fix(skill): ban untracked deferrals in /review skill

[carlos-alm]

Summary

• Adds step 2e item 5: if a reviewer comment fix is genuinely out of scope, the skill must create a GitHub issue (follow-up label) before replying — the reply must include the issue link
• Adds "Never defer without tracking" rule to the Rules section, explicitly banning "acknowledged as follow-up" / "noted for later" replies without a tracked issue

Problem: On PR #558, the /review skill replied "Acknowledged — noted as follow-up" to 3 Greptile comments but never tracked them anywhere. They exist only as buried PR comment replies that nobody will revisit.

Test plan

• Read updated SKILL.md and confirm no path allows deferring without issue creation
• Run /review on a PR with an out-of-scope comment and verify it creates an issue before replying

[claude]

Claude finished @carlos-alm's task —— View job

---

PR Review Complete

Reviewing PR #568: fix(skill): ban untracked deferrals in /review skill

Todo List

• Read and analyze the changed files
• Apply Phase 1: Root Cause Analysis
• Apply Phase 2: Configuration Change Detection
• Apply Phase 3: Test Integrity Check
• Apply Phase 4: Code Quality Review
• Apply Phase 5: Backlog Compliance Assessment
• Provide final rating and recommendation

---

Root Cause Analysis

Problem Being Solved: The /review skill was replying with "Acknowledged — noted as follow-up" to reviewer comments but never creating tracking issues. These deferrals exist only as buried PR comment replies that nobody revisits.

Why This Approach: Excellent approach. Instead of hiding the symptom, this PR prevents the root cause by:

1. Adding explicit step 2e.5 requiring GitHub issue creation before deferring any comment
2. Adding a "Never defer without tracking" rule that explicitly bans untracked acknowledgements
3. Providing concrete bash snippets for creating issues with proper metadata and labels

Risk Assessment: Very low risk. This is pure documentation/process improvement with no code changes.

Configuration Change Detection (Phase 2) ✅

No configuration changes detected. This PR only modifies skill documentation.

Test Integrity (Phase 3) ✅

No test modifications. The changes are documentation-only, focused on process improvement.

Code Quality (Phase 4) ✅

Documentation Quality: High quality changes:

• Clear, actionable bash snippets for issue creation with proper templating
• Explicit rules prevent ambiguous cases
• Good integration with existing workflow (steps 2e.5 and 2e.6)
• Consistent with existing skill documentation style

Specific improvements at /review/SKILL.md:123-145:

• Provides concrete gh issue create template with proper metadata
• Links deferred issues back to original PR comments for traceability
• Includes follow-up label for proper categorization
• Clear reply format: "Out of scope for this PR — tracked in #"

Backlog Compliance (Phase 5)

Zero-dep: ✅ — No new runtime dependencies added

Foundation-aligned: ✅ — Fully aligned with all principles:

• Improves systematic code review process (P8: quality tools)
• No cloud dependencies or agent behavior
• Enhances existing CLI skill without breaking APIs

Problem-fit: 4/5 — Indirectly helps AI agents by ensuring reviewer feedback gets properly tracked and addressed. When review comments are systematically captured as issues, future AI assistance can find and reference them instead of re-discovering the same problems.

Breaking: No — Pure documentation addition, no API or behavior changes

Tier: 1 (zero-dep ✓ + foundation-aligned ✓)

Critical Concerns

None. This is a well-executed process improvement that directly addresses a real tracking problem.

Additional Notes

Positive aspects:

• Problem evidence: PR description cites specific case (PR feat: type analysis modules, parser WASM maps, extract canStripTypes (#554 follow-up) #558) where 3 comments were lost
• Scope appropriate: Adds 4 new skill docs alongside the core fix, establishing better skill documentation coverage
• Concrete solution: Not just rules, but specific commands and templates to execute the fix

Minor observation: The 4 new skill files (bench-check, deps-audit, housekeep, test-health) appear to be part of broader skill documentation efforts rather than core to this specific fix, but they're valuable additions for skill completeness.

Final Recommendation

• Rating: ⭐⭐⭐⭐☆ (4/5)
• Action: APPROVE
• Reasoning: This PR directly solves a real process problem with a systematic solution. The documentation is clear, actionable, and prevents future tracking failures. The approach of forcing issue creation before deferring ensures accountability and prevents lost feedback. No technical risks and fully aligned with project principles.

