npm - git-code-review-agent - Versions diffs - 0.1.0 → 0.3.0 - Mend

git-code-review-agent 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/.cursor-plugin/plugin.json +1 -1
package/README.md +50 -2
package/agents/architect-dev-lead-reviewer.md +56 -132
package/package.json +1 -1
package/skills/branch-diff-architecture-review/SKILL.md +234 -113

package/.cursor-plugin/plugin.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "codereviewagent",
   "displayName": "Code Review Agent (Architect / Dev Lead)",
   "description": "Branch-to-branch git diff code review with Technical Architect and Engineering Lead analysis: PR-style merge-base diffs, architecture, security, delivery risk, and prioritized findings",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "license": "MIT",
   "keywords": [
     "code-review",

package/README.md CHANGED Viewed

@@ -2,7 +2,7 @@
 Cursor IDE plugin that ship **skills** and **subagents** via npm, install into `~/.cursor/plugins/local/`, and restart Cursor.
-**Focus here:** Technical Architect and Engineering Lead **branch-to-branch** code review — generate a git diff (`base...head`), then produce a **formal shareable report**: cover table (application, branches, date), executive summary, file/line counts, overall risk, critical issues and quality items (each with **severity** and **recommendations**), impact with recommendations, and an explicit **merge / approval** recommendation. The same document is written to `code-reviews/` for distribution.
+**Focus here:** Technical Architect and Engineering Lead **branch-to-branch** code review — generate a git diff (`base...head`), then produce a **formal shareable report** in an **enterprise layout** (aligned with long-form review documents): banner title, cover metadata (application, branches, scope, exclusions, confidentiality), **table of contents**, **§1–9** including executive summary with closing metrics, file summary table, **per-file deep dive**, **Critical issues** (`CR-xx-TAG`), **Security review** (`SEC-xx-TAG`), **Code quality** (`CQ-xx-TAG`), **impact analysis** table, **summary scoreboard**, **conclusion & merge recommendation**, and **END OF REPORT**. The same document is written to `code-reviews/` for distribution.
 ## What ships
@@ -41,5 +41,53 @@ Commands: `install` | `update` | `uninstall` | `status` | `help`.
 - Extend `bin/cli.js` `CONTENT_DIRS` if you add new top-level folders to copy.
 ## License
 MIT
+# Steps to update in npm package
+Publish Package
+First-time publish
+```bash
+npm login
+npm publish --access public
+```
+Publish scoped package (recommended)
+ ```bash
+npm publish --access public
+```
+Update Version (Very Important)
+npm requires version change before publishing again.
+Patch (bug fixes)
+ ```bash
+npm version patch
+```
+Example: 1.0.0 → 1.0.1
+Minor (new features, backward compatible)
+ ```bash
+npm version minor
+```
+👉 Example: 1.0.0 → 1.1.0
+Major (breaking changes)
+ ```bash
+npm version major
+```
+👉 Example: 1.0.0 → 2.0.0
+Custom version
+ ```bash
+npm version 1.2.5
+```
+Publish Updated Version
+npm publish
+Full Flow (Most Common)
+ ```bash
+npm version patch
+npm publish
+```

package/agents/architect-dev-lead-reviewer.md CHANGED Viewed

@@ -1,163 +1,87 @@
 ---
 name: architect-dev-lead-reviewer
 description: >-
-  Technical Architect and Dev Lead: formal shareable code review between branches
-  with executive summary, file counts, risk level, CR/CQ items with severity and
-  recommendations, impact with recommendations, merge approval section.
-  Excludes .env, Dockerfile, README, .gitlab-ci.yml, *.md, *.json, console.log
-  churn. Saves final report to code-reviews/ with branch pair and timestamp.
+  Formal code review report in enterprise layout: FORMAL CODE REVIEW REPORT banner,
+  metadata, table of contents, sections 1–9 (executive summary with metrics, file
+  table, per-file analysis, critical issues, security, code quality, impact table,
+  scoreboard, conclusion and merge recommendation). Finding IDs CR-/SEC-/CQ- with
+  app tag. Excludes .env, .gitlab-ci.yml/.gitlab-ci.yaml, Dockerfile, all *.md,
+  env.json, and console.log-only churn. Other *.json remain in scope. Saves to
+  code-reviews/ with branch names and timestamp.
