/start-issue - AI-Powered Issue-to-PR Automation with Adversarial Testing

[jordanpartridge]

Goal

Create /start-issue <number> slash command that automates issue → PR with AI analysis, TDD implementation, and adversarial testing

Vision

/start-issue 78 → Ollama analyzes → Implements with TDD → Adversarial agents try to break it → Quality gates → Auto-merge PR

Workflow Phases

Phase 1: Intelligent Analysis (Ollama)

• Fetch issue from GitHub
• Ollama analyzes requirements, suggests plan
• User confirms approach

Phase 2: TDD Implementation

• Execute TDD loop (RED → GREEN → REFACTOR)
• Track progress with TodoWrite
• Verify coverage after each task

Phase 3: Adversarial Testing 🆕

Launch attack agents to find edge cases:

• Fuzzer Agent: Random invalid inputs
• Edge Case Agent: Boundary conditions, null values, empty strings
• Race Condition Agent: Concurrent operations
• Resource Exhaustion Agent: Large datasets, memory limits
• Error Path Agent: Network failures, timeouts, disk full

Each agent reports failures → Developer fixes → Re-test

Phase 4: Quality Gates

• Full test suite (including adversarial tests)
• 100% coverage
• PHPStan level 8
• Laravel Pint

Phase 5: PR Creation

• Ollama generates comprehensive PR description
• Documents edge cases found and fixed
• Creates PR ready for auto-merge

Adversarial Testing Example

/start-issue 78

# ... implementation happens ...

🤖 Launching adversarial agents...

❌ Fuzzer Agent found crash:
   QdrantService crashes with collection name: "/../../../etc/passwd"
   
❌ Edge Case Agent found issue:
   Returns wrong results when query is empty string
   
✓ Race Condition Agent: No issues found
✓ Resource Exhaustion Agent: Handles 10k entries correctly
❌ Error Path Agent found issue:
   Crashes instead of graceful error when Qdrant offline

📝 Fix these 3 issues before PR creation

# Developer fixes issues...
# Re-run adversarial tests...
# All pass ✓

✅ PR #123 created - battle-tested and ready!

Agent Specs

Fuzzer Agent

• Tests with malformed JSON, SQL injection attempts, path traversal
• Random Unicode, emoji, null bytes
• Extremely long inputs (>1MB strings)

Edge Case Agent

• Empty collections, null values, missing fields
• Boundary values (0, -1, MAX_INT, empty array)
• Invalid types (string where int expected)

Error Path Agent

• Network timeouts, connection refused
• Disk full, out of memory
• Permission denied, file not found

CLI Command Verification

Agent verifies CLI commands work as expected:

# Example: Testing QdrantService implementation
./know add "test entry" "test content"
# ✓ Entry created successfully

./know search "test"
# ✓ Returns expected results

./know search "" 
# ✓ Handles empty query gracefully (edge case)

# Adversarial test: Path traversal
./know add "../../../etc/passwd" "bad"
# ✓ Sanitizes input, doesn't crash

# Stop Qdrant
docker stop knowledge-qdrant

./know search "test"
# ✓ Shows friendly error, doesn't crash

Success Criteria

• All adversarial agents report zero failures
• CLI commands verified functional
• Edge cases documented in tests
• PR description includes "Battle-tested by adversarial agents"

Implementation Priority

🟢 LOW - Build AFTER manual implementation of Issues #78-#82

Related

• .claude/skills/start-issue.md
• .claude/agents/issue-implementer.md
• .claude/agents/adversarial-tester.md (new)
• Part of 100x productivity vision