@mmerterden/multi-agent-pipeline 10.7.1 → 10.7.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +24 -0
- package/README.md +68 -756
- package/package.json +1 -1
- package/pipeline/agents/task-clarifier.md +1 -3
- package/pipeline/commands/multi-agent/autopilot.md +1 -1
- package/pipeline/commands/multi-agent/dev-autopilot.md +1 -1
- package/pipeline/commands/multi-agent/dev-local-autopilot.md +1 -1
- package/pipeline/commands/multi-agent/dev-local.md +1 -1
- package/pipeline/commands/multi-agent/dev.md +1 -1
- package/pipeline/commands/multi-agent/local-autopilot.md +1 -1
- package/pipeline/commands/multi-agent/local.md +1 -1
- package/pipeline/commands/multi-agent/refs/features/shadow-git.md +1 -1
- package/pipeline/commands/multi-agent/refs/phases/phase-0-init.md +1 -1
- package/pipeline/commands/multi-agent/refs/phases/phase-2-planning.md +1 -1
- package/pipeline/commands/multi-agent/refs/phases/phase-3-dev.md +1 -1
- package/pipeline/commands/multi-agent/refs/phases.md +1 -1
- package/pipeline/commands/multi-agent/refs/tracker-contract.md +0 -2
- package/pipeline/lib/plan-todos.sh +2 -5
- package/pipeline/lib/post-pr-review.sh +2 -2
- package/pipeline/lib/review-watch.sh +2 -6
- package/pipeline/lib/shadow-git.sh +3 -5
- package/pipeline/schemas/clarify-output.schema.json +1 -1
- package/pipeline/schemas/plan-todos.schema.json +1 -1
- package/pipeline/schemas/prefs.schema.json +5 -5
- package/pipeline/scripts/gen-mode-dispatch.mjs +1 -1
- package/pipeline/scripts/smoke-review-watch.sh +2 -2
- package/pipeline/scripts/smoke-shadow-git.sh +1 -1
package/README.md
CHANGED
|
@@ -5,802 +5,114 @@
|
|
|
5
5
|
[](https://nodejs.org)
|
|
6
6
|
[](https://github.com/mmerterden/multi-agent-pipeline/blob/main/package.json)
|
|
7
7
|
|
|
8
|
-
8-phase AI development pipeline for **Claude Code** and **Copilot CLI**.
|
|
8
|
+
An 8-phase AI development pipeline for **Claude Code** and **Copilot CLI**. Drives a Jira issue or GitHub URL to a merged PR in one command — analysis → plan → TDD → review → test → commit → PR — with multi-repo orchestration, a plan-approval gate, CLI-aware parallel review, and store-compliance checks. Includes a generic Figma-to-Component pipeline for iOS (SwiftUI) and Android (Jetpack Compose).
|
|
9
9
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
| Surface | Count |
|
|
13
|
-
|---|---|
|
|
14
|
-
| Slash commands (colon-form `/multi-agent:*`) | 35 |
|
|
15
|
-
| Copilot skills (dash-form `multi-agent-*`) | 35 |
|
|
16
|
-
| Platforms (Claude Code, Copilot CLI) | 2 |
|
|
17
|
-
| Store-compliance skills (`apple-archive-compliance`, `google-play-compliance`) | 2 |
|
|
18
|
-
| Figma skills (iOS + Android + Common) | 41 |
|
|
19
|
-
| External skill catalog (`shared/external/`) | 143 |
|
|
20
|
-
| Total `SKILL.md` files across all groups | 221 |
|
|
21
|
-
| Smoke suites | 108 |
|
|
22
|
-
| Golden-task fixtures (`pipeline/eval/golden-tasks/`) | 8 |
|
|
23
|
-
| Eval-triage fixtures | 11 |
|
|
24
|
-
| JSON schemas | 16 |
|
|
25
|
-
| Agent personas | 8 |
|
|
26
|
-
| Pipeline phases | 8 |
|
|
27
|
-
|
|
28
|
-
> **Claude Code** and **Copilot CLI** run the full pipeline natively - the gate scripts + live tracker are installed to `~/.claude` / `~/.copilot`, and on Claude Code a `PreToolUse` hook hard-blocks on the secret scan.
|
|
29
|
-
|
|
30
|
-
> Security issue? See [SECURITY.md](./SECURITY.md). Please do not open public issues for vulnerabilities.
|
|
31
|
-
|
|
32
|
-
## Prerequisites
|
|
33
|
-
|
|
34
|
-
- Node.js 18+
|
|
35
|
-
- Claude Code (https://claude.ai/code) **or** GitHub Copilot CLI
|
|
36
|
-
- macOS, Linux, or Windows (Git Bash / WSL). Native credential storage everywhere:
|
|
37
|
-
- **macOS** → Keychain (`security`)
|
|
38
|
-
- **Linux** → libsecret (`secret-tool` - `apt install libsecret-tools` / `dnf install libsecret`)
|
|
39
|
-
- **Windows** → Credential Manager (PowerShell `CredentialManager` module - `Install-Module CredentialManager`)
|
|
40
|
-
- Runtime CLIs the pipeline shells out to:
|
|
41
|
-
- `gh` (GitHub CLI) for issue / PR flows
|
|
42
|
-
- `jq` for JSON parsing
|
|
43
|
-
- `python3` (stdlib only, used by the deterministic keychain helper)
|
|
44
|
-
- `bash` 4+
|
|
45
|
-
|
|
46
|
-
The package is **public on npmjs.org** - no auth, no PAT, no `~/.npmrc` setup needed:
|
|
47
|
-
|
|
48
|
-
```bash
|
|
49
|
-
npm view @mmerterden/multi-agent-pipeline version
|
|
50
|
-
# → prints "10.0.0" (or newer)
|
|
51
|
-
```
|
|
52
|
-
|
|
53
|
-
If `npm view` shows a stale version, run `npm cache clean --force` and retry.
|
|
54
|
-
|
|
55
|
-
> **New here?** Worked end-to-end transcripts live in [`examples/`](./examples/) - bug fix from Jira, feature in autopilot, `--dev` fast path, and recovery from a broken run. Read one before you run the pipeline on your own code.
|
|
56
|
-
>
|
|
57
|
-
> **Something broke?** [`docs/recovery-guide.md`](./docs/recovery-guide.md) is the single-page index of every failure mode (triage fallback, worktree collision, state corruption, identity rewind, etc.) and its fix.
|
|
58
|
-
>
|
|
59
|
-
> **Planning breaking changes?** [`ROADMAP.md`](./ROADMAP.md) tracks what's coming and what's been declined.
|
|
10
|
+
Runs natively on Claude Code and Copilot CLI. macOS / Linux / Windows. Zero runtime dependencies.
|
|
60
11
|
|
|
61
12
|
## Quick Start
|
|
62
13
|
|
|
63
|
-
### Option A - Install from source (recommended for development)
|
|
64
|
-
|
|
65
|
-
Clone the repo and run the installer directly - full read access to source files.
|
|
66
|
-
|
|
67
14
|
```bash
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
npm install
|
|
71
|
-
node install.js # Claude Code (default)
|
|
72
|
-
node install.js --copilot # Copilot CLI
|
|
73
|
-
node install.js --all # Both Claude + Copilot
|
|
74
|
-
|
|
75
|
-
node install.js --link # Symlink mode (dev, saves ~10K tokens)
|
|
76
|
-
node install.js --all --dry-run # Preview every operation, write nothing
|
|
77
|
-
|
|
78
|
-
# Token-preserving uninstall (Keychain access tokens NEVER touched)
|
|
79
|
-
node install.js # ...later...
|
|
80
|
-
node pipeline/scripts/uninstall.mjs --dry-run # preview what would be removed
|
|
81
|
-
node pipeline/scripts/uninstall.mjs --yes # remove from every installed target
|
|
82
|
-
|
|
83
|
-
# Optional: expose the CLI globally as 'multi-agent-pipeline'
|
|
84
|
-
npm link
|
|
85
|
-
```
|
|
86
|
-
|
|
87
|
-
**IMPORTANT - run setup before your first task:**
|
|
15
|
+
# from the public registry (no auth)
|
|
16
|
+
npx @mmerterden/multi-agent-pipeline install --all # Claude Code + Copilot CLI
|
|
88
17
|
|
|
18
|
+
# then, once:
|
|
19
|
+
/multi-agent:setup # keychain token scan + git identity + default stack
|
|
89
20
|
```
|
|
90
|
-
/multi-agent:setup
|
|
91
|
-
```
|
|
92
|
-
|
|
93
|
-
This discovers your Keychain tokens (Jira, Bitbucket, GitHub, etc.), sets up your git identity, and maps everything into `~/.claude/multi-agent-preferences.json`. Without this step, the pipeline cannot find your tokens and will ask for them repeatedly.
