@mmerterden/multi-agent-pipeline 10.7.0 → 10.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -5,802 +5,98 @@
5
5
  [![Node.js](https://img.shields.io/badge/Node.js-18%20%7C%2020%20%7C%2022-green)](https://nodejs.org)
6
6
  [![Zero Dependencies](https://img.shields.io/badge/dependencies-0-brightgreen)](https://github.com/mmerterden/multi-agent-pipeline/blob/main/package.json)
7
7
 
8
- 8-phase AI development pipeline for **Claude Code** and **Copilot CLI**. Multi-repo orchestration, platform identity routing, push-must-succeed policy, CLI-aware parallel review with Opus triage (Claude Code: 2-model Opus+Sonnet · Copilot CLI: 3-model GPT-5.4+Opus+Sonnet), commit/PR creation - and, as of 5.0.0, a generic Figma-to-Component pipeline that works on iOS (SwiftUI) and Android (Jetpack Compose) with the same workflow.
8
+ An 8-phase AI development pipeline for **Claude Code** and **Copilot CLI**. Drives a Jira issue or GitHub URL to a merged PR in one command analysis plan TDD review → test → commitPR with multi-repo orchestration, a plan-approval gate, CLI-aware parallel review, and store-compliance checks. Includes a generic Figma-to-Component pipeline for iOS (SwiftUI) and Android (Jetpack Compose).
9
9
 
10
- ### Current at-a-glance (live from filesystem)
11
-
12
- | Surface | Count |
13
- |---|---|
14
- | Slash commands (colon-form `/multi-agent:*`) | 35 |
15
- | Copilot skills (dash-form `multi-agent-*`) | 35 |
16
- | Platforms (Claude Code, Copilot CLI) | 2 |
17
- | Store-compliance skills (`apple-archive-compliance`, `google-play-compliance`) | 2 |
18
- | Figma skills (iOS + Android + Common) | 41 |
19
- | External skill catalog (`shared/external/`) | 143 |
20
- | Total `SKILL.md` files across all groups | 221 |
21
- | Smoke suites | 108 |
22
- | Golden-task fixtures (`pipeline/eval/golden-tasks/`) | 8 |
23
- | Eval-triage fixtures | 11 |
24
- | JSON schemas | 16 |
25
- | Agent personas | 8 |
26
- | Pipeline phases | 8 |
27
-
28
- > **Claude Code** and **Copilot CLI** run the full pipeline natively - the gate scripts + live tracker are installed to `~/.claude` / `~/.copilot`, and on Claude Code a `PreToolUse` hook hard-blocks on the secret scan.
29
-
30
- > Security issue? See [SECURITY.md](./SECURITY.md). Please do not open public issues for vulnerabilities.
31
-
32
- ## Prerequisites
33
-
34
- - Node.js 18+
35
- - Claude Code (https://claude.ai/code) **or** GitHub Copilot CLI
36
- - macOS, Linux, or Windows (Git Bash / WSL). Native credential storage everywhere:
37
- - **macOS** → Keychain (`security`)
38
- - **Linux** → libsecret (`secret-tool` - `apt install libsecret-tools` / `dnf install libsecret`)
39
- - **Windows** → Credential Manager (PowerShell `CredentialManager` module - `Install-Module CredentialManager`)
40
- - Runtime CLIs the pipeline shells out to:
41
- - `gh` (GitHub CLI) for issue / PR flows
42
- - `jq` for JSON parsing
43
- - `python3` (stdlib only, used by the deterministic keychain helper)
44
- - `bash` 4+
45
-
46
- The package is **public on npmjs.org** - no auth, no PAT, no `~/.npmrc` setup needed:
47
-
48
- ```bash
49
- npm view @mmerterden/multi-agent-pipeline version
50
- # → prints "10.0.0" (or newer)
51
- ```
52
-
53
- If `npm view` shows a stale version, run `npm cache clean --force` and retry.
54
-
55
- > **New here?** Worked end-to-end transcripts live in [`examples/`](./examples/) - bug fix from Jira, feature in autopilot, `--dev` fast path, and recovery from a broken run. Read one before you run the pipeline on your own code.
56
- >
57
- > **Something broke?** [`docs/recovery-guide.md`](./docs/recovery-guide.md) is the single-page index of every failure mode (triage fallback, worktree collision, state corruption, identity rewind, etc.) and its fix.
58
- >
59
- > **Planning breaking changes?** [`ROADMAP.md`](./ROADMAP.md) tracks what's coming and what's been declined.
10
+ Runs natively on Claude Code and Copilot CLI. macOS / Linux / Windows. Zero runtime dependencies.
60
11
 
61
12
  ## Quick Start
62
13
 
63
- ### Option A - Install from source (recommended for development)
64
-
65
- Clone the repo and run the installer directly - full read access to source files.
66
-
67
- ```bash
68
- git clone git@github.com:mmerterden/multi-agent-pipeline.git
69
- cd multi-agent-pipeline
70
- npm install
71
- node install.js # Claude Code (default)
72
- node install.js --copilot # Copilot CLI
73
- node install.js --all # Both Claude + Copilot
74
-
75
- node install.js --link # Symlink mode (dev, saves ~10K tokens)
76
- node install.js --all --dry-run # Preview every operation, write nothing
77
-
78
- # Token-preserving uninstall (Keychain access tokens NEVER touched)
79
- node install.js # ...later...
80
- node pipeline/scripts/uninstall.mjs --dry-run # preview what would be removed
81
- node pipeline/scripts/uninstall.mjs --yes # remove from every installed target
82
-
83
- # Optional: expose the CLI globally as 'multi-agent-pipeline'
84
- npm link
85
- ```
86
-
87
- **IMPORTANT - run setup before your first task:**
88
-
89
- ```
90
- /multi-agent:setup
91
- ```
92
-
93
- This discovers your Keychain tokens (Jira, Bitbucket, GitHub, etc.), sets up your git identity, and maps everything into `~/.claude/multi-agent-preferences.json`. Without this step, the pipeline cannot find your tokens and will ask for them repeatedly.
94
-
95
- Update later with `git pull && npm install` inside the clone. Pin to a specific version by checking out the corresponding tag (`git tag -l` to list).
96
-
97
- ### Option B - npx (public registry, no auth)
98
-
99
14
  ```bash
100
- npx @mmerterden/multi-agent-pipeline install # Claude Code only (default)
101
- npx @mmerterden/multi-agent-pipeline install --copilot # Copilot CLI only
102
- npx @mmerterden/multi-agent-pipeline install --all # Both native CLIs (Claude + Copilot)
103
- npx @mmerterden/multi-agent-pipeline install --link # Symlink mode
104
- npx @mmerterden/multi-agent-pipeline install --all --dry-run # Preview, write nothing
105
-
106
- # Token-preserving uninstall
107
- npx @mmerterden/multi-agent-pipeline uninstall # interactive, all targets
108
- npx @mmerterden/multi-agent-pipeline uninstall --dry-run # preview only
109
- ```
15
+ # from the public registry (no auth)
16
+ npx @mmerterden/multi-agent-pipeline install --all # Claude Code + Copilot CLI
110
17
 
