Plan-first AI code review with files × rules coverage.
Review Gauntlet is a plan-first coverage gate for AI code review. Before running reviewers, it builds a files × rules review matrix. Each cell represents a concrete review obligation: this file must be checked against this rule. Review Gauntlet then runs AI reviewers, static analyzers, or custom adapters against those cells, records evidence and findings, and only finalizes when the required coverage is complete.
Reviewers find issues. Review Gauntlet proves which files were checked against which rules.
The fastest way to review a repository:
Review Gauntlet is not a standalone reviewer. Before starting, install and authenticate an external review agent CLI such as opencode, install the matching Review Gauntlet skill or prompt guidance for that agent, and create an adapter config that tells Review Gauntlet how to call it.
# 1. Install the CLI (skip if already installed)
uv tool install review-gauntlet
# 2. Install/configure the external review agent separately, then create an adapter config
uvx review-gauntlet config init --preset opencode
# 3. Start a review session for the current repository
review-gauntlet init
# 4. Let Review Gauntlet drive the configured agent until the session completes
review-gauntlet run
# 5. Inspect the final checkpoint and findings if needed
review-gauntlet status
review-gauntlet findingsrun repeatedly asks Review Gauntlet for the next ready task, invokes the configured
external agent with that prompt, and stops when the active session has been finalized.
review still advances only one review batch at a time for lower-level or custom
workflows. verify-fixes re-checks findings marked fixed_pending_verification and
moves them to fixed_verified or reopened. finalize succeeds only after required
coverage is complete, live findings are closed, and status reports
can_finalize: true.
AI review tools usually generate comments from a diff. Review Gauntlet starts one layer earlier: it creates a review plan. It crosses files with review rules to build a coverage matrix, then runs reviewers against the required cells and records evidence for each completed review obligation.
| Tool type | Primary job |
|---|---|
| Codex Review / Open Code Review / opencode | Generate review comments |
| Static analyzers | Detect known rule violations |
| Review Gauntlet | Plan the review, build the files × rules matrix, track coverage, preserve evidence, and gate finalization |
Review Gauntlet is designed to work with reviewers, not compete with them.
Review Gauntlet makes code review plan-first and auditable.
- Define the review surface
- files, directories, diffs, commits, or other review targets
- Define the review rules
- security, correctness, maintainability, architecture, project-specific checks, or custom rules
- Build a review matrix
- each file × rule pair becomes a review cell
- Run reviewers
- AI reviewers, static analyzers, opencode, Codex-style agents, or custom adapters inspect assigned cells
- Track evidence and findings
- prompts, outputs, findings, coverage state, and unresolved issues are recorded
- Finalize only when complete
- Review Gauntlet only finalizes when required coverage is complete and live findings are closed
A review session does not work from the CLI alone. Install all required pieces first:
- install the
review-gauntletCLI - install and configure an external review agent CLI
- install the matching Review Gauntlet skill or prompt guidance for that agent
- add a discoverable adapter config such as
review-gauntlet.jsonc
uv tool install review-gauntletInstall the Review Gauntlet agent skill:
npx skills add tumf/review-gauntletReview Gauntlet discovers config automatically from
.review-gauntlet/config.jsonc, review-gauntlet.jsonc, or the XDG user config
directory. Starter presets are bundled in the installed package, so first-time users
can create a config without any extra setup.
Create a project config:
review-gauntlet config init --preset opencodeCreate a global default config instead:
review-gauntlet config init --global --preset opencodeInspect available presets and validate the effective config:
review-gauntlet config preset list
review-gauntlet config preset show opencode
review-gauntlet config validate
review-gauntlet config effective --format jsonUse --force to overwrite an existing generated config, --dry-run to preview the
write target and preset contents without creating files, and --output <path> to write
to a custom path. Edit the generated JSONC if your agent command or arguments differ, then
verify that review-gauntlet review runs end-to-end.
uvx review-gauntlet config init --preset opencode
# (install and authenticate the matching external review agent separately)
review-gauntlet init
review-gauntlet run
review-gauntlet statusuvx review-gauntlet config init --preset opencode is the package-based starter flow.
