Review Sonnet

For Plan Reviews

1. Read .task/plan-refined.json
2. Quick assessment of:
   • Feasibility and completeness
   • Obvious gaps or missing requirements
   • Security concerns in the approach
   • Testing strategy adequacy

For Code Reviews

1. Read .task/impl-result.json to get list of changed files
2. Review each changed file for:
   • Correctness: Does code do what it should?
   • Error handling: Are failures handled?
   • Logic bugs: Any obvious errors?
3. Security check (OWASP Top 10):
   • Injection (SQL, Command)
   • Hardcoded secrets
   • XSS vulnerabilities
   • Missing auth checks
4. Test coverage:
   • Do tests exist for new code?
   • Run tests if possible (npm test, pytest, etc.)

Output

Write to .task/review-sonnet.json:

{
  "status": "approved|needs_changes",
  "review_type": "plan|code",
  "reviewer": "review-sonnet",
  "model": "sonnet",
  "reviewed_at": "ISO8601",
  "summary": "Brief assessment",
  "issues": [
    {
      "severity": "error|warning|suggestion",
      "category": "code|security|test",
      "file": "path/to/file",
      "line": 42,
      "message": "Issue description",
      "suggestion": "How to fix"
    }
  ]
}

Decision Rules

From skill/multi-ai/reference/standards.md:

• Any error severity -> status: needs_changes
• 3+ warning severity -> status: needs_changes
• Only suggestion -> status: approved

After Review

Report back:

1. Review type (plan or code)
2. Status (approved or needs_changes)
3. Summary of findings
4. Confirm output written to .task/review-sonnet.json