111
- ### Option C - Global install (public registry, no auth)
112
-
113
- ```bash
114
- npm install -g @mmerterden/multi-agent-pipeline
115
- multi-agent-pipeline install # same flags apply
18
+ # then, once:
19
+ /multi-agent:setup # keychain token scan + git identity + default stack
116
20
  ```
117
21
 
118
- ## Privacy & Telemetry
119
-
120
- **Opt-in only.** The installer sends nothing by default. If you want to help the
121
- project by sharing an anonymous install ping, opt in per-install with
122
- `MULTI_AGENT_TELEMETRY=1`:
22
+ Run a task — the input type is auto-detected:
123
23
 
124
24
  ```bash
125
- MULTI_AGENT_TELEMETRY=1 node install.js
126
- # or for npx/global
127
- MULTI_AGENT_TELEMETRY=1 npx @mmerterden/multi-agent-pipeline install
128
- ```
129
-
130
- When opted in, the ping includes:
131
-
132
- - Package name + version
133
- - Install method (`source`, `npx`, `global`, `npm-install`)
134
- - Flags passed (e.g. `--copilot`, `--all`)
135
- - Your GitHub username (via `gh api user` if authenticated) and Git email
136
- - Hostname, OS, arch, Node version
137
-
138
- Nothing else is collected. Ping failures are silent - telemetry never blocks or
139
- slows down the install.
140
-
141
- ## What's new
142
-
143
- - **v10.4.0** (2026-07-02) - New `/multi-agent:finish` command: continue already-done LOCAL work through the pipeline tail in one shot — parallel review → build+test success gate → commit/push/PR → technical analysis + a Jira comment with test scenarios, without re-developing (phases 1-3 skipped). Pairs with `dev-local`/`local` (which skip Review + Test) or with hand-coded/hand-tested changes. Command inventory 34 → 35.
144
- - **v10.3.0** (2026-07-02) - Android (Jetpack Compose) parity for the 10.2.0 interaction skills: `figma-navigation` / `figma-overlays` / `figma-bottom-sheets` now carry both a SwiftUI and a Compose section (Navigation Compose; Snackbar/AlertDialog/Dialog + state-driven loading; `ModalBottomSheet`), same emit-intent rules and `ui.*` config hooks on both platforms. Plus a review pass: corrected the `animated-gradient-border` snippet (animate `AngularGradient(angle:)` on a static shape, not `rotationEffect`) and genericized the sheet corner-radius example token.
145
- - **v10.2.0** (2026-07-02) - Generic SwiftUI interaction coverage for figma-to-swiftui: three new cross-cutting integration skills (`figma-navigation`, `figma-overlays`, `figma-bottom-sheets`) + a reconcile-and-extend workflow (`figma-evolve-component`), all native-SwiftUI-first with an optional per-project `ui.*` config hook (so the same capabilities work on any SwiftUI codebase, no app-specific coupling). Phase 3D dev detection (§1.5.4) and Phase 4 review both consume them; `figma-to-swiftui` accessibility reference enriched with the VoiceOver-minimalism decision tree; new `animated-gradient-border` UI pattern. Figma-common skills 27 → 31, total figma skills 37 → 41.
146
- - **v10.1.0** (2026-06-20) - Fable 5 retired (no longer available): the five heavy agent personas plus Phase 1 / Phase 2 / Phase 4 reviewer-1 + triage and `--dev` fast mode now route to Opus (top available tier); fallback ladder is `opus -> sonnet`. Per-task cost guard (`costBudget`) now defaults on in warn mode. Token economy: Phase 4 shared cache prefix + single-repo diff cap, Phase 1 light Explore tier for small bugfixes, triage prior-art injection capped.
147
- - **v10.0.0** (2026-06-12) - quality major driven by a 10-category self-audit + competitive sweep: validator gates wired into phases 1/2/4 (fails closed), Phase 3 code-simplifier diff-shrink pass, Phase 4 lesson memory loop, Phase 2 cross-artifact consistency gate, skill frontmatter linter (repaired 31 SKILL.md), installer `--dry-run` + unknown-flag rejection, timeout-guarded smoke runner, adapter family deduplicated (~490 lines), CI hardening (blocking lint, npm audit, shellcheck), tag-driven npm release automation, CHANGELOG split (310KB -> 40KB).
148
- - **v9.10.2** (2026-06-11) - live per-phase token narration on completion; tracker mandates per-phase cost lines in the final report.
149
- - **v9.10.1** (2026-06-11) - Claude Fable 5 fallback contract: date gate, dispatch retry, and budget guard when the Fable tier is unavailable.
150
- - **v9.10.0** (2026-06-11) - Claude Fable 5 adoption on the Claude Code side: the five heavy agent personas plus Phase 1 / Phase 2 / Phase 4 reviewer-1 + triage and `--dev` fast mode route to `claude-fable-5`; cost ledger gains `fable` pricing and fixes the stale `opus` entry.
151
-
152
- Full version history lives in [CHANGELOG.md](./CHANGELOG.md) - every release entry is recorded there to avoid drift between the two files.
153
-
154
-
155
- ## Troubleshooting
156
-
157
- ### `sh: multi-agent-pipeline: command not found`
158
-
159
- `npx` couldn't fetch the package. Most common causes:
160
-
161
- - Network blocked or proxy in front of npmjs.org.
162
- - Stale npx cache - `npx clear-npx-cache` then retry.
163
- - Wrong package name (it is `@mmerterden/multi-agent-pipeline`, with the scope).
164
-
165
- ### `npm error code E404` on `registry.npmjs.org`
166
-
167
- The package wasn't reachable. Quick checks:
168
-
169
- ```bash
170
- curl -fsSL "https://registry.npmjs.org/@mmerterden/multi-agent-pipeline" | jq -r '."dist-tags".latest'
171
- # Should print 10.0.0 (or newer)
172
- ```
173
-
174
- - If this prints a version → your local npm cache is stale; run `npm cache clean --force` and retry.
175
- - If it 404s → registry outage or scope/package-name typo. Verify the URL hits the JSON above.
176
-
177
- ### Older PAT / GitHub Packages docs
178
-
179
- Earlier README revisions referenced GitHub Packages with a Classic PAT and `~/.npmrc` setup. The package moved to **public npmjs.org** in v8.6.1; no token, no `~/.npmrc` line is needed. If you set one up previously, you can leave it - it just won't be consulted.
180
-
181
- ## Tool support
182
-
183
- The pipeline runs natively on **Claude Code** and **Copilot CLI** — the two CLIs it targets. Both install from the same `pipeline/skills/` source and get identical skill coverage.
184
-
185
- | Tool | Install Flag | How It Works |
186
- | --- | --- | --- |
187
- | **Claude Code** | `--claude` (default) | Native: slash commands + shared + figma skills + agents + rules + scripts |
188
- | **Copilot CLI** | `--copilot` | Native: instructions + shared + figma skills + scripts |
189
-
190
- Skill tree:
191
-
192
- - `pipeline/skills/shared/core/` - **orchestration skills** (`multi-agent-*` dash-form mirrors of the colon-form slash commands + compliance skills + orchestrator)
193
- - `pipeline/skills/shared/external/` - **curated iOS / Android / generic guidance skills** (SwiftUI, Jetpack Compose, testing, performance, security, etc.) — also distributed as versioned marketplace plugins in `mmerterden/multi-agent-plugins`
194
- - `pipeline/skills/figma-ios/` + `pipeline/skills/figma-android/` - **platform-specific Phase 3 sub-skills** (SwiftUI and Jetpack Compose code generation)
195
- - `pipeline/skills/figma-common/` - **platform-agnostic Figma helpers** (iterate, commit, wiki setup, MCP auth, performance harness)
196
-
197
- Filter the skill set by stack with `--platform=ios|android|all`. Both CLIs also receive the same `pipeline/scripts/` tree so single-CLI installs stay self-contained.
198
-
199
- ### Uninstall (token-preserving)
200
-
201
- ```bash
202
- npx @mmerterden/multi-agent-pipeline uninstall # interactive, all installed targets