For regular use, install the CLI with uv tool install review-gauntlet so the same
command is available as review-gauntlet.
For regular use, install the CLI as review-gauntlet:
uv tool install review-gauntlet
review-gauntlet --helpUse this when you want the latest GitHub version or want to contribute:
git clone https://github.com/tumf/review-gauntlet.git
cd review-gauntlet
uv sync
make install
review-gauntlet --helpmake install installs the local package as the canonical review-gauntlet
command with uv tool install --reinstall ..
Start by choosing an explicit review target, then use run to execute ready tasks
through the configured external agent until the session is finalized:
# Review the current workspace diff.
review-gauntlet init --worktree
# Or review a branch/range.
review-gauntlet init --from main --to HEAD
# Or review the full repository.
review-gauntlet init --all
# Recommended: run ready tasks until the active session finalizes.
review-gauntlet run
# Inspect state and findings when debugging or auditing the result.
review-gauntlet status
review-gauntlet findings
# Abandon an accidental init without writing a checkpoint.
review-gauntlet cancel
run is the normal progression command. It does not change the constitution-backed
behavior of review: review advances exactly one review batch per invocation, and
run orchestrates repeated ready-task execution through the external agent. finalize
is still a gate, not a cleanup command: it fails until required coverage is complete
and live findings are closed. Use cancel only to abandon an accidental init; it
marks the session cancelled and clears the active-session marker without producing
checkpoint artifacts.
ready prints the next review prompt for CI systems, custom orchestrators, external
integrations, and debugging. Use it when you want to own the orchestration loop
outside Review Gauntlet:
review-gauntlet ready | opencode runA custom orchestrator can repeatedly call ready, but this is no longer the
recommended day-to-day workflow; prefer review-gauntlet run for normal session
progression.
The installed review-gauntlet command can generate completion scripts for common
interactive shells. Evaluate the script for the current session, or write it to the
location your shell startup files load.
Bash:
source <(review-gauntlet completion bash)Zsh:
review-gauntlet completion zsh > "${fpath[1]}/_review-gauntlet"
autoload -Uz compinit && compinitFish:
review-gauntlet completion fish > ~/.config/fish/completions/review-gauntlet.fishTarget selection happens on init; review only advances the active session once.
A bare init now uses .review-gauntlet/checkpoints/latest/status.json when a
complete usable checkpoint exists, reviewing from its review_base_commit to
HEAD. If no checkpoint exists, bare init reviews all eligible files. Scripts
that need the previous workspace-diff default must pass --worktree explicitly.
OCR-compatible target mappings are:
# Default review: latest finalized checkpoint -> HEAD, or all files for first review.
review-gauntlet init
# OCR workspace diff review: staged, unstaged, and untracked non-ignored files.
review-gauntlet init --worktree
# OCR branch/range review: files changed between two refs.
review-gauntlet init --from main --to HEAD
# OCR single-commit review: files changed by one commit.
review-gauntlet init --commit <commit-oid>
# review-gauntlet-only full repository review: every eligible inventory file.
review-gauntlet init --all
# Recommended: orchestrate ready tasks with the configured external agent.
review-gauntlet run
# Execute exactly one review step for lower-level/custom workflows.
review-gauntlet review
# Select at most 20 cells for this run and execute up to 4 adapter calls at once.
review-gauntlet review --budget 20 --concurrency 4After a run or review step, inspect session state and findings, optionally record human finding decisions, and finalize only when both coverage and findings are closed:
review-gauntlet status
review-gauntlet findings
review-gauntlet mark <finding-id> fixed --reason "fixed in follow-up"
review-gauntlet verify-fixes
review-gauntlet finalize
# Finalize writes Git-reviewable JSON/Markdown snapshots atomically.
git add .review-gauntlet/checkpoints/latest
# If init targeted the wrong work, cancel instead of finalizing.
review-gauntlet cancelcancel is the supported way to abandon an active session that was initialized by
mistake. It records sessions.state = 'cancelled' in the ledger and removes
.review-gauntlet/active-session.json, so later status, review, and ready
commands behave as no-active-session until a new init. Unlike finalize, it does
not write checkpoints or claim review completion.
