -4,7 +4,7 @@ description: Chorus Idea workflow — claim ideas, run elaboration rounds, and p
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Opt-in OpenSpec-mode authoring for Chorus PM workflows in Claude Co
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Chorus Proposal workflow — create proposals with document and tas
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Quick Task workflow — skip Idea→Proposal, create tasks directly
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Chorus Review workflow — approve/reject proposals, verify tasks,
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -62,9 +62,9 @@ Key responsibilities:
62
62
 
63
63
  ## Review Strategy
64
64
 
65
- When reviewing proposals or tasks, prefer spawning an independent reviewer sub-agent over reviewing manually:
65
+ When reviewing proposals, tasks, or an Idea's final aggregate code change, prefer spawning an independent reviewer sub-agent over reviewing manually:
66
66
 
67
- 1. **Try the reviewer first.** Spawn `chorus:proposal-reviewer` (for proposals) or `chorus:task-reviewer` (for tasks) as a read-only sub-agent. **Run it in foreground** (do NOT set `run_in_background`) — you must wait for the VERDICT before proceeding. It posts a VERDICT comment with detailed findings.
67
+ 1. **Try the reviewer first.** Spawn `chorus:proposal-reviewer` (for proposals), `chorus:task-reviewer` (for tasks), or `chorus:code-reviewer` (the final ship-time gateway over an Idea's aggregate code change, after its last task is verified — pass the `ideaUuid`; it posts its VERDICT on the **idea**) as a read-only sub-agent. **Run it in foreground** (do NOT set `run_in_background`) — you must wait for the VERDICT before proceeding. It posts a VERDICT comment with detailed findings.
68
68
  2. **Read the VERDICT.** After the reviewer completes, call `chorus_get_comments` and find the most recent comment containing `VERDICT:`. There are exactly three possible outcomes:
69
69
  - **VERDICT: PASS** — No issues found. Approve (proposals) or mark AC passed and verify (tasks).
70
70
  - **VERDICT: PASS WITH NOTES** — Minor non-blocking notes. Still approve/verify. Notes are informational.
@@ -215,6 +215,15 @@ Spawn `chorus:task-reviewer` per the [Review Strategy](#review-strategy) above
215
215
  - **VERDICT: PASS** or **PASS WITH NOTES** → proceed to B3 (mark AC) and B4 (verify).
216
216
  - **VERDICT: FAIL** → skip to B4 and **reopen** the task. Do NOT mark AC as passed.
217
217
 
218
+ #### B2.6: Final Code-Review Gateway (after an Idea's LAST task is verified)
219
+
220
+ When the task you just verified is the **last** task of its idea-rooted proposal, run the ship-time code-review gateway before the Idea's code is considered shipped. The PostToolUse hook injects a reminder to spawn `chorus:code-reviewer` (gated by `enableCodeReviewer`, default on). Spawn it per the [Review Strategy](#review-strategy) — foreground, passing the `ideaUuid` + round number. It reviews the Idea's **aggregate** code change across all its tasks — cross-task integration, architecture/convention consistency, security, regression/performance, feature-level test coverage — dimensions a single-task review cannot see — and posts one `VERDICT` comment on the **idea**.
221
+
222
+ - **VERDICT: PASS** / **PASS WITH NOTES** → the feature may ship.
223
+ - **VERDICT: FAIL** → do not reopen the verified tasks; instead add new fix tasks to the approved proposal via `/chorus:quick-dev` (`chorus_create_tasks` with `proposalUuid` set to the current approved proposal so the fix tasks attach to it), execute → verify them, then re-run the gateway. Bounded by `maxCodeReviewRounds`.
224
+
225
+ > **Advisory / behavioral** — the gateway does not change the Idea's stored status; the admin honors its verdict. Run it **before** writing any idea-completion report (the report must not be written while a `FAIL` is outstanding).
226
+
218
227
  #### B3: Mark Acceptance Criteria
219
228
 
220
229
  Review and mark each criterion:
@@ -4,7 +4,7 @@ description: Full-auto AI-DLC pipeline — from prompt to done. Automates the en
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -23,6 +23,7 @@ Full-auto AI-DLC pipeline. User provides a prompt; agent drives the entire lifec
23
23
  2. **Proposal Review** -- proposal-reviewer adversarial loop
24
24
  3. **Execution** -- wave-based Agent Team parallel task dispatch
25
25
  4. **Verification** -- task-reviewer adversarial loop + admin verify
26
+ 4.5. **Code-Review Gateway** -- code-reviewer reviews the Idea's aggregate change before ship (FAIL → add fix tasks → re-run)
26
27
  5. **Report** -- completion summary
27
28
 
28
29
  ```
@@ -44,6 +45,9 @@ Full-auto AI-DLC pipeline. User provides a prompt; agent drives the entire lifec
44
45
  Admin Verify each wave --> unblock next
45
46
  |
46
47
  v
48
+ Code-Review Gateway (auto, up to maxCodeReviewRounds)
49
+ | PASS --> ship | FAIL --> add fix tasks --> re-run
50
+ v
47
51
  Done. Report summary.
48
52
  ```
49
53
 