203
- npx @mmerterden/multi-agent-pipeline uninstall --dry-run # preview, zero side effects
204
- ```
205
-
206
- Personal access tokens stored in macOS Keychain / Windows Credential Manager / Linux libsecret are **never touched** by the uninstaller. Smoke tests enforce this with a static check that fails the build if the script ever references a credential-store deletion API.
207
-
208
- ## Pipeline Phases
209
-
210
- ```
211
- Phase 0: Init - Project selection, branch setup, identity, worktree
212
- Phase 1: Analysis - Stack detection, codebase exploration
213
- Phase 2: Planning - Task decomposition, architecture review, user approval
214
- Phase 3: Dev - TDD cycle: test → code → build
215
- Phase 4: Review - Deterministic gates + parallel review + Opus triage
216
- • Claude Code → Opus + Sonnet (2 paralel)
217
- • Copilot CLI → GPT-5.4 + Opus + Sonnet (3 paralel)
218
- Phase 5: Test - Optional manual testing + MCP device audits (on-demand)
219
- Phase 6: Commit - Pre-commit local checkout prompt, git commit, push, PR creation
220
- Phase 7: Report - External: Jira comment · Wiki + Figma screenshots · Confluence
221
- Internal: Log · Knowledge + memory capture
222
- ```
223
-
224
- ### Full Pipeline Flow
225
-
226
- ```mermaid
227
- flowchart TD
228
- INPUT["🎯 <b>User Input</b><br/>Issue # · Jira URL · Free-text · jira · issue"]
229
-
230
- subgraph SETUP ["Setup"]
231
- P0["<b>Phase 0: Init</b><br/>Project detect · Worktree<br/>Branch · Identity · Task type"]
232
- P1["<b>Phase 1: Analysis</b><br/>Parallel Explore agents<br/>Stack detection · Guide load"]
233
- P2["<b>Phase 2: Planning</b><br/>Task decompose<br/>Architect review · User approval"]
234
- end
235
-
236
- subgraph DEVELOP ["Development"]
237
- P3["<b>Phase 3: Dev</b><br/>🔴 RED: test<br/>🟢 GREEN: implement<br/>🔵 REFACTOR · Build pass"]
238
- end
239
-
240
- subgraph REVIEW ["Review"]
241
- R1["<b>Opus</b><br/>Security<br/>Architecture"]
242
- R2["<b>GPT-5.4</b><br/>Quality<br/>Edge cases"]
243
- R3["<b>Sonnet</b><br/>Correctness<br/>Style"]
244
- TRIAGE["<b>Opus Triage</b><br/>Filter noise · Deduplicate<br/>Forward actionable only"]
245
- end
246
-
247
- subgraph DELIVER ["Delivery"]
248
- P5["<b>Phase 5: Test</b><br/>Manual test<br/>Device audits (on-demand)"]
249
- P6["<b>Phase 6: Commit</b><br/>Secret scan · Commit<br/>Push · PR create"]
250
- P7["<b>Phase 7: Report</b>"]
251
- subgraph REPORT ["Phase 7 sub-steps"]
252
- direction LR
253
- H1["Jira comment<br/>(analysis + tests)"]
254
- H2["Wiki + Figma<br/>screenshots"]
255
- H3["Confluence<br/>(optional)"]
256
- H4["Report · Log"]
257
- H5["Knowledge +<br/>memory capture"]
258
- end
259
- P7 --> H1 --> H2 --> H3 --> H4 --> H5
260
- end
261
-
262
- INPUT --> P0
263
- P0 --> P1
264
- P1 --> P2
265
- P2 --> P3
266
- P3 --> R1 & R2 & R3
267
- R1 & R2 & R3 --> TRIAGE
268
- TRIAGE -->|"✅ Approved"| P5
269
- TRIAGE -->|"🔧 Fix needed (≤3x)"| P3
270
- P5 --> P6
271
- P6 --> P7
272
-
273
- style INPUT fill:#818cf8,stroke:#6366f1,color:#fff
274
- style P3 fill:#fbbf24,stroke:#f59e0b,color:#000
275
- style TRIAGE fill:#38bdf8,stroke:#0ea5e9,color:#000
276
- style P7 fill:#4ade80,stroke:#22c55e,color:#000
277
- style H1 fill:#fde68a,stroke:#f59e0b,color:#000
278
- style H2 fill:#c084fc,stroke:#a855f7,color:#000
279
- style H3 fill:#bae6fd,stroke:#0ea5e9,color:#000
280
- ```
281
-
282
- ### Operating Modes
283
-
284
- ```mermaid
285
- flowchart LR
286
- subgraph NORMAL ["Normal (Full 8-phase)"]
287
- direction LR
288
- N0[Init] --> N1[Analysis] --> N2[Planning] --> N3[Dev] --> N4[Review] --> N5[Test] --> N6[Commit] --> N7[Report]
289
- end
290
-
291
- subgraph DEV ["--dev (Fast, Opus)"]
292
- direction LR
293
- D0[Init] --> D3["Dev<br/>(Opus)"] --> D6[Commit] --> D7[Report]
294
- end
295
-
296
- subgraph AUTO ["autopilot (No confirmations)"]
297
- direction LR
298
- A0[Init] --> A1[Analysis] --> A2[Planning] --> A3[Dev] --> A4[Review] --> A6[Commit] --> A7[Report]
299
- end
300
-
301
- subgraph FAST ["--dev autopilot (Fastest)"]
302
- direction LR
303
- F0[Init] --> F3["Dev<br/>(Opus)"] --> F6["Commit<br/>(auto)"] --> F7[Report]
304
- end
305
-
306
- style D3 fill:#fbbf24,stroke:#f59e0b,color:#000
307
- style F3 fill:#fbbf24,stroke:#f59e0b,color:#000
308
- style F6 fill:#4ade80,stroke:#22c55e,color:#000
309
- ```
310
-
311
- ### Review Architecture (Phase 4)
312
-
313
- ```mermaid
314
- flowchart TD
315
- DIFF["📝 Code Diff"]
316
-
317
- DIFF --> OPUS["<b>Opus</b><br/>🔒 Security · Architecture<br/>Data flow · Auth"]
318
- DIFF --> GPT["<b>GPT-5.4</b><br/>✨ Code quality · Edge cases<br/>Error paths · Logic"]
319
- DIFF --> SON["<b>Sonnet</b><br/>✅ Correctness · Best practices<br/>Naming · Style"]
320
-
321
- OPUS --> TRIAGE
322
- GPT --> TRIAGE
323
- SON --> TRIAGE
324
-
325
- TRIAGE["<b>Opus Triage</b><br/>Deduplicate findings<br/>Filter false-positives<br/>Reject out-of-scope<br/>Classify severity"]
326
-
327
- TRIAGE -->|"✅ PASS"| NEXT["Phase 5: Test"]
328
- TRIAGE -->|"🔧 FIX_REQUIRED"| BACK["Phase 3: Dev<br/>(retry ≤3x)"]
329
-
330
- style DIFF fill:#818cf8,stroke:#6366f1,color:#fff
331
- style TRIAGE fill:#38bdf8,stroke:#0ea5e9,color:#000
332
- style NEXT fill:#4ade80,stroke:#22c55e,color:#000
333
- style BACK fill:#f87171,stroke:#ef4444,color:#000
334
- ```
335
-
336
- ### Figma SubPhase Integration (Phase 3)
337
-
338
- When `figmaConfigPath` is set in project preferences, Phase 3 dispatches the Figma-to-SwiftUI pipeline instead of standard TDD:
339
-
340
- ```mermaid
341
- flowchart TD
342
- P3["<b>Phase 3: Dev</b>"]
343
-
344
- P3 -->|default| TDD["<b>Standard TDD</b><br/>RED → GREEN → REFACTOR → build"]
345
- P3 -->|"figmaConfigPath set"| FIG
346
-
347
- subgraph FIG ["Figma-to-SwiftUI Pipeline (17 SubPhases)"]
348
- direction TB
349
-
350
- subgraph INIT_G ["Init + Gather"]
351
- S0["3.0 Init<br/>Parse URL · Branch · Assign"]
352
- S1["3.1 Gather<br/>Fetch design context"]
353
- end
354
-
355
- subgraph PREP ["Preparation (parallel)"]
356
- S2A["3.2A TestingIDs"]
357
- S2B["3.2B Localization"]
358
- S2C["3.2C Accessibility"]
359
- S2D["3.2D Analytics"]
360
- end
361
-
362
- S3["3.3 Token Mapping<br/>Figma values → design tokens"]
363
-
364
- subgraph IMPL ["Implementation (sequential)"]
365
- S4A["3.4A Config"]
366
- S4B["3.4B View"]
367
- S4C["3.4C Docs"]
368
- S4D["3.4D Preview"]
369
- S4E["3.4E Modifiers"]
370
- S4F["3.4F Wiki"]
371
- end
372
-
373
- subgraph TEST_G ["Testing"]
374
- S5A["3.5A ViewInspector"]
375
- S5B["3.5B Snapshot"]
376
- S5C["3.5C Unit"]
377
- end
378
-
379
- S6["3.6 CodeConnect<br/>Figma ↔ code link"]
380
-
381
- S0 --> S1
382
- S1 --> S2A & S2B & S2C & S2D
383
- S2A & S2B & S2C & S2D --> S3
384
- S3 --> S4A --> S4B --> S4C --> S4D --> S4E --> S4F
385
- S4F --> S5A --> S5B --> S5C
386
- S5C --> S6
387
- end
388
-
389
- style P3 fill:#fbbf24,stroke:#f59e0b,color:#000
390
- style TDD fill:#4ade80,stroke:#22c55e,color:#000
391
- style S3 fill:#818cf8,stroke:#6366f1,color:#fff
392
- style S6 fill:#c084fc,stroke:#a855f7,color:#000
25
+ /multi-agent "PROJ-1234" # Jira id → fetch, plan, build
26
+ /multi-agent "https://github.com/org/repo/issues/42" # GitHub issue URL
27
+ /multi-agent "my-app#42" # repo + issue number
28
+ /multi-agent "fix dark-mode contrast on LoginView" # free-text bug/feature
29
+ /multi-agent:jira # browse your open Jira issues → pick
30
+ /multi-agent:issue # browse unassigned GitHub issues → pick
393
31
  ```
394
32
 
