feat(commands): add output format constraints and task budgets

[rjmurillo]

Summary

• Add invocation_limits to pr-review-config.yaml: all_open_max_prs (5), completion_gate_max_retries (3) with escalation actions
• Add output_constraints to pr-review-config.yaml: per-PR token cap (4096), summary format and required columns
• Update pr-review.md to enforce PR cap, retry limits, output constraints, and structured summary format
• Add Completion Criteria and Stop Condition sections to context-hub-setup.md

Closes #1668

Supersedes #1717. That branch was contaminated with 13 unrelated commits from a foreign repo (1,016,442 false deletions). This is a clean cherry-pick of commit 13fe83a.

Test plan

• CI passes
• pr-review-config.yaml contains invocation_limits and output_constraints
• context-hub-setup.md contains Completion Criteria and Stop Condition sections

🤖 Generated with Claude Code

[gemini-code-assist]

Code Review

This pull request updates the PR review and Context Hub setup workflows by introducing invocation limits, output constraints, and explicit completion criteria. Key changes include capping the number of open PRs processed at once and implementing retry logic for completion gates. A logic flaw was identified in the overflow action for open PRs, which could cause a processing loop; the feedback suggests modifying the instruction to have users specify PR numbers for subsequent runs.

[Copilot]

Pull request overview

Adds explicit budgets and output constraints to the PR review command configuration and documentation, preventing unbounded multi-PR work and runaway retry loops.

Changes:

• Introduces invocation_limits in pr-review-config.yaml (cap all-open PR count, limit completion gate retries, define escalation actions).
• Introduces output_constraints in pr-review-config.yaml (per-PR response token cap and structured summary requirements).
• Updates command docs to enforce these limits and adds completion and stop criteria to context hub setup.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.

File	Description
.claude/commands/pr-review.md	Documents PR cap, per-PR output budget, summary format requirements, and completion gate retry limit.
.claude/commands/pr-review-config.yaml	Adds config-driven invocation limits and output constraints referenced by the PR review command.
.claude/commands/context-hub-setup.md	Adds explicit completion criteria and a stop condition to prevent open-ended setup guidance.

[github-actions]

PR Validation Report

Note

✅ Status: PASS

Description Validation

Check	Status
Description matches diff	PASS

PR Standards

Check	Status
Issue linking keywords	PASS
Template compliance	WARN

QA Validation

Check	Status
Code changes detected	True
QA report exists	false

⚡ Warnings

• Template compliance: 1/4 sections complete
• QA report not found for code changes (recommended before merge)

---

_{Powered by PR Validation workflow}

[github-actions]

AI Quality Gate Review

Tip

✅ Final Verdict: PASS

Walkthrough

This PR was reviewed by six AI agents in parallel, analyzing different aspects of the changes:

• Security Agent: Scans for vulnerabilities, secrets exposure, and security anti-patterns
• QA Agent: Evaluates test coverage, error handling, and code quality
• Analyst Agent: Assesses code quality, impact analysis, and maintainability
• Architect Agent: Reviews design patterns, system boundaries, and architectural concerns
• DevOps Agent: Evaluates CI/CD, build pipelines, and infrastructure changes
• Roadmap Agent: Assesses strategic alignment, feature scope, and user value

Review Summary

Agent	Verdict	Category	Status
Security	PASS	N/A	✅
QA	PASS	N/A	✅
Analyst	PASS	N/A	✅
Architect	PASS	N/A	✅
DevOps	PASS	N/A	✅
Roadmap	PASS	N/A	✅

💡 Quick Access: Click on individual agent jobs (e.g., "🔒 security Review", "🧪 qa Review") in the workflow run to see detailed findings and step summaries.

Security Review Details

Security Review: PR #1786

PR Type Classification

File	Category	Security Scrutiny
.claude/commands/context-hub-setup.md	DOCS	None required
.claude/commands/pr-review-config.yaml	CONFIG	Schema and secrets only
.claude/commands/pr-review.md	DOCS	None required

Analysis

CONFIG file review (pr-review-config.yaml):

• invocation_limits: Static integers (5, 3) and descriptive strings. No executable code.
• output_constraints: Static integer (4096), string ("table"), and array of column names. All are configuration values, not code paths.
• The "overflow_action" fields are human-readable instructions, not code to be executed.

DOCS file review (context-hub-setup.md, pr-review.md):

• Documentation updates describing completion criteria and stop conditions.
• No executable code, no secrets, no sensitive data exposure.
• Commands shown (claude mcp list, grep -i forgetful) are example verification steps, not injected code.

Findings

Severity	Category	Finding	Location	CWE
-	-	No security issues identified	-	-

Recommendations

None required. The changes are configuration values and documentation.

Verdict

VERDICT: PASS
MESSAGE: CONFIG and DOCS changes only. No secrets, no injection vectors, no executable code paths affected.

