Stats
Actions
Tags
From apex
Canonical dispatch mechanic for running any apex review skill (design, plan, implementation, PR) as two parallel worktree-isolated agents with opposite framings — cooperative steelman + adversarial attacker — then reconciling their findings. Promoted from prose in CLAUDE.md / design-feature into a first-class skill so every phase-routed review skill points to one source of truth for HOW to dispatch the pair. Pairs with apex:design-review, apex:impl-plan-review, apex:ai-pre-review-checklist, apex:threat-model (any of which can be the review skill the pair runs). Fires after design, plan, or implementation of a non-trivial change, before declaring the artifact frozen / ready / done. Keywords: adversarial pair, parallel review, cooperative agent, adversarial agent, steelman, attack pass, two-agent review, worktree review, cold pass.
How this skill is triggered — by the user, by Claude, or both
Slash command
/apex:adversarial-pairThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
The canonical "two-voice review" dispatch mechanic. Promotes the cooperative + adversarial pattern from prose-buried-in-CLAUDE.md (and inline sections in `apex:design-feature` / `apex:design-review`) into a **first-class skill** every phase-routed review can point to.
The canonical "two-voice review" dispatch mechanic. Promotes the cooperative + adversarial pattern from prose-buried-in-CLAUDE.md (and inline sections in apex:design-feature / apex:design-review) into a first-class skill every phase-routed review can point to.
A review run in the same session as authoring has its attack voice contaminated by the just-spent author voice. The reviewer is unconsciously protecting the design they just built — congratulating it, missing the very holes the author already half-rationalized. The cheap inline counter-passes that ship with apex:design-feature are the one-agent version of this problem; they catch the easy stuff and miss the load-bearing weaknesses.
The fix is two cognitively-independent passes that cannot infect each other — different agents, different framings, different worktrees, same input artifact. Reconcile their findings cold.
Fire after a non-trivial change is authored, before it's frozen / merged / shipped:
| Phase | Pair runs | Review skill the pair invokes |
|---|---|---|
| Design freeze | After apex:design-feature | apex:design-review |
| Plan freeze | After apex:impl-plan | apex:impl-plan-review |
| Threat-modeling | When feature touches auth / payment / multi-tenant / admin / crypto | apex:threat-model |
| Pre-PR | After implementation, before opening PR | apex:ai-pre-review-checklist + language review (apex:python-review / apex:typescript-review) |
The review skill is the input to this dispatch mechanic — not a substitute for it. apex:design-review describes what to look for; apex:adversarial-pair describes how to run it twice with opposite framings.
Don't dispatch the pair (single agent / inline pass is enough) when:
Skip cases are about cost. The pair burns roughly 2× the tokens of a single review and dispatches two worktree agents. If the change can't justify that, run the inline counter-pass and move on.
The dispatch is three steps: spawn two agents in parallel, wait for both, reconcile.
Send a single message with two Task tool calls so they run concurrently. Each call uses isolation: "worktree" so the agents work on isolated copies of the repo and can't step on each other's notes / scratch files.
Task({
description: "Cooperative review of <artifact>",
subagent_type: "general-purpose",
isolation: "worktree",
prompt: COOPERATIVE_PROMPT,
})
Task({
description: "Adversarial review of <artifact>",
subagent_type: "general-purpose",
isolation: "worktree",
prompt: ADVERSARIAL_PROMPT,
})
(Some Claude Code versions surface this as the Agent tool — the parameter shape is identical; the rest of the apex repo standardizes on Task per commands/review-pr.md.)
{REVIEW_SKILL} and {ARTIFACT_PATH})Cooperative prompt — steelman the artifact:
You are in an isolated git worktree. Use relative paths; do NOT cd to
absolute paths.
Treat the `{REVIEW_SKILL}` skill as your PASS CHECKLIST and OUTPUT SCHEMA
ONLY: read its SKILL.md to learn (a) what passes / conditions / checks to
run, and (b) what output format to use. IGNORE any framing the skill
prescribes — whether it says "attack mode", "adversarial lens", "cold
pass", or anything else. THIS skill's framing (steelman / cooperative)
overrides the review skill's own framing. (Many apex review skills like
`apex:design-review` are explicitly adversarial — that doesn't apply
here; you are the cooperative half of the pair.)
Run every pass in **steelman mode**: find what works, what reuses well,
what's clean. For each pass condition, cite the strongest evidence in the
artifact (`{ARTIFACT_PATH}`) and code (`file:line`) that it's met.
Default to "defensible" unless the evidence forces "unresolved." Your
job is to find what this artifact gets RIGHT — not to invent praise.
