[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-82180":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":15,"subscribersCount":15,"size":15,"stars1d":13,"stars7d":16,"stars30d":17,"stars90d":15,"forks30d":15,"starsTrendScore":18,"compositeScore":19,"rankGlobal":10,"rankLanguage":10,"license":20,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":23,"hasPages":21,"topics":24,"createdAt":10,"pushedAt":10,"updatedAt":25,"readmeContent":26,"aiSummary":27,"trendingCount":15,"starSnapshotCount":15,"syncStatus":28,"lastSyncTime":29,"discoverSource":30},82180,"adverse","addyosmani\u002Fadverse","addyosmani","Multi-agent adversarial code review for any coding agent","",null,"JavaScript",29,3,21,0,6,8,9,51.61,"MIT License",false,"main",true,[],"2026-06-12 04:01:37","# adverse\n\nMulti-agent adversarial code review for **any** coding agent. Ships as both a standalone **CLI** and a Claude Code **Skill** — pick whichever fits your workflow, the underlying logic is the same Node.js code.\n\n```\n$ adverse review .\u002Fsrc\n⏳ collecting source...\n 42 files in .\u002Fsrc\n⏳ round 1: 3 reviewers in parallel...\n ✓ auditor: 5 findings, conditional (38.2s)\n ✓ adversary: 3 findings, reject (44.7s)\n ✓ pragmatist: 4 findings, approve (29.1s)\n⏳ round 2: 3 reviewers cross-examining...\n ✓ auditor: 2 validated, 1 challenged, 0 added\n ✓ adversary: 4 validated, 0 challenged, 1 added\n ✓ pragmatist: 1 validated, 2 challenged, 0 added\n⏳ synthesizing...\n\n# Adversarial Code Review\n\n**Verdict:** SHIP-WITH-CAVEATS (2\u002F3 ship, 1\u002F3 block)\n**Findings:** 3 critical · 5 warning · 1 info\n\n## Cross-validated findings (multiple reviewers reported independently)\n### 🔴 [CRITICAL] SQL injection in query builder — db.py:22\n…\n```\n\n## Two ways to run it\n\n### As a CLI\n\nWraps any coding-agent CLI that reads stdin and writes stdout — Claude Code, Codex CLI, Gemini, Aider, Ollama. Good when you want to gate CI, run from a Makefile, or use a non-Anthropic model.\n\n```bash\nnpm install -g adverse\n# or run directly without installing:\nnpx adverse review .\u002Fsrc\n```\n\n### As a Claude Code Skill\n\nThe skill is in [`skills\u002Fadverse-review\u002F`](skills\u002Fadverse-review\u002F). One-liner install via [skills.sh](https:\u002F\u002Fskills.sh\u002F):\n\n```bash\nnpx skills add addyosmani\u002Fadverse\n```\n\nThat clones the repo, locates `skills\u002Fadverse-review\u002F`, and installs it to `~\u002F.claude\u002Fskills\u002Fadverse-review\u002F` (or `.claude\u002Fskills\u002F` with `--project`). Re-run to update. If you'd rather pin the exact subpath, `npx skills add https:\u002F\u002Fgithub.com\u002Faddyosmani\u002Fadverse\u002Ftree\u002Fmain\u002Fskills\u002Fadverse-review` works too. Or do it by hand:\n\n```bash\ngit clone https:\u002F\u002Fgithub.com\u002Faddyosmani\u002Fadverse.git ~\u002F.adverse-source\nmkdir -p ~\u002F.claude\u002Fskills\nln -s ~\u002F.adverse-source\u002Fskills\u002Fadverse-review ~\u002F.claude\u002Fskills\u002Fadverse-review\n```\n\nInside Claude Code, ask for \"adversarial review\", \"adverse review of these changes\", or \"review my changes from multiple angles\" — or hit `\u002Fadverse-review`. The skill handles scope detection (uncommitted changes vs branch diff vs full tree), spawns three reviewer subagents in parallel via Claude Code's native Agent tool (no nested-auth issues, no subprocess overhead), runs the cross-review round, and calls a small Node helper for the deterministic synthesis step. Needs `node` ≥ 20 on PATH; no `npm install`.\n\nBoth modes share the same `src\u002F` core, so a finding the CLI flags is the same finding the Skill flags — no drift between the two.\n\n## Why this design\n\nThe naive way to do \"AI code review\" is one model, one shot. You get one perspective with all the blind spots that perspective has.\n\nThe next step up is what some prior projects did: two **different** models (Claude + GPT Codex), so each catches what the other misses. This works but it's expensive, slow, requires two API keys, and ties you to whichever two providers the script knows about.