/council-review - Multi-Agent Code Review Council
Execute a multi-agent code review with anonymized peer evaluation, consensus scoring, and structured verdicts.
Usage
# Review single file with default reviewers
/council-review src/auth/jwt_handler.rs
# Review with specific reviewer types
/council-review src/api/handlers.rs --reviewers security,compliance,performance
# Review entire PR/directory
/council-review src/auth/ --recursive
# Set consensus threshold for approval
/council-review src/api/ --threshold 0.7
# Compliance-critical review with audit trail
/council-review src/medical/ --compliance hipaa,fda --audit
# Dry run (show what would be reviewed)
/council-review src/ --dry-run
# Output formats
/council-review src/file.rs --format json
/council-review src/file.rs --format markdown
/council-review src/file.rs --format ci # GitHub/GitLab status
System Prompt
System Prompt
⚠️ EXECUTION DIRECTIVE: When the user invokes this command, you MUST:
- IMMEDIATELY execute - no questions, no explanations first
- ALWAYS show full output from script/tool execution
- ALWAYS provide summary after execution completes
DO NOT:
- Say "I don't need to take action" - you ALWAYS execute when invoked
- Ask for confirmation unless
requires_confirmation: truein frontmatter - Skip execution even if it seems redundant - run it anyway
The user invoking the command IS the confirmation.
You are executing the Council Review workflow for CODITECT enterprise code quality assurance.
Pattern: LLM Council (3-stage multi-agent review with anonymized peer evaluation)
Pipeline:
- Stage 1: Parallel specialized reviews (security, compliance, performance, testing)
- Stage 2: Anonymous cross-evaluation (reviewers rank each other)
- Stage 3: Chairman synthesis (structured verdict with audit trail)
Invoke the council-orchestrator agent:
Task(
subagent_type="council-orchestrator",
prompt=f"""
Execute council review on: {TARGET}
Configuration:
- Reviewers: {REVIEWERS}
- Consensus threshold: {THRESHOLD}
- Compliance frameworks: {COMPLIANCE}
- Audit trail: {AUDIT}
- Output format: {FORMAT}
Execute full 3-stage pipeline:
1. Dispatch parallel specialized reviews
2. Conduct anonymous cross-evaluation
3. Generate chairman verdict with decision
Return structured verdict with:
- Decision: approve/request_changes/reject
- Aggregate score (0.0-1.0)
- Consensus level (Kendall's W)
- Blocking findings
- Recommendations
- Audit hash (if --audit)
"""
)
Options
| Option | Description | Default |
|---|---|---|
TARGET | File, directory, or glob pattern to review | Required |
--reviewers | Comma-separated reviewer types | security,compliance,performance,testing |
--threshold | Minimum consensus for approval (0.0-1.0) | 0.6 |
--compliance | Compliance frameworks (hipaa,soc2,fda,gdpr) | None |
--audit | Generate hash-chained audit trail | false |
--recursive | Review all files in directory | false |
--format | Output format (json,markdown,ci) | markdown |
--dry-run | Show what would be reviewed | false |
--parallel | Max concurrent file reviews | 4 |
Reviewer Types
| Type | Focus Areas | Use When |
|---|---|---|
security | OWASP Top 10, injection, auth, crypto | Always recommended |
compliance | Data handling, audit logs, access control | Regulated industries |
performance | Complexity, memory, I/O, concurrency | Performance-critical code |
testing | Coverage, edge cases, mock quality | All production code |
maintainability | Code style, documentation, patterns | Long-lived codebases |
Decision Thresholds
| Condition | Result |
|---|---|
| Any CRITICAL finding | REJECT |
| >3 HIGH findings | REQUEST_CHANGES |
| Aggregate score < 0.70 | REQUEST_CHANGES |
| Consensus < 0.50 + blocking findings | FLAG FOR HUMAN REVIEW |
| All pass + consensus >= threshold | APPROVE |
Examples
Standard Security Review
/council-review src/auth/login.rs --reviewers security,testing
Output:
COUNCIL VERDICT: APPROVE
Score: 0.85 | Consensus: 0.78 (HIGH)
Findings: 0 critical, 1 high, 3 medium
- [HIGH] Missing rate limiting on login endpoint (security)
- [MEDIUM] No test for failed login scenarios (testing)
Recommendations:
1. Add rate limiting middleware to /api/login
2. Add test cases for authentication failures
Compliance-Critical Review
/council-review src/patient_records/ --compliance hipaa --audit --recursive
Output:
COUNCIL VERDICT: REQUEST_CHANGES
Score: 0.62 | Consensus: 0.71 (GOOD)
Blocking Findings:
- [CRITICAL] PHI exposed in log statements (compliance)
- [HIGH] Missing audit trail for data access (compliance)
Audit Trail:
Chain Hash: 7a8b9c...
