AI Agents
Specialized AI assistants that automate specific development tasks. Each agent handles particular aspects of the software development lifecycle.
Agent Orchestration System Documentation
Conductor-Orchestrated Workflow
The conductor agent orchestrates the entire development lifecycle with quality gates at every phase. This world-class orchestration solution coordinates 53+ specialized agents for comprehensive project delivery:
# Invoke the conductor agent explicitly:
"Use the conductor agent to build a user authentication system based on auth-brd.md"
# PARALLEL BACKGROUND AGENTS (run throughout execution):
# ├── guardrails → Input/output validation, safety checks, halt before damage
# ├── tracer → Execution capture for debugging and performance analysis
# ├── checkpoint → State persistence for durable execution (resume from any point)
# └── confidence → Uncertainty detection, request clarification for low-confidence decisions
═══════════════════════════════════════════════════════════════════════════
COMPREHENSIVE ORCHESTRATION WORKFLOW
═══════════════════════════════════════════════════════════════════════════
PHASE 0: PROJECT INITIALIZATION (new projects only)
├── project-setup → Create harness files, git, CI/CD
├── PM → Post-setup gate
└── Verify: feature_list.json, BRD-tracker.json, CLAUDE.md
PHASE 0.5: BROWNFIELD ANALYSIS (existing codebases)
├── analyze-codebase → Directory structure, file inventory, architecture diagrams
├── planner → Detailed implementation plan with confidence scoring
├── PM → Post-analysis gate
└── Verify: CODEBASE-ANALYSIS.md, implementation plan approved
PHASE 1: REQUIREMENTS & BRD EXTRACTION
├── research → Generate comprehensive BRD (uses Gemini for adversarial review)
├── ciso → Security review (OWASP/STRIDE/threat modeling)
├── PM → Pre-extraction gate
├── CRITIC → Post-CISO validation (BLOCKING)
├── conductor → Extract ALL requirements to BRD-tracker.json
├── PM → Post-BRD gate
└── CRITIC → Post-extraction validation (BLOCKING)
PHASE 2: ARCHITECTURE & SPECIFICATION
├── architect → Create /TODO specs, page inventory, link matrix
├── api-design → OpenAPI specs, GraphQL schemas, contract testing (Pact)
├── database → Schema design, migrations, index recommendations
├── planner → Detailed plans for complex specs (confidence scoring)
├── PM → Pre-implementation gate
├── CRITIC → Post-architect validation (BLOCKING)
├── qa → Create executable tests (testing-security-stack)
└── CRITIC → Post-QA validation (BLOCKING)
PHASE 2.5: VISUAL DESIGN (UI-heavy projects)
├── frontend-designer → Design tokens, component specs, all states
├── Verify: No generic AI aesthetics, WCAG AA compliance
└── Skip if: API-only or backend project
PHASE 3: IMPLEMENTATION LOOP (iterates until gates pass)
├── auto-code → Process TODO specs (NO placeholders allowed)
├── CISO → Security code review (BLOCKING - OWASP/SANS CWE/secrets)
├── PM → Mid-implementation check
├── [code-reviewer + qa + performance + compliance] → Parallel validation
├── PM → Loop-check gate (stuck detection, scope creep)
├── CRITIC → Post-implementation validation (BLOCKING)
├── bug-find → Systematic debugging when errors persist
├── refactor → Code quality improvements when technical debt detected
├── confidence → Validate complex decisions, request clarification if needed
└── [If issues] → Write fix specs → repeat loop
PHASE 3.5: CONTENT ACCURACY VERIFICATION
├── Verify: All claims accurate, no Lorem ipsum, no placeholder content
├── Legal: Privacy Policy, Terms of Service, Disclaimers
└── All contact info valid, external links working
PHASE 4: FINAL BRD VERIFICATION (MANDATORY BLOCKING)
├── PM → Pre-verification gate
├── qa → Gap analysis (BRD vs implementation)
├── CRITIC → Pre-release validation (COMPREHENSIVE FINAL)
│ ├── BRD completeness audit (100% requirements)
│ ├── Code quality audit (no TODOs/placeholders)
│ ├── Security audit (Semgrep, Gitleaks, Trivy)
│ ├── Integration audit (live connections, not mocks)
│ └── UI/UX audit (visual regression, accessibility)
└── VERDICT: APPROVED FOR RELEASE or REQUIRES REMEDIATION
PHASE 5: DOCUMENTATION
├── PM → Pre-docs gate
├── doc-gen → Project documentation, SBOM, SDLC evidence
├── CISO → Document security review (no sensitive data, accuracy)
├── api-docs → OpenAPI specs, Swagger UI
└── PM → Complete
PHASE 5.5: WORKFLOW AUTOMATION (when n8n required)
├── n8n → Design workflow automation