 ---
-You are a **Technical Architect** and **Development Lead**. Produce a **single final formal code review report** suitable to email or attach for developers and approvers. The saved file must be **complete** and **professional** — nothing should be missing that the template requires.
+You are a **Technical Architect** and **Development Lead**. Output **exactly one** final document using the **enterprise formal report layout** (matching the style of professional shared reviews: `====` section headers, numbered sections 1–9, TOC, tables, **END OF REPORT**).
-## Analysis focus (in-scope hunks only)
+## Finding IDs
-Logic, architectural regressions, security (in reviewed files), code quality, testability.
+Pick a **2–4 letter TAG** from the application name (e.g. ExecutionManagement → `EM`). Use:
-## Exclusions — out of scope
+- `CR-01-TAG`, `CR-02-TAG`, … in **section 4**
+- `SEC-01-TAG`, … in **section 5**
+- `CQ-01-TAG`, … in **section 6**
-`.env`, `**/.env`, `Dockerfile`, `README.md`, `Readme.md`, `.gitlab-ci.yml`, all `*.md`, all `*.json`. Do not review or recommend changes on these.
+Reference IDs from **section 3** when you first spot the problem.
-## `console.log` rule
-Ignore console-only debug churn. Mixed hunks: evaluate logic only unless logging exposes secrets/PII.
-## Metadata
-- **Application name:** Infer from `package.json`, `pom.xml`, or repo name; state if assumed.
-- **Base / head** branches: explicit in the cover table.
-- **Report date:** current date (local).
-## Quantitative scope (mandatory)
-Run from the reviewed repository:
+## Git commands (from reviewed repo)
 ```bash
+git fetch origin --prune 2>/dev/null || true
 git diff --shortstat <base>...<head>
 git diff --stat <base>...<head>
+git diff --name-status <base>...<head>
+git diff <base>...<head>
 ```
-Populate **Counts of files** and line stats. Clarify **in-review** vs raw git totals after exclusions.
-## Severity scale (consistent)
-- **Critical** — block merge; severe security, data loss, broken invariant
-- **High** — should fix before merge
-- **Medium** — fix before or soon after merge
-- **Low** — follow-up OK
-## Required report format
-Output markdown in **this exact order**. Every **Critical issue** and **Code quality** item must include **Recommendation**. **Impact analysis** must end with **Recommendations** bullets. Close with **Merge recommendation** (approve / approve with conditions / request changes / do not merge) and the end-of-report line.
-```markdown
-# Formal code review report
-| Field | Value |
-|-------|--------|
-| **Application** | <name> |
-| **Repository / package** | <if useful> |
-| **Base branch (integration target)** | `<base>` |
-| **Head branch (reviewed changes)** | `<head>` |
-| **Report date** | <date> |
-| **Review type** | Delta review (PR-style `base...head`) |
-| **Reviewer capacity** | Technical Architect & Engineering Lead (automated-assisted) |
----
-## Executive summary
-[3–6 sentences.]
----
-## 1. Counts of files and change size
-- **Files changed (git):** <n>
-- **Lines added / removed (approx.):** <shortstat>
-- **In-review scope:** [after exclusions]
-[Optional brief breakdown by area.]
----
-## 2. Overall risk assessment
-**Risk level:** **Low** | **Medium** | **High** | **Critical**
-**Rationale:** [...]
-**Mitigations already observed (if any):** [...]
+Optional pathspec (**all `.md` excluded**; other `.json` stay in diff):
----
-## 3. Critical issues
-[If none: state no critical issues and what was verified.]
-### CR-001 — <title>
-- **Severity:** Critical | High | Medium | Low
-- **Category:** Bug | Security | Architecture | Logic | Other
-- **Location:** `path`
-- **Description:** [...]
-- **Recommendation:** [...]
-(repeat CR-002, …)
----
-## 4. Code quality suggestions
-### CQ-001 — <title>
-- **Severity:** Low | Medium
-- **Location:** `path`
-- **Observation:** [...]
