DEV Community: Koki Riho The latest articles on DEV Community by Koki Riho (@rih0z). https://dev.to/rih0z https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3833225%2F463ccd8d-4dd5-4b24-8c71-fabbc0ea1957.jpeg DEV Community: Koki Riho https://dev.to/rih0z en Why AI Agent Outputs Need Adversarial Review (and How to Add It in One API Call) Koki Riho Wed, 01 Apr 2026 20:33:00 +0000 https://dev.to/rih0z/why-ai-agent-outputs-need-adversarial-review-and-how-to-add-it-in-one-api-call-42ho https://dev.to/rih0z/why-ai-agent-outputs-need-adversarial-review-and-how-to-add-it-in-one-api-call-42ho <h2> The Problem: Agents Grading Their Own Homework </h2> <p>If you’re running LLM agents in production — whether with LangChain, CrewAI, or custom pipelines — you’ve probably built some kind of output validation. Maybe a second LLM call checks the first one’s work. Maybe you parse for structural issues.</p> <p>Here’s what I kept finding: <strong>LLM-based self-review has a systematic leniency bias.</strong> When you prompt an LLM to review output from another LLM (or itself), it overwhelmingly approves. The reviewer and generator share similar blind spots — they fail in correlated ways.</p> <p>This matters when your agent writes code that gets deployed, generates customer-facing content, or makes decisions affecting downstream systems.</p> <h2> The Approach: Adversarial Review with Dual Consensus </h2> <p><a href="https://agentdesk.usedevtools.com" rel="noopener noreferrer">AgentDesk</a> provides two interfaces for adding adversarial review:</p> <ul> <li> <strong>MCP Server</strong> (open source, MIT) — review-only. Pass in any content, get structured quality feedback. Runs locally with your own API key.</li> <li> <strong>Hosted REST API</strong> — generate + review + auto-fix in one call. Submit a prompt, get reviewed output back.</li> </ul> <p>Both use the same core approach:</p> <ol> <li> <strong>Two independent reviewers</strong> evaluate the output, each prompted adversarially (their job is to find problems, not confirm quality)</li> <li> <strong>Dual consensus</strong> — both must agree on pass/fail</li> <li> <strong>Substantive quality validation</strong> — a deterministic (non-LLM) layer that requires every checklist item to include specific evidence quoted from the output. Missing citations → automatic fail.</li> <li> <strong>Scored 0-100</strong> with structured feedback on every issue found</li> </ol> <p>It’s BYOK — you supply your own LLM API key. AgentDesk handles orchestration only.</p> <h2> When to Use This </h2> <ul> <li> <strong>CI pipeline for generated code</strong> — gate merges on review score</li> <li> <strong>Content QA for chatbot outputs</strong> — catch hallucinations before they reach users</li> <li> <strong>Data extraction validation</strong> — verify structured output completeness</li> <li> <strong>Multi-agent workflow checkpoints</strong> — validate intermediate outputs between agents</li> </ul> <h2> Option 1: MCP Server (Review Only) </h2> <p>Install in one command and use from Claude Code, Claude Desktop, or any MCP client:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>claude mcp add agentdesk-mcp <span class="nt">--</span> npx @ezark-publish/agentdesk-mcp </code></pre> </div> <p>The <code>review_output</code> tool takes content you’ve already generated and reviews it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"output"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Your agent generated content goes here..."</span><span class="p">,</span><span class="w"> </span><span class="nl">"review_type"</span><span class="p">:</span><span class="w"> </span><span class="s2">"code"</span><span class="p">,</span><span class="w"> </span><span class="nl">"criteria"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Check for security vulnerabilities and race conditions"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Response:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"verdict"</span><span class="p">:</span><span class="w"> </span><span class="s2">"FAIL"</span><span class="p">,</span><span class="w"> </span><span class="nl">"score"</span><span class="p">:</span><span class="w"> </span><span class="mi">38</span><span class="p">,</span><span class="w"> </span><span class="nl">"issues"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"severity"</span><span class="p">:</span><span class="w"> </span><span class="s2">"critical"</span><span