Multi-Agent Pipeline

Complete automated workflow from branch to handoff.

• •Phase 0 - Init: branch, identity, worktree setup
• •Phase 1 - Analysis: codebase exploration with Opus
• •Phase 2 - Planning: task decomposition + approval gate (clarification max 2 rounds + free-text edit loop), normal mode only
• •Phase 3 - Dev: TDD red-green-refactor (component tasks delegate to figma-to-component)
• •Phase 4 - Review: CLI-aware parallel review + Opus triage (Claude: 2-model · Copilot: 3-model)
• •Phase 5 - Test: optional UI testing
• •Phase 6 - Commit: conventional commits → PR → issue update
• •Phase 7 - Report: Jira comment → Wiki + Figma screenshots → Confluence → log + knowledge capture

Reviewer set depends on the host CLI: GPT is only natively reachable from Copilot, so Claude runs a 2-model set and Copilot runs a 3-model set. Opus triage runs on both.

• •Deterministic gates first: build + lint + test + secret scan
• •Claude Code (2 parallel): Opus (security + architecture) + Sonnet (quality + correctness)
• •Copilot CLI (3 parallel): GPT + Opus + Sonnet
• •Opus triage filters false positives and out-of-scope items
• •Only actionable findings loop back to Phase 3

Phase 2 refuses to start Phase 3 on underspecified tickets without a human read-through.

• •Clarification mode (max 2 rounds): ambiguous tickets, missing acceptance criteria, UI without Figma, vague language, scope drift
• •Approval loop: plan rendered with summary / approach / risk / scope / files / todos. Respond with onayla / iptal / free-text edit
• •Skipped for fast and autopilot modes to preserve their zero-interaction contracts

Two parallel skills wrap external tooling and report store-submission findings in a normalized severity-grouped shape.

• •apple-archive-compliance: wraps the ios_app_store_audit MCP tool inside @mmerterden/dev-toolkit-mcp ≥ 2.4. 17-rule catalog cross-referenced to Apple ITMS error codes + App Store Review Guidelines (privacy manifest, required-reason API, Info.plist, code signing, entitlements, embedded SDK, IPv6, debug leak, ...)
• •google-play-compliance: orchestrates bundletool + aapt2 + apksigner. 21-rule catalog across Technical · Security · Privacy · Hygiene categories
• •/multi-agent:test "store-ready" auto-detects platform, runs visual + accessibility sweep, dispatches the matching skill, merges into one severity report
• •Wired into 4 consumers: store-ready test, Phase 4 Security Auditor, /multi-agent:review, /multi-agent:channels

Live token accounting in the tracker.

• •phase-tracker.sh `tokens <phase_id> <in> <out>` accumulates LLM usage against the active phase
• •Renders ` · Nk tok` next to elapsed time + Total footer
• •Per-phase token budgets defined in token-budget.json with warn/max thresholds, enforced in CI
• •Phase 7 sub-step tracking: Jira / Wiki / Confluence / Log / Knowledge advanced through pending → in_progress → completed / failed / skipped

Every Phase 7 run appends a 4-column cost block to agent-log.md.

• •Renderer: pipeline/scripts/render-agent-log-cost.sh — tokens in/out + estimated USD per phase
• •Sourced from phase-tracker.sh tokens accumulators × cost-table.json (Opus / Sonnet / Haiku / GPT-5.4)
• •Independent of channels-side reportContent.costSummary — agent-log always carries the breakdown
• •Single call site: LOG_METRIC_FORWARD_TO_TRACKER=1 mirrors metrics.jsonl into the tracker — JSONL + cost block stay in sync
• •13 smoke assertions (smoke-agent-log-cost.sh)

Phase 4 Step 1.75 advisory — heuristic, deterministic, sub-second, no LLM.

• •Walks the diff, scores each file by 7 signals: security_path ×3, migration ×4, public_api ×2, no_test_change ×2.5, complexity_delta ×1.5, ui_critical ×1.5, loc_changed ×1
• •Top-N risk-ranked files inject into each reviewer's prompt as ${PRIORITY_FILES}
• •Reviewers read those files first but still review the entire diff — never gates the pipeline
• •14 smoke assertions across iOS + Android fixtures (smoke-diff-risk.sh)
• •Toggle: prefs.global.diffRiskAdvisory (default ON)

Phase 5 Step 0 advisory — static detector for newly added public symbols missing a paired test.

• •Stack-specific rules ship for iOS / Android / Python / Node.js (test-gap-rules/*.json)
• •iOS Views + Android @Composable + interfaces + public protocols → important severity; other public API additions → suggestion
• •Optional gating via prefs.testGap.blockingThreshold — when set, becomes a Phase 4 rework finding
• •--severity-promote forces all gaps to important (audit mode)
• •22 smoke assertions across 4 stacks (smoke-test-gap.sh)

Per-repo triage corpus that powers Phase 1 enrichment, Phase 4 prior-art lookup, and /multi-agent:search --semantic.

