refactor: rename review harness cli

README.md

@@ -111,7 +111,7 @@ Issue #37 is intentionally split into reviewable child slices: executable CLI se
 
 ### Review CLI Harness
 
-`kapi-review github-pr` emits non-posting JSON for kapi-agent review/check automation. The harness now reports semantic change metrics, a `TRIVIAL`/`LOW_RISK`/`STANDARD`/`HIGH_RISK`/`CRITICAL` risk profile, required evidence gates, structured finding validation, bundled repo-local review guidance, isolated read-only runner prompt provenance, optional `--runner-output-file` structured findings ingestion, optional `--runner-command` isolated runner invocation, and the legacy changed-line context. Runner commands receive a temporary `KAPI_REVIEW_RUNNER_INPUT` JSON file containing the read-only runner metadata, risk/context, review body, and the bundled-guidance prompt material, execute from that temporary workspace with a minimal sanitized environment, then return structured findings JSON for deterministic validation. Size is a risk signal rather than the only decision: docs/generated-heavy changes can pass the size gate when semantic source risk is low, while sensitive paths require stronger evidence even when small. Low-confidence `BLOCKER` findings are normalized to non-blocking `QUESTION` findings so uncertain reviewer signals do not masquerade as merge-blocking defects. GitHub merge enforcement for formal kapi-agent approval lives in `.github/workflows/kapi-agent-formal-approval-gate.yml`; require `require formal kapi-agent approval` plus `kapi-agent/review` in branch protection/rulesets. Re-review requests after stale/non-approving kapi-agent reviews must put `@kapi-agent review`, the current head SHA, `What changed`, `Why this closes the prior feedback`, and `Verification` in the same author comment; see `docs/kapi-agent-approval-gate.md`.
+`ilchul-review github-pr` emits non-posting JSON for kapi-agent review/check automation. The harness now reports semantic change metrics, a `TRIVIAL`/`LOW_RISK`/`STANDARD`/`HIGH_RISK`/`CRITICAL` risk profile, required evidence gates, structured finding validation, bundled repo-local review guidance, isolated read-only runner prompt provenance, optional `--runner-output-file` structured findings ingestion, optional `--runner-command` isolated runner invocation, and the legacy changed-line context. Runner commands receive a temporary `KAPI_REVIEW_RUNNER_INPUT` JSON file containing the read-only runner metadata, risk/context, review body, and the bundled-guidance prompt material, execute from that temporary workspace with a minimal sanitized environment, then return structured findings JSON for deterministic validation. Size is a risk signal rather than the only decision: docs/generated-heavy changes can pass the size gate when semantic source risk is low, while sensitive paths require stronger evidence even when small. Low-confidence `BLOCKER` findings are normalized to non-blocking `QUESTION` findings so uncertain reviewer signals do not masquerade as merge-blocking defects. GitHub merge enforcement for formal kapi-agent approval lives in `.github/workflows/kapi-agent-formal-approval-gate.yml`; require `require formal kapi-agent approval` plus `kapi-agent/review` in branch protection/rulesets. Re-review requests after stale/non-approving kapi-agent reviews must put `@kapi-agent review`, the current head SHA, `What changed`, `Why this closes the prior feedback`, and `Verification` in the same author comment; see `docs/kapi-agent-approval-gate.md`.
 
 ### Agent Tools
 

bin/ilchul-review.mjs

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+import { spawnSync } from "node:child_process";
+import { createRequire } from "node:module";
+import { fileURLToPath } from "node:url";
+
+const require = createRequire(import.meta.url);
+const tsxLoader = require.resolve("tsx");
+const cliPath = fileURLToPath(new URL("../src/cli/review-gate-cli.ts", import.meta.url));
+const result = spawnSync(process.execPath, ["--import", tsxLoader, cliPath, ...process.argv.slice(2)], { stdio: "inherit" });
+if (result.error) throw result.error;
+process.exitCode = result.status ?? 1;

docs/ilchul-naming-policy.md

@@ -31,7 +31,7 @@ Examples:
 Keep `kapi` when changing it would break an existing integration or stored contract without an approved migration:
 