@@ -443,6 +447,38 @@ Continue with remaining tasks -- do not halt the entire pipeline for one stuck t
443
447
 
444
448
  ---
445
449
 
450
+ ### Phase 4.5: Code-Review Gateway (mandatory pre-ship)
451
+
452
+ Once **every** task of the idea's proposal is verified (`done`) — i.e. Phase 3 finds no more unblocked tasks and all are terminal — run the final ship-time code-review gateway **before** declaring the Idea done and **before** the Phase 5b completion report. After the last task is verified, the PostToolUse hook injects a reminder to spawn the code-reviewer; you MUST spawn it yourself in **foreground** (do NOT set `run_in_background`).
453
+
454
+ ```
455
+ # Spawn the code-reviewer for the IDEA (not a task). Determine the round
456
+ # number by reading prior code-review VERDICT comments on the idea.
457
+ Agent({ subagent_type: "chorus:code-reviewer",
458
+ prompt: "Review the aggregate code for idea <idea-uuid>. Round: N." })
459
+
460
+ # Read its VERDICT on the idea
461
+ comments = chorus_get_comments({ targetType: "idea", targetUuid: "<idea-uuid>" })
462
+ # Find the most recent comment containing "VERDICT:"
463
+ ```
464
+
465
+ Act on the VERDICT:
466
+
467
+ - **PASS** / **PASS WITH NOTES** — the feature is cleared to ship. Proceed to Phase 5 / 5b.
468
+ - **FAIL** — do NOT ship. Read the BLOCKERs, then fix them via the **quick-dev** workflow (`/quick-dev`): call `chorus_create_tasks` with `proposalUuid` set to the **current approved proposal** so the fix tasks attach to it — do **not** reopen the already-verified tasks. Drive the fix tasks through Phase 3 (execute) → Phase 4 (verify), then **re-spawn the code-reviewer** for the next round. Loop bounded by `maxCodeReviewRounds` (plugin config, default 3; 0 = unlimited).
469
+
470
+ ```
471
+ # Max rounds escalation
472
+ ESCALATE: "Idea '<title>' failed code review after {maxCodeReviewRounds} rounds.
473
+ Last BLOCKERs: <list>. Manual intervention needed. Idea UUID: <uuid>"
474
+ ```
475
+
476
+ **No new VERDICT comment after the code-reviewer returns?** It exhausted its `maxTurns` budget (the code-reviewer runs with a larger budget than the task-reviewer because it reviews the whole feature). Respawn it ONCE with a concise-budget hint, then if still silent treat as PASS WITH NOTES and proceed — do not loop forever on a silent reviewer.
477
+
478
+ > The code-review gateway is **behavioral**, consistent with the proposal/task reviewers: its verdict is advisory and does not change the Idea's stored status. The /yolo orchestrator honors it — PASS to ship, FAIL to loop. It runs **before** the completion report so the report is never written for a feature with an outstanding FAIL.
479
+
480
+ ---
481
+
446
482
  ### Phase 5: Report
447
483
 
448
484
  After all waves complete, output a markdown summary:
@@ -474,6 +510,8 @@ After all waves complete, output a markdown summary:
474
510
 
475
511
  A successful `/yolo` run always finishes the Idea — call `chorus_create_report` once with `proposalUuid` set to the last verified proposal. The tool's description carries the section template; follow it. Surface the returned `documentUuid` in the Phase 5 summary. Skipping is a protocol violation.
476
512
 
513
+ > **Order:** the completion report is written only **after** the Phase 4.5 code-review gateway returns PASS / PASS WITH NOTES. Never write it while a code-review FAIL is outstanding — the report is a ship-time summary, and the gateway is what clears the feature to ship.
514
+
477
515
  ---
478
516
 
479
517
  ## Error Handling
@@ -484,6 +522,7 @@ A successful `/yolo` run always finishes the Idea — call `chorus_create_report
484
522
  | Project creation fails | Report error, suggest user create project manually and retry with `--project` |
485
523
  | Proposal reviewer FAIL after maxRounds | Stop pipeline, report persisting BLOCKERs, suggest manual review |
486
524
  | Task reviewer FAIL after maxRounds | Flag task as escalation-needed, continue with other tasks |
525
+ | Code-review gateway FAIL after maxCodeReviewRounds | Stop before ship, escalate the persisting feature-level BLOCKERs to a human (Idea UUID), do not write the completion report |
487
526
  | Sub-agent crash / no submit | Log error, skip task, pick it up in next wave if possible |
488
527
  | Ctrl+C | All entities persist in Chorus. User can resume via `/develop` or `/review` |
489
528
 
