Stats
Actions
Tags
From decaf-review
Walk through code review findings interactively, addressing each issue. Use "auto" for autonomous fixing with TDD.
How this skill is triggered — by the user, by Claude, or both
Slash command
/decaf-review:handle-crThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Iterate through code review findings, presenting each issue and resolving it.
Iterate through code review findings, presenting each issue and resolving it.
Two modes:
auto argument): Ask clarifying questions upfront, then autonomously fix or skip each finding using best judgment. Prefers TDD when test infrastructure is available.YOU MUST FOLLOW THESE RULES:
MANDATORY STOP: You MUST use AskUserQuestion to present each finding and wait for the user's choice BEFORE taking ANY action. Do NOT implement fixes autonomously.
ONE AT A TIME: Process findings ONE AT A TIME. Never batch multiple findings together. Never present more than one finding per response.
NO AUTONOMOUS FIXES: Never implement a fix without explicit user approval via AskUserQuestion response.
UPFRONT QUESTIONS ONLY: Ask ALL clarifying questions together in a single interaction BEFORE beginning the fix loop. After the user confirms, do NOT stop to ask — proceed autonomously through every finding.
BEST-EFFORT DECISIONS: For each finding, decide whether and how to fix it based on the Auto Mode Decision Criteria. Apply fixes or skip findings without waiting for user input.
PREFER TDD: When the project has test infrastructure (test framework configured, existing test files), use the TDD workflow (Red → Green → Refactor) for TDD-eligible findings. Fall back to direct fix when TDD is not feasible.
PROGRESS REPORTING: Show a brief one-line status after each finding is processed. Do NOT present full finding details — just the finding number, title, and action taken.
STOP ON FAILURE: If a fix fails to compile or breaks existing tests, revert the change, record the finding as skipped (with reason), and continue to the next finding. Do NOT stop to ask the user.
.code-reviews/.handle-cr-state.json. Update this file after each finding is processed. This enables recovery after context compaction.Parse $ARGUMENTS to determine mode, severity filter, and code review file:
Mode (positional, optional):
auto — autonomous mode: ask questions upfront, then fix/skip without stoppingSeverity filter (positional, optional):
high — only Critical + High findingsmedium — Critical + High + Medium findingsall (default) — all findingsFile (remaining argument, optional):
.code-reviews/CODE_REVIEW_*.md fileExamples: auto, auto high, high, auto medium myreview.md, all myreview.md
If $ARGUMENTS specifies a file:
Otherwise, find the latest review:
ls .code-reviews/CODE_REVIEW_*.md 2>/dev/null | sort -r | head -1
If no code review file exists, inform the user:
No code review found. Run
/decaf-review:code-reviewfirst to generate one.
Read the code review file and extract all findings. Findings are identified by headers matching the pattern:
### #N 🔴|🟠|🟡|🟢 Severity: Title
Build a list of findings with:
Filter by severity: Apply the severity filter from arguments. Remove findings below the threshold:
high: Keep only Critical and Highmedium: Keep Critical, High, and Mediumall: Keep everythingIdentify similar issues: Group findings that share the same underlying pattern (e.g., "missing null check", "missing empty collection guard", "undocumented parameter"). Track these groups to enable batch fixing.
When in auto mode, detect whether the project has test infrastructure:
*.test.*, *.spec.*, *_test.*, *Tests.*, or directories named tests, __tests__, testjest.config.*, pytest.ini, pyproject.toml (with pytest section), *.csproj (with test SDK), go.mod (with testing), Cargo.toml (with dev-dependencies), etc.dotnet test, go test ./..., npm test, pytest, cargo test)Record in state:
{
"testInfra": {
"available": true|false,
"framework": "xunit|jest|pytest|go-test|...",
"testCommand": "dotnet test|npm test|..."
}
}
Check if .code-reviews/.handle-cr-state.json exists:
Show the user the overall summary:
## Code Review: [filename]
| Severity | Count |
|----------|-------|
| 🔴 Critical | X |
| 🟠 High | X |
| 🟡 Medium | X |
| 🟢 Low | X |
**Total findings:** N
I'll walk you through each finding ONE AT A TIME. For each one, choose an action:
- **Apply Fix**, Fix (TDD), Fix All Similar
- **Skip**, Dismiss (false positive), Defer (create work item)
Show the summary AND the planned action for every finding, then ask for confirmation.