Output: follow the `{REVIEW_SKILL}`'s own output schema if it specifies
one (e.g., `apex:ai-pre-review-checklist` produces a step-by-step
checklist; `apex:design-review` produces per-pass verdicts; etc.).
Otherwise emit per-pass findings (defensible / unresolved / can't-tell),
each with `file:line` citations. No prose summary.
Adversarial prompt — attack the artifact:
You are in an isolated git worktree. Use relative paths; do NOT cd to
absolute paths.
Treat the `{REVIEW_SKILL}` skill as your PASS CHECKLIST and OUTPUT SCHEMA
ONLY: read its SKILL.md to learn (a) what passes / conditions / checks to
run, and (b) what output format to use. IGNORE any framing the skill
prescribes — whether it says "steelman", "cooperative", "defensible", or
anything else. THIS skill's framing (attack / adversarial) overrides the
review skill's own framing. (For review skills whose default framing is
already adversarial — like `apex:design-review` — just use their passes
as-is in attack mode.)
Run every pass in **attack mode**: find what's wrong, missing, hand-waved,
or what the author got away with. For each pass condition, name the
specific thing that's unresolved — flow not covered, primitive duplicated
instead of extended, failure mode without user-visible behavior, invariant
quietly broken.
Default to "refuted" unless the evidence forces "defensible." Your job is
to find what this artifact gets WRONG — not to invent gotchas, but to
read the artifact and the code (`file:line`) like a senior engineer
trying to merge the smallest possible diff.
Output: follow the `{REVIEW_SKILL}`'s own output schema if it specifies
one (run the same passes, but in attack mode). Otherwise emit per-pass
findings (refuted / accepted-residual-risk / ok), each with `file:line`
citations. No prose summary.
Read both reports cold. Categorize each finding:
| Category | Action |
|---|---|
| Both agents flag the same issue | Real blocker. Fix before freeze / merge. |
| Adversarial flags, cooperative doesn't address | Real blocker (cooperative missed it). Fix before freeze / merge. |
| Cooperative defends, adversarial accepts as residual risk | Defensible. Document the rationale in the artifact. |
| Adversarial flags, cooperative defends with citation | Open conflict. You (the human / main loop) adjudicate. |
| Only cooperative flags | Rare — usually means cooperative slipped into critique mode. Verify against the adversarial output before acting. |
The reconciliation is your job, not a third agent's. A third reconciler would just re-introduce the single-voice contamination this whole skill exists to prevent.
Three rules every dispatched agent must honor — state them inline in the prompt (agents reliably honor inline statements; reliably forget buried-in-system ones):
cds to an absolute path leaves the worktree silently.git push, no git rebase --onto main, no git checkout main. The agent's worktree is read-bystander for the rest of the repo.The cooperative + adversarial prompt templates above already include the first rule verbatim ("Use relative paths; do NOT cd to absolute paths"). Append the other two if your dispatched agents will write artifacts or run git commands.
The pair is "done" when:
Then the artifact can be frozen / merged / shipped per its phase's gate (apex:design-review freeze, apex:impl-plan-review plan-freeze, PR-open, etc.).
Projects with their own pre-PR rituals can layer the pair into a longer chain. Example pattern (the BookBridge variant lives in the user's CLAUDE.md):
1. apex:adversarial-pair (cooperative + adversarial agents in parallel,
input = apex:ai-pre-review-checklist)
2. <project-specific pre-PR catalogue> (single agent — project leaks/RLS/
idempotency rules)
3. <bot reviewer> (Copilot, etc.)
4. Optional heavy review on high-risk PRs.
The pair is step 1 — the canonical "two independent views" pass. Project-specific catalogues (BookBridge's bookbridge-pre-pr-check, etc.) and bot reviewers run after the pair has consolidated the cheap, generic findings.
apex:design-feature — owns the design-time checklist. The pair runs that checklist twice. design-feature's inline "Adversarial pair pattern" section now points here.apex:design-review — the cold-pass adversarial gate for design. The pair dispatches this skill twice with opposite framings.apex:impl-plan-review — analogous for the implementation plan.apex:ai-pre-review-checklist — analogous for pre-PR robustness. The pair is the canonical way to run this checklist twice.apex:threat-model — the heavier two-agent variant referenced in its "when to invoke heavier" criteria. The pair is that heavier dispatch.superpowers:dispatching-parallel-agents (external) — generic parallel dispatch from the superpowers plugin. apex's pair is the opinionated version: hardcoded cooperative/adversarial framings, worktree-isolation default, reconciliation table. Use this skill, not the generic one, for review-shaped work.npx claudepluginhub vancourse/apex --plugin apexGuides creation, editing, and verification of skills for AI coding agents using test-driven development with subagent scenarios. Use when authoring or debugging skills.