@zigrivers/scaffold 3.23.0 → 3.24.1

package/README.md

@@ -38,7 +38,7 @@ Either way, Scaffold constructs the prompt and the target AI tool does the work.
 
 **Depth scale** (1-5) — Controls how thorough each step's output is, from "focus on the core deliverable" (1) to "explore all angles, tradeoffs, and edge cases" (5). Depth resolves with 4-level precedence: CLI flag > step override > custom default > preset default.
 
-**Multi-model validation** — At depth 4-5, all 19 review and validation steps can dispatch independent reviews to Codex and/or Gemini CLIs. Two independent models catch more blind spots than one. When both CLIs are available, findings are reconciled by confidence level (both agree = high confidence, single model P0 = still actionable). When a channel is unavailable, a compensating Claude self-review pass runs in its place (labeled `[compensating: Codex-equivalent]` or `[compensating: Gemini-equivalent]`, single-source confidence). CLI commands must always run in the foreground — background execution produces empty output. See the [Multi-Model Review](#multi-model-review) section.
+**Multi-model validation** — At depth 4-5, review and validation steps can dispatch independent reviews to the three MMR CLI channels (Codex, Gemini, Claude) via the `mmr` CLI, plus the Superpowers code-reviewer agent as a complementary 4th channel on wrapper invocations (`scaffold run review-pr`, `scaffold run review-code`). The MMR-backed wrappers are the preferred path; some older depth-5 validation steps still dispatch Codex/Gemini directly via the `multi-model-dispatch` skill (migration in progress). Multiple independent models catch more blind spots than one. Findings are reconciled by confidence level (multiple channels agree = high confidence, single channel P0 = still actionable). When Codex or Gemini is unavailable, a compensating Claude self-review pass runs in its place (labeled `[compensating: Codex-equivalent]` or `[compensating: Gemini-equivalent]`, single-source confidence); there is no compensating pass when Claude itself is unavailable — the review simply proceeds with the remaining channels. CLI commands must always run in the foreground — background execution produces empty output. `mmr review` also supports non-PR targets (staged changes, branch diff, specific files) — see the [Multi-Model Review](#multi-model-review) section.
 
 **State management** — Pipeline progress is tracked in `.scaffold/state.json` with atomic file writes and crash recovery. An advisory lock prevents concurrent runs. Decisions are logged to an append-only `decisions.jsonl`. Pressing Ctrl+C during any command exits cleanly with an informative message — no stack traces, no orphaned locks, no corrupted state.
 
@@ -826,7 +826,7 @@ Claude sets up your local dev environment with one-command startup and live relo
 | `dev-env-setup` | Claude configures your project so `make dev` (or equivalent) starts everything — dev server with live reload, local database, environment variables — and documents the setup in a getting-started guide. |
 | `design-system` | Claude creates a visual language — color palette (WCAG-compliant), typography scale, spacing system, component patterns — and generates working theme config files for your frontend framework. *(web apps only)* |
 | `git-workflow` | Claude sets up your branching strategy, commit message format, PR workflow, CI pipeline with lint and test jobs, and worktree scripts so multiple AI agents can work in parallel without conflicts. |
-| `automated-pr-review` | Claude configures automated code review — using Codex and/or Gemini CLIs for dual-model review when available, or an external bot — with severity definitions and review criteria tailored to your project. *(optional)* |
+| `automated-pr-review` | Claude configures automated code review — three-CLI MMR dispatch (Codex, Gemini, Claude) plus Superpowers code-reviewer as a complementary 4th channel via the scaffold wrappers, with severity definitions and review criteria tailored to your project. Covers PRs and non-PR targets (local code, diffs, files). *(optional)* |
 | `ai-memory-setup` | Claude extracts conventions from your docs into path-scoped rule files that load automatically, optimizes CLAUDE.md with a pointer pattern, and optionally sets up persistent cross-session memory. |
 
 ### Phase 4 — Testing Integration (integration)
@@ -1214,7 +1214,9 @@ channels:
     command: claude -p
     auth:
       check: "claude -p 'respond with ok' 2>/dev/null"
-      timeout: 5
+      # Claude's auth probe is a full LLM round-trip (not a local status
+      # check) and routinely takes 9-14s, so 20s is the realistic default.
+      timeout: 20
       failure_exit_codes: [1]
       recovery: "Run: claude login"
 
@@ -1228,7 +1230,10 @@ channels:
       NO_BROWSER: "true"
     auth:
       check: "NO_BROWSER=true gemini -p 'respond with ok' -o json 2>&1"
-      timeout: 5
+      # Gemini's auth probe is also a full LLM round-trip; same reasoning
+      # as Claude. Codex stays at the 5s default (see below) because its
+      # check is a local file probe.
+      timeout: 20
       failure_exit_codes: [41]
       recovery: "Run: gemini -p 'hello' (interactive, opens browser)"
     timeout: 360     # Gemini tends to be slower
@@ -1285,11 +1290,12 @@ When multiple channels return findings, mmr applies consensus rules:
 
 | Scenario | Confidence | Action |
 |----------|-----------|--------|
-| Both models flag the same issue | **High** | Fix immediately |
-| Both models approve | **High** | Proceed confidently |
-| One flags P0, other approves | **High** | Fix it (P0 is critical) |
-| One flags P1, other approves | **Medium** | Review before fixing |
-| Models contradict each other | **Low** | Present both to user |
+| 2+ channels flag the same issue | **High** | Fix immediately |
+| All channels approve | **High** | Proceed confidently |
+| One channel flags P0, others approve | **High** | Fix it (P0 is critical) |
+| One channel flags P1, others approve | **Medium** | Review before fixing |
+| Channels contradict each other | **Low** | Present all perspectives to user |
+| Compensating-pass P0/P1/P2 finding | **Single-source** | Fix per normal thresholds, label as compensating |
 
 Scaffold verifies CLI authentication before every dispatch. If a token has expired, it tells you and provides the command to re-authenticate — it never silently skips a review.
 
