feat: add review-watcher and fix-workflow automation

- Add review-watcher command that detects completion markers
- Add fix-workflow skill for automatic fix task creation
- Add review-watcher.sh script for monitoring issues
- Automatic task creation based on issue severity
- Integration with scoped labels (priority::, status::)

Workflow:
1. Watcher detects /done, /completed, 'выполнено', 'готово' in comments
2. Runs validation (markdown, code, security, performance)
3. Creates fix tasks for issues found
4. Assigns tasks based on issue type
5. Updates parent issue with fix task links
6. Sets appropriate labels (status::fixing, status::blocked)

Fix task priority:
- Critical: Block merge, assign to @the-fixer
- High: Fix before merge, assign to @lead-developer
- Medium: Current sprint, add to backlog
- Low: Optional, comment only

.kilo/commands/review-watcher.md

@@ -0,0 +1,274 @@
+---
+description: Watch for completion comments and trigger automatic review
+mode: subagent
+model: openai/compound
+color: "#EF4444"
+---
+
+# Review Watcher Command
+
+Watches for completion comments and triggers automatic review with fix task creation.
+
+## Trigger Conditions
+
+This command runs when:
+1. Issue comment contains: `/done`, `/completed`, `/ready`, `выполнено`, `готово`, `сделано`
+2. Issue receives label `status::review` or `status::testing`
+3. PR is created referencing the issue
+
+## Setup Webhook (Optional)
+
+For real-time monitoring, set up Gitea webhook:
+
+```bash
+# Create webhook for issue comments
+curl -X POST \
+  -H "Authorization: token $GITEA_TOKEN" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "type": "webhook",
+    "config": {
+      "url": "https://your-server/webhook/review",
+      "content_type": "json"
+    },
+    "events": ["issue_comment", "issues"]
+  }' \
+  "$API_URL/repos/$OWNER/$REPO/hooks"
+```
+
+## Workflow
+
+### Step 1: Parse Completion Comment
+
+```bash
+# Get latest comments
+gh issue view {issue_number} --json comments
+
+# Extract completion markers
+# Pattern: /done, /completed, "выполнено", "готово", "- [x]"
+```
+
+### Step 2: Identify Completed Work
+
+Parse comments for:
+- Completed checklist items: `- [x] Task completed`
+- Status changes: "Ready for review", "Done"
+- Files modified: Modified files list
+- Test results: Test output or coverage
+
+### Step 3: Run Validation Checks
+
+Call validation agents using Task tool:
+
+```
+Use Task tool with subagent_type: "markdown-validator" 
+prompt: "Validate issue #{issue_number} body for Gitea compatibility"
+
+Use Task tool with subagent_type: "code-skeptic"
+prompt: "Review code changes in issue #{issue_number}"
+
+Use Task tool with subagent_type: "security-auditor"
+prompt: "Security audit for issue #{issue_number}"
+
+Use Task tool with subagent_type: "performance-engineer"
+prompt: "Performance review for issue #{issue_number}"
+```
+
+### Step 4: Consolidate Findings
+
+Collect results from all validators:
+
+| Validator | Status | Issues |
+|-----------|--------|--------|
+| Markdown | ✅ | 0 |
+| Code Review | ⚠️ | 3 |
+| Security | ✅ | 0 |
+| Performance | ⚠️ | 1 |
+
+### Step 5: Create Fix Tasks
+
+For each issue found with severity >= Medium:
+
+```bash
+gh issue create \
+  --title "Fix: {issue_title} (from #{parent_issue})" \
+  --body "## Parent Issue
+#{parent_issue}
+
+## Problem Found
+{description}
+
+## Location
+File: {file_path}
+Line: {line_number}
+
+## Suggested Fix