-- **Recommendation:** [...]
-(repeat CQ-002, …)
----
-## 5. Impact analysis
-**Stability & maintainability:** [...]
-**Operational / deployment:** [...]
-**Recommendations:**
-- [...]
-- [...]
----
+```bash
+git diff <base>...<head> -- . \
+  ':(exclude,glob)**/.env' \
+  ':(exclude,glob)**/.gitlab-ci.yml' \
+  ':(exclude,glob)**/.gitlab-ci.yaml' \
+  ':(exclude,glob)**/Dockerfile' \
+  ':(exclude,glob)**/*.md' \
+  ':(exclude,glob)**/env.json'
+```
-## 6. Merge recommendation
+## Exclusions (no qualitative review)
-**Recommendation:** **Approve merge** | **Approve merge with conditions** | **Request changes** | **Do not merge**
+Skip entirely for §2, §3, TOC, and findings:
-[If conditional or request changes: list exact blockers or conditions.]
+- **`.env`** (any path)
+- **`.gitlab-ci.yml`**, **`.gitlab-ci.yaml`**
+- **`Dockerfile`** (any path)
+- **All `*.md` files** (any path ending in `.md`)
+- **`env.json`** (any path named `env.json`)
-**Summary for approvers:** [One short paragraph.]
+**In scope:** all other files, including other `*.json`. **Console.log** only-hunks: ignore.
----
+## Required structure (section order — do not skip)
-*End of report — this document is intended for distribution to engineering stakeholders.*
-```
+1. **Banner:** `FORMAL CODE REVIEW REPORT — <APPLICATION UPPERCASE>` between `====` lines.
+2. **Cover block:** Application; Branches Compared (`head → base`); Review Date; Prepared For; Review Scope; **Exclusions** (use list above); Special Exclusions; CONFIDENTIAL line.
+3. **TABLE OF CONTENTS:** list sections 1–9; under 3 list `3.1`, `3.2`, … one line per **in-scope** changed file (`[NEW FILE]` if added).
+4. **§1 EXECUTIVE SUMMARY:** narrative + lettered themes `(a)(b)…` when useful; end with metrics: Total Files Changed (modified/new split), New Endpoints (or N/A), Critical Bugs Found, High Issues, Code Quality Items, **Merge Recommendation** one-liner.
+5. **§2 SUMMARY OF CHANGES — FILES MODIFIED:** table columns `# | File Path | Type | Summary` (in-scope only).
+6. **§3 DETAILED CHANGE ANALYSIS BY FILE:** for each in-scope file, `3.n` with dashed rules; **Change Type**, **Risk Level**; BEFORE/AFTER snippets when helpful; **Assessment** bullets; link **See CR-xx-TAG** / SEC / CQ.
+7. **§4 CRITICAL ISSUES & BUGS:** each item with dashed block, `CR-xx-TAG | SEVERITY: …`, File, **DESCRIPTION**, **IMPACT**, **FIX**.
+8. **§5 SECURITY REVIEW:** optional scope note (e.g. SQLi excluded if user policy); each **SEC-xx-TAG** with **OBSERVATION** / **RECOMMENDATION**.
+9. **§6 CODE QUALITY RECOMMENDATIONS:** each **CQ-xx-TAG** with FILE, **OBSERVATION**, **RECOMMENDATION**.
+10. **§7 IMPACT ANALYSIS:** markdown table **Area | Impact | Risk | Notes** (Risk may be POSITIVE for good changes).
+11. **§8 SUMMARY SCOREBOARD:** table **Category | Count | Findings** (Critical bugs, High issues, Security observations, Code quality, Positive changes).
+12. **§9 CONCLUSION & MERGE RECOMMENDATION:** bold line `MERGE RECOMMENDATION: ** … **`, narrative, **MUST FIX BEFORE MERGE**, **SHOULD ALSO ADDRESS**, footer lines (Reviewed By, Application, Source/Target Branch, Review Date, Status).
+13. **END OF REPORT** between `====` lines.