{
  "verdict": "PASS",
  "message": "CONFIG and DOCS changes only. No secrets, no injection vectors, no executable code paths affected.",
  "agent": "security",
  "timestamp": "2026-04-26T20:18:02.108Z",
  "findings": []
}

QA Review Details

Now let me check if there are any tests related to these files:

Based on the diff provided in the PR description, I have all the information needed to complete the QA review.

---

QA Review: PR #1786

PR Type Classification

PR TYPE: CONFIG + DOCS (MIXED)
FILES:
- CONFIG: .claude/commands/pr-review-config.yaml (YAML configuration)
- DOCS: .claude/commands/pr-review.md (command documentation)
- DOCS: .claude/commands/context-hub-setup.md (command documentation)

Analysis

Changed Files:

1. pr-review-config.yaml - Adds two new YAML sections (invocation_limits, output_constraints) with configuration values
2. pr-review.md - Documentation updates referencing the new config keys
3. context-hub-setup.md - Documentation additions (Completion Criteria and Stop Condition sections)

Test Coverage Assessment

Area	Status	Evidence	Files Checked
Unit tests	N/A - CONFIG/DOCS	No executable code added	All 3 files
Edge cases	N/A	Configuration values only	pr-review-config.yaml
Error paths	N/A	No error handling code	N/A
Assertions	N/A	No testable logic	N/A

Rationale: This PR adds:

• YAML configuration data (static key-value pairs)
• Markdown documentation (prose instructions)

Neither contains executable code paths that require unit tests. The pr-review.md and context-hub-setup.md files are command documentation consumed by Claude Code agents at runtime, not executable scripts.

Code Quality Assessment

Metric	Value	Status
YAML syntax	Valid	[PASS]
Documentation structure	Consistent tables and sections	[PASS]
Config-doc alignment	References match (invocation_limits.all_open_max_prs etc.)	[PASS]

Quality Concerns

Severity	Issue	Location	Evidence	Required Fix
LOW	Comment documents constraint but lacks enforcement	pr-review-config.yaml:127	# Only "table" is supported today	Consider schema validation in future

Regression Risk Assessment

• Risk Level: Low
• Affected Components: /pr-review command behavior, /context-hub-setup termination logic
• Breaking Changes: None. New config keys are additive. Commands will use defaults if keys missing.
• Required Testing: Manual invocation of /pr-review all-open to verify cap enforcement

Pre-executed Test Results

• pytest: 7236 passed, 3 skipped (97.9% pass rate)
• Status: [PASS] - No regressions detected

---

VERDICT: PASS
MESSAGE: Configuration and documentation changes are internally consistent with no executable code requiring tests.

PR TYPE: MIXED (CONFIG + DOCS)

EVIDENCE:
- Tests found: N/A - no new executable code added
- Test execution: PASS (7236/7239 pytest, 3 skipped)
- Edge cases: N/A - configuration values only
- Error handling: N/A - no error paths introduced
- Blocking issues: 0

{
  "verdict": "PASS",
  "message": "Configuration and documentation changes are internally consistent with no executable code requiring tests.",
  "agent": "qa",
  "timestamp": "2026-04-26T20:18:45Z",
  "findings": [
    {
      "severity": "low",
      "category": "code-quality",
      "description": "Comment documents summary_format constraint but enforcement relies on agent compliance rather than schema validation",
      "location": ".claude/commands/pr-review-config.yaml:127",
      "recommendation": "Consider adding JSON schema validation for allowed_values in future iteration"
    }
  ]
}

Analyst Review Details

Now I have the full context of the files. Let me analyze the PR changes.

---

PR #1786 Analysis: Output Format Constraints and Task Budgets

Code Quality Score

Criterion	Score (1-5)	Notes
Readability	5	Clear YAML keys with descriptive names; inline comments explain constraints
Maintainability	5	Config-driven design allows future changes without code edits
Consistency	5	Follows existing YAML structure patterns in pr-review-config.yaml
Simplicity	4	Single purpose per config block; summary_format_allowed_values adds slight redundancy for forward-compatibility

Overall: 4.75/5

Impact Assessment

• Scope: Module-wide (pr-review command ecosystem)
• Risk Level: Low
• Affected Components:
  • .claude/commands/pr-review.md (workflow instructions)
  • .claude/commands/pr-review-config.yaml (configuration)
  • .claude/commands/context-hub-setup.md (completion semantics)

Findings

Priority	Category	Finding	Location
Low	Documentation	completion_gate_overflow_action uses "Escalate" which aligns with PR description but could specify output format	pr-review-config.yaml:123
Low	Maintainability	summary_format_allowed_values: ["table"] and summary_format: "table" duplicate info, but comment explains this is intentional for extensibility	pr-review-config.yaml:127-129

Positive Observations

1. Bounded execution: all_open_max_prs: 5 and completion_gate_max_retries: 3 prevent runaway loops
2. Token budget: per_pr_max_response_tokens: 4096 prevents context exhaustion
3. Clear escalation path: Overflow actions are human-readable instructions
4. Forward-compatible design: Comment on line 127 explicitly documents the coupling between config and pr-review.md Step 6
5. Stop condition: context-hub-setup.md now has explicit termination criteria, preventing infinite re-checks

Recommendations

1. No blocking changes required. The PR is clean and well-structured.

Verdict

VERDICT: PASS
MESSAGE: Clean addition of execution limits and output constraints with proper documentation coupling.