The only reason this isn't 5 stars is that it's primarily a process fix rather than a functional enhancement, but it's exactly the right solution for the problem being addressed.

[greptile-apps]

Greptile Summary

This PR closes the "silent deferral" gap exposed on PR #558, where the /review skill replied "Acknowledged — noted as follow-up" to three Greptile comments without creating any tracking artefact. It does so in two ways: (1) extending step 2e with a mandatory gh issue create flow (label guard, captured issue URL → number, per-comment-type permalink and reply endpoint) before any out-of-scope reply is posted, and (2) adding a Never defer without tracking rule to the Rules section. The PR also restructures Step 2 from sequential per-PR processing to a parallel subagent model (isolation: "worktree") that eliminates cross-PR contamination without manual git stash gymnastics.

Key changes:

• gh label create "follow-up" ... 2>/dev/null || true guard ensures the label always exists before gh issue create
• issue_url=$(gh issue create ...) + grep -oE '[0-9]+$' captures the number for the reply template
• Reply and issue-body URL templates branch on comment type (inline review / top-level review body / issue-style), consistent with step 6
• <<-'EOF' with tab-indented content and terminator fixes the heredoc that would have hung on literal execution
• Step 2 becomes a parallel subagent orchestrator; step 2i defines a structured return format for the main agent's summary table
• Emoji (👍 ✅ 🎉) replaced with text descriptions in the Greptile re-trigger check for safer rendering across environments

One gap found: The new step 2i subagent result format has no Issues Created field. When a subagent opens a follow-up issue via step 2e, that issue number is silently dropped before reaching the Step 3 summary table — re-introducing the "deferred items get lost" problem at the orchestrator level.

Confidence Score: 4/5

• Safe to merge — all prior review comments are resolved and the core fix is correct; one minor omission in the subagent result schema is worth addressing but is not a blocker.
• Every issue raised in the previous review round (missing --repo flag, heredoc EOF indentation, label-existence guard, issue-number capture, per-comment-type URL and reply-endpoint branching) has been correctly addressed. The parallel subagent restructuring is sound. The only remaining gap is the Issues Created field missing from the step 2i result format, which is a P2 improvement rather than a regression.
• .claude/skills/review/SKILL.md — specifically the step 2i result schema and the Step 3 summary table header, which should be updated to surface follow-up issues created by subagents.

Important Files Changed

Filename

Overview

.claude/skills/review/SKILL.md

Two intertwined changes: (1) core deferral-tracking fix — step 2e item 5 now mandates a GitHub issue with label guard, captured issue number, correct per-comment-type permalink and reply endpoint; (2) sequential-to-parallel subagent restructuring. All prior review comments are addressed. One gap: the new step 2i result format has no Issues Created field, so follow-up issues opened by subagents are invisible to the orchestrator's summary table.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    S0["Step 0\n/worktree (main session)"] --> S1["Step 1\nDiscover open PRs\ngh pr list"]
    S1 --> S2["Step 2\nLaunch one subagent per PR\n(all in parallel, isolation: worktree)"]

    S2 --> A1["Subagent A\nPR #N"]
    S2 --> A2["Subagent B\nPR #M"]
    S2 --> A3["Subagent …\nPR #…"]

    A1 --> PA["2a. gh pr checkout\n2b. Resolve conflicts\n2c. Check CI\n2d. Gather comments"]
    A2 --> PA
    A3 --> PA

    PA --> PE{"2e. Each comment"}
    PE -->|"Fix possible"| FIX["Make the fix\n→ reply 'Fixed'"]
    PE -->|"Genuinely out of scope"| DEFER["gh label create follow-up\ngh issue create --label follow-up\ncapture issue_url → issue_number\nreply 'tracked in #issue_number'"]
    PE -->|"Disagree"| DISAGREE["Do NOT fix silently\n→ reply explaining why"]

    FIX --> PF["2f. Commit & push fixes"]
    DEFER --> PF
    DISAGREE --> PF

    PF --> PG["2g. Re-trigger reviewers\n(Greptile + Claude if applicable)"]
    PG --> PH{"2h. New comments?\n(max 3 rounds)"}
    PH -->|"Yes"| PE
    PH -->|"No / limit reached"| PI["2i. Return structured result\nConflicts · CI · Comments Addressed\n⚠️ Issues Created not in schema"]