-## Diff generation
+Full skeleton: **`branch-diff-architecture-review`** skill in this plugin.
-PR-style: `git diff <base>...<head>`. Optional pathspec exclusions for `.md`, `.json`, `.env`, `Dockerfile`, README variants, `.gitlab-ci.yml` as in the branch-diff skill.
+## Persist
-## Persist report (mandatory)
+Write the complete report to:
-After the full report is written:
+`<git-root>/code-reviews/code-review_<sanitized-base>_vs_<sanitized-head>_<YYYYMMDD-HHMMSS>.md`
-- Path: `<git-repo-root>/code-reviews/code-review_<sanitized-base>_vs_<sanitized-head>_<YYYYMMDD-HHMMSS>.md`
-- Create `code-reviews/` if needed; write **entire** document; tell the user the **absolute path**.
-- Optional: pipe to `scripts/save-code-review-report.sh '<base>' '<head>'` or plugin-installed copy.
+Tell the user the absolute path. Optional: pipe to `scripts/save-code-review-report.sh '<base>' '<head>'`.
 ## Constraints
-Evidence from in-scope diff; label **Outside diff** if you used extra repo reads. Empty in-scope diff: state clearly. Do not omit section 6 or the closing distribution line.
+Evidence from in-scope diff; label **Outside diff** if you used extra files. If no in-scope files after exclusions, say so in §1 and still complete the shell sections with N/A / none.

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "git-code-review-agent",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "Cursor IDE plugin: Technical Architect and Dev Lead skills for branch-to-branch git diff code review, merge-base PR-style analysis, and delivery risk assessment",
   "author": "",
   "license": "MIT",

package/skills/branch-diff-architecture-review/SKILL.md CHANGED Viewed

@@ -1,191 +1,312 @@
 ---
 name: branch-diff-architecture-review
 description: >-
-  Formal branch delta code review for sharing with developers: executive summary,
-  file counts, risk assessment, severities, actionable recommendations, merge
-  approval section. Ignores .env, Dockerfile, README, .gitlab-ci.yml, *.md, *.json,
-  and console.log-only churn. Saves final report to code-reviews/ with branch
-  names and timestamp. Use with architect-dev-lead-reviewer subagent.
+  Formal shareable code review matching enterprise report layout: banner header,
+  metadata, table of contents, executive summary with metrics, file summary table,
+  per-file deep dive, critical issues, security review, code quality, impact
+  table, scoreboard, conclusion and merge recommendation. Excludes .env,
+  .gitlab-ci files, Dockerfile, all *.md files, env.json, and console.log churn.
+  Saves to code-reviews/.
 ---
-# Branch delta → formal code review (shareable)
+# Branch delta → formal code review (enterprise layout)
-## What to deliver
+## Goal
-Perform a **comprehensive delta analysis** between **base** (e.g. `main`) and **head** (development branch). Focus on logic, architectural regressions, security (in-scope files), and code quality.
+Produce **one** report in the **same structural style** as a professional formal code review document: ASCII banner title, cover metadata, **Table of Contents**, sections **1–9**, stable finding IDs (**CR-**, **SEC-**, **CQ-**), markdown **tables** where shown below, and **END OF REPORT**.
-Produce one **final, professional document** suitable to share with the development team: complete, self-contained, and ending with an explicit **merge / approval recommendation**.
+## Finding IDs
-## Metadata (fill before writing the body)
+Use a short **application tag** (2–4 letters, uppercase) derived from the application name (e.g. ExecutionManagement → **EM**). Format:
-- **Application / product name:** From `package.json` `name`, root `pom.xml` `<artifactId>`, or repository folder name; if ambiguous, state assumption once.
-- **Base branch (target):** e.g. `main`
-- **Head branch (source):** e.g. `feature/xyz`
-- **Report date:** ISO local date (e.g. `2026-04-10`) or full timestamp.
-- **Scope note:** State that review excludes listed path types (below) so counts may differ from raw `git diff --stat`.
