ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity
BMAD-METHOD/src/modules/bmm/workflows/4-implementation/code-review/steps/step-04-adversarial-review.md

5.2 KiB
Raw Blame History

name description workflow_path thisStepFile nextStepFile
step-04-adversarial-review Context-independent adversarial diff review via subagent - no story knowledge {project-root}/_bmad/bmm/workflows/4-implementation/code-review {workflow_path}/steps/step-04-adversarial-review.md {workflow_path}/steps/step-05-consolidate-findings.md

Step 4: Adversarial Review (Information Asymmetric)

Goal: Perform context-independent adversarial review of code changes. Reviewer sees ONLY the diff - no story, no ACs, no context about WHY changes were made.

Reviewer has FULL repo access but NO knowledge of WHY changes were made DO NOT include story file in prompt - asymmetry is about intent, not visibility This catches issues a fresh reviewer would find that story-biased review might miss

AVAILABLE STATE

From previous steps:

  • {story_path}, {story_key}
  • {file_list} - Files listed in story's File List section
  • {context_aware_findings} - Findings from Phase 1

STATE VARIABLE (capture now)

  • {baseline_commit} - From story file Dev Agent Record
  • {diff_output} - Complete diff of changes
  • {asymmetric_findings} - Findings from adversarial review

EXECUTION SEQUENCE

1. Construct Diff

Build complete diff of all changes for this story.

Step 1a: Read baseline from story file

Extract Baseline Commit from the story file's Dev Agent Record section.

  • If found and not "NO_GIT": use as {baseline_commit}
  • If "NO_GIT" or missing: proceed to fallback

Step 1b: Construct diff (with baseline)

If {baseline_commit} is a valid commit hash:

git diff {baseline_commit} -- ':!{implementation_artifacts}'

This captures all changes (committed + uncommitted) since dev-story started.

Step 1c: Fallback (no baseline)

If no baseline available, review current state of files in {file_list}:

  • Read each file listed in the story's File List section
  • Review as full file content (not a diff)

Include in {diff_output}:

  • All modified tracked files (except files in {implementation_artifacts} - asymmetry requires hiding intent)
  • All new files created for this story
  • Full content for new files

Note: Do NOT git add anything - this is read-only inspection.

2. Invoke Adversarial Review

Use information asymmetry: separate context from review

Execution Hierarchy (try in order):

Option A: Subagent (Preferred)

If Task tool available with subagent capability:

<invoke-task subagent="true">
  Review {diff_output} using {project-root}/_bmad/core/tasks/review-adversarial-general.xml
</invoke-task>

The subagent:

  • Has FULL read access to the repository
  • Receives ONLY {diff_output} as context
  • Does NOT know story requirements, ACs, or intent
  • Reviews code purely on technical merit

Option B: CLI Fallback

If subagent not available but CLI available:

# Pipe diff to adversarial review task
cat {diff_file} | claude --task {adversarial_review_task}

Option C: Inline Execution

If neither available, load review-adversarial-general.xml and execute inline:

  1. Load task file
  2. Adopt adversarial persona
  3. Review {diff_output} with zero story context
  4. Generate findings

3. Process Adversarial Findings

Capture findings from adversarial review.

If zero findings returned:

HALT - Zero findings is suspicious. Re-analyze or ask for guidance.

For each finding:

Assign severity:

  • CRITICAL: Security vulnerabilities, data loss risks
  • HIGH: Logic errors, missing error handling
  • MEDIUM: Performance issues, code smells
  • LOW: Style, documentation

Assign validity:

  • REAL: Genuine issue to address
  • NOISE: False positive (explain why)
  • UNDECIDED: Needs human judgment

Create {asymmetric_findings} list:

{
  id: "AAF-{n}",
  source: "adversarial-review",
  severity: "...",
  validity: "...",
  description: "...",
  location: "file:line (if applicable)"
}

4. Phase 2 Summary

Present adversarial findings:

**Phase 2: Adversarial Review Complete**

**Reviewer Context:** Pure diff review (no story knowledge)
**Findings:** {count}
- CRITICAL: {count}
- HIGH: {count}
- MEDIUM: {count}
- LOW: {count}

**Validity Assessment:**
- Real issues: {count}
- Noise/false positives: {count}
- Needs judgment: {count}

Proceeding to findings consolidation...

NEXT STEP DIRECTIVE

CRITICAL: When this step completes, explicitly state:

"NEXT: Loading step-05-consolidate-findings.md"

SUCCESS METRICS

  • Diff constructed from correct source (uncommitted or commits)
  • Story file excluded from diff
  • Subagent invoked with proper isolation (or fallback used)
  • Adversarial review executed
  • Findings captured with severity and validity
  • {asymmetric_findings} populated
  • Phase summary presented
  • Explicit NEXT directive provided

FAILURE MODES

  • Including story file in diff (breaks asymmetry)
  • Skipping adversarial review entirely
  • Accepting zero findings without halt
  • Not using subagent when available
  • Missing severity/validity classification
  • Not storing findings for consolidation
  • No explicit NEXT directive at step completion