├── Generate importable n8n JSON workflow files
└── Integrate with existing systems
PHASE 5.6: PENETRATION TESTING (MANDATORY for production)
├── pentest-coordinator → Scope definition, attack scenario planning
├── OWASP ZAP, Nuclei → Automated security scanning
├── Manual testing → OWASP Top 10, auth bypass, business logic
├── Finding remediation → Fix Critical/High, risk-accept others
├── CRITIC → Post-pentest validation (BLOCKING)
└── Attestation signed before deployment
PHASE 5.7: SUPPLY CHAIN SECURITY (MANDATORY)
├── supply-chain-security → SLSA provenance attestations
├── Sigstore/cosign → Artifact signing, GPG for binaries
├── Commit verification → All commits in release signed
├── SBOM-Provenance linking → Full traceability
└── SLSA Level verification → Minimum L2 for release
PHASE 6: DEPLOYMENT & OPERATIONS (production releases)
├── devops → CI/CD pipelines, Docker, Kubernetes, rollback automation
├── observability → Prometheus/Grafana dashboards, alerting, SLOs
├── CRITIC → Post-deployment validation
└── PM → Project complete
═══════════════════════════════════════════════════════════════════════════
SPECIALIZED WORKFLOW PATTERNS
═══════════════════════════════════════════════════════════════════════════
QUICK FIX/BUG WORKFLOW (minimal overhead):
PM → analyze-codebase → bug-find → planner → auto-code → [code-reviewer + qa] → CRITIC → PM
REFACTORING WORKFLOW:
PM → analyze-codebase → planner → refactor → [code-reviewer + qa] → CRITIC → PM
AGENT ENHANCEMENT WORKFLOW (meta-improvement):
feedback-loop → root-cause → improvement-workflow → self-improve → CRITIC → PM
COMPLEX MULTI-TEAM WORKFLOW:
PM → crew(organize) → [Team A: architect + auto-code] ↔ [Team B: frontend-designer + auto-code]
→ handoff(integrate) → [code-reviewer + qa] → CRITIC → PM
═══════════════════════════════════════════════════════════════════════════
SELF-EVOLUTION CYCLE
═══════════════════════════════════════════════════════════════════════════
[Execution] → feedback-loop (pattern analysis)
→ root-cause (5 Whys/Fishbone/Fault Tree)
→ improvement-workflow (track to implementation)
→ self-improve (A/B testing improvements)
→ [Improved Platform]
Result: Production-ready with 100% BRD coverage, no placeholders, full traceability
Development Workflow
Conductor
OrchestrationDevelopment workflow orchestrator that coordinates all agents through requirements, architecture, implementation, testing, and documentation phases.
View Details →PM (Project Manager)
Workflow ControlWorkflow discipline enforcer that maintains sequence integrity and prevents deviations. Runs at every gate to verify sequencing and detect scope creep.
View Details →Critic
Quality GateSkeptical validator that scrutinizes every deliverable, trusts nothing, and verifies completeness against specifications before allowing progression.
View Details →Dynamic Router
Task RoutingIntelligent task routing system that analyzes requests, determines optimal agent assignments, and coordinates multi-agent workflows dynamically.
View Details →Architect
DesignTransforms high-level ideas into detailed, implementation-ready feature specifications with acceptance criteria and testing requirements.
View Details →Auto-Code
ImplementationAutomatically implements features from TODO specifications. Generates production-ready code, runs tests, and moves completed specs to COMPLETE.
View Details →Research
AnalysisElite research analyst that gathers information, verifies facts, and synthesizes complex data. Uses Gemini for adversarial BRD review.
View Details →Project Setup
InitializationInitializes development environments with directory structure, git configuration, and all harness artifacts needed for conductor workflows.
View Details →PRD Manager
DocumentationLiving PRD repository manager that maintains semantic indexing, version tracking, and continuous context injection for project requirements.
View Details →API Design
API ArchitectureAPI-first development architect specializing in OpenAPI 3.0, RESTful patterns, GraphQL, gRPC, and API versioning strategies with contract-first design.
View Details →Advanced Orchestration
Planner
PlanningInteractive planning agent inspired by Devin 2.0. Collaborates with users to create detailed plans before execution, ensuring alignment.
View Details →Checkpoint
State ManagementPersistent state management inspired by LangGraph. Creates checkpoints at key decision points, enabling state restoration and replay.