@@ -4,7 +4,7 @@ description: Optional divergent-then-convergent dialogue for fuzzy ideas. Invoke
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Chorus AI Agent collaboration platform — overview, common tools,
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -34,6 +34,7 @@ Skill files are hosted under the `<BASE_URL>/skill/` path.
34
34
  | **brainstorm-chorus** | Optional divergent→convergent dialogue, prelude to elaboration | `/skill/brainstorm-chorus/SKILL.md` |
35
35
  | **proposal-reviewer-chorus** | Read-only adversarial proposal reviewer (posts VERDICT) | `/skill/proposal-reviewer-chorus/SKILL.md` |
36
36
  | **task-reviewer-chorus** | Read-only adversarial task reviewer (posts VERDICT) | `/skill/task-reviewer-chorus/SKILL.md` |
37
+ | **code-reviewer-chorus** | Read-only adversarial code-review gateway — reviews an Idea's aggregate code change before ship (posts VERDICT on the Idea) | `/skill/code-reviewer-chorus/SKILL.md` |
37
38
  | **yolo-chorus** | Full-auto AI-DLC pipeline — prompt to done | `/skill/yolo-chorus/SKILL.md` |
38
39
  | **package.json** | Version & download metadata | `/skill/package.json` |
39
40
 
@@ -41,7 +42,7 @@ Skill files are hosted under the `<BASE_URL>/skill/` path.
41
42
 
42
43
  ```bash
43
44
  BASE_URL="<BASE_URL>"
44
- mkdir -p .claude/skills/chorus .claude/skills/idea-chorus .claude/skills/proposal-chorus .claude/skills/develop-chorus .claude/skills/review-chorus .claude/skills/quick-dev-chorus .claude/skills/brainstorm-chorus .claude/skills/proposal-reviewer-chorus .claude/skills/task-reviewer-chorus .claude/skills/yolo-chorus
45
+ mkdir -p .claude/skills/chorus .claude/skills/idea-chorus .claude/skills/proposal-chorus .claude/skills/develop-chorus .claude/skills/review-chorus .claude/skills/quick-dev-chorus .claude/skills/brainstorm-chorus .claude/skills/proposal-reviewer-chorus .claude/skills/task-reviewer-chorus .claude/skills/code-reviewer-chorus .claude/skills/yolo-chorus
45
46
  curl -s $BASE_URL/skill/chorus/SKILL.md > .claude/skills/chorus/SKILL.md
46
47
  curl -s $BASE_URL/skill/idea-chorus/SKILL.md > .claude/skills/idea-chorus/SKILL.md
47
48
  curl -s $BASE_URL/skill/proposal-chorus/SKILL.md > .claude/skills/proposal-chorus/SKILL.md
@@ -51,6 +52,7 @@ curl -s $BASE_URL/skill/quick-dev-chorus/SKILL.md > .claude/skills/quick-dev-cho
51
52
  curl -s $BASE_URL/skill/brainstorm-chorus/SKILL.md > .claude/skills/brainstorm-chorus/SKILL.md
52
53
  curl -s $BASE_URL/skill/proposal-reviewer-chorus/SKILL.md > .claude/skills/proposal-reviewer-chorus/SKILL.md
53
54
  curl -s $BASE_URL/skill/task-reviewer-chorus/SKILL.md > .claude/skills/task-reviewer-chorus/SKILL.md
55
+ curl -s $BASE_URL/skill/code-reviewer-chorus/SKILL.md > .claude/skills/code-reviewer-chorus/SKILL.md
54
56
  curl -s $BASE_URL/skill/yolo-chorus/SKILL.md > .claude/skills/yolo-chorus/SKILL.md
55
57
  curl -s $BASE_URL/skill/package.json > .claude/skills/chorus/package.json
56
58
  ```
@@ -59,7 +61,7 @@ curl -s $BASE_URL/skill/package.json > .claude/skills/chorus/package.json
59
61
 
