Home/Products/Agentic SDLC

Agentic SDLC

Your idea walks in. Six agents research, plan, code, audit, document, and commit. A pull request walks out, waiting for your approval.

Built across two layers: the AI-Powered SDLC Engine is complete, open source, and runs today. The AI-Powered Dev Platform is in active development, wrapping the engine with multi-tenant infrastructure, E2B sandboxing, and billing. The hard engineering is done. The product wrapper is next.

Plain English
WHAT YOU WRITE
6 Autonomous Agents
WHAT HAPPENS
Pull Request
WHAT YOU REVIEW
1 RE PL CO AU ×3 DO CM PR Goal IN Pull Req. OUT AUTOMATED Research STEP 1 Plan STEP 2 Code STEP 3 Audit ×3 QUALITY GATE Document STEP 5 Commit STEP 6 ALL STEPS AUTOMATED · NO HUMAN IN THE LOOP
18 months
BUILT
137 tests
VERIFIED
9 providers
RESILIENT
0 manual steps
SPEC TO PR
SDLC Engine · Open Source · Live Dev Platform · In Development Request access from Admin ↗
Layer 2
AI-Powered Dev Platform
Multi-tenant Python wrapper. Handles auth, billing, E2B sandboxing, and queue management so users can submit any repo and get results without self-hosting. E2B is mandatory here: you cannot trust FileGuardian when strangers' code runs on your server.
Node.js Express Redis Queue Postgres E2B Sandboxing JWT Auth Razorpay / Stripe SSE Telemetry
Planner Implementer Reviewer Test Author Doc Writer PR Summariser
In Development — architecture designed, not yet built
wraps and exposes ↓
Layer 1
AI-Powered SDLC Engine
The production multi-agent core. Self-hostable, single-user, operates on any Node.js repo. Extracted from 18 months of production work. 137 tests. This is the hard part and it is done.
Node.js 18+ CommonJS Express SQLite Blackboard 9-provider LLM failover SHA-256 cache SSE streaming FileGuardian
Researcher Perceptor Architect Coder Auditor Documenter
137 tests · Request access from Admin
My role
Solo — architecture, multi-agent engine, security design, product roadmap, dashboard.
Related
Agentic Patterns (Theory) · Agentic Systems (Scaffolds) · Agent SaaS Boilerplate (Template)
AI-Powered SDLC Engine — Built

AI-Powered SDLC Engine

Why it was built this way

After 5 years in enterprise IT operations, I watched the same failure pattern repeat across every support queue I managed. Bugs were rarely caused by bad code in isolation. They came from handoff failures: a planner who did not communicate constraints to the implementer, a reviewer who missed the edge case the tester would have caught, documentation that was never updated after the fix.

When I started learning AI engineering in 2024, the obvious first question was: can agents fix this? Not code autocomplete. Not a chatbot that writes functions. A full autonomous pipeline where a plain-English spec flows through planning, implementation, review, testing, documentation, and commit without a human touching the keyboard between stages.

That is what the AI-Powered SDLC Engine is. Node.js, six agents, SQLite state, nine-provider failover. It runs today.

How it works: step by step

  • Step 1: Researcher maps the target repository using AST-based code graph. Ingests the full codebase with Moonshot's 256K-window model (moonshot-v1-128k), identifies which files are relevant to the goal, writes a structured context map to the Blackboard.
  • Step 2: Perceptor reads the Researcher's output and triages the goal: Is it a bug fix, a new feature, a refactor? Scores complexity and sets priority flags that constrain what the Architect is allowed to plan.
  • Step 3: Architect produces a step-by-step implementation plan: which files to touch, what functions to add or modify, what edge cases to cover. Writes this as structured JSON to the Blackboard that the Coder reads directly.
  • Step 4: Coder executes the plan. Uses kimi-k2.6 as primary (high-fidelity agentic code generation), falling over to Bedrock Qwen3-Coder, then the rest of the nine-provider chain.
  • Step 5: Auditor (up to 3 iterations) reviews the Coder's output against the original plan and DNA contracts. If it finds issues, it sends the Coder back with specific instructions. After three clean passes or three failures, it exits the loop with a verdict.
  • Step 6: Documenter + auto-commit reads the final diff, updates the relevant docs and README sections, then the engine commits everything atomically with a structured commit message.