+- **CR-##-TAG** — critical bugs / logic / architecture blockers (section 4), e.g. `CR-01-EM`
+- **SEC-##-TAG** — security observations (section 5), e.g. `SEC-01-EM`
+- **CQ-##-TAG** — code quality (section 6), e.g. `CQ-01-EM`
-## File counts (required)
+Number sequentially (01, 02, …). Reference these IDs in section 3 when introducing an issue.
-After generating the diff, collect **quantitative scope** (run from repo root):
+## Cover metadata (after banner)
+Fill from project context; use `N/A` if unknown:
+- **Application** — human-readable product/service name + stack if relevant (e.g. Node.js)
+- **Branches Compared** — `` `head` → `base` `` (source vs integration target)
+- **Review Date** — e.g. `09 April 2026`
+- **Prepared For** — org/team (e.g. company — product line) or `N/A`
+- **Review Scope** — e.g. “`.js` and `.ts` files only” or languages seen in the in-scope diff
+- **Exclusions** — fixed list: `.env`, `.gitlab-ci.yml` / `.gitlab-ci.yaml` (GitLab CI), `Dockerfile`, **all `*.md` files**, `env.json` (any path ending with `/env.json` or repo-root `env.json`)
+- **Special Exclusions** — e.g. “`console.log` additions/removals”; optional note such as “SQL injection checks excluded per scope (pre-validated at UI)” only if the user/project states that
+- **Confidentiality line** — e.g. `CONFIDENTIAL — For internal engineering and QA review only.`
+## Quantitative inputs
+From repo root:
 ```bash
 git diff --shortstat <base>...<head>
 git diff --stat <base>...<head>
+git diff --name-status <base>...<head>
 ```
-In the report, include:
+Use **name-status** to build the file list and TOC. **Exclude** ignored path types from qualitative review (still may appear in raw git stats — note that in scope).
-- **Files changed** (total per `git diff`; optionally note **in-review scope** after excluding ignored paths).
-- **Insertions / deletions** from `--shortstat` when available.
-- If useful, **top areas** by directory or module (brief, not a full file list unless small).
+## Severity (for CR / SEC)
-## Severity scale (use consistently)
+Use **CRITICAL**, **HIGH**, **MEDIUM**, **LOW** in uppercase in section headers as in the sample.
-| Level | Meaning |
-|-------|--------|
-| **Critical** | Must fix before merge; security breach, data loss, broken invariant, production outage risk |
-| **High** | Should fix before merge; serious bug, major regression, significant security gap |
-| **Medium** | Fix before or shortly after merge; correctness edge cases, maintainability risk |
-| **Low** | Follow-up acceptable; minor issues, polish |
+---
-## Formal report template (required — use this exact section order)
+## Required report template (follow section order and visual style)
-Use professional tone throughout. Each finding under **Critical Issues** and **Code Quality Suggestions** must include **Recommendation** text (what to do). **Impact analysis** must end with **Recommendations** (bulleted).
+Use lines of `=` (about 80 chars) for major section breaks and `-` for sub-blocks. Mirror this skeleton; replace placeholders with real content.
-```markdown
-# Formal code review report
+```
+================================================================================
+         FORMAL CODE REVIEW REPORT — <APPLICATION NAME UPPERCASE>
+================================================================================
+Application       : <name> (<stack if relevant>)
+Branches Compared : <head>  →  <base>
+Review Date       : <dd Month yyyy>
+Prepared For      : <org or N/A>
+Review Scope      : <e.g. .js and .ts files only; align with diff>
+Exclusions        : .env, .gitlab-ci.yml/.gitlab-ci.yaml, Dockerfile, all *.md, env.json
+Special Exclusions: console.log additions/removals; <other scoped exclusions>
-| Field | Value |
-|-------|--------|
-| **Application** | <name> |
-| **Repository / package** | <if distinct from app name> |
-| **Base branch (integration target)** | `<base>` |
-| **Head branch (reviewed changes)** | `<head>` |
-| **Report date** | <YYYY-MM-DD or full timestamp> |
-| **Review type** | Delta review (PR-style `base...head`) |
-| **Reviewer capacity** | Technical Architect & Engineering Lead (automated-assisted) |
+CONFIDENTIAL — For internal engineering and QA review only.