60
62
  ```bash
61
63
  BASE_URL="<BASE_URL>"
62
- mkdir -p ~/.moltbot/skills/chorus ~/.moltbot/skills/idea-chorus ~/.moltbot/skills/proposal-chorus ~/.moltbot/skills/develop-chorus ~/.moltbot/skills/review-chorus ~/.moltbot/skills/quick-dev-chorus ~/.moltbot/skills/brainstorm-chorus ~/.moltbot/skills/proposal-reviewer-chorus ~/.moltbot/skills/task-reviewer-chorus ~/.moltbot/skills/yolo-chorus
64
+ mkdir -p ~/.moltbot/skills/chorus ~/.moltbot/skills/idea-chorus ~/.moltbot/skills/proposal-chorus ~/.moltbot/skills/develop-chorus ~/.moltbot/skills/review-chorus ~/.moltbot/skills/quick-dev-chorus ~/.moltbot/skills/brainstorm-chorus ~/.moltbot/skills/proposal-reviewer-chorus ~/.moltbot/skills/task-reviewer-chorus ~/.moltbot/skills/code-reviewer-chorus ~/.moltbot/skills/yolo-chorus
63
65
  curl -s $BASE_URL/skill/chorus/SKILL.md > ~/.moltbot/skills/chorus/SKILL.md
64
66
  curl -s $BASE_URL/skill/idea-chorus/SKILL.md > ~/.moltbot/skills/idea-chorus/SKILL.md
65
67
  curl -s $BASE_URL/skill/proposal-chorus/SKILL.md > ~/.moltbot/skills/proposal-chorus/SKILL.md
@@ -69,6 +71,7 @@ curl -s $BASE_URL/skill/quick-dev-chorus/SKILL.md > ~/.moltbot/skills/quick-dev-
69
71
  curl -s $BASE_URL/skill/brainstorm-chorus/SKILL.md > ~/.moltbot/skills/brainstorm-chorus/SKILL.md
70
72
  curl -s $BASE_URL/skill/proposal-reviewer-chorus/SKILL.md > ~/.moltbot/skills/proposal-reviewer-chorus/SKILL.md
71
73
  curl -s $BASE_URL/skill/task-reviewer-chorus/SKILL.md > ~/.moltbot/skills/task-reviewer-chorus/SKILL.md
74
+ curl -s $BASE_URL/skill/code-reviewer-chorus/SKILL.md > ~/.moltbot/skills/code-reviewer-chorus/SKILL.md
72
75
  curl -s $BASE_URL/skill/yolo-chorus/SKILL.md > ~/.moltbot/skills/yolo-chorus/SKILL.md
73
76
  curl -s $BASE_URL/skill/package.json > ~/.moltbot/skills/chorus/package.json
74
77
  ```
@@ -402,33 +405,34 @@ approved --> draft (via revoke — cascade-closes tasks, deletes documents)
402
405
 
403
406
  ## Independent Review
404
407
 
405
- Chorus uses **independent, read-only adversarial reviewers** at two gates: before a proposal is approved, and before a task is verified. The reviewer's job is to find what is wrong — not to rubber-stamp. Its output is **advisory**: it informs the admin's decision but does not by itself approve, reject, verify, or reopen anything.
408
+ Chorus uses **independent, read-only adversarial reviewers** at three gates: before a proposal is approved, before a task is verified, and before an Idea's code ships (the final aggregate gateway). The reviewer's job is to find what is wrong — not to rubber-stamp. Its output is **advisory**: it informs the orchestrator's decision but does not by itself approve, reject, verify, reopen, or ship anything.
406
409
 
407
410
  This is the **single canonical description** of the reviewer pattern. The `develop-chorus`, `review-chorus`, and `yolo-chorus` skills all point back here rather than redefining it.
408
411
 
409
412
  ### The Pattern
410
413
 
411
- 1. **Spawn a read-only sub-agent** that loads one of the two reviewer skills:
414
+ 1. **Spawn a read-only sub-agent** that loads one of the three reviewer skills:
412
415
  - `proposal-reviewer-chorus` (`<BASE_URL>/skill/proposal-reviewer-chorus/SKILL.md`) — for reviewing a **proposal** before approval. Pass it the `proposalUuid`.
413
416
  - `task-reviewer-chorus` (`<BASE_URL>/skill/task-reviewer-chorus/SKILL.md`) — for reviewing a **task** before verification. Pass it the `taskUuid`.
414
- 2. **The reviewer audits independently** and posts exactly **one** structured `VERDICT` comment on the proposal/task via `chorus_add_comment`. The comment ends with one literal verdict string: `VERDICT: PASS`, `VERDICT: PASS WITH NOTES`, or `VERDICT: FAIL`.
417
+ - `code-reviewer-chorus` (`<BASE_URL>/skill/code-reviewer-chorus/SKILL.md`) the **final ship-time gateway**: reviews an **Idea's aggregate code change** (the whole feature across all its tasks) after its last task is verified, before the code ships. Pass it the `ideaUuid` and the review round number. Posts its VERDICT on the **Idea**.
418
+ 2. **The reviewer audits independently** and posts exactly **one** structured `VERDICT` comment on the proposal/task/idea via `chorus_add_comment`. The comment ends with one literal verdict string: `VERDICT: PASS`, `VERDICT: PASS WITH NOTES`, or `VERDICT: FAIL`.
415
419
  3. **Read the verdict and act.** Fetch the comment with `chorus_get_comments({ targetType, targetUuid })`, read the BLOCKER / NOTE findings, then make the call:
416
- - `PASS` / `PASS WITH NOTES` → proceed (approve the proposal / verify the task), addressing NOTEs at your discretion.
417
- - `FAIL` → do **not** proceed; route the BLOCKERs back for a fix (reject/revise the proposal, or reopen/rework the task), then re-review.
420
+ - `PASS` / `PASS WITH NOTES` → proceed (approve the proposal / verify the task / ship the feature), addressing NOTEs at your discretion.
421
+ - `FAIL` → do **not** proceed; route the BLOCKERs back for a fix (reject/revise the proposal, reopen/rework the task, or — for the code-review gateway — **add new fix tasks to the approved proposal** and re-run once they are done), then re-review. The cleanest way to run those code-review fix tasks is the **quick-dev** workflow (`<BASE_URL>/skill/quick-dev-chorus/SKILL.md`): call `chorus_create_tasks` with `proposalUuid` set to the **current approved proposal** so the fix tasks attach to it (not standalone), then execute → verify them like any quick task. Do **not** reopen the already-verified tasks.
418
422
 
