vellum-change-review
$
npx mdskill add vellum-ai/vellum-assistant/vellum-change-reviewPrioritize bugs, behavioral regressions, security risks, migration gaps, broken package boundaries, and missing tests. Findings come before summaries. Avoid cosmetic feedback unless it affects correctness, maintainability, or user experience.
SKILL.md
.github/skills/vellum-change-reviewView on GitHub ↗
--- name: vellum-change-review description: Review Vellum Assistant code changes for correctness, repo-specific quality rules, security risks, and missing validation. Use when reviewing diffs, preparing a PR, finishing implementation work, or when the user asks for a code review, quality pass, or pre-merge check in this repository. --- # Vellum Change Review ## Review Stance Prioritize bugs, behavioral regressions, security risks, migration gaps, broken package boundaries, and missing tests. Findings come before summaries. Avoid cosmetic feedback unless it affects correctness, maintainability, or user experience. ## Required Checks 1. Inspect the actual diff before judging the change. 2. Identify which packages are affected: `assistant`, `gateway`, `clients`, `cli`, `skills`, `packages`, or `meta`. 3. Check package boundaries: - `assistant` must not import from `gateway` by relative path. - `gateway` must not import from `assistant` by relative path. - `assistant` and `skills` must not import each other directly. - Runtime code must not import from `meta`. 4. Check persistence changes: - DB schema or data changes need append-only DB migrations. - Workspace path, format, or file changes need append-only workspace migrations. - Migrations must be idempotent and registered. 5. Check feature flags: - New assistant flags must be declared in `meta/feature-flags/feature-flag-registry.json`. - Default-disabled or rollout-only features must not ship user-facing release notes. - New flags may require a companion platform PR. 6. Check user-facing text: - User-facing copy should say "assistant", not "daemon". - Examples must use generic names, emails, phone numbers, and IDs. 7. Check LLM/provider usage: - LLM calls must go through the provider abstraction. - Comments and logs should use provider-agnostic wording. 8. Check tests and verification: - Look for focused tests covering changed behavior. - Prefer scoped `bun test path/to/test.ts`; never suggest broad `bun test`. - Suggest `bunx tsc --noEmit` when type-level risk is broad. ## Review Output Use this structure: ```markdown ## Findings - [severity] `path`: issue, impact, and concrete fix. ## Open Questions - Any uncertainty that affects correctness or review confidence. ## Verification Gaps - Tests or checks that still need to run. ``` If no issues are found, say that clearly and still mention residual risk or unrun checks.
More from vellum-ai/vellum-assistant
- acpSpawn external coding agents via the Agent Client Protocol (ACP)
- amazonShop on Amazon and Amazon Fresh through your browser
- api-mappingRecord and analyze API surfaces of web services
- app-builderBuild and edit small, personal visual tools and artifacts — dashboards, trackers, calculators, data visualizations, charts, simple landing pages, and slide decks the user wants for THEMSELVES. This is the right skill whenever the user asks to "visualize this," "make a chart," or "build an artifact" for their own use, or to edit an app they already built here. Do NOT reach for a ui_show dynamic_page to fake an artifact — build a real persistent app here. NOT for complex, multi-user, or shippable products — those go to a real project folder with a coding agent (see Scope below).
- app-controlDrive a specific named macOS app via raw input bypassing the Accessibility tree
- assistant-migrationMigrate from ChatGPT, Claude, OpenClaw, Hermes, Manus, and other AI assistants into Vellum by inspecting their data exports, conversation archives, files, prompts, custom instructions, memory, saved memories, tools, GPTs, workflows, integrations, and relationships, then mapping as much as safely possible into Vellum primitives. Handles single-source and multi-source migrations with a unified, deduplicated inventory.
- chatgpt-importImport conversation history from ChatGPT into Vellum
- cli-discoverDiscover which CLI tools are installed, their versions, and authentication status
- computer-useControl the macOS desktop
- contactsManage contacts, communication channels, access control, and invite links