@zigrivers/scaffold 3.15.0 → 3.16.0

package/README.md

@@ -947,23 +947,22 @@ You don't need both — Scaffold works with whichever CLIs are available. Having
 #### How mmr Works
 
 ```
-mmr review --pr 47           ──→  Dispatches to all channels in background
-                                   Returns job ID immediately
-                                   Agent continues working
+# Recommended: single-command pipeline (--sync)
+mmr review --pr 47 --sync    ──→  Dispatches to all channels
+                                   Runs compensating passes for unavailable channels
+                                   Parses outputs, reconciles findings
+                                   Applies severity gate, derives verdict
+                                   Exit code: 0=pass, 2=blocked, 3=needs-decision
 
-mmr status mmr-a1b2c3        ──→  Poll progress (which channels done?)
-                                   Exit code: 0=done, 1=running, 4=failed
-
-mmr results mmr-a1b2c3       ──→  Reconcile findings across channels
-                                   Run compensating passes for unavailable channels
-                                   Apply severity gate
-                                   Output unified findings
-                                   Exit code: 0=passed, 2=gate failed, 3=degraded
+# Alternative: step-by-step (for async workflows)
+mmr review --pr 47           ──→  Dispatch and await all channels
+mmr results mmr-a1b2c3       ──→  Reconcile findings, output verdict
 ```
 
 **Key features:**
 
-- **Async job model** — reviews run in background processes. The agent fires `mmr review` and continues working. No blocking for 4-6 minutes.
+- **--sync mode** — single-command pipeline: dispatch, parse, reconcile, verdict. The recommended entry point for agents and CI.
+- **Compensating passes** — when a channel is unavailable, a Claude-based review focused on that channel's strength area runs automatically.
 - **Per-channel auth verification** — checks authentication before every dispatch. Auth failures are never silent — `mmr` tells you exactly what expired and the command to fix it.
 - **Immutable core prompt** — every channel gets the same severity definitions (P0-P3), output format spec (JSON), and review criteria. No prompt drift between channels.
 - **Automated reconciliation** — when two channels flag the same location, that's consensus (high confidence). When only one channel flags something, it's unique (medium confidence). P0 from any single source is always high confidence.
@@ -1079,6 +1078,14 @@ You can also adjust per-channel timeouts, the default severity threshold, and na
 **After creating a PR:**
 
 ```bash
+# Recommended: single-command review
+mmr review --pr 47 --sync --focus "auth flow, session handling"
+# → Full review output with verdict and findings
+
+# Or with text output for readability:
+mmr review --pr 47 --sync --format text
+
+# Step-by-step (when you want to continue working while review runs):
 mmr review --pr 47 --focus "auth flow, session handling"
 # → Job mmr-a1b2c3 started. 2/2 channels dispatched.
 ```

package/content/knowledge/core/automated-review-tooling.md

@@ -1,6 +1,6 @@
 ---
 name: automated-review-tooling
-description: Patterns for setting up automated PR code review using AI models (Codex, Gemini) via local CLI, including dual-model review, reconciliation, and CI integration
+description: Patterns for automated PR code review using AI CLI tools (Codex, Gemini, Claude) — orchestration, reconciliation, compensating passes, and CI integration
 topics: [code-review, automation, codex, gemini, pull-requests, ci-cd, review-tooling]
 ---
 
@@ -24,10 +24,10 @@ These are the authoritative verdict definitions. Tool files (`review-code.md`, `
 
 | Verdict | Condition |
 |---------|-----------|
-| `pass` | All configured channels ran, no unresolved P0/P1/P2 |
-| `degraded-pass` | Channels skipped, compensated, or have non-full coverage (e.g., partial timeout), no unresolved P0/P1/P2 |
-| `blocked` | Unresolved P0/P1/P2 after 3 fix rounds |
-| `needs-user-decision` | Contradictions or unresolvable findings |
+| `pass` | All channels completed, no unresolved P0/P1/P2 |
+| `degraded-pass` | Some channels unavailable, compensating passes ran, no unresolved P0/P1/P2 |
+| `blocked` | Findings at or above fix threshold remain unresolved |
+| `needs-user-decision` | No channels completed — insufficient data for a determination |
 
 **Verdict precedence:** `needs-user-decision` > `blocked` > `degraded-pass` > `pass`. When multiple conditions apply, the higher-precedence verdict wins.
 
@@ -35,13 +35,13 @@ These are the authoritative verdict definitions. Tool files (`review-code.md`, `
 
 #### Status Model
 
-`compensating` is a **coverage label** applied to a channel's output, not a replacement for the root-cause status. Each channel retains its root-cause status (`not_installed`, `auth_failed`, `auth_timeout`, `failed`) AND gains a coverage label (`compensating (X-equivalent)`) when a compensating pass ran. The fix cycle uses the **root-cause status** to decide whether to retry (never retry `not_installed`, `auth_failed`, `auth_timeout`). The report uses the **coverage label** to show the reader what ran.
+`compensating` is a **coverage label** applied to a channel's output, not a replacement for the root-cause status. Each channel retains its root-cause status (`not_installed`, `auth_failed`, `timeout`, `failed`) AND gains a coverage label (`compensating (X-equivalent)`) when a compensating pass ran. The fix cycle uses the **root-cause status** to decide whether to retry (never retry `not_installed`, `auth_failed`, `timeout`). The report uses the **coverage label** to show the reader what ran.
 
 #### Compensating Passes
 
-When an external channel (Codex or Gemini) is unavailable, run a compensating Claude self-review pass:
+When a channel (Codex or Gemini) is unavailable, the CLI dispatches a compensating pass via `claude -p`:
 
-- Same prompt structure as the missing channel, executed as a Claude self-review pass.
+- Same prompt structure as the missing channel, executed as a `claude -p` dispatch.
 - Labeled `[compensating: Codex-equivalent]` or `[compensating: Gemini-equivalent]` in the review summary.
 - Missing Codex → focus on implementation correctness, security, API contracts.
 - Missing Gemini → focus on architectural patterns, design reasoning, broad context.
@@ -49,8 +49,6 @@ When an external channel (Codex or Gemini) is unavailable, run a compensating Cl
 - Compensating-pass findings are **single-source confidence** — they do NOT raise to high confidence even if they agree with another channel's findings.
 - Normal mandatory-fix thresholds apply: P0/P1/P2 findings from compensating passes still require fixing.
 
-**Superpowers channel:** No compensating pass needed — Superpowers is a Claude subagent and is always available. If the Superpowers plugin is not installed, run available external CLIs and warn the user that review coverage is reduced.
-
 #### Foreground-Only Execution
 
 Always run Codex and Gemini CLI commands as foreground Bash calls. Never use `run_in_background`, `&`, or `nohup`. Background execution produces empty or truncated output from Codex and Gemini CLIs. Multiple foreground calls can still run in parallel if the tool runner supports parallel tool invocations.
@@ -67,7 +65,7 @@ Reconciliation normalizes findings from all channels (real and compensating) to
 
 The reconciliation output is a deduplicated list of findings with confidence scores. High-confidence findings (agreed by 2+ real channels) are actionable without further discussion. Low-confidence findings (single-source, or from compensating passes) still require action at P0/P1/P2 but should be noted as lower-confidence in the review summary.
 