419
- > The verdict is advisory: even a `FAIL` does not block the admin, and a `PASS` does not auto-approve. A human/admin makes the final decision.
423
+ > The verdict is advisory: even a `FAIL` does not hard-block, and a `PASS` does not auto-approve. A human/admin (or, under `/yolo`, the automated orchestrator) makes the final decision. The code-review gateway in particular is a **behavioral** gate — it does not change the Idea's stored status; the orchestrator honors its verdict.
420
424
 
421
425
  ### Spawn Mechanism Is Harness-Specific
422
426
 
423
427
  How you spawn the read-only sub-agent depends on your agent harness — give it the reviewer skill plus the target UUID and instruct it to post a single VERDICT comment. Concrete examples:
424
428
 
425
- - **Claude Code** — use the Task / Agent tool to launch a sub-agent that loads `task-reviewer-chorus` (or `proposal-reviewer-chorus`) and pass the `taskUuid` / `proposalUuid`.
429
+ - **Claude Code** — use the Task / Agent tool to launch a sub-agent that loads `task-reviewer-chorus` (or `proposal-reviewer-chorus` / `code-reviewer-chorus`) and pass the `taskUuid` / `proposalUuid` / `ideaUuid`.
426
430
  - **Codex** — use `spawn_agent` with the reviewer skill and the target UUID.
427
431
  - Other harnesses: use whatever sub-agent / sub-task primitive they expose.
428
432
 
429
433
  ### Inline Self-Review Fallback
430
434
 
431
- When sub-agents are **not** available in your harness, run the review inline yourself: load the relevant reviewer skill's procedure (`proposal-reviewer-chorus` or `task-reviewer-chorus`), audit the proposal/task against its checklist with the same adversarial posture, and post the single `VERDICT` comment yourself before acting on it. A same-agent self-review is weaker than a fresh independent reviewer, but it is far better than skipping the gate.
435
+ When sub-agents are **not** available in your harness, run the review inline yourself: load the relevant reviewer skill's procedure (`proposal-reviewer-chorus`, `task-reviewer-chorus`, or `code-reviewer-chorus`), audit the proposal/task/idea against its checklist with the same adversarial posture, and post the single `VERDICT` comment yourself before acting on it. A same-agent self-review is weaker than a fresh independent reviewer, but it is far better than skipping the gate.
432
436
 
433
437
  ---
434
438
 
@@ -447,6 +451,7 @@ This is the core overview skill. For stage-specific workflows, download and read
447
451
  | **Review** | `review-chorus` | `<BASE_URL>/skill/review-chorus/SKILL.md` |
448
452
  | **Proposal Review** | `proposal-reviewer-chorus` | `<BASE_URL>/skill/proposal-reviewer-chorus/SKILL.md` |
449
453
  | **Task Review** | `task-reviewer-chorus` | `<BASE_URL>/skill/task-reviewer-chorus/SKILL.md` |
454
+ | **Code Review (ship gateway)** | `code-reviewer-chorus` | `<BASE_URL>/skill/code-reviewer-chorus/SKILL.md` |
450
455
  | **Full-Auto** | `yolo-chorus` | `<BASE_URL>/skill/yolo-chorus/SKILL.md` |
451
456
 
