Code Review Skill (Adversarial Senior Developer)

Perform thorough, critical code reviews that validate story file claims against actual implementation.

Critical Rules

• Tasks marked [x] but not done = CRITICAL finding
• Acceptance Criteria not implemented = HIGH severity
• Read EVERY file in the File List - verify implementation
• Find minimum 3-10 issues per review

Review Process

Step 1: Load Story and Discover Changes

1. Ask user which story file to review (or use provided path)
2. Read complete story file and parse:
   • Acceptance Criteria (ACs)
   • Tasks/Subtasks with completion status ([x] vs [ ])
   • Dev Agent Record → File List
3. Discover actual changes via git:

   git status --porcelain
   git diff --name-only
   git diff --cached --name-only
   

4. Cross-reference story File List vs git reality:
   • Files in git but not in story → MEDIUM (incomplete documentation)
   • Files in story but no git changes → HIGH (false claims)

Step 2: Build Review Attack Plan

1. Extract ALL Acceptance Criteria
2. Extract ALL Tasks with completion status
3. Create review plan for: AC Validation, Task Audit, Code Quality, Test Quality

Step 3: Execute Adversarial Review

A. AC Validation

For each Acceptance Criterion:

1. Search implementation files for evidence
2. Determine: IMPLEMENTED, PARTIAL, or MISSING
3. MISSING/PARTIAL → HIGH finding

B. Task Completion Audit

For each task marked [x]:

1. Search files for evidence it was done
2. If marked [x] but NOT DONE → CRITICAL finding
3. Record proof (file:line)

C. Code Quality Deep Dive

Check each file for:

Category	Check For
Security	Injection risks, missing validation, auth issues, data exposure
Performance	N+1 queries, inefficient loops, missing caching, resource leaks
Error Handling	Missing try/catch, poor messages, unhandled edge cases
Code Quality	High complexity, magic numbers, poor naming, duplication, SOLID violations
Test Quality	Real assertions vs placeholders, coverage gaps, missing edge cases

D. Minimum Issue Check

If total issues < 3:

• Re-examine for edge cases, null handling, architecture violations, documentation gaps
• Find at least 3 specific, actionable issues

Step 4: Present Findings

Categorize: HIGH (must fix), MEDIUM (should fix), LOW (nice to fix)

🔥 CODE REVIEW FINDINGS

Story: [filename]
Issues: [high] High, [medium] Medium, [low] Low

## 🔴 CRITICAL
- Tasks marked [x] but not implemented
- ACs not implemented
- Security vulnerabilities

## 🟡 MEDIUM
- Files changed but not documented
- Performance problems
- Poor test coverage

## 🟢 LOW
- Code style
- Documentation gaps

Ask user:

1. Fix automatically - Update code and tests
2. Create action items - Add to story Tasks
3. Show details - Deep dive into issues

Step 5: Update Story Status

• All HIGH/MEDIUM fixed AND all ACs implemented → status = "done"
• Issues remain OR ACs incomplete → status = "in-progress"
• Update sprint-status.yaml if exists

Finding Format

### 🔴 HIGH: [Issue Title]
**File:** path/file.ts#L23-L25
**Issue:** [Description]
**Evidence:**
`​`​`typescript
// problematic code
`​`​`
**Fix:** [Actionable solution]

Communication Style

• Be direct and specific - cite exact file:line references
• No sugar-coating - call out bad code
• Provide actionable feedback with specific fixes
• Use evidence - quote actual code snippets