Five engineering decisions worth reading

1. Per-role model allocation

Every agent gets the model that fits its job, not a one-size-fits-all default. Researcher needs a 256K window to ingest a full codebase in one shot. Perceptor uses a fast 8K model because triage is cheap. Coder and Auditor use kimi-k2.6 because code generation needs the highest-fidelity reasoning available.

// From BaseAgent.js - actual production allocation
// Researcher: moonshot-v1-128k  (256K window for repo-wide ingestion)
// Perceptor:  moonshot-v1-8k    (fast triage and priority scoring)
// Architect:  moonshot-v1-8k    (rapid planning and critique)
// Coder:      kimi-k2.6         (high-fidelity agentic code generation)
// Auditor:    kimi-k2.6         (deep verification and DNA compliance)

2. MoonshotLimiter: RPM + concurrency semaphore

Moonshot Tier 0 allows 20 RPM and concurrency 3. Naive clients exceed both constantly. MoonshotLimiter maintains a sliding 60-second RPM window and a concurrency semaphore. Requests queue cleanly instead of failing with 429s.

class MoonshotLimiter {
  constructor() {
    this.active    = 0;
    this.maxActive = 3;
    this.queue     = [];
    this.history   = [];
  }
  async acquire() {
    return new Promise(resolve => {
      this.queue.push(resolve);
      this._pump();
    });
  }
  async _pump() {
    if (this.queue.length === 0 || this.active >= this.maxActive) return;
    const now = Date.now();
    this.history = this.history.filter(t => now - t < 60_000);
    if (this.history.length >= 20) {
      const delay = (this.history[0] + 60_000) - now + 100;
      setTimeout(() => this._pump(), delay);
      return;
    }
    this.active++;
    this.history.push(Date.now());
    this.queue.shift()();
  }
  release() { this.active--; this._pump(); }
}

3. Session-level circuit breaker

Once a provider exhausts every model in its chain during a run, it is skipped for the rest of the session. No wasted tokens retrying providers already known to be down. Operator manual overrides via a providerOverrides singleton let you flip a provider out of rotation without restarting the process.

4. SHA-256 response cache

Cache key is SHA-256(systemPrompt + '\x00' + prompt). Exact match required, so stale results are impossible. Saves real tokens on the Auditor re-reviewing unchanged files, or the Researcher fetching the same query twice in one session.

function _cacheKey(sys, prompt) {
  return crypto
    .createHash('sha256')
    .update(sys + '\x00' + prompt)
    .digest('hex');
}

5. Durable Blackboard (SQLite)

All agent state lives in Blackboard.js backed by SQLite with full ACID guarantees. If the process crashes mid-pipeline, state survives. Agents never pass context through function arguments or in-memory globals — everything flows through Blackboard methods. This enforces a clean separation between agents and makes the full run observable and replayable.

Two modes

# Self-mode: operates on its own repo
node index.js --goal "add a health check endpoint"

# External mode: operates on any target project
node index.js --project /path/to/target --goal "fix the failing tests"

The same pipeline that improves AI-SDLC itself can be pointed at any other Node.js repo.

Quick start

# Repo private during beta — request access from Admin (adiyogibooks@gmail.com)
cd ai-sdlc
npm install
cp .env.example .env   # add at least one LLM API key
npm test               # 137 tests, no external services needed
node index.js --goal "add a README badge"

Ollama is the local final-fallback — no API key required. If you have Ollama running at localhost:11434, the pipeline keeps working even with no cloud keys set.

The Six-Agent Pipeline

Goal in. Research, plan, code, audit (x3), document, commit out.

Live Pipeline Simulator — SDLC Engine
Watch the six-agent Node.js chain execute. Goal in, commit out. These are the real agent names from the source code.
1. Researcher
2. Perceptor
3. Architect
4. Coder
5. Auditor (x3)
6. Documenter + commit
sdlc-pipeline-console
[system] Console ready. Press Run to start.
Request access from Admin ↗
AI-Powered Dev Platform — In Development

AI-Powered Dev Platform

The AI-Powered SDLC Engine is self-hosted. You clone it, add API keys, and run it on your own machine or server. That works for a solo developer. It does not work for a hosted product where strangers submit repositories and expect isolated, safe execution.

