v1.3.1 — The Red Team Depth Release
Redesigned meow:review with a hybrid two-phase adversarial system. Base reviewers stay unchanged; new adversarial personas run as separate focused passes informed by base findings — going deeper, not wider.
What Changed
Hybrid Persona System (Phase A + Phase B)
The review pipeline now has two phases:
- Phase A — existing 3 base reviewers (Blind Hunter, Edge Case Hunter, Criteria Auditor) run in parallel. Unchanged.
- Phase B — 4 adversarial persona subagents run AFTER Phase A, receiving the diff AND a summary of Phase A findings. Each persona has a hostile lens and explicit instructions to find what base reviewers missed.
| Persona | Lens | Activates |
|---|---|---|
| Security Adversary | Attack surface, injection, auth bypass, supply chain | scope=full |
| Failure Mode Analyst | Race conditions, cascading failures, resource exhaustion | scope=full |
| Assumption Destroyer | Implicit assumptions, unvalidated inputs, edge cases | scope=full, domain=high |
| Scope Complexity Critic | Over-engineering, YAGNI violations, scope creep | scope=full, domain=high |
Personas run 2-at-a-time to respect the max-3-agent rule.
Why hybrid? Pure overlays (persona on existing reviewer) dilute attention — the base reviewer's own instructions compete with the persona prompt. Pure separate subagents duplicate infrastructure. The hybrid gives personas undiluted context in their own subagent while reusing the existing review infrastructure.
Scope Gate
Step-01 now classifies diffs as minimal or full:
| Signal | Threshold |
|---|---|
| File count | ≤ 3 |
| Line count | ≤ 50 |
| Security file touched | Forces full |
Domain complexity (via meow:scale-routing) | high → forces full |
Minimal scope runs Blind Hunter only — no personas, no artifact verification. Reduces false-positive noise on trivial diffs.
Forced-Finding Protocol
If all reviewers + personas produce zero findings:
- Re-run the highest-signal reviewer with "look harder" prompt
- If still zero → accept as clean with note:
"Zero-finding review (double-checked)" - Maximum 1 re-analysis (no infinite loops)
Prevents rubber-stamp approvals. Adapted from BMAD-METHOD's forced problem-finding.
4-Level Artifact Verification
Added to step-04 verdict (full scope only):
| Level | What | Catches |
|---|---|---|
| 1. Exists | Files compile, exports valid | Build errors |
| 2. Substantive | No stubs, TODOs, empty handlers | Hollow implementations |
| 3. Wired | New exports imported somewhere | Orphaned code |
| 4. Data Flowing | Inputs used, returns consumed | Dead data paths |
Levels 1-3 produce WARN/MAJOR findings. Level 4 is informational only (heuristic).
Files Changed
New files (8):
prompts/personas/security-adversary.mdprompts/personas/failure-mode-analyst.mdprompts/personas/assumption-destroyer.mdprompts/personas/scope-complexity-critic.mdstep-02b-persona-passes.mdreferences/artifact-verification.mddocs/guides/red-team-overview.md
Modified files (9):
step-01-gather-context.md— scope gatestep-02-parallel-review.md— conditional dispatchstep-03-triage.md— forced-finding + Phase A/B dedupstep-04-verdict.md— artifact verificationworkflow.md— updated flow + variable tableSKILL.md— v1.2.0 → v1.3.1reviewer.md— updated architectureAGENTS_INDEX.md— updated capabilitiesmemory/patterns.json+memory/security-log.md