-Findings that appear in all three channels (Codex, Gemini, Superpowers) are considered maximum-confidence and should be surfaced first in the review summary. Findings that appear in only one channel should include the channel name in the finding description to help the developer assess confidence independently.
+Findings that appear in all three channels (Codex, Gemini, Claude) are considered maximum-confidence and should be surfaced first in the review summary. Findings that appear in only one channel should include the channel name in the finding description to help the developer assess confidence independently.
 
 ```bash
 # Orchestration reconciliation workflow
@@ -80,16 +78,15 @@ Findings that appear in all three channels (Codex, Gemini, Superpowers) are cons
 
 ### Channel Dispatch Pattern and Orchestration
 
-Each external channel (Codex, Gemini) follows the same dispatch pattern: check installation, check auth, then dispatch as a foreground call. If any step fails, record the root-cause status, queue a compensating pass, and continue to the next channel. The Superpowers channel is always available as a Claude subagent and does not require installation or auth checks.
+Each channel (Codex, Gemini, Claude) follows the same dispatch pattern: check installation, check auth, then dispatch as a foreground call. If any step fails, record the root-cause status, queue a compensating pass (for Codex/Gemini), and continue to the next channel.
 
 ```bash
 # Channel dispatch pattern
-# For each external channel (Codex, Gemini):
+# For each channel (codex, gemini, claude):
 #   1. command -v <tool> >/dev/null 2>&1 || { status=not_installed; queue_compensating; continue; }
 #   2. <auth_check> || { status=auth_failed; queue_compensating; continue; }
 #   3. <dispatch_foreground> || { status=failed; queue_compensating; continue; }
-# For Superpowers: dispatch subagent (always available)
-# After all: run queued compensating passes → reconcile → verdict
+# After all: run queued compensating passes (via claude -p) → reconcile → verdict
 ```
 
 After all channels and compensating passes complete, run the reconciliation workflow above and apply the verdict decision flow. Channel results and compensating-pass labels must be preserved in the review output for auditability — do not collapse or omit them even when findings are empty.
@@ -99,14 +96,14 @@ After all channels and compensating passes complete, run the reconciliation work
 When Codex is unavailable (not installed or auth failure), the orchestration proceeds as follows:
 
 1. The installation check (`command -v codex`) fails. Codex channel status is set to `not_installed`.
-2. A compensating Codex-equivalent pass is queued: a Claude self-review focused on implementation correctness, security, and API contracts.
-3. Gemini and Superpowers channels run normally.
+2. A compensating Codex-equivalent pass is queued: a `claude -p` dispatch focused on implementation correctness, security, and API contracts.
+3. Gemini and Claude channels run normally.
 4. The compensating pass runs, producing findings labeled `[compensating: Codex-equivalent]`.
-5. Reconciliation merges findings from all three sources (Gemini, Superpowers, compensating-Codex).
+5. Reconciliation merges findings from all three sources (Gemini, Claude, compensating-Codex).
 6. Maximum achievable verdict is `degraded-pass` because a real channel was absent.
 7. The review summary notes: "Codex channel: not_installed (compensating: Codex-equivalent pass ran)."
 
-**Fix-cycle channel rule:** Only re-run channels that originally completed or ran as compensating passes. `failed` channels are covered by their compensating pass and are not retried during fix rounds. Never retry a channel with status `not_installed`, `auth_failed`, or `auth_timeout` — these indicate persistent environment conditions that will not resolve between fix rounds.
+**Fix-cycle channel rule:** Only re-run channels that originally completed or ran as compensating passes. `failed` channels are covered by their compensating pass and are not retried during fix rounds. Never retry a channel with status `not_installed`, `auth_failed`, or `timeout` — these indicate persistent environment conditions that will not resolve between fix rounds.
 
 ### Verdict Decision Flow
 
@@ -114,19 +111,17 @@ Apply the following evaluation order to determine the final verdict. The first m
 