395
- ### Ecosystem Architecture
33
+ Every input runs the same short intake — **account → (repo) → maturity check → dev-context** — then enters Phase 0. A Jira id or GitHub URL is fetched and maturity-checked *before* any code is written; free-text skips the fetch and goes straight to planning. Multi-repo tasks add extra repos at the dev-context step.
396
34
 
397
- ```mermaid
398
- flowchart TD
399
- CC["<b>Claude Code</b><br/>(Source of Truth)<br/><br/>~/.claude/commands/<br/>~/.claude/agents/<br/>~/.claude/scripts/"]
400
-
401
- CC -->|"instructions + 206 skills + scripts"| COP["<b>Copilot CLI</b><br/>~/.copilot/skills/<br/>~/.copilot/scripts/<br/>copilot-instructions.md"]
402
- CC -->|"genericized pipeline/"| REPO["<b>Pipeline Repo</b><br/>@mmerterden/<br/>multi-agent-pipeline"]
403
- CC -.->|"optional"| WEB["<b>Website</b><br/>(your docs site)"]
404
- CC -.->|"optional"| RC["<b>Remote Control</b><br/>(your dashboard)"]
405
-
406
- REPO -->|"npm publish"| NPM["<b>GitHub Packages</b><br/>(npm)"]
407
- WEB -->|"auto-deploy"| VERCEL["Vercel"]
408
-
409
- style CC fill:#818cf8,stroke:#6366f1,color:#fff
410
- style REPO fill:#fbbf24,stroke:#f59e0b,color:#000
411
- style NPM fill:#4ade80,stroke:#22c55e,color:#000
412
- style WEB fill:#38bdf8,stroke:#0ea5e9,color:#000
413
- ```
35
+ Add `autopilot` to skip confirmations, `--dev` for the fast dev-only path, or `--local` to work on the current branch without a worktree (e.g. `/multi-agent:autopilot "PROJ-1234"`).
414
36
 
415
- ### Claude Code (Full Mode)
37
+ Update later with `/multi-agent:update`. Uninstall (tokens preserved) with `npx @mmerterden/multi-agent-pipeline uninstall`.
416
38
 