|
|
94
21
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
### Option B - npx (public registry, no auth)
|
|
22
|
+
Run a task — the input type is auto-detected:
|
|
98
23
|
|
|
99
24
|
```bash
|
|
100
|
-
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
105
|
-
|
|
106
|
-
# Token-preserving uninstall
|
|
107
|
-
npx @mmerterden/multi-agent-pipeline uninstall # interactive, all targets
|
|
108
|
-
npx @mmerterden/multi-agent-pipeline uninstall --dry-run # preview only
|
|
109
|
-
```
|
|
110
|
-
|
|
111
|
-
### Option C - Global install (public registry, no auth)
|
|
112
|
-
|
|
113
|
-
```bash
|
|
114
|
-
npm install -g @mmerterden/multi-agent-pipeline
|
|
115
|
-
multi-agent-pipeline install # same flags apply
|
|
116
|
-
```
|
|
117
|
-
|
|
118
|
-
## Privacy & Telemetry
|
|
119
|
-
|
|
120
|
-
**Opt-in only.** The installer sends nothing by default. If you want to help the
|
|
121
|
-
project by sharing an anonymous install ping, opt in per-install with
|
|
122
|
-
`MULTI_AGENT_TELEMETRY=1`:
|
|
123
|
-
|
|
124
|
-
```bash
|
|
125
|
-
MULTI_AGENT_TELEMETRY=1 node install.js
|
|
126
|
-
# or for npx/global
|
|
127
|
-
MULTI_AGENT_TELEMETRY=1 npx @mmerterden/multi-agent-pipeline install
|
|
128
|
-
```
|
|
129
|
-
|
|
130
|
-
When opted in, the ping includes:
|
|
131
|
-
|
|
132
|
-
- Package name + version
|
|
133
|
-
- Install method (`source`, `npx`, `global`, `npm-install`)
|
|
134
|
-
- Flags passed (e.g. `--copilot`, `--all`)
|
|
135
|
-
- Your GitHub username (via `gh api user` if authenticated) and Git email
|
|
136
|
-
- Hostname, OS, arch, Node version
|
|
137
|
-
|
|
138
|
-
Nothing else is collected. Ping failures are silent - telemetry never blocks or
|
|
139
|
-
slows down the install.
|
|
140
|
-
|
|
141
|
-
## What's new
|
|
142
|
-
|
|
143
|
-
- **v10.4.0** (2026-07-02) - New `/multi-agent:finish` command: continue already-done LOCAL work through the pipeline tail in one shot — parallel review → build+test success gate → commit/push/PR → technical analysis + a Jira comment with test scenarios, without re-developing (phases 1-3 skipped). Pairs with `dev-local`/`local` (which skip Review + Test) or with hand-coded/hand-tested changes. Command inventory 34 → 35.
|
|
144
|
-
- **v10.3.0** (2026-07-02) - Android (Jetpack Compose) parity for the 10.2.0 interaction skills: `figma-navigation` / `figma-overlays` / `figma-bottom-sheets` now carry both a SwiftUI and a Compose section (Navigation Compose; Snackbar/AlertDialog/Dialog + state-driven loading; `ModalBottomSheet`), same emit-intent rules and `ui.*` config hooks on both platforms. Plus a review pass: corrected the `animated-gradient-border` snippet (animate `AngularGradient(angle:)` on a static shape, not `rotationEffect`) and genericized the sheet corner-radius example token.
|
|
145
|
-
- **v10.2.0** (2026-07-02) - Generic SwiftUI interaction coverage for figma-to-swiftui: three new cross-cutting integration skills (`figma-navigation`, `figma-overlays`, `figma-bottom-sheets`) + a reconcile-and-extend workflow (`figma-evolve-component`), all native-SwiftUI-first with an optional per-project `ui.*` config hook (so the same capabilities work on any SwiftUI codebase, no app-specific coupling). Phase 3D dev detection (§1.5.4) and Phase 4 review both consume them; `figma-to-swiftui` accessibility reference enriched with the VoiceOver-minimalism decision tree; new `animated-gradient-border` UI pattern. Figma-common skills 27 → 31, total figma skills 37 → 41.
|
|
146
|
-
- **v10.1.0** (2026-06-20) - Fable 5 retired (no longer available): the five heavy agent personas plus Phase 1 / Phase 2 / Phase 4 reviewer-1 + triage and `--dev` fast mode now route to Opus (top available tier); fallback ladder is `opus -> sonnet`. Per-task cost guard (`costBudget`) now defaults on in warn mode. Token economy: Phase 4 shared cache prefix + single-repo diff cap, Phase 1 light Explore tier for small bugfixes, triage prior-art injection capped.
|
|
147
|
-
- **v10.0.0** (2026-06-12) - quality major driven by a 10-category self-audit + competitive sweep: validator gates wired into phases 1/2/4 (fails closed), Phase 3 code-simplifier diff-shrink pass, Phase 4 lesson memory loop, Phase 2 cross-artifact consistency gate, skill frontmatter linter (repaired 31 SKILL.md), installer `--dry-run` + unknown-flag rejection, timeout-guarded smoke runner, adapter family deduplicated (~490 lines), CI hardening (blocking lint, npm audit, shellcheck), tag-driven npm release automation, CHANGELOG split (310KB -> 40KB).
|
|
148
|
-
- **v9.10.2** (2026-06-11) - live per-phase token narration on completion; tracker mandates per-phase cost lines in the final report.
|
|
149
|
-
- **v9.10.1** (2026-06-11) - Claude Fable 5 fallback contract: date gate, dispatch retry, and budget guard when the Fable tier is unavailable.
|
|
150
|
-
- **v9.10.0** (2026-06-11) - Claude Fable 5 adoption on the Claude Code side: the five heavy agent personas plus Phase 1 / Phase 2 / Phase 4 reviewer-1 + triage and `--dev` fast mode route to `claude-fable-5`; cost ledger gains `fable` pricing and fixes the stale `opus` entry.
|
|
151
|
-
|
|
152
|
-
Full version history lives in [CHANGELOG.md](./CHANGELOG.md) - every release entry is recorded there to avoid drift between the two files.
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
## Troubleshooting
|
|
156
|
-
|
|
157
|
-
### `sh: multi-agent-pipeline: command not found`
|
|
158
|
-
|
|
159
|
-
`npx` couldn't fetch the package. Most common causes:
|
|
160
|
-
|
|
161
|
-
- Network blocked or proxy in front of npmjs.org.
|
|
162
|
-
- Stale npx cache - `npx clear-npx-cache` then retry.
|
|
163
|
-
- Wrong package name (it is `@mmerterden/multi-agent-pipeline`, with the scope).
|
|
164
|
-
|
|
165
|
-
### `npm error code E404` on `registry.npmjs.org`
|
|
166
|
-
|
|
167
|
-
The package wasn't reachable. Quick checks:
|
|
168
|
-
|
|
169
|
-
```bash
|
|
170
|
-
curl -fsSL "https://registry.npmjs.org/@mmerterden/multi-agent-pipeline" | jq -r '."dist-tags".latest'
|
|
171
|
-
# Should print 10.0.0 (or newer)
|
|
172
|
-
```
|
|
173
|
-
|
|
174
|
-
- If this prints a version → your local npm cache is stale; run `npm cache clean --force` and retry.
|
|
175
|
-
- If it 404s → registry outage or scope/package-name typo. Verify the URL hits the JSON above.
|
|
176
|
-
|
|
177
|
-
### Older PAT / GitHub Packages docs
|
|
178
|
-
|
|
179
|
-
Earlier README revisions referenced GitHub Packages with a Classic PAT and `~/.npmrc` setup. The package moved to **public npmjs.org** in v8.6.1; no token, no `~/.npmrc` line is needed. If you set one up previously, you can leave it - it just won't be consulted.
|
|
180
|
-
|
|
181
|
-
## Tool support
|
|
182
|
-
|
|
183
|
-
The pipeline runs natively on **Claude Code** and **Copilot CLI** — the two CLIs it targets. Both install from the same `pipeline/skills/` source and get identical skill coverage.