 ```
 Verdict evaluation order:
-1. Any contradictions or unresolvable findings? → needs-user-decision
+1. No channels completed? → needs-user-decision
 2. Any unresolved P0/P1/P2 after 3 fix rounds? → blocked
 3. Any channel not at full coverage? → degraded-pass
 4. All channels completed, no unresolved P0/P1/P2? → pass
 ```
 
-A "contradiction" exists when two channels report opposite conclusions about the same code location — for example, Codex flags a function as insecure while Gemini explicitly approves it. Contradictions cannot be resolved by the agent alone and must be surfaced to the user.
-
-A channel is "not at full coverage" when: it ran as a compensating pass instead of a real tool, it timed out partially, or the Superpowers plugin is not installed and available channels do not cover the full diff.
+A channel is "not at full coverage" when: it ran as a compensating pass instead of a real tool, or it timed out.
 
-**Verdict precedence reminder:** `needs-user-decision` > `blocked` > `degraded-pass` > `pass`. If multiple conditions apply simultaneously (for example, both a contradiction and an unresolved P0 exist), the higher-precedence verdict wins.
+**Verdict precedence reminder:** `needs-user-decision` > `blocked` > `degraded-pass` > `pass`. When multiple conditions apply simultaneously, the higher-precedence verdict wins.
 
-The verdict is always computed after all fix rounds are exhausted — do not emit a partial verdict mid-cycle. If a fix round resolves all P0/P1/P2 findings and no contradictions remain, the verdict upgrades from `blocked` to `pass` or `degraded-pass` depending on channel coverage. This upgrade must be verified explicitly by re-running the reconciliation step after each fix round, not assumed from the fact that fixes were applied.
+The verdict is always computed after all fix rounds are exhausted — do not emit a partial verdict mid-cycle. If a fix round resolves all P0/P1/P2 findings, the verdict upgrades from `blocked` to `pass` or `degraded-pass` depending on channel coverage. This upgrade must be verified explicitly by re-running the reconciliation step after each fix round, not assumed from the fact that fixes were applied.
 
 ### Security-Focused Review Checklist
 
@@ -197,4 +192,4 @@ When external CLIs are unavailable, the degraded-mode behavior defined in the Su
 5. When both external channels are unavailable, note "All findings are single-model (Claude only). External validation was unavailable." in the review summary.
 6. Never silently drop unavailable channels — always record the channel status and compensating coverage label in the review output.
 
-**Superpowers channel exception:** Superpowers is a Claude subagent and requires no external CLI or auth. It is always available as long as the Superpowers plugin is installed in the Claude Code environment. If the plugin is not installed, run available external CLIs and warn the user that review coverage is reduced — but do not run a compensating pass for Superpowers (the compensating-pass mechanism only applies to external CLIs that have an installation/auth gate).
+**Claude CLI channel:** Claude CLI handles its own auth and is generally always available. The compensating-pass mechanism applies to external CLIs (Codex, Gemini) that have an installation/auth gate. When Codex or Gemini are unavailable, compensating passes are dispatched via `claude -p` with focused prompts targeting the missing channel's strength area.

package/content/knowledge/core/multi-model-review-dispatch.md

@@ -1,27 +1,18 @@
 ---
 name: multi-model-review-dispatch
-description: Patterns for dispatching reviews to external AI models (Codex, Gemini) at depth 4+, including fallback strategies and finding reconciliation
-topics: [multi-model, code-review, depth-scaling, codex, gemini, review-synthesis]
+description: Patterns for dispatching reviews to AI CLI tools (Codex, Gemini, Claude), including fallback strategies and finding reconciliation
+topics: [multi-model, code-review, codex, gemini, claude, review-synthesis]
 ---
 
 # Multi-Model Review Dispatch
 
-At higher methodology depths (4+), reviews benefit from independent validation by external AI models. Different models have different blind spots — Codex excels at code-centric analysis while Gemini brings strength in design and architectural reasoning. Dispatching to multiple models and reconciling their findings produces higher-quality reviews than any single model alone. This knowledge covers when to dispatch, how to dispatch, how to handle failures, and how to reconcile disagreements.
+Reviews benefit from independent validation by multiple AI models. Different models have different blind spots — Codex excels at code-centric analysis, Gemini brings strength in design and architectural reasoning, and Claude provides plan alignment and code quality assessment. Dispatching to multiple models and reconciling their findings produces higher-quality reviews than any single model alone. This knowledge covers how to dispatch, how to handle failures, and how to reconcile disagreements.
 
 ## Summary
 
 ### When to Dispatch
 
-Multi-model review activates at depth 4+ in the methodology scaling system:
-
-| Depth | Review Approach |
-|-------|----------------|
-| 1-2 | Claude-only, reduced pass count |
-| 3 | Claude-only, full pass count |
-| 4 | Full passes + one external model (if available) |
-| 5 | Full passes + multi-model with reconciliation |
-
-Dispatch is always optional. If no external model CLI is available, the review proceeds as a Claude-only enhanced review with additional self-review passes to partially compensate.
+Multi-model review runs all enabled channels on every review. The MMR CLI (`mmr review --sync`) is the primary entry point and handles dispatch, parsing, reconciliation, and verdict derivation automatically.
 
 ### Model Selection
 
@@ -29,15 +20,16 @@ Dispatch is always optional. If no external model CLI is available, the review p
 |-------|----------|----------|
 | **Codex** (OpenAI) | Code analysis, implementation correctness, API contract validation | Code reviews, security reviews, API reviews, database schema reviews |
 | **Gemini** (Google) | Design reasoning, architectural patterns, broad context understanding | Architecture reviews, PRD reviews, UX reviews, domain model reviews |
+| **Claude** (Anthropic) | Plan alignment, code quality, testing thoroughness | Code reviews, plan verification, test coverage |
 
-When both models are available at depth 5, dispatch to both and reconcile. At depth 4, choose the model best suited to the artifact type.
+All enabled channels run on every review. When a channel is unavailable, a compensating pass is dispatched via `claude -p` focused on the missing channel's strength area.
 
 ### Graceful Fallback
 
 External models are never required. The fallback chain:
 1. Attempt dispatch to selected model(s)
 2. If CLI unavailable → skip that model, note in report
-3. If timeout → use partial results if any, note incompleteness
+3. If timeout → CLI kills the process; no partial output preserved; compensating pass runs
 4. If all external models fail → Claude-only enhanced review (additional self-review passes)
 
 The review never blocks on external model availability.
@@ -82,15 +74,15 @@ If auth fails, report status `auth_failed` and surface recovery to the user:
 - Codex: "Codex auth expired — run `! codex login` to re-authenticate"
 - Gemini: "Gemini auth expired — run `! gemini -p \"hello\"` to re-authenticate"
 
-If auth check times out (~5 seconds), retry once. If still failing, report `auth_timeout`.
+If auth check times out (~5 seconds), retry once. If still failing, report `timeout`.
 If auth succeeds, report `ready` and proceed to dispatch.
 
 **Post-dispatch terminal states:**
 - `completed` — channel produced results, use normally
-- `partial_timeout` — partial output before timeout; use what was received, note incompleteness. Does NOT trigger compensating pass.
-- `failed` — crashed or unparseable output; triggers compensating pass.
+- `timeout` — channel exceeded time limit; CLI kills the process and marks it as `timeout`; triggers compensating pass
+- `failed` — crashed or unparseable output; triggers compensating pass
 
-Verdict impact: `partial_timeout` and `failed` channels mean the review is degraded. Maximum verdict is `degraded-pass` when any channel has a non-`completed` terminal state.
+Verdict impact: `timeout` and `failed` channels mean the review is degraded. Maximum verdict is `degraded-pass` when any channel has a non-`completed` terminal state.
 
 #### Prompt Formatting
 
@@ -126,10 +118,12 @@ Respond with a JSON array of findings:
     "severity": "P0|P1|P2|P3",
     "category": "coverage|consistency|correctness|completeness",
     "location": "section or line reference",
-    "finding": "description of the issue",
+    "description": "description of the issue",
     "suggestion": "recommended fix"
   }
 ]
+
+Note: `id` and `category` are optional — the CLI auto-generates IDs (F-001, F-002, ...) when omitted.
 ```
 
 #### Output Parsing
@@ -137,15 +131,11 @@ Respond with a JSON array of findings:
 External model output is parsed as JSON. Handle common parsing issues:
 - Strip markdown code fences (```json ... ```) if the model wraps output
 - Handle trailing commas in JSON arrays
-- Validate that each finding has the required fields (severity, category, finding)
+- Validate that each finding has the required fields (severity, location, description, suggestion)
 - Discard malformed entries rather than failing the entire parse
 
-Store raw output for audit:
-```
-docs/reviews/{artifact}/codex-review.json   — raw Codex findings
-docs/reviews/{artifact}/gemini-review.json  — raw Gemini findings
-docs/reviews/{artifact}/review-summary.md   — reconciled synthesis
-```
+The CLI stores raw output at `~/.mmr/jobs/{job-id}/` per channel. Review results
+are available via `mmr results <job-id>`.
 
 ### Timeout Handling
 
@@ -158,14 +148,7 @@ External model calls can hang or take unreasonably long. Set reasonable timeouts
 | Medium artifact review (2000-10000 words) | 120 seconds | Needs more processing time |
 | Large artifact review (>10000 words) | 180 seconds | Maximum reasonable wait |
 
-#### Partial Result Handling
-
-If a timeout occurs mid-response:
-1. Check if the partial output contains valid JSON entries
-2. If yes, use the valid entries and note "partial results" in the report
-3. If no, treat as a model failure and fall back
-
-Never wait indefinitely. A review that completes in 3 minutes with Claude-only findings is better than one that blocks for 10 minutes waiting for an external model.
+Never wait indefinitely. A review that completes in 3 minutes with Claude-only findings is better than one that blocks for 10 minutes waiting for an external model. When a channel times out, the CLI kills the process — no partial output is preserved. A compensating pass runs in its place.
 
