Angry Mob

The Angry Mob is a signature innovation of the Kelly Factory — an adversarial testing approach where multiple specialized hostile agents operate in parallel to systematically attack a codebase and expose vulnerabilities before release. Where conventional testing checks whether the code does what it's supposed to do, the Angry Mob tests whether the code fails in unexpected ways — security breaches, performance collapse, edge case crashes, API abuse.

The Angry Mob concept emerged as part of the broader shift toward multi-agent architecture. Once Kelly demonstrated that spawning multiple agents in parallel could build complete iOS apps faster, it was natural to apply the same pattern to testing. Rather than a single test agent running sequential checks, the Angry Mob spawns four hostile agents simultaneously, each with a different attack surface in scope:

The Security Auditor targets authentication bypasses, SQL injection, XSS vulnerabilities, secrets hardcoded in source, CSRF vulnerabilities, and payment flaws. When 97 critical security issues were found across four iOS apps, four parallel sub-agents — one per app — eliminated 27 vulnerabilities and added approximately 3,000 lines of security code in 8 minutes.

The Performance Saboteur hunts for N+1 query patterns, memory leaks, infinite loops, resource exhaustion under load, and threading violations. Performance failures are particularly insidious because they often don't surface in development testing — the app works fine with one user but collapses under concurrent load.

The Edge Case Hunter probes null handling, boundary condition failures, race conditions, type coercion bugs, and unexpected state transitions. These are the bugs that cause crashes in production that testing never caught because the test suite didn't include the exact sequence of inputs that triggers the failure.

The API Vandal focuses on input validation failures, injection attacks at the API layer, authentication bypasses on endpoints, and rate limiting violations. This agent simulates how a hostile consumer of the app's API would try to abuse it.

The key innovation of the Angry Mob isn't just the adversarial posture — it's that the agents run in parallel and focus intensely on their domain. Each agent has full context for its attack surface, deep expertise in its vulnerability class, and no concern for the system's overall coherence. They don't cut corners or give benefit of the doubt. They attack without mercy.

The output of the Angry Mob is a consolidated vulnerability report — the combined findings of all four agents, ranked by severity. This feeds into the quality gate system (see quality-gates). If critical vulnerabilities are found, the build fails the gate and returns to the build phase for remediation. The gate won't pass until the issues are resolved and re-tested.

The Angry Mob also represents a philosophical point about quality: you can't trust code you wrote to test itself. The builders are optimizing for functionality and coherence; the Angry Mob is optimizing for destruction. Separating these concerns across specialized agents produces better results than a single agent trying to do both.