class="p">,</span><span class="w"> </span><span class="nl">"category"</span><span class="p">:</span><span class="w"> </span><span class="s2">"concurrency"</span><span class="p">,</span><span class="w"> </span><span class="nl">"description"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Race condition in refill logic under concurrent access"</span><span class="p">,</span><span class="w"> </span><span class="nl">"suggestion"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Use atomic CAS operation or mutex lock"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"checklist"</span><span class="p">:</span><span class="w"> </span><span class="p">[</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"item"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Thread safety"</span><span class="p">,</span><span class="w"> </span><span class="nl">"status"</span><span class="p">:</span><span class="w"> </span><span class="s2">"fail"</span><span class="p">,</span><span class="w"> </span><span class="nl">"evidence"</span><span class="p">:</span><span class="w"> </span><span class="s2">"lines 23-31: non-atomic read-modify-write on token count"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">],</span><span class="w"> </span><span class="nl">"summary"</span><span class="p">:</span><span class="w"> </span><span class="s2">"Critical concurrency issues found. Not safe for production use."</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>For higher confidence, <code>review_dual</code> runs two independent reviewers + merge. Either reviewer can veto a pass.</p> <h2> Option 2: REST API (Generate + Review + Auto-Fix) </h2> <p>For non-MCP integration, the hosted API generates output, reviews it, and auto-fixes (up to 2 iterations) in a single call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST https://agentdesk.usedevtools.com/api/v1/tasks <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer agd_your_key"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "prompt": "Write a token bucket rate limiter in Python", "api_key": "sk-ant-your-anthropic-key", "review": true, "review_type": "code", "dual_review": true }'</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://agentdesk.usedevtools.com/api/v1/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer agd_your_key</span><span class="sh">"</span><span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">prompt</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Write a token bucket rate limiter in Python</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">api_key</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">sk-ant-your-anthropic-key</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">review_type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">code</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">dual_review</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="p">},</span> <span class="p">)</span> <span class="n">task</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="kn">import</span> <span class="n">time</span> <span class="k">while</span> <span class="bp">True</span><span class="p">:</span> <span class="n">result</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://agentdesk.usedevtools.com/api/v1/tasks/</span><span class="si">{</span><span class="n">task</span><span class="p">[</span><span class="sh">'</span><span class="s">id</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer agd_your_key</span><span class="sh">"</span><span class="p">},</span> <span class="p">).</span><span class="nf">json</span><span class="p">()</span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">]</span> <span class="ow">in</span> <span class="p">(</span><span class="sh">"</span><span class="s">completed</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">failed</span><span class="sh">"</span><span class="p">):</span> <span class="k">break</span> <span class="n">time</span><span class="p">.</span><span class="nf">sleep</span><span class="p">(</span><span class="mi">2</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">verdict</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># PASS / FAIL / CONDITIONAL_PASS </span><span class="nf">print</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">][</span><span class="sh">"</span><span class="s">score</span><span class="sh">"</span><span class="p">])</span> <span class="c1"># 0-100 </span></code></pre> </div> <h2> How It Works Internally </h2> <ol> <li> <strong>Reviewer A</strong> gets the output with an adversarial system prompt — find every flaw: factual errors, logical gaps, missing requirements.