|
|
184
|
-
|
|
185
|
-
| Tool | Install Flag | How It Works |
|
|
186
|
-
| --- | --- | --- |
|
|
187
|
-
| **Claude Code** | `--claude` (default) | Native: slash commands + shared + figma skills + agents + rules + scripts |
|
|
188
|
-
| **Copilot CLI** | `--copilot` | Native: instructions + shared + figma skills + scripts |
|
|
189
|
-
|
|
190
|
-
Skill tree:
|
|
191
|
-
|
|
192
|
-
- `pipeline/skills/shared/core/` - **orchestration skills** (`multi-agent-*` dash-form mirrors of the colon-form slash commands + compliance skills + orchestrator)
|
|
193
|
-
- `pipeline/skills/shared/external/` - **curated iOS / Android / generic guidance skills** (SwiftUI, Jetpack Compose, testing, performance, security, etc.) — also distributed as versioned marketplace plugins in `mmerterden/multi-agent-plugins`
|
|
194
|
-
- `pipeline/skills/figma-ios/` + `pipeline/skills/figma-android/` - **platform-specific Phase 3 sub-skills** (SwiftUI and Jetpack Compose code generation)
|
|
195
|
-
- `pipeline/skills/figma-common/` - **platform-agnostic Figma helpers** (iterate, commit, wiki setup, MCP auth, performance harness)
|
|
196
|
-
|
|
197
|
-
Filter the skill set by stack with `--platform=ios|android|all`. Both CLIs also receive the same `pipeline/scripts/` tree so single-CLI installs stay self-contained.
|
|
198
|
-
|
|
199
|
-
### Uninstall (token-preserving)
|
|
200
|
-
|
|
201
|
-
```bash
|
|
202
|
-
npx @mmerterden/multi-agent-pipeline uninstall # interactive, all installed targets
|
|
203
|
-
npx @mmerterden/multi-agent-pipeline uninstall --dry-run # preview, zero side effects
|
|
204
|
-
```
|
|
205
|
-
|
|
206
|
-
Personal access tokens stored in macOS Keychain / Windows Credential Manager / Linux libsecret are **never touched** by the uninstaller. Smoke tests enforce this with a static check that fails the build if the script ever references a credential-store deletion API.
|
|
207
|
-
|
|
208
|
-
## Pipeline Phases
|
|
209
|
-
|
|
210
|
-
```
|
|
211
|
-
Phase 0: Init - Project selection, branch setup, identity, worktree
|
|
212
|
-
Phase 1: Analysis - Stack detection, codebase exploration
|
|
213
|
-
Phase 2: Planning - Task decomposition, architecture review, user approval
|
|
214
|
-
Phase 3: Dev - TDD cycle: test → code → build
|
|
215
|
-
Phase 4: Review - Deterministic gates + parallel review + Opus triage
|
|
216
|
-
• Claude Code → Opus + Sonnet (2 paralel)
|
|
217
|
-
• Copilot CLI → GPT-5.4 + Opus + Sonnet (3 paralel)
|
|
218
|
-
Phase 5: Test - Optional manual testing + MCP device audits (on-demand)
|
|
219
|
-
Phase 6: Commit - Pre-commit local checkout prompt, git commit, push, PR creation
|
|
220
|
-
Phase 7: Report - External: Jira comment · Wiki + Figma screenshots · Confluence
|
|
221
|
-
Internal: Log · Knowledge + memory capture
|
|
222
|
-
```
|
|
223
|
-
|
|
224
|
-
### Full Pipeline Flow
|
|
225
|
-
|
|
226
|
-
```mermaid
|
|
227
|
-
flowchart TD
|
|
228
|
-
INPUT["🎯 <b>User Input</b><br/>Issue # · Jira URL · Free-text · jira · issue"]
|
|
229
|
-
|
|
230
|
-
subgraph SETUP ["Setup"]
|
|
231
|
-
P0["<b>Phase 0: Init</b><br/>Project detect · Worktree<br/>Branch · Identity · Task type"]
|
|
232
|
-
P1["<b>Phase 1: Analysis</b><br/>Parallel Explore agents<br/>Stack detection · Guide load"]
|
|
233
|
-
P2["<b>Phase 2: Planning</b><br/>Task decompose<br/>Architect review · User approval"]
|
|
234
|
-
end
|
|
235
|
-
|
|
236
|
-
subgraph DEVELOP ["Development"]
|
|
237
|
-
P3["<b>Phase 3: Dev</b><br/>🔴 RED: test<br/>🟢 GREEN: implement<br/>🔵 REFACTOR · Build pass"]
|
|
238
|
-
end
|
|
239
|
-
|
|
240
|
-
subgraph REVIEW ["Review"]
|
|
241
|
-
R1["<b>Opus</b><br/>Security<br/>Architecture"]
|
|
242
|
-
R2["<b>GPT-5.4</b><br/>Quality<br/>Edge cases"]
|
|
243
|
-
R3["<b>Sonnet</b><br/>Correctness<br/>Style"]
|
|
244
|
-
TRIAGE["<b>Opus Triage</b><br/>Filter noise · Deduplicate<br/>Forward actionable only"]
|
|
245
|
-
end
|
|
246
|
-
|
|
247
|
-
subgraph DELIVER ["Delivery"]
|
|
248
|
-
P5["<b>Phase 5: Test</b><br/>Manual test<br/>Device audits (on-demand)"]
|
|
249
|
-
P6["<b>Phase 6: Commit</b><br/>Secret scan · Commit<br/>Push · PR create"]
|
|
250
|
-
P7["<b>Phase 7: Report</b>"]
|
|
251
|
-
subgraph REPORT ["Phase 7 sub-steps"]
|
|
252
|
-
direction LR
|
|
253
|
-
H1["Jira comment<br/>(analysis + tests)"]
|
|
254
|
-
H2["Wiki + Figma<br/>screenshots"]
|
|
255
|
-
H3["Confluence<br/>(optional)"]
|
|
256
|
-
H4["Report · Log"]
|
|
257
|
-
H5["Knowledge +<br/>memory capture"]
|
|
258
|
-
end
|
|
259
|
-
P7 --> H1 --> H2 --> H3 --> H4 --> H5
|
|
260
|
-
end
|
|
261
|
-
|
|
262
|
-
INPUT --> P0
|
|
263
|
-
P0 --> P1
|
|
264
|
-
P1 --> P2
|
|
265
|
-
P2 --> P3
|
|
266
|
-
P3 --> R1 & R2 & R3
|
|
267
|
-
R1 & R2 & R3 --> TRIAGE
|
|
268
|
-
TRIAGE -->|"✅ Approved"| P5
|
|
269
|
-
TRIAGE -->|"🔧 Fix needed (≤3x)"| P3
|
|
270
|
-
P5 --> P6
|
|
271
|
-
P6 --> P7
|
|
272
|
-
|
|
273
|
-
style INPUT fill:#818cf8,stroke:#6366f1,color:#fff
|
|
274
|
-
style P3 fill:#fbbf24,stroke:#f59e0b,color:#000
|
|
275
|
-
style TRIAGE fill:#38bdf8,stroke:#0ea5e9,color:#000
|
|
276
|
-
style P7 fill:#4ade80,stroke:#22c55e,color:#000
|
|
277
|
-
style H1 fill:#fde68a,stroke:#f59e0b,color:#000
|
|
278
|
-
style H2 fill:#c084fc,stroke:#a855f7,color:#000
|
|
279
|
-
style H3 fill:#bae6fd,stroke:#0ea5e9,color:#000
|
|
280
|
-
```
|
|
281
|
-
|
|
282
|
-
### Operating Modes
|
|
283
|
-
|
|
284
|
-
```mermaid
|
|
285
|
-
flowchart LR
|
|
286
|
-
subgraph NORMAL ["Normal (Full 8-phase)"]
|
|
287
|
-
direction LR
|
|
288
|
-
N0[Init] --> N1[Analysis] --> N2[Planning] --> N3[Dev] --> N4[Review] --> N5[Test] --> N6[Commit] --> N7[Report]
|
|
289
|