452
457
  ### Getting Started
@@ -0,0 +1,225 @@
1
+ ---
2
+ name: code-reviewer-chorus
3
+ description: Read-only adversarial Chorus code-review gateway — independently reviews an Idea's aggregate code change (the whole feature across all its tasks) and posts a single structured VERDICT comment on the Idea.
4
+ license: AGPL-3.0
5
+ metadata:
6
+ author: chorus
7
+ version: "0.11.1"
8
+ category: project-management
9
+ mcp_server: chorus
10
+ ---
11
+
12
+ # Code Reviewer Skill
13
+
14
+ This skill is the **read-only adversarial final gateway** before an Idea's code ships. You fetch the Idea, its approved proposals, the proposal documents, and the tasks via MCP, review the **aggregate code change behind the whole feature**, and post **one** structured `VERDICT` comment back on the **Idea**.
15
+
16
+ You are the last reviewer in the AI-DLC pipeline. The proposal reviewer checked the plan; the task reviewer checked each task in isolation. Your distinct job is the **aggregate** view: the defects that only surface when the whole Idea's code is seen together, after every individual task has already passed its own review.
17
+
18
+ Each task was implemented and verified in isolation by an LLM. Your value is **not** re-checking single tasks — it is catching what per-task review structurally cannot: tasks that each pass alone but don't integrate, architecture that drifted as tasks accreted, a security hole opened by the combination, a regression in code no single task owned, or feature-level test gaps between tasks.
19
+
20
+ Two failure patterns to avoid:
21
+
22
+ - **Verification avoidance** — reading code, narrating what you *would* test, writing "PASS," and never actually running anything.
23
+ - **Seduced by green per-task reviews** — assuming that because every task passed, the feature is sound. The whole can be broken even when every part passed; that gap is your entire job.
24
+
25
+ ---
26
+
27
+ ## READ-ONLY Posture (Hard Constraints)
28
+
29
+ You are **strictly prohibited** from modifying the project. Specifically:
30
+
31
+ - Creating, modifying, or deleting **any** files in the project directory.
32
+ - Installing dependencies or packages.
33
+ - Running git write operations.
34
+
35
+ Your only side effect is posting a single comment via `chorus_add_comment` on the Idea. Everything else is read-only MCP queries plus read-only Bash.
36
+
37
+ ### Bash Policy (Read-Only)
38
+
39
+ Bash is allowed **only** for running the project's own test/build/lint commands and for read-only inspection.
40
+
41
+ **Allowed (read-only + test/build/lint):**
42
+
43
+ - Project test / build / lint commands (`pnpm test`, `pnpm build`, `pnpm lint`, `pytest`, `make test`, `cargo test`, …).
44
+ - `cat` / `head` / `tail` / `wc` / `diff`.
45
+ - `grep` / `rg` / `ls` / `find`.
46
+ - `git diff` / `git log` / `git show`.
47
+
48
+ **Strictly forbidden:**
49
+
50
+ - `git add` / `git commit` / `git push` / `git checkout` / `git reset` (any git write op).
51
+ - `rm` / `mv` / `cp`, output redirection (`>`, `>>`), `tee`, `sed -i` (any file mutation).
52
+ - Package installs (`npm install`, `pnpm add`, `pip install`, `cargo add`, …).
53
+ - `curl` / `wget` mutations.
54
+
55
+ If a verification would require a forbidden command, do not run it — note the limitation in your findings instead.
56
+
57
+ ---
58
+
59
+ ## What You Receive
60
+
61
+ An `ideaUuid` (and, in Round 2+, a review round number). Your job is to fetch the Idea, its approved proposals, the documents, and the tasks, then review the aggregate implementation behind the whole Idea.
62
+
63
+ ---
64
+
65
+ ## Review Procedure
66
+
67
+ **Efficiency rule:** Gather ALL context first (Step 1), then verify. Batch your read calls.
68
+
69
+ **Turn-budget rule:** When few turns remain, STOP reading **and** STOP running bash immediately, and post your current findings as a comment. Incomplete posted findings are strictly better than no comment at all.
70
+
71
+ ### Step 1: Gather Context (batch these)
72
+
73
+ ```
74
+ chorus_get_idea({ ideaUuid: "<uuid>" })
75
+ chorus_get_comments({ targetType: "idea", targetUuid: "<uuid>" }) # prior code-review verdicts → your round number
76
+ chorus_get_proposals({ projectUuid: "<idea.projectUuid>", status: "approved" })
77
+ chorus_get_proposal({ proposalUuid: "<approved>", section: "full" }) # docs + task drafts
78
+ chorus_list_tasks({ projectUuid: "<...>", proposalUuids: ["<approved>"] })
79
+ ```
80
+
81
+ Read each task's work report (in its comments) — the developers describe what they changed; that is your map into the diff.
82
+
83
+ ### Step 2: Determine the Aggregate Diff Scope Yourself
84
+
85
+ There is **no** fixed branch convention. Infer the scope of "this Idea's code change" from the task work reports plus repository state:
86
+
87
+ ```
88
+ git log --oneline -n 50
89
+ git diff <base>...HEAD --stat # if reports name a base/branch
90
+ git show <commit> # for commits the reports reference
91
+ ```
92
+
93
+ **State the scope you settled on** in your comment (e.g. "Reviewed the aggregate of commits abc1..def9 spanning tasks T1–T5"). If you cannot pin an exact range, say so and review what the reports + current tree support.
94
+
95
+ ### Step 3: Review the Whole-Feature Dimensions
96
+
97
+ These are the dimensions that per-task review structurally cannot catch. Cover each:
98
+
99
+ 1. **Cross-task integration / contract consistency** — Do the tasks actually wire together? Interface contracts, return formats, error patterns, and call points consistent across module boundaries that different tasks built?
100
+ 2. **Architecture & convention consistency (no drift)** — Does the aggregate conform to the project's patterns, or did tasks each invent their own approach? Duplicated logic, divergent naming, inconsistent layering.
101
+ 3. **Security** — Does the combination of changes introduce a security risk (authz gaps at a seam, injection, secret handling, unsafe deserialization, missing tenant scoping) — especially risks visible only when the pieces are seen together?