417
- All 8 phases with sub-agents, parallel review + Opus triage (2-model Opus+Sonnet on Claude Code, 3-model GPT+Opus+Sonnet on Copilot CLI), TaskCreate visual tracking.
418
-
419
- ```bash
420
- # Pipeline tasks
421
- /multi-agent "MOBILE-12345" # Jira issue
422
- /multi-agent "#42" # GitHub issue
423
- /multi-agent "Fix dark mode colors in LoginView" # Free-text
424
- /multi-agent:dev "MOBILE-12345" # Fast mode (Opus)
425
- /multi-agent:autopilot "MOBILE-12345" # Skip confirmations
426
- /multi-agent:dev-autopilot "MOBILE-12345" # Zero interaction
427
-
428
- # Helper commands
429
- /multi-agent:status # List all tasks
430
- /multi-agent:log 1 # Show task log
431
- /multi-agent:resume 1 # Resume stopped task
432
- /multi-agent:kill 1 # Delete task worktree
433
- /multi-agent:review # Review current diff
434
- /multi-agent:setup # Token + identity onboarding (asks promptLanguage + outputLanguage)
435
- /multi-agent:language tr # Toggle pipeline languages (en / tr per axis)
436
- /multi-agent:test # UI Bug Hunter
437
- /multi-agent:channels "PR-url" # Post report (Jira / Confluence / Wiki / PR)
438
- /multi-agent:search "query" # Full-text log search
439
- /multi-agent:scan # Skill security scan
440
- /multi-agent:refactor # Refactor planner
441
- /multi-agent:update # Update pipeline
442
- /multi-agent:sync # Sync ecosystem
443
- /multi-agent:purge # Full reset (double-confirm)
444
-
445
- # Flag syntax (equivalent to dedicated commands above)
446
- /multi-agent "MOBILE-12345" --dev # same as :dev
447
- /multi-agent "MOBILE-12345" --dev autopilot # same as :dev-autopilot
448
- ```
449
-
450
- ### Copilot CLI (Lite Mode)
451
-
452
- Same pipeline logic, invoked via dash syntax (`multi-agent-*`).
453
-
454
- ```bash
455
- # Pipeline tasks
456
- multi-agent "MOBILE-12345" # Jira issue
457
- multi-agent "#42" # GitHub issue
458
- multi-agent "Fix dark mode colors in LoginView" # Free-text
459
- multi-agent-dev "MOBILE-12345" # Fast mode (Opus)
460
- multi-agent-autopilot "MOBILE-12345" # Skip confirmations
461
- multi-agent-dev-autopilot "MOBILE-12345" # Zero interaction
462
-
463
- # Helper commands
464
- multi-agent-status # List all tasks
465
- multi-agent-log 1 # Show task log
466
- multi-agent-resume 1 # Resume stopped task
467
- multi-agent-kill 1 # Delete task worktree
468
- multi-agent-review # Review current diff
469
- multi-agent-setup # Token + identity onboarding
470
- multi-agent-test # UI Bug Hunter
471
- multi-agent-channels "PR-url" # Post report (Jira / Confluence / Wiki / PR)
472
- multi-agent-search "query" # Full-text log search
473
- multi-agent-scan # Skill security scan
474
- multi-agent-refactor # Refactor planner
475
- multi-agent-update # Update pipeline
476
- multi-agent-sync # Sync ecosystem
477
- multi-agent-purge # Full reset (double-confirm)
478
- ```
39
+ ## How it works
479
40
 
480
- ## Supported Stacks
41
+ One command runs 8 phases, with a gate between the risky ones:
481
42
 
482
- | Platform | Detection | Guide Loaded |
483
- | ----------------------------- | -------------------------------------------- | ----------------------- |
484
- | **iOS/Swift** | `.xcodeproj`, `Package.swift` | SwiftUI Component Guide |
485
- | **Android/Kotlin** | `build.gradle`, `build.gradle.kts` | Jetpack Compose Guide |
486
- | **Backend** (Python/Node/Go) | `requirements.txt`, `package.json`, `go.mod` | Backend API Guide |
487
- | **Frontend** (React/Vue/Next) | `package.json` + framework detection | Frontend Guide |
43
+ - **0 · Init** — parse the input (Jira id / GitHub URL / free text), pick account + repo(s), fetch the issue, run a maturity check.
44
+ - **1 · Analysis** detect the stack, scan the codebase, map impact (Opus).
45
+ - **2 · Plan** write a task breakdown and **stop for your approval** before touching code.
46
+ - **3 · Dev** TDD: failing test → code → green, following the repo's style + the active stack skills.
47
+ - **4 · Review** — deterministic gates (build / lint / test / secret-scan) must pass first, then a **CLI-aware parallel review** — Claude Code runs 2 models (Fable + Sonnet), Copilot CLI runs 3 (GPT-5.4 + Opus + Sonnet) — and a **Fable triage** keeps only actionable findings; blockers loop back to Phase 3.
48
+ - **5 · Test** build + run the suite; success is required (no faked passes).
49
+ - **6 · Commit/PR** — conventional commit, push (must succeed), open a PR (`Ref: #N`, never auto-close).
50
+ - **7 · Report** — technical summary + a Jira comment with test scenarios, posted through the channels layer.
488
51
 
489
- Stack is auto-detected. Build commands, test runners, lint tools, and review focus areas all adapt automatically.
52
+ Under the hood: each task runs in its own **git worktree** (or the current branch with `:local`), commits use the **git identity routed from the repo's origin URL**, and **multi-repo** tasks get per-repo worktrees plus an integration build. Tokens stay in the OS keychain; nothing is committed or logged. `/multi-agent:review` can also review an existing GitHub/Bitbucket PR — per-finding inline comments anchored to `file:line` + an explicit Approve / Needs-Work state.
490
53
 
491
54
  ## Modes
492
55
 
493
- | Mode | Claude Code | Copilot CLI | Description |
494
- | ---- | ----------- | ----------- | ----------- |
495
- | Normal | `/multi-agent "task"` | `multi-agent "task"` | Full 8 phases with CLI-aware parallel review (Claude: 2-model · Copilot: 3-model) |
496
- | Fast | `/multi-agent:dev "task"` | `multi-agent-dev "task"` | Init Dev(Opus) → Commit → Report |
497
- | Local | `/multi-agent "task" --local` | `multi-agent "task" --local` | No worktree - works on local branch |
498
- | Autopilot | `/multi-agent:autopilot "task"` | `multi-agent-autopilot "task"` | Skip confirmations, auto commit/PR |
499
- | Fastest | `/multi-agent:dev-autopilot "task"` | `multi-agent-dev-autopilot "task"` | Zero interaction |
500
- | Test | `/multi-agent:test` | `multi-agent-test` | UI Bug Hunter - visual + accessibility |
501
- | Channels | `/multi-agent:channels <target>` | `multi-agent-channels <target>` | Post report to Jira / Confluence / Wiki / PR (multi-select, humanizer pass, reviewer-preserving) |
502
- | Stack | `/multi-agent:stack ios` | `multi-agent-stack ios` | Select stack by enabling the matching marketplace plugin(s) |
503
- | Language | `/multi-agent:language [prompt\|output] <en\|tr>` | `multi-agent-language [prompt\|output] <en\|tr>` | Toggle `promptLanguage` (interactive prompts) and/or `outputLanguage` (assistant explanations). External payloads stay English. |
56
+ | Mode | Command | Flow |
57
+ |---|---|---|
58
+ | Full | `/multi-agent "task"` | All 8 phases, interactive |
59
+ | Autopilot | `/multi-agent:autopilot "task"` | All 8 phases, no confirmations |
60
+ | Dev | `/multi-agent:dev "task"` | Init Dev Commit Report |
61
+ | Local | `/multi-agent:local "task"` | Full pipeline, current branch (no worktree) |
62
+ | Finish | `/multi-agent:finish` | Run the review→test→commit→report tail over local work |
504
63
 
