Merge f5d949b922 into 35ae4fd024

2026-01-04 11:05:47 +00:00
5 changed files with 115 additions and 53 deletions
--- a/src/core/tasks/review-adversarial-general.xml
+++ b/src/core/tasks/review-adversarial-general.xml
@ -1,7 +1,7 @@
 <!-- if possible, run this in a separate subagent or process with read access to the project, 
  but no context except the content to review -->

-<task id="_bmad/core/tasks/review-adversarial-general.xml" name="Adversarial Review">
+<task id="_bmad/core/tasks/review-adversarial-general.xml" name="Adversarial Review (General)">
  <objective>Cynically review content and produce findings</objective>

  <inputs>
--- a/src/modules/bmm/workflows/4-implementation/code-review/steps/step-03-context-aware-review.md
+++ b/src/modules/bmm/workflows/4-implementation/code-review/steps/step-03-context-aware-review.md
@ -43,14 +43,15 @@ Review `{git_discrepancies}` and create findings:

 | Discrepancy Type | Severity |
 | --- | --- |
-| Files changed but not in story File List | Medium |
-| Story lists files but no git changes | High |
-| Uncommitted changes not documented | Medium |
+| Files changed but not in story File List | MEDIUM |
+| Story lists files but no git changes | HIGH |
+| Uncommitted changes not documented | MEDIUM |

-For each discrepancy, add to `{context_aware_findings}` (no IDs yet - assigned after merge):
+For each discrepancy, add to `{context_aware_findings}`:

 ```
 {
+  id: "CAF-{n}",
  source: "git-discrepancy",
  severity: "...",
  description: "...",
@ -65,14 +66,15 @@ For EACH AC in `{acceptance_criteria}`:
 1. Read the AC requirement
 2. Search implementation files in `{comprehensive_file_list}` for evidence
 3. Determine status: IMPLEMENTED, PARTIAL, or MISSING
-4. If PARTIAL or MISSING → add High severity finding
+4. If PARTIAL or MISSING → add HIGH severity finding

 Add to `{context_aware_findings}`:

 ```
 {
+  id: "CAF-{n}",
  source: "ac-validation",
-  severity: "High",
+  severity: "HIGH",
  description: "AC {id} not fully implemented: {details}",
  evidence: "Expected: {ac}, Found: {what_was_found}"
 }
@ -84,15 +86,16 @@ For EACH task marked [x] in `{tasks_with_status}`:

 1. Read the task description
 2. Search files for evidence it was actually done
-3. **Critical**: If marked [x] but NOT DONE → Critical finding
+3. **CRITICAL**: If marked [x] but NOT DONE → CRITICAL finding
 4. Record specific proof (file:line) if done

 Add to `{context_aware_findings}` if false:

 ```
 {
+  id: "CAF-{n}",
  source: "task-audit",
-  severity: "Critical",
+  severity: "CRITICAL",
  description: "Task marked complete but not implemented: {task}",
  evidence: "Searched: {files}, Found: no evidence of {expected}"
 }
@ -134,10 +137,10 @@ Present context-aware findings:
 **Phase 1: Context-Aware Review Complete**

 **Findings:** {count}
- Critical: {count}
- High: {count}
- Medium: {count}
- Low: {count}
+- CRITICAL: {count}
+- HIGH: {count}
+- MEDIUM: {count}
+- LOW: {count}

 Proceeding to Phase 2: Adversarial Review...
 ```
--- a/src/modules/bmm/workflows/4-implementation/code-review/steps/step-04-adversarial-review.md
+++ b/src/modules/bmm/workflows/4-implementation/code-review/steps/step-04-adversarial-review.md
@ -75,29 +75,74 @@ If no baseline available, review current state of files in `{file_list}`:

 ### 2. Invoke Adversarial Review

-With `{diff_output}` constructed, invoke the review task. If possible, use information asymmetry: run this step, and only it, in a separate subagent or process with read access to the project, but no context except the `{diff_output}`.
+<critical>Use information asymmetry: separate context from review</critical>
+
+**Execution Hierarchy (try in order):**
+
+**Option A: Subagent (Preferred)**
+
+If Task tool available with subagent capability:

 ```xml
-<invoke-task>Review {diff_output} using {project-root}/_bmad/core/tasks/review-adversarial-general.xml</invoke-task>
+<invoke-task subagent="true">
+  Review {diff_output} using {project-root}/_bmad/core/tasks/review-adversarial-general.xml
+</invoke-task>
 ```

-**Platform fallback:** If task invocation not available, load the task file and execute its instructions inline, passing `{diff_output}` as the content.
+The subagent:

-The task should: review `{diff_output}` and return a list of findings.
+- Has FULL read access to the repository
+- Receives ONLY `{diff_output}` as context
+- Does NOT know story requirements, ACs, or intent
+- Reviews code purely on technical merit
+
+**Option B: CLI Fallback**
+
+If subagent not available but CLI available:
+
+```bash
+# Pipe diff to adversarial review task
+cat {diff_file} | claude --task {adversarial_review_task}
+```
+
+**Option C: Inline Execution**
+
+If neither available, load `review-adversarial-general.xml` and execute inline:
+
+1. Load task file
+2. Adopt adversarial persona
+3. Review `{diff_output}` with zero story context
+4. Generate findings

 ### 3. Process Adversarial Findings

 Capture findings from adversarial review.

-**If zero findings:** HALT - this is suspicious. Re-analyze or ask for guidance.
+**If zero findings returned:**

-Evaluate severity (Critical, High, Medium, Low) and validity (Real, Noise, Undecided).
+<critical>HALT - Zero findings is suspicious. Re-analyze or ask for guidance.</critical>

-Add each finding to `{asymmetric_findings}` (no IDs yet - assigned after merge):
+**For each finding:**
+
+Assign severity:
+
+- CRITICAL: Security vulnerabilities, data loss risks
+- HIGH: Logic errors, missing error handling
+- MEDIUM: Performance issues, code smells
+- LOW: Style, documentation
+
+Assign validity:
+
+- REAL: Genuine issue to address
+- NOISE: False positive (explain why)
+- UNDECIDED: Needs human judgment
+
+Create `{asymmetric_findings}` list:

 ```
 {
-  source: "adversarial",
+  id: "AAF-{n}",
+  source: "adversarial-review",
  severity: "...",
  validity: "...",
  description: "...",
@ -114,15 +159,15 @@ Present adversarial findings:

 **Reviewer Context:** Pure diff review (no story knowledge)
 **Findings:** {count}
- Critical: {count}
- High: {count}
- Medium: {count}
- Low: {count}
+- CRITICAL: {count}
+- HIGH: {count}
+- MEDIUM: {count}
+- LOW: {count}

 **Validity Assessment:**
- Real: {count}
- Noise: {count}
- Undecided: {count}
+- Real issues: {count}
+- Noise/false positives: {count}
+- Needs judgment: {count}

 Proceeding to findings consolidation...
 ```
@ -141,7 +186,7 @@ Proceeding to findings consolidation...

 - Diff constructed from correct source (uncommitted or commits)
 - Story file excluded from diff
- Task invoked with diff as input
+- Subagent invoked with proper isolation (or fallback used)
 - Adversarial review executed
 - Findings captured with severity and validity
 - `{asymmetric_findings}` populated
@ -153,7 +198,7 @@ Proceeding to findings consolidation...
 - Including story file in diff (breaks asymmetry)
 - Skipping adversarial review entirely
 - Accepting zero findings without halt
- Invoking task without providing diff input
+- Not using subagent when available
 - Missing severity/validity classification
 - Not storing findings for consolidation
 - No explicit NEXT directive at step completion
--- a/src/modules/bmm/workflows/4-implementation/code-review/steps/step-05-consolidate-findings.md
+++ b/src/modules/bmm/workflows/4-implementation/code-review/steps/step-05-consolidate-findings.md
@ -57,39 +57,53 @@ Keep the MORE DETAILED version:
 - If adversarial finding has better technical detail → keep that
 - When in doubt, keep context-aware (has more context)

-Note which findings were merged (for transparency in the summary).
+Mark duplicates as merged:
+
+```
+{
+  id: "CF-{n}",
+  merged_from: ["CAF-3", "AAF-2"],
+  kept_version: "CAF-3",
+  reason: "Context-aware version includes AC reference"
+}
+```

 ### 3. Normalize Severity

-Apply consistent severity scale (Critical, High, Medium, Low).
+Apply consistent severity scale:
+
+| Severity | Icon | Criteria |
+| --- | --- | --- |
+| CRITICAL | RED | Security vuln, data loss, tasks marked done but not, broken core functionality |
+| HIGH | ORANGE | Missing AC implementation, logic errors, missing critical error handling |
+| MEDIUM | YELLOW | Performance issues, incomplete features, documentation gaps |
+| LOW | GREEN | Code style, minor improvements, suggestions |

 ### 4. Filter Noise

-Review adversarial findings marked as Noise:
+Review adversarial findings marked as NOISE:

 - If clearly false positive (e.g., style preference, not actual issue) → exclude
- If questionable → keep with Undecided validity
- If context reveals it's actually valid → upgrade to Real
+- If questionable → keep with UNDECIDED validity
+- If context reveals it's actually valid → upgrade to REAL

 **Do NOT filter:**

- Any Critical or High severity
+- Any CRITICAL or HIGH severity
 - Any context-aware findings (they have story context)

-### 5. Sort and Number Findings
-
-Sort by severity (Critical → High → Medium → Low), then assign IDs: F1, F2, F3, etc.
+### 5. Create Consolidated Table

 Build `{consolidated_findings}`:

 ```markdown
 | ID | Severity | Source | Description | Location |
 |----|----------|--------|-------------|----------|
-| F1 | Critical | task-audit | Task 3 marked [x] but not implemented | src/auth.ts |
-| F2 | High | ac-validation | AC2 partially implemented | src/api/*.ts |
-| F3 | High | adversarial | Missing error handling in API calls | src/api/client.ts:45 |
-| F4 | Medium | git-discrepancy | File changed but not in story | src/utils.ts |
-| F5 | Low | adversarial | Magic number should be constant | src/config.ts:12 |
+| CF-1 | CRITICAL | task-audit | Task 3 marked [x] but not implemented | src/auth.ts |
+| CF-2 | HIGH | ac-validation | AC2 partially implemented | src/api/*.ts |
+| CF-3 | HIGH | adversarial | Missing error handling in API calls | src/api/client.ts:45 |
+| CF-4 | MEDIUM | git-discrepancy | File changed but not in story | src/utils.ts |
+| CF-5 | LOW | adversarial | Magic number should be constant | src/config.ts:12 |
 ```

 ### 6. Present Consolidated Findings
@ -101,10 +115,10 @@ Build `{consolidated_findings}`:

 **Summary:**
 - Total findings: {count}
- Critical: {count}
- High: {count}
- Medium: {count}
- Low: {count}
+- CRITICAL: {count}
+- HIGH: {count}
+- MEDIUM: {count}
+- LOW: {count}

 **Deduplication:** {merged_count} duplicate findings merged

@ -112,16 +126,16 @@ Build `{consolidated_findings}`:

 ## Findings by Severity

-### Critical (Must Fix)
+### CRITICAL (Must Fix)
 {list critical findings with full details}

-### High (Should Fix)
+### HIGH (Should Fix)
 {list high findings with full details}

-### Medium (Consider Fixing)
+### MEDIUM (Consider Fixing)
 {list medium findings}

-### Low (Nice to Fix)
+### LOW (Nice to Fix)
 {list low findings}

 ---
--- a/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-05-adversarial-review.md
+++ b/src/modules/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-05-adversarial-review.md
@ -79,7 +79,7 @@ The task should: review `{diff_output}` and return a list of findings.

 Capture the findings from the task output.
 **If zero findings:** HALT - this is suspicious. Re-analyze or request user guidance.
-Evaluate severity (Critical, High, Medium, Low) and validity (Real, Noise, Undecided).
+Evaluate severity (Critical, High, Medium, Low) and validity (real, noise, undecided).
 DO NOT exclude findings based on severity or validity unless explicitly asked to do so.
 Order findings by severity.
 Number the ordered findings (F1, F2, F3, etc.).