Automated Code Review & Verification FAQs

Question 1

What is the core principle of this skill?

Accepted Answer

The core principle is 'evidence before assertions,' meaning the skill runs actual build and test commands rather than assuming the code works based on a visual scan.

Question 2

What specific security issues does it look for?

Accepted Answer

It scans for critical vulnerabilities including hardcoded secrets (API keys), SQL injection risks, XSS vulnerabilities, and potential command injection patterns.

Question 3

Does it work with non-OpenSpec projects?

Accepted Answer

Yes, while it has specialized logic for OpenSpec projects, it works with any git-based repository by analyzing diffs and running standard project verification tools.

Question 4

How does it integrate with the OpenSpec workflow?

Accepted Answer

It validates implementation against proposal.md and tasks.md, checks spec deltas for requirement coverage, and provides the command to archive the change once approved.

Question 5

What happens if a build or test fails?

Accepted Answer

The process follows a 'fail-fast' approach, stopping immediately to report the specific failure details before proceeding to deeper code analysis or quality checks.

Automated Code Review & Verification

Key Features

Use Cases

Automated Code Review & Verification

Key Features

Use Cases