 ### Finding Reconciliation
 
@@ -224,9 +207,9 @@ When synthesizing multi-model findings, classify each finding:
 # Multi-Model Review Summary: [Artifact Name]
 
 ## Models Used
-- Claude (primary reviewer)
-- Codex (external, depth 4+) — [available/unavailable/timeout]
-- Gemini (external, depth 5) — [available/unavailable/timeout]
+- Claude CLI — [available/unavailable/timeout]
+- Codex CLI — [available/unavailable/timeout]
+- Gemini CLI — [available/unavailable/timeout]
 
 ## Consensus Findings
 | # | Severity | Finding | Models | Confidence |
@@ -251,14 +234,10 @@ or areas where external models provided unique value]
 
 #### Raw JSON Preservation
 
-Always preserve the raw JSON output from external models, even after reconciliation. The raw findings serve as an audit trail and enable re-analysis if the reconciliation logic is later improved.
+Always preserve the raw JSON output from each channel, even after reconciliation. The raw findings serve as an audit trail and enable re-analysis if the reconciliation logic is later improved.
 
-```
-docs/reviews/{artifact}/
-  codex-review.json     — raw output from Codex
-  gemini-review.json    — raw output from Gemini
-  review-summary.md     — reconciled synthesis
-```
+The CLI stores raw output at `~/.mmr/jobs/{job-id}/` with per-channel result files.
+Results are accessible via `mmr results <job-id>`.
 
 ### Quality Gates
 
@@ -266,20 +245,18 @@ Minimum standards for a multi-model review to be considered complete:
 
 | Gate | Threshold | Rationale |
 |------|-----------|-----------|
-| Minimum finding count | At least 3 findings across all models | A review with zero findings likely missed something |
-| Coverage threshold | Every review pass has at least one finding or explicit "no issues found" note | Ensures all passes were actually executed |
+| Coverage threshold | Every channel has at least one finding or explicit "no issues found" note | Ensures all channels were actually executed |
 | Reconciliation completeness | All cross-model disagreements have documented resolutions | No unresolved conflicts |
-| Raw output preserved | JSON files exist for all models that were dispatched | Audit trail |
+| Raw output preserved | Per-channel results exist for all dispatched channels | Audit trail |
 
-If the primary Claude review produces zero findings and external models are unavailable, the review should explicitly note this as unusual and recommend a targeted re-review at a later stage.
+Zero findings across all channels is a valid outcome when the diff is clean.
 
 #### Degraded-Mode Gate Adaptation
 
 When channels are skipped and compensating passes are used:
 
-- **Minimum finding count** gate: compensating passes count toward the total but are not treated as separate external channels for consensus purposes.
 - **Reconciliation completeness** gate (cross-model disagreement documentation): applies whenever 2+ distinct model perspectives participate (Claude + one external counts). N/A only when Claude is the sole perspective (no external models and no compensating passes that introduce genuinely different framing).
-- **Coverage threshold** gate: compensating passes satisfy the "every pass has at least one finding or explicit no-issues note" requirement.
+- **Coverage threshold** gate: compensating passes satisfy the "every channel has at least one finding or explicit no-issues note" requirement.
 - The reconciled output must record which channels were real, which were compensating, and which were skipped, so the orchestration layer can apply appropriate verdict logic.
 
 ### Common Anti-Patterns
@@ -288,12 +265,10 @@ When channels are skipped and compensating passes are used:
 
 **Ignoring disagreements.** Two models disagree, and the reviewer picks one without analysis. Fix: disagreements are the most valuable signal in multi-model review. They identify areas of genuine ambiguity or complexity. Always investigate and document the resolution.
 
-**Dispatching at low depth.** Running external model reviews at depth 1-2 where the review scope is intentionally minimal. The external model does a full analysis anyway, producing findings that are out of scope. Fix: only dispatch at depth 4+. Lower depths use Claude-only review with reduced pass count.
-
-**No fallback plan.** The review pipeline assumes external models are always available. When Codex is down, the review fails entirely. Fix: external dispatch is always optional. The fallback to Claude-only enhanced review must be implemented and tested.
+**No fallback plan.** The review pipeline assumes external models are always available. When Codex is down, the review fails entirely. Fix: external dispatch is always optional. The CLI automatically dispatches compensating passes via `claude -p` when channels are unavailable.
 
 **Over-weighting consensus.** Two models agree on a finding, so it must be correct. But both models may share the same bias (e.g., both flag a pattern as an anti-pattern that is actually appropriate for this project's constraints). Fix: consensus increases confidence but does not guarantee correctness. All findings still require artifact-level verification.
 
 **Dispatching the full pipeline context.** Sending the entire project context (all docs, all code) to the external model. This exceeds context limits and dilutes focus. Fix: send only the artifact under review and the minimal upstream context needed for that specific review.
 
-**Ignoring partial results.** A model times out after producing 3 of 5 findings. The reviewer discards all results because the review is "incomplete." Fix: partial results are still valuable. Include them with a note about incompleteness. Three real findings are better than zero.
+**Treating a timeout as a silent skip.** A channel times out and the reviewer proceeds without documenting it. Fix: when a channel times out, record the root-cause status as `timeout`, queue a compensating pass, and include it in the review summary. The CLI kills timed-out processes — no partial output is available, but the compensating pass ensures coverage.

package/content/tools/post-implementation-review.md

@@ -26,7 +26,7 @@ comprehensive quality check before releasing or handing off the project.
 The three channels are:
 1. **Codex CLI** — Implementation correctness, security, API contracts
 2. **Gemini CLI** — Design reasoning, architectural patterns, broad context
-3. **Superpowers code-reviewer** — Plan alignment, code quality, testing
+3. **Claude CLI** — Plan alignment, code quality, testing
 
 ## Inputs
 
@@ -191,6 +191,7 @@ Return ALL findings as valid JSON:
     {
       "severity": "P0|P1|P2|P3",
       "category": "architecture-alignment|security|error-handling|test-coverage|complexity|dependencies",
+      "location": "relative/path/to/file.ts:42",
       "file": "relative/path/to/file.ts",
       "line": 42,
       "description": "Specific description of the issue",
@@ -226,7 +227,7 @@ If not installed: queue a compensating pass (implementation correctness, securit
 codex login status 2>/dev/null && echo "codex authenticated" || echo "codex NOT authenticated"
 ```
 
-If not authenticated: tell the user "Codex auth expired. Run: `! codex login`". Do NOT silently skip. Wait for re-auth and retry once. If auth cannot be recovered (auth_timeout or user declines): queue a compensating pass (implementation correctness, security, API contracts, labeled `[compensating: Codex-equivalent]`).
+If not authenticated: tell the user "Codex auth expired. Run: `! codex login`". Do NOT silently skip. Wait for re-auth and retry once. If auth cannot be recovered (timeout or user declines): queue a compensating pass (implementation correctness, security, API contracts, labeled `[compensating: Codex-equivalent]`).
 
 If Codex fails during execution (non-zero exit, malformed output, timeout): queue a compensating pass with the same focus and label.
 
@@ -254,7 +255,7 @@ If not installed: queue a compensating pass (architectural patterns, design reas
 NO_BROWSER=true gemini -p "respond with ok" -o json 2>&1
 ```
 