505
- ## UI Bug Hunter + Audit Tools
64
+ Helpers: `setup`, `status`, `resume #N`, `review`, `test`, `channels`, `stack`, `update`, `sync`, `jira`, `issue`, `analysis`. Full list: `/multi-agent:help`.
506
65
 
507
- Automated visual testing and compliance audits. Requires the mobile MCP server.
66
+ ## Stacks
508
67
 
509
- ```bash
510
- # Claude Code # Copilot CLI
511
- /multi-agent:test # multi-agent-test
512
- /multi-agent:test "dark mode" # multi-agent-test "dark mode"
513
- /multi-agent:test "accessibility" # multi-agent-test "accessibility"
514
- /multi-agent:test "dynamic type" # multi-agent-test "dynamic type"
515
- /multi-agent:test "store-ready" # multi-agent-test "store-ready"
516
- /multi-agent:test "biometric" # multi-agent-test "biometric"
517
- /multi-agent:test "performance" # multi-agent-test "performance"
518
- ```
519
-
520
- ### How Audit Tools Work
521
-
522
- All audits run via **direct Bash commands** - no MCP server dependency. Pipeline uses `xcrun simctl`, `adb`, `codesign`, `aapt2` etc. natively.
523
-
524
- | Audit | What It Does | Command | When |
525
- | --------------------- | ------------------------------------------------------ | ---------------------------- | ----------------------- |
526
- | iOS Accessibility | Missing labels, small tap targets | `swift ui-tree-dumper.swift` | Phase 5 - user requests |
527
- | Android Accessibility | Missing contentDescription, small touch targets | `adb shell uiautomator dump` | Phase 5 - user requests |
528
- | iOS Biometric | Face ID / Touch ID success/failure | `xcrun simctl keychain` | Phase 5 - auth flow |
529
- | Android Launch Time | Cold start time (ms) | `adb shell am start -W` | Phase 5 - performance |
530
- | iOS Archive | App Store compliance: signing, debug tools, privacy | `codesign`, `plutil`, `nm` | Phase 6 - release |
531
- | Android APK | Play Store compliance: target SDK, debuggable, signing | `aapt2`, `apksigner` | Phase 6 - release |
532
-
533
- **Important**: Audits are **on-demand** - triggered by user, not automatic. Phase 4 does code-level accessibility review (free, no device needed). Phase 5/6 do device-level audits only when requested.
534
-
535
- **No external dependencies** - only standard Xcode CLI tools (iOS) and Android SDK (Android). Platform guides include **compliance rules** that map 1:1 to audit checks - follow the guide, pass the audit.
536
-
537
- ## Stack Selection (marketplace plugins)
538
-
539
- Stack skills ship as versioned plugins in the `{owner}/multi-agent-plugins` marketplace. Selecting a stack **enables the matching plugin(s)** in the repo's `.claude/settings.json` `enabledPlugins` — the stack toolkit plus `ai-common-engineering-toolkit` (cross-stack skills). This replaced the old `stack-swap.sh` mechanic (which physically moved skill directories on a SessionStart hook); enablement is now declarative, per-repo, and versioned.
68
+ Stack skills ship as versioned plugins in the [`mmerterden/multi-agent-plugins`](https://github.com/mmerterden/multi-agent-plugins) marketplace. Select a stack per-repo:
540
69
 
541
70
  ```bash
542
- # Claude Code # Copilot CLI
543
- /multi-agent:stack multi-agent-stack # show enabled plugins
544
- /multi-agent:stack ios multi-agent-stack ios # SwiftUI toolkit + common
545
- /multi-agent:stack android multi-agent-stack android # Compose toolkit + common
546
- /multi-agent:stack backend multi-agent-stack backend # Python/Node toolkit + common
547
- /multi-agent:stack frontend multi-agent-stack frontend # React/TSX toolkit + common
548
- /multi-agent:stack mobile multi-agent-stack mobile # iOS + Android + common
549
- /multi-agent:stack all multi-agent-stack all # all four toolkits + common
71
+ /multi-agent:stack ios # or android / frontend / backend / mobile / all
550
72
  ```
551
73
 
552
- Add the marketplace once with `claude marketplace add {owner}/multi-agent-plugins`. Newly published plugin versions are pulled by `/multi-agent:update`. The plugins are rebuilt from `pipeline/skills/shared/external/` via `pipeline/scripts/build-stack-plugins.mjs` (run by `multi-agent:sync` Step 3c), which bumps the patch version of any plugin whose skill set changed. The old `stack-swap.sh` mechanic has been removed.
553
-
554
- ## Setup
555
-
556
- ```bash
557
- # 1. Install pipeline
558
- npx @mmerterden/multi-agent-pipeline install --all
559
-
560
- # 2. Configure
561
- /multi-agent:setup # Claude Code
562
- multi-agent-setup # Copilot CLI
563
- # -> Jira project key (e.g., MOBILE, APP, ENG)
564
- # -> Git identity (name + email)
565
- # -> Keychain token scan + mapping
566
-
567
- # That's it! Pipeline works standalone - no additional dependencies needed.
568
- ```
569
-
570
- ## Hooks & Context Management
571
-
572
- Pipeline includes automated safety hooks and session optimization, configured during installation.
74
+ This enables the matching plugin (+ the shared `ai-common` plugin) in the repo's `.claude/settings.json`. Phase 1 auto-detects the stack for routing. New repos default to iOS.
573
75
 
