A comprehensive, production-ready framework for orchestrating specialized AI agents in software development workflows. Built with security-first principles, this framework enables teams to leverage AI agents for requirements analysis, development, code review, security scanning, and quality assurance.
- Business Analyst Agent: Requirements gathering, user story creation, stakeholder analysis
- Behavioral Reframe Agent: Perceptual reframes, low-cost behavioral interventions, experiment design
- Research Manager: Research coordination, task delegation, synthesis
- Research Agent: Technical research, comparative analysis, feasibility studies
- UX/UI Agent: User experience evaluation, accessibility compliance, design systems
- Task Manager: Epic decomposition, sprint planning, dependency mapping
- Tech Lead: Architecture design, technical coordination, sprint planning
- Coding Agent: Secure implementation, Django/Azure development, self-review
- Code Inspector: Code quality review, functionality validation, test coverage
- Security Agent: Security scanning (Semgrep), CVE detection, GDPR compliance
- QA Lead: Test strategy, automated testing (Playwright), quality gates
Skills are modular markdown documents that agents load to enhance their capabilities:
- Security: secure-coding, secrets-detection, dependency-security
- Code Quality: code-review-checklist, test-case-design
- Planning: sprint-planning, story-readiness-verification, backlog-planning-estimation
- Research: market-research, comparative-analysis, technical-synthesis, source-evaluation
- Design: ui-ux-research, accessibility-inclusive-design
- Architecture: api-design, database-design, authentication-authorization, realtime-communication
- Workflow: workflow-automation, file-storage-security
- Mindset: curiosity
Standardized templates ensure consistency across agent outputs:
- user-story-template.md: User stories with acceptance criteria, DoR/DoD
- research-report-template.md: Research findings with evidence and recommendations
- sprint-plan-template.md: Sprint coordination with dependencies and risk assessment
- security-review-report-template.md: Security scan results with Semgrep integration
- code-review-report-template.md: Code quality review with coverage analysis
- test-plan-template.md: QA strategy with manual and automated test plans
- ux-review-report-template.md: UX evaluation with Nielsen heuristics and WCAG compliance
- task-breakdown-template.md: Epic decomposition with effort estimation
- proposal-template.md: Project proposals with business case
Model Context Protocol (MCP) servers provide agents with real-time access to tools and data:
- github-config.json: Issue tracking, PR management, security alerts
- n8n-config.json: Workflow automation patterns
- supabase-config.json: Database, authentication, storage patterns
- postgresql-config.json: Database design and query optimization
- playwright-config.json: Browser automation, UI testing
- django-config.json: Django framework, security patterns, DRF
- azure-config.json: Azure App Service, Key Vault, Application Insights
- semgrep-config.json: Automated security scanning, OWASP Top 10
- python-docs-config.json: Python/FastAPI/Django documentation
- openapi-config.json: API specification and design
- microsoft-learn-config.json: Microsoft Azure documentation
- AI assistant with MCP support (e.g., Claude with MCP enabled)
- Access to required MCP servers (see
mcp-servers/SETUP-GUIDE.md) - For security scanning: Semgrep installed (
brew install semgreporpip install semgrep)
-
Clone this repository:
git clone https://github.com/yourusername/agentic-framework.git cd agentic-framework -
Configure MCP servers:
- Review
mcp-servers/SETUP-GUIDE.mdfor detailed setup instructions - Configure MCP servers in your AI assistant (e.g., Claude Desktop app)
- Update config files with your credentials/tokens as needed
- Review
-
Choose your agents:
- Review agent definitions in
agents/directory - Select agents based on your workflow needs
- Each agent file contains initialization instructions and required resources
- Review agent definitions in
-
Load skills and templates:
- Agents reference skills and templates from this framework
- Ensure your AI assistant has access to these directories
- Skills are loaded at agent session start
Example: Starting a Development Sprint
-
Tech Lead Agent creates sprint plan:
- Loads:
sprint-planning-skill.md,story-readiness-verification-skill.md - Uses MCP: GitHub (issue tracking), Django (architecture)
- Outputs:
sprint-plan-template.md
- Loads:
-
Coding Agent implements features:
- Loads:
secure-coding-skill.md(ALWAYS FIRST) - Uses MCP: Django (primary), Azure SDK, Semgrep (self-review)
- Performs security self-check before completion
- Loads:
-
Code Inspector reviews implementation:
- Loads:
code-review-checklist-skill.md - Uses MCP: Django (framework best practices)
- Outputs:
code-review-report-template.md - Max 5 iterations with Coding Agent
- Loads:
-
Security Agent scans code:
- Loads:
secure-coding-skill.md,secrets-detection-skill.md - Uses MCP: Semgrep (automated scanning - PRIMARY)
- Outputs:
security-review-report-template.md - BLOCKS commit on critical issues
- Loads:
-
QA Lead validates quality:
- Loads:
test-case-design-skill.md - Uses MCP: Playwright (UI testing)
- Outputs:
test-plan-template.md - Confirms all quality gates passed
- Loads:
Tech Lead (Coordinator)
β
Coding Agent (Implementation)
β
Code Inspector (Quality Review) ββ Max 5 iterations total