-
end
|
|
290
|
-
|
|
291
|
-
subgraph DEV ["--dev (Fast, Opus)"]
|
|
292
|
-
direction LR
|
|
293
|
-
D0[Init] --> D3["Dev<br/>(Opus)"] --> D6[Commit] --> D7[Report]
|
|
294
|
-
end
|
|
295
|
-
|
|
296
|
-
subgraph AUTO ["autopilot (No confirmations)"]
|
|
297
|
-
direction LR
|
|
298
|
-
A0[Init] --> A1[Analysis] --> A2[Planning] --> A3[Dev] --> A4[Review] --> A6[Commit] --> A7[Report]
|
|
299
|
-
end
|
|
300
|
-
|
|
301
|
-
subgraph FAST ["--dev autopilot (Fastest)"]
|
|
302
|
-
direction LR
|
|
303
|
-
F0[Init] --> F3["Dev<br/>(Opus)"] --> F6["Commit<br/>(auto)"] --> F7[Report]
|
|
304
|
-
end
|
|
305
|
-
|
|
306
|
-
style D3 fill:#fbbf24,stroke:#f59e0b,color:#000
|
|
307
|
-
style F3 fill:#fbbf24,stroke:#f59e0b,color:#000
|
|
308
|
-
style F6 fill:#4ade80,stroke:#22c55e,color:#000
|
|
309
|
-
```
|
|
310
|
-
|
|
311
|
-
### Review Architecture (Phase 4)
|
|
312
|
-
|
|
313
|
-
```mermaid
|
|
314
|
-
flowchart TD
|
|
315
|
-
DIFF["📝 Code Diff"]
|
|
316
|
-
|
|
317
|
-
DIFF --> OPUS["<b>Opus</b><br/>🔒 Security · Architecture<br/>Data flow · Auth"]
|
|
318
|
-
DIFF --> GPT["<b>GPT-5.4</b><br/>✨ Code quality · Edge cases<br/>Error paths · Logic"]
|
|
319
|
-
DIFF --> SON["<b>Sonnet</b><br/>✅ Correctness · Best practices<br/>Naming · Style"]
|
|
320
|
-
|
|
321
|
-
OPUS --> TRIAGE
|
|
322
|
-
GPT --> TRIAGE
|
|
323
|
-
SON --> TRIAGE
|
|
324
|
-
|
|
325
|
-
TRIAGE["<b>Opus Triage</b><br/>Deduplicate findings<br/>Filter false-positives<br/>Reject out-of-scope<br/>Classify severity"]
|
|
326
|
-
|
|
327
|
-
TRIAGE -->|"✅ PASS"| NEXT["Phase 5: Test"]
|
|
328
|
-
TRIAGE -->|"🔧 FIX_REQUIRED"| BACK["Phase 3: Dev<br/>(retry ≤3x)"]
|
|
329
|
-
|
|
330
|
-
style DIFF fill:#818cf8,stroke:#6366f1,color:#fff
|
|
331
|
-
style TRIAGE fill:#38bdf8,stroke:#0ea5e9,color:#000
|
|
332
|
-
style NEXT fill:#4ade80,stroke:#22c55e,color:#000
|
|
333
|
-
style BACK fill:#f87171,stroke:#ef4444,color:#000
|
|
25
|
+
/multi-agent "PROJ-1234" # Jira id → fetch, plan, build
|
|
26
|
+
/multi-agent "https://github.com/org/repo/issues/42" # GitHub issue URL
|
|
27
|
+
/multi-agent "my-app#42" # repo + issue number
|
|
28
|
+
/multi-agent "fix dark-mode contrast on LoginView" # free-text bug/feature
|
|
29
|
+
/multi-agent:jira # browse your open Jira issues → pick
|
|
30
|
+
/multi-agent:issue # browse unassigned GitHub issues → pick
|
|
334
31
|
```
|
|
335
32
|
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
When `figmaConfigPath` is set in project preferences, Phase 3 dispatches the Figma-to-SwiftUI pipeline instead of standard TDD:
|
|
339
|
-
|
|
340
|
-
```mermaid
|
|
341
|
-
flowchart TD
|
|
342
|
-
P3["<b>Phase 3: Dev</b>"]
|
|
343
|
-
|
|
344
|
-
P3 -->|default| TDD["<b>Standard TDD</b><br/>RED → GREEN → REFACTOR → build"]
|
|
345
|
-
P3 -->|"figmaConfigPath set"| FIG
|
|
346
|
-
|
|
347
|
-
subgraph FIG ["Figma-to-SwiftUI Pipeline (17 SubPhases)"]
|
|
348
|
-
direction TB
|
|
349
|
-
|
|
350
|
-
subgraph INIT_G ["Init + Gather"]
|
|
351
|
-
S0["3.0 Init<br/>Parse URL · Branch · Assign"]
|
|
352
|
-
S1["3.1 Gather<br/>Fetch design context"]
|
|
353
|
-
end
|
|
354
|
-
|
|
355
|
-
subgraph PREP ["Preparation (parallel)"]
|
|
356
|
-
S2A["3.2A TestingIDs"]
|
|
357
|
-
S2B["3.2B Localization"]
|
|
358
|
-
S2C["3.2C Accessibility"]
|
|
359
|
-
S2D["3.2D Analytics"]
|
|
360
|
-
end
|
|
361
|
-
|
|
362
|
-
S3["3.3 Token Mapping<br/>Figma values → design tokens"]
|
|
363
|
-
|
|
364
|
-
subgraph IMPL ["Implementation (sequential)"]
|
|
365
|
-
S4A["3.4A Config"]
|
|
366
|
-
S4B["3.4B View"]
|
|
367
|
-
S4C["3.4C Docs"]
|
|
368
|
-
S4D["3.4D Preview"]
|
|
369
|
-
S4E["3.4E Modifiers"]
|
|
370
|
-
S4F["3.4F Wiki"]
|
|
371
|
-
end
|
|
372
|
-
|
|
373
|
-
subgraph TEST_G ["Testing"]
|
|
374
|
-
S5A["3.5A ViewInspector"]
|
|
375
|
-
S5B["3.5B Snapshot"]
|
|
376
|
-
S5C["3.5C Unit"]
|
|
377
|
-
end
|
|
378
|
-
|
|
379
|
-
S6["3.6 CodeConnect<br/>Figma ↔ code link"]
|
|
380
|
-
|
|
381
|
-
S0 --> S1
|
|
382
|
-
S1 --> S2A & S2B & S2C & S2D
|
|
383
|
-
S2A & S2B & S2C & S2D --> S3
|
|
384
|
-
S3 --> S4A --> S4B --> S4C --> S4D --> S4E --> S4F
|
|
385
|
-
S4F --> S5A --> S5B --> S5C
|
|
386
|
-
S5C --> S6
|
|
387
|
-
end
|
|
388
|
-
|
|
389
|
-
style P3 fill:#fbbf24,stroke:#f59e0b,color:#000
|
|
390
|
-
style TDD fill:#4ade80,stroke:#22c55e,color:#000
|
|
391
|
-
style S3 fill:#818cf8,stroke:#6366f1,color:#fff
|
|
392
|
-
style S6 fill:#c084fc,stroke:#a855f7,color:#000
|
|
393
|
-
```
|
|
394
|
-
|
|
395
|
-
### Ecosystem Architecture
|
|
33
|
+
Every input runs the same short intake — **account → (repo) → maturity check → dev-context** — then enters Phase 0. A Jira id or GitHub URL is fetched and maturity-checked *before* any code is written; free-text skips the fetch and goes straight to planning. Multi-repo tasks add extra repos at the dev-context step.
|
|
396
34
|
|
|
397
|
-
|
|
398
|
-
flowchart TD
|
|
399
|
-
CC["<b>Claude Code</b><br/>(Source of Truth)<br/><br/>~/.claude/commands/<br/>~/.claude/agents/<br/>~/.claude/scripts/"]
|
|
35
|
+
Add `autopilot` to skip confirmations, `--dev` for the fast dev-only path, or `--local` to work on the current branch without a worktree (e.g. `/multi-agent:autopilot "PROJ-1234"`).
|
|
400
36
|
|
|
401
|
-
|
|
402
|
-
CC -->|"genericized pipeline/"| REPO["<b>Pipeline Repo</b><br/>@mmerterden/<br/>multi-agent-pipeline"]
|
|
403
|
-
CC -.->|"optional"| WEB["<b>Website</b><br/>(your docs site)"]
|
|
404
|
-
CC -.->|"optional"| RC["<b>Remote Control</b><br/>(your dashboard)"]
|
|
37
|
+
Update later with `/multi-agent:update`. Uninstall (tokens preserved) with `npx @mmerterden/multi-agent-pipeline uninstall`.