</li> <li> <strong>Reviewer B</strong> independently evaluates from a different angle — completeness, edge cases, whether the output actually addresses the task.</li> <li> <strong>Substantive quality check</strong> (deterministic, not LLM-based): every checklist item must include a specific quote from the output as evidence. Missing citations → item force-failed. If &gt;30% of items lack evidence, entire review capped at score 50.</li> <li> <strong>Consensus engine</strong> combines reviews. Both must pass. Scores averaged. Disagreements flagged.</li> </ol> <p>Each reviewer gets a fresh API call with only the output to review and a distinct system prompt — no shared conversation history.</p> <h2> How This Compares </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Approach</th> <th>Correlation with generator</th> <th>Cost</th> <th>Runtime?</th> </tr> </thead> <tbody> <tr> <td>Self-review (same model)</td> <td>High</td> <td>1 LLM call</td> <td>Yes</td> </tr> <tr> <td>Chain-of-verification</td> <td>Medium</td> <td>2-3 LLM calls</td> <td>Yes</td> </tr> <tr> <td><strong>AgentDesk adversarial</strong></td> <td>Low</td> <td>2-3 LLM calls</td> <td>Yes</td> </tr> <tr> <td>Offline eval (Braintrust, DeepEval)</td> <td>N/A</td> <td>Varies</td> <td>No</td> </tr> <tr> <td>Human review</td> <td>None</td> <td>$$$ + slow</td> <td>Partially</td> </tr> </tbody> </table></div> <h2> Pricing </h2> <ul> <li> <strong>Free</strong>: 20 tasks/month (BYOK)</li> <li> <strong>Starter</strong>: $29/mo — 500 tasks</li> <li> <strong>Pro</strong>: $79/mo — 5,000 tasks + dual review + workflows</li> <li> <strong>Team</strong>: $199/mo — 50,000 tasks</li> </ul> <p>The MCP server is free and open source — you only pay for your own LLM API calls.</p> <p><strong>Get started in 30 seconds:</strong></p> <ul> <li>MCP: <code>claude mcp add agentdesk-mcp -- npx @ezark-publish/agentdesk-mcp</code> </li> <li>REST API: <a href="https://agentdesk.usedevtools.com" rel="noopener noreferrer">Sign up for a free API key</a> </li> <li>GitHub: <a href="https://github.com/Rih0z/agentdesk-mcp" rel="noopener noreferrer">github.com/Rih0z/agentdesk-mcp</a> </li> </ul> <p>If you’re building with AI agents, I’d like to hear what’s working for you on quality control. Drop a comment or <a href="https://github.com/Rih0z/agentdesk-mcp/issues" rel="noopener noreferrer">open an issue on GitHub</a>.</p> ai llm agents testing Why AI Agent Outputs Need Adversarial Review (and How to Add It in One API Call) Koki Riho Thu, 19 Mar 2026 06:36:55 +0000 https://dev.to/rih0z/why-ai-agent-outputs-need-adversarial-review-and-how-to-add-it-in-one-api-call-1l92 https://dev.to/rih0z/why-ai-agent-outputs-need-adversarial-review-and-how-to-add-it-in-one-api-call-1l92 <h2> The Problem: Agents Grading Their Own Homework </h2> <p>If you're running LLM agents in production, you've probably built some kind of output validation. Maybe a second LLM call checks the first one's work. Maybe you parse for structural issues.</p> <p>Here's what I kept finding: <strong>LLM-based self-review has a systematic leniency bias.</strong> When you prompt an LLM to review output from another LLM (or itself), it overwhelmingly approves. The reviewer and generator share similar blind spots — they fail in correlated ways.</p> <p>This matters when your agent writes code that gets deployed, generates customer-facing content, or makes decisions affecting downstream systems.</p> <h2> The Approach: Adversarial Review with Dual Consensus </h2> <p><a href="https://agentdesk-blue.vercel.app" rel="noopener noreferrer">AgentDesk</a> is an HTTP API that sits between your agent's output and whatever consumes it:</p> <ol> <li> <strong>Two independent reviewers</strong> evaluate the output, each prompted adversarially (their job is to find problems, not confirm quality)</li> <li> <strong>Dual consensus</strong> — both must agree on pass/fail</li> <li> <strong>Anti-gaming validation</strong> — detects outputs that are superficially correct but substantively hollow</li> <li> <strong>Scored 0-100</strong> with structured feedback on every issue found</li> </ol> <p>It's BYOK — you supply your own LLM API key. AgentDesk charges only for orchestration.