+{fix_suggestion}
+
+## Acceptance Criteria
+- [ ] {criteria_1}
+- [ ] {criteria_2}
+
+## Priority
+{priority}" \
+  --label "type::bug,priority::high,status::new" \
+  --assignee "@lead-developer"
+```
+
+### Step 6: Update Parent Issue
+
+```bash
+gh issue comment {parent_issue} --body "## 🔍 Review Complete
+
+### ✅ Passed
+- All checklist items complete
+- Tests passing
+- No security issues
+
+### ⚠️ Issues Found
+- #{fix_issue_1}: Missing password hashing
+- #{fix_issue_2}: No rate limiting
+
+### Required Actions
+1. Fix #{fix_issue_1} before merge
+2. Review #{fix_issue_2} suggestions
+
+### Status
+⏳ **Waiting for fixes** - See linked issues above"
+```
+
+### Step 7: Update Labels
+
+```bash
+# If critical issues found
+gh issue edit {issue_number} --add-label "status::blocked"
+
+# If minor issues found
+gh issue edit {issue_number} --add-label "status::fixing"
+
+# If all passed
+gh issue edit {issue_number} --add-label "status::testing"
+```
+
+## Issue Creation Rules
+
+### Critical Issues (Block merge)
+
+Create fix task immediately with:
+- Label: `priority::critical`
+- Label: `status::new`
+- Assignee: Original author or @the-fixer
+- Link to parent issue
+
+### High Priority Issues
+
+Create fix task with:
+- Label: `priority::high`
+- Label: `status::new`
+- Assignee: @lead-developer
+- Link to parent issue
+
+### Medium Priority Issues
+
+Create fix task with:
+- Label: `priority::medium`
+- Label: `status::new`
+- Add to backlog
+- Link to parent issue
+
+### Low Priority Issues (Suggestions)
+
+Comment only, create optional fix task:
+- Label: `priority::low`
+- No assignee (optional)
+
+## Example Usage
+
+**User comment:**
+```
+/done
+
+Implementation complete:
+- [x] User model created
+- [x] API endpoints working
+- [x] Tests passing
+```
+
+**System response:**
+1. Parse completion markers
+2. Run validation checks
+3. Create fix tasks if needed
+4. Update parent issue
+5. Set appropriate labels
+
+**Generated comment:**
+```markdown
+## 🔍 Review Complete
+
+Parent Issue: #450
+
+### ✅ Passed Validation
+- Checked by @markdown-validator
+- Checked by @code-skeptic
+- Checked by @security-auditor
+
+### ⚠️ Issues Found (2)
+
+#### 🟠 High Priority
+- #451: Add rate limiting to auth endpoints
+  - File: src/api/auth.ts
+  - Lines: 45-67
+
+#### 🟡 Medium Priority
+- #452: Remove debug console.log statements
+  - File: src/utils/jwt.ts
+  - Line: 12
+
+### Actions Required
+1. Fix #451 before merge (blocking)
+2. Consider #452 (optional)
+
+### Next Steps
+- @lead-developer assigned to #451
+- Continue after fixes
+
+⏳ Status: **Waiting for fixes**
+```
+
+## Webhook Handler (Optional)
+
+If using webhooks, process payload:
+
+```javascript
+// webhook-handler.js
+export default async function handler(req, res) {
+  const { action, issue, comment, repository } = req.body
+  
+  // Check for completion markers
+  const completionMarkers = ['/done', '/completed', '/ready', 'выполнено', 'готово']
+  const hasCompletion = completionMarkers.some(m => 
+    comment?.body?.toLowerCase().includes(m)
+  )
+  
+  if (hasCompletion) {
+    // Trigger review workflow
+    await triggerReviewWorklow(issue.number)
+  }
+  
+  res.status(200).json({ received: true })
+}
+```
+
+## Configuration
+
+Add to `.kilo/kilo.jsonc`:
+
+```jsonc
+{
+  "webhooks": {
+    "url": "https://your-server/webhook",
+    "secret": "your-webhook-secret",
+    "events": ["issue_comment", "issues"]
+  }
+}
+```