|
|
405
38
|
|
|
406
|
-
|
|
407
|
-
WEB -->|"auto-deploy"| VERCEL["Vercel"]
|
|
408
|
-
|
|
409
|
-
style CC fill:#818cf8,stroke:#6366f1,color:#fff
|
|
410
|
-
style REPO fill:#fbbf24,stroke:#f59e0b,color:#000
|
|
411
|
-
style NPM fill:#4ade80,stroke:#22c55e,color:#000
|
|
412
|
-
style WEB fill:#38bdf8,stroke:#0ea5e9,color:#000
|
|
413
|
-
```
|
|
39
|
+
## How it works
|
|
414
40
|
|
|
415
|
-
|
|
41
|
+
One command runs 8 phases, with a gate between the risky ones:
|
|
416
42
|
|
|
417
|
-
|
|
418
|
-
|
|
419
|
-
|
|
420
|
-
|
|
421
|
-
/
|
|
422
|
-
|
|
423
|
-
|
|
424
|
-
|
|
425
|
-
/multi-agent:autopilot "MOBILE-12345" # Skip confirmations
|
|
426
|
-
/multi-agent:dev-autopilot "MOBILE-12345" # Zero interaction
|
|
427
|
-
|
|
428
|
-
# Helper commands
|
|
429
|
-
/multi-agent:status # List all tasks
|
|
430
|
-
/multi-agent:log 1 # Show task log
|
|
431
|
-
/multi-agent:resume 1 # Resume stopped task
|
|
432
|
-
/multi-agent:kill 1 # Delete task worktree
|
|
433
|
-
/multi-agent:review # Review current diff
|
|
434
|
-
/multi-agent:setup # Token + identity onboarding (asks promptLanguage + outputLanguage)
|
|
435
|
-
/multi-agent:language tr # Toggle pipeline languages (en / tr per axis)
|
|
436
|
-
/multi-agent:test # UI Bug Hunter
|
|
437
|
-
/multi-agent:channels "PR-url" # Post report (Jira / Confluence / Wiki / PR)
|
|
438
|
-
/multi-agent:search "query" # Full-text log search
|
|
439
|
-
/multi-agent:scan # Skill security scan
|
|
440
|
-
/multi-agent:refactor # Refactor planner
|
|
441
|
-
/multi-agent:update # Update pipeline
|
|
442
|
-
/multi-agent:sync # Sync ecosystem
|
|
443
|
-
/multi-agent:purge # Full reset (double-confirm)
|
|
444
|
-
|
|
445
|
-
# Flag syntax (equivalent to dedicated commands above)
|
|
446
|
-
/multi-agent "MOBILE-12345" --dev # same as :dev
|
|
447
|
-
/multi-agent "MOBILE-12345" --dev autopilot # same as :dev-autopilot
|
|
448
|
-
```
|
|
449
|
-
|
|
450
|
-
### Copilot CLI (Lite Mode)
|
|
451
|
-
|
|
452
|
-
Same pipeline logic, invoked via dash syntax (`multi-agent-*`).
|
|
453
|
-
|
|
454
|
-
```bash
|
|
455
|
-
# Pipeline tasks
|
|
456
|
-
multi-agent "MOBILE-12345" # Jira issue
|
|
457
|
-
multi-agent "#42" # GitHub issue
|
|
458
|
-
multi-agent "Fix dark mode colors in LoginView" # Free-text
|
|
459
|
-
multi-agent-dev "MOBILE-12345" # Fast mode (Opus)
|
|
460
|
-
multi-agent-autopilot "MOBILE-12345" # Skip confirmations
|
|
461
|
-
multi-agent-dev-autopilot "MOBILE-12345" # Zero interaction
|
|
462
|
-
|
|
463
|
-
# Helper commands
|
|
464
|
-
multi-agent-status # List all tasks
|
|
465
|
-
multi-agent-log 1 # Show task log
|
|
466
|
-
multi-agent-resume 1 # Resume stopped task
|
|
467
|
-
multi-agent-kill 1 # Delete task worktree
|
|
468
|
-
multi-agent-review # Review current diff
|
|
469
|
-
multi-agent-setup # Token + identity onboarding
|
|
470
|
-
multi-agent-test # UI Bug Hunter
|
|
471
|
-
multi-agent-channels "PR-url" # Post report (Jira / Confluence / Wiki / PR)
|
|
472
|
-
multi-agent-search "query" # Full-text log search
|
|
473
|
-
multi-agent-scan # Skill security scan
|
|
474
|
-
multi-agent-refactor # Refactor planner
|
|
475
|
-
multi-agent-update # Update pipeline
|
|
476
|
-
multi-agent-sync # Sync ecosystem
|
|
477
|
-
multi-agent-purge # Full reset (double-confirm)
|
|
478
|
-
```
|
|
43
|
+
- **0 · Init** — parse the input (Jira id / GitHub URL / free text), pick account + repo(s), fetch the issue, run a maturity check.
|
|
44
|
+
- **1 · Analysis** — detect the stack, scan the codebase, map impact (Opus).
|
|
45
|
+
- **2 · Plan** — write a task breakdown and **stop for your approval** before touching code.
|
|
46
|
+
- **3 · Dev** — TDD: failing test → code → green, following the repo's style + the active stack skills.
|
|
47
|
+
- **4 · Review** — deterministic gates (build / lint / test / secret-scan) must pass first, then a **CLI-aware parallel review** — Claude Code runs 2 models (Fable + Sonnet), Copilot CLI runs 3 (GPT-5.4 + Opus + Sonnet) — and a **Fable triage** keeps only actionable findings; blockers loop back to Phase 3.
|
|
48
|
+
- **5 · Test** — build + run the suite; success is required (no faked passes).
|
|
49
|
+
- **6 · Commit/PR** — conventional commit, push (must succeed), open a PR (`Ref: #N`, never auto-close).
|
|
50
|
+
- **7 · Report** — technical summary + a Jira comment with test scenarios, posted through the channels layer.
|
|
479
51
|
|
|
480
|
-
|
|
481
|
-
|
|
482
|
-
| Platform | Detection | Guide Loaded |
|
|
483
|
-
| ----------------------------- | -------------------------------------------- | ----------------------- |
|
|
484
|
-
| **iOS/Swift** | `.xcodeproj`, `Package.swift` | SwiftUI Component Guide |
|
|
485
|
-
| **Android/Kotlin** | `build.gradle`, `build.gradle.kts` | Jetpack Compose Guide |
|
|
486
|
-
| **Backend** (Python/Node/Go) | `requirements.txt`, `package.json`, `go.mod` | Backend API Guide |
|
|
487
|
-
| **Frontend** (React/Vue/Next) | `package.json` + framework detection | Frontend Guide |
|
|
488
|
-
|
|
489
|
-
Stack is auto-detected. Build commands, test runners, lint tools, and review focus areas all adapt automatically.
|
|
52
|
+
Under the hood: each task runs in its own **git worktree** (or the current branch with `:local`), commits use the **git identity routed from the repo's origin URL**, and **multi-repo** tasks get per-repo worktrees plus an integration build. Tokens stay in the OS keychain; nothing is committed or logged. `/multi-agent:review` can also review an existing GitHub/Bitbucket PR — per-finding inline comments anchored to `file:line` + an explicit Approve / Needs-Work state.
|
|
490
53
|
|
|
491
54
|
## Modes
|
|
492
55
|
|
|
493
|
-
| Mode |
|
|
494
|
-
|
|
495
|
-
|
|
|
496
|
-
|
|
|
497
|
-
|
|
|
498
|
-
|
|
|
499
|
-
|
|
|
500
|
-
| Test | `/multi-agent:test` | `multi-agent-test` | UI Bug Hunter - visual + accessibility |
|
|
501
|
-
| Channels | `/multi-agent:channels <target>` | `multi-agent-channels <target>` | Post report to Jira / Confluence / Wiki / PR (multi-select, humanizer pass, reviewer-preserving) |
|
|
502
|
-
| Stack | `/multi-agent:stack ios` | `multi-agent-stack ios` | Select stack by enabling the matching marketplace plugin(s) |
|
|
503
|
-
| Language | `/multi-agent:language [prompt\|output] <en\|tr>` | `multi-agent-language [prompt\|output] <en\|tr>` | Toggle `promptLanguage` (interactive prompts) and/or `outputLanguage` (assistant explanations). External payloads stay English. |
|
|
504
|
-
|
|
505
|
-
## UI Bug Hunter + Audit Tools
|
|
506
|
-
|
|
507
|
-
Automated visual testing and compliance audits. Requires the mobile MCP server.