    PI --> S3["Step 3 (main agent)\nCollect all results\nOutput summary table"]

Loading

_{Reviews (7): Last reviewed commit: "fix(skill): capture gh issue create outp..." | Re-trigger Greptile}

[greptile-apps]

Missing --repo flag on gh issue create

gh issue create here has no --repo optave/codegraph flag. Elsewhere in this same skill, gh pr list uses --repo optave/codegraph (Step 1) and every gh api call is hardcoded to repos/optave/codegraph/.... Without the flag, gh infers the repo from the current git remote — which is correct in normal operation, but fragile if the skill is ever invoked outside a clean checkout or if the working directory is inside a nested worktree that has a different remote.

To be consistent with the rest of the skill and make this robust:

Suggested change

	gh issue create \
	--title "follow-up: <concise description of what needs to be done>" \
	--body "$(cat <<'EOF'
	Deferred from PR #<number> review.
	**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>
	**Context:** <why this is out of scope for the current PR and what the fix entails>
	EOF
	)" \
	--label "follow-up"
	```
	gh issue create \
	--repo optave/codegraph \
	--title "follow-up: <concise description of what needs to be done>" \
	--body "$(cat <<'EOF'
	Deferred from PR #<number> review.
	**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>
	**Context:** <why this is out of scope for the current PR and what the fix entails>
	EOF
	)" \
	--label "follow-up"

[carlos-alm]

Fixed — added --repo optave/codegraph to the gh issue create command.

[greptile-apps]

Reply endpoint only covers inline comments

The template reply in step 5 hardcodes the pulls/<number>/comments/<comment-id>/replies endpoint, which is only valid for inline PR review comments (those returned by GET /pulls/{pull_number}/comments). Greptile and Claude also leave top-level review body comments (returned by GET /pulls/{pull_number}/reviews) and issue-style comments (returned by GET /issues/{number}/comments), both of which require a different endpoint.

If the out-of-scope comment is a top-level review body, calling pulls/<number>/comments/<comment-id>/replies will fail with a 404 or create a misplaced reply. Step 6 already distinguishes the three cases for the regular-fix reply — step 5 should do the same:

Then reply to the reviewer comment using the correct endpoint for the comment type:
- Inline PR review comment → gh api repos/optave/codegraph/pulls/<number>/comments/<comment-id>/replies -f body="Out of scope for this PR — tracked in #<issue-number>"
- Top-level review body → gh api repos/optave/codegraph/issues/<number>/comments -f body="Out of scope for this PR — tracked in #<issue-number>"
- Issue-style comment → gh api repos/optave/codegraph/issues/<number>/comments -f body="Out of scope for this PR — tracked in #<issue-number>"

[carlos-alm]

Fixed — step 5 now distinguishes all three reply endpoints (inline review comments, top-level review bodies, issue-style comments), matching the same pattern as step 6.

[greptile-apps]

No guidance on when "genuinely out of scope" applies

The new step 5 introduces a binary: either fix the comment (steps 3–4) or create an issue (step 5). The term "genuinely out of scope" is left undefined, which means a future run of the skill may be overly liberal in deferring (creating noise issues for minor comments) or overly conservative (trying to fix things it shouldn't).

Consider adding a short parenthetical or a note clarifying the bar, e.g.:

"Genuinely out of scope" means the fix touches a different module not in this PR's diff, requires an architectural decision outside this PR's mandate, or would introduce unrelated risk. Fixing a variable name, adding a missing null check, or updating a comment in a file that is already part of this PR's diff is not out of scope — address it directly."

This mirrors how the "Flag scope creep" rule in the Rules section gives concrete examples to anchor the judgment call.

[carlos-alm]

Fixed — added explicit guidance: out of scope means the fix touches a different module not in the PR's diff, requires an architectural decision beyond the PR's mandate, or would introduce unrelated risk. Fixing a variable name, null check, or string in a file already in the diff is NOT out of scope.

[carlos-alm]

@greptileai

[greptile-apps]

--label will fail if "follow-up" label doesn't exist

