Review the work against what was asked — before it ships.
lens is an in-session, intent-grounded review companion. It checks the current change against its own spec and plan — the question no diff-only reviewer can reach: did this build what was actually asked, and follow the plan? Every finding then survives an adversarial verification pass, and the result renders as an interactive review document.
claude plugin install lens@apurvbazari-pluginsJudged against intent, not just the patch
Run /lens:review [target] when you've finished a change and want a second, intent-aware opinion before you commit, push, or open a PR. lens resolves what you were trying to build — from the spec and plan — reads the actual diff and source, and judges the work on two axes a diff-only tool can't reach.
With no argument, lens reviews the working tree plus this branch's commits against the merge-base with the default branch. The optional target overrides the diff scope — a path, a ref, or a range. On top of spec adherence (does the change implement what the spec asked, no more and no less) and plan adherence (did it follow the plan it set out, or quietly diverge), it runs the usual correctness, risk, and test-gap checks — plus, via optional adapters, security, type, silent-failure, and comment checks.
Every candidate finding then survives an adversarial verification pass: an independent skeptic agent tries to refute it against real source, and only unrefuted findings make the report. The output is an interactive review document you read, then decide what to do — lens never decides for you.
The failure diff-only review can't catch
A bug-free implementation of the wrong spec is the failure that /code-review and external PR bots can never see. lens runs inside the live session that produced the code, so it can ask whether the work matches the intent — not just whether the patch is internally sound.
The brain and the eyes
lens is the brain — it judges. walkthrough is the eyes — it renders. lens does the reasoning (scope, intent, analysis, verification) and produces a structured review model; it then hands that model to walkthrough:render to become a self-contained interactive HTML review, in the same house style as every other walkthrough. Click a lane for detail.
Neither plugin imports the other. lens checks for walkthrough at runtime: present → the full interactive HTML review (annotated diff hunks, an adherence panel, a findings list, an overall verdict); absent → lens degrades gracefully to a self-contained markdown report with the same content. No install of walkthrough is required to use lens — walkthrough is an enhancer, never a dependency. lens calls only walkthrough's internal render skill, never create / update / document.
The five-stage review pipeline
Every /lens:review runs a fixed five-stage pipeline, all in-session. The judgment half (scope → intent → analyze → verify) lives in the data-only engine; the assemble stage builds the review-model and hands it to the renderer. Click any stage for detail.
SCOPE resolves the diff target; INTENT locates the spec + plan and builds an intent record (reconstructing from the transcript and marking adherence reconstructed if none is found); ANALYZE dispatches the finder subagents in parallel; VERIFY runs the adversarial refute pass and deduplicates — a finding that errors mid-verify is kept as unverified — flagged, never silently dropped; ASSEMBLE builds the review-model and renders it under .claude/lens/.
A three-tier finder registry
ANALYZE dispatches finders that all emit the same review-findings contract. Read-only is enforced at the dispatch boundary for every tier — an adapter or finder can report, never edit, stage, commit, or block.
Five finders — spec-adherence + plan-adherence (the wedge), correctness, risk-classify, test-gaps — plus the verifier. Findings-only by construction.
Runtime-detected, skipped silently when absent (e.g. the pr-review-toolkit agents). Most inherit write tools from their source, so each is constrained to findings-only at the boundary.
Extra finders specific to this codebase, registered in .claude/lens/settings.md and constrained findings-only at dispatch.
Then VERIFY runs the adversarial pass: each candidate finding goes to the independent verifier skeptic, prompted to refute it against real source. It emits a per-finding refute vote; the engine aggregates those votes into votes{total, couldNotRefute, refuted} and resolves each finding's verified bool. Only unrefuted findings survive into the report.
The review-findings contract
The engine emits, and the renderer consumes, a single canonical review-findings schema — a field-additive superset of vicario's, with a co-owned nine-value dimension enum (vicario's six requirements / correctness / security / types / silent-failure / simplify plus lens's test / risk / comment). Field-additive only: never rename or repurpose a vicario field, only add optional ones.
