molecule-ai/molecule-ai-plugin-molecule-skill-five-axis-review
34
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Five-axis self-review skill — Correctness/Readability/Architecture/Security/Performance. Replaces 'list 3 weakest spots' Phase 4 self-review with structured per-axis findings + severity. Ships the SOP into platform-dev workspaces.
4 Commits 2 Branches 2 Tags 40 KiB
Markdown 100%
main
Go to file
claude-ceo-assistant eca4c2511c
All checks were successful
CI / validate (push) Successful in 34s
Details
Merge pull request 'fix(skill): clarify Phase 4 wording + add validate-plugin CI gate' (#1) from fix/phase4-wording-and-ci-gate into main
2026-05-08 13:20:23 +00:00
.github/workflows fix(skill): clarify Phase 4 wording + add validate-plugin CI gate 2026-05-08 06:20:01 -07:00
skills/five-axis-review fix(skill): clarify Phase 4 wording + add validate-plugin CI gate 2026-05-08 06:20:01 -07:00
LICENSE Initial commit 2026-05-08 12:57:44 +00:00
plugin.yaml scaffold: molecule-skill-five-axis-review v1.0.0 2026-05-08 06:00:23 -07:00
README.md scaffold: molecule-skill-five-axis-review v1.0.0 2026-05-08 06:00:23 -07:00

README.md

molecule-skill-five-axis-review

Five-axis self-review skill for Phase 4 of the Molecule AI dev SOP. Replaces the unstructured "list 3 weakest spots" self-review with a per-axis pass that catches blind spots.

What it does

When invoked (typically before opening a PR), walks the diff through five axes and produces structured findings with severity:

  1. Correctness — edge cases, error paths, race conditions
  2. Readability — name clarity, control flow, dead code, misleading docstrings
  3. Architecture — abstractions, module boundaries, consistency with existing patterns
  4. Security — untrusted input, secret persistence, defense-in-depth
  5. Performance — hot-path costs, N+1, cache effectiveness

Empty axes need an explicit "no finding because X" — that's what catches blind spots.

Install

Add to a workspace's plugins: list in workspace.yaml:

plugins:
  - molecule-skill-five-axis-review

Or add to org-level defaults in org.yaml / dev-department.yaml:

defaults:
  plugins:
    - molecule-skill-five-axis-review
    - ... other plugins ...

The plugin UNIONs with workspace-level plugins per the platform's mergePlugins semantics.

How agents use it

The skill is invoked when an agent finishes a substantive change and is preparing to open a PR. The agent walks the five axes, writes findings, addresses Critical/Required items, then opens the PR with the self-review section in the description.

Why this exists

The original SOP Phase 4 said "list the three weakest spots." That biases toward visible surface issues (names, comments) and skips systematic ones (security boundaries, architectural fit). Structured five-axis review forces explicit attention to each category.

Real cases caught after retrofitting this skill (internal#77 dev-department extraction, 2026-05-08):

  • Cache-validity gap — partial cache write looked valid; would have hit production silently with no self-heal. Surfaced as Correctness finding.
  • Auth token persistence in .git/config — token in URL userinfo persisted on disk. Surfaced as Security finding.
  • Misleading function name after a mid-development refactor. Surfaced as Readability finding.

All three were missed by the same author's "three weakest" review pass on the same code. The structured pass caught them on the next reviewer-perspective sweep.

Refs

  • skills/five-axis-review/SKILL.md — the skill body
  • Molecule AI dev SOP — Phase 4 (canonical: molecule-ai/internal/runbooks/dev-sop.md)
  • molecule-skill-code-review — sibling plugin for reviewing OTHER people's PRs (this one is for self-review before opening yours)