Interactive human review workflow presenting evidence and collecting APPROVE/DENY decisions with structured feedback. Supports auto-deny for early iterations.
/review-million-dollar-app [idea-slug] [--auto-deny[=N]] [--no-auto-deny]idea-slug: (optional) Specific idea to review, or shows review queue--auto-deny: (default) Auto-deny iterations 1-5 without human input. Agent runs verification and generates feedback.--auto-deny=N: Set custom auto-deny threshold (e.g., --auto-deny=3 for first 3 iterations)--no-auto-deny: Disable auto-deny, always require human decisionProvide the human review gate for million-dollar apps that have passed verification. Present evidence, facilitate review, and process APPROVE or DENY decisions.
/build-million-dollar-app scaffolds project/plan-million-dollar-app creates plan/implement-million-dollar-app implements features/verify-million-dollar-app collects evidence and submits for reviewbuiltscaffolded_available with cumulative feedbackpending_reviewbuilt (terminal success)scaffolded_available + cumulative feedbackThis skill does NOT:
This skill CAN:
--auto-deny=N or disabled with --no-auto-deny)status: builtstatus: scaffolded_availabletracking.ideas[slug].denial_feedback[][project]/.planning/feedback.mdBy default, the first 5 review iterations are automatically denied. This allows the system to iterate quickly without requiring human attention for early-stage issues.
review_count < auto_deny_threshold --> AUTO-DENY (agent finds issues)
review_count >= auto_deny_threshold --> HUMAN REVIEW required
Default threshold: 5
# Default: auto-deny first 5 iterations
/review-million-dollar-app simple-todo-app
# Custom threshold: auto-deny first 3 iterations
/review-million-dollar-app simple-todo-app --auto-deny=3
# Disable auto-deny: always require human decision
/review-million-dollar-app simple-todo-app --no-auto-deny
# Auto-deny first 10 iterations
/review-million-dollar-app simple-todo-app --auto-deny=10
When auto-denying, spawn a verification agent to discover issues:
Task({
subagent_type: "general-purpose",
description: "Auto-deny verification agent",
prompt: `
You are verifying the app at: ${projectPath} for auto-deny review #${reviewCount + 1}
Run these checks and report ALL issues found:
1. **Database & Infrastructure**
- Check if docker-compose.yml exists and is valid
- Verify .env has real values (not placeholders)
- Check if database can be started
2. **Build Verification**
- Run: pnpm install (check for errors)
- Run: pnpm build (capture any errors)
- Check for TypeScript/compilation errors
3. **Runtime Verification**
- Start the dev server: pnpm dev
- Wait 10 seconds for startup
- Check for console errors
- Try to fetch http://localhost:3000
- Check for 404s or startup failures
4. **Test Verification**
- Run: pnpm test (if tests exist)
- Report pass/fail counts
- Note any failing tests
5. **Code Quality**
- Check for TODO comments in critical paths
- Look for placeholder values
- Verify auth configuration
Return JSON:
{
"status": "issues_found" | "no_issues",
"issues": [
{
"category": "database|build|runtime|tests|code_quality",
"severity": "critical|major|minor",
"description": "What's wrong",
"file": "path/to/file.ts:line" (if applicable),
"fix_hint": "How to fix it"
}
],
"summary": "One-line summary of main problems",
"can_app_start": true|false,
"tests_passing": "X/Y" | "no tests" | "tests failed"
}
`
})
/review-million-dollar-app (Interface)
|
|---> [Step 0] Parse Arguments
| - Extract idea-slug
| - Determine auto-deny threshold (default: 5)
| - Check for --no-auto-deny flag
|
|---> [Step 1] Show Review Queue
| - List all pending_review items
| - Show submission date and review count
| - Indicate which are in auto-deny range
|
|---> [Step 2] Check Auto-Deny Eligibility
| - IF review_count < threshold AND auto-deny enabled:
| --> [Step 2a] Auto-Deny Flow
| - ELSE:
| --> [Step 2b] Human Review Flow
|
|---> [Step 2a] Auto-Deny Flow
| - Spawn verification agent
| - Collect discovered issues
| - Generate structured feedback
| - Process as DENY (no human input needed)
| - Display results to user
|
|---> [Step 2b] Human Review Flow
| - Present Evidence
| - Display test results, screenshots, etc.
