v3.17.0 — code-review skill enrichment batch + /doubt (code-review 0.2.0)
What's new
code-review 0.1.0 → 0.2.0 — six new primitives:
/simplifycommand — Chesterton's Fence (state why code exists before removing it) + Rule of 500 (500-line function/file as signal, not hard gate). 3-row rationalization table. How-to →security-reviewskill — three-tier boundary threat modeling: Tier 1 LLM API (prompt injection), Tier 2 Persistence (durable writes), Tier 3 System execution (shell/lateral movement). Required output:VULNERABILITY file:line [Tier N — name]orNO ISSUES FOUNDtier-by-tier.testing-strategyskill — Beyonce Rule + DAMP over DRY + Prove-It Pattern. Required output:MISSING-TEST description:behaviororCOVERAGE ADEQUATEwith explicit Beyonce Rule audit.security-auditoragent — Security Engineer sub-agent; works all three boundary tiers; prose-only output rejected.test-engineeragent — QA Specialist sub-agent; applies Beyonce Rule, Prove-It, DAMP assessment; prose-only output rejected./doubtcommand — in-flight adversarial decision review. CLAIM→EXTRACT→DOUBT→RECONCILE→STOP loop. CLAIM never reaches the reviewer. Hard 3-cycle cap; doubt theater escalates immediately. How-to →
Fixes
- Output token alignment in
security-reviewSKILL.md:[Tier N]→[Tier N — <tier name>]to matchsecurity-auditoroutput contract (found by adversarial/review).
Internal
code-reviewversion0.1.0 → 0.2.0;skills/subdir introduced undersrc/code-review/.- CI green: Linux ✓ Mac ✓ Windows ✓
- 10 commits including two integrated worker plans.