.kilo/skills/fix-workflow/SKILL.md

@@ -0,0 +1,300 @@
+---
+name: fix-workflow
+description: Automated fix workflow that creates tasks, assigns developers, and tracks resolution
+---
+
+# Fix Workflow Skill
+
+## Purpose
+
+Automate the complete fix workflow: create tasks, assign developers, validate fixes, and track resolution.
+
+## Components
+
+### 1. Issue Detection
+
+The review-watcher identifies issues and creates fix tasks with proper categorization:
+
+| Severity | Label | Action | Blocking |
+|----------|-------|--------|----------|
+| Critical | `priority::critical` | Immediate fix, block merge | Yes |
+| High | `priority::high` | Fix before merge | Yes |
+| Medium | `priority::medium` | Fix in current sprint | No |
+| Low | `priority::low` | Backlog, optional | No |
+
+### 2. Fix Task Template
+
+```markdown
+## Parent Issue
+#{parent_issue_number}
+
+## Problem Found
+
+**Severity**: {critical/high/medium/low}
+**Category**: {bug/security/performance/style}
+**Detected by**: @{reviewer_agent}
+
+### Location
+- **File**: {file_path}
+- **Lines**: {start_line}-{end_line}
+- **Function/Class**: {function_name}
+
+### Description
+{detailed_problem_description}
+
+### Code Context
+```{language}
+{offending_code_snippet}
+```
+
+### Why It's a Problem
+{explanation_of_issue}
+
+### Suggested Fix
+{recommended_solution}
+
+## Acceptance Criteria
+- [ ] Fix implemented
+- [ ] Tests added/updated
+- [ ] Code review passed
+- [ ] Documentation updated (if needed)
+
+## Priority
+{priority_label}
+
+## Estimated Time
+{time_estimate}
+```
+
+### 3. Automatic Assignment
+
+```typescript
+// Assign based on issue type
+const assigneeRules = {
+  'bug': '@the-fixer',
+  'security': '@security-auditor',
+  'performance': '@performance-engineer',
+  'style': '@lead-developer',
+  'test': '@sdet-engineer',
+  'documentation': '@system-analyst'
+}
+
+// Get assignee from detector
+const assignee = reviewResult.detectedBy || '@lead-developer'
+```
+
+### 4. Fix Resolution Workflow
+
+```
+[Fix Task Created]
+      ↓
+[Assigned to Agent]
+      ↓
+[Agent implements fix]
+      ↓
+[Tests run automatically]
+      ↓
+[Passed?] → [Yes] → [Close fix task, update parent]
+      ↓
+      [No] → [Agent fixes tests]
+              ↓
+         [Try again (max 3)]
+```
+
+### 5. Parent Issue Updates
+
+When fix task is created:
+```bash
+gh issue comment {parent} --body "Created fix task: #{fix_issue}"
+```
+
+When fix task is completed:
+```bash
+gh issue comment {parent} --body "✅ Fix completed: #{fix_issue}"
+gh issue edit {parent} --remove-label "status::fixing"
+```
+
+When all fix tasks complete:
+```bash
+gh issue comment {parent} --body "All fixes completed. Ready for next phase."
+gh issue edit {parent} --add-label "status::testing"
+```
+
+## Integration Commands
+
+### Create Fix Task
+```bash
+# Called automatically by review-watcher
+gh issue create \
+  --title "Fix: {issue_title}" \
+  --body "$(cat fix-template.md)" \
+  --label "type::bug,priority::high,status::new" \
+  --assignee "@lead-developer"
+```
+
+### Track Progress
+```markdown
+## Fix Tasks Progress
+
+| Task | Priority | Assignee | Status |
+|------|----------|----------|--------|
+| #451 | 🔴 Critical | @the-fixer | In Progress |
+| #452 | 🟡 Medium | @lead-developer | Open |
+```
+
+### Resolution
+```bash
+# When fix is complete
+gh issue close {fix_issue} --comment "Fixed in commit {sha}"