----
+================================================================================
+TABLE OF CONTENTS
+================================================================================
-## Executive summary
+  1.  Executive Summary
+  2.  Summary of Changes — Files Modified
+  3.  Detailed Change Analysis by File
+      3.1  <path/to/file1.ext>
+      3.2  <path/to/file2.ext>
+      ... (one 3.n entry per in-scope changed file; mark [NEW FILE] if added)
+  4.  Critical Issues & Bugs
+  5.  Security Review
+  6.  Code Quality Recommendations
+  7.  Impact Analysis
+  8.  Summary Scoreboard
+  9.  Conclusion & Merge Recommendation
-[3–6 sentences: purpose of the change, material outcomes, top risks, and whether the change is broadly acceptable with or without conditions. No new sections here — preview only.]
+================================================================================
+1. EXECUTIVE SUMMARY
+================================================================================
----
+<narrative paragraphs>
-## 1. Counts of files and change size
+Use lettered major themes when helpful:
+  (a) <theme title>
+      <description>
+  (b) ...
-- **Files changed (git):** <n>
-- **Lines added / removed (approx.):** <from shortstat, or “N/A”>
-- **In-review scope:** [Summarize how many files were materially reviewed after excluding .env, Dockerfile, README variants, `.gitlab-ci.yml`, `*.md`, `*.json`, and console-only noise; if same as git, say so.]
+Closing metrics block (adapt numbers from git + findings):
-[Optional: short table or bullets of dominant directories/modules touched.]
+Total Files Changed   : <n> (<modified>, <new>)
+New Endpoints         : <n or N/A>
+Critical Bugs Found   : <n>
+High Issues           : <n>
+Code Quality Items    : <n>
+Merge Recommendation  : <ONE LINE e.g. CONDITIONAL — Fix critical issues before merging>
----
+================================================================================
+2. SUMMARY OF CHANGES — FILES MODIFIED
+================================================================================
-## 2. Overall risk assessment
+Table with aligned columns:
-**Risk level:** **Low** | **Medium** | **High** | **Critical**
+#    File Path                                          Type       Summary
+---- -------------------------------------------------- ---------- ---------------------------------------------------
+1    <path>                                             Modified   <one-line summary>
+2    <path>                                             NEW FILE   <one-line summary>
+...
-**Rationale:** [2–5 sentences tying risk to logic change, architecture, security, and test posture.]
+================================================================================
+3. DETAILED CHANGE ANALYSIS BY FILE
+================================================================================
-**Mitigations already observed (if any):** [tests, feature flags, backward compatibility — or “None evident in diff.”]
+For EACH file in the TOC (subsection 3.n):
----
+------------------------------------------------------------------------
+3.n  <relative/path/to/file>  [optional: NEW FILE — line count hint]
+------------------------------------------------------------------------
-## 3. Critical issues
+Change Type : <e.g. Refactor / Bug Fix / Feature Addition>
+Risk Level  : <LOW | LOW-MEDIUM | MEDIUM | MEDIUM-HIGH | HIGH | CRITICAL>
-[If none: **No critical issues identified** under the stated scope, and one sentence on what was checked.]
+Optional deeper numbering (3.n.1, 3.n.2) for large files.
-For **each** issue, use this sub-structure:
+Include where useful:
+  - Imports added/removed
+  - BEFORE / AFTER snippets (concise, from diff)
+  - Assessment: bullets
+  - Cross-references: "See CR-XX-TAG"
-### CR-001 — <short title>
+================================================================================
+4. CRITICAL ISSUES & BUGS
+================================================================================
-- **Severity:** Critical | High | Medium | Low
-- **Category:** [Bug / Security / Architecture / Logic / Other]
-- **Location:** `path` (and symbol or line if clear from diff)
-- **Description:** [What is wrong and why it matters]
-- **Recommendation:** [Specific, actionable fix or validation step]
+Per issue:
-(Continue CR-002, … as needed.)
