From 65c93c529cd08f281eaa866ddae3c8f73f226064 Mon Sep 17 00:00:00 2001 From: Alex Verkhovsky Date: Fri, 12 Dec 2025 10:12:59 -0700 Subject: [PATCH 1/2] feat(bmm): add information-asymmetric adversarial code review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Enhance code review workflow with a two-phase approach: - Context-aware review (step 3): Uses story knowledge to check implementation - Asymmetric adversarial review (step 4): Cynical reviewer with no story context judges changes purely on technical merit Key additions: - Cynical reviewer persona that expects to find problems - Execution hierarchy: Task tool > CLI fresh context > inline fallback - Findings consolidation with deduplication across both review phases - Improved severity assessment (CRITICAL/HIGH/MEDIUM/LOW) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .../code-review/instructions.xml | 106 +++++++++++++----- 1 file changed, 79 insertions(+), 27 deletions(-) diff --git a/src/modules/bmm/workflows/4-implementation/code-review/instructions.xml b/src/modules/bmm/workflows/4-implementation/code-review/instructions.xml index e57a940d..edc2bade 100644 --- a/src/modules/bmm/workflows/4-implementation/code-review/instructions.xml +++ b/src/modules/bmm/workflows/4-implementation/code-review/instructions.xml @@ -104,52 +104,104 @@ Find at least 3 more specific, actionable issues + + + Set {{context_aware_findings}} = all issues found in this step (numbered list with file:line locations) - - Categorize findings: HIGH (must fix), MEDIUM (should fix), LOW (nice to fix) + + Reviewer has FULL repo access but NO knowledge of WHY changes were made + DO NOT include story file in prompt - asymmetry is about intent, not visibility + Reviewer can explore codebase to understand impact, but judges changes on merit alone + + + Construct the diff of story-related changes: + - Uncommitted changes: `git diff` + `git diff --cached` + - Committed changes (if story spans commits): `git log --oneline` to find relevant commits, then `git diff base..HEAD` + - Exclude story file from diff: `git diff -- . ':!{{story_path}}'` + + Set {{asymmetric_target}} = the diff output (reviewer can explore repo but is prompted to review this diff) + + + + Launch general-purpose subagent with adversarial prompt: + "You are a cynical, jaded code reviewer with zero patience for sloppy work. + A clueless weasel submitted the following changes and you expect to find problems. + Find at least ten findings to fix or improve. Look for what's missing, not just what's wrong. + Number each finding (1., 2., 3., ...). Be skeptical of everything. + + Changes to review: + {{asymmetric_target}}" + + Collect numbered findings into {{asymmetric_findings}} + + + + Execute adversarial review via CLI (e.g., claude --print) in fresh context with same prompt + Collect numbered findings into {{asymmetric_findings}} + + + + Execute adversarial prompt inline in main context + Note: Has context pollution but cynical reviewer persona still adds significant value + Collect numbered findings into {{asymmetric_findings}} + + + + + Merge findings from BOTH context-aware review (step 3) AND asymmetric review (step 4) + + Combine {{context_aware_findings}} from step 3 with {{asymmetric_findings}} from step 4 + + Deduplicate findings: + - Identify findings that describe the same underlying issue + - Keep the more detailed/actionable version + - Note when both reviews caught the same issue (validates severity) + + + Assess each finding: + - Is this a real issue or noise/false positive? + - Assign severity: 🔴 CRITICAL, 🟠 HIGH, 🟡 MEDIUM, 🟢 LOW + + + Filter out non-issues: + - Remove false positives + - Remove nitpicks that do not warrant action + - Keep anything that could cause problems in production + + + Sort by severity (CRITICAL → HIGH → MEDIUM → LOW) + Set {{fixed_count}} = 0 Set {{action_count}} = 0 **🔥 CODE REVIEW FINDINGS, {user_name}!** - **Story:** {{story_file}} + **Story:** {{story_path}} **Git vs Story Discrepancies:** {{git_discrepancy_count}} found - **Issues Found:** {{high_count}} High, {{medium_count}} Medium, {{low_count}} Low + **Issues Found:** {{critical_count}} Critical, {{high_count}} High, {{medium_count}} Medium, {{low_count}} Low - ## 🔴 CRITICAL ISSUES - - Tasks marked [x] but not actually implemented - - Acceptance Criteria not implemented - - Story claims files changed but no git evidence - - Security vulnerabilities + | # | Severity | Summary | Location | + |---|----------|---------|----------| + {{findings_table}} - ## 🟡 MEDIUM ISSUES - - Files changed but not documented in story File List - - Uncommitted changes not tracked - - Performance problems - - Poor test coverage/quality - - Code maintainability issues - - ## 🟢 LOW ISSUES - - Code style improvements - - Documentation gaps - - Git commit message quality + **{{total_count}} issues found** ({{critical_count}} critical, {{high_count}} high, {{medium_count}} medium, {{low_count}} low) What should I do with these issues? - 1. **Fix them automatically** - I'll update the code and tests + 1. **Fix them automatically** - I'll fix all HIGH and CRITICAL, you approve each 2. **Create action items** - Add to story Tasks/Subtasks for later - 3. **Show me details** - Deep dive into specific issues + 3. **Details on #N** - Explain specific issue Choose [1], [2], or specify which issue to examine: - Fix all HIGH and MEDIUM issues in the code + Fix all CRITICAL and HIGH issues in the code Add/update tests as needed Update File List in story if files changed Update story Dev Agent Record with fixes applied - Set {{fixed_count}} = number of HIGH and MEDIUM issues fixed + Set {{fixed_count}} = number of CRITICAL and HIGH issues fixed Set {{action_count}} = 0 @@ -166,13 +218,13 @@ - + - + Set {{new_status}} = "done" Update story Status field to "done" - + Set {{new_status}} = "in-progress" Update story Status field to "in-progress" From 43c6b6e5bd6677cdbb7844a081833617d6dfad20 Mon Sep 17 00:00:00 2001 From: Alex Verkhovsky Date: Sat, 13 Dec 2025 23:06:32 -0700 Subject: [PATCH 2/2] feat(bmm): add automatic adversarial code review to quick-dev workflow MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Adds Step 5 to quick-dev that automatically runs adversarial code review after implementation completes. Captures baseline commit at workflow start and reviews all changes (tracked + newly created files) using a cynical reviewer persona via subagent, CLI fallback, or inline self-review. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 --- .../bmad-quick-flow/quick-dev/checklist.md | 8 ++ .../bmad-quick-flow/quick-dev/instructions.md | 86 +++++++++++++++++-- 2 files changed, 88 insertions(+), 6 deletions(-) diff --git a/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/checklist.md b/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/checklist.md index 08034cd0..d7185cc0 100644 --- a/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/checklist.md +++ b/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/checklist.md @@ -23,3 +23,11 @@ - [ ] Acceptance criteria satisfied - [ ] Tech-spec updated (if applicable) - [ ] Summary provided to user + +## Adversarial Review + +- [ ] Diff constructed (tracked changes from {baseline_commit} + new untracked files) +- [ ] Adversarial review executed (subagent preferred) +- [ ] Findings presented with severity and classification +- [ ] User chose handling approach (walk through / auto-fix / skip) +- [ ] Findings resolved or acknowledged diff --git a/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/instructions.md b/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/instructions.md index b1635173..60f037aa 100644 --- a/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/instructions.md +++ b/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/instructions.md @@ -15,6 +15,8 @@ +Record current HEAD as baseline for later review. Run `git rev-parse HEAD` and store the result as {baseline_commit}. + Check if {project_context} exists. If yes, load it - this is your foundational reference for ALL implementation decisions (patterns, conventions, architecture). Parse user input: @@ -170,7 +172,7 @@ Use holistic judgment, not mechanical keyword matching. - + Verify: all tasks [x], tests passing, AC satisfied, patterns followed @@ -185,17 +187,89 @@ Use holistic judgment, not mechanical keyword matching. **Tests:** {{test_summary}} **AC Status:** {{ac_status}} ---- +Running adversarial code review... + -**Before committing (Recommended): Copy this code review prompt to a different LLM** +Proceed immediately to step 5 + + + + +Construct diff of all changes since workflow started and capture as {diff_output}: + +**Tracked file changes:** + +```bash +git diff {baseline_commit} ``` -You are a cynical, jaded code reviewer with zero patience for sloppy work. These uncommitted changes were submitted by a clueless weasel and you expect to find problems. Find at least five issues to fix or improve in it. Number them. Be skeptical of everything. -``` + +**New files created by this workflow:** +Only include untracked files that YOU actually created during steps 2-4. Do not include pre-existing untracked files. For each new file you created, include its full content as a "new file" addition. + +Combine both into {diff_output} for review. Do NOT `git add` anything - this is read-only inspection. + +Execute adversarial review using this hierarchy (try in order until one succeeds): + +1. **Spawn subagent** (preferred) - pass the diff output along with this prompt: + + ``` + You are a cynical, jaded code reviewer with zero patience for sloppy work. This diff was submitted by a clueless weasel and you expect to find problems. Find at least five issues to fix or improve. Number them. Be skeptical of everything. + + + {diff_output} + + ``` + +2. **CLI fallback** - pipe diff to `claude --print` with same prompt + +3. **Inline self-review** - Review the diff output yourself using the cynical reviewer persona above + + + + HALT - Zero findings is suspicious. Adversarial review should always find something. Request user guidance. + + +Process findings: + +- Assign IDs: F1, F2, F3... +- Assign severity: 🔴 Critical | 🟠 High | 🟡 Medium | 🟢 Low +- Classify each: **real** (confirmed issue) | **noise** (false positive) | **uncertain** (needs discussion) + + +**Adversarial Review Findings** + +| ID | Severity | Classification | Finding | +| --- | -------- | -------------- | ------- | +| F1 | 🟠 | real | ... | +| F2 | 🟡 | noise | ... | +| ... | -You must explain what was implemented based on {user_skill_level} +How would you like to handle these findings? + +**[1] Walk through** - Discuss each finding individually +**[2] Auto-fix** - Automatically fix issues classified as "real" +**[3] Skip** - Acknowledge and proceed to commit + + + Present each finding one by one. For each, ask: fix now / skip / discuss + Apply fixes as approved + + + + Automatically fix all findings classified as "real" + Report what was fixed + + + + Acknowledge findings were reviewed and user chose to skip + + +**Review complete. Ready to commit.** + +Explain what was implemented based on {user_skill_level}