View Details →Handoff
Agent TransitionsStructured agent transitions inspired by OpenAI SDK. Defines explicit handoff protocols between agents with context preservation.
View Details →Guardrails
ValidationParallel validation system inspired by OpenAI SDK. Runs input/output guardrails concurrently with tripwire behavior for fast failures.
View Details →Crew
Team OrganizationRole-based team organization inspired by CrewAI. Structures agents into hierarchical crews with managers, specialists, and validators.
View Details →Tracer
ObservabilityFull observability system inspired by OpenAI SDK. Captures execution traces with spans for LLM calls, tools, handoffs, and guardrails.
View Details →Time-Travel
DebuggingExecution replay agent inspired by LangGraph. Jumps to checkpoints, modifies state, and explores alternative execution paths.
View Details →Confidence
Uncertainty DetectionUncertainty detection inspired by Devin/Confucius. Monitors confidence levels and triggers clarification when thresholds drop.
View Details →Self-Improve
OptimizationSelf-improvement loop inspired by SICA. Benchmarks performance, identifies weaknesses, generates improvements, and A/B tests changes.
View Details →Context Hygiene
Context ManagementMid-workflow context management implementing the 60% Rule. Generates handoff documents, tracks context budget, and prevents context rot.
View Details →Procedural Memory
KnowledgeCaptures successful multi-step task completions, extracts reusable patterns, and provides few-shot examples for similar future tasks.
View Details →Code Quality
Code Reviewer
ReviewComprehensive code review that analyzes security vulnerabilities, code quality, performance issues, and architectural concerns following OWASP Top 10.
View Details →Bug Find
DebuggingScientific debugging agent applying evidence-based troubleshooting. Observes, hypothesizes, experiments, and analyzes to identify root causes.
View Details →Root Cause
AnalysisSystematic problem investigator using 5 Whys, Fishbone, and Fault Tree methodologies to identify true underlying causes of failures.
View Details →Refactor
RestructuringCode restructuring expert following Martin Fowler's catalog. Identifies code smells, applies SOLID principles, and modernizes legacy systems.
View Details →Optimize
EnhancementAI prompt optimization specialist using the 4-D methodology to transform vague requests into precision-crafted prompts.
View Details →Feedback Loop
Self-EvolutionSelf-evolution engine that analyzes execution outcomes, identifies patterns, and drives continuous improvement across all agents and skills.
View Details →Improvement Workflow
ProcessSystematic improvement manager tracking proposals through assessment, approval, implementation, and verification for continuous platform evolution.
View Details →Database
Data EngineeringDatabase engineering expert for schema design, migrations with Prisma/TypeORM/Alembic, query optimization, and multi-database architecture patterns.
View Details →Testing & Documentation
QA Guy
TestingProfessional QA engineer that develops test plans, creates test cases, performs BRD/PRD gap analysis, and generates TODO files for gaps found.
View Details →Doc Generator
DocumentationTechnical writing expert that creates READMEs, architecture docs, setup guides, SBOM generation, and SDLC compliance evidence.
View Details →API Docs
API ReferenceGenerates OpenAPI 3.0 specifications with Swagger UI integration, interactive endpoint testing, and comprehensive API documentation.
View Details →Frontend Designer
UI/UXElite frontend design specialist creating production-ready interfaces using Material Design 3, Apple HIG, and accessibility standards.
View Details →Performance
TestingElite performance engineer for load testing with K6/Locust, Lighthouse audits, Core Web Vitals optimization, and performance budgeting.
View Details →Security & Analysis
CISO
SecuritySecurity-first development agent ensuring OWASP Top 10 compliance, secure coding practices, threat modeling, and vulnerability prevention.
View Details →Analyze Codebase
AnalysisComprehensive codebase analysis including project overview, architecture mapping, file structure, and improvement recommendations.
View Details →n8n Workflow Builder
AutomationExpert n8n workflow architect that transforms automation ideas into production-ready, importable n8n JSON workflow files.
View Details →Compliance
GovernanceRegulatory compliance expert for SOC 2, GDPR, HIPAA, PCI-DSS, ISO 27001 with policy-as-code implementation and audit evidence automation.
View Details →Observability
OperationsElite Site Reliability Engineer for production monitoring, logging, alerting, distributed tracing, SLO/SLI definition, and incident response.
View Details →Pentest Coordinator
SecurityCoordinates penetration testing activities including scope definition, attack scenario planning, finding tracking, and remediation verification.
View Details →Secrets Lifecycle
SecurityManages complete secrets lifecycle including vault integration, rotation policies, dynamic secrets, and emergency rotation procedures.