status reports coverage as counts of review cells by state:
| Coverage state | Meaning |
|---|---|
pending |
The file × rule cell still needs review. |
reviewed |
The cell has been reviewed against the current file digest. |
stale |
The file changed after review, so the cell must be reviewed again. |
superseded |
The old persisted cell is no longer part of the current target plan. |
findings reports open findings by default; pass --all to include terminal
findings. Each finding row includes:
| Field | Meaning |
|---|---|
finding_id |
Stable Review Gauntlet finding id, such as RGF-.... |
fingerprint |
Deduplication key derived from repository, target, path, rule, claim, code anchor, and ruleset. |
state |
Finding lifecycle state. Open states are untriaged, confirmed, fixed_pending_verification, and reopened; terminal states are fixed_verified, false_positive, waived, and accepted_risk. |
path |
Repository-relative file path for the latest occurrence. |
rule_id |
Review rule that produced the finding. |
content |
Reviewer-provided finding text. |
metadata |
JSON metadata recorded by human decisions, such as owner or expiration. |
start_line / end_line |
Latest line range, or 0 when no precise range is available. |
imprecise |
Whether the latest location is approximate. |
Successful finalize requires both coverage and live findings to be closed and
review-universe files to match HEAD; dirty tracked, staged, unstaged, or
untracked eligible files block checkpoint creation. It writes
status.json, findings.json, events.json, and summary.md under a generated
checkpoint directory such as .review-gauntlet/checkpoints/<checkpoint_id>/, then updates
.review-gauntlet/checkpoints/latest as a pointer to that checkpoint and clears the
active session so the next command is review-gauntlet init. There is intentionally
no separate checkpoint command.
review --concurrency defaults to 3 and must be a positive integer. --budget
still caps the total cells selected for one review run; --concurrency only limits
how many of those selected adapter invocations run at the same time. It does not
automatically pass a concurrency flag through to the nested external adapter
command.
The inventory, plan, and report commands remain available for compatibility
and inspection. Use them to inspect file discovery, review slicing, and report
rendering; they are not the normal day-to-day review lifecycle.
Inspect the current repository inventory and classification:
review-gauntlet inventoryInspect the legacy review plan with slices and required checks:
review-gauntlet planRender the legacy markdown matrix report:
review-gauntlet reportInventory discovery keeps Git behavior intact: Git-backed repositories still use
git ls-files --cached --others --exclude-standard with the existing bounded
subprocess timeout, so .gitignore and other exclude-standard rules apply before
review-gauntlet's built-in filters.
The built-in artifact filter removes generated or dependency paths from both full
inventory and target-scoped inventory. This includes Python/editor/cache outputs
such as .review-gauntlet/, __pycache__/, .ruff_cache/, build/, dist/,
wheels/, htmlcov/, and OCR-inspired dependency/build staging paths such as
vendor/, node_modules/, target/, .happypack/, .cachefile/, _packages/,
rpm/, pkgs/, and oh_modules/.