574
- ### Pre-Commit Secret Detection
575
-
576
- A `PreToolUse` hook runs before every `git commit`, scanning staged files for:
577
-
578
- - Hardcoded API keys, tokens, secrets
579
- - AWS access keys (`AKIA...`)
580
- - Private keys (RSA/EC/DSA/OPENSSH)
581
- - `.env` files and credentials files
582
- - Firebase/GCP service account JSON
583
-
584
- If secrets are found, the commit is **blocked** with a clear message.
585
-
586
- ### Context Management
587
-
588
- `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=65` triggers context compaction at 65% usage instead of the default ~80%. This prevents performance degradation in long 8-phase pipeline sessions.
589
-
590
- ### Local CI (pre-push)
591
-
592
- **CI is local-only** via the `pre-push` git hook (no GitHub Actions).
593
- Run the full gate manually anytime, or wire the hook to run it on every `git push`:
594
-
595
- ```bash
596
- # One-off check
597
- bash pipeline/scripts/pre-push-check.sh
598
-
599
- # Install as a git hook - runs automatically on `git push`
600
- ln -sf ../../pipeline/scripts/pre-push-check.sh .git/hooks/pre-push
601
- chmod +x .git/hooks/pre-push
602
- ```
603
-
604
- Runs unit tests, smoke suites, eval fixtures, schema validation, and lint - the same gate that used to run in CI. Bypass only in emergencies with
605
- `git push --no-verify`.
606
-
607
- ### Scripts
608
-
609
- | Script | Purpose |
610
- | ---------------------- | ------------------------------------------------ |
611
- | `pre-commit-check.sh` | Secret detection before commits |
612
- | `build-stack-plugins.mjs` | Rebuild stack plugins from `shared/external`, bump changed plugin versions |
613
- | `keychain-save.sh` | Save tokens/JSON to macOS Keychain (interactive) |
614
- | `keychain.py` | Deterministic Python Keychain helper (get/set/delete/list/doctor); shell driver auto-delegates on macOS/Linux |
615
- | `github-ssh-setup.sh` | GitHub SSH key generation + config |
616
- | `ui-tree-dumper.swift` | iOS accessibility tree dumper for audits |
617
-
618
- All scripts are installed to `~/.claude/scripts/` during setup.
619
-
620
- ## Platform Support
621
-
622
- | Tier | Platform | Requirements |
623
- | --------- | --------------------- | ----------------------------------------------------------- |
624
- | Primary | macOS 13+ | Keychain-backed token storage, `xcodebuild`, `xcrun simctl` |
625
- | Primary | Linux (Ubuntu 22.04+) | Token storage via env vars / `gh auth`; no Xcode features |
626
- | Secondary | Windows (WSL2) | Same as Linux; Xcode features unavailable |
627
-
628
- Node.js 18+ required everywhere. Git 2.38+ (for `git worktree` improvements) recommended.
629
-
630
- ## Testing
631
-
632
- ```bash
633
- npm test
634
- ```
635
-
636
- Runs **~1,300 assertions** across four layers:
637
-
638
- | Layer | Count | What |
639
- | ----------------- | ------------------------------ | -------------------------------------------------------- |
640
- | Node unit tests | 92 tests across 19 suites | CLI routing, install helpers, settings.json hooks, security |
641
- | Smoke suites | 73 scripts, ~1,210 assertions | End-to-end contract tests for every script and phase doc |
642
- | Eval fixtures | 11 adversarial cases + 2 golden tasks | Semantic regression for triage classification + full pipeline replay |
643
- | Schema validation | 13 schemas | Structural integrity of JSON schemas |
644
-
645
- CI runs locally via the `pre-push` git hook (see **Scripts** above) - no GitHub Actions. Enable the hook once per clone with `ln -sf ../../pipeline/scripts/pre-push-check.sh .git/hooks/pre-push`.
646
-
647
- ## Key Features
648
-
649
- Ten highlights - see [`docs/features.md`](docs/features.md) for the full catalog.
76
+ ## Tool support
650
77
 
651
- 1. **8-phase orchestration** with lazy-loaded phase specs - only pay token cost for the current phase.
652
- 2. **CLI-aware parallel review + Opus triage** - Opus (security/architecture) + Sonnet (quality/correctness) run in parallel on Claude Code (2-model); Copilot CLI adds GPT-5.4 (edge cases/different perspective) for a 3-model set. A single Opus triage pass filters false-positives, rejects out-of-scope findings, and forwards only actionable items to Phase 3. Reviewer noise never auto-triggers rework.
653
- 3. **Bitbucket / GitHub PR automation** with default reviewers auto-injected, draft/ready prompt, body preservation (no literal `\n`, no HTML entities).
654
- 4. **`channels` command** posts task reports to Jira / Confluence / Wiki / PR with multi-select channel + content. Humanizer pass per-channel, reviewer-preserving Bitbucket PR PUT. Phase 7 delegates; also invocable post-hoc for fixes made outside the pipeline.
655
- 5. **Deterministic safety gates + pre-commit local-checkout prompt + runtime triage validator**: pre-commit secret scan (PreToolUse hook), xcodebuild lock queue, 3-iteration hard-kill on retry loops, "checkout locally and test before commit?" Phase 6 prompt, and a zero-dep Node validator that gates Phase 4 triage output on real exit codes - no longer just markdown guidance. Includes telemetry (metrics.jsonl + aggregator - GPT-5.4 reviewer metric emitted only on Copilot CLI) and a sync-parity script that catches Claude↔Copilot↔repo drift before it ships.
656
- 6. **Cross-session learning**: per-project knowledge base (architecture, patterns, gotchas) + user-level memory (feedback, project constraints, references).
657
- 7. **Schema-validated state + smoke-tested contracts**: `schemas/*.schema.json` for `agent-state.json` and preferences; `scripts/smoke-channels-flow.sh` guards body-preservation + Bitbucket PUT contract + multi-channel dispatch.
658
- 8. **Task Type Detection** - every task classified as component/bugfix/feature/refactor/chore at Phase 0 Step 9, used by every downstream phase for deterministic routing.
659
- 9. **SubPhase progress tracking** for specialized workflows - component generation (figma-to-swiftui) reports nested SubPhases under the parent main phase instead of inflating the top-level phase count.
660
- 10. **Interactive launchers**: `multi-agent-jira` lists your open Jira issues; `multi-agent-issue` lists unassigned GitHub issues. Pick one → choose branch → choose mode (full/--dev) → autopilot? → pipeline starts. GitHub issues are auto-assigned on selection.
78
+ The pipeline runs natively on **Claude Code** and **Copilot CLI** both install from the same `pipeline/skills/` source and get identical coverage.
661
79
 
662
- ## What's Included
80
+ | Tool | Flag | Notes |
81
+ |---|---|---|
82
+ | Claude Code | `--claude` (default) | slash commands + skills + agents + `PreToolUse` secret-scan hook |
83
+ | Copilot CLI | `--copilot` | instructions + skills + scripts |
663
84
 