• •~/.claude/memory/multi-agent/<repo-slug>/triage-corpus.jsonl — append-only, idempotent ingest, per-repo isolation (never cross-leaks between projects)
• •Phase 7 ingests every accepted/deferred/rejected finding; Phase 4 triage attaches up to 3 prior-art hits per raw finding with explicit bias hedge
• •/multi-agent:search "<text>" --semantic routes the query to the corpus instead of agent-log grep
• •Token-overlap recall, zero deps, Node-18-compatible. Schema is forward-compatible with a future vector BLOB column.
• •11 smoke assertions (smoke-triage-memory.sh, uses HOME override to never touch the user's real memory dir)
• •Toggle: prefs.global.priorArtEnrichment.enabled (default ON)

Phase 6 Step 0 builds the host project that integrates multiple repos. Learn once, auto-apply forever.

• •Fires only when state.projects.length >= 2. Single-repo skips silently
• •Use case: shared codegen lib + consuming UI lib + host app. Mismatches surface only when the full chain builds together
• •First encounter prompts: register host (path/platform/scheme/submodules/resolve-cmd/build-cmd) / mark noHost / skip this run
• •Auto-run loop: submodule update → resolve → build → error-delta evaluation vs baseline
• •Autopilot refuses to prompt on unknown combos (won't silently build wrong thing)

Browse and launch tasks from your terminal.

• •/multi-agent:jira: lists your open Jira issues, pick one to start
• •/multi-agent:issue: lists unassigned GitHub issues, auto-assigns on pick
• •Shared interactive flow: choose branch → mode → autopilot → launch
• •No more copy-pasting URLs

Incremental learning that persists across sessions.

• •Captures patterns, decisions, and architecture notes per project
• •Phase 7 extracts user corrections, constraints, and references into auto-memory
• •Phase 1 injects memories so future runs respect prior feedback
• •Max 3 new memories per run, merge-over-duplicate strategy
• •Context auto-compacts at 65% usage (vs default ~80%)

Full component generation from Figma URL.

• •Produces Configuration, View, Modifiers, Code Connect, and docs
• •Design token mapping and accessibility IDs
• •3-layer testing: ViewInspector + Snapshot + Unit
• •14-item review checklist
• •Wiki page + issue body update as nested SubPhases of Phase 3
• •Activated automatically when task contains a Figma URL

Tiered pattern scanner for skill content. Blocks supply-chain surprises before install.

• •/multi-agent:scan: four severity tiers (critical · high · medium · low)
• •Auto-runs warn-only on every install; --strict for CI blocks PRs on findings
• •Catches shell-pipe exec, base64-decode exec, eval-of-network, unicode bidi override (trojan source), JS eval(), Python exec(), hardcoded credentials, pastebin raw fetches
• •Three integration points: CI · install.js · slash command

Full-text search across every pipeline run you have ever done.

• •/multi-agent:search "query" across ~/.claude/logs/multi-agent/**/agent-log.md
• •Smart ranking: match count × recency weight
• •Filters: --project, --since 7d|YYYY-MM-DD, --phase N
• •Output modes: colored text, --json, --tsv
• •Local-only, no network

Purpose-built agents for each concern.

• •code-reviewer: CLI-aware parallel review + Opus triage (Claude: 2-model · Copilot: 3-model)
• •explorer: Phase 1 codebase scanner
• •ios-architect: iOS architecture review
• •android-architect: Android architecture review
• •backend-architect: API design review
• •security-auditor: OWASP-based security audit

6 automated scripts installed to ~/.claude/scripts/.

• •pre-commit-check.sh: secret detection (API keys, AWS AKIA, private keys, .env, Firebase JSON)
• •stack-swap.sh: auto-detect project stack on session start
• •keychain-save.sh: save tokens to macOS Keychain (credentials never visible in ps)
• •github-ssh-setup.sh: SSH key generation + config
• •ui-tree-dumper.swift: iOS accessibility tree dumper
• •sync-parity-check.sh: Claude / Copilot / repo drift detection

Stack auto-detected at session start by stack-swap.sh based on project markers (.xcodeproj, build.gradle, package.json).

• •iOS/Swift, Android/Kotlin, Backend, Frontend, or mobile combined
• •Manual override: /multi-agent:stack [ios|android|backend|frontend|mobile|all]
• •Loads matching guide (swiftui-guide, android-guide, backend-guide, frontend-guide)
• •Platform-specific compliance rules map 1:1 to audit checks

Automated visual testing and compliance audits.

• •Boots simulators, captures screenshots across light/dark and large text
• •Accessibility audits and store compliance checks
• •Uses native CLI tools (xcrun simctl, adb, codesign, aapt2)
• •On-demand: dark mode, accessibility, store-ready, biometric, performance

One source of truth, five platforms, zero drift.

• •31 slash commands kept byte-identical between Claude Code (colon form) and Copilot CLI (dash form)
• •/multi-agent:sync re-aligns every target in one shot
• •Full orchestration also ports to Cursor, Antigravity, and VS Code Copilot Chat via per-platform adapters (subagents/workflow + /multi-agent command + dev-toolkit MCP)
• •204 unified skills shipped to all targets