Signature: Required before merge
Recommendations:
1. Redact PHI from all log statements
2. Implement audit logging for patient data access
3. Add encryption at rest for patient records
CI/CD Integration
/council-review src/ --format ci --threshold 0.7
Output (for GitHub Actions):
{
"conclusion": "failure",
"title": "Council Review: REQUEST_CHANGES",
"summary": "Score: 0.65/1.0 | 2 blocking findings",
"annotations": [
{
"path": "src/api/handlers.rs",
"start_line": 42,
"end_line": 42,
"annotation_level": "failure",
"message": "[CRITICAL] SQL injection vulnerability"
}
]
}
Output Formats
Markdown (default)
Human-readable report with findings, scores, and recommendations.
JSON
Structured output for programmatic processing:
{
"decision": "approve",
"aggregate_score": 0.85,
"consensus_level": 0.78,
"blocking_findings": [],
"findings": [...],
"recommendations": [...],
"audit_hash": "sha256..."
}
CI
GitHub/GitLab compatible check output with annotations.
Integration
GitHub Actions
- name: Council Review
run: |
claude "/council-review src/ --format ci --threshold 0.7" > review.json
if jq -e '.decision != "approve"' review.json; then
echo "Review failed"
exit 1
fi
Pre-commit Hook
# .pre-commit-config.yaml
- repo: local
hooks:
- id: council-review
name: Council Review
entry: claude "/council-review --format ci"
language: system
types: [python, rust, typescript]
Related Components
- council-orchestrator agent - Coordinates 3-stage pipeline
- council-chairman agent - Synthesizes verdicts
- council-review skill - Core pattern implementation
- orchestrator-code-review agent - ADR compliance (alternative)
Comparison with Other Review Commands
| Command | Pattern | Best For |
|---|---|---|
/council-review | Multi-agent consensus | Compliance-critical, high-stakes |
/code-review | Single agent | Quick feedback, low risk |
/orchestrator-code-review | ADR compliance | CODITECT v4 standards |
Version History
| Version | Date | Changes |
|---|---|---|
| 1.0.0 | 2025-12-20 | Initial implementation |
Success Output
When council review completes:
✅ COMMAND COMPLETE: /council-review
Target: <file-or-directory>
Decision: <APPROVE|REQUEST_CHANGES|REJECT>
Score: X.XX/1.0
Consensus: X.XX (<HIGH|GOOD|LOW>)
Findings: X critical, Y high, Z medium
Reviewers: <list>
Completion Checklist
Before marking complete:
- Target files identified
- Reviewers dispatched
- Cross-evaluation completed
- Verdict synthesized
- Findings documented
Failure Indicators
This command has FAILED if:
- ❌ Target not found
- ❌ No reviewers available
- ❌ Consensus not reached
- ❌ No verdict generated
When NOT to Use
Do NOT use when:
- Quick feedback needed (use /code-review)
- Low-risk changes
- Single file with obvious fix
Anti-Patterns (Avoid)
| Anti-Pattern | Problem | Solution |
|---|---|---|
| Too many reviewers | Slow processing | Use 3-4 reviewers |
| Skip cross-evaluation | Biased results | Always stage 2 |
| Ignore blocking findings | Security risk | Address all critical |
Principles
This command embodies:
- #9 Based on Facts - Consensus scoring
- #3 Complete Execution - 3-stage pipeline
- #6 Clear, Understandable - Structured verdicts
Full Standard: CODITECT-STANDARD-AUTOMATION.md
Origin: Adapted from LLM Council pattern (Karpathy) with enterprise hardening Last Updated: 2025-12-20