-If exit code is 41: tell the user "Gemini auth expired. Run: `! gemini -p \"hello\"`". Do NOT silently skip. Wait for re-auth and retry once. If auth cannot be recovered (auth_timeout or user declines): queue a compensating pass (architectural patterns, design reasoning, broad context, labeled `[compensating: Gemini-equivalent]`).
+If exit code is 41: tell the user "Gemini auth expired. Run: `! gemini -p \"hello\"`". Do NOT silently skip. Wait for re-auth and retry once. If auth cannot be recovered (timeout or user declines): queue a compensating pass (architectural patterns, design reasoning, broad context, labeled `[compensating: Gemini-equivalent]`).
 
 If Gemini fails during execution (non-zero exit, malformed output, timeout): queue a compensating pass with the same focus and label.
 
@@ -291,6 +292,7 @@ surfaces to this format before returning):
     {
       "severity": "P0|P1|P2|P3",
       "category": "architecture-alignment|security|error-handling|test-coverage|complexity|dependencies",
+      "location": "relative/path/to/file.ts:42",
       "file": "relative/path/to/file.ts",
       "line": 42,
       "description": "Specific description of the issue",
@@ -300,6 +302,10 @@ surfaces to this format before returning):
 }
 ```
 
+**MMR compatibility:** The `location` field (`file:line` format) is required for
+`mmr reconcile` injection. The `file` and `line` fields are retained for backward
+compatibility with direct channel consumers.
+
 Store as `SUPERPOWERS_PHASE1_FINDINGS`.
 
 ### Step 5: Run Phase 2 — Parallel User Story Review
@@ -441,8 +447,8 @@ before returning. Then return all three channels' findings plus channel status:
 {
   "story": "[STORY_TITLE]",
   "channel_status": {
-    "codex": { "root_cause": "null|not_installed|auth_failed|auth_timeout|failed", "coverage_status": "full|compensating" },
-    "gemini": { "root_cause": "null|not_installed|auth_failed|auth_timeout|failed", "coverage_status": "full|compensating" },
+    "codex": { "root_cause": "null|not_installed|auth_failed|timeout|failed", "coverage_status": "full|compensating" },
+    "gemini": { "root_cause": "null|not_installed|auth_failed|timeout|failed", "coverage_status": "full|compensating" },
     "superpowers": { "root_cause": null, "coverage_status": "full" }
   },
   "codex": { "findings": [...] },
@@ -453,6 +459,29 @@ before returning. Then return all three channels' findings plus channel status:
 
 Collect findings from all subagents. Store as `PHASE2_FINDINGS`.
 
+### Step 5e: Optional — Inject Findings into MMR for Unified Reconciliation
+
+If an MMR job exists (e.g., from a prior `mmr review` run on the same branch), the
+agent can inject its post-implementation review findings into MMR for unified
+reconciliation across all channels:
+
+```bash
+# Inject Phase 1 and Phase 2 findings into an existing MMR job
+# Write agent findings to a temp file for mmr reconcile
+echo "$AGENT_FINDINGS" > /tmp/agent-findings.json
+mmr reconcile "$JOB_ID" --channel superpowers --input /tmp/agent-findings.json
+```
+
+All findings injected via `mmr reconcile` must use MMR-compatible schema: each
+finding needs `severity` (P0-P3), `location` (file:line), and `description`
+(`suggestion` is optional). The strict validator will reject findings with
+missing or invalid required fields.
+
+This step is optional — post-implementation review is a full-codebase review (not
+diff-only), so it operates independently of `mmr review`. Use `mmr reconcile` only
+when you want to merge post-implementation findings into an existing MMR job for a
+single unified verdict.
+
 ### Step 6: Consolidate Findings
 
 Merge all findings from Phase 1 (`CODEX_PHASE1_FINDINGS`, `GEMINI_PHASE1_FINDINGS`,
@@ -656,9 +685,9 @@ the user they require manual attention before the project is ready to release.
 | Codex not installed (`command -v` fails) | Queue compensating pass (implementation correctness, security, API contracts, labeled `[compensating: Codex-equivalent]`); document as "not_installed" in report |
 | Gemini not installed (`command -v` fails) | Queue compensating pass (architectural patterns, design reasoning, broad context, labeled `[compensating: Gemini-equivalent]`); document as "not_installed" in report |
 | Codex auth expired — user recovers | Re-run auth check; proceed with full Codex channel |
-| Codex auth expired — user declines or auth_timeout | Queue compensating pass (implementation correctness, security, API contracts, labeled `[compensating: Codex-equivalent]`); document as "auth_failed" or "auth_timeout" in report |
+| Codex auth expired — user declines or timeout | Queue compensating pass (implementation correctness, security, API contracts, labeled `[compensating: Codex-equivalent]`); document as "auth_failed" or "timeout" in report |
 | Gemini auth expired (exit 41) — user recovers | Re-run auth check; proceed with full Gemini channel |
-| Gemini auth expired — user declines or auth_timeout | Queue compensating pass (architectural patterns, design reasoning, broad context, labeled `[compensating: Gemini-equivalent]`); document as "auth_failed" or "auth_timeout" in report |
+| Gemini auth expired — user declines or timeout | Queue compensating pass (architectural patterns, design reasoning, broad context, labeled `[compensating: Gemini-equivalent]`); document as "auth_failed" or "timeout" in report |
 | Channel fails during execution (non-zero exit, malformed output, timeout) | Queue compensating pass for that channel with same focus and label; document root cause in report |
 | Both external CLIs unavailable (any combination of not_installed / auth failure) | Run all compensating passes plus Superpowers code-reviewer; report coverage as "degraded-coverage"; warn user that review coverage is reduced |
 | Superpowers unavailable | Document as "unavailable" in report; proceed with remaining channels; Superpowers is a Claude subagent and should always be available |

package/content/tools/review-code.md

@@ -23,7 +23,7 @@ anything leaves the machine.
 The three channels are:
 1. **Codex CLI** — implementation correctness, security, API contracts
 2. **Gemini CLI** — architectural patterns, broad-context reasoning
-3. **Superpowers code-reviewer** — Claude subagent review of code quality, tests, and plan alignment
+3. **Claude CLI** — Claude subagent review of code quality, tests, and plan alignment
 
