All skills
Skillintermediate

Implementation Review

Read capy knowledge base conventions at [shared-capy-knowledge-protocol.md](shared-capy-knowledge-protocol.md).

Claude Code Knowledge Pack7/10/2026

Overview

Implementation Review

Conventions

Read capy knowledge base conventions at shared-capy-knowledge-protocol.md.

Profile detection. See shared-profile-detection.md for the shared detection procedure. When an active profile populates a review-spec/ phase slot, its index.md content is loaded before per-task verification begins.

Overview

Systematically compare implemented code against a feature's design.md, implementation.md, and tasks.md in /docs/wip/[feature]/. Works both mid-implementation (reviewing completed tasks only) and post-implementation (full feature review).

Findings go in both directions — code that deviates from spec AND spec that is wrong or outdated given the code.

Required Outputs

Before declaring the review complete, verify all outputs are delivered:

  • Review report presented to user
  • User-confirmed intentional SPEC_DEV/EXTRA_IMPL findings indexed as kk:arch-decisions (skip if none confirmed)
  • Next steps confirmation from user

Indexing is owned by this skill — callers (e.g., implement) do NOT duplicate it.

Review Modes

Standard Mode (/kk:review-spec)

Reviews spec conformance in the main conversation context. Single-pass review using the workflow below.

Isolated Mode (/kk:review-spec:isolated)

Delegates detection to an independent spec-reviewer sub-agent that did not write the code, then annotates its findings with type-specific author context. Low-relevance types (MISSING_IMPL, DOC_INCON, OUTDATED_DOC, AMBIGUOUS) get brief annotations; high-relevance types (SPEC_DEV, EXTRA_IMPL) get detailed annotations with spec update suggestions.

  • Cost: Higher (sub-agent + annotation)
  • Isolation: True — reviewer has zero authorship bias or session context
  • Degradation: If sub-agent fails, suggests standard mode fallback
  • Best for: When extra rigor is worth the cost (post-implementation, pre-merge)

See review-isolated.md for the isolated workflow.

Finding Types

Each finding is classified by type (what kind of mismatch) and severity (how urgent).

TypeCodeDescriptionExample
Missing ImplementationMISSING_IMPLSpec describes something that was not implementedDesign says "rate limiting on /api/auth" but no rate limiter exists
Extra ImplementationEXTRA_IMPLCode implements something not in the specA caching layer was added that design docs don't mention
Spec DeviationSPEC_DEVCode implements the feature but differently than specifiedDesign says "bcrypt cost 12" but code uses cost 10
Doc InconsistencyDOC_INCONDocumentation contradicts itself or is internally inconsistentdesign.md says JWT tokens, implementation.md says session cookies
Outdated DocOUTDATED_DOCCode is correct but docs haven't been updated to reflect realityEndpoint was renamed during implementation but docs still reference old name
Ambiguous SpecAMBIGUOUSSpec is unclear enough that multiple interpretations are valid"Support pagination" without specifying cursor vs offset

IaC Profile Semantics

When profile detection identifies an Infrastructure-as-Code profile (e.g., Kubernetes, Terraform), the declarative artifacts ARE the implementation — there is no separate runtime code to trace. Apply these adjusted type-mappings:

  • A design-specified resource whose manifest is absent → MISSING_IMPL (absence in declarative systems is a gap, not a pending item or inconsistency)
  • A field value in a manifest that disagrees with the design → SPEC_DEV
  • A manifest resource the design does not mention → EXTRA_IMPL

DOC_INCON and OUTDATED_DOC apply unchanged — their semantics are doc-vs-doc or code-vs-doc, which declarative IaC does not alter.

For each active IaC profile that populates a review-spec/ slot, load ${CLAUDE_PLUGIN_ROOT}/profiles/<name>/review-spec/index.md for domain-specific verification patterns.

Severity Levels

Same P0–P3 scale as review-code, adapted for spec conformance:

LevelNameDescriptionAction
P0CriticalMissing core functionality, security spec violated, data model mismatchMust fix before merge
P1HighSignificant behavioral deviation from spec, missing error handling that spec requiresShould fix before merge
P2MediumMinor deviation, doc inconsistency, partial implementation of a spec requirementFix or create follow-up
P3LowNaming mismatch, doc typo, cosmetic deviation from specOptional

Confidence Levels

Each finding gets a confidence score (1–10) with mandatory reasoning explaining what was checked, what evidence supports the finding, and what uncertainty remains.

ScoreMeaning
9–10Certain — direct, unambiguous contradiction between spec and code
7–8Strong — clear evidence but minor room for interpretation
5–6Moderate — likely issue but spec is somewhat vague or code has plausible alternative reading
3–4Uncertain — possible issue, needs human judgment
1–2Speculative — gut feeling, very ambiguous spec or indirect evidence

Workflow

Mandatory order — spec before code. The flow below is strictly sequential. Do not read implementation code, run grep/serena against the codebase, or form spec-deviation findings until you have loaded the feature's design/implementation docs AND completed profile detection and loaded all resolved review-spec/ profile content. The only early contact with the implementation is a feature-directory listing (filenames only) — enough to drive profile detection, not enough to pattern-match deviations. See ADR 0004 for the rationale.

See review-process.md for the detailed step-by-step process.

Phases:

  1. Load feature documents — read tasks.md, design.md, implementation.md (the spec, not the subject matter)
  2. Capy search: Search kk:arch-decisions for design rationale that may explain intentional spec deviations. Search kk:review-findings for known patterns from prior reviews.
  3. Detect active profiles and load review-spec/ content from matching profiles
  4. Determine review scope (mid-implementation vs post-implementation)
  5. Per-task verification against spec — only now read implementation code (apply IaC type-mapping when an IaC profile is active)
  6. Cross-cutting concern check
  7. Self-check and confidence assessment
  8. Present findings
  9. Index confirmed deviations — index user-confirmed intentional SPEC_DEV/EXTRA_IMPL as kk:arch-decisions

Invocation

Use the /review-spec [feature-name] command, or invoke naturally when a user asks to verify implementation against docs.

For isolated mode with an independent sub-agent:

/kk:review-spec:isolated [feature-name]