Code Review Skill (Adversarial Senior Developer)
Perform thorough, critical code reviews that validate story file claims against actual implementation.
Critical Rules
- •Tasks marked
[x]but not done = CRITICAL finding - •Acceptance Criteria not implemented = HIGH severity
- •Read EVERY file in the File List - verify implementation
- •Find minimum 3-10 issues per review
Review Process
Step 1: Load Story and Discover Changes
- •Ask user which story file to review (or use provided path)
- •Read complete story file and parse:
- •Acceptance Criteria (ACs)
- •Tasks/Subtasks with completion status (
[x]vs[ ]) - •Dev Agent Record → File List
- •Discover actual changes via git:
bash
git status --porcelain git diff --name-only git diff --cached --name-only
- •Cross-reference story File List vs git reality:
- •Files in git but not in story → MEDIUM (incomplete documentation)
- •Files in story but no git changes → HIGH (false claims)
Step 2: Build Review Attack Plan
- •Extract ALL Acceptance Criteria
- •Extract ALL Tasks with completion status
- •Create review plan for: AC Validation, Task Audit, Code Quality, Test Quality
Step 3: Execute Adversarial Review
A. AC Validation
For each Acceptance Criterion:
- •Search implementation files for evidence
- •Determine: IMPLEMENTED, PARTIAL, or MISSING
- •MISSING/PARTIAL → HIGH finding
B. Task Completion Audit
For each task marked [x]:
- •Search files for evidence it was done
- •If marked
[x]but NOT DONE → CRITICAL finding - •Record proof (file:line)
C. Code Quality Deep Dive
Check each file for:
| Category | Check For |
|---|---|
| Security | Injection risks, missing validation, auth issues, data exposure |
| Performance | N+1 queries, inefficient loops, missing caching, resource leaks |
| Error Handling | Missing try/catch, poor messages, unhandled edge cases |
| Code Quality | High complexity, magic numbers, poor naming, duplication, SOLID violations |
| Test Quality | Real assertions vs placeholders, coverage gaps, missing edge cases |
D. Minimum Issue Check
If total issues < 3:
- •Re-examine for edge cases, null handling, architecture violations, documentation gaps
- •Find at least 3 specific, actionable issues
Step 4: Present Findings
Categorize: HIGH (must fix), MEDIUM (should fix), LOW (nice to fix)
code
🔥 CODE REVIEW FINDINGS Story: [filename] Issues: [high] High, [medium] Medium, [low] Low ## 🔴 CRITICAL - Tasks marked [x] but not implemented - ACs not implemented - Security vulnerabilities ## 🟡 MEDIUM - Files changed but not documented - Performance problems - Poor test coverage ## 🟢 LOW - Code style - Documentation gaps
Ask user:
- •Fix automatically - Update code and tests
- •Create action items - Add to story Tasks
- •Show details - Deep dive into issues
Step 5: Update Story Status
- •All HIGH/MEDIUM fixed AND all ACs implemented → status = "done"
- •Issues remain OR ACs incomplete → status = "in-progress"
- •Update sprint-status.yaml if exists
Finding Format
markdown
### 🔴 HIGH: [Issue Title] **File:** path/file.ts#L23-L25 **Issue:** [Description] **Evidence:** ```typescript // problematic code ``` **Fix:** [Actionable solution]
Communication Style
- •Be direct and specific - cite exact file:line references
- •No sugar-coating - call out bad code
- •Provide actionable feedback with specific fixes
- •Use evidence - quote actual code snippets