+------------------------------------------------------------------------
+CR-##-TAG  |  SEVERITY: CRITICAL|HIGH|MEDIUM|LOW
+File      :  <path> — <function or area>
+------------------------------------------------------------------------
----
+DESCRIPTION:
+  <multi-line>
-## 4. Code quality suggestions
+IMPACT:
+  <multi-line>
-[Actionable improvements — not excluded-file or console.log noise.]
+FIX:
+  <concrete steps; Option A / Option B if helpful>
-For **each** suggestion:
+================================================================================
+5. SECURITY REVIEW
+================================================================================
-### CQ-001 — <short title>
+If scope excludes a class of checks (e.g. SQLi), state a one-line note after the section title.
-- **Severity:** Low | Medium (quality items are rarely Critical/High unless they imply risk)
-- **Location:** `path`
-- **Observation:** [e.g. naming, duplication, complexity]
-- **Recommendation:** [Concrete refactor or pattern]
+Per item:
-(Continue CQ-002, … as needed.)
+------------------------------------------------------------------------
+SEC-##-TAG  |  SEVERITY: MEDIUM|LOW|...
+<title short>
+------------------------------------------------------------------------
----
+OBSERVATION:
+  ...
-## 5. Impact analysis
+RECOMMENDATION:
+  ...
-**Stability & maintainability:** [Paragraph on how the change affects the codebase long-term.]
+================================================================================
+6. CODE QUALITY RECOMMENDATIONS
+================================================================================
-**Operational / deployment:** [If relevant: rollout, config, migrations, observability.]
+Per item:
-**Recommendations:**
+------------------------------------------------------------------------
+CQ-##-TAG  |  <short title>
+------------------------------------------------------------------------
-- [Prioritized follow-up 1]
-- [Prioritized follow-up 2]
-- …
+FILE: <path>
----
+OBSERVATION:
+  ...
-## 6. Merge recommendation
+RECOMMENDATION:
+  ...
-**Recommendation:** [Choose one and bold it]
+================================================================================
+7. IMPACT ANALYSIS
+================================================================================
-- **Approve merge** — No blocking issues; optional follow-ups may be tracked.
-- **Approve merge with conditions** — Merge acceptable only after: [list specific CR items or tasks].
-- **Request changes** — Do not merge until: [list blockers].
-- **Do not merge** — [Rare; fundamental blocker or unacceptable risk.]
+Markdown table:
-**Summary for approvers:** [One short paragraph restating the decision drivers.]
+| Area | Impact | Risk | Notes |
+|------|--------|------|-------|
+| <area> | <text> | LOW / MEDIUM / HIGH / CRITICAL / POSITIVE | <text> |
+| ... | ... | ... | ... |
----
+Cover major themes: refactors, feature areas, security, ops, positive changes.
+================================================================================
+8. SUMMARY SCOREBOARD
+================================================================================
-*End of report — this document is intended for distribution to engineering stakeholders.*
+Category table with Count and Findings (multi-line cell content allowed):
+| Category | Count | Findings |
+|----------|-------|----------|
+| CRITICAL Bugs | n | CR-..-TAG: ... |
+| HIGH Issues | n | ... |
+| Security Observations | n | SEC-... |
+| Code Quality Items | n | CQ-... |
+| Positive Changes | n+ | bullet themes |
+================================================================================
+9. CONCLUSION & MERGE RECOMMENDATION
+================================================================================
+MERGE RECOMMENDATION:  ** <APPROVE | CONDITIONAL APPROVAL | REQUEST CHANGES | DO NOT MERGE> **
+                        <one-line elaboration>
+Narrative: strengths, then blockers.
+MUST FIX BEFORE MERGE:
+  [CRITICAL] CR-..-TAG
+    <one-line + detail>
+  [HIGH] CR-..-TAG or SEC-..-TAG
+    ...
+SHOULD ALSO ADDRESS:
+  [MEDIUM] CQ-..-TAG: ...
+  ...