@@ -1302,15 +1308,15 @@ At depth 1-3, reviews are Claude-only — still thorough with multiple passes, b
 ### What You Need
 
 - **Depth 4 or 5** — set during `scaffold init` or override per step
-- **At least one additional CLI** — Codex or Gemini (or both for triple-model review)
-- **Valid authentication** — Scaffold checks before every dispatch and tells you if credentials need refreshing
+- **At least one additional CLI** — Codex, Gemini, and/or Claude CLI. All three dispatched independently as MMR channels when available. Missing Codex or Gemini channels fall back to compensating Claude passes (labeled `[compensating: Codex-equivalent]` / `[compensating: Gemini-equivalent]`, single-source confidence); if Claude itself is unavailable, the review proceeds with the remaining channels — MMR does not compensate for a missing Claude channel.
+- **Valid authentication** — Scaffold checks before every dispatch (run `mmr config test` to pre-flight all three at once) and tells you if credentials need refreshing
 
 ## Methodology Presets
 
 Not every project needs all 60 steps. Choose a methodology when you run `scaffold init`:
 
 ### deep (depth 5)
-All steps enabled. Comprehensive analysis of every angle — domain modeling, ADRs, security review, traceability matrix, the works. At depth 4-5, review steps dispatch to Codex/Gemini CLIs for multi-model validation. Best for complex systems, team projects, or when you want thorough documentation.
+All steps enabled. Comprehensive analysis of every angle — domain modeling, ADRs, security review, traceability matrix, the works. At depth 4-5, review steps dispatch to the three MMR CLI channels (Codex, Gemini, Claude) for multi-model validation, with the Superpowers code-reviewer agent added as a complementary 4th channel via the scaffold wrappers. Best for complex systems, team projects, or when you want thorough documentation.
 
 ### mvp (depth 1)
 Only 7 critical steps: create-prd, review-prd, user-stories, review-user-stories, tdd, implementation-plan, and implementation-playbook. Minimal ceremony — get to code fast. Best for prototypes, hackathons, or solo projects.
@@ -1372,7 +1378,8 @@ scaffold check add-e2e-testing
 # → Applicable: yes | Platform: web | Brownfield: no | Mode: fresh
 
 scaffold check automated-pr-review
-# → Applicable: yes | GitHub remote: yes | Available CLIs: codex, gemini | Recommended: local-cli (dual-model)
+# → Applicable: yes | GitHub remote: yes | Available CLIs: codex, gemini, claude | Recommended: local-cli (three-CLI MMR review)
+# (suffix is `(three-CLI MMR review)` / `(two-CLI MMR review)` / `(single-CLI review)` based on how many of codex/gemini/claude are detected)
 
 scaffold check ai-memory-setup
 # → Rules: no | MCP server: none | Hooks: none | Mode: fresh
@@ -1452,9 +1459,9 @@ These are orthogonal to the pipeline — usable at any time, not tied to pipelin
 | `scaffold run update` | Update Scaffold to the latest version. |
 | `scaffold run dashboard` | Open a visual progress dashboard in your browser. |
 | `scaffold run prompt-pipeline` | Print the full pipeline reference table. |
-| `scaffold run review-code` | Run all 3 code review channels on local code before commit or push. |
-| `scaffold run review-pr` | Run all 3 code review channels (Codex CLI, Gemini CLI, Superpowers) on a PR. |
-| `scaffold run post-implementation-review` | Full 3-channel codebase review after an AI agent completes all tasks — checks requirements coverage, security, architecture alignment, and more. |
+| `scaffold run review-code` | Run all 3 MMR CLI review channels (Codex CLI, Gemini CLI, Claude CLI) on tracked local code (committed branch diff + staged + unstaged — no untracked files) before commit or push, plus Superpowers code-reviewer as a complementary 4th channel. |
+| `scaffold run review-pr` | Run all 3 MMR CLI review channels (Codex CLI, Gemini CLI, Claude CLI) on a PR, plus Superpowers code-reviewer as a complementary 4th channel. Also usable on non-PR targets (staged changes, branch diff, specific files) via `mmr review` directly. |
+| `scaffold run post-implementation-review` | Full codebase review (Codex CLI + Gemini CLI + Superpowers code-reviewer — note: does not currently include Claude CLI as a standard channel) after an AI agent completes all tasks — checks requirements coverage, security, architecture alignment, and more. |
 | `scaffold run spark` | Explore and expand a raw project idea through Socratic questioning, competitive research, and innovation expansion. Produces a `docs/spark-brief.md` that feeds into `create-vision`. At depth 4+, dispatches to external models for independent research and adversarial red-teaming. |
 | `scaffold run session-analyzer` | Analyze Claude Code session logs for patterns and insights. |
 

package/content/knowledge/core/automated-review-tooling.md

@@ -1,12 +1,12 @@
 ---
 name: automated-review-tooling
-description: Patterns for automated PR code review using AI CLI tools (Codex, Gemini, Claude) — orchestration, reconciliation, compensating passes, and CI integration
-topics: [code-review, automation, codex, gemini, pull-requests, ci-cd, review-tooling]
+description: Patterns for automated code review using AI CLI tools (Codex, Gemini, Claude) — three-CLI MMR orchestration plus Superpowers 4th channel in wrappers, reconciliation, compensating passes, PR + non-PR targets, and CI integration
+topics: [code-review, automation, codex, gemini, claude, pull-requests, non-pr-review, mmr, ci-cd, review-tooling]
 ---
 
