Add a rigorous code-review skill and agent for ready PRs

[coisa]

Problem

Fast Forward DevTools already packages reusable skills, project agents, and GitHub workflows for implementation, changelog maintenance, docs, README, tests, and consumer sync. What we still lack is a dedicated, rigorous code-review pass that can be invoked automatically when a pull request stops being a draft and becomes ready for review.

Today, that transition depends on ad-hoc human initiative or generic agent usage. That makes review depth inconsistent and leaves no repository-standard workflow for catching bugs, regressions, missing tests, incomplete docs, or workflow side effects before human reviewers spend time on the PR.

Proposal

Add a packaged code-review skill and a matching packaged project agent dedicated to high-signal, release-minded PR review, then wire that capability into the repository workflow so it can be triggered when a pull request leaves draft state and becomes ready for review.

Goals

• Provide a repository-standard code-review workflow focused on bugs, regressions, missing tests, output or CI risks, and documentation gaps.
• Make the review capability reusable both in this repository and in consumer repositories that synchronize packaged skills and agents.
• Trigger the review flow at the right lifecycle moment: when a PR becomes ready for review.
• Keep the review output actionable, deterministic, and easy for maintainers to consume.

Expected Behavior

When a pull request transitions from draft to ready for review, maintainers should be able to rely on a dedicated review agent workflow instead of a generic assistant invocation. The resulting review should prioritize concrete findings, file references, risks, missing coverage, and workflow or generated-output impacts, while avoiding low-signal summaries.

The same packaged capability should remain available for explicit manual invocation when maintainers want a fresh review pass on an already-open PR.

Implementation Strategy

1. Add a packaged skill focused on rigorous code review for Fast Forward repositories.
2. Add a packaged project agent that uses that skill as its procedural source of truth.
3. Define the review contract clearly: findings-first, severity-oriented, with emphasis on behavioral regressions, missing tests, missing docs, generated-output drift, and CI or workflow risks.
4. Integrate the capability into the PR lifecycle so it can run when a PR leaves draft state and becomes ready for review.
5. Document how the review capability is triggered automatically and how maintainers can invoke it manually.

Requirements

• The packaged skill MUST define a review workflow that prioritizes bugs, regressions, behavioral risks, missing coverage, missing documentation, and automation side effects over high-level summaries.
• The packaged project agent MUST expose that review behavior through a dedicated role prompt suitable for repository and consumer use.
• The ready-for-review trigger MUST be tied to the PR lifecycle transition itself, not to every draft update.
• The review output MUST include concrete findings with repository file references whenever possible.
• The review flow MUST call out generated artifacts, synced assets, wiki, docs, README, or workflow impacts when the PR touches them.
• The review capability MUST remain manually invokable outside the automatic trigger.

Non-goals

• Do not replace human code review or branch protection with the agent review.
• Do not run the rigorous review workflow on every draft update.
• Do not broaden this issue into generic PR automation unrelated to review quality.

Benefits

This gives the repository a repeatable, high-signal review pass at the moment a PR is actually ready for scrutiny. It should reduce reviewer load, improve consistency across repositories that consume DevTools assets, and catch regressions earlier in the lifecycle without forcing maintainers to remember custom prompts.

Acceptance Criteria

Functional Criteria

• A packaged code-review skill exists under .agents/skills/ with a documented, findings-first review workflow.
• A packaged project agent exists under .agents/agents/ for rigorous PR review and is aligned with the new skill.
• The review guidance explicitly prioritizes bugs, regressions, missing tests, missing docs, workflow risks, and generated-output impacts.
• The ready-for-review lifecycle transition can trigger the review capability automatically.
• Maintainers can still invoke the same review capability manually for an existing PR.
• README, AGENTS, docs, and any synchronized workflow or agent/skill metadata affected by the new capability are updated.

Architectural / Isolation Criteria

• MUST: The core logic MUST be isolated into dedicated classes or services instead of living inside command or controller entrypoints.
• MUST: Responsibilities MUST be separated across input resolution, domain logic, processing or transformation, and output rendering when the change is non-trivial.
• MUST: The command or controller layer MUST act only as an orchestrator.
• MUST: The implementation MUST avoid tight coupling between core behavior and CLI or framework-specific I/O.
• MUST: The design MUST allow future extraction or reuse with minimal changes.
• MUST: The solution MUST remain extensible without requiring major refactoring for adjacent use cases.