serpro69/implementation-review
klaude-plugin/skills/implementation-review/SKILL.md
Use after implementing tasks or mid-feature to verify code matches design docs and ensure they are in sync. Detects spec deviations, missing implementations, doc inconsistencies, and outdated docs in design and implementation documentation.
$ install --global
skillsauthnpx skillsauth add serpro69/claude-starter-kit implementation-reviewInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 13, 2026, 7:43 PM58.5s4 files scanned
SKILL.md
- name:
- implementation-review
- description:
- |
Implementation Review
Conventions
Read capy knowledge base conventions at shared-capy-knowledge-protocol.md.
Overview
Systematically compare implemented code against a feature's design.md, implementation.md, and tasks.md in /docs/wip/[feature]/. Works both mid-implementation (reviewing completed tasks only) and post-implementation (full feature review).
Findings go in both directions — code that deviates from spec AND spec that is wrong or outdated given the code.
Required Outputs
Before declaring the review complete, verify all outputs are delivered:
- [ ] Review report presented to user
- [ ] User-confirmed intentional
SPEC_DEV/EXTRA_IMPLfindings indexed askk:arch-decisions(skip if none confirmed) - [ ] Next steps confirmation from user
Indexing is owned by this skill — callers (e.g., implementation-process) do NOT duplicate it.
Review Modes
Standard Mode (/kk:implementation-review)
Reviews spec conformance in the main conversation context. Single-pass review using the workflow below.
Isolated Mode (/kk:implementation-review:isolated)
Delegates detection to an independent spec-reviewer sub-agent that did not write the code, then annotates its findings with type-specific author context. Low-relevance types (MISSING_IMPL, DOC_INCON, OUTDATED_DOC, AMBIGUOUS) get brief annotations; high-relevance types (SPEC_DEV, EXTRA_IMPL) get detailed annotations with spec update suggestions.
- Cost: Higher (sub-agent + annotation)
- Isolation: True — reviewer has zero authorship bias or session context
- Degradation: If sub-agent fails, suggests standard mode fallback
- Best for: When extra rigor is worth the cost (post-implementation, pre-merge)
See review-isolated.md for the isolated workflow.
Finding Types
Each finding is classified by type (what kind of mismatch) and severity (how urgent).
| Type | Code | Description | Example |
| ---------------------- | -------------- | ---------------------------------------------------------------- | ---------------------------------------------------------------------------- |
| Missing Implementation | MISSING_IMPL | Spec describes something that was not implemented | Design says "rate limiting on /api/auth" but no rate limiter exists |
| Extra Implementation | EXTRA_IMPL | Code implements something not in the spec | A caching layer was added that design docs don't mention |
| Spec Deviation | SPEC_DEV | Code implements the feature but differently than specified | Design says "bcrypt cost 12" but code uses cost 10 |
| Doc Inconsistency | DOC_INCON | Documentation contradicts itself or is internally inconsistent | design.md says JWT tokens, implementation.md says session cookies |
| Outdated Doc | OUTDATED_DOC | Code is correct but docs haven't been updated to reflect reality | Endpoint was renamed during implementation but docs still reference old name |
| Ambiguous Spec | AMBIGUOUS | Spec is unclear enough that multiple interpretations are valid | "Support pagination" without specifying cursor vs offset |
Severity Levels
Same P0–P3 scale as solid-code-review, adapted for spec conformance:
| Level | Name | Description | Action | | ------ | -------- | ------------------------------------------------------------------------------------- | ----------------------- | | P0 | Critical | Missing core functionality, security spec violated, data model mismatch | Must fix before merge | | P1 | High | Significant behavioral deviation from spec, missing error handling that spec requires | Should fix before merge | | P2 | Medium | Minor deviation, doc inconsistency, partial implementation of a spec requirement | Fix or create follow-up | | P3 | Low | Naming mismatch, doc typo, cosmetic deviation from spec | Optional |
Confidence Levels
Each finding gets a confidence score (1–10) with mandatory reasoning explaining what was checked, what evidence supports the finding, and what uncertainty remains.
| Score | Meaning | | ----- | -------------------------------------------------------------------------------------------- | | 9–10 | Certain — direct, unambiguous contradiction between spec and code | | 7–8 | Strong — clear evidence but minor room for interpretation | | 5–6 | Moderate — likely issue but spec is somewhat vague or code has plausible alternative reading | | 3–4 | Uncertain — possible issue, needs human judgment | | 1–2 | Speculative — gut feeling, very ambiguous spec or indirect evidence |
Workflow
See review-process.md for the detailed step-by-step process.
Phases:
- Load feature documents
- Capy search: Search
kk:arch-decisionsfor design rationale that may explain intentional spec deviations. Searchkk:review-findingsfor known patterns from prior reviews. - Determine review scope (mid-implementation vs post-implementation)
- Per-task verification against spec
- Cross-cutting concern check
- Self-check and confidence assessment
- Present findings
- Index confirmed deviations — index user-confirmed intentional
SPEC_DEV/EXTRA_IMPLaskk:arch-decisions
Invocation
Use the /implementation-review [feature-name] command, or invoke naturally when a user asks to verify implementation against docs.
For isolated mode with an independent sub-agent:
/kk:implementation-review:isolated [feature-name]
Related Skills
serpro69/test
development
VerifiedTrustedCommunity
Guidelines describing how to test the code. Use whenever writing new or updating existing code, for example after implementing a new feature or fixing a bug.
138SKILL.mdUpdated May 7, 2026
serpro69/review-spec
development
VerifiedTrustedCommunity
Use after implementing tasks or mid-feature to verify code matches design docs and ensure they are in sync. Detects spec deviations, missing implementations, doc inconsistencies, and outdated docs in design and implementation documentation.
138SKILL.mdUpdated May 7, 2026
serpro69/review-design
testing
VerifiedTrustedCommunity
Review design and implementation docs produced by design. Evaluates document quality, internal consistency, and technical soundness. Use after design completes and before starting implement.
138SKILL.mdUpdated May 7, 2026
serpro69/merge-docs
testing
VerifiedTrustedCommunity
Compare and merge two design docs for the same feature into a single source of truth. Use when you have competing or complementary design/implementation docs (e.g. from separate design runs) that need reconciling into one unified document.
138SKILL.mdUpdated May 7, 2026