4a. Build the action plan. For each finding, apply the Auto Mode Decision Criteria to determine the planned action: Fix (TDD), Fix, Fix All Similar, Defer, or Skip.
4b. Present the plan:
## Code Review: [filename] — Auto Mode
| Severity | Count |
|----------|-------|
| 🔴 Critical | X |
| 🟠 High | X |
| 🟡 Medium | X |
| 🟢 Low | X |
**Total findings:** N | **Test infrastructure:** [Yes (framework) | No]
### Planned Actions
| # | Severity | Title | File | Planned Action | Reason |
|---|----------|-------|------|----------------|--------|
| 1 | 🔴 Critical | Null ref in handler | Foo.cs:42 | Fix (TDD) | Behavioral bug, tests available |
| 2 | 🟠 High | SQL injection | Bar.cs:17 | Fix | Security, no test seam |
| 3 | 🟡 Medium | Extract shared logic | Baz.cs:99 | Defer | Requires design decision on abstraction |
| 4 | 🟡 Medium | Rename method | Qux.cs:12 | Skip | Naming/cosmetic |
| ... | ... | ... | ... | ... | ... |
### Questions
[List any findings that need user input — e.g., findings with multiple fix options where the agent can't confidently choose. For each, state the finding number, the options, and what the agent recommends.]
If no questions: "No ambiguous findings — ready to proceed."
4c. Ask for confirmation:
AskUserQuestion with:
- question: "Review the plan above. Should I proceed, or do you want to adjust any items? (You can say things like '#3 fix instead of skip' or 'skip all Low')"
- header: "Auto Mode Plan"
⚠️ STOP HERE AND WAIT FOR USER RESPONSE.
4d. Process user response:
Write initial state to .code-reviews/.handle-cr-state.json:
{
"mode": "interactive|auto",
"reviewFile": ".code-reviews/CODE_REVIEW_xxx.md",
"totalFindings": N,
"currentIndex": 0,
"processed": [],
"actions": { "fixed": 0, "fixedTdd": 0, "fixedBatch": 0, "skipped": 0, "dismissed": 0, "deferred": 0 },
"similarGroups": { "pattern-name": [1, 3, 7] },
"deferSystem": null,
"testInfra": { "available": false },
"plannedActions": { "1": "fixTdd", "2": "fix", "3": "defer", "4": "skip" }
}
For each finding, starting with the highest severity:
5a. Present the finding:
## Finding #N of M: [Severity Icon] [Title]
**File:** `path/to/file.cs:line`
**Category:** category
**Found by:** agent1, agent2
**Confidence:** XX/100
### Issue
[Issue description]
### Suggested Fix
[Fix description and code snippet if applicable]
5b. MANDATORY: Present options and wait for user choice.
Build the full list of fix and skip options first, then decide how to present them.
Available fix options (built dynamically):
| Option | Condition | Description |
|---|---|---|
| "Apply Fix" | Always present | Implement the suggested fix |
| "Apply Fix (TDD)" | Testable behavioral bug AND not a test file | Write failing test first, then fix |
| "Fix All Similar" | Other unprocessed findings share same pattern | Fix this and N other similar issues |
| "Fix All Similar (TDD)" | Both TDD and batch conditions met | TDD workflow for all similar issues |
TDD eligibility:
test, spec, or is in tests/__tests__ directory)If the suggested fix has multiple distinct options (e.g., "Option 1: ... or Option 2: ..."), replace the single "Apply Fix" option with "Apply Fix (Option 1)", "Apply Fix (Option 2)", etc.
Available skip options (always 3):
| Option | Description |
|---|---|
| "Skip" | Move to next finding, no tracking |
| "Dismiss" | Mark as false positive |
| "Defer" | Create a work item for later |
Presentation rule — flatten when possible:
AskUserQuestion supports max 4 options. Count the total options (fix options + skip options). If the total is <= 4, present them all in a single AskUserQuestion:
AskUserQuestion with:
- question: "How would you like to handle this finding?"
- header: "Action"
- options: [all fix options + all skip options, max 4]
If the total is > 4, use a two-step flow:
Step 1 — top-level choice:
AskUserQuestion with:
- question: "How would you like to handle this finding?"
- header: "Action"
- options:
- label: "Fix...", description: "Address this finding (more options)"
- label: "Skip...", description: "Don't fix this now (more options)"
⚠️ STOP HERE AND WAIT FOR USER RESPONSE.
Step 2 — follow-up based on choice:
If user chose "Fix...":
AskUserQuestion with:
- question: "Which fix approach?"