gh issue create --label "follow-up" exits with a non-zero status if the label doesn't yet exist in the repository. If this runs on a freshly-cloned repo or one where the label was never created, the entire gh issue create command will fail — and the skill will have neither created the issue nor replied to the reviewer, silently defeating the very goal of this change.

Consider guarding with a label-creation step or using || true on the label lookup:

# Ensure the follow-up label exists (safe to re-run)
gh label create "follow-up" --color "0e8a16" --description "Deferred from PR review" --repo optave/codegraph 2>/dev/null || true
gh issue create \
  --repo optave/codegraph \
  --title "follow-up: <concise description of what needs to be done>" \
  --body "$(cat <<'EOF'
Deferred from PR #<number> review.

**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>

**Context:** <why this is out of scope for the current PR and what the fix entails>
EOF
)" \
  --label "follow-up"

[carlos-alm]

Fixed — added a gh label create guard step before gh issue create that ensures the "follow-up" label exists. The guard is safe to re-run (stderr suppressed, || true).

[carlos-alm]

Re: scope concern — this PR is stacked on #565 (feat/maintenance-skills). The 4 new skill files and roadmap changes are from the parent branch and will disappear from this PR's diff once #565 merges. The only changes specific to this PR are the two commits modifying .claude/skills/review/SKILL.md.

[carlos-alm]

@greptileai

[greptile-apps]

Heredoc EOF terminator is indented — will break literal execution

The EOF closing delimiter on line 139 ( EOF) is indented by 3 spaces inside the list-item code block. In bash, <<'EOF' requires the terminator to sit at column 0 — leading spaces are not stripped. If Claude (or a developer) copies and runs this block verbatim, the heredoc will never close and the command will hang or fail.

Use <<-'EOF' (note the -) with a tab-indented terminator, or move the EOF to column 0 within the fenced block:

Suggested change

	--body "$(cat <<'EOF'
	Deferred from PR #<number> review.
	**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>
	**Context:** <why this is out of scope for the current PR and what the fix entails>
	EOF
	)" \
	--body "$(cat <<'EOF'
	Deferred from PR #<number> review.
	**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>
	**Context:** <why this is out of scope for the current PR and what the fix entails>
	EOF
	)" \

[carlos-alm]

Fixed — switched to <<-'EOF' with tab-indented terminator so the heredoc closes correctly when copied from the markdown list context.

[carlos-alm]

@greptileai

[greptile-apps]

Scope creep — unrelated files bundled into a single-concern PR

This PR is titled fix(skill): ban untracked deferrals in /review skill, but it bundles four entirely new skill files and a substantial roadmap update that are unrelated to that fix:

• .claude/skills/bench-check/SKILL.md (271 new lines — new skill)
• .claude/skills/deps-audit/SKILL.md (186 new lines — new skill)
• .claude/skills/housekeep/SKILL.md (241 new lines — new skill)
• .claude/skills/test-health/SKILL.md (261 new lines — new skill)
• docs/roadmap/ROADMAP.md (91 insertions / 55 deletions — phase status updates)

Of the 1,084 total insertions, roughly 959 (~88%) belong to these unrelated files. CLAUDE.md is explicit: "One PR = one concern. Each pull request should address a single feature, fix, or refactor. Do not pile unrelated changes into an existing PR — open a new branch and PR instead."

The four new skill files and the roadmap update should be split into their own PR(s) before this is merged.

Context Used: CLAUDE.md (source)

[carlos-alm]

This PR is stacked on #565 (feat/maintenance-skills). The 4 skill files and roadmap changes are from the parent branch and will disappear from this PR's diff once #565 merges. The actual diff for this PR is just the review SKILL.md changes.

[greptile-apps]

Phase 5 deliverables silently dropped

The Phase 5 row in the overview table previously listed supply-chain security and CI coverage gates as key deliverables. Both are removed here without explanation:

-| TypeScript Migration | ... test migration, supply-chain security, CI coverage gates | In Progress (2 of 7) |
+| TypeScript Migration | ... test migration | In Progress (76 of 283) |

Neither item appears in the updated Phase 5 detailed section either. Were these sub-phases intentionally deprioritized or moved to a later phase? If so, it's worth a brief note in the Phase 5 section so future readers understand why they were dropped.

[carlos-alm]