| - Show prior feedback
| - Wait for human decision (APPROVE/DENY)
|
|---> [Step 3] Process Decision
- APPROVE: Update to 'built' (human only)
- DENY: Update to 'scaffolded_available' + write feedback
// Parse command line arguments
const args = parseArguments(input);
const slug = args.slug; // May be null (show queue)
let autoDenyThreshold = 5; // Default
if (args.flags['no-auto-deny']) {
autoDenyThreshold = 0; // Disabled
} else if (args.flags['auto-deny']) {
// --auto-deny or --auto-deny=N
autoDenyThreshold = args.flags['auto-deny'] === true ? 5 : parseInt(args.flags['auto-deny']);
}
Starting /review-million-dollar-app...
----------------------------------------------------
Auto-Deny: ENABLED (threshold: 5)
REVIEW QUEUE
============
| # | Idea | Submitted | Reviews | Mode | Last Denial |
|---|-------------------------|------------|---------|-------------|-------------|
| 1 | ai-code-review-tools | 2026-01-15 | 1 | AUTO-DENY | - |
| 2 | smart-inventory-tracker | 2026-01-16 | 5 | HUMAN | 2026-01-14 |
| 3 | fitness-meal-planner | 2026-01-17 | 3 | AUTO-DENY | 2026-01-16 |
Legend:
- AUTO-DENY: Review count < 5, will be automatically verified and denied
- HUMAN: Review count >= 5, requires human APPROVE/DENY decision
Enter idea slug to review (or number):
When user selects an idea:
REVIEWING: ai-code-review-tools
===============================
## Project Overview
- Location: ~/Developer/million-dollar-app-ideas/ai-code-review-tools
- Type: webapp (Next.js)
- Review attempt: #1
## Test Results
+---------------------+-------------------+
| Category | Result |
+---------------------+-------------------+
| Unit Tests | 45/45 passed |
| Integration Tests | 12/12 passed |
| E2E Tests | 8/8 passed |
| Coverage | 87% lines |
+---------------------+-------------------+
## Screenshots
1. [login.png] - Login page with GitHub OAuth
2. [dashboard.png] - Main dashboard with repo list
3. [repo-detail.png] - Repository detail view
4. [review-results.png] - AI code review results
5. [settings.png] - User settings page
View screenshots at: evidence/*.png
## Demo
URL: http://localhost:3000
(Start server with: cd [project] && pnpm dev)
## Market Validation
+--------------------------------+----------+---------+
| Claim | Verified | Current |
+--------------------------------+----------+---------+
| Market size $X billion | Yes | Yes |
| Competitor Y revenue $Z/month | Yes | Yes |
| TAM/SAM analysis | Yes | Yes |
+--------------------------------+----------+---------+
Differentiation: AI-powered approach provides 10x faster reviews
Revenue Path: Clear (SaaS subscription model)
## Implementation Summary
- Phases completed: 4/4
- Tasks completed: 23/23
- Files created: 47
- Files modified: 12
${hasPriorFeedback ? `
## PRIOR FEEDBACK (Review #${reviewCount - 1})
This idea was previously DENIED. Review the prior feedback:
${priorFeedbackSummary}
The plan should have addressed this feedback. Verify it was incorporated.
` : ''}
----------------------------------------------------
DECISION REQUIRED
[A] APPROVE - Mark as 'built' ($1M ready!)
[D] DENY - Return to planning with feedback
Enter decision (A/D):
This step REPLACES steps 2 and 3 when auto-deny is active.
// Check if auto-deny applies
const reviewCount = tracking.ideas[slug].review_count || 0;
const nextReviewNum = reviewCount + 1;
if (nextReviewNum <= autoDenyThreshold && autoDenyThreshold > 0) {
console.log(`
AUTO-DENY MODE ACTIVE
=====================
Review iteration: #${nextReviewNum} of ${autoDenyThreshold} (auto-deny threshold)
Mode: Automatic verification and denial
Spawning verification agent...