One skill, one hidden engine
lens has exactly two skills: the user-facing review and an internal engine. The six agents are the five built-in finders plus the adversarial verifier. No hooks, no scripts, no compiled code.
| Skill | Invocation | What it does |
|---|---|---|
| /lens:review | user auto | The one user-facing entry point. Runs the five-stage pipeline over the current change — the optional [target] overrides the diff scope. Delegates judgment to engine, then renders the review via walkthrough:render (markdown fallback). |
| engine | The data-only judgment core (user-invocable: false): scope → intent → analyze → verify → dedup → rank → return review-findings JSON. Writes nothing, never prompts — the reusable core a tool like vicario could consume directly. |
| Agent | Role | Dimension |
|---|---|---|
| spec-adherence | Does the change implement what the spec asked, no more and no less? | requirements |
| plan-adherence | Did it follow the plan it set out, or quietly diverge? | requirements |
| correctness | Logic, edge cases, and behavioural bugs in the diff. | correctness |
| risk-classify | Blast radius and risk of the change. | risk |
| test-gaps | Missing or inadequate test coverage for the new behaviour. | test |
| verifier | The adversarial skeptic — tries to refute each candidate finding against real source. Only unrefuted findings survive. | (verify pass) |
Read-only by contract
lens reads the diff and source, produces an artifact, and the human decides. It never commits, edits, stages, or blocks — there is no write path through any finder, adapter, or verify agent.
The only things lens writes are the rendered review artifact (HTML via walkthrough, or the markdown fallback) and .claude/lens/review-state.json. Read-only is enforced at the finder boundary.
On the first review in a repo, lens offers to add .claude/lens/ to .gitignore (the default offer, since artifacts can contain session content) and asks for a default output path. Both persist to .claude/lens/settings.md.
.claude/lens/review-state.json records prior findings and statuses, so a re-review of the same scope shows what's fixed, still open, or new — and the severity trend across runs.
Holds your gitignore choice, default output path, and the project-custom finder registry — the third tier specific to this codebase.
All lens state lives under .claude/lens/, in-repo and gitignored by default — mirroring walkthrough's and handoff's privacy model. There are no hooks, no shell scripts, and no compiled code: lens is markdown skills and agents over a JSON contract, consistent with the rest of the marketplace.
Run it before you push
/lens:review with no argument reviews the working tree plus this branch's commits against the merge-base — judging the diff against the spec and plan, then verifying every finding.
> /lens:review
scope working tree + branch commits vs merge-base (origin/main)
intent spec: docs/superpowers/specs/sms-parser-hdfc.md
plan: 7 steps → intent record built
analyze dispatch finders in parallel (built-in + adapters)
verify adversarial refute pass — 11 candidates → 7 survive
assemble review-model → walkthrough:render
→ .claude/lens/2026-06-13-review.html
Adherence spec ✓ plan ⚠ (step 5 diverged: caching added, not planned)
Findings 7 verified · 1 unverified — flagged
high 2 medium 3 low 2
Re-review 3 fixed · 2 still open · 2 new (severity trend ↓)
Verdict moderate — read the adherence panel before merging
→ you read the review. you decide. lens writes nothing to your code.What it is — and isn't
lens is an intent-grounded, in-session review companion — not a linter, not a CI gate, and nothing that writes to your code. Knowing the boundary keeps expectations honest.
It reads the diff and source, reconstructs what you were asked to build, verifies its own findings adversarially, and renders a review document for a human to act on.
The whole point is judging against spec and plan, not just the patch in isolation — that's the wedge a diff-only tool can never reach.
In v1 lens runs in your session, on demand. It does not run in CI and does not gate merges.
Read-only by contract — it never commits, edits, stages, or blocks. The only writes are the review artifact and review-state.json. You read; you decide.