Intentionally moved, not dropped. Supply-chain security and CI coverage gates were relocated to Phase 9 (see sections 9.1 and 9.2 in the updated ROADMAP.md) since they are independent of the TypeScript migration itself. Phase 5 now focuses purely on the .js-to-.ts file migration.

[carlos-alm]

@greptileai

[greptile-apps]

Issue body URL anchor hardcoded to inline-comment format

The issue body template always uses #discussion_r<comment-id>, which is the correct anchor for inline PR review comments. However, step 5 already distinguishes three comment types for the reply endpoint. The issue body's permalink should match the comment type:

• Inline PR review comment → https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>
• Top-level review body → https://github.com/optave/codegraph/pull/<number>#pullrequestreview-<review-id>
• Issue-style comment → https://github.com/optave/codegraph/issues/<number>#issuecomment-<comment-id>

Using #discussion_r<comment-id> for a top-level review body or issue-style comment will still link to the PR page, but the anchor will not resolve to the specific comment — making it harder for the future issue assignee to find the original context.

Consider varying the URL template based on comment type, consistent with how step 5 and step 6 already branch on comment type for the reply endpoint.

[carlos-alm]

Fixed — the issue body URL template now varies by comment type: inline review comments use #discussion_r, top-level review bodies use #pullrequestreview-, and issue-style comments use #issuecomment-. This matches the same three-way branching already used in step 5 and step 6 for reply endpoints.

[carlos-alm]

@greptileai

[greptile-apps]

Issue number not captured before use in reply

gh issue create is run without capturing its output, yet #<issue-number> is referenced immediately afterwards in both reply templates. gh issue create prints the new issue's URL (e.g. https://github.com/optave/codegraph/issues/123) to stdout — Claude would need to parse that to get the number. Since the instructions don't make this explicit, a literal reading leaves a gap between the creation and the reply step.

Consider capturing the output and extracting the number explicitly:

# Create a tracking issue for the deferred item
issue_url=$(gh issue create \
  --repo optave/codegraph \
  --title "follow-up: <concise description of what needs to be done>" \
  --body "$(cat <<-'EOF'
	Deferred from PR #<number> review.

	**Original reviewer comment:** https://github.com/optave/codegraph/pull/<number>#discussion_r<comment-id>

	**Context:** <why this is out of scope for the current PR and what the fix entails>
	EOF
  )" \
  --label "follow-up")
issue_number=$(echo "$issue_url" | grep -oE '[0-9]+$')

Then use $issue_number in the reply body. This removes any ambiguity for the agent running these instructions.

[carlos-alm]

Fixed — \ output is now captured into , and the number is extracted with . Reply templates use \ instead of the ambiguous placeholder.

[carlos-alm]

@greptileai

[greptile-apps]

Subagent result format doesn't surface created follow-up issues

Step 2i's structured result format has no field for "Issues Created". When a subagent defers an out-of-scope comment via step 2e item 5, it creates a GitHub issue — but that issue number/URL is invisible to the main orchestrator and will never appear in the final summary table.

In practice this means a human reading the Step 3 table cannot tell which PRs had follow-up issues opened, or what those issues were. The same problem this PR was designed to fix (deferred items getting lost) could resurface at the summary level.

Consider adding an Issues Created field:

Suggested change

	### 2i. Return result
	At the end of processing, the subagent MUST return a structured result with these fields so the main agent can build the summary table:
	```
	PR: #<number>
	Branch: <branch-name>
	Conflicts: resolved | none
	CI: green | red | pending
	Comments Addressed: <count>
	Reviewers Re-triggered: <list>
	Status: ready | needs-work | needs-human-review | skipped
	Notes: <any issues encountered>
	```
	### 2i. Return result
	At the end of processing, the subagent MUST return a structured result with these fields so the main agent can build the summary table:

PR: #
Branch:
Conflicts: resolved | none
CI: green | red | pending
Comments Addressed:
Issues Created: <comma-separated list of # follow-up issues, or "none">
Reviewers Re-triggered:
Status: ready | needs-work | needs-human-review | skipped
Notes:

And update the Step 3 table header to include an Issues column so the main agent surfaces them in the final report.