 # Automated Review Tooling
 
-Automated PR review leverages AI models to provide consistent, thorough code review without manual reviewer bottlenecks. This knowledge covers the local CLI approach (no GitHub Actions), dual-model review patterns, and integration with the PR workflow.
+Automated code review leverages AI models to provide consistent, thorough code review without manual reviewer bottlenecks. This knowledge covers the local CLI approach (no GitHub Actions), the three-channel MMR orchestration (Codex + Gemini + Claude) with the Superpowers code-reviewer added as a complementary 4th channel by the scaffold MMR wrappers, and integration with both PR and non-PR review targets (local code, branch diffs, specific files).
 
 ## Summary
 

package/content/knowledge/core/multi-model-review-dispatch.md

@@ -48,7 +48,7 @@ When an AI agent dispatches CLI reviews via a tool runner (Claude Code Bash tool
 
 Before dispatching, verify the model CLI is installed and authenticated using a two-step process that produces distinct statuses for the orchestration layer:
 
-**Step 1 — Installation check:**
+**Step 1 — Installation check** (all three MMR channels):
 
 ```bash
 # Codex: not found -> status: "not_installed"
@@ -56,6 +56,9 @@ command -v codex >/dev/null 2>&1
 
 # Gemini: not found -> status: "not_installed"
 command -v gemini >/dev/null 2>&1
+
+# Claude CLI: not found -> status: "not_installed"
+command -v claude >/dev/null 2>&1
 ```
 
 If the CLI is not found, report status `not_installed` to the orchestration layer. Do not prompt the user to install it.
@@ -64,17 +67,23 @@ If the CLI is not found, report status `not_installed` to the orchestration laye
 
 ```bash
 # Codex: fail -> status: "auth_failed"
-codex login status 2>/dev/null
+codex login status 2>/dev/null                                       # local file probe
 
 # Gemini: exit 41 -> status: "auth_failed"
-NO_BROWSER=true gemini -p "respond with ok" -o json 2>&1
+NO_BROWSER=true gemini -p "respond with ok" -o json 2>&1             # full LLM round-trip
+
+# Claude CLI: non-zero -> status: "auth_failed"
+claude -p "respond with ok" 2>/dev/null                              # full LLM round-trip
 ```
 
+Prefer `mmr config test` as a single-command pre-flight that runs all three checks and emits structured JSON.
+
 If auth fails, report status `auth_failed` and surface recovery to the user:
 - Codex: "Codex auth expired — run `! codex login` to re-authenticate"
 - Gemini: "Gemini auth expired — run `! gemini -p \"hello\"` to re-authenticate"
+- Claude CLI: "Claude CLI auth expired — run `! claude login` to re-authenticate"
 
-If auth check times out (~5 seconds), retry once. If still failing, report `timeout`.
+Auth-check timeouts: Codex's check is a local file probe so the default is 5s; Gemini's and Claude's are full LLM round-trips and routinely take 9-14s, so MMR's built-in defaults use 20s for those two. If a check times out, retry once. If still failing, report `timeout`.
 If auth succeeds, report `ready` and proceed to dispatch.
 
 **Post-dispatch terminal states:**

package/content/pipeline/build/multi-agent-resume.md

@@ -177,14 +177,15 @@ Once in-progress work is complete (or if there was none):
 
 4. **Run code reviews (MANDATORY)**
    - Run the review-pr tool: `scaffold run review-pr` (CLI) or `/scaffold:review-pr` (plugin)
-   - This runs **all three** review channels on the PR diff:
+   - This runs the three MMR CLI channels on the PR diff plus the Superpowers code-reviewer agent as a complementary 4th channel reconciled through `mmr reconcile`:
      1. **Codex CLI**: `codex exec --skip-git-repo-check -s read-only --ephemeral "REVIEW_PROMPT" 2>/dev/null`
      2. **Gemini CLI**: `NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null`
-     3. **Superpowers code-reviewer**: dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
-   - Verify auth before each CLI (`codex login status`, `NO_BROWSER=true gemini -p "respond with ok" -o json`)
-   - All three channels must execute (skip only if a tool is genuinely not installed)
+     3. **Claude CLI**: `claude -p "REVIEW_PROMPT" --output-format json 2>/dev/null`
+     4. **Superpowers code-reviewer** (4th channel): dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
+   - Verify auth before each CLI (`mmr config test` pre-flights all three at once)
+   - All four channels should execute. Missing Codex or Gemini → MMR runs a compensating Claude pass in its place (degraded-pass verdict). Missing Claude CLI → review proceeds without compensation.
    - Fix any P0/P1/P2 findings before proceeding
-   - Do NOT move to the next task until all channels have run
+   - Do NOT move to the next task until the review completes
 