`);
// Spawn auto-deny verification agent
const verificationResult = await Task({
subagent_type: "general-purpose",
description: "Auto-deny verification agent",
prompt: `
You are verifying the app at: ${projectPath} for auto-deny review #${nextReviewNum}
Run these checks and report ALL issues found:
1. **Database & Infrastructure**
- Check if docker-compose.yml exists and is valid
- Verify .env has real values (not placeholders like "your-secret-here")
- Check if scripts/setup.sh exists and is executable
2. **Build Verification**
- Run: pnpm install (check for errors)
- Run: pnpm build (capture any build/TypeScript errors)
3. **Runtime Verification**
- Start database: docker compose up -d (if docker-compose.yml exists)
- Start dev server: pnpm dev (in background)
- Wait 15 seconds for startup
- Check for console errors (look for "Error", "error:", exceptions)
- Try to curl http://localhost:3000
- Check for 404s, 500s, or startup failures
- Kill the dev server when done
4. **Test Verification**
- Run: pnpm test (if tests exist)
- Report pass/fail counts
- Note any failing tests
5. **Code Quality**
- Grep for TODO, FIXME, PLACEHOLDER in src/
- Look for hardcoded secrets or placeholder values
- Check .env.example vs .env for missing variables
Return JSON (MUST be valid JSON):
{
"status": "issues_found" | "no_issues",
"issues": [
{
"category": "database|build|runtime|tests|code_quality",
"severity": "critical|major|minor",
"description": "What is wrong",
"file": "path/to/file.ts:line",
"fix_hint": "How to fix it"
}
],
"summary": "One-line summary of main problems",
"can_app_start": true|false,
"tests_passing": "X/Y" | "no tests" | "tests failed to run"
}
`
});
// Generate feedback from verification results
const feedback = generateFeedbackFromVerification(verificationResult);
// Process as DENY (same as Step 4 but with auto-generated feedback)
processDeny(slug, feedback, `auto-deny-review-${nextReviewNum}`);
console.log(`
AUTO-DENIED (Review #${nextReviewNum})
=======================
${slug} has been automatically denied.
Tracking Updates:
- Status: scaffolded_available
- Review count: ${nextReviewNum}
- Feedback: Written to .planning/feedback.md
Auto-Deny Status:
- Iterations remaining: ${autoDenyThreshold - nextReviewNum} more auto-denies before human review
- Next review (#${nextReviewNum + 1}) will ${nextReviewNum + 1 <= autoDenyThreshold ? 'also be auto-denied' : 'REQUIRE human review'}
Next Steps:
1. /plan-million-dollar-app will read feedback and create fix plan
2. /implement-million-dollar-app will apply fixes
3. /verify-million-dollar-app will re-verify
4. /review-million-dollar-app will review again
`);
return; // Exit early, skip human review flow
}
// If we reach here, proceed to human review (Step 2b)
if (decision === 'APPROVE') {
// Acquire lock
const tracking = acquireLock('./ideas/_tracking.json');
const now = new Date().toISOString();
// Update status to built
tracking.ideas[slug].status = 'built'; // Terminal success
tracking.ideas[slug].current_phase = 'complete';
tracking.ideas[slug].approved_at = now;
// Remove from review queue
tracking.review_queue = tracking.review_queue.filter(r => r.slug !== slug);
tracking.ideas[slug].history.push({
timestamp: now,
action: 'approved',
details: 'Human review APPROVED. Status: built. $1M ready!'
});
// Update meta counts
updateStatusCounts(tracking);
tracking.meta.last_updated = now;
// Release lock
releaseLock(tracking, './ideas/_tracking.json');
console.log(`
APPROVED!
=========
${slug} has been marked as 'built'.
This app is now $1M ready!
Status: built (terminal success)
Congratulations!
`);
}
CRITICAL: Feedback is APPENDED, not replaced. Both locations are updated.
