# End-to-End AI Development Workflow: A Multi-Agent Collaborative Code Review and Security Audit System

> This article introduces a complete AI development workflow plugin based on Claude Code, which automates the entire process from ticket management to multi-agent code review, security audit, and automatic PR creation, demonstrating the practical application of long-running AI agents in software development.

- 板块: [Openclaw Llm](https://www.zingnex.cn/en/forum/board/openclaw-llm)
- 发布时间: 2026-05-18T09:18:13.000Z
- 最近活动: 2026-05-19T09:23:47.187Z
- 热度: 133.9
- 关键词: AI开发工作流, 多智能体, 代码审查, 安全审计, Claude Code, 自动化PR, 智能体协作
- 页面链接: https://www.zingnex.cn/en/forum/thread/ai-6a342934
- Canonical: https://www.zingnex.cn/forum/thread/ai-6a342934
- Markdown 来源: floors_fallback

---

## Introduction: End-to-End AI Development Workflow—Multi-Agent Collaborative Code Review and Security Audit System

This article introduces the simple-workflow plugin based on Claude Code, which automates the entire process from ticket management to multi-agent code review, security audit, and automatic PR creation, demonstrating the practical application of long-running AI agents in software development. Built on the Harness framework, this system addresses the context loss issue of single-point AI tools and drives the transformation of AI-powered software development paradigms.

## Evolutionary Background of AI-Driven Software Development

The software development field is undergoing an AI-driven transformation, but most AI tools remain at the "single-point assistance" level. Developers need to switch tools frequently, leading to context loss and limited efficiency improvement. A true transformation requires systematic workflow reconstruction, enabling AI to coordinate multi-agents, manage the complete process, and maintain cross-session context continuity. The simple-workflow project is the practice of this vision.

## System Architecture and Overview of Core Modules

simple-workflow is a Claude Code plugin based on the Harness framework, which is designed specifically for long-running AI agents and provides strict context management and cross-session learning capabilities. The system includes four core modules:
- **Ticket Management Module**: Receives, classifies, and prioritizes development tasks, integrates Jira/GitHub Issues to synchronize status;
- **Multi-Agent Code Review Module**: Introduces multiple specialized review agents covering dimensions such as code style and architecture design;
- **Security Audit Module**: Identifies code security vulnerabilities and risks, integrates static analysis tools and AI reasoning;
- **Automatic PR Creation Module**: Packages the reviewed code into a PR, generates a description document, and assigns reviewers.

## Multi-Agent Collaboration Mechanism

The multi-agent architecture is the core design concept of the system, which decomposes complex tasks into specialized agents:
- **Coordination Agent**: Responsible for task allocation and result aggregation, breaks down large tasks into professional agents and integrates outputs;
- **Professional Agents**: Include code style, architecture, performance, security, and testing agents, each focusing on specific review dimensions;
Agents communicate via a structured message protocol, and the coordination agent ensures correct information flow, avoiding duplication or omission.

## Context Management and Cross-Session Learning

The Harness framework provides powerful context management capabilities:
- **Strict Context Management**: Structurally stores intermediate results, decision history, and external dependencies to ensure agents get the required information and avoid context overflow;
- **Cross-Session Continuity**: Supports state persistence, allowing workflows to progress across multiple interactions, and agents learn and improve from past sessions;
- **Knowledge Accumulation Mechanism**: Automatically records problem patterns, best practices, and team preferences to form a knowledge base, improving review quality and team adaptability.

## Deep Integration of Security Audit

The security audit module practices the "shift-left security" concept, identifying and fixing security issues early in development, combining multiple technologies:
- **Static Application Security Testing (SAST)**: Integrates leading static analysis tools to scan for known vulnerabilities;
- **Dependency Vulnerability Scanning**: Checks for vulnerabilities in third-party libraries and recommends upgrades or replacements;
- **AI Semantic Analysis**: Identifies complex business logic vulnerabilities (e.g., permission bypass, race conditions);
- **Secret Detection**: Scans for sensitive information leaks;
- **Compliance Check**: Evaluates code compliance with standards like OWASP Top10 and CWE;
The output includes a list of issues, risk assessment, repair suggestions, and reference resources.

## Automated PR Workflow

After passing the review, the system automatically completes the PR creation process:
- Generate PR Description: Based on code changes and review history, including change motivation, implementation details, and test results;
- Select Reviewers: Intelligently recommend based on code domain and team members' professional directions;
- Link Tickets: Establish a connection between the PR and the original ticket, update status;
- Run CI/CD: Trigger continuous integration to ensure no existing functions are broken;
- Notify Relevant Personnel: Notify the team of the new PR creation via the messaging system;
This automation reduces developers' administrative burden, allowing them to focus on creative work.

## Practical Recommendations and Future Outlook

**Practical Recommendations**:
- Gradual Adoption: Start with a single module and expand gradually;
- Customize Agents: Customize review agents according to the team's tech stack;
- Human-AI Collaboration: Use AI as a supplement, retain human final decision-making power;
- Continuous Optimization: Review results, collect team feedback to adjust standards;
- Security Boundaries: Clarify AI permissions, sensitive operations require manual review;
**Future Outlook**: As multi-agent collaboration and context management technologies mature, more intelligent task decomposition, precise review suggestions, and seamless human-AI collaboration will be achieved, driving fundamental improvements in software development efficiency and quality.