 5. **Between-task cleanup**
    - `git fetch origin --prune && git clean -fd`
@@ -238,7 +239,7 @@ Once in-progress work is complete (or if there was none):
 5. **TDD is not optional** — Continue the red-green-refactor cycle for any in-progress work.
 6. **Quality gates before PR** — Never create a PR with failing checks.
 7. **Honor pre-push review when requested** — If the user or project workflow asks for pre-push multi-model review, run `scaffold run review-code` after quality gates and before `git push`.
-8. **Code review before next task** — After creating a PR, run all three review channels (Codex CLI, Gemini CLI, Superpowers code-reviewer) and fix all P0/P1/P2 findings before moving on.
+8. **Code review before next task** — After creating a PR, run `scaffold run review-pr`: three CLI channels (Codex CLI, Gemini CLI, Claude CLI) via MMR plus the Superpowers code-reviewer agent as a complementary 4th channel. Fix all P0/P1/P2 findings before moving on.
 9. **Follow CLAUDE.md** — It is the authority on project conventions and commands.
 
 ---

package/content/pipeline/build/multi-agent-start.md

@@ -181,14 +181,15 @@ For each task:
 
 8. **Run code reviews (MANDATORY)**
    - Run the review-pr tool: `scaffold run review-pr` (CLI) or `/scaffold:review-pr` (plugin)
-   - This runs **all three** review channels on the PR diff:
+   - This runs the three MMR CLI channels on the PR diff plus the Superpowers code-reviewer agent as a complementary 4th channel reconciled through `mmr reconcile`:
      1. **Codex CLI**: `codex exec --skip-git-repo-check -s read-only --ephemeral "REVIEW_PROMPT" 2>/dev/null`
      2. **Gemini CLI**: `NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null`
-     3. **Superpowers code-reviewer**: dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
-   - Verify auth before each CLI (`codex login status`, `NO_BROWSER=true gemini -p "respond with ok" -o json`)
-   - All three channels must execute (skip only if a tool is genuinely not installed)
+     3. **Claude CLI**: `claude -p "REVIEW_PROMPT" --output-format json 2>/dev/null`
+     4. **Superpowers code-reviewer** (4th channel): dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
+   - Verify auth before each CLI (`mmr config test` pre-flights all three at once)
+   - All four channels should execute. Missing Codex or Gemini → MMR runs a compensating Claude pass in its place (degraded-pass verdict). Missing Claude CLI → review proceeds without compensation.
    - Fix any P0/P1/P2 findings before proceeding
-   - Do NOT move to the next task until all channels have run
+   - Do NOT move to the next task until the review completes
 
 9. **Between-task cleanup**
    - `git fetch origin --prune && git clean -fd`
@@ -230,7 +231,7 @@ For each task:
 4. **TDD is not optional** — Write failing tests before implementation. No exceptions.
 5. **Quality gates before PR** — Never create a PR with failing checks.
 6. **Honor pre-push review when requested** — If the user or project workflow asks for pre-push multi-model review, run `scaffold run review-code` after quality gates and before `git push`.
-7. **Code review before next task** — After creating a PR, run all three review channels (Codex CLI, Gemini CLI, Superpowers code-reviewer) and fix all P0/P1/P2 findings before moving on.
+7. **Code review before next task** — After creating a PR, run `scaffold run review-pr`: three CLI channels (Codex CLI, Gemini CLI, Claude CLI) via MMR plus the Superpowers code-reviewer agent as a complementary 4th channel. Fix all P0/P1/P2 findings before moving on.
 8. **Avoid task conflicts** — Check what other agents are working on before claiming.
 9. **Follow CLAUDE.md** — It is the authority on project conventions and commands.
 

package/content/pipeline/build/single-agent-resume.md

@@ -154,14 +154,15 @@ Once in-progress work is complete (or if there was none):
 
 4. **Run code reviews (MANDATORY)**
    - Run the review-pr tool: `scaffold run review-pr` (CLI) or `/scaffold:review-pr` (plugin)
-   - This runs **all three** review channels on the PR diff:
+   - This runs the three MMR CLI channels on the PR diff plus the Superpowers code-reviewer agent as a complementary 4th channel reconciled through `mmr reconcile`:
      1. **Codex CLI**: `codex exec --skip-git-repo-check -s read-only --ephemeral "REVIEW_PROMPT" 2>/dev/null`
      2. **Gemini CLI**: `NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null`
-     3. **Superpowers code-reviewer**: dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
-   - Verify auth before each CLI (`codex login status`, `NO_BROWSER=true gemini -p "respond with ok" -o json`)
-   - All three channels must execute (skip only if a tool is genuinely not installed)
+     3. **Claude CLI**: `claude -p "REVIEW_PROMPT" --output-format json 2>/dev/null`
+     4. **Superpowers code-reviewer** (4th channel): dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
+   - Verify auth before each CLI (`mmr config test` pre-flights all three at once)
+   - All four channels should execute. Missing Codex or Gemini → MMR runs a compensating Claude pass in its place (degraded-pass verdict). Missing Claude CLI → review proceeds without compensation.
    - Fix any P0/P1/P2 findings before proceeding
-   - Do NOT move to the next task until all channels have run
+   - Do NOT move to the next task until the review completes
 
 5. **Claim next task**
    - Return to main: `git checkout main && git pull origin main`
@@ -203,7 +204,7 @@ Once in-progress work is complete (or if there was none):
 4. **TDD is not optional** — Continue the red-green-refactor cycle for any in-progress work.
 5. **Quality gates before PR** — Never create a PR with failing checks.
 6. **Honor pre-push review when requested** — If the user or project workflow asks for pre-push multi-model review, run `scaffold run review-code` after quality gates and before `git push`.
-7. **Code review before next task** — After creating a PR, run all three review channels (Codex CLI, Gemini CLI, Superpowers code-reviewer) and fix all P0/P1/P2 findings before moving on.
+7. **Code review before next task** — After creating a PR, run `scaffold run review-pr`: three CLI channels (Codex CLI, Gemini CLI, Claude CLI) via MMR plus the Superpowers code-reviewer agent as a complementary 4th channel. Fix all P0/P1/P2 findings before moving on.
 8. **Follow CLAUDE.md** — It is the authority on project conventions and commands.
 