Review sessions apply an additional default review-path filter when creating cells
and digests. Files can remain classifiable in general inventory, but init omits
openspec/, tests/, and docs/ by default, as well as common OCR-style test or
generated paths such as __tests__/, *_test.go, *Test.java, *Test.kt,
*.spec.ts, *.test.tsx, test_*.py, *_spec.rb, *.spec.ets, and
*.test.ets. Review cells and target digests also omit common package manifests
and lock files such as uv.lock, poetry.lock, requirements*.txt,
package.json, package-lock.json, yarn.lock, pnpm-lock.yaml, Cargo.toml,
Cargo.lock, go.mod, go.sum, pom.xml, Gemfile.lock, composer.lock,
Package.resolved, pubspec.lock, mix.lock, vcpkg.json, flake.lock,
stack.yaml.lock, Manifest.toml, and renv.lock. These package files are not
removed from general inventory unless another artifact or Git ignore rule excludes
them. Normal source files and package-adjacent executable logic files such as
setup.py, build.gradle, mix.exs, and build.zig remain eligible for review
cells.
review discovers configuration in this order: explicit --config,
.review-gauntlet/config.jsonc, .review-gauntlet/config.json,
review-gauntlet.jsonc, review-gauntlet.json,
$XDG_CONFIG_HOME/review-gauntlet/config.jsonc, then
$XDG_CONFIG_HOME/review-gauntlet/config.json. When XDG_CONFIG_HOME is unset
or empty, the global fallback base is ~/.config, so the JSONC fallback path is
~/.config/review-gauntlet/config.jsonc. Repository-local configuration always
wins over global XDG configuration, and discovery only reads existing files; it
never creates global config directories or files. The command adapter uses argv
arrays and never shell strings; provider login, model choice, and secrets stay
inside the external CLI configuration.
Minimal JSONC configuration for opencode file-json verdicts:
The generated OCR prompt is expanded into {prompt} as one argv element. Prompt
artifacts are still written for audit evidence, but prompt-file transport is not
part of the command adapter contract. cwd, env, timeout_seconds, and
quiet_timeout_seconds are optional escape hatches: omitted cwd inherits the
caller's current working directory, omitted env inherits the parent environment
without fixed automatic variables, and explicit env values override that
inherited environment. Omitted timeout_seconds defaults to 3600 seconds / 60
minutes of total adapter wall-clock runtime. Omitted quiet_timeout_seconds
defaults to 600 seconds / 10 minutes without stdout or stderr output; either
stdout or stderr output resets the quiet timeout. The TUI may show an agent as
quiet before that threshold, but quiet display is a running/alive state rather
than a failure.
Use adapter.env when the configured agent command needs environment variables
that should travel with the Review Gauntlet config, such as model selection,
feature flags, or wrapper-specific paths:
{
"adapter": {
"type": "command",
"command": "opencode",
"args": ["run", "{prompt}"],
"env": {
"OPENCODE_MODEL": "anthropic/claude-sonnet-4",
"REVIEW_GAUNTLET_REPO": "{repo_root}",
"REVIEW_GAUNTLET_STATE": "{state_dir}"
}
}
}Environment values are expanded with the same template syntax as adapter arguments. They are added on top of the parent process environment, so they can also override inherited variables. Keep provider credentials in the external CLI or secret manager rather than committing them to project config.
The verdict must be JSON with OCR-style comments:
{"comments":[{"path":"src/app.py","content":"Issue","start_line":1,"end_line":1}]}Supported template variables include {repo_root}, {state_dir}, {run_id},
{run_dir}, {cell_id}, {cell_dir}, {prompt}, {output_file},
{file_path}, and {rule_id}.
uv sync
make check
make format
make lint
make typecheck
make test
make coverageReview Gauntlet treats review as a stateful coverage workflow:
- initialize a session from an explicit target set
- classify eligible files into review slices and coverage cells
- run exactly one review step at a time through an external command adapter
- record prompts, outputs, findings, and coverage state as audit evidence
- finalize only after required coverage and live findings are closed
External review tools are integrated through the command adapter rather than hard-coded runners. The adapter accepts argv arrays, expands review artifacts into safe template variables, and supports JSON verdicts written to stdout or files so CLIs such as opencode, Codex-style tools, static analyzers, or custom wrappers can participate without review-gauntlet owning provider login or secret management.
{ "adapter": { "type": "command", "command": "opencode", "args": ["run", "{prompt}"], "output": {"mode": "file-json", "path": "{output_file}"} } }