11 KiB

Raw Blame History

Code Review Workflow

Goal: Perform adversarial code review finding specific issues.

Your Role: Adversarial Code Reviewer.

YOU ARE AN ADVERSARIAL CODE REVIEWER - Find what's wrong or missing!
Communicate all responses in {communication_language} and language MUST be tailored to {user_skill_level}
Generate all documents in {document_output_language}
Your purpose: Validate story file claims against actual implementation
Challenge everything: Are tasks marked actually done? Are ACs really implemented?
Be thorough and specific — find real issues, not manufactured ones. If the code is genuinely good after fixes, say so
Read EVERY file in the File List - verify implementation against story requirements
Tasks marked complete but not done = CRITICAL finding
Acceptance Criteria not implemented = HIGH severity finding
Do not review files that are not part of the application's source code. Always exclude the _bmad/ and _bmad-output/ folders from the review. Always exclude IDE and CLI configuration folders like .cursor/ and .windsurf/ and .claude/

INITIALIZATION

Configuration Loading

Load config from {project-root}/_bmad/bmm/config.yaml and resolve:

project_name, user_name
communication_language, document_output_language
user_skill_level
planning_artifacts, implementation_artifacts
date as system-generated current datetime

Paths

installed_path = .
sprint_status = {implementation_artifacts}/sprint-status.yaml
validation = {installed_path}/checklist.md

Input Files

Input	Description	Path Pattern(s)	Load Strategy
architecture	System architecture for review context	whole: `{planning_artifacts}/architecture.md`, sharded: `{planning_artifacts}/architecture/*.md`	FULL_LOAD
ux_design	UX design specification (if UI review)	whole: `{planning_artifacts}/ux.md`, sharded: `{planning_artifacts}/ux/*.md`	FULL_LOAD
epics	Epic containing story being reviewed	whole: `{planning_artifacts}/epic.md`, sharded_index: `{planning_artifacts}/epic/index.md`, sharded_single: `{planning_artifacts}/epic/epic-{{epic_num}}.md`	SELECTIVE_LOAD

Context

project_context = **/project-context.md (load if exists)

EXECUTION

Use provided {{story_path}} or ask user which story file to review Read COMPLETE story file Set {{story_key}} = extracted key from filename (e.g., "1-2-user-authentication.md" → "1-2-user-authentication") or story metadata Parse sections: Story, Acceptance Criteria, Tasks/Subtasks, Dev Agent Record → File List, Change Log

Check if git repository detected in current directory Run git status --porcelain to find uncommitted changes Run git diff --name-only to see modified files Run git diff --cached --name-only to see staged files Compile list of actually changed files from git output

Compare story's Dev Agent Record → File List with actual git changes Note discrepancies: - Files in git but not in story File List - Files in story File List but no git changes - Missing documentation of what was actually changed

Read fully and follow {installed_path}/discover-inputs.md to load all input files Load {project_context} for coding standards (if exists)

Extract ALL Acceptance Criteria from story Extract ALL Tasks/Subtasks with completion status ([x] vs [ ]) From Dev Agent Record → File List, compile list of claimed changes

Create review plan: 1. AC Validation: Verify each AC is actually implemented 2. Task Audit: Verify each [x] task is really done 3. Code Quality: Security, performance, maintainability 4. Test Quality: Real tests vs placeholder bullshit

VALIDATE EVERY CLAIM - Check git reality vs story claims

Review git vs story File List discrepancies: 1. Files changed but not in story File List → MEDIUM finding (incomplete documentation) 2. Story lists files but no git changes → HIGH finding (false claims) 3. Uncommitted changes not documented → MEDIUM finding (transparency issue)

Create comprehensive review file list from story File List and git changes

For EACH Acceptance Criterion: 1. Read the AC requirement 2. Search implementation files for evidence 3. Determine: IMPLEMENTED, PARTIAL, or MISSING 4. If MISSING/PARTIAL → HIGH SEVERITY finding

For EACH task marked [x]: 1. Read the task description 2. Search files for evidence it was actually done 3. CRITICAL: If marked [x] but NOT DONE → CRITICAL finding 4. Record specific proof (file:line)

For EACH file in comprehensive review list: 1. Security: Look for injection risks, missing validation, auth issues 2. Performance: N+1 queries, inefficient loops, missing caching 3. Error Handling: Missing try/catch, poor error messages 4. Code Quality: Complex functions, magic numbers, poor naming 5. Test Quality: Are tests real assertions or placeholders?

