codeflash-ai/codeflash-agent
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
codeflash-agent/plugin/references/shared/adversarial-review.md
Kevin Turcios 3b59d97647 squash
2026-04-13 14:12:17 -05:00

2.2 KiB
Raw Permalink Blame History

Codex Adversarial Review

MANDATORY after Pre-Submit Review passes. Before declaring [complete], run an adversarial review using the Codex CLI to challenge your implementation from an outside perspective.

Why

Your pre-submit review checks your own work against a checklist. The adversarial review is different — it actively tries to break confidence in your changes by looking for auth gaps, data loss risks, race conditions, rollback hazards, and design assumptions that fail under stress. It catches classes of issues that self-review misses.

How

Run the Codex adversarial review against your branch diff:

node "${CLAUDE_PLUGIN_ROOT}/vendor/codex/scripts/codex-companion.mjs" adversarial-review --scope branch --wait

This reviews all commits on your branch vs the base branch. The output is a structured JSON report with:

  • verdict: approve or needs-attention
  • findings: each with severity, file, line range, confidence score, and recommendation
  • next_steps: suggested actions

Handling findings

  1. If verdict is approve: Note in HANDOFF.md under "Adversarial review: passed". Proceed to [complete].
  2. If verdict is needs-attention:
    • For each finding with confidence >= 0.7: investigate and fix if the finding is valid. Re-run tests after each fix.
    • For each finding with confidence < 0.7: assess whether the concern is grounded. If it's speculative or doesn't apply, note why in HANDOFF.md and move on.
    • After addressing all actionable findings, re-run the adversarial review to confirm.
    • Only proceed to [complete] when the review returns approve or all remaining findings have been investigated and documented as non-applicable.

Progress reporting

[adversarial-review] Running Codex adversarial review against branch diff...
[adversarial-review] Verdict: needs-attention (2 findings: 1 high, 1 medium)
[adversarial-review] Fixing: HIGH — race condition in cache update (serializer.py:28, confidence: 0.9)
[adversarial-review] Dismissed: MEDIUM — speculative timeout concern (loader.py:55, confidence: 0.4) — not applicable, connection pool handles retries
[adversarial-review] Re-running review after fixes...
[adversarial-review] Verdict: approve. Proceeding to complete.