|
|
508
|
-
|
|
509
|
-
```bash
|
|
510
|
-
# Claude Code # Copilot CLI
|
|
511
|
-
/multi-agent:test # multi-agent-test
|
|
512
|
-
/multi-agent:test "dark mode" # multi-agent-test "dark mode"
|
|
513
|
-
/multi-agent:test "accessibility" # multi-agent-test "accessibility"
|
|
514
|
-
/multi-agent:test "dynamic type" # multi-agent-test "dynamic type"
|
|
515
|
-
/multi-agent:test "store-ready" # multi-agent-test "store-ready"
|
|
516
|
-
/multi-agent:test "biometric" # multi-agent-test "biometric"
|
|
517
|
-
/multi-agent:test "performance" # multi-agent-test "performance"
|
|
518
|
-
```
|
|
519
|
-
|
|
520
|
-
### How Audit Tools Work
|
|
56
|
+
| Mode | Command | Flow |
|
|
57
|
+
|---|---|---|
|
|
58
|
+
| Full | `/multi-agent "task"` | All 8 phases, interactive |
|
|
59
|
+
| Autopilot | `/multi-agent:autopilot "task"` | All 8 phases, no confirmations |
|
|
60
|
+
| Dev | `/multi-agent:dev "task"` | Init → Dev → Commit → Report |
|
|
61
|
+
| Local | `/multi-agent:local "task"` | Full pipeline, current branch (no worktree) |
|
|
62
|
+
| Finish | `/multi-agent:finish` | Run the review→test→commit→report tail over local work |
|
|
521
63
|
|
|
522
|
-
|
|
64
|
+
Helpers: `setup`, `status`, `resume #N`, `review`, `test`, `channels`, `stack`, `update`, `sync`, `jira`, `issue`, `analysis`. Full list: `/multi-agent:help`.
|
|
523
65
|
|
|
524
|
-
|
|
525
|
-
| --------------------- | ------------------------------------------------------ | ---------------------------- | ----------------------- |
|
|
526
|
-
| iOS Accessibility | Missing labels, small tap targets | `swift ui-tree-dumper.swift` | Phase 5 - user requests |
|
|
527
|
-
| Android Accessibility | Missing contentDescription, small touch targets | `adb shell uiautomator dump` | Phase 5 - user requests |
|
|
528
|
-
| iOS Biometric | Face ID / Touch ID success/failure | `xcrun simctl keychain` | Phase 5 - auth flow |
|
|
529
|
-
| Android Launch Time | Cold start time (ms) | `adb shell am start -W` | Phase 5 - performance |
|
|
530
|
-
| iOS Archive | App Store compliance: signing, debug tools, privacy | `codesign`, `plutil`, `nm` | Phase 6 - release |
|
|
531
|
-
| Android APK | Play Store compliance: target SDK, debuggable, signing | `aapt2`, `apksigner` | Phase 6 - release |
|
|
66
|
+
## Stacks
|
|
532
67
|
|
|
533
|
-
|
|
534
|
-
|
|
535
|
-
**No external dependencies** - only standard Xcode CLI tools (iOS) and Android SDK (Android). Platform guides include **compliance rules** that map 1:1 to audit checks - follow the guide, pass the audit.
|
|
536
|
-
|
|
537
|
-
## Stack Selection (marketplace plugins)
|
|
538
|
-
|
|
539
|
-
Stack skills ship as versioned plugins in the `{owner}/multi-agent-plugins` marketplace. Selecting a stack **enables the matching plugin(s)** in the repo's `.claude/settings.json` `enabledPlugins` — the stack toolkit plus `ai-common-engineering-toolkit` (cross-stack skills). This replaced the old `stack-swap.sh` mechanic (which physically moved skill directories on a SessionStart hook); enablement is now declarative, per-repo, and versioned.
|
|
68
|
+
Stack skills ship as versioned plugins in the [`mmerterden/multi-agent-plugins`](https://github.com/mmerterden/multi-agent-plugins) marketplace. Select a stack per-repo:
|
|
540
69
|
|
|
541
70
|
```bash
|
|
542
|
-
#
|
|
543
|
-
/multi-agent:stack multi-agent-stack # show enabled plugins
|
|
544
|
-
/multi-agent:stack ios multi-agent-stack ios # SwiftUI toolkit + common
|
|
545
|
-
/multi-agent:stack android multi-agent-stack android # Compose toolkit + common
|
|
546
|
-
/multi-agent:stack backend multi-agent-stack backend # Python/Node toolkit + common
|
|
547
|
-
/multi-agent:stack frontend multi-agent-stack frontend # React/TSX toolkit + common
|
|
548
|
-
/multi-agent:stack mobile multi-agent-stack mobile # iOS + Android + common
|
|
549
|
-
/multi-agent:stack all multi-agent-stack all # all four toolkits + common
|
|
71
|
+
/multi-agent:stack ios # or android / frontend / backend / mobile / all
|
|
550
72
|
```
|
|
551
73
|
|
|
552
|
-
|
|
553
|
-
|
|
554
|
-
## Setup
|
|
74
|
+
This enables the matching plugin (+ the shared `ai-common` plugin) in the repo's `.claude/settings.json`. Phase 1 auto-detects the stack for routing. New repos default to iOS.
|
|
555
75
|
|
|
556
|
-
|
|
557
|
-
# 1. Install pipeline
|
|
558
|
-
npx @mmerterden/multi-agent-pipeline install --all
|
|
559
|
-
|
|
560
|
-
# 2. Configure
|
|
561
|
-
/multi-agent:setup # Claude Code
|
|
562
|
-
multi-agent-setup # Copilot CLI
|
|
563
|
-
# -> Jira project key (e.g., MOBILE, APP, ENG)
|
|
564
|
-
# -> Git identity (name + email)
|
|
565
|
-
# -> Keychain token scan + mapping
|
|
566
|
-
|
|
567
|
-
# That's it! Pipeline works standalone - no additional dependencies needed.
|
|
568
|
-
```
|
|
569
|
-
|
|
570
|
-
## Hooks & Context Management
|
|
571
|
-
|
|
572
|
-
Pipeline includes automated safety hooks and session optimization, configured during installation.
|
|
573
|
-
|
|
574
|
-
### Pre-Commit Secret Detection
|
|
575
|
-
|
|
576
|
-
A `PreToolUse` hook runs before every `git commit`, scanning staged files for:
|
|
577
|
-
|
|
578
|
-
- Hardcoded API keys, tokens, secrets
|
|
579
|
-
- AWS access keys (`AKIA...`)
|
|
580
|
-
- Private keys (RSA/EC/DSA/OPENSSH)
|
|
581
|
-
- `.env` files and credentials files
|
|
582
|
-
- Firebase/GCP service account JSON
|
|
583
|
-
|
|
584
|
-
If secrets are found, the commit is **blocked** with a clear message.
|
|
585
|
-
|
|
586
|
-
### Context Management
|
|
587
|
-
|
|
588
|
-
`CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=65` triggers context compaction at 65% usage instead of the default ~80%. This prevents performance degradation in long 8-phase pipeline sessions.
|
|
589
|
-
|
|
590
|
-
### Local CI (pre-push)
|
|
591
|
-
|
|
592
|
-
**CI is local-only** via the `pre-push` git hook (no GitHub Actions).
|
|
593
|
-
Run the full gate manually anytime, or wire the hook to run it on every `git push`:
|
|
594
|
-
|
|
595
|
-
```bash
|
|
596
|
-
# One-off check
|
|
597
|
-
bash pipeline/scripts/pre-push-check.sh
|
|
598
|
-
|
|
599
|
-
# Install as a git hook - runs automatically on `git push`
|
|
600
|
-
ln -sf ../../pipeline/scripts/pre-push-check.sh .git/hooks/pre-push
|
|
601
|
-
chmod +x .git/hooks/pre-push
|
|
602
|
-
```
|
|
603
|
-
|
|
604
|
-
Runs unit tests, smoke suites, eval fixtures, schema validation, and lint - the same gate that used to run in CI. Bypass only in emergencies with
|
|
605
|
-
`git push --no-verify`.
|
|
606
|
-
|
|
607
|
-
### Scripts
|
|
608
|
-
|
|
609
|
-
| Script | Purpose |
|
|
610
|
-
| ---------------------- | ------------------------------------------------ |
|
|
611
|
-
| `pre-commit-check.sh` | Secret detection before commits |
|
|
612
|
-
| `build-stack-plugins.mjs` | Rebuild stack plugins from `shared/external`, bump changed plugin versions |
|
|
613
|
-
| `keychain-save.sh` | Save tokens/JSON to macOS Keychain (interactive) |
|
|
614
|
-
| `keychain.py` | Deterministic Python Keychain helper (get/set/delete/list/doctor); shell driver auto-delegates on macOS/Linux |
|
|
615
|
-
| `github-ssh-setup.sh` | GitHub SSH key generation + config |
|
|
616
|
-
| `ui-tree-dumper.swift` | iOS accessibility tree dumper for audits |
|
|
617
|
-
|
|
618
|
-
All scripts are installed to `~/.claude/scripts/` during setup.