if (decision === 'DENY') {
// Prompt for feedback
const feedback = await promptForFeedback();
// Acquire lock
const tracking = acquireLock('./ideas/_tracking.json');
const now = new Date().toISOString();
// Increment review count
tracking.ideas[slug].review_count = (tracking.ideas[slug].review_count || 0) + 1;
const reviewNum = tracking.ideas[slug].review_count;
// 1. APPEND feedback to tracking (summary)
if (!tracking.ideas[slug].denial_feedback) {
tracking.ideas[slug].denial_feedback = [];
}
tracking.ideas[slug].denial_feedback.push({
review_number: reviewNum,
timestamp: now,
summary: feedback.summary
});
// 2. APPEND detailed feedback to .planning/feedback.md
const feedbackPath = `${projectPath}/.planning/feedback.md`;
const existingFeedback = fileExists(feedbackPath) ? read(feedbackPath) : getInitialFeedbackTemplate();
const newFeedbackSection = generateFeedbackSection(reviewNum, now, feedback);
const updatedFeedback = insertFeedbackAtTop(existingFeedback, newFeedbackSection);
write(feedbackPath, updatedFeedback);
// 3. Update status to scaffolded_available (loops back to planning)
tracking.ideas[slug].status = 'scaffolded_available';
tracking.ideas[slug].current_phase = 'awaiting_replan';
// 4. Remove from review queue
tracking.review_queue = tracking.review_queue.filter(r => r.slug !== slug);
tracking.ideas[slug].history.push({
timestamp: now,
action: 'denied',
details: `Human review DENIED (#${reviewNum}). Status: scaffolded_available. Feedback written to .planning/feedback.md`
});
// Update meta counts
updateStatusCounts(tracking);
tracking.meta.last_updated = now;
// Release lock
releaseLock(tracking, './ideas/_tracking.json');
}
When DENY is selected, collect structured feedback:
DENIAL FEEDBACK
===============
You are denying review #${reviewNum} for: ${slug}
Please provide feedback in each section:
## Issues Found
List the problems discovered during review:
> 1. Auth not working - OAuth callback fails
> 2. Missing error handling in checkout flow
> 3. Tests incomplete for payment edge cases
## Required Changes
What MUST be fixed before next review:
> 1. Fix OAuth callback URL configuration
> 2. Add try/catch and user-friendly errors in checkout
> 3. Add unit tests for payment failure scenarios
## Evidence Gaps (optional)
What evidence was missing or insufficient:
> 1. Market validation sources from 2023, need 2025/2026 data
> 2. No demo video provided
## Additional Notes (optional)
Any other feedback:
> Consider adding loading states to improve UX
----------------------------------------------------
Review feedback:
- Issues: 3
- Required changes: 3
- Evidence gaps: 2
Confirm DENY with this feedback? (Y/N):
The .planning/feedback.md file is CUMULATIVE - new feedback is PREPENDED:
# Review Feedback
> **CRITICAL**: The /plan-app agent MUST read this entire file before creating a new plan.
> All previous feedback must be addressed in the new plan.
---
## Review #2 - 2026-01-17
**Status**: DENIED
### Issues Found
1. Checkout flow missing error handling for payment failures
2. Unit tests only cover 60% of critical paths
3. No loading states on dashboard
### Required Changes
- Add try/catch and user-friendly error messages in checkout
- Add tests for payment edge cases
- Implement skeleton loaders for dashboard widgets
### Evidence Gaps
- Market validation sources were from 2023, need current data
- No demo video provided
---
## Review #1 - 2026-01-15
**Status**: DENIED
### Issues Found
1. Authentication not working
2. Database migrations incomplete
### Required Changes
- Fix OAuth callback handling
- Run and verify all migrations
---
User: /review-million-dollar-app
Agent:
Starting /review-million-dollar-app...
----------------------------------------------------
REVIEW QUEUE
============
| # | Idea | Submitted | Reviews | Last Denial |
|---|-------------------------|------------|---------|-------------|
| 1 | ai-code-review-tools | 2026-01-15 | 1 | - |
Enter idea slug to review (or 1 for first item): 1
REVIEWING: ai-code-review-tools
===============================
[Evidence presentation as shown above]
----------------------------------------------------
DECISION REQUIRED
[A] APPROVE - Mark as 'built' ($1M ready!)
[D] DENY - Return to planning with feedback
Enter decision (A/D): A
----------------------------------------------------
APPROVED!
=========
ai-code-review-tools has been marked as 'built'.
This app is now $1M ready!
Tracking:
- Status: built
- Review queue: Removed
Congratulations!
Enter decision (A/D): D
DENIAL FEEDBACK
===============
## Issues Found
> 1. Login redirect loop on mobile
> 2. Dashboard loads slowly (5+ seconds)
## Required Changes
> 1. Fix mobile OAuth redirect handling
> 2. Add pagination to dashboard data fetching
## Evidence Gaps
> (none)
Confirm DENY with this feedback? (Y/N): Y
----------------------------------------------------
DENIED
======
ai-code-review-tools has been returned to planning phase.
