chore: add multi-agent build pipeline (.claude/ agents, orchestrator, gates)
Adds crewli-architect, backend/frontend-implementer, test-writer subagents, the /build-module orchestrator command, the PR merge-gate template, and a permissions allow-list in settings.json. Documents the layer as CLAUDE_CODE_TOOLING.md section 10. Implementer Edit/Write is allow-listed; git push deliberately omitted so merge/push stay human. Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -190,3 +190,84 @@ the worst of both worlds (the agent reads the rule, the hook fires
|
||||
the rule, and when they diverge nobody knows which is right).
|
||||
CLAUDE.md is for understanding the project; `.claude/` is for
|
||||
catching the mistakes that happen anyway.
|
||||
|
||||
## 10. Multi-agent build pipeline
|
||||
|
||||
The `.claude/` layer now includes an orchestrated build pipeline on top
|
||||
of the deterministic hooks and the review subagent. It automates the
|
||||
work Bert previously did by hand (prompt authoring, dispatch, gate
|
||||
assembly) while keeping the two irreversible decisions human.
|
||||
|
||||
### 10.1 Validated against
|
||||
|
||||
- Claude Code version: **<fill in `claude --version` at setup>**
|
||||
- Re-verify after every `claude update`: the Agent-tool name, the
|
||||
`isolation: worktree` field, and the subagent permission model have
|
||||
all shifted in point releases. After an update, re-run the §6 hook
|
||||
smoke-tests and one architect dry-run before trusting the chain.
|
||||
|
||||
### 10.2 The agents
|
||||
|
||||
| Agent | Model | Tools | Role |
|
||||
|---|---|---|---|
|
||||
| `crewli-architect` | opus | Read, Grep, Glob, Bash | Drift-check, audit, decompose, emit DECISION BRIEF. Plans only — never writes code. |
|
||||
| `backend-implementer` | sonnet | + Edit, Write (worktree) | One bounded backend subtask per the approved plan. |
|
||||
| `frontend-implementer` | sonnet | + Edit, Write (worktree) | One bounded `apps/app/` subtask. |
|
||||
| `test-writer` | sonnet | + Edit, Write (worktree) | PHPUnit + Vitest tests; never weakens a test to pass. |
|
||||
| `crewli-reviewer` | opus | Read, Grep, Glob (read-only) | Zero-compromise review; emits `REVIEW VERDICT: PASS\|BLOCK`. |
|
||||
|
||||
Implementer prompts are deliberately thin: they encode only what an
|
||||
agent would get WRONG without the instruction, and lean on CLAUDE.md +
|
||||
SCHEMA.md for the rest. They do NOT duplicate hookable rules (pint,
|
||||
eslint, protect-files, block-dangerous-bash already fire on every tool
|
||||
call). This is the §1 binding principle applied to agents.
|
||||
|
||||
### 10.3 The orchestrator
|
||||
|
||||
`/build-module <task>` runs in the MAIN session (subagents can't spawn
|
||||
subagents). Five phases:
|
||||
|
||||
0. Branch off main (always Phase 0).
|
||||
1. Architect -> DECISION BRIEF -> **HUMAN GATE 1** (approve/adjust/reject).
|
||||
2. Dispatch implementers + test-writer in dependency order; parallel-
|
||||
safe subtasks run as background subagents with worktree isolation.
|
||||
3. Reviewer gate; BLOCK loops back to the implementer without bothering
|
||||
the human; PASS proceeds.
|
||||
4. Assemble `pr-merge-gate.md` with real signals -> **HUMAN GATE 2**
|
||||
(reply `merge`). A red signal never reaches the human.
|
||||
5. Post-merge: sync-docs reminder; branch cleanup ONLY after merge
|
||||
verification (the D1 near-miss rule).
|
||||
|
||||
### 10.4 The two human gates
|
||||
|
||||
Both gates are designed to reduce to a single glance + one word:
|
||||
|
||||
- **Gate 1** (decomposition): the architect surfaces its own risk flags
|
||||
and open questions at the top of the brief, so Bert weighs only the
|
||||
flagged points, not the whole plan. Reply `approve`.
|
||||
- **Gate 2** (merge): every signal is pre-verified green before the gate
|
||||
is shown; a red signal returns the PR to the implementer instead.
|
||||
Bert performs the `--no-ff` merge + push manually. Reply `merge`.
|
||||
|
||||
`git push` is intentionally OFF the settings.json allow-list, so the
|
||||
"merge & push stay human" rule is enforced at the permission layer.
|
||||
|
||||
### 10.5 Permissions interaction
|
||||
|
||||
Subagents can't answer "ask" prompts (an asked tool is auto-denied), so
|
||||
implementer Edit/Write/Bash are allow-listed in settings.json §permissions.
|
||||
The PreToolUse hooks still fire and block the dangerous subset. Allow
|
||||
broadly; block narrowly via hooks. Never add `git push` to the allow-list.
|
||||
|
||||
### 10.6 Files
|
||||
|
||||
```
|
||||
.claude/agents/crewli-architect.md
|
||||
.claude/agents/backend-implementer.md
|
||||
.claude/agents/frontend-implementer.md
|
||||
.claude/agents/test-writer.md
|
||||
.claude/agents/crewli-reviewer.md (existing + verdict-line block)
|
||||
.claude/commands/build-module.md
|
||||
.claude/templates/pr-merge-gate.md
|
||||
.claude/settings.json (existing hooks + new permissions)
|
||||
```
|
||||
|
||||
Reference in New Issue
Block a user