The fourth installment reinvents code review for the agentic world. The starting observation: when models are asked to perform a conventional review, they disappoint in predictable ways. Sycophancy (F2) pushes them to approve rather than critique; hallucination (F4) leads them to invent problems; and a training bias (F6) makes them stop around fifteen findings, regardless of the actual density of defects. Williams draws a reframe from this: what's needed is not an evaluation, but a prosecution — an adversarial accusation.
Four principles structure this prosecution. First, refutation rather than evaluation: instead of asking for feedback, the agent is chartered to "find what's wrong" or explain how the project would fail. Sycophancy bias, thus reversed, works in your favor. Next, single-lens prosecution: rather than a single omniscient reviewer, parallel agents with fresh contexts are deployed, each dedicated to a single dimension — correctness, security, contract compliance, alignment with the spec, test quality. Distributing concerns avoids the context saturation that dilutes judgment across competing priorities.
The third principle is verified findings only. Before a builder acts on a critique, it must be independently proven: reproducing the bug via a failing test, tracing the code path, or producing the triggering input. Without this, hallucinated findings generate real code churn for problems that don't exist. The fourth principle is loop-until-dry: the prosecution is re-run with fresh contexts until two consecutive passes yield no verified findings at all. This repeated sampling defeats F6's artificial stopping point.
Williams then flags a near-universal blind spot: almost every team trusts its review stack blindly, without ever measuring its actual detection capability. His solution mirrors mutation testing applied to reviewers: plant known bugs — mechanical mutations plus subtle bugs written by an LLM — run the entire prosecution stack, then measure recall per category and the false-positive rate. Example of a planted bug: a truthiness guard that skips verification when a field is absent, defensive-looking but introducing a security flaw.
Finally, the exit gate is strict and fully verifiable: zero open verified findings, two consecutive dry passes, green test suites, and an empty test diff — this last condition proving that builders did not modify their own gates to pass.