 ## Inputs
 
@@ -46,6 +46,31 @@ The three channels are:
 
 ## Instructions
 
+### Primary: MMR CLI + Agent Reconcile
+
+When the MMR CLI is installed, use it as the primary entry point:
+
+```bash
+# Staged changes
+mmr review --staged --sync --format json
+
+# Branch diff against main
+mmr review --base main --sync --format json
+```
+
+After the CLI review completes, dispatch the agent's code-reviewer skill (4th channel) and inject findings into the MMR job for unified reconciliation:
+
+```bash
+# job_id is captured from mmr review --sync --format json output
+# Write agent findings to a temp file for mmr reconcile
+echo "$AGENT_FINDINGS" > /tmp/agent-findings.json
+mmr reconcile "$JOB_ID" --channel superpowers --input /tmp/agent-findings.json
+```
+
+The agent's review output must use MMR-compatible finding schema: each finding needs `severity` (P0-P3), `location` (file:line), and `description` (`suggestion` is optional).
+
+If `mmr` is not installed (`command -v mmr` fails), fall back to the manual multi-channel flow below.
+
 ### Step 1: Detect Mode
 
 Parse `$ARGUMENTS` and set:
@@ -173,7 +198,7 @@ codex login status 2>/dev/null
 - If `codex` is not installed: skip this channel and record root-cause `not_installed`
 - If auth fails: tell the user to run `! codex login`, retry after recovery, and if recovery is not possible, record root-cause `auth_failed` and continue with the remaining channels
 
-If auth cannot be recovered, or if Codex is not installed, queue a compensating Claude self-review pass focused on implementation correctness, security, and API contracts. Label findings as `[compensating: Codex-equivalent]`. If auth check times out (~5s), retry once; if still failing, record `auth timeout` and queue compensating pass. This pass runs after all channel dispatch attempts complete.
+If auth cannot be recovered, or if Codex is not installed, queue a compensating Claude self-review pass focused on implementation correctness, security, and API contracts. Label findings as `[compensating: Codex-equivalent]`. If auth check times out (~5s), retry once; if still failing, record `timeout` and queue compensating pass. This pass runs after all channel dispatch attempts complete.
 
 Build the prompt in a temporary file and pass it over stdin:
 
@@ -209,9 +234,9 @@ NO_BROWSER=true gemini -p "$(cat "$PROMPT_FILE")" --output-format json --approva
 
 If the CLI exits with a non-zero code, produces malformed/unparseable output, or is killed by the tool runner timeout, record root-cause `failed` and queue a compensating pass for that channel.
 
-#### Channel 3: Superpowers code-reviewer
+#### Channel 3: Claude CLI
 
-Dispatch the `superpowers:code-reviewer` subagent.
+Dispatch via `claude -p` with the review prompt.
 
 - If explicit refs are being reviewed, provide `BASE_SHA` and `HEAD_SHA`
 - Otherwise provide:
@@ -297,7 +322,7 @@ Otherwise:
 3. Repeat for up to 3 fix rounds
 4. If any finding remains unresolved after 3 rounds, stop with verdict `needs-user-decision`
 
-**Fix cycle channel rule:** Re-run only channels that originally completed or ran as compensating passes. Never retry a channel marked `not installed`, `auth failed`, or `auth timeout` during fix rounds — its availability does not change within a session.
+**Fix cycle channel rule:** Re-run only channels that originally completed or ran as compensating passes. Never retry a channel marked `not_installed`, `auth_failed`, or `timeout` during fix rounds — its availability does not change within a session.
 
 ### Step 8: Final Verdict
 
@@ -321,9 +346,9 @@ Output a concise summary in this format:
 [scope label]
 
 ### Channels Executed
-- Codex CLI — root cause: [completed / not installed / auth failed / auth timeout / failed], coverage: [full / compensating (Codex-equivalent)]
-- Gemini CLI — root cause: [completed / not installed / auth failed / auth timeout / failed], coverage: [full / compensating (Gemini-equivalent)]
-- Superpowers code-reviewer — [completed / failed]
+- Codex CLI — root cause: [completed / not_installed / auth_failed / timeout / failed], coverage: [full / compensating (Codex-equivalent)]
+- Gemini CLI — root cause: [completed / not_installed / auth_failed / timeout / failed], coverage: [full / compensating (Gemini-equivalent)]
+- Claude CLI — root cause: [completed / not_installed / auth_failed / timeout / failed], coverage: [full / compensating]
 
 ### Findings
 [consensus findings first, then single-source findings]

package/content/tools/review-pr.md

@@ -1,6 +1,6 @@
 ---
 name: review-pr
-description: Run all configured code review channels on a PR (Codex CLI, Gemini CLI, Superpowers code-reviewer)
+description: Run all configured code review channels on a PR (Codex CLI, Gemini CLI, Claude CLI)
 phase: null
 order: null
 dependencies: []
@@ -21,15 +21,16 @@ of remembering three separate review invocations.
 The three channels are:
 1. **Codex CLI** — OpenAI's code analysis (implementation correctness, security, API contracts)
 2. **Gemini CLI** — Google's design reasoning (architectural patterns, broad context)
-3. **Superpowers code-reviewer** — Claude subagent review (plan alignment, code quality, testing)
+3. **Claude CLI** — Anthropic's code review (plan alignment, code quality, testing)
 
 ## Inputs
 
 - $ARGUMENTS — PR number (optional; auto-detected from current branch if omitted)
-- docs/review-standards.md (optional) — severity definitions and review criteria
-- docs/coding-standards.md (required) — coding conventions for review context
-- docs/tdd-standards.md (optional) — test coverage expectations
-- AGENTS.md (optional) — reviewer instructions with project-specific rules
+- `.mmr.yaml` — MMR CLI configuration (channels, review_criteria, defaults)
+
+The CLI handles review context via config (`review_criteria` in `.mmr.yaml`).
+Project-specific standards (coding-standards, review-standards) are referenced
+in the review criteria config rather than read at dispatch time.
 
 ## Expected Outputs
 
@@ -48,119 +49,98 @@ PR_NUMBER="${ARGUMENTS:-$(gh pr view --json number -q .number 2>/dev/null)}"
 
 If no PR is found, stop and tell the user to create a PR first.
 
-### Step 2: Gather Review Context
+### Step 2: Run MMR Review
 
-Collect the PR diff and project standards for review prompts:
+Use the MMR CLI as the primary entry point for automated dispatch, reconciliation, and verdict:
 