</p> <h2> Adding It to Your Pipeline </h2> <h3> curl </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>curl <span class="nt">-X</span> POST https://agentdesk-blue.vercel.app/api/v1/tasks <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Authorization: Bearer agd_your_key"</span> <span class="se">\</span> <span class="nt">-H</span> <span class="s2">"Content-Type: application/json"</span> <span class="se">\</span> <span class="nt">-d</span> <span class="s1">'{ "prompt": "Summarize this quarterly report in 3 bullet points", "review": true, "review_type": "content" }'</span> </code></pre> </div> <h3> Python </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://agentdesk-blue.vercel.app/api/v1/tasks</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer agd_your_key</span><span class="sh">"</span><span class="p">},</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">prompt</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Summarize this quarterly report in 3 bullet points</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">review</span><span class="sh">"</span><span class="p">:</span> <span class="bp">True</span><span class="p">,</span> <span class="sh">"</span><span class="s">review_type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">content</span><span class="sh">"</span><span class="p">,</span> <span class="p">},</span> <span class="p">)</span> <span class="n">task</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="c1"># Poll GET /api/v1/tasks/{task['id']} for results </span></code></pre> </div> <h3> JavaScript </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span><span class="dl">'</span><span class="s1">https://agentdesk-blue.vercel.app/api/v1/tasks</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">POST</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Bearer agd_your_key</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">({</span> <span class="na">prompt</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Summarize this quarterly report in 3 bullet points</span><span class="dl">'</span><span class="p">,</span> <span class="na">review</span><span class="p">:</span> <span class="kc">true</span><span class="p">,</span> <span class="na">review_type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">content</span><span class="dl">'</span><span class="p">,</span> <span class="p">}),</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">task</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// Poll GET /api/v1/tasks/${task.id} for results</span> </code></pre> </div> <h2> How It Works Internally </h2> <ol> <li> <strong>Reviewer A</strong> gets the output with an adversarial system prompt — find every flaw: factual errors, logical gaps, missing requirements.</li> <li> <strong>Reviewer B</strong> independently evaluates from a different angle — completeness, edge cases, whether the output actually addresses the task.</li> <li> <strong>Anti-gaming check</strong> detects outputs designed to pass review without being good — verbose empty answers, pattern-matched boilerplate.</li> <li> <strong>Consensus engine</strong> combines reviews. Both must pass. Scores averaged. Disagreements flagged.</li> </ol> <p>Completes in a single API call, typically 3-8 seconds.</p> <h2> How This Compares </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Approach</th> <th>Correlation with generator</th> <th>Cost</th> </tr> </thead> <tbody> <tr> <td>Self-review (same model)</td> <td>High</td> <td>1 LLM call</td> </tr> <tr> <td>Chain-of-verification</td> <td>Medium</td> <td>2-3 LLM calls</td> </tr> <tr> <td><strong>AgentDesk adversarial</strong></td> <td>Low</td> <td>2-3 LLM calls</td> </tr> <tr> <td>Human review</td> <td>None</td> <td>$$$ + slow</td> </tr> </tbody> </table></div> <p>The key difference isn't the number of LLM calls — it's that adversarial prompting with anti-gaming breaks the correlation between generator and reviewer failure modes.</p> <h2> Pricing </h2> <ul> <li> <strong>Free</strong>: 20 tasks/month (BYOK)</li> <li> <strong>Starter</strong>: $29/mo — 500 tasks</li> <li> <strong>Pro</strong>: $79/mo — 5,000 tasks + dual review + workflows</li> <li> <strong>Team</strong>: $199/mo — 50,000 tasks</li> </ul> <p>Open source: <a href="https://github.com/Rih0z/agentdesk" rel="noopener noreferrer">github.com/Rih0z/agentdesk</a></p> <p>If you're building with AI agents, I'd like to hear what's working for you on quality control. Drop a comment or open an issue on GitHub.</p> agents ai llm testing