 ---

package/content/pipeline/build/single-agent-start.md

@@ -160,14 +160,15 @@ For each task:
 
 8. **Run code reviews (MANDATORY)**
    - Run the review-pr tool: `scaffold run review-pr` (CLI) or `/scaffold:review-pr` (plugin)
-   - This runs **all three** review channels on the PR diff:
+   - This runs the three MMR CLI channels on the PR diff plus the Superpowers code-reviewer agent as a complementary 4th channel reconciled through `mmr reconcile`:
      1. **Codex CLI**: `codex exec --skip-git-repo-check -s read-only --ephemeral "REVIEW_PROMPT" 2>/dev/null`
      2. **Gemini CLI**: `NO_BROWSER=true gemini -p "REVIEW_PROMPT" --output-format json --approval-mode yolo 2>/dev/null`
-     3. **Superpowers code-reviewer**: dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
-   - Verify auth before each CLI (`codex login status`, `NO_BROWSER=true gemini -p "respond with ok" -o json`)
-   - All three channels must execute (skip only if a tool is genuinely not installed)
+     3. **Claude CLI**: `claude -p "REVIEW_PROMPT" --output-format json 2>/dev/null`
+     4. **Superpowers code-reviewer** (4th channel): dispatch `superpowers:code-reviewer` subagent with BASE_SHA and HEAD_SHA
+   - Verify auth before each CLI (`mmr config test` pre-flights all three at once)
+   - All four channels should execute. Missing Codex or Gemini → MMR runs a compensating Claude pass in its place (degraded-pass verdict). Missing Claude CLI → review proceeds without compensation.
    - Fix any P0/P1/P2 findings before proceeding
-   - Do NOT move to the next task until all channels have run
+   - Do NOT move to the next task until the review completes
 
 9. **Update status**
    - If Beads: task status is managed via `bd` commands
@@ -201,7 +202,7 @@ For each task:
 2. **One task at a time** — Complete the current task fully before starting the next.
 3. **Quality gates before PR** — Never create a PR with failing checks.
 4. **Honor pre-push review when requested** — If the user or project workflow asks for pre-push multi-model review, run `scaffold run review-code` after quality gates and before `git push`.
-5. **Code review before next task** — After creating a PR, run all three review channels (Codex CLI, Gemini CLI, Superpowers code-reviewer) and fix all P0/P1/P2 findings before moving on.
+5. **Code review before next task** — After creating a PR, run `scaffold run review-pr`: three CLI channels (Codex CLI, Gemini CLI, Claude CLI) via MMR plus the Superpowers code-reviewer agent as a complementary 4th channel. Fix all P0/P1/P2 findings before moving on.
 6. **Update status immediately** — Mark tasks complete as soon as review passes.
 7. **Consult lessons.md** — Check for relevant anti-patterns before each task.
 8. **Follow CLAUDE.md** — It is the authority on project conventions and commands.

package/content/pipeline/environment/automated-pr-review.md

@@ -1,7 +1,7 @@
 ---
 name: automated-pr-review
-description: Agent-driven automated PR review with external reviewers (Codex Cloud, Gemini Code Assist, or custom)
-summary: "Configures automated code review — using Codex and/or Gemini CLIs for dual-model review when available, or an external bot — with severity definitions and review criteria tailored to your project."
+description: "Agent-driven automated code review via MMR (Codex, Gemini, Claude CLIs + Superpowers as 4th channel in wrappers), for PRs and non-PR targets"
+summary: "Configures agent-driven automated code review: mandatory after `gh pr create` and also usable on any non-PR target. Direct `mmr review` runs three CLI channels (Codex, Gemini, Claude); `scaffold run review-pr` / `scaffold run review-code` add the Superpowers code-reviewer agent as a complementary 4th channel. An external GitHub App reviewer is supported as a fallback when CLIs are unavailable."
 phase: "environment"
 order: 340
 dependencies: [git-workflow]
@@ -12,10 +12,21 @@ knowledge-base: [review-methodology, automated-review-tooling]
 ---
 
 ## Purpose
-Configure an agent-driven automated PR review system using local CLI reviewers
-(Codex, Gemini — runs both when available for dual-model quality) or external
-GitHub App reviewers. Zero GitHub Actions workflows. The agent manages the
-entire review-fix loop locally.
+Configure an agent-driven automated code review system using local CLI
+reviewers dispatched through MMR (Codex, Gemini, Claude — runs all three when
+available) plus the Superpowers code-reviewer agent as a complementary 4th
+channel when using the MMR wrappers `scaffold run review-pr` and
+`scaffold run review-code`. The review is mandatory after `gh pr create` and
+also runs on non-PR targets (local staged/unstaged code, branch diffs,
+specific files) via the same `mmr review` CLI.
+`scaffold run post-implementation-review` is a separate full-codebase review
+(Codex CLI + Gemini CLI + Superpowers code-reviewer) that runs after an AI
+agent completes all implementation tasks; it does not currently use Claude
+CLI as a standard channel and is not an MMR wrapper, though it can inject
+findings into an existing MMR job via `mmr reconcile`.
+External GitHub App reviewers remain supported as a fallback when CLIs are
+unavailable. Zero GitHub Actions workflows. The agent manages the entire
+review-fix loop locally.
 