664
- ```
665
- pipeline/
666
- commands/
667
- multi-agent.md Main orchestrator
668
- sim-test.md Mobile UI Bug Hunter
669
- figma-to-swiftui.md Figma -> SwiftUI component generator
670
- deploy.md iOS deployment checklist
671
- archive-guard.md .xcarchive App Store compliance scan
672
- security-review.md Deep security audit
673
- multi-agent/
674
- help.md Usage guide
675
- setup.md Token + identity + Jira key onboarding
676
- status.md List all tasks
677
- log.md Show task log
678
- resume.md Resume stopped task
679
- kill.md Delete task worktree
680
- purge.md Full reset (double-confirm)
681
- review.md Review current diff
682
- channels.md Multi-channel reporter (Jira/Confluence/Wiki/PR)
683
- jira.md Interactive Jira picker
684
- issue.md Interactive GitHub issue picker
685
- dev.md Fast mode (Opus)
686
- autopilot.md Skip confirmations
687
- dev-autopilot.md Fastest path (dev + autopilot)
688
- test.md UI Bug Hunter
689
- search.md Full-text log search
690
- scan.md Skill security scanner
691
- refactor.md Refactor planner
692
- update.md Update pipeline
693
- sync.md Sync ecosystem (Claude/Copilot/repo)
694
- refs/
695
- rules.md Global non-negotiable rules
696
- keychain.md Token registry
697
- knowledge.md Project knowledge system
698
- audit-guide.md Audit tool integration rules
699
- swiftui-guide.md iOS component guide + compliance rules
700
- android-guide.md Android component guide + compliance rules
701
- backend-guide.md Backend API guide
702
- frontend-guide.md Frontend component guide
703
- phases.md Phase reference + ASCII flow diagram
704
- phases/
705
- phase-0-init.md Project setup (8-step interactive)
706
- phase-1-analysis.md Stack detection + codebase exploration
707
- phase-2-planning.md Task decomposition + architecture review
708
- phase-3-dev.md TDD development + build queue
709
- phase-4-review.md Gates + code review + accessibility check
710
- phase-5-test.md User testing + device audits (on-demand)
711
- phase-6-commit.md Commit + PR (reviewers + draft prompt)
712
- phase-7-report.md External (Jira/Wiki/Confluence) + internal log + knowledge + memory
713
- modes.md Autopilot, --dev, --local
714
- operations.md Kill, resume, purge
715
- log-format.md Log file spec
716
- skills/
717
- shared/
718
- core/ 22 orchestration skills (multi-agent-*) - pipeline-critical; changes here affect pipeline
719
- behavior directly.
720
- external/ 127 iOS/Android/generic guidance skills imported
721
- from upstream (mirrors of third-party skill sets
722
- - SwiftUI, Compose, Kotlin, Swift, web, backend,
723
- CI/CD, HIG, etc.).
724
- figma-common/ Platform-agnostic Figma pipeline shared steps
725
- figma-ios/ Figma → SwiftUI component generator (iOS)
726
- figma-android/ Figma → Jetpack Compose component generator (Android)
727
- schemas/ JSON Schemas
728
- agent-state.schema.json Validates $HOME/.claude/logs/.../agent-state.json
729
- prefs.schema.json Validates $HOME/.claude/multi-agent-preferences.json
730
- triage-output.schema.json Validates Phase 4 triage output
731
- token-budget.json Per-phase token limits + warn thresholds
732
- agents/
733
- code-reviewer.md Phase 4 reviewer (CLI-aware: 2-model Claude / 3-model Copilot + Opus triage)
734
- explorer.md Phase 1 codebase scanner
735
- ios-architect.md iOS architecture review
736
- android-architect.md Android architecture review
737
- backend-architect.md Backend/API architecture review
738
- security-auditor.md Security audit (OWASP)
739
- rules/
740
- code-style.md Naming, structure, patterns
741
- git-conventions.md Commit messages, branching
742
- testing.md Test naming, structure, coverage
743
- tdd.md Red-Green-Refactor, testing pyramid
744
- code-review.md Review priority, severity, checklist
745
- security.md Keychain, ATS, credentials, privacy
746
- performance.md Bottlenecks, caching strategy
747
- debugging.md Scientific debugging method
748
- app-store-guidelines.md App Store Review Guidelines
749
- figma-pipeline.md Figma -> SwiftUI generation rules
750
- swiftui-qa.md 3-layer test strategy, 13-item checklist
751
- kotlin-android.md Kotlin & Android conventions
752
- eval/
753
- triage/
754
- 01-10/ 10 adversarial eval fixtures
755
- scripts/
756
- pre-commit-check.sh Secret detection hook
757
- build-stack-plugins.mjs Rebuild stack plugins + version bump
758
- keychain-save.sh Save tokens/JSON to macOS Keychain
759
- github-ssh-setup.sh GitHub SSH key generation + setup
760
- ui-tree-dumper.swift iOS accessibility tree dumper
761
- eval-triage.mjs Eval runner for triage fixtures
762
- validate-triage.mjs Runtime triage validator
763
- validate-schemas.mjs Zero-dep shallow validator for *.schema.json
764
- aggregate-metrics.mjs Telemetry aggregator
765
- log-metric.sh Telemetry metric logger
766
- phase-banner.sh Phase banner UI renderer
767
- phase-tracker.sh Phase progress tracker
768
- sync-parity-check.sh Claude↔Copilot↔repo parity checker
769
- smoke-*.sh Contract smoke tests (10 suites, 115 assertions)
770
- claude-md-template.md CLAUDE.md starter template
771
- preferences-template.json Empty config template
772
-
773
- docs/
774
- features.md Full feature catalog
775
- adr/ Architecture Decision Records (0001+)
776
-
777
- CHANGELOG.md Version history
778
- docs/architecture.md Mermaid diagrams: pipeline flow, modes, components
779
- docs/best-practices.md Competitor-informed patterns and pipeline rules
780
- SECURITY.md Vulnerability reporting policy
781
- ```
85
+ Filter skills by stack with `--platform=ios\|android\|all`.
782
86
 
783
- ## Ecosystem Sync
87
+ ## Setup notes
784
88
 
785
- The pipeline maintains consistency across multiple repositories and CLI targets:
89
+ - **Tokens** stay in the OS keychain (macOS Keychain / Windows Credential Manager / Linux libsecret) and are never committed or logged. `setup` maps them into `~/.claude/multi-agent-preferences.json`.
90
+ - **Secret scan** runs as a `PreToolUse` hook on Claude Code (hard-blocks a commit on a hit) and as a pre-push check elsewhere.
91
+ - **All tokens are optional** — the pipeline asks for any it needs at Phase 0.
786
92
 
787
- ```bash
788
- # Claude Code # Copilot CLI
789
- /multi-agent:sync # multi-agent-sync
790
- /multi-agent:sync status # multi-agent-sync status
791
- /multi-agent:sync to-copilot # multi-agent-sync to-copilot
792
- /multi-agent:sync to-repo # multi-agent-sync to-repo
793
- /multi-agent:sync release # multi-agent-sync release
794
- ```
93
+ ## Companion repos
795
94
 
796
- | Target | What syncs |
797
- | ------------------ | ---------------------------------------------------- |
798
- | **Claude Code** | Source of truth - commands, agents, scripts |
799
- | **Copilot CLI** | Summary mirror + 206 unified skills + scripts |
800
- | **Pipeline Repo** | Genericized open-source version (no personal data) |
801
- | **Website** | Version, phase/model counts, feature strings (EN+TR) |
802
- | **Remote Control** | Pipeline feature references |
95
+ | Repo | What it is |
96
+ |---|---|
97
+ | [`mmerterden/multi-agent-plugins`](https://github.com/mmerterden/multi-agent-plugins) | Marketplace of per-stack skill toolkits (iOS / Android / Frontend / Backend + common). `/multi-agent:stack` enables the matching plugin. |
98
+ | [`mmerterden/dev-toolkit-mcp`](https://github.com/mmerterden/dev-toolkit-mcp) | MCP server for UI testing / simulator capture / xcodebuild — powers the Phase 5 UI Bug Hunter. `npx @mmerterden/dev-toolkit-mcp` |
803
99
 
804
100
  ## License
805
101
 
806
- MIT
102
+ MIT — see [LICENSE](./LICENSE). Security issues: see [SECURITY.md](./SECURITY.md) (do not open public issues for vulnerabilities).