\n\n`adverse` does the third thing: one model, three **personas**, with explicit cross-examination between them. The personas are designed to be orthogonal — Auditor catches logic bugs the Adversary won't go looking for; the Adversary names attack chains the Auditor won't think about; the Pragmatist sees the design problem both of the others ignore. Then in round 2 each persona has to go on record about the others' findings — validate or challenge — so the synthesizer can tell you which findings have multi-perspective support and which are one reviewer's hunch.\n\nTrade-off, named honestly: a single model running three personas has anchoring bias that two separate models don't. The cross-review round mitigates this (each persona must defend a position visible to the others), and the personas themselves are written with explicit \"stay in your lane \u002F do not duplicate the others\" instructions. But if you genuinely need decorrelated outputs across the model boundary, run `adverse` twice with different agents and diff the reports.\n\n## Install\n\n```bash\n# global install (gives you the `adverse` binary on PATH)\nnpm install -g adverse\n\n# or one-shot\nnpx adverse review .\u002Fsrc\n```\n\nRequires Node.js 20+. Zero runtime dependencies.\n\n## CLI usage\n\n```bash\n# Default: review the current directory using `claude -p`.\nadverse review\n\n# Specific path with a specific agent.\nadverse review .\u002Fsrc --agent \"claude -p\"\nadverse review .\u002Fsrc --agent \"codex exec --quiet\"\nadverse review .\u002Fsrc --agent \"gemini\"\nadverse review .\u002Fsrc --agent \"ollama run llama3.1\"\n\n# Review only the changes on this branch.\nadverse review --diff main\n\n# Review uncommitted changes.\nadverse review --diff\n\n# Save the report to a file (markdown, JSON, and self-contained HTML).\nadverse review --out review.md --json-out review.json --html-out review.html\n\n# Skip cross-review (faster, less rigorous).\nadverse review --single-round\n\n# Run a different subset of personas.\nadverse review --personas auditor,adversary\n\n# See what came back from each agent (for debugging).\nadverse review --save-artifacts .\u002F.adverse-debug --verbose\n```\n\nThe `--agent` flag accepts any command that reads a prompt from stdin and writes a response to stdout. Adverse handles the common output shapes — plain text, fenced JSON, Claude's `{\"result\": \"...\"}` wrapper, Anthropic content-block format — and retries once with feedback if the agent's first response doesn't parse.\n\n### Environment variables\n\n| Variable | Effect |\n|---|---|\n| `ADVERSE_AGENT` | Default for `--agent` (e.g. `export ADVERSE_AGENT=\"codex exec --quiet\"`). |\n| `ADVERSE_LIVE` | Set to `1` to run the live-Claude integration tests. |\n\n### Exit codes\n\n| Code | Meaning |\n|---|---|\n| 0 | Review completed; verdict was approve, conditional, or hold |\n| 1 | Review completed; verdict was reject |\n| 2 | Bad arguments (target missing, unknown persona, etc.) |\n| 3 | Fewer than 2 reviewers produced valid output — synthesis aborted |\n\nCode 1 is what you wire into a CI gate.\n\n### `synthesize` subcommand\n\nUsed internally by the Skill, also useful standalone if you have round-1\u002Fround-2 JSON from somewhere else and just want the report:\n\n```bash\nadverse synthesize \\\n --round1 round1-combined.json \\\n --round2 round2-combined.json \\\n --out report.md \\\n --html-out report.html\n```\n\n## The personas\n\n| Persona | Lens |\n|------------- |------------------------------------------|\n| **Auditor** | Correctness, logic, and algorithmic soundness — does this code compute the right answer? |\n| **Adversary** | Security, abuse, trust boundaries — what can a hostile caller do? |\n| **Pragmatist** | Maintainability, complexity, design fit — will this survive contact with reality? |\n\n`adverse personas` prints them at runtime. Each persona's full system prompt is in [`src\u002Fpersonas.mjs`](src\u002Fpersonas.mjs); they're written with explicit \"what's in scope \u002F what's out of scope\" rules so they don't duplicate each other's work. Keep new personas orthogonal to the existing three — overlap costs money for no signal.