The AI-Powered Dev Platform is the hosted product wrapper. Node.js, Express, Postgres, Redis, E2B sandboxing, JWT auth, billing. It extends the SDLC Engine directly — same language, same codebase, no rebuild. Here is the architectural reasoning behind each choice:

  • E2B sandboxing is mandatory, not optional. FileGuardian and git isolation protect the server from the engine's own actions. They cannot protect you when a stranger submits code that intentionally tries to escape scope. E2B gives each job a disposable VM that cannot reach shared infrastructure. This was the key lesson from 5 years of watching what happens when execution escapes its intended scope at 2am.
  • Postgres replaces SQLite at scale. SQLite breaks under concurrent write load. For a multi-tenant product running dozens of jobs simultaneously, Postgres with proper connection pooling is the correct store.
  • Redis queue for job isolation. Each submitted job gets a dedicated SSE queue. Results stream back to the submitting client without leaking state across sessions.
  • Agent rename is a UX decision. The SDLC Engine agents are named for what they do internally (Researcher, Perceptor, Architect). The Dev Platform agents are named for what they look like to a customer (Planner, Implementer, Reviewer). Same pipeline logic, different interface contract.
"The AI-Powered SDLC Engine is the hard part and it is done. The Python hosting wrapper is standard SaaS plumbing. The engineering challenge was the engine. The Dev Platform is a product decision."
Product Pipeline Demo — Dev Platform
Illustrative of the planned product UX. These agent names (Planner, Implementer, etc.) represent the customer-facing interface of the Dev Platform, sitting above the SDLC Engine.
1. Planner
2. Implementer
3. Reviewer
4a. Test Author
4b. Doc Writer
5. PR Summariser
product-pipeline-console
[system] Console ready. Awaiting pipeline execution.

Product Engine Architecture

The hosted product takes a feature specification and resolves it through a Directed Acyclic Graph of five product-facing agents. The DAG is not a fixed linear chain: the scheduler calculates execution order at runtime, fires independent agents concurrently, and enforces gates so no agent starts before its dependencies complete. Test Author and Doc Writer fire simultaneously after Reviewer completes because they have no dependency on each other.

Core Pipeline Flow & Sandbox States

Interactive Architecture Explorer — Dev Platform
Click any node to view the architectural decision and trade-offs behind it.
Kahn's Scheduler LLM Failover Router Idempotency Cache

Kahn's DAG Scheduler

Resolves agent execution order dynamically based on declared dependencies. Independent agents (Test Author and Doc Writer) fire concurrently after Reviewer completes. Maximum parallelization, minimum wall-clock time.

function resolveTopologicalOrder(nodes, dependencies) { const inDegree = Object.fromEntries(nodes.map(u => [u, 0])); const adj = Object.fromEntries(nodes.map(u => [u, []])); for (const [u, v] of dependencies) { adj[u].push(v); inDegree[v]++; } const queue = nodes.filter(u => inDegree[u] === 0); const order = []; while (queue.length) { const u = queue.shift(); order.push(u); for (const v of adj[u]) { if (--inDegree[v] === 0) queue.push(v); } } return order; }

LLM Failover Router

Monitors downstream LLM provider latencies and failure rates. If a provider trips a circuit breaker, traffic routes automatically to the next fallback. The pipeline never stops for a single API outage.

async function callWithFallback(prompt, providers) { for (const provider of providers) { if (circuitBreaker.isOpen(provider)) continue; try { return await provider.generate(prompt); } catch (err) { circuitBreaker.recordFailure(provider); } } throw new Error('All providers exhausted.'); }

SHA-256 Idempotency Cache

Computes a SHA-256 hash of agent input state. Identical requests return cached results at zero LLM cost. Saves real tokens on repeated Auditor passes over unchanged code.

const crypto = require('crypto'); function getIdempotencyKey(agentName, inputs) { const raw = `${agentName}:${JSON.stringify(inputs, Object.keys(inputs).sort())}`; return crypto.createHash('sha256').update(raw).digest('hex'); } const key = getIdempotencyKey(this.name, currentState); const cached = await cache.get(key); if (cached) return cached; // Zero LLM cost
← All Products Request access from Admin ↗