code-review guardrails

[mxriverlynn]

Summary

This PR recalibrates /code-review so its first pass produces consistently scoped, non-inflated output, eliminating the manual reclassification step users had been running to get actionable results.

• Severity inflation is removed structurally: the "Most findings land here" WARN floor is gone from the rubric, Step 3.3 becomes the single authoritative home for size-based demotion, and all other sites (Review Constraints, Step 7.2, the rubric, the YAGNI procedure) reference Step 3.3 by name rather than restate it.
• PR and branch context now flows from four sources (gh pr view, local pr-body files, branch commit messages, implementation plans) into a 200-word $branch_context block that ships verbatim to every dispatched agent, so agents can avoid re-raising items the team has already deferred.
• Two new structural mechanisms — the Step 7.2 reachability demotion gate and the Step 9.0 self-consistency check — filter theoretical findings and surface contradictory recommendations before output reaches the human reviewer.
• This is a v2.3.0 release. The CHANGELOG's Deferred section lists what was explicitly kept out: a dedicated mode flag, cross-file contradiction detection, and an automated test harness.

Behavior changes

Before: Agents ran with no shared context about the PR's intent or deferred items, a WARN floor in seven of nine agent rubrics ensured most findings inflated to WARN regardless of change size, theoretical findings ("could happen," "defense-in-depth") survived to the output unchanged, and contradictory same-file recommendations required the human to adjudicate without any flag that a conflict existed.

After:

Mechanism	Before	After
Severity floor	Rubric had "Most findings land here" at WARN for 7/9 agent types	Rubric defines each severity; size-based demotion lives only in Step 3.3
Branch context	Agents ran with no PR or plan context	Step 1.5 loads up to 200 words from 4 sources; every agent prompt includes $branch_context
Theoretical findings	Passed through unchanged	Step 7.2 phrase-matches 8 reachability signals and demotes one severity (CRIT→WARN, WARN→SUGG, SUGG omitted); security findings exempt
Contradictory findings	Surfaced as separate items; human had to notice the conflict	Step 9.0 extraction + comparison pass demotes both and appends Tension with {other-task-id}: to each
YAGNI procedure	Single-pass check	Two-pass: Pass 1 runs Gate 1 evidence test, Pass 2 matches named anti-patterns; skipped in Mode B/C unless user names it in $focus_areas
structural-analyst / behavioral-analyst default severity	No dispatcher directive	Step 3.5 directs both agents to default every finding to SUGG, escalating only when the change actively introduces or worsens the issue

What to look at first

• Step 3.3 as the single demotion authority. The key design decision is centralizing size-based demotion here and having every other site reference it by name. The risk: if a future edit restates the rule at another site, the system silently forks. Worth checking whether the references are clear enough to prevent that.
• The Step 7.2 phrase list. Eight specific strings (theoretical, hypothetical, defense-in-depth, effectively impossible, in case the upstream, could happen, should never happen, edge case that does not occur) are the entire gate. A finding whose rationale avoids these phrases but is still theoretical passes through. The plan chose phrase-matching over a structured field intentionally — verify that tradeoff is documented well enough that future editors don't add phrases ad hoc.
• Step 3.5 dispatcher directives vs. agent definitions. The structural-analyst, behavioral-analyst, junior-developer, and edge-case-explorer directives live in Step 3.5, not in the agent definition files. This means agents called by other skills are unaffected, but it also means the behavior is invisible from the agent docs alone. The four affected agent docs carry a one-paragraph note — check that it's accurate.
• Step 1.5 fail-open behavior. When none of the four context sources returns content, the skill warns once and binds $branch_context to none provided. A reviewer should confirm that the warning is sufficient and that agents handle none provided gracefully without hallucinating context.

How this was tested

• ✅ Ran the updated skill against three real PR bundles in tmp/gearjot-v2-web-pr-{299,307,339}/ and compared finding counts and severities against pre-v2.3.0 output to confirm inflation was reduced.
• ✅ Confirmed Step 7.2 phrase-match demotion fired correctly on findings containing theoretical and defense-in-depth language in the PR-299 bundle.
• ✅ Confirmed Step 9.0 self-consistency check surfaced a contradictory pair in one of the test bundles and applied the severity demotion and Tension with annotations.
• ✅ No automated test harness was added — that is explicitly deferred. Validation relied entirely on manual inspection of the three real PR bundles.

Files of interest

• plugin/skills/code-review/SKILL.md — the skill itself; Steps 1.5, 3.3, 3.5, 7.1-7.3, and 9.0 are the load-bearing additions
• plugin/...nces/agent-finding-classification.md — the rubric where the WARN floor was removed from seven agent sections
• plugin/skills/code-review/references/review-checklist.md — the YAGNI two-pass procedure and the Mode B/C skip rule
• CHANGELOG.md — the v2.3.0 entry is the fastest way to orient; the Deferred section names what was kept out and why
• docs/skills/code-review.md — operator-facing doc updated to mirror the new step structure; confirms the implementation is accurately described