- header: "Fix type"
- options: [dynamically built fix options list]
If user chose "Skip...":
AskUserQuestion with:
- question: "How should this finding be tracked?"
- header: "Skip type"
- options:
- label: "Skip", description: "Move to next finding, no tracking"
- label: "Dismiss", description: "Mark as false positive"
- label: "Defer", description: "Create a work item for later"
⚠️ STOP HERE AND WAIT FOR USER RESPONSE.
5c. Handle the final response (both modes use these action implementations):
→ Jump to Action Implementations.
5d. Update state file after each action:
{
"currentIndex": N,
"processed": [..., { "finding": N, "action": "fixed|fixedTdd|fixedBatch|skipped|dismissed|deferred|other" }],
"actions": { "fixed": X, "fixedTdd": Y, "fixedBatch": Z, "skipped": W, "dismissed": D, "deferred": F }
}
For dismissed findings, include reason: { "finding": N, "action": "dismissed", "reason": "..." }
For deferred findings, include work item reference: { "finding": N, "action": "deferred", "workItem": "..." }
For batch fixes, add entries for all affected findings to the processed array.
5e. Show progress:
✅ Finding #N addressed. (X of M remaining)
5f. Return to 5a for next finding. Do NOT batch - present one finding, wait, process, repeat.
After the user confirms the plan in Step 4, iterate through all findings automatically:
For each finding, starting with the highest severity:
deferSystem, create a follow-up work item with finding details, severity, and deferral reason.testCommand (if available) or verify compilation after each fix. If verification fails:
"fix failed: [error summary]"✅ #N [Title] — [action taken] | 📋 #N [Title] — deferred: [work item ref] | ❌ #N [Title] — skipped: [reason]
These implementations are shared by both modes.
"dismissed". In auto mode, include the dismissal reason from the decision criteria.deferSystem is null in state file, ask the user which system to use via AskUserQuestion. Store the choice in state file under "deferSystem".deferSystem from state file.When all findings are processed or the user stops:
## Review Session Complete
| Action | Count |
|--------|-------|
| Fixed | X |
| Fixed (TDD) | X |
| Fixed (Batch) | X |
| Skipped | X |
| Dismissed | X |
| Deferred | X |
### Changes Made
- [List of files modified and what was done]
### Remaining Issues
- [List of skipped or unprocessed findings, if any]
- [Deferred items with their work item references]
### Dismissed Findings
- [List of false positives with reasons, if any]
### Agent Summary
[Copy the Agent Summary table from the code review file verbatim]
Delete .code-reviews/.handle-cr-state.json when complete.
Ask whether to delete the code review file that was just processed:
AskUserQuestion with:
- question: "Delete the code review file ([filename])?"
- header: "Clean up"
- options:
- label: "Yes", description: "Delete the review file"
- label: "No", description: "Keep the review file"
If the user chooses "Yes", delete the code review file.
If any fixes were applied during the session:
AskUserQuestion with:
- question: "Run a quick code review on the modified files to verify fixes?"
- header: "Re-review"
- options:
- label: "Yes", description: "Run /decaf-review:code-review quick on modified files"
- label: "No", description: "Done for now"
If the user chooses "Yes", invoke /decaf-review:code-review quick <modified-files>.
Use these rules to decide the planned action for each finding in auto mode.
Create a follow-up work item in the project's issue tracker (using the same deferSystem logic as interactive mode). Include the finding details, severity, and why it was deferred.
| Severity | Default Action | Override |
|---|---|---|
| 🔴 Critical | Always fix | — |
| 🟠 High | Always fix | Skip if confidence < 50 |
| 🟡 Medium | Fix if confidence >= 70 | Skip if cosmetic/subjective |
| 🟢 Low | Skip | Fix if trivial (unused imports, etc.) |
.code-reviews/.handle-cr-state.json to resume:shortcode: syntax like :yellow_circle:npx claudepluginhub alphaleonis/decaf-claude-config --plugin decaf-reviewIterative code review loop that runs multiple rounds of review and auto-fixes, using /deep-review for safe inline fixes and /big-plan for larger changes. Deferred findings can become GitHub issues.
Automates the candid-review fix-review cycle, applying fixes and re-running reviews until no issues remain. Supports auto, review-each, and interactive modes with configurable max iterations and ignored issues.
Reviews implementation code for bugs, security issues, and quality problems. Creates FIX tasks for blocking issues before merge.