OpenSkillIndex← back to search
claude-codedevelopment

Claude-skill-registry deferred-finding

Use when a review finding cannot be fixed in current PR - creates properly documented tracking issue with full context, linked to parent, following full issue-driven-development process

install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/deferred-finding" ~/.claude/skills/majiayu000-claude-skill-registry-deferred-finding-09ebef && rm -rf "$T"
manifest: skills/data/deferred-finding/SKILL.md
tags
#code-review#issue-tracking#deferral-process#development
source content

Deferred Finding

Overview

Process for creating tracking issues when review findings cannot be addressed in the current PR.

Core principle: No finding disappears. Every deferral is tracked.

ABSOLUTE REQUIREMENT: Deferred findings MUST have tracking issues. There is no other option.

When to Defer

A finding may ONLY be deferred when:

Valid ReasonExample
Out of scopeFinding requires architectural change beyond PR scope
External dependencyRequires infrastructure/config change
Breaking changeWould require major version bump
Separate concernLogically independent from current work

Never Defer Without Tracking

Invalid ApproachReality
"We'll fix it later"Without tracking, later never comes
"It's minor"Minor issues compound into major problems
"Not my problem"You found it, you track it
"Good enough"Good enough creates technical debt

Deferral Process

Step 1: Verify Deferral is Appropriate

Ask yourself:

  • Can this reasonably be fixed in this PR? If yes, FIX IT.
  • Is there a valid reason from the "When to Defer" table?
  • Have you tried to fix it first?

Step 2: Determine Finding Details

Document:

  • What is the finding?
  • Why is it a problem?
  • Where in the code?
  • What's the severity?
  • Why can't it be fixed now?

Step 3: Create Tracking Issue

Use this template:

## [Finding] [Brief description] (from #[PARENT])

### Origin

This issue was created during code review of #[PARENT_ISSUE].

| Property | Value |
|----------|-------|
| Parent Issue | #[PARENT_ISSUE] |
| Parent PR | #[PARENT_PR] (if exists) |
| Finding ID | F-[PARENT]-[N] |
| Severity | [CRITICAL/HIGH/MEDIUM/LOW] |
| Review Criterion | [Which of 7 criteria OR OWASP category] |
| Depth | [N] |

### Finding Details

**What was found:**
[Detailed description of the issue - be specific]

**Location:**
- File: `[path/to/file.ts]`
- Line(s): [N-M]
- Function: `[functionName()]`

**Why it matters:**
[Impact if not addressed - be concrete]

**Evidence:**
```[language]
[Code snippet showing the issue]

Why Deferred

[Explain why this cannot be fixed in the parent PR]

ReasonDetails
Category[out-of-scope / external-dependency / breaking-change / separate-concern]
Justification[Specific explanation]

Acceptance Criteria

  • [Specific criterion 1 - must be verifiable]
  • [Specific criterion 2]
  • [How to verify the fix]

Links

  • Parent Issue: #[PARENT_ISSUE]
  • Review Comment: [Link to review artifact if applicable]

Labels: 

review-finding
, 
spawned-from:#[PARENT]
, 
depth:[N]
, 
[severity]

This issue follows the full issue-driven-development process including its own code review.


### Step 4: Create Issue via CLI

```bash
gh issue create \
  --title "[Finding] Rate limiting needed on auth endpoint (from #123)" \
  --body "$(cat <<'EOF'
[Full template body here]
EOF
)" \
  --label "review-finding" \
  --label "depth:1" \
  --label "high"

Note: Create the 

spawned-from:#N
label if it doesn't exist:

gh label create "spawned-from:#123" --color "C2E0C6" --description "Spawned from issue #123" 2>/dev/null || true
gh issue edit [NEW_ISSUE] --add-label "spawned-from:#123"

Step 5: Update Review Artifact

Add the new issue to the "Findings Deferred" section:

### Findings Deferred (With Tracking Issues)

| # | Severity | Finding | Tracking Issue | Justification |
|---|----------|---------|----------------|---------------|
| 1 | HIGH | Rate limiting needed | #456 | Requires infrastructure changes |

Step 6: Update Parent Issue (If Deviation Required)

If the deferred finding BLOCKS the parent PR (e.g., critical security issue):

# Add awaiting label
gh issue edit 123 --add-label "status:awaiting-dependencies"

# Post deviation comment
gh issue comment 123 --body "$(cat <<'EOF'
## Deviation: Awaiting Dependencies

This issue cannot proceed until deferred findings are resolved.

| Property | Value |
|----------|-------|
| Blocked At | Step 9 (Code Review) |
| Dependencies | #456 |
| Reason | Critical deferred finding blocks PR |

Work will resume when #456 is complete.
EOF
)"

Tracking Issue Lifecycle

Once created, the tracking issue:

  1. Is a first-class issue - Full issue-driven-development process
  2. Gets its own review - Cannot skip comprehensive-review
  3. May create its own deferrals - Depth increments
  4. Closes independently - Does not auto-close with parent

Depth Tracking

DepthMeaning
1Finding from original issue's review
2Finding from a depth-1 issue's review
3+Deeper nesting - flag for human attention

At depth 3+:

**Deep Finding Chain Detected**

This issue is at depth [N]. Chain:
- #100 (original)
  - #101 (depth 1)
    - #102 (depth 2)
      - #103 (depth 3) - Current

Consider: Is there a systemic issue requiring broader attention?

Labels

Required labels for tracking issues:

LabelPurpose
review-finding
Identifies as born from review
spawned-from:#N
Links to parent issue
depth:N
Tracks nesting level
[severity]
critical/high/medium/low

Optional labels:

  • security
    - Security-related finding
  • status:pending
    - Ready for work

Checklist

Before marking finding as deferred:

  • Verified cannot fix in current PR
  • Valid deferral reason documented
  • Tracking issue created with full template
  • Issue has all required labels
  • Issue linked to parent
  • Review artifact updated with tracking issue number
  • Parent issue updated (if deviation required)

Integration

This skill is called by:

  • apply-all-findings
    - When finding cannot be fixed
  • comprehensive-review
    - When documenting deferrals

This skill creates:

  • New GitHub issues following full 
    issue-driven-development
    process
  • Deviation state on parent issue (if blocking)

This skill references:

  • issue-lifecycle
    - Issue management
  • issue-driven-development
    - Process for new issues