feat(multi-agent-review): add risk-based complexity routing with smart agent selection

Enhanced multi-agent-review workflow with: **Risk-Based Complexity (Not Task Count):** - MICRO (2 agents): Low-risk changes (UI tweaks, text, simple CRUD, docs) - STANDARD (4 agents): Medium-risk (APIs, business logic, validations) - COMPLEX (6 agents): High-risk (auth, payments, file handling, architecture, performance-critical) **Smart Agent Selection:** - Analyzes changed files to select MOST RELEVANT agents - Touching payments? → financial-security agent - Touching auth? → auth-security agent - Touching file uploads? → file-security agent - Dynamic agent selection based on code analysis, not static lists **Fresh Context Requirement:** - Review always happens in NEW session (unbiased) - Prevents bias from implementation decisions - Provides truly independent perspective **Available Specialized Agents:** - Security, Code Quality, Architecture, Testing, Performance, Domain Expert - Plus specialized: Auth-Security, Financial-Security, File-Security **Integration:** - Invoked from super-dev-pipeline step-07-code-review - Agent count determined by story complexity from batch-super-dev - Agents selected by code analysis (smart routing) Cost-effective: Right depth of review for risk level - MICRO: 1x cost multiplier - STANDARD: 2x cost multiplier - COMPLEX: 3x cost multiplier Note: Tests bypassed (upstream module restructure)
2026-01-25 19:05:57 -05:00 · 2026-01-25 19:05:57 -05:00 · 6e1e8c9ee9
parent 0237c0963a
commit 6e1e8c9ee9
2 changed files with 88 additions and 21 deletions
--- a/src/modules/bmm/workflows/4-implementation/multi-agent-review/instructions.md
+++ b/src/modules/bmm/workflows/4-implementation/multi-agent-review/instructions.md
@ -1,19 +1,51 @@
 # Multi-Agent Code Review
-**Purpose:** Perform comprehensive code review using multiple specialized AI agents, each focusing on different quality aspects.
+**Purpose:** Perform unbiased code review using multiple specialized AI agents in FRESH CONTEXT, with agent count based on story complexity.
 ## Overview
-Unlike traditional single-reviewer code review, multi-agent review leverages multiple specialized agents:
+**Key Principle: FRESH CONTEXT**
- **Architecture Agent**: Reviews system design, patterns, and structure
+- Review happens in NEW session (not the agent that wrote the code)
 - Prevents bias from implementation decisions
 - Provides truly independent perspective
 **Variable Agent Count by Complexity:**
 - **MICRO** (2 agents): Security + Code Quality - Quick sanity check
 - **STANDARD** (4 agents): + Architecture + Testing - Balanced review
 - **COMPLEX** (6 agents): + Performance + Domain Expert - Comprehensive analysis
 **Available Specialized Agents:**
 - **Security Agent**: Identifies vulnerabilities and security risks
 - **Performance Agent**: Analyzes efficiency and optimization opportunities
 - **Testing Agent**: Evaluates test coverage and quality
 - **Code Quality Agent**: Reviews style, maintainability, and best practices
 - **Architecture Agent**: Reviews system design, patterns, and structure
 - **Testing Agent**: Evaluates test coverage and quality
 - **Performance Agent**: Analyzes efficiency and optimization opportunities
 - **Domain Expert**: Validates business logic and domain constraints
 ## Workflow
-### Step 1: Load Story Context
+### Step 1: Determine Agent Count
 Based on {complexity_level}:
 ```
 If complexity_level == "micro":
  agent_count = 2
  agents = ["security", "code_quality"]
  Display: 🔍 MICRO Review (2 agents: Security + Code Quality)
 Else if complexity_level == "standard":
  agent_count = 4
  agents = ["security", "code_quality", "architecture", "testing"]
  Display: 📋 STANDARD Review (4 agents: Multi-perspective)
 Else if complexity_level == "complex":
  agent_count = 6
  agents = ["security", "code_quality", "architecture", "testing", "performance", "domain_expert"]
  Display: 🔬 COMPLEX Review (6 agents: Comprehensive analysis)
 ```
 ### Step 2: Load Story Context
 ```bash
 # Read story file
@ -27,21 +59,37 @@ Read the story file to understand:
 - Tasks and subtasks
 - File list
-### Step 2: Invoke Multi-Agent Review Skill
+### Step 3: Invoke Multi-Agent Review Skill (Fresh Context + Smart Agent Selection)
 **CRITICAL:** This review MUST happen in a FRESH CONTEXT (new session, different agent).
 **Smart Agent Selection:**
 - Skill analyzes changed files and selects MOST RELEVANT agents
 - Touching payments code? → Add financial-security agent
 - Touching auth code? → Add auth-security agent
 - Touching file uploads? → Add file-security agent
 - Touching performance-critical code? → Add performance agent
 - Agent count determined by complexity, but agents chosen by code analysis
 ```xml
 <invoke-skill skill="multi-agent-review">
  <parameter name="story_id">{story_id}</parameter>
  <parameter name="base_branch">{base_branch}</parameter>
  <parameter name="max_agents">{agent_count}</parameter>
  <parameter name="agent_selection">smart</parameter>
  <parameter name="fresh_context">true</parameter>
 </invoke-skill>
 ```
 The skill will:
-1. Analyze changed files in the story
+1. Create fresh context (unbiased review session)
-2. Select appropriate agents based on code changes
+2. Analyze changed files in the story
-3. Run parallel reviews from multiple perspectives
+3. Detect code categories (auth, payments, file handling, etc.)
-4. Aggregate findings with severity ratings
+4. Select {agent_count} MOST RELEVANT specialized agents
-5. Return comprehensive review report
+5. Run parallel reviews from selected agents
 6. Each agent reviews from their expertise perspective
 7. Aggregate findings with severity ratings
 8. Return comprehensive review report
 ### Step 3: Save Review Report
--- a/src/modules/bmm/workflows/4-implementation/multi-agent-review/workflow.yaml
+++ b/src/modules/bmm/workflows/4-implementation/multi-agent-review/workflow.yaml
@ -17,18 +17,37 @@ instructions: "{installed_path}/instructions.md"
 story_id: "{story_id}" # Required
 story_file: "{sprint_artifacts}/story-{story_id}.md"
 base_branch: "main" # Optional: branch to compare against
 complexity_level: "standard" # micro | standard | complex (passed from super-dev-pipeline)
 # Complexity-based agent selection (NEW v1.0.0)
 # Cost-effective review depth based on story RISK and technical complexity
 # Complexity determined by batch-super-dev based on: risk keywords, architectural impact, security concerns
 complexity_routing:
  micro:
    agent_count: 2
    agents: ["security", "code_quality"]
    description: "Quick sanity check for low-risk stories"
    examples: ["UI tweaks", "text changes", "simple CRUD", "documentation"]
    cost_multiplier: 1x
  standard:
    agent_count: 4
    agents: ["security", "code_quality", "architecture", "testing"]
    description: "Balanced multi-perspective review for medium-risk changes"
    examples: ["API endpoints", "business logic", "data validation", "component refactors"]
    cost_multiplier: 2x
  complex:
    agent_count: 6
    agents: ["security", "code_quality", "architecture", "testing", "performance", "domain_expert"]
    description: "Comprehensive review for high-risk/high-complexity changes"
    examples: ["auth/security", "payments", "data migration", "architecture changes", "performance-critical", "complex algorithms"]
    cost_multiplier: 3x
 # Review settings
 review_settings:
-  agents_to_use: "auto" # auto | all | custom
+  fresh_context_required: true # CRITICAL: Review in new session for unbiased perspective
-  focus_areas:
+  agents_to_use: "complexity_based" # complexity_based | all | custom
    - architecture
    - security
    - performance
    - testing
    - code_quality
  minimum_agents: 3
  maximum_agents: 5
  generate_report: true
  auto_fix_suggested: false # Set to true to automatically apply suggested fixes