50+ specialized AI agents that analyze repos and help you find:
- security vulnerabilities
- architecture smells
- testing gaps
- documentation drift
- maintainability risks
These agents are organized into 10 analysis phases and are designed to review code, not modify it.
They generate structured findings so you can spot problems faster and decide what to fix next.
This project is not another agent framework.
Instead of building a generic AI assistant, this repo focuses on very narrow agents that each perform a specific analysis on a project.
Think of them as automated code reviewers.
(Ensure code runs and behaves correctly at a basic level)
- Syntax Bug – Static Lint Agent - Checks syntax, unmatched symbols, and malformed code
- Logic Bug – Heuristic Reasoner Agent - Detects wrong conditions, early returns, and inverted logic
- Runtime Bug – Crash Pattern Agent - Predicts crashes: null deref, divide-by-zero, unguarded calls
- Integration Bug – Contract Diff Agent - Compares API specs vs implementation (fields, types, codes)
- Bohrbug – Deterministic Failure Agent - Finds logic paths that always fail, like missing defaults
- Heisenbug – Flake Risk Agent - Flags non-determinism (time, random, race conditions)
- Dead Code – Unused Things Agent - Finds unreachable code, unused vars, or orphan assets
(Check for unnecessary work and structural cost)
- Performance Bug – Static Cost Agent - Scans loops, repeated queries, and missing caching
- Performance Regression – Benchmark Drift Agent - Compares diffs to catch new loops, heavy joins, or cache removals
- Resource Memory Bug – Leak Concurrency Agent - Detects memory leaks and concurrency issues
- Resource Usage – Infrastructure Cost Agent - Detects over-provisioned, always-on, or idle expensive infra
(Ensure scalable, maintainable structure before integration)
- Architecture Smell Radar Agent - Detects god classes, layer leakage, anemic domains, util dumps
- Dependency Graph & Cycles Agent - Maps imports, finds cycles, and bad dependency directions
- Layer Boundary & Ownership Agent - Checks domain ↔ infra leaks, controllers using SQL, missing owners
- Coupling & Cohesion Agent - Flags tight coupling, low cohesion, utility bloat
- Public API Surface Slimming Agent - Finds unused exports, wide DTOs, and re-export barrels
- Transaction & Consistency Agent - Ensures data writes are atomic, idempotent, and consistent
- Caching Strategy Coherence Agent - Validates key schemes, TTLs, invalidations, SWR consistency
- Error-Handling Policy Agent - Standardizes error envelopes, status codes, and logging
- Duplication & Abstraction Agent - Spots copy-paste logic, repeated SQL, and missing abstractions
- Refactoring Opportunity Planner Agent - Aggregates signals from above to rank high-impact refactors
- Proactive Improvement Ideas Agent (Optional) - Suggests architectural improvements based on patterns
(Verify boundaries between systems and data accuracy)
- Integration Bug – Interface Consistency Agent - Compares API specs vs implementation (fields, types, codes)
- Data Quality Bug – Validation Agent - Checks schema alignment, nullability, and referential integrity
- Environment or Config Bug – Parity Agent - Detects mismatched .env, Docker, and manifest versions
- Configuration Hygiene Agent - Flags secrets in config, unused keys, debug flags, or wrong paths
- Hardcoded Config Value Agent - Detects hardcoded configuration values in code
(Check provenance, safety, and license health)
- Dependency Bug – Version & License Agent - Finds version drift, deprecated libs, and license issues
- Dependency Supply-Chain Integrity Agent - Adds trust checks: typosquats, unsigned packages, inactive maintainers
(Validate that builds are reproducible and correct)
- IaC Policy Drift Agent - Detects infrastructure as code configuration drift
- Build CI Bug – Pipeline Rules Agent - Checks pipeline steps, caching, triggers, and secret handling
- Migration Safety Agent - Validates database migration safety and rollback procedures
- Build Artifact Drift Agent - Ensures built outputs match manifests, versions, and checksums
- Backup & Restore Readiness Agent - Validates backup strategies and restore procedures
(Guardrails for safe, legal, and observable systems)
- Security Bug – Static Vulnerability Agent - Detects injections, hardcoded secrets, weak crypto
- Accessibility & Compliance Agent - Validates WCAG, GDPR, cookie consent, data-deletion rights
- Data Lineage & PII Mapping Agent - Maps data flow and identifies PII handling gaps
- Observability Bug – Telemetry Agent - Checks for proper logs, metrics, and tracing on key paths
- Feature Flag Bug – Toggle Consistency Agent - Ensures flags exist, are consistent, and not inverted across envs
- LLM / Prompt Safety Agent - Identifies prompt injection risks and AI safety issues
- Multi-Tenancy Isolation Agent - Validates tenant data isolation and access controls
- Rate Limit & Abuse Guard Agent - Checks for proper rate limiting and abuse prevention
(Guarantee portability across OS, runtimes, browsers)
- Compatibility Agent - Detects deprecated APIs, file-separator bugs, or missing fallbacks
- Mobile App Permissions Agent - Analyzes mobile app permissions and privacy compliance
(Verify truth, clarity, and user experience)
- Test Coverage & Integrity Agent - Lists untested or misleading test areas
- Documentation Drift – Docs vs Code Agent - Finds differences between docs, comments, and code behavior
- API Deprecation Lifecycle Agent - Ensures APIs evolve safely with proper deprecation
- UI/UX Bug – Interface Structure Agent - Checks accessibility, overlap, z-index, labels, and color contrast
- Localization Bug – i18n/L10n Agent - Detects hardcoded strings, missing locales, or format errors
- Critical Unit Test Prioritization Agent - Ranks missing unit tests by criticality with impact rationale
- Mobile UI/UX Critical Changes Agent - Prioritizes critical mobile UI/UX improvements with rationale and creative suggestions
(Summarize all results for decision-making)
- Audit Orchestrator Agent - Collects all findings, deduplicates overlaps, ranks by severity and confidence
Each agent is designed to be run independently or as part of a comprehensive audit. They follow a read-only approach - they analyze code and artifacts without making changes, providing detailed reports that developers can use to prioritize improvements.
Each agent follows a consistent methodology:
- Goal: Clear objective of what the agent analyzes
- Method: Systematic approach to examining code and artifacts
- What to Look For: Specific patterns and issues to identify
- Expected Output