Tracking:
- Status: scaffolded_available
- Review count: 2
- Feedback: Written to .planning/feedback.md
Next Steps:
1. /plan-million-dollar-app will read .planning/feedback.md
2. New plan MUST address all feedback
3. After re-implementation: /verify-million-dollar-app
4. Then back to /review-million-dollar-app
The feedback loop continues until APPROVED or ABANDONED.
./ideas/_tracking.jsonThis skill interacts with the tracking system based on human decision:
On APPROVE:
{
"ideas": {
"idea-slug": {
"status": "built",
"current_phase": "complete",
"approved_at": "ISO-8601"
}
},
"review_queue": [] // Item removed from queue
}
On DENY:
{
"ideas": {
"idea-slug": {
"status": "scaffolded_available",
"current_phase": "awaiting_replan",
"review_count": 2, // Incremented
"denial_feedback": [
{
"review_number": 1,
"timestamp": "ISO-8601",
"summary": "Previous feedback summary"
},
{
"review_number": 2,
"timestamp": "ISO-8601",
"summary": "New feedback summary appended"
}
]
}
},
"review_queue": [] // Item removed from queue
}
Every code path that acquires a lock MUST release it.
// ALWAYS use try/finally to ensure lock release
function withLock(trackingPath, operation) {
const tracking = acquireLock(trackingPath);
try {
operation(tracking);
} finally {
releaseLock(tracking, trackingPath); // ALWAYS executes
}
}
Lock Release Points in This Skill:
On DENY, feedback is written to TWO locations:
tracking.ideas[slug].denial_feedback[][project]/.planning/feedback.mdBoth must be updated atomically to maintain consistency.
On APPROVE:
| Before | After |
|---|---|
pending_review | built |
On DENY:
| Before | After |
|---|---|
pending_review | scaffolded_available |
scaffolded_available
↓
/plan-app (MUST read feedback.md)
↓
planned_available
↓
/implement-app
↓
implemented_available
↓
/verify-app
↓
pending_review
↓
/review-app → DENY → scaffolded_available (loop)
→ APPROVE → built (exit)
REVIEW QUEUE
============
No items pending review.
Status counts:
- scaffolded_available: 3 (need /plan-app)
- planned_available: 2 (need /implement-app)
- implemented_available: 1 (need /verify-app)
- pending_review: 0
Nothing to review. Run the appropriate skill to advance items.
ERROR: Idea not found or not pending review
Provided: [slug]
Status: [actual status or "not found"]
Only ideas with status 'pending_review' can be reviewed.
Current review queue:
1. other-idea-1
2. other-idea-2
User: /review-million-dollar-app simple-todo-app
Agent:
Starting /review-million-dollar-app for: simple-todo-app
----------------------------------------------------
AUTO-DENY MODE ACTIVE
=====================
Review iteration: #2 of 5 (auto-deny threshold)
Mode: Automatic verification and denial
Spawning verification agent...
[Auto-Deny Agent] Starting comprehensive verification...
[Auto-Deny Agent] Checking infrastructure...
[Auto-Deny Agent] Running build...
[Auto-Deny Agent] Starting dev server...
[Auto-Deny Agent] ERROR: PrismaClient constructor error detected
[Auto-Deny Agent] Running tests...
[Auto-Deny Agent] Tests: 250/250 passed (but app fails to start)
----------------------------------------------------
AUTO-DENY VERIFICATION RESULTS
==============================
| Category | Status | Details |
|-------------------|---------|-------------------------------------------|
| Infrastructure | PASS | docker-compose.yml valid |
| Build | FAIL | Prisma client engine error |
| Runtime | FAIL | App returns 404 due to Prisma init error |
| Tests | PASS | 250/250 (mocked DB hides runtime issue) |
| Code Quality | WARN | Engine type 'client' misconfigured |
Critical Issues Found:
1. [CRITICAL] PrismaClient uses engine type "client" without required adapter
File: src/lib/db.ts:25
Fix: Remove 'client' engine or provide adapter/accelerateUrl
2. [CRITICAL] App fails to start - 404 on all routes
Cause: Prisma initialization fails at module load time
----------------------------------------------------
AUTO-DENIED (Review #2)
=======================
simple-todo-app has been automatically denied.