|
|
619
|
-
|
|
620
|
-
## Platform Support
|
|
621
|
-
|
|
622
|
-
| Tier | Platform | Requirements |
|
|
623
|
-
| --------- | --------------------- | ----------------------------------------------------------- |
|
|
624
|
-
| Primary | macOS 13+ | Keychain-backed token storage, `xcodebuild`, `xcrun simctl` |
|
|
625
|
-
| Primary | Linux (Ubuntu 22.04+) | Token storage via env vars / `gh auth`; no Xcode features |
|
|
626
|
-
| Secondary | Windows (WSL2) | Same as Linux; Xcode features unavailable |
|
|
627
|
-
|
|
628
|
-
Node.js 18+ required everywhere. Git 2.38+ (for `git worktree` improvements) recommended.
|
|
629
|
-
|
|
630
|
-
## Testing
|
|
631
|
-
|
|
632
|
-
```bash
|
|
633
|
-
npm test
|
|
634
|
-
```
|
|
635
|
-
|
|
636
|
-
Runs **~1,300 assertions** across four layers:
|
|
76
|
+
## Tool support
|
|
637
77
|
|
|
638
|
-
|
|
639
|
-
| ----------------- | ------------------------------ | -------------------------------------------------------- |
|
|
640
|
-
| Node unit tests | 92 tests across 19 suites | CLI routing, install helpers, settings.json hooks, security |
|
|
641
|
-
| Smoke suites | 73 scripts, ~1,210 assertions | End-to-end contract tests for every script and phase doc |
|
|
642
|
-
| Eval fixtures | 11 adversarial cases + 2 golden tasks | Semantic regression for triage classification + full pipeline replay |
|
|
643
|
-
| Schema validation | 13 schemas | Structural integrity of JSON schemas |
|
|
78
|
+
The pipeline runs natively on **Claude Code** and **Copilot CLI** — both install from the same `pipeline/skills/` source and get identical coverage.
|
|
644
79
|
|
|
645
|
-
|
|
80
|
+
| Tool | Flag | Notes |
|
|
81
|
+
|---|---|---|
|
|
82
|
+
| Claude Code | `--claude` (default) | slash commands + skills + agents + `PreToolUse` secret-scan hook |
|
|
83
|
+
| Copilot CLI | `--copilot` | instructions + skills + scripts |
|
|
646
84
|
|
|
647
|
-
|
|
85
|
+
Filter skills by stack with `--platform=ios\|android\|all`.
|
|
648
86
|
|
|
649
|
-
|
|
87
|
+
## Tokens & integrations
|
|
650
88
|
|
|
651
|
-
|
|
652
|
-
2. **CLI-aware parallel review + Opus triage** - Opus (security/architecture) + Sonnet (quality/correctness) run in parallel on Claude Code (2-model); Copilot CLI adds GPT-5.4 (edge cases/different perspective) for a 3-model set. A single Opus triage pass filters false-positives, rejects out-of-scope findings, and forwards only actionable items to Phase 3. Reviewer noise never auto-triggers rework.
|
|
653
|
-
3. **Bitbucket / GitHub PR automation** with default reviewers auto-injected, draft/ready prompt, body preservation (no literal `\n`, no HTML entities).
|
|
654
|
-
4. **`channels` command** posts task reports to Jira / Confluence / Wiki / PR with multi-select channel + content. Humanizer pass per-channel, reviewer-preserving Bitbucket PR PUT. Phase 7 delegates; also invocable post-hoc for fixes made outside the pipeline.
|
|
655
|
-
5. **Deterministic safety gates + pre-commit local-checkout prompt + runtime triage validator**: pre-commit secret scan (PreToolUse hook), xcodebuild lock queue, 3-iteration hard-kill on retry loops, "checkout locally and test before commit?" Phase 6 prompt, and a zero-dep Node validator that gates Phase 4 triage output on real exit codes - no longer just markdown guidance. Includes telemetry (metrics.jsonl + aggregator - GPT-5.4 reviewer metric emitted only on Copilot CLI) and a sync-parity script that catches Claude↔Copilot↔repo drift before it ships.
|
|
656
|
-
6. **Cross-session learning**: per-project knowledge base (architecture, patterns, gotchas) + user-level memory (feedback, project constraints, references).
|
|
657
|
-
7. **Schema-validated state + smoke-tested contracts**: `schemas/*.schema.json` for `agent-state.json` and preferences; `scripts/smoke-channels-flow.sh` guards body-preservation + Bitbucket PUT contract + multi-channel dispatch.
|
|
658
|
-
8. **Task Type Detection** - every task classified as component/bugfix/feature/refactor/chore at Phase 0 Step 9, used by every downstream phase for deterministic routing.
|
|
659
|
-
9. **SubPhase progress tracking** for specialized workflows - component generation (figma-to-swiftui) reports nested SubPhases under the parent main phase instead of inflating the top-level phase count.
|
|
660
|
-
10. **Interactive launchers**: `multi-agent-jira` lists your open Jira issues; `multi-agent-issue` lists unassigned GitHub issues. Pick one → choose branch → choose mode (full/--dev) → autopilot? → pipeline starts. GitHub issues are auto-assigned on selection.
|
|
89
|
+
`setup` scans your OS keychain and maps each token by a **logical name** (e.g. `jira`) to its real keychain entry — the pipeline resolves tokens through that mapping (`credential-store.sh`), so literal keychain names never appear in synced files. Tokens stay in the keychain (macOS Keychain / Windows Credential Manager / Linux libsecret), are **never committed or logged**, and are all **optional** — the pipeline asks for any it needs at Phase 0.
|
|
661
90
|
|
|
662
|
-
|
|
91
|
+
| Token | Used for | Phase |
|
|
92
|
+
|---|---|---|
|
|
93
|
+
| `jira` | fetch the issue · post the report comment | 0, 7 |
|
|
94
|
+
| `github` | issues · PRs · `gh` auth | 0, 6 |
|
|
95
|
+
| `bitbucket` | PR create/update (reviewer-preserving) · diff | 6 |
|
|
96
|
+
| `confluence` | publish analysis / wiki pages | 7 |
|
|
97
|
+
| `figma` + `figma_mcp` | fetch design context | analysis only |
|
|
98
|
+
| `fortify` | security-scan findings gate | 4 |
|
|
99
|
+
| `firebase` | Firebase config (base64 JSON) for Firebase projects | as needed |
|
|
100
|
+
| `jenkins` | CI trigger / status | build / deploy |
|
|
101
|
+
| `npm` | package publish (mostly CI) | release |
|
|
663
102
|
|
|
664
|
-
|
|
665
|
-
pipeline/
|
|
666
|
-
commands/
|
|
667
|
-
multi-agent.md Main orchestrator
|
|
668
|
-
sim-test.md Mobile UI Bug Hunter
|
|
669
|
-
figma-to-swiftui.md Figma -> SwiftUI component generator
|
|
670
|
-
deploy.md iOS deployment checklist
|
|
671
|
-
archive-guard.md .xcarchive App Store compliance scan
|
|
672
|
-
security-review.md Deep security audit
|
|
673
|
-
multi-agent/
|
|
674
|
-
help.md Usage guide
|
|
675
|
-
setup.md Token + identity + Jira key onboarding
|
|
676
|
-
status.md List all tasks
|
|
677
|
-
log.md Show task log
|
|
678
|
-
resume.md Resume stopped task
|
|
679
|
-
kill.md Delete task worktree
|
|
680
|
-
purge.md Full reset (double-confirm)
|
|
681
|
-
review.md Review current diff
|
|
682
|
-
channels.md Multi-channel reporter (Jira/Confluence/Wiki/PR)
|
|
683
|
-
jira.md Interactive Jira picker
|
|
684
|
-
issue.md Interactive GitHub issue picker
|
|
685
|
-
dev.md Fast mode (Opus)
|
|
686
|
-
autopilot.md Skip confirmations
|
|
687
|
-
dev-autopilot.md Fastest path (dev + autopilot)
|
|
688
|
-
test.md UI Bug Hunter
|
|
689
|
-
search.md Full-text log search
|
|
690
|
-
scan.md Skill security scanner
|
|
691
|
-
refactor.md Refactor planner
|
|
692
|
-
update.md Update pipeline
|
|
693
|
-
sync.md Sync ecosystem (Claude/Copilot/repo)
|
|
694
|
-
refs/
|
|
695
|
-
rules.md Global non-negotiable rules
|
|
696
|
-
keychain.md Token registry
|
|
697
|
-
knowledge.md Project knowledge system
|
|
698
|
-
audit-guide.md Audit tool integration rules
|
|
699
|
-
swiftui-guide.md iOS component guide + compliance rules
|
|
700
|
-
android-guide.md Android component guide + compliance rules
|
|
701
|
-
backend-guide.md Backend API guide
|
|
702
|
-
frontend-guide.md Frontend component guide
|
|
703
|
-
phases.md Phase reference + ASCII flow diagram
|
|
704
|
-
phases/
|
|
705
|
-
phase-0-init.md Project setup (8-step interactive)
|
|
706
|
-
phase-1-analysis.md Stack detection + codebase exploration
|
|
707
|
-
phase-2-planning.md Task decomposition + architecture review
|
|
708
|
-
phase-3-dev.md TDD development + build queue
|
|
709
|
-
phase-4-review.md Gates + code review + accessibility check
|
|
710
|
-
phase-5-test.md User testing + device audits (on-demand)
|
|
711
|
-
phase-6-commit.md Commit + PR (reviewers + draft prompt)
|
|
712
|
-
phase-7-report.md External (Jira/Wiki/Confluence) + internal log + knowledge + memory
|
|
713
|
-
modes.md Autopilot, --dev, --local
|
|
714
|
-
operations.md Kill, resume, purge
|
|
715
|
-
log-format.md Log file spec
|
|
716
|
-
skills/
|
|
717
|
-
shared/
|
|
718
|
-
core/ 22 orchestration skills (multi-agent-*) - pipeline-critical; changes here affect pipeline
|
|
719
|
-
behavior directly.
