What It Does
- Spawns independent verifier agent separate from the worker
- Reviews code changes and provides evidence-based static analysis
- Catches suspicious patterns, bugs, and security vulnerabilities
- Flags suspicious claims in documentation and code comments
- Provides detailed analysis with file and line references
- Optimized prompts: Works effectively with 1B+ parameter models (qwen2.5:0.5b, gemma2:2b)
Automatic Triggers
- Subagent changes 3+ files in a single operation
- Any file matching patterns: *auth*, *secret*, *permission*, Dockerfile, *.env*
- User explicitly requests verification with command or flag
- Critical system configuration files modified
Verification Checklist
- Correctness: Does the code actually do what was requested?
- Bugs & Edge Cases: Regressions, unhandled errors, missed cases
- Security: Vulnerabilities, exposed secrets, permission issues
- Build: Are there obvious syntax errors or missing imports?
- Facts: Do version numbers, imports, and references look plausible?