 - Slash commands and persisted workflow surfaces retained for compatibility such as `/kapi-ralph`, `/kapi-status`, and `/kapi-clear`;
-- package names, bin names, import paths, and GitHub workflow/check names such as `kapi-agent/review`;
+- GitHub workflow/check names such as `kapi-agent/review`; the former `kapi-review` local package bin is retired by the scoped Ilchul review harness CLI migration;
 - existing workflow IDs and serialized identifiers such as `kapi-ralph` and `kapi-autoresearch`;
 - existing local workspace state under `.kapi/` and historical docs that describe current behavior;
 - compatibility docs for existing installations or migration windows.
@@ -90,7 +90,7 @@ No slice should hide deletion behind normal workflow start, status, report, or v
 ## Deprecated or retained names
 
 - Retained until scoped migration: `kapi`, `/kapi-*`, `kapi-agent`, `kapi-agent/review`, `kapi-ralph`, and `kapi-autoresearch`.
-- Canonical public CLI runtime command: `ilchul`; there is no `kapi` runtime CLI compatibility alias. Internal runtime modules use `runctl` / `runtime` naming.
+- Canonical public CLI commands: `ilchul` for the runtime and `ilchul-review` for the local review harness; there is no `kapi` or `kapi-review` CLI compatibility alias. Internal runtime modules use `runctl` / `runtime` naming, and review harness implementation uses semantic review-gate naming.
 - Active storage behavior: `.ilchul` / `~/.ilchul`; `.kapi` is legacy local state only and is not an active fallback root.
 - Preferred for new product prose: `Ilchul`.
 - Preferred for new reusable core identifiers: semantic terms from the vocabulary table.

docs/kapi-agent-approval-gate.md

@@ -44,13 +44,13 @@ This makes the PR unmergeable in GitHub until the formal current-head review and
 
 ## Ilchul review harness contract
 
-`kapi-agent` remains the GitHub adapter/check publisher. The Ilchul review harness returns non-posting JSON with:
+`kapi-agent` remains the GitHub adapter/check publisher. The local Ilchul review harness CLI is `ilchul-review`; the old `kapi-review` package bin and `src/cli/kapi-review-cli.ts` implementation path are retired in favor of `bin/ilchul-review.mjs` and semantic `src/cli/review-gate-cli.ts`. The harness returns non-posting JSON with:
 
 - semantic metrics for raw, source, test, docs, generated, and sensitive-path changed lines;
 - a risk profile (`TRIVIAL`, `LOW_RISK`, `STANDARD`, `HIGH_RISK`, or `CRITICAL`);
 - deterministic gates for size, verification, revision explanation, final approval summary, required evidence, and finding validation;
 - bundled repo-local review guidance from `skills/ilchul-code-review/SKILL.md`;
-- isolated runner invocation via `--runner-command`, where the command receives `KAPI_REVIEW_RUNNER_INPUT` with read-only runner metadata and bundled-guidance prompt material, runs from the temporary input workspace, and receives only a minimal runner environment; and
+- isolated runner invocation via `--runner-command`, where the command receives `KAPI_REVIEW_RUNNER_INPUT` with read-only runner metadata and bundled-guidance prompt material, runs from the temporary input workspace, and receives only a minimal runner environment; `KAPI_REVIEW_RUNNER_INPUT` is retained as a compatibility environment variable for runner integrations even though the public CLI is now `ilchul-review`; and
 - structured findings whose blocker severity requires concrete file/line/evidence/confidence and `mergeBlocking=true`.
 
 Docs/generated-heavy changes may avoid automatic size failure when semantic risk is low. Small sensitive-path changes still escalate and require targeted evidence. The bundled guidance steers isolated review execution, but deterministic harness validation remains the gate authority.