{
  "verdict": "PASS",
  "message": "Clean addition of execution limits and output constraints with proper documentation coupling.",
  "agent": "analyst",
  "timestamp": "2026-04-26T20:18:08.094Z",
  "findings": [
    {
      "severity": "low",
      "category": "documentation",
      "description": "completion_gate_overflow_action could specify output format for escalation message",
      "location": "pr-review-config.yaml:123",
      "recommendation": "Consider adding expected format (e.g., table, bullet list) for the escalation summary"
    },
    {
      "severity": "low",
      "category": "maintainability",
      "description": "summary_format and summary_format_allowed_values duplicate 'table' value",
      "location": "pr-review-config.yaml:127-129",
      "recommendation": "Acceptable as-is; comment explains intentional coupling for extensibility"
    }
  ]
}

Architect Review Details

Design Quality Assessment

Aspect	Rating (1-5)	Notes
Pattern Adherence	5	Config-driven behavior follows DRY. Single source of truth in YAML.
Boundary Respect	5	Changes contained to command config layer. No cross-layer violations.
Coupling	5	Config values referenced by name, not hardcoded. Loose coupling maintained.
Cohesion	5	invocation_limits and output_constraints are logically grouped.
Extensibility	5	summary_format_allowed_values anticipates future formats with explicit guard.

Overall Design Score: 5/5

Architectural Concerns

Severity	Concern	Location	Recommendation
Low	Comment in YAML couples update points	pr-review-config.yaml:127	Acceptable. Comment documents co-evolution requirement.

Breaking Change Assessment

• Breaking Changes: No
• Impact Scope: None
• Migration Required: No
• Migration Path: N/A

The changes are additive. Existing behavior unchanged for users who do not specify all-open with >5 PRs.

Technical Debt Analysis

• Debt Added: Low
• Debt Reduced: Medium
• Net Impact: Improved

The PR reduces technical debt by formalizing implicit constraints (PR caps, retry limits, token budgets) into explicit, documented configuration. Previously unbounded loops now have explicit termination conditions.

ADR Assessment

• ADR Required: No
• Decisions Identified: Resource bounding for agent invocations (PR caps, retry limits, token caps)
• Existing ADR: None found for agent resource limits
• Recommendation: N/A. The decisions are operational parameters, not architectural patterns. Values are configurable and reversible.

Recommendations

1. No changes required. The design is sound.

Verdict

VERDICT: PASS
MESSAGE: Additive config changes follow established patterns with clear extensibility guards.

{
  "verdict": "PASS",
  "message": "Additive config changes follow established patterns with clear extensibility guards.",
  "agent": "architect",
  "timestamp": "2026-04-26T20:17:00Z",
  "findings": []
}

DevOps Review Details

DevOps Review: PR #1786

PR Scope Detection

File	Category	Review Scope
.claude/commands/pr-review-config.yaml	CONFIG	Schema validation
.claude/commands/pr-review.md	DOCS	Documentation accuracy
.claude/commands/context-hub-setup.md	DOCS	Documentation accuracy

Classification: CONFIG + DOCS PR. No workflows, actions, or scripts modified.

---

Pipeline Impact Assessment

Area	Impact	Notes
Build	None	No build files changed
Test	None	No test infrastructure changes
Deploy	None	No deployment config changes
Cost	None	No CI resource changes

---

CI/CD Quality Checks

Check	Status	Location
YAML syntax valid	✅	pr-review-config.yaml
Config structure consistent	✅	pr-review-config.yaml:119-130
Doc-config alignment	✅	pr-review.md references config correctly
No secrets exposed	✅	N/A (no secrets in changes)

---

Findings

Severity	Category	Finding	Location	Fix
Low	templates	Comment explains maintenance coupling	pr-review-config.yaml:127	None needed (good practice)

---

Template Assessment

• PR Template: N/A (not modified)
• Issue Templates: N/A (not modified)
• Command Docs: Adequate. Completion criteria and stop conditions are clear and actionable.

---

Automation Opportunities

Opportunity	Type	Benefit	Effort
None identified	N/A	N/A	N/A

The changes already improve automation by adding explicit limits and overflow handling.