\n\n## How it works\n\n```\n┌──────────────────────────────────────────────────────────────────────┐\n│ Round 1 — Independent Reviews (parallel, 3 calls) │\n│ Each persona reviews the code with only its own lens. │\n│ Output: { verdict, summary, findings[] } │\n├──────────────────────────────────────────────────────────────────────┤\n│ Round 2 — Cross-Review (parallel, 3 calls) │\n│ Each persona sees all three round-1 reviews and: │\n│ • validates findings it agrees with │\n│ • challenges findings it thinks are wrong \u002F overstated │\n│ • adds new findings the other angles surfaced │\n├──────────────────────────────────────────────────────────────────────┤\n│ Synthesis — Deterministic (no LLM) │\n│ Merge findings, score consensus, render report: │\n│ cross-validated → reported by ≥2 personas │\n│ consensus → reported by 1, validated by another │\n│ disputed → reported by 1, challenged by another │\n│ solo → reported by 1, no cross-talk │\n└──────────────────────────────────────────────────────────────────────┘\n```\n\nSynthesis is **deterministic Node code**, not another LLM call. A fourth model invocation would cost more, add another failure mode, and inherit the same single-model bias the personas have. Counting validate \u002F challenge edges is enough.\n\nPer review: 6 model invocations (3 round-1 + 3 round-2). `--single-round` halves it. Wall time is roughly twice the slowest single invocation since personas run in parallel within each round.\n\n## Tests\n\n```bash\nnpm test # 111 unit + contract tests, no API calls. Fast (~1s).\nnpm run test:live # Live tests against `claude -p`. Requires `claude` on\n # PATH and auth — won't pass from inside a nested Claude\n # Code session because subprocesses don't inherit auth.\n```\n\nCoverage includes JSON-extraction across every wrapper shape Claude Code can produce (`{\"result\": ...}`, content-block, plain-string, fenced markdown, banner-then-JSON, raw), validator and synthesis logic, source collection, retry behavior, full CLI subprocess flow. Contract tests in [`tests\u002Ffixtures\u002Fclaude-cli\u002F`](tests\u002Ffixtures\u002Fclaude-cli\u002F) pin the wrapper shapes — drop a new file in there when Claude ships a CLI change and the suite picks it up automatically.\n\n## Project layout\n\n```\nsrc\u002F # Shared core, used by both CLI and Skill\n personas.mjs # Three persona system prompts\n prompts.mjs # Phase-1\u002FPhase-2 prompt construction + validators\n parse.mjs # JSON extraction across every wrapper shape\n collect.mjs # Directory walk + git-diff source collection\n runner.mjs # Subprocess agent invocation + parallel orchestration\n synthesis.mjs # Deterministic merge + markdown rendering\n html.mjs # Self-contained HTML dashboard renderer\n cli.mjs # Argv parsing + command dispatch\n\nbin\u002F\n adverse.mjs # CLI entrypoint (#!\u002Fusr\u002Fbin\u002Fenv node)\n\nskills\u002Fadverse-review\u002F\n SKILL.md # Claude Code playbook (the \"code\" of the Skill)\n scripts\u002F\n collect.mjs # Skill bridge: source collection\n combine.mjs # Skill bridge: combine per-persona JSON\n synthesize.mjs # Skill bridge: deterministic synthesis\n dump-prompts.mjs # Regenerate prompt files from src\u002Fpersonas.mjs\n prompts\u002F # Persona system prompts as plain .txt for the Skill\n auditor.txt, adversary.txt, pragmatist.txt\n round1.txt, round2.txt\n\ntests\u002F\n *.test.mjs # node --test, no Jest\u002FMocha\n fixtures\u002Fclaude-cli\u002F # Pinned `claude -p` output shapes (contract tests)\n fixtures\u002Ffake-agent.mjs # Stub agent for end-to-end CLI tests\n```\n\n## Limitations\n\n- **Single-model anchoring bias.** Honest answer: a single model running three personas correlates more than three independent models would. Cross-review round mitigates; running adverse twice with different agents decorrelates. Don't pretend this is the same thing as two-provider review.\n- **Source size cap.** Default 250 KB total \u002F 30 KB per file. Trips on very large repos in non-diff mode. Use `--diff` for review-on-PR workflows where the change set is what matters.\n- **Subprocess agent contract.** The CLI assumes the agent reads prompt from stdin and writes the response to stdout, exiting cleanly. Most coding agents support this; some need a flag (`-p` for Claude Code, `exec` for Codex CLI). When in doubt, run the agent manually with a stdin prompt first to confirm the shape.\n- **Not a fix-applier.** This tool produces a report. Hand the report to your coding agent if you want fixes applied.\n\n## License\n\nMIT\n","adverse 是一个用于任何编码代理的多代理对抗性代码审查工具。它通过并行运行多个具有不同审查策略(如审计员、对手和实用主义者)的代理来对代码进行审查,并在两轮审查后综合结果,提供包括关键问题、警告和信息在内的审查报告。该项目支持作为独立CLI或Claude Code技能两种方式运行,适用于希望增强现有CI流程、从Makefile调用或使用非Anthropic模型的场景。基于Node.js开发,确保了两种运行模式之间的一致性和无偏差。",2,"2026-06-11 04:08:00","CREATED_QUERY"]