 ## Inputs
 - docs/coding-standards.md (required) — review criteria reference
@@ -26,7 +37,7 @@ entire review-fix loop locally.
 ## Expected Outputs
 - AGENTS.md — Reviewer instructions with project-specific rules
 - docs/review-standards.md — severity definitions (P0-P3) and review criteria
-- scripts/cli-pr-review.sh (local CLI mode) — dual-model review with reconciliation
+- scripts/cli-pr-review.sh (legacy dual-model fallback) — Codex+Gemini review with manual reconciliation, used when MMR / `scaffold run review-pr` is unavailable
 - scripts/await-pr-review.sh (external bot mode) — polling script with JSON output
 - docs/git-workflow.md updated with review loop integration
 - CLAUDE.md updated with agent-driven review workflow and review-pr hook
@@ -36,23 +47,27 @@ entire review-fix loop locally.
 - (mvp) Review standards document matches project coding conventions
 - (deep) Await script handles all exit conditions (approved, findings, cap, skip, timeout)
 - (mvp) CLAUDE.md workflow documents the agent-driven loop
+- (mvp) CLAUDE.md review block covers both PR and non-PR targets (staged, branch diff, single file)
 - (mvp) No GitHub Actions workflows created (zero Actions minutes)
 - (mvp) No ANTHROPIC_API_KEY secret required
 - (mvp) Post-PR-creation hook configured in settings to remind agents to run review-pr
 - (deep) Legacy GitHub Actions workflows detected and cleanup offered
-- (deep) Dual-model review enabled when both CLIs available
+- (deep) Three-CLI review (Codex, Gemini, Claude) enabled when all three CLIs available, with per-channel auth checks and compensating passes
+- (deep) The MMR scaffold wrappers (review-pr, review-code) add the Superpowers code-reviewer agent as a complementary 4th channel and reconcile its findings through MMR. `post-implementation-review` follows a separate channel layout (Codex + Gemini + Superpowers, with optional `mmr reconcile` injection) and is not one of the MMR wrappers.
 
 ## Methodology Scaling
-- **deep**: Full setup with local CLI review (dual-model when both available),
-  review-standards.md, AGENTS.md, and comprehensive CLAUDE.md workflow.
-  Falls back to external bot review if no CLIs available.
+- **deep**: Full setup with local three-CLI review dispatched through MMR
+  (Codex, Gemini, Claude), scaffold wrappers adding the Superpowers
+  code-reviewer as a complementary 4th channel, review-standards.md,
+  AGENTS.md, and comprehensive CLAUDE.md workflow covering PR and non-PR
+  targets. Falls back to external bot review if no CLIs available.
 - **mvp**: Step is disabled. Local self-review from git-workflow suffices.
 - **custom:depth(1-5)**:
   - Depth 1: disabled — local self-review from git-workflow suffices.
   - Depth 2: disabled — same as depth 1.
-  - Depth 3: basic review-standards.md + single-CLI review (whichever CLI is available).
-  - Depth 4: add dual-model review when both CLIs available, AGENTS.md with project-specific rules.
-  - Depth 5: full suite with dual-model review, legacy Actions cleanup, and comprehensive CLAUDE.md workflow integration.
+  - Depth 3: basic review-standards.md + MMR dispatch using whichever CLIs are available (graceful compensating Claude passes for missing Codex or Gemini channels; if Claude CLI itself is unavailable, the review proceeds with the remaining channels — no compensating pass for missing Claude).
+  - Depth 4: three-CLI review via MMR when all CLIs available, plus AGENTS.md with project-specific rules and the Superpowers 4th channel on wrapper invocations.
+  - Depth 5: full suite — three-CLI + Superpowers review, legacy GitHub Actions cleanup, comprehensive CLAUDE.md workflow integration covering PR and non-PR targets.
 
 ## Conditional Evaluation
 Enable when: project uses GitHub for version control, team size > 1 or CI/CD is
@@ -74,10 +89,14 @@ Check if AGENTS.md exists first. If it exists, check for scaffold tracking comme
   script customizations
 - **Triggers for update**: coding-standards.md changed (new review criteria),
   tdd-standards.md changed (coverage expectations), new external reviewer
-  CLI became available, git-workflow.md changed PR workflow steps
+  CLI became available, git-workflow.md changed PR workflow steps, review
+  scope expanded beyond PRs (e.g., MMR now supports staged / diff / branch
+  / file targets)
 - **Conflict resolution**: if review criteria changed in coding-standards.md,
-  update AGENTS.md review rules to match; if both CLI reviewers are now
-  available, offer to enable dual-model review
+  update AGENTS.md review rules to match; if additional CLI reviewers have
+  become available, offer to enable the full three-CLI MMR flow (Codex,
+  Gemini, Claude) and, on wrapper invocations, surface Superpowers
+  code-reviewer as the complementary 4th channel
 