---

Detailed Analysis

Config Changes (pr-review-config.yaml:119-130):

• invocation_limits.all_open_max_prs: 5 prevents runaway processing
• completion_gate_max_retries: 3 adds bounded retry logic
• output_constraints.per_pr_max_response_tokens: 4096 caps token usage
• summary_required_columns ensures consistent output format
• Inline comment on line 127 documents maintenance coupling between config and pr-review.md

Documentation Changes (pr-review.md):

• Step 1 correctly references invocation_limits.all_open_max_prs
• Step 4 correctly references output_constraints.per_pr_max_response_tokens
• Step 6 correctly references output_constraints.summary_format and summary_required_columns
• Completion Gate section correctly references invocation_limits.completion_gate_max_retries

Documentation Changes (context-hub-setup.md):

• Completion Criteria table is well-structured with verification steps
• Stop Condition prevents infinite loops in agent execution
• Both sections follow project documentation standards

---

Recommendations

1. No changes required. The PR is well-structured with consistent cross-references between config and documentation.

---

Verdict

VERDICT: PASS
MESSAGE: CONFIG+DOCS PR with valid YAML structure, consistent cross-references, and clear completion criteria.

---

{
  "verdict": "PASS",
  "message": "CONFIG+DOCS PR with valid YAML structure, consistent cross-references, and clear completion criteria.",
  "agent": "devops",
  "timestamp": "2026-04-26T20:17:57.125Z",
  "findings": []
}

Roadmap Review Details

Now I have sufficient context to provide the roadmap review assessment.

---

Strategic Alignment Assessment

Criterion	Rating	Notes
Aligns with project goals	High	Improves agent reliability and predictability by adding guard rails to pr-review command
Priority appropriate	High	Addresses operational efficiency for a heavily used command (closes #1668)
User value clear	High	Prevents runaway agent behavior, bounded resource consumption, clear completion states
Investment justified	High	Small scope (3 files), high leverage (affects all pr-review invocations)

Feature Completeness

• Scope Assessment: Right-sized
• Ship Ready: Yes
• MVP Complete: Yes
• Enhancement Opportunities: Future config values for summary_format (currently table-only, with clear extension path documented)

Impact Analysis

Dimension	Assessment	Notes
User Value	High	Prevents token exhaustion, infinite retry loops, and unclear completion states
Business Impact	Medium	Reduces operational friction for maintainers using pr-review
Technical Leverage	High	Establishes patterns (invocation_limits, output_constraints) reusable by other commands
Competitive Position	Neutral	Internal tooling improvement, no competitive dimension

Concerns

Priority	Concern	Recommendation
Low	all_open_max_prs: 5 may be conservative for repos with many PRs	Acceptable starting point. Users can specify explicit PR numbers for overflow.
Low	No config validation schema	Consider adding YAML schema validation in a follow-up PR if config complexity grows.

Recommendations

1. This change addresses a real operational pain point: unbounded pr-review runs that exhaust context or retry infinitely.
2. The config-driven approach is correct. Values are tunable without code changes.
3. The completion criteria and stop condition additions to context-hub-setup.md follow the same pattern and prevent similar issues in that command.

Verdict

VERDICT: PASS
MESSAGE: Change delivers bounded execution, explicit completion criteria, and output constraints that improve operational predictability for pr-review users.

{
  "verdict": "PASS",
  "message": "Change delivers bounded execution and output constraints that improve operational predictability for pr-review command.",
  "agent": "roadmap",
  "timestamp": "2026-04-26T20:17:00Z",
  "findings": [
    {
      "severity": "low",
      "category": "scope",
      "description": "all_open_max_prs default of 5 may be conservative for high-volume repos",
      "location": ".claude/commands/pr-review-config.yaml:120",
      "recommendation": "Acceptable starting point. Monitor usage and adjust if needed."
    },
    {
      "severity": "low",
      "category": "investment",
      "description": "No YAML schema validation for pr-review-config.yaml",
      "location": ".claude/commands/pr-review-config.yaml",
      "recommendation": "Consider adding JSON Schema validation in a follow-up if config complexity grows."
    }
  ]
}

---

Run Details

Property	Value
Run ID	24966021777
Triggered by	pull_request on 1786/merge
Commit	84df49f14d99b8fa7688c660363f1ee5f21d85a0

_{Powered by AI Quality Gate workflow}

[rjmurillo]

Review Triage Required

Note

Priority: NORMAL - Human approval required before bot responds

Review Summary

Source	Reviews	Comments
Human	1	3
Bot	1	1

Next Steps

1. Review human feedback above
2. Address any CHANGES_REQUESTED from human reviewers
3. Add triage:approved label when ready for bot to respond to review comments

---

_{Powered by PR Maintenance workflow - Add triage:approved label}