β β
ββββββββββββββββββββββββββββββββ
Security Agent (Security Gate)
β
QA Lead (Quality Validation)
β
β
Ready for Commit
- Security-First: Every developer agent loads secure-coding-skill.md FIRST
- Iteration Control: Max 5 combined iterations before user escalation
- Blocking Gates: Security Agent blocks commits on critical issues
- Separation of Concerns: Each agent has specific, non-overlapping responsibilities
- Skill Modularity: Skills are reusable across multiple agents
- Template Standardization: Consistent outputs across all agent sessions
- MCP Integration: Real-time access to tools and documentation
Development Workflow:
- Tech Lead coordinates β Coding Agent implements β Code Inspector reviews (iterations) β Security Agent scans β QA Lead validates
Research Workflow:
- Research Manager coordinates β Research Agents investigate β Research Manager synthesizes
Planning Workflow:
- Business Analyst gathers requirements β Task Manager decomposes epics β Tech Lead plans sprints
UX Workflow:
- UX/UI Agent evaluates β Security Agent validates accessibility β QA Lead tests user flows
- agents/README.md: Complete agent catalog with capabilities
- skills/README.md: Skill library reference
- templates/README.md: Template usage guide
- mcp-servers/README.md: MCP server inventory
- mcp-servers/SETUP-GUIDE.md: Detailed MCP setup
- docs/DEVELOPMENT-AGENTS-ENHANCEMENT-SUMMARY.md: Framework design document
- Create new agent definition in
agents/directory - Define purpose, capabilities, skills, and MCP servers
- Specify initialization instructions and session management
- Document agent's role in workflow coordination
- Create markdown file in
skills/directory - Include clear purpose, capabilities, and usage examples
- Provide code samples, checklists, or procedures
- Reference from agent definitions
- Create template in
templates/directory - Use structured format with clear sections
- Include agent-specific guidance
- Add to
templates/README.mdcatalog
- Create config file in
mcp-servers/directory - Define capabilities and use cases
- Document installation and setup
- Update
mcp-servers/README.mdandSETUP-GUIDE.md - Reference from relevant agents
This framework implements security at multiple levels:
- Secure Coding Skill: Loaded by all development agents as first priority
- Secrets Detection: Pattern-based scanning for exposed credentials
- Dependency Security: CVE scanning with safety/pip-audit
- Automated Scanning: Semgrep integration for OWASP Top 10
- GDPR Compliance: Data protection checks in Security Agent
- No Tolerance Policy: Critical security issues BLOCK commits
- Iteration Limits: Max 5 iterations prevents infinite security fix loops
Required Tools:
- Semgrep:
brew install semgreporpip install semgrep(v1.151.0+) - Playwright: Configured via MCP server for UI testing
- pytest: For Python test execution
Security Scanning Examples:
# Full security scan
semgrep scan --config=auto
# Django-specific scan
semgrep scan --config=python.django
# Secrets only
semgrep scan --config=secrets
# OWASP Top 10
semgrep scan --config=owasp-top-tenTest Coverage Requirements:
- Overall: 80%+ coverage
- Critical paths: 100% coverage
- Security functions: 100% coverage
Input: "Implement user profile password reset with Azure Key Vault"
Tech Lead:
- Creates sprint plan with security requirements
- Assigns to Coding Agent
- Configures Security Agent gate
Coding Agent:
- Loads secure-coding-skill.md FIRST
- References Azure MCP for Key Vault patterns
- Implements password reset with:
- Secrets stored in Key Vault (never code/env vars)
- CSRF protection
- Rate limiting
- Audit logging
- Performs security self-check before completion
Code Inspector:
- Reviews code quality and functionality
- Confirms test coverage >80%
- Validates Django best practices
- PASS β sends to Security Agent
Security Agent:
- Runs Semgrep scan
- Checks for secrets exposure
- Validates Azure Key Vault configuration
- GDPR compliance check
- PASS β ready for QA
QA Lead:
- Creates test plan
- Executes automated tests (Playwright)
- Validates all acceptance criteria
- PASS β ready for commit β
Input: "Should we use Django or FastAPI for our API backend?"
Research Manager:
- Creates research task breakdown
- Assigns comparative analysis to Research Agents
Research Agents:
- Load comparative-analysis-skill.md
- Use Python Docs MCP for documentation
- Research performance, scalability, ecosystem
- Output: research-report-template.md
Research Manager:
- Synthesizes findings
- Provides recommendation with evidence
- Documents trade-offs
Tech Lead:
- Reviews research
- Makes architecture decision
- Documents in sprint plan
Contributions welcome! This framework is designed to be extended and customized for various workflows.
Areas for Contribution:
- New agent definitions for different domains
- Additional skills for emerging technologies
- MCP server configurations for popular tools
- Template improvements and new formats
- Documentation and usage examples
Guidelines:
- Follow existing agent/skill/template structure
- Include clear documentation
- Provide usage examples
- Test with real workflows
- Update relevant README files
[Choose your license: MIT, Apache 2.0, etc.]
Built on the Model Context Protocol (MCP) standard for AI agent integration with tools and data sources.
- Issues: GitHub Issues
- Discussions: GitHub Discussions
- Documentation: See
docs/directory for detailed guides
Version: 1.0.0
Last Updated: 2026-02-15
Status: Production Ready