 ## Instructions
 
@@ -99,7 +118,7 @@ Add this to `.claude/settings.json`:
         "hooks": [
           {
             "type": "command",
-            "command": "if echo \"$CC_BASH_COMMAND\" | grep -q 'gh pr create'; then echo '\\n⚠️  MANDATORY: Run all 3 code review channels before proceeding to the next task:\\n\\n  1. Codex CLI:\\n     Auth: codex login status 2>/dev/null\\n     Run:  codex exec --skip-git-repo-check -s read-only --ephemeral \"REVIEW_PROMPT\" 2>/dev/null\\n\\n  2. Gemini CLI:\\n     Auth: NO_BROWSER=true gemini -p \"respond with ok\" -o json 2>&1\\n     Run:  NO_BROWSER=true gemini -p \"REVIEW_PROMPT\" --output-format json --approval-mode yolo 2>/dev/null\\n\\n  3. Superpowers code-reviewer:\\n     Dispatch superpowers:code-reviewer subagent with BASE_SHA and HEAD_SHA\\n\\nIf auth fails: tell user to run ! codex login or ! gemini -p \"hello\"\\nFix all P0/P1/P2 findings before moving on. Do NOT skip any channel.\\nFull instructions: scaffold run review-pr'; fi"
+            "command": "if echo \"$CC_BASH_COMMAND\" | grep -q 'gh pr create'; then echo '\\n⚠️  MANDATORY: Run all 3 CLI review channels plus the Superpowers 4th channel before proceeding to the next task:\\n\\n  1. Codex CLI:\\n     Auth: codex login status 2>/dev/null\\n     Run:  codex exec --skip-git-repo-check -s read-only --ephemeral \"REVIEW_PROMPT\" 2>/dev/null\\n\\n  2. Gemini CLI:\\n     Auth: NO_BROWSER=true gemini -p \"respond with ok\" -o json 2>&1\\n     Run:  NO_BROWSER=true gemini -p \"REVIEW_PROMPT\" --output-format json --approval-mode yolo 2>/dev/null\\n\\n  3. Claude CLI:\\n     Auth: claude -p \"respond with ok\" 2>/dev/null\\n     Run:  claude -p \"REVIEW_PROMPT\" --output-format json 2>/dev/null\\n\\n  4. Superpowers code-reviewer (complementary 4th channel):\\n     Dispatch superpowers:code-reviewer subagent with BASE_SHA and HEAD_SHA\\n\\nIf auth fails: tell user to run ! codex login, ! gemini -p \"hello\", or ! claude login (as applicable).\\nDo not silently skip channels — surface auth failures and let MMR decide: missing Codex/Gemini get compensating Claude passes (degraded-pass verdict); missing Claude proceeds without compensation.\\nFix all P0/P1/P2 findings before moving on.\\nFull instructions: scaffold run review-pr'; fi"
           }
         ]
       }
@@ -120,21 +139,54 @@ the actual CLI invocations ensures the agent can execute reviews even if the
 
 ### Add Review Workflow to CLAUDE.md
 
-Add the following to the project's CLAUDE.md in the Code Review section:
+Add the following to the project's CLAUDE.md in the Code Review section. Wrap
+the managed section in the `<!-- scaffold:automated-pr-review:claude-md -->`
+markers shown below so Update Mode can idempotently rewrite this block without
+duplicating it on re-run. If a prior version of the block exists **without**
+markers, replace it in place and add the markers.
 
 ```markdown
 ## Code Review
 
-After creating a PR, run `/scaffold:review-pr <PR#>` to execute all three review
-channels (Codex CLI, Gemini CLI, Superpowers code-reviewer). Fix P0/P1/P2 findings
-before moving to the next task. A post-hook on `gh pr create` will remind you.
-
-| Command | Purpose |
-|---------|---------|
-| `/scaffold:review-pr <PR#>` | Run all 3 review channels on a PR |
-| `scripts/cli-pr-review.sh <PR#>` | Run dual-model CLI review only |
+<!-- scaffold:automated-pr-review:claude-md start -->
+**Mandatory after `gh pr create`** — run `/scaffold:review-pr <PR#>` to execute
+all three review channels (Codex CLI, Gemini CLI, Claude CLI), plus the
+Superpowers code-reviewer agent as a complementary 4th channel. Fix P0/P1/P2
+findings before moving to the next task. A post-hook on `gh pr create` will
+remind you.
+
+**Optional but supported** for non-PR targets — the review is not PR-gated.
+Direct `mmr review` runs the three CLI channels (Codex, Gemini, Claude) on
+any diff or file. `scaffold run review-code` adds the Superpowers
+code-reviewer agent as a complementary 4th channel on top of those three
+CLIs for the local pre-commit review path.
+
+| When | Command |
+|------|---------|
+| After creating a PR | `/scaffold:review-pr <PR#>` |
+| Before commit / push (tracked local code: committed + staged + unstaged) | `scaffold run review-code` |
+| Pending edits to a tracked file (changes since HEAD) | `git diff HEAD -- <path> \| mmr review --diff - --sync --format json` |
+| Current contents of any file (tracked-with-no-changes, untracked, or brand-new) | `(diff -u /dev/null <path> \|\| true) \| mmr review --diff - --sync --format json` |
+| Branch diff | `mmr review --base <ref> --head <ref> --sync --format json` |
+| Staged changes only | `mmr review --staged --sync --format json` |
+| All tracked uncommitted changes (staged + unstaged, no untracked) | `git diff HEAD \| mmr review --diff - --sync --format json` |
+| Existing patch or diff file | `mmr review --diff <path.patch> --sync --format json` |
+| Dual-model CLI only (no reconciliation) | `scripts/cli-pr-review.sh <PR#>` |
+
+Note: `mmr review --diff` expects diff-format content; use the `git diff …`
+or `(diff -u /dev/null … || true)` wrappers shown above to review plain
+files. The `|| true` guard on `diff` is required because `diff` exits with
+status 1 whenever files differ, which breaks pipelines under `pipefail`.
+<!-- scaffold:automated-pr-review:claude-md end -->
 ```
 