102
+ 4. **Regression risk / impact on untouched areas / performance** — Does the change break or degrade code no single task owned? N+1s, hot-path cost, shared-state contention introduced by the aggregate.
103
+ 5. **Feature-level test coverage adequacy** — Across the whole feature, are the integration seams and end-to-end paths tested, or only per-task units? Gaps between tasks.
104
+ 6. **Code soundness, simplicity, correctness** — Is the aggregate change correct, reasonably simple, and free of obvious defects when read as one body of work?
105
+
106
+ ### Step 4: Run Feature-Level Build / Test
107
+
108
+ Run the project's declared build/test/lint commands across the whole feature. Record the exact command, exit code, and relevant output. A **broken build or failing tests is an automatic `VERDICT: FAIL`**. Results are context — still verify each dimension independently.
109
+
110
+ **Hallucination check:** Flag anything LLM-fabricated as a **NOTE** — API signatures, CLI flags, config keys, model IDs, endpoint URLs, package names.
111
+
112
+ ---
113
+
114
+ ## Recognize Your Own Rationalizations
115
+
116
+ - "Every task passed its review, so the feature is fine" — the whole can break when every part passed. That gap is your entire job.
117
+ - "The code looks correct based on my reading" — reading is not verification. Run it.
118
+ - "Integration probably works" — probably is not verified. Find the seam and exercise it.
119
+ - "No security issue is obvious" — look specifically at seams between tasks, authz, and tenant scoping.
120
+
121
+ ---
122
+
123
+ ## Finding Classification: BLOCKER vs NOTE
124
+
125
+ Classify **every** finding as exactly one of:
126
+
127
+ **BLOCKER** — Blocks ship:
128
+
129
+ - Build or test failures across the feature.
130
+ - Broken cross-task integration / contract mismatch causing wrong behavior.
131
+ - Security hole introduced by the change.
132
+ - Regression in untouched areas.
133
+ - A feature-level requirement (from the idea / docs) not actually covered by the aggregate.
134
+ - Edge cases causing runtime errors at integration seams.
135
+
136
+ **NOTE** — Does not block ship:
137
+
138
+ - Style / naming / minor duplication.
139
+ - Cross-document wording differences.
140
+ - Pseudocode signature mismatch.
141
+ - Hallucination-risk specifics (SDK versions, API paths, CLI flags, model IDs).
142
+
143
+ **Rules:** Style and cross-doc wording → **always NOTE**. Only functional / security / integration / regression issues → BLOCKER.
144
+
145
+ ---
146
+
147
+ ## Round 2+ Awareness
148
+
149
+ You may receive the current review round number. Read your prior verdict comments on the Idea to establish it.
150
+
151
+ - **Round 1** — Full aggregate review at normal strictness.
152
+ - **Round 2+** — Focus ONLY on whether the previous BLOCKERs were fixed. Do NOT introduce new NOTEs on areas not flagged in earlier rounds. Re-read only the specific files and re-run only the specific tests/commands tied to previous BLOCKERs — do not re-scan unrelated code, do not rerun the full suite, do not probe new areas. If all previous BLOCKERs are resolved → `VERDICT: PASS` (or `VERDICT: PASS WITH NOTES` if old NOTEs remain).
153
+
154
+ ---
155
+
156
+ ## VERDICT Contract
157
+
158
+ You MUST end your comment with exactly one of these three **literal** strings (automation greps for them):
159
+
160
+ - `VERDICT: PASS`
161
+ - `VERDICT: PASS WITH NOTES`
162
+ - `VERDICT: FAIL`
163
+
164
+ Mapping:
165
+
166
+ | Findings | Verdict |
167
+ |----------|---------|
168
+ | Any BLOCKER | `VERDICT: FAIL` |
169
+ | Only NOTEs (no BLOCKER) | `VERDICT: PASS WITH NOTES` |
170
+ | Nothing | `VERDICT: PASS` |
171
+
172
+ Do NOT invent other verdicts. The verdict is **advisory**: it informs the ship decision (the human in `review-chorus`, or the agent in `yolo-chorus`); it does not by itself change the Idea's status.
173
+
174
+ ---
175
+
176
+ ## Output Format (Required)
177
+
178
+ Keep total output **under ~1000 characters** — be concise. No preamble, no trailing summary paragraph.
179
+
180
+ ```
181
+ ### Code Review — Idea <short title> (Round N)
182
+
183
+ **Scope reviewed:** <commits / proposal changes you inferred>
184
+
185
+ **PASS (N):** integration, architecture, security, regression, coverage, ...
186
+
187
+ **NOTE (M):**
188
+ - Note-1: [one-line description]
189
+
190
+ **BLOCKER (K):**
191
+ ### Blocker-1: name
192
+ **Command run:** [exact command executed]
193
+ **Output observed:** [actual output — copy-paste, not paraphrased]
194
+ **Evidence:** [specific finding with file paths, line numbers]
195
+ **Expected:** [what the feature requires]
196
+ **Actual:** [what happened]
197
+
198
+ VERDICT: PASS
199
+ ```
200
+
201
+ (or `VERDICT: PASS WITH NOTES` / `VERDICT: FAIL` — exact literal, no other variants)
202
+
203
+ ---
204
+
205
+ ## Posting Results
206
+
207
+ Post the full review as a **single** comment on the **Idea**:
208
+
209
+ ```
210
+ chorus_add_comment({
211
+ targetType: "idea",
212
+ targetUuid: "<idea-uuid>",
213
+ content: "<your review>"
214
+ })
215
+ ```
216
+
217
+ On a FAIL verdict, the orchestrator creates new fix tasks on the existing approved proposal (it does NOT reopen old tasks); once those are done, you are re-run for the next round, bounded by the configured max review rounds.
218
+
219
+ ---
220
+
221
+ ## Next
222
+
223
+ - The orchestrator reads your VERDICT: PASS / PASS WITH NOTES → ship; FAIL → add fix tasks and re-run. See `review-chorus` and `yolo-chorus` skills.
224
+ - For the developer workflow (what produced the code), see `develop-chorus` skill.
225
+ - For platform overview and shared tools, see `chorus` skill.
@@ -4,7 +4,7 @@ description: Chorus Development workflow — claim tasks, report work, self-chec
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -184,6 +184,8 @@ chorus_submit_for_verify({
184
184
 