+gh issue comment {parent} --body "Fix #{fix_issue} resolved"
+
+# Check if all fixes resolved
+fixes=$(gh issue list --json number,state --jq '.[] | select(.state=="closed")')
+if all_closed; then
+  gh issue edit {parent} --remove-label "status::fixing, status::blocked"
+  gh issue edit {parent} --add-label "status::testing"
+fi
+```
+
+## Example Flow
+
+### Original Review Comment
+```markdown
+## 🔍 Code Review: User Authentication
+
+### ⚠️ Issues Found
+
+| # | Severity | Issue | Location |
+|---|----------|-------|----------|
+| 1 | 🔴 Critical | Password stored in plaintext | auth.ts:45 |
+| 2 | 🟠 High | No rate limiting | auth.ts:67 |
+| 3 | 🟡 Medium | Console.log in production | jwt.ts:12 |
+```
+
+### Auto-Created Fix Tasks
+
+**Issue #451** (Critical):
+```markdown
+## Parent Issue
+#450
+
+## Problem Found
+**Severity**: Critical
+**Category**: Security
+**Detected by**: @security-auditor
+
+### Location
+- **File**: src/api/auth.ts
+- **Lines**: 45-48
+- **Function**: loginUser
+
+### Description
+Password is stored in plaintext in the database.
+
+### Why It's a Problem
+Plaintext passwords are a critical security vulnerability.
+If database is compromised, all user passwords are exposed.
+
+### Suggested Fix
+```typescript
+import bcrypt from 'bcrypt'
+
+// Before saving password
+const hashedPassword = await bcrypt.hash(password, 10)
+await db.users.insert({ password: hashedPassword })
+
+// When verifying
+const valid = await bcrypt.compare(password, user.hashedPassword)
+```
+
+## Acceptance Criteria
+- [ ] Password hashing implemented
+- [ ] Migration script for existing passwords
+- [ ] Tests for password hashing
+- [ ] Documentation updated
+
+## Priority
+🔴 Critical - Blocks merge
+```
+
+### Progress Tracking
+
+Parent issue #450 gets comment:
+```markdown
+## Fix Tasks Created
+
+| Task | Severity | Status |
+|------|----------|--------|
+| #451 | 🔴 Critical | 🟡 In Progress |
+| #452 | 🟠 High | ⚪ Open |
+| #453 | 🟡 Medium | ⚪ Open |
+
+**Blocking**: Yes, #451 must be fixed before merge.
+
+**Assigned**: @the-fixer (#451), @lead-developer (#452, #453)
+```
+
+## Automation Hooks
+
+### GitHub Actions Integration
+
+```yaml
+# .github/workflows/review.yml
+name: Auto Review
+on:
+  issues:
+    types: [labeled]
+  issue_comment:
+    types: [created]
+
+jobs:
+  review:
+    if: contains(github.event.label.name, 'status::review')
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Run review
+        run: |
+          bun install
+          bun run review ${{ github.event.issue.number }}
+```
+
+### Slack/Discord Notifications
+
+```typescript
+// Notify on critical issues
+if (issue.severity === 'critical') {
+  await notifySlack({
+    channel: '#security-alerts',
+    message: `🔴 Critical issue found: #${issue.number}\n${issue.title}`
+  })
+}
+```
+
+## Metrics
+
+Track fix workflow performance:
+
+| Metric | Target |
+|--------|--------|
+| Critical fix time | < 4 hours |
+| High fix time | < 8 hours |
+| Medium fix time | < 24 hours |
+| Fix first-try success | > 80% |
+| Test coverage | > 90% |
+
+## Usage
+
+The fix workflow is triggered automatically by:
+1. Review-watcher detecting issues
+2. Manual `/fix` command
+3. Webhook from CI/CD failures
+
+Manual trigger:
+```
+User: /fix 450
+Agent: Creating fix task for #450...
+       Created #451: Fix password hashing
+       Assigned to @the-fixer
+       Blocking merge until resolved
+```