+**Idempotency note:** In Update Mode, find the `<!-- scaffold:automated-pr-review:claude-md start -->`
+and `<!-- scaffold:automated-pr-review:claude-md end -->` markers and replace
+everything between them with the current version of the block above. If the
+markers are missing (pre-marker versions), locate the prior block by its
+"After creating a PR, run `/scaffold:review-pr`" lead-in and replace it in
+place, adding the markers around the new content. Never append a second copy.
+
 ### Configure AGENTS.md, Review Standards, and CLI Scripts
 
 Follow the existing instructions for creating AGENTS.md, docs/review-standards.md,

package/content/skills/mmr/SKILL.md

@@ -14,10 +14,38 @@ Dispatch code reviews to multiple AI model CLIs, poll for results, and collect r
 
 ## Quick Reference
 
+`mmr review` works for any review target — not just PRs. Pick the input mode
+that matches what you want reviewed:
+
 ```bash
-# Dispatch a review for a PR
+# GitHub PR (fetches diff via `gh pr diff`)
 mmr review --pr <number> --focus "description of what to focus on"
 
+# Staged git changes (pre-commit review)
+mmr review --staged --focus "..."
+
+# All tracked uncommitted changes (staged + unstaged) — excludes untracked
+# files; use `scaffold run review-code` for full-worktree coverage
+git diff HEAD | mmr review --diff - --focus "..."
+
+# Branch diff / ref range
+mmr review --base main --head <branch> --focus "..."
+
+# Changes to a specific tracked file since HEAD (pending edits only).
+# If the file has no local changes this pipeline sends an empty diff
+# and MMR will refuse with "no diff content"; use the next form instead
+# to review the file's current contents regardless of git state.
+git diff HEAD -- path/to/file.md | mmr review --diff - --focus "..."
+
+# A file's current contents, regardless of git state (tracked-with-no-
+# changes, untracked, or brand-new). Synthesizes an "all added" diff.
+# `|| true` is required: diff exits 1 whenever files differ, which breaks
+# pipelines under `set -o pipefail`.
+(diff -u /dev/null path/to/file.md || true) | mmr review --diff - --focus "..."
+
+# Existing patch or diff file
+mmr review --diff path/to/changes.patch --focus "..."
+
 # Check progress
 mmr status <job-id>
 
@@ -28,7 +56,20 @@ mmr results <job-id>
 mmr config test
 ```
 
-## After Creating a PR
+All input modes accept `--focus`, `--sync`, `--format`, and `--fix-threshold`
+the same way. The "3-channel review" is not PR-specific — it reviews whatever
+diff you point it at.
+
+**`--diff` contract:** the flag expects diff-format content (a path to a
+`.patch`/`.diff` file, or `-` for stdin). It does not read raw document
+content — wrap the target in a diff first (see the `git diff …` and
+`(diff -u /dev/null … || true)` patterns above). The `|| true` guard is
+required because `diff` exits 1 whenever files differ, which breaks
+pipelines under `set -o pipefail`.
+
+## Common Workflows
+
+**After creating a PR**
 
 1. Run `mmr review --pr <number>`
 2. Note the job ID from the output
@@ -38,6 +79,35 @@ mmr config test
 6. If gate failed: fix findings at or above the threshold severity
 7. If gate passed: proceed to merge
 
+**Reviewing a document or arbitrary file**
+
+Pick the case that matches what the user wants reviewed:
+
+- **Just the pending edits** to a tracked file (what changed since last
+  commit): `git diff HEAD -- path/to/doc.md | mmr review --diff -
+  --focus "..."`. Fails with "no diff content" if the file has no
+  local changes.
+- **The file's current contents**, whether it's tracked-with-no-
+  changes, untracked, or brand-new: wrap as a synthetic "all added"
+  diff first: `(diff -u /dev/null path/to/doc.md || true) |
+  mmr review --diff - --focus "..."`. The `|| true` guard avoids
+  `diff`'s exit-1-on-differences breaking the pipeline under
+  `set -o pipefail`.
+
+Same dispatch / status / results flow as above.
+
+**Reviewing uncommitted work before push**
+
+1. `git add` the files you want reviewed
+2. Run `mmr review --staged`
+3. Fix findings at or above the gate threshold, re-stage, re-run as needed
+
+Prefer the wrapper tools (`scaffold run review-pr`, `scaffold run review-code`)
+when they cover your target — they add auth checks, compensating passes, and
+the agent-review channel on top of `mmr review`. Call `mmr review` directly
+for targets the wrappers don't cover (docs, arbitrary diffs, ref ranges
+outside `main`).
+
 ## Auth Failures
 
 If `mmr review` reports auth failures, follow the recovery instructions in the output: