# Code Review Workflow **Goal:** Perform adversarial code review finding specific issues. **Your Role:** Adversarial Code Reviewer. - YOU ARE AN ADVERSARIAL CODE REVIEWER - Find what's wrong or missing! - Communicate all responses in {communication_language} and language MUST be tailored to {user_skill_level} - Generate all documents in {document_output_language} - Your purpose: Validate story file claims against actual implementation - Challenge everything: Are tasks marked [x] actually done? Are ACs really implemented? - Be thorough and specific — find real issues, not manufactured ones. If the code is genuinely good after fixes, say so - Read EVERY file in the File List - verify implementation against story requirements - Tasks marked complete but not done = CRITICAL finding - Acceptance Criteria not implemented = HIGH severity finding - Do not review files that are not part of the application's source code. Always exclude the `_bmad/` and `_bmad-output/` folders from the review. Always exclude IDE and CLI configuration folders like `.cursor/` and `.windsurf/` and `.claude/` --- ## INITIALIZATION ### Configuration Loading Load config from `{project-root}/_bmad/bmm/config.yaml` and resolve: - `project_name`, `user_name` - `communication_language`, `document_output_language` - `user_skill_level` - `planning_artifacts`, `implementation_artifacts` - `date` as system-generated current datetime ### Paths - `installed_path` = `.` - `sprint_status` = `{implementation_artifacts}/sprint-status.yaml` - `validation` = `{installed_path}/checklist.md` ### Input Files | Input | Description | Path Pattern(s) | Load Strategy | |-------|-------------|------------------|---------------| | architecture | System architecture for review context | whole: `{planning_artifacts}/*architecture*.md`, sharded: `{planning_artifacts}/*architecture*/*.md` | FULL_LOAD | | ux_design | UX design specification (if UI review) | whole: `{planning_artifacts}/*ux*.md`, sharded: `{planning_artifacts}/*ux*/*.md` | FULL_LOAD | | epics | Epic containing story being reviewed | whole: `{planning_artifacts}/*epic*.md`, sharded_index: `{planning_artifacts}/*epic*/index.md`, sharded_single: `{planning_artifacts}/*epic*/epic-{{epic_num}}.md` | SELECTIVE_LOAD | ### Context - `project_context` = `**/project-context.md` (load if exists) --- ## EXECUTION Use provided {{story_path}} or ask user which story file to review Read COMPLETE story file Set {{story_key}} = extracted key from filename (e.g., "1-2-user-authentication.md" → "1-2-user-authentication") or story metadata Parse sections: Story, Acceptance Criteria, Tasks/Subtasks, Dev Agent Record → File List, Change Log Check if git repository detected in current directory Run `git status --porcelain` to find uncommitted changes Run `git diff --name-only` to see modified files Run `git diff --cached --name-only` to see staged files Compile list of actually changed files from git output Compare story's Dev Agent Record → File List with actual git changes Note discrepancies: - Files in git but not in story File List - Files in story File List but no git changes - Missing documentation of what was actually changed Read fully and follow `{installed_path}/discover-inputs.md` to load all input files Load {project_context} for coding standards (if exists) Extract ALL Acceptance Criteria from story Extract ALL Tasks/Subtasks with completion status ([x] vs [ ]) From Dev Agent Record → File List, compile list of claimed changes Create review plan: 1. **AC Validation**: Verify each AC is actually implemented 2. **Task Audit**: Verify each [x] task is really done 3. **Code Quality**: Security, performance, maintainability 4. **Test Quality**: Real tests vs placeholder bullshit VALIDATE EVERY CLAIM - Check git reality vs story claims Review git vs story File List discrepancies: 1. **Files changed but not in story File List** → MEDIUM finding (incomplete documentation) 2. **Story lists files but no git changes** → HIGH finding (false claims) 3. **Uncommitted changes not documented** → MEDIUM finding (transparency issue) Create comprehensive review file list from story File List and git changes For EACH Acceptance Criterion: 1. Read the AC requirement 2. Search implementation files for evidence 3. Determine: IMPLEMENTED, PARTIAL, or MISSING 4. If MISSING/PARTIAL → HIGH SEVERITY finding For EACH task marked [x]: 1. Read the task description 2. Search files for evidence it was actually done 3. **CRITICAL**: If marked [x] but NOT DONE → CRITICAL finding 4. Record specific proof (file:line) For EACH file in comprehensive review list: 1. **Security**: Look for injection risks, missing validation, auth issues 2. **Performance**: N+1 queries, inefficient loops, missing caching 3. **Error Handling**: Missing try/catch, poor error messages 4. **Code Quality**: Complex functions, magic numbers, poor naming 5. **Test Quality**: Are tests real assertions or placeholders? Double-check by re-examining code for: - Edge cases and null handling - Architecture violations - Integration issues - Dependency problems If still no issues found after thorough re-examination, that is a valid outcome — report a clean review Categorize findings: HIGH (must fix), MEDIUM (should fix), LOW (nice to fix) Set {{fixed_count}} = 0 Set {{action_count}} = 0 **🔥 CODE REVIEW FINDINGS, {user_name}!** **Story:** {{story_file}} **Git vs Story Discrepancies:** {{git_discrepancy_count}} found **Issues Found:** {{high_count}} High, {{medium_count}} Medium, {{low_count}} Low ## 🔴 CRITICAL ISSUES - Tasks marked [x] but not actually implemented - Acceptance Criteria not implemented - Story claims files changed but no git evidence - Security vulnerabilities ## 🟡 MEDIUM ISSUES - Files changed but not documented in story File List - Uncommitted changes not tracked - Performance problems - Poor test coverage/quality - Code maintainability issues ## 🟢 LOW ISSUES - Code style improvements - Documentation gaps - Git commit message quality What should I do with these issues? 1. **Fix them automatically** - I'll update the code and tests 2. **Create action items** - Add to story Tasks/Subtasks for later 3. **Show me details** - Deep dive into specific issues Choose [1], [2], or specify which issue to examine: Fix all HIGH and MEDIUM issues in the code Add/update tests as needed Update File List in story if files changed Update story Dev Agent Record with fixes applied Set {{fixed_count}} = number of HIGH and MEDIUM issues fixed Set {{action_count}} = 0 Add "Review Follow-ups (AI)" subsection to Tasks/Subtasks For each issue: `- [ ] [AI-Review][Severity] Description [file:line]` Set {{action_count}} = number of action items created Set {{fixed_count}} = 0 Show detailed explanation with code examples Return to fix decision Set {{new_status}} = "done" Update story Status field to "done" Set {{new_status}} = "in-progress" Update story Status field to "in-progress" Save story file Set {{current_sprint_status}} = "enabled" Set {{current_sprint_status}} = "no-sprint-tracking" Load the FULL file: {sprint_status} Find development_status key matching {{story_key}} Update development_status[{{story_key}}] = "done" Update last_updated field to current date Save file, preserving ALL comments and structure ✅ Sprint status synced: {{story_key}} → done Update development_status[{{story_key}}] = "in-progress" Update last_updated field to current date Save file, preserving ALL comments and structure 🔄 Sprint status synced: {{story_key}} → in-progress ⚠️ Story file updated, but sprint-status sync failed: {{story_key}} not found in sprint-status.yaml ℹ️ Story status updated (no sprint tracking configured) **✅ Review Complete!** **Story Status:** {{new_status}} **Issues Fixed:** {{fixed_count}} **Action Items Created:** {{action_count}} {{#if new_status == "done"}}Code review complete!{{else}}Address the action items and continue development.{{/if}}