Tracking Updates:
- Status: scaffolded_available
- Review count: 2
- Feedback: Written to .planning/feedback.md
Auto-Deny Status:
- Iterations remaining: 3 more auto-denies before human review required
- Next review (#3) will also be auto-denied unless --no-auto-deny is used
Next Steps:
1. /plan-million-dollar-app will read feedback and create fix plan
2. /implement-million-dollar-app will apply fixes
3. /verify-million-dollar-app will re-verify
4. /review-million-dollar-app will auto-deny again (or human review at #6)
User: /review-million-dollar-app simple-todo-app
Agent:
Starting /review-million-dollar-app for: simple-todo-app
----------------------------------------------------
HUMAN REVIEW REQUIRED
=====================
Review iteration: #6 (exceeds auto-deny threshold of 5)
Mode: Human decision required
REVIEWING: simple-todo-app
==========================
## Test Results
All 250 tests passing
## App Status
- Build: Success
- Runtime: App starts successfully
- Demo URL: http://localhost:3000
## Prior Denials (5)
Review #1: AUTH_SECRET placeholder, no database setup
Review #2: PrismaClient engine type error
Review #3: Missing environment validation
Review #4: Database migrations not auto-running
Review #5: Auth callback URL misconfigured
All prior issues have been addressed in this iteration.
----------------------------------------------------
DECISION REQUIRED (Human Only)
[A] APPROVE - Mark as 'built' ($1M ready!)
[D] DENY - Return to planning with feedback
Enter decision (A/D):
User: /review-million-dollar-app simple-todo-app --no-auto-deny
Agent:
Starting /review-million-dollar-app for: simple-todo-app
----------------------------------------------------
HUMAN REVIEW MODE (--no-auto-deny)
==================================
Review iteration: #2
Note: Auto-deny bypassed by flag
REVIEWING: simple-todo-app
==========================
[... presents full evidence for human decision ...]
DECISION REQUIRED
[A] APPROVE - Mark as 'built' ($1M ready!)
[D] DENY - Return to planning with feedback
Enter decision (A/D):
User: /review-million-dollar-app ai-code-review-tools
Agent:
REVIEWING: ai-code-review-tools
===============================
(Review #6 - human review required)
## Test Results
All 65 tests passing
## Screenshots
5 screenshots in evidence/
## Market Validation
3 sources verified, all current
## Implementation
4/4 phases, 23/23 tasks complete
DECISION REQUIRED
[A] APPROVE [D] DENY
User: A
Agent:
APPROVED!
ai-code-review-tools is now 'built'.
$1M ready!
User: /review-million-dollar-app smart-inventory-tracker
Agent:
REVIEWING: smart-inventory-tracker
==================================
## Test Results
Unit: 30/32 (2 failed)
Integration: 8/10 (2 failed)
## Screenshots
3 captured (missing settings page)
## PRIOR FEEDBACK (Review #1)
Previously denied for:
- Missing inventory import feature
- No CSV export
DECISION REQUIRED
[A] APPROVE [D] DENY
User: D
Agent:
DENIAL FEEDBACK
===============
## Issues Found
> 1. Tests still failing
> 2. Import feature incomplete
> 3. Export only works for small datasets
## Required Changes
> 1. Fix failing tests
> 2. Complete CSV import feature
> 3. Add pagination to export
Confirm DENY? (Y/N)
User: Y
Agent:
DENIED
smart-inventory-tracker returned to scaffolded_available.
Review count: 3
Feedback appended to .planning/feedback.md
/plan-app MUST address all 3 reviews' feedback.
After this skill completes, verify:
builtreview_queueapproved_at timestamp setscaffolded_availablereview_count incrementeddenial_feedback[] arrayreview_queue.planning/feedback.md exists in project directory.planning/feedback.md.planning/feedback.mdbuilt (terminal success)/plan-million-dollar-app [slug]
.planning/feedback.md/implement-million-dollar-app [slug]/verify-million-dollar-app [slug]/review-million-dollar-appThe cycle continues until APPROVED or manually ABANDONED.