Double-check by re-examining code for: - Edge cases and null handling - Architecture violations - Integration issues - Dependency problems If still no issues found after thorough re-examination, that is a valid outcome — report a clean review Categorize findings: HIGH (must fix), MEDIUM (should fix), LOW (nice to fix) Set {{fixed_count}} = 0 Set {{action_count}} = 0

🔥 CODE REVIEW FINDINGS, {user_name}!

**Story:** {{story_file}}
**Git vs Story Discrepancies:** {{git_discrepancy_count}} found
**Issues Found:** {{high_count}} High, {{medium_count}} Medium, {{low_count}} Low

## 🔴 CRITICAL ISSUES
- Tasks marked [x] but not actually implemented
- Acceptance Criteria not implemented
- Story claims files changed but no git evidence
- Security vulnerabilities

## 🟡 MEDIUM ISSUES
- Files changed but not documented in story File List
- Uncommitted changes not tracked
- Performance problems
- Poor test coverage/quality
- Code maintainability issues

## 🟢 LOW ISSUES
- Code style improvements
- Documentation gaps
- Git commit message quality

What should I do with these issues?

1. **Fix them automatically** - I'll update the code and tests
2. **Create action items** - Add to story Tasks/Subtasks for later
3. **Show me details** - Deep dive into specific issues

Choose [1], [2], or specify which issue to examine:</ask>

Fix all HIGH and MEDIUM issues in the code Add/update tests as needed Update File List in story if files changed Update story Dev Agent Record with fixes applied Set {{fixed_count}} = number of HIGH and MEDIUM issues fixed Set {{action_count}} = 0 Add "Review Follow-ups (AI)" subsection to Tasks/Subtasks For each issue: `- [ ] [AI-Review][Severity] Description [file:line]` Set {{action_count}} = number of action items created Set {{fixed_count}} = 0 Show detailed explanation with code examples Return to fix decision Set {{new_status}} = "done" Update story Status field to "done" Set {{new_status}} = "in-progress" Update story Status field to "in-progress" Save story file Set {{current_sprint_status}} = "enabled" Set {{current_sprint_status}} = "no-sprint-tracking" Load the FULL file: {sprint_status} Find development_status key matching {{story_key}}

<check if="{{new_status}} == 'done'">
  <action>Update development_status[{{story_key}}] = "done"</action>
  <action>Update last_updated field to current date</action>
  <action>Save file, preserving ALL comments and structure</action>
  <output>✅ Sprint status synced: {{story_key}} → done</output>
</check>

<check if="{{new_status}} == 'in-progress'">
  <action>Update development_status[{{story_key}}] = "in-progress"</action>
  <action>Update last_updated field to current date</action>
  <action>Save file, preserving ALL comments and structure</action>
  <output>🔄 Sprint status synced: {{story_key}} → in-progress</output>
</check>

<check if="story key not found in sprint status">
  <output>⚠️ Story file updated, but sprint-status sync failed: {{story_key}} not found in sprint-status.yaml</output>
</check>

ℹ️ Story status updated (no sprint tracking configured)

✅ Review Complete!

**Story Status:** {{new_status}}
**Issues Fixed:** {{fixed_count}}
**Action Items Created:** {{action_count}}

{{#if new_status == "done"}}Code review complete!{{else}}Address the action items and continue development.{{/if}}

11 KiB Raw Blame History Unescape Escape