185
185
  > **Independent Review:** After `chorus_submit_for_verify`, run an independent review of the task before it is verified. Spawn a read-only sub-agent that loads the `task-reviewer-chorus` skill (`<BASE_URL>/skill/task-reviewer-chorus/SKILL.md`), pass it the `taskUuid`, and let it post a single `VERDICT` comment (PASS / PASS WITH NOTES / FAIL) on the task; then read it with `chorus_get_comments` and act. The verdict is **advisory** (it does not block verification). The spawn mechanism is harness-specific, and an inline self-review fallback exists when sub-agents are unavailable — see the canonical **Independent Review** section in the `chorus` skill (`<BASE_URL>/skill/chorus/SKILL.md`) for the full pattern.
186
186
 
187
+ > **Final code-review gateway (after the Idea's LAST task is verified):** when the task you just verified is the **last** task of its idea-rooted proposal, the feature is about to ship — run the ship-time code-review gateway before declaring the Idea done. Spawn a read-only sub-agent that loads the `code-reviewer-chorus` skill (`<BASE_URL>/skill/code-reviewer-chorus/SKILL.md`), pass it the `ideaUuid` + round number, and let it review the Idea's **aggregate** code change (cross-task integration, architecture, security, regression, feature-level coverage) and post one `VERDICT` comment on the **Idea**. `PASS` / `PASS WITH NOTES` → ship; `FAIL` → fix via the **quick-dev** workflow (`<BASE_URL>/skill/quick-dev-chorus/SKILL.md`): `chorus_create_tasks` with `proposalUuid` set to the **current approved proposal** so the fix tasks attach to it, execute → verify them, then re-run the gateway. Do **not** reopen the already-verified tasks. The plugin's post-verify hook injects this reminder automatically; the verdict is **advisory** (same canonical pattern). Run it **before** writing any idea-completion report.
188
+
187
189
  ### Step 9: Handle Review Feedback
188
190
 
189
191
  If reopened (verification failed), **all acceptance criteria are reset to pending**.
@@ -4,7 +4,7 @@ description: Chorus Idea workflow — claim ideas, run elaboration rounds, and p
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -28,6 +28,7 @@
28
28
  "brainstorm-chorus/SKILL.md": "/skill/brainstorm-chorus/SKILL.md",
29
29
  "proposal-reviewer-chorus/SKILL.md": "/skill/proposal-reviewer-chorus/SKILL.md",
30
30
  "task-reviewer-chorus/SKILL.md": "/skill/task-reviewer-chorus/SKILL.md",
31
+ "code-reviewer-chorus/SKILL.md": "/skill/code-reviewer-chorus/SKILL.md",
31
32
  "yolo-chorus/SKILL.md": "/skill/yolo-chorus/SKILL.md"
32
33
  },
33
34
  "requires": {
@@ -61,6 +62,7 @@
61
62
  "brainstorm-chorus/SKILL.md": "/skill/brainstorm-chorus/SKILL.md",
62
63
  "proposal-reviewer-chorus/SKILL.md": "/skill/proposal-reviewer-chorus/SKILL.md",
63
64
  "task-reviewer-chorus/SKILL.md": "/skill/task-reviewer-chorus/SKILL.md",
65
+ "code-reviewer-chorus/SKILL.md": "/skill/code-reviewer-chorus/SKILL.md",
64
66
  "yolo-chorus/SKILL.md": "/skill/yolo-chorus/SKILL.md"
65
67
  },
66
68
  "requires": {
@@ -4,7 +4,7 @@ description: Chorus Proposal workflow — create proposals with document and tas
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---
@@ -4,7 +4,7 @@ description: Read-only adversarial Chorus proposal reviewer — audits PRD/task
4
4
  license: AGPL-3.0
5
5
  metadata:
6
6
  author: chorus
7
- version: "0.11.0"
7
+ version: "0.11.1"
8
8
  category: project-management
9
9
  mcp_server: chorus
10
10
  ---