fix(skills): address code-review findings from PR #2007

[alexeyv]

Summary

Fixes findings from the code review and skill validation of PR #2007:

• Remove name/description from step file frontmatter (STEP-06 violation)
• Add explicit HALT before user menu in step-01 (STEP-04 violation)
• Escape {story-id} as {{story-id}} template placeholder (REF-01)
• Handle untracked files in file-list diff mode via git diff --no-index (P-6)
• Formalize {failed_layers} variable handoff between step-02 and step-03 (P-5)
• Add user-facing note when Acceptance Auditor is skipped in no-spec mode (P-4)
• Guard against false-clean report when a review layer failed (P-7)
• Reword patch recommendation to avoid soliciting auto-fix (P-3)
• Update SKILL.md description to reflect new parallel review capabilities (P-2)

Test plan

• Run npm run quality — all checks pass
• Run skill validator against bmad-code-review — no CRITICAL or HIGH findings
• Invoke skill with no spec — confirm "Acceptance Auditor skipped" note appears
• Verify step-01 HALTs before presenting review-source menu

[augmentcode]

🤖 Augment PR Summary

Summary: This PR updates the bmad-code-review skill to address validator and code-review findings from PR #2007.

Changes:

• Refines SKILL.md description to reflect the multi-layer (parallel) review approach.
• Cleans up step frontmatter (removing name/description) and adds an explicit HALT before presenting the review-source menu.
• Escapes the sprint “story id” placeholder to avoid undefined-variable validation issues.
• Improves diff construction for file-list mode by including untracked files via git diff --no-index.
• Adds {failed_layers} tracking and updates triage/presentation rules to avoid reporting a “clean review” when review layers failed or were skipped.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 3 suggestions posted.

Comment augment review to trigger a new review at any time.

[augmentcode]

{failed_layers} is referenced here, but this step has empty frontmatter (and workflow.md doesn’t define it), which likely violates tools/skill-validator.md REF-01 and can leave the placeholder unresolved at runtime.

Severity: high

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

In the fallback flow, it says to “resume … and proceed to step 3”, but step 3 is now earlier in the file; this can send execution backwards/loop instead of continuing forward through the numbered instructions.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[augmentcode]

For “file list”, the instructions call for git diff HEAD -- ... plus git diff --no-index ... for untracked paths, but it’s not explicit how to merge those outputs into a single {diff_output}; there’s a risk of silently dropping either tracked or untracked file diffs.

Severity: medium

_{🤖 Was this useful? React with 👍 or 👎, or 🚀 if it prevented an incident/outage.}

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Updates the bmad-code-review workflow documentation to introduce explicit user confirmation checkpoints (HALT prompts), track failed review layers during execution, expand diff source options including untracked files, and refine triage logic to account for incomplete reviews when layers fail.

Changes

Cohort / File(s)	Summary
Workflow Description src/bmm/workflows/4-implementation/bmad-code-review/SKILL.md	Enhanced description to detail parallel review layers (Blind Hunter, Edge Case Hunter, Acceptance Auditor) and structured triage categorization.
Context Gathering src/bmm/workflows/4-implementation/bmad-code-review/steps/step-01-gather-context.md	Added HALT checkpoints for user confirmation, expanded review source options (uncommitted, staged, branch diff, commit range, provided diff/file list), added untracked file handling via git diff --no-index, and explicit maximum-diff-size validation.
Review Execution src/bmm/workflows/4-implementation/bmad-code-review/steps/step-02-review.md	Introduced runtime-tracked failed_layers field to accumulate failed layer names, added conditional branching for no-spec mode, and restructured fallback prompt flow with HALT instruction for manual finding input.
Triage Logic src/bmm/workflows/4-implementation/bmad-code-review/steps/step-03-triage.md	Updated triage rules to report which layers failed and warn of incomplete reviews when findings exist but layers have failed, rather than declaring clean reviews unconditionally.
Output Presentation src/bmm/workflows/4-implementation/bmad-code-review/steps/step-04-present.md	Updated guidance text for patch findings to reference follow-up implementation passes as an alternative to manual addressing.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(skills): add edge case hunter as parallel review layer in PR review #1791: Introduces "Edge Case Hunter" as parallel review layer and handles source-tagging and deduplication of findings across layers, directly complementing the failed-layer and parallel-review infrastructure added here.
• Convert code-review workflow to native skill packaging #1941: Creates the initial SKILL.md packaging for bmad-code-review workflow; this PR updates that file's description and corresponding step documentation.
• feat(skills): rewrite code-review with sharded step-file architecture #2007: Makes prior incremental edits to the same bmad-code-review step files, refining parallel-review layers and failed_layers handling that this PR builds upon.

Suggested reviewers

• bmadcode

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately and concisely summarizes the main change: addressing code-review findings from a prior PR by fixing skill validation violations and improving the bmad-code-review workflow.
Description check	✅ Passed	The description provides detailed context for all changes across multiple files, clearly relating to the changeset with specific references to violations (STEP-06, STEP-04, REF-01) and problem items (P-2 through P-7), plus a concrete test plan.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch fix/code-review-findings

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}