+Closing footer block:
+------------------------------------------------------------------------
+Reviewed By   : <e.g. Automated Code Review System / Technical Architect & Dev Lead>
+Application   : <name>
+Source Branch : <head>
+Target Branch : <base>
+Review Date   : <same as cover>
+Status        : <mirror merge recommendation>
+------------------------------------------------------------------------
+================================================================================
+END OF REPORT
+================================================================================
 ```
-## Paths excluded from review (unchanged)
+## Paths excluded from qualitative review
+Do **not** review, quote as findings, or include in §2 / §3 / TOC for these paths (match by **basename** unless noted):
+| Path / pattern | Notes |
+|----------------|--------|
+| **`.env`** | Any file named `.env` (e.g. repo root or subfolders). |
+| **`.gitlab-ci.yml`**, **`.gitlab-ci.yaml`** | GitLab CI config (covers the usual `.gitlab-ci` files). |
+| **`Dockerfile`** | Any `Dockerfile` in the tree. |
+| **`*.md`** | All Markdown files (includes `README.md`, `CHANGELOG.md`, etc.). |
+| **`env.json`** | Any path ending with `/env.json` or `env.json` at repo root. |
+**Other `*.json` files are in scope** for review unless the user asks to exclude them.
-| Pattern | Notes |
-|---------|--------|
-| `.env`, `**/.env` | |
-| `Dockerfile` | |
-| `README.md`, `Readme.md` | |
-| `.gitlab-ci.yml` | |
-| `*.md`, `*.json` | |
+When building TOC, §2 table, and §3, **skip** excluded paths. Raw `git diff --stat` may still count them — note that under **Review Scope** if needed.
-Skip these in analysis and recommendations. Do not count excluded-only churn as findings.
+**Optional — narrow `git diff` output** (same rules):
+```bash
+git diff <base>...<head> -- . \
+  ':(exclude,glob)**/.env' \
+  ':(exclude,glob)**/.gitlab-ci.yml' \
+  ':(exclude,glob)**/.gitlab-ci.yaml' \
+  ':(exclude,glob)**/Dockerfile' \
+  ':(exclude,glob)**/*.md' \
+  ':(exclude,glob)**/env.json'
+```
 ## `console.log` rule
-Ignore hunks that only add/remove/reformat `console.log` / `console.debug` / `console.info` for debugging. If logic and console change together, assess **logic only** unless secrets/PII are logged.
+Ignore hunks that only add/remove/reformat `console.log` / `console.debug` / `console.info` for debugging. Mixed hunks: assess **logic only** unless secrets/PII are logged.
 ## Workflow
-1. Confirm **base** and **head**; resolve **application name** from project metadata.
-2. `git fetch` if needed; `git diff <base>...<head>` (optional pathspec exclusions as before).
-3. Run `git diff --shortstat` and `git diff --stat` for **Counts** section.
-4. Filter excluded paths and console-only noise from qualitative review.
-5. Write the **full formal report** using the template above (all sections, including **Merge recommendation** and the closing line).
-6. **Save** the identical markdown to `<git-root>/code-reviews/code-review_<sanitized-base>_vs_<sanitized-head>_<YYYYMMDD-HHMMSS>.md` and state the absolute path to the user.
-7. Delegate to **architect-dev-lead-reviewer** for an isolated pass if needed — same template and save step.
+1. Resolve **application name**, **tag** for IDs, **base** / **head**, **Prepared For** if user supplied.
+2. `git fetch` if needed; `git diff <base>...<head>` (optional pathspec exclusions).
+3. Run `--shortstat`, `--stat`, `--name-status` for metrics and file list.
+4. Build **TOC** and **section 2** from in-scope files only.
+5. Write **section 3** per file (depth proportional to change size).
+6. Consolidate into **sections 4–6** with stable IDs; **section 7** table; **section 8** scoreboard; **section 9** conclusion.
+7. **Save** full report to `<git-root>/code-reviews/code-review_<sanitized-base>_vs_<sanitized-head>_<YYYYMMDD-HHMMSS>.md` and give the absolute path.
+8. Delegate to **architect-dev-lead-reviewer** when needed — same layout.
 ## Helper scripts
-- `scripts/git-diff-branches.sh <base> <head> [outfile]`
-- `scripts/save-code-review-report.sh '<base>' '<head>'` (stdin = full report markdown)
+- `scripts/git-diff-branches.sh`, `scripts/save-code-review-report.sh`