 ```bash
-PR_DIFF=$(gh pr diff "$PR_NUMBER")
+MMR_RESULT=$(mmr review --pr "$PR_NUMBER" --sync --format json)
+# Extract job_id from JSON output for use in mmr reconcile
+JOB_ID=$(echo "$MMR_RESULT" | grep -o '"job_id": "[^"]*"' | head -1 | cut -d'"' -f4)
 ```
 
-Read these files for review context (skip any that don't exist):
-- `docs/coding-standards.md`
-- `docs/tdd-standards.md`
-- `docs/review-standards.md`
-- `AGENTS.md`
+The CLI handles:
+- Installation and auth checks for each channel (codex, gemini, claude)
+- Compensating passes when channels are unavailable (dispatched via `claude -p`)
+- Output parsing and finding reconciliation
+- Verdict derivation (pass/degraded-pass/blocked/needs-user-decision)
+- Exit codes: 0=pass/degraded-pass, 2=blocked, 3=needs-user-decision
 
-### Step 3: Run All Three Review Channels
+The CLI supports multiple input modes:
+- `--pr <number>` — review a GitHub PR (fetches diff via `gh pr diff`)
+- `--diff <file>` — review a diff file
+- `--staged` — review staged changes (`git diff --cached`)
+- `--base <ref> --head <ref>` — review diff between two refs
 
-Run all three channels. Track which ones complete successfully.
+**Manual fallback** (when MMR CLI is not installed):
 
-**Foreground only:** Always run Codex and Gemini CLI commands as foreground Bash calls. Never use `run_in_background`, `&`, or `nohup`. Background execution produces empty output.
+Run Codex, Gemini, and Claude CLI commands individually as foreground Bash calls.
+Never use `run_in_background`, `&`, or `nohup`.
 
 #### Channel 1: Codex CLI
 
-**Installation check:**
-```bash
-command -v codex >/dev/null 2>&1
-```
-- If `codex` is not installed: queue a compensating Claude self-review pass focused on implementation correctness, security, and API contracts. Record root-cause `not_installed`. Skip to next channel.
-
-**Auth check first** (auth tokens expire — always re-verify):
-
-```bash
-codex login status 2>/dev/null && echo "codex authenticated" || echo "codex NOT authenticated"
-```
-
-If auth fails, tell the user: "Codex auth expired. Run: `! codex login`" — do NOT
-silently fall back. After the user re-authenticates, retry.
-
-If auth cannot be recovered, queue a compensating pass (same focus as above). Record root-cause `auth_failed`.
-If auth check times out (~5s), retry once. If still failing, record root-cause `auth_timeout` and queue compensating pass.
-
-**Run the review:**
-
 ```bash
+command -v codex >/dev/null 2>&1 || echo "Codex not installed"
+codex login status 2>/dev/null
 codex exec --skip-git-repo-check -s read-only --ephemeral "REVIEW_PROMPT" 2>/dev/null
 ```
 
-The review prompt must include:
-- The PR diff
-- Coding standards from docs/coding-standards.md
-- Review standards from docs/review-standards.md (if exists)
-- Instruction to report P0/P1/P2 findings as JSON with severity, location (file:line), description, and suggestion
-
-If the CLI exits with a non-zero code, produces malformed/unparseable output, or is killed by the tool runner timeout, record root-cause `failed` and queue a compensating pass for that channel.
+If not installed or auth fails, queue a compensating pass focused on implementation
+correctness, security, and API contracts. Auth failure recovery: `! codex login`.
 
 #### Channel 2: Gemini CLI
 
-**Installation check:**
 ```bash
-command -v gemini >/dev/null 2>&1
+command -v gemini >/dev/null 2>&1 || echo "Gemini not installed"
+NO_BROWSER=true gemini -p "respond with ok" -o json 2>&1
+NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null
 ```
-- If `gemini` is not installed: queue a compensating Claude self-review pass focused on architectural patterns, design reasoning, and broad context. Record root-cause `not_installed`. Label findings as `[compensating: Gemini-equivalent]`. Skip to next channel.
 
-**Auth check first:**
+If not installed or auth fails, queue a compensating pass focused on architectural
+patterns, design reasoning, and broad context. Auth failure recovery: `! gemini -p "hello"`.
+
+#### Channel 3: Claude CLI
 
 ```bash
-GEMINI_AUTH_CHECK=$(NO_BROWSER=true gemini -p "respond with ok" -o json 2>&1)
-GEMINI_EXIT=$?
-if [ "$GEMINI_EXIT" -eq 0 ]; then
-  echo "gemini authenticated"
-elif [ "$GEMINI_EXIT" -eq 41 ]; then
-  echo "gemini NOT authenticated (exit 41: auth error)"
-fi
+claude -p "REVIEW_PROMPT" --output-format json 2>/dev/null
 ```
 
-If auth fails (exit 41), tell the user: "Gemini auth expired. Run: `! gemini -p \"hello\"`" — do NOT silently fall back. After the user re-authenticates, retry.
+Claude CLI handles its own auth. Focus: plan alignment, code quality, testing.
 
-If auth cannot be recovered, queue a compensating pass focused on architectural patterns, design reasoning, and broad context. Record root-cause `auth_failed`. Label findings as `[compensating: Gemini-equivalent]`.
-If auth check times out (~5s), retry once. If still failing, record root-cause `auth_timeout` and queue compensating pass labeled `[compensating: Gemini-equivalent]`.
+**After all channels:** Run any queued compensating passes as additional `claude -p`
+dispatches with focused prompts. Label findings as `[compensating: Codex-equivalent]`
+or `[compensating: Gemini-equivalent]`.
 
-**Run the review:**
+### Step 3: Run Agent Code Review (4th channel)
 
-```bash
-NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null
-```
+Dispatch your platform's code-reviewer skill for a complementary review:
+- **Claude Code:** dispatch `superpowers:code-reviewer` subagent with the PR diff and review criteria
+- **Other platforms:** use your platform's equivalent agent review skill
 
-Same review prompt content as Codex. Do NOT share one model's output with the other —
-each reviews independently.
+The agent skill runs inside your agent's context — it has access to conversation history, project knowledge, and plan context that external CLIs lack.
 
-If the CLI exits with a non-zero code, produces malformed/unparseable output, or is killed by the tool runner timeout, record root-cause `failed` and queue a compensating pass for that channel.
+**Important:** The agent's review output must use MMR-compatible finding schema: each finding needs `severity` (P0-P3), `location` (file:line), and `description` (`suggestion` is optional). The strict validator in `mmr reconcile` will reject findings with missing or invalid required fields.
 
-#### Channel 3: Superpowers Code-Reviewer Subagent
+### Step 4: Inject Agent Review into MMR
 
-Dispatch the `superpowers:code-reviewer` subagent. This channel always runs (it uses
-Claude, which is always available).
+Feed the agent review findings into MMR for unified reconciliation:
 