|
|
720
|
-
external/ 127 iOS/Android/generic guidance skills imported
|
|
721
|
-
from upstream (mirrors of third-party skill sets
|
|
722
|
-
- SwiftUI, Compose, Kotlin, Swift, web, backend,
|
|
723
|
-
CI/CD, HIG, etc.).
|
|
724
|
-
figma-common/ Platform-agnostic Figma pipeline shared steps
|
|
725
|
-
figma-ios/ Figma → SwiftUI component generator (iOS)
|
|
726
|
-
figma-android/ Figma → Jetpack Compose component generator (Android)
|
|
727
|
-
schemas/ JSON Schemas
|
|
728
|
-
agent-state.schema.json Validates $HOME/.claude/logs/.../agent-state.json
|
|
729
|
-
prefs.schema.json Validates $HOME/.claude/multi-agent-preferences.json
|
|
730
|
-
triage-output.schema.json Validates Phase 4 triage output
|
|
731
|
-
token-budget.json Per-phase token limits + warn thresholds
|
|
732
|
-
agents/
|
|
733
|
-
code-reviewer.md Phase 4 reviewer (CLI-aware: 2-model Claude / 3-model Copilot + Opus triage)
|
|
734
|
-
explorer.md Phase 1 codebase scanner
|
|
735
|
-
ios-architect.md iOS architecture review
|
|
736
|
-
android-architect.md Android architecture review
|
|
737
|
-
backend-architect.md Backend/API architecture review
|
|
738
|
-
security-auditor.md Security audit (OWASP)
|
|
739
|
-
rules/
|
|
740
|
-
code-style.md Naming, structure, patterns
|
|
741
|
-
git-conventions.md Commit messages, branching
|
|
742
|
-
testing.md Test naming, structure, coverage
|
|
743
|
-
tdd.md Red-Green-Refactor, testing pyramid
|
|
744
|
-
code-review.md Review priority, severity, checklist
|
|
745
|
-
security.md Keychain, ATS, credentials, privacy
|
|
746
|
-
performance.md Bottlenecks, caching strategy
|
|
747
|
-
debugging.md Scientific debugging method
|
|
748
|
-
app-store-guidelines.md App Store Review Guidelines
|
|
749
|
-
figma-pipeline.md Figma -> SwiftUI generation rules
|
|
750
|
-
swiftui-qa.md 3-layer test strategy, 13-item checklist
|
|
751
|
-
kotlin-android.md Kotlin & Android conventions
|
|
752
|
-
eval/
|
|
753
|
-
triage/
|
|
754
|
-
01-10/ 10 adversarial eval fixtures
|
|
755
|
-
scripts/
|
|
756
|
-
pre-commit-check.sh Secret detection hook
|
|
757
|
-
build-stack-plugins.mjs Rebuild stack plugins + version bump
|
|
758
|
-
keychain-save.sh Save tokens/JSON to macOS Keychain
|
|
759
|
-
github-ssh-setup.sh GitHub SSH key generation + setup
|
|
760
|
-
ui-tree-dumper.swift iOS accessibility tree dumper
|
|
761
|
-
eval-triage.mjs Eval runner for triage fixtures
|
|
762
|
-
validate-triage.mjs Runtime triage validator
|
|
763
|
-
validate-schemas.mjs Zero-dep shallow validator for *.schema.json
|
|
764
|
-
aggregate-metrics.mjs Telemetry aggregator
|
|
765
|
-
log-metric.sh Telemetry metric logger
|
|
766
|
-
phase-banner.sh Phase banner UI renderer
|
|
767
|
-
phase-tracker.sh Phase progress tracker
|
|
768
|
-
sync-parity-check.sh Claude↔Copilot↔repo parity checker
|
|
769
|
-
smoke-*.sh Contract smoke tests (10 suites, 115 assertions)
|
|
770
|
-
claude-md-template.md CLAUDE.md starter template
|
|
771
|
-
preferences-template.json Empty config template
|
|
772
|
-
|
|
773
|
-
docs/
|
|
774
|
-
features.md Full feature catalog
|
|
775
|
-
adr/ Architecture Decision Records (0001+)
|
|
776
|
-
|
|
777
|
-
CHANGELOG.md Version history
|
|
778
|
-
docs/architecture.md Mermaid diagrams: pipeline flow, modes, components
|
|
779
|
-
docs/best-practices.md Competitor-informed patterns and pipeline rules
|
|
780
|
-
SECURITY.md Vulnerability reporting policy
|
|
781
|
-
```
|
|
103
|
+
The **secret scan** runs as a `PreToolUse` hook on Claude Code (hard-blocks a commit on a hit) and as a pre-push check elsewhere.
|
|
782
104
|
|
|
783
|
-
##
|
|
105
|
+
## Platform support
|
|
784
106
|
|
|
785
|
-
|
|
107
|
+
Runs on **macOS**, **Linux**, and **Windows** (Git Bash / WSL). Shell and credential access go through a platform-agnostic layer — the keychain resolves automatically to **macOS Keychain**, **Linux libsecret** (`secret-tool`), or **Windows Credential Manager**, and scripts fall back between BSD and GNU tool variants. Node.js 18 / 20 / 22.
|
|
786
108
|
|
|
787
|
-
|
|
788
|
-
# Claude Code # Copilot CLI
|
|
789
|
-
/multi-agent:sync # multi-agent-sync
|
|
790
|
-
/multi-agent:sync status # multi-agent-sync status
|
|
791
|
-
/multi-agent:sync to-copilot # multi-agent-sync to-copilot
|
|
792
|
-
/multi-agent:sync to-repo # multi-agent-sync to-repo
|
|
793
|
-
/multi-agent:sync release # multi-agent-sync release
|
|
794
|
-
```
|
|
109
|
+
## Companion repos
|
|
795
110
|
|
|
796
|
-
|
|
|
797
|
-
|
|
798
|
-
|
|
|
799
|
-
|
|
|
800
|
-
| **Pipeline Repo** | Genericized open-source version (no personal data) |
|
|
801
|
-
| **Website** | Version, phase/model counts, feature strings (EN+TR) |
|
|
802
|
-
| **Remote Control** | Pipeline feature references |
|
|
111
|
+
| Repo | What it is |
|
|
112
|
+
|---|---|
|
|
113
|
+
| [`mmerterden/multi-agent-plugins`](https://github.com/mmerterden/multi-agent-plugins) | Marketplace of per-stack skill toolkits (iOS / Android / Frontend / Backend + common). `/multi-agent:stack` enables the matching plugin. |
|
|
114
|
+
| [`mmerterden/dev-toolkit-mcp`](https://github.com/mmerterden/dev-toolkit-mcp) | MCP server for UI testing / simulator capture / xcodebuild — powers the Phase 5 UI Bug Hunter. `npx @mmerterden/dev-toolkit-mcp` |
|
|
803
115
|
|
|
804
116
|
## License
|
|
805
117
|
|
|
806
|
-
MIT
|
|
118
|
+
MIT — see [LICENSE](./LICENSE). Security issues: see [SECURITY.md](./SECURITY.md) (do not open public issues for vulnerabilities).
|