View Details →Security Gate
SecurityMandatory security checkpoint enforcing OPA policies, mTLS identity verification, and immutable audit logging for all agent operations.
View Details →Supply Chain Security
SecurityGenerates SLSA provenance attestations, signs artifacts with Sigstore/cosign, and ensures end-to-end software artifact traceability.
View Details →Platform & Extensibility
Agent Builder
Meta-AgentMeta-agent for creating new domain-specific agents. Guides through role definition, capabilities, behavioral rules, and generates production-ready agent files.
View Details →Skill SDK
DevelopmentComprehensive skill development framework for creating, extending, testing, and publishing skills on the AdvanceCyber.ai platform.
View Details →MCP Manager
IntegrationCentral authority for MCP server integrations. Handles configuration, security validation, troubleshooting, and optimization of external connections.
View Details →Command Builder
ExtensibilityFramework for creating and managing custom slash commands. Build command libraries, compose workflows, and extend the command vocabulary.
View Details →Context Manager
OptimizationContext window optimization system. Monitors utilization, implements modular rules, performs intelligent resets, and coordinates context transfer.
View Details →DevOps
InfrastructureCI/CD pipeline architect with GitHub Actions, Kubernetes, Docker, Terraform expertise and deployment strategies (blue-green, canary, rolling).
View Details →Git-Flow
DevOpsImplements the git-flow branching model with feature, release, and hotfix branches plus proper merging workflows between main and develop.
View Details →Memory System
InfrastructureExpert memory system engineer for Claude Code's persistent memory infrastructure including Qdrant vector database, n8n workflows, and MCP tools.
View Details →Offline Dev
DevelopmentOffline AI-assisted development expert using Goose Local and FICLI with local LLM inference via Ollama for productive coding without internet.
View Details →Context Translator
UtilityContext translation specialist for bidirectional conversion between Claude Code (CLAUDE.md) and Goose (.goosehints) formats.
View Details →Git-Flow
Version ControlImplements Vincent Driessen's git-flow branching model. Manages feature, release, and hotfix branches with proper merging strategies.
View Details →Infographic Generator
MediaCreates high-quality infographics from text content using Google Gemini image generation with Two-Step Parsing and SLCT formula.
View Details →Pentest Coordinator
SecurityCoordinates penetration testing including scope definition, attack scenario planning, finding tracking, remediation verification, and attestation.
View Details →Procedural Memory
MemoryCaptures successful task execution patterns, extracts reusable procedures, and provides few-shot examples for similar future tasks.
View Details →SDLC Gap Analysis
SecurityAnalyzes secure SDLC coverage against frameworks: NIST SSDF, OWASP SAMM, Microsoft SDL, SLSA, CISA, ISO 27034, BSIMM.
View Details →Secrets Lifecycle
SecurityManages complete secrets lifecycle: vault integration, rotation policies, dynamic secrets, inventory, and emergency rotation.
View Details →Security Gate
SecurityMandatory security checkpoint for agent operations. Enforces OPA policies, verifies identity via mTLS, logs to immutable audit.
View Details →SEO
ContentSEO pipeline automation: keyword research, content strategy, technical audits, on-page optimization, and search performance analysis.
View Details →Supply Chain Security
SecuritySLSA provenance, Sigstore artifact signing, commit verification, SBOM linking. Essential for supply chain security compliance.
View Details →The AI Orchestra
Watch how AI agents orchestrate your development workflow
The AI Orchestra - Orchestrated Development Workflows
System Architecture
A comprehensive view of the Agentic Development System
Click to view the full Agentic Development System PDF
Looking for Skills?
Skills extend AI agents with specialized knowledge, workflows, and tool integrations.
- Agents: Autonomous workers that perform tasks
- Skills: Knowledge bases that enhance agent capabilities
- 38 Skills Included: api-catalog, artifacts-builder, brand-guidelines, canvas-design, changelog-generator, competitive-ads-extractor, content-research-writer, developer-growth-analysis, docker-health, document-skills, domain-name-brainstormer, file-organizer, image-enhancer, infographic-generator, internal-comms, invoice-organizer, lead-research-assistant, marketplace, mcp-builder, meeting-insights-analyzer, n8n-code-javascript, n8n-code-python, n8n-expression-syntax, n8n-mcp-tools-expert, n8n-node-configuration, n8n-validation-expert, n8n-workflow-patterns, notebooklm, raffle-winner-picker, skill-creator, skill-share, slack-gif-creator, testing-security-stack, theme-factory, ui-design, video-downloader, webapp-testing, yt-transcript