 ```bash
-BASE_SHA=$(gh pr view "$PR_NUMBER" --json baseRefOid -q .baseRefOid)
-HEAD_SHA=$(gh pr view "$PR_NUMBER" --json headRefOid -q .headRefOid)
+# job_id is captured from mmr review --sync --format json output
+# Write agent findings to a temp file for mmr reconcile
+echo "$AGENT_FINDINGS" > /tmp/agent-findings.json
+mmr reconcile "$JOB_ID" --channel superpowers --input /tmp/agent-findings.json
 ```
 
-Dispatch with the Agent tool using `superpowers:code-reviewer` as the subagent type,
-providing:
-- `WHAT_WAS_IMPLEMENTED` — PR title and description
-- `PLAN_OR_REQUIREMENTS` — coding standards and review standards
-- `BASE_SHA` — base commit
-- `HEAD_SHA` — head commit
-- `DESCRIPTION` — PR summary
+The `reconcile` command:
+- Adds the agent's findings as a new channel in the job
+- Re-runs reconciliation across ALL channels (CLI + agent)
+- Outputs the unified verdict with all sources included
 
-**After all channels:** Run any queued compensating passes as foreground Claude self-review passes. Each uses the same review prompt as the missing channel, focused on that channel's strength area. Label findings as `[compensating: Codex-equivalent]` or `[compensating: Gemini-equivalent]`.
+### Step 5: Reconcile Findings
 
-### Step 4: Reconcile Findings
-
-After all channels complete, reconcile findings:
+When using `mmr review --sync`, reconciliation is automatic. For manual fallback,
+reconcile findings after all channels complete:
 
 | Scenario | Confidence | Action |
 |----------|-----------|--------|
@@ -171,7 +151,7 @@ After all channels complete, reconcile findings:
 | Channels contradict each other | **Low** | Present to user for adjudication |
 | Compensating-pass P0/P1/P2 finding | **Single-source** | Fix per normal thresholds, label as compensating |
 
-### Step 5: Report Results
+### Step 6: Report Results
 
 Output a review summary in this format:
 
@@ -179,9 +159,10 @@ Output a review summary in this format:
 ## Code Review Summary — PR #[number]
 
 ### Channels Executed
-- [ ] Codex CLI — root cause: [completed / not installed / auth failed / auth timeout / failed], coverage: [full / compensating (Codex-equivalent)]
-- [ ] Gemini CLI — root cause: [completed / not installed / auth failed / auth timeout / failed], coverage: [full / compensating (Gemini-equivalent)]
-- [ ] Superpowers code-reviewer — [completed / failed]
+- [ ] Codex CLI — root cause: [completed / not installed / auth failed / timeout / failed], coverage: [full / compensating (Codex-equivalent)]
+- [ ] Gemini CLI — root cause: [completed / not installed / auth failed / timeout / failed], coverage: [full / compensating (Gemini-equivalent)]
+- [ ] Claude CLI — root cause: [completed / not_installed / auth_failed / timeout / failed], coverage: [full / compensating]
+- [ ] Agent review — [completed / skipped], injected via mmr reconcile
 
 ### Consensus Findings (High Confidence)
 [Findings flagged by 2+ channels]
@@ -196,7 +177,7 @@ Output a review summary in this format:
 [pass / degraded-pass / blocked / needs-user-decision]
 ```
 
-### Step 5a: Final Verdict
+### Step 6a: Final Verdict
 
 Return exactly one verdict:
 
@@ -209,17 +190,19 @@ Verdict precedence: `needs-user-decision` > `blocked` > `degraded-pass` > `pass`
 
 When compensating passes ran, maximum achievable verdict is `degraded-pass`. When both external channels were compensated, note "All findings are single-model."
 
-### Step 6: Fix P0/P1/P2 Findings
+### Step 7: Fix P0/P1/P2 Findings
 
 If any P0, P1, or P2 findings exist:
 1. Fix them in the code
 2. Push the fixes: `git push`
-3. Re-run the channels that produced findings to verify fixes
+3. Re-run the review to verify fixes: `mmr review --pr "$PR_NUMBER" --sync --format json`
 4. After 3 fix rounds with unresolved P0/P1/P2 findings, stop and ask the user for direction — do NOT merge automatically. Document remaining findings and let the user decide whether to continue fixing, create follow-up issues, or override.
 
-**Fix cycle channel rule:** Re-run only channels that originally completed or ran as compensating passes. Never retry a channel marked `not installed`, `auth failed`, or `auth timeout` during fix rounds — its availability does not change within a session.
+**Note:** Fix cycles are an orchestration concern — the caller (agent or human) handles the fix loop. The CLI provides the review and verdict; the caller decides whether to fix and re-run.
+
+**Fix cycle channel rule:** Re-run only channels that originally completed or ran as compensating passes. Never retry a channel marked `not_installed`, `auth_failed`, or `timeout` during fix rounds — its availability does not change within a session.
 
-### Step 7: Confirm Completion
+### Step 8: Confirm Completion
 
 After all findings are resolved (or 3 rounds complete), output:
 
@@ -236,21 +219,22 @@ Do NOT proceed to the next task or merge until this confirmation is output.
 | Channel not installed | Queue compensating pass, report root-cause `not_installed` |
 | Auth expired, user recovers | Retry dispatch |
 | Auth expired, user declines | Queue compensating pass, report root-cause `auth_failed` |
-| Auth check timeout (after retry) | Queue compensating pass, report root-cause `auth_timeout` |
+| Auth check timeout (after retry) | Queue compensating pass, report root-cause `timeout` |
 | Channel fails during execution | Queue compensating pass, report root-cause `failed` |
 | Both external channels unavailable | Two compensating passes, max verdict: `degraded-pass`, note "All findings single-model" |
-| Superpowers unavailable | Run available CLIs, warn user (Superpowers is always-available Claude — no compensating pass) |
 
 ## Process Rules
 
-1. **Foreground only** — Always run Codex and Gemini CLI commands as foreground Bash calls. Never use `run_in_background`, `&`, or `nohup`.
-2. **All three channels are mandatory** — skip only when a tool is genuinely not installed, never by choice.
+1. **Foreground only** — Always run Codex, Gemini, and Claude CLI commands as foreground Bash calls. Never use `run_in_background`, `&`, or `nohup`.
+2. **All three channels are mandatory** — Codex CLI, Gemini CLI, and Claude CLI. Skip only when a tool is genuinely not installed, never by choice.
 3. **Auth failures are not silent** — always surface to the user with the exact recovery command.
 4. **Independence** — never share one channel's output with another. Each reviews the diff independently.
 5. **Fix before proceeding** — P0/P1/P2 findings must be resolved before moving to the next task.
 6. **3-round limit** — never attempt more than 3 fix rounds. Surface unresolved findings to the user.
 7. **Document everything** — the review summary must show which channels ran and which were skipped, with reasons.
-8. **Dispatch pattern** follows `multi-model-review-dispatch` knowledge entry. When modifying channel dispatch in this file, verify consistency with `review-code.md` and `post-implementation-review.md`.
+8. **CLI-first** — use `mmr review --sync` as the primary entry point. Manual dispatch is a fallback only.
+9. **Job storage** — the CLI stores job data at `~/.mmr/jobs/{job-id}/results.json`. Review results are available via `mmr results <job-id>`.
+10. **Dispatch pattern** follows `multi-model-review-dispatch` knowledge entry. When modifying channel dispatch in this file, verify consistency with `review-code.md` and `post-implementation-review.md`.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zigrivers/scaffold",
-  "version": "3.15.0",
+  "version": "3.16.0",
   "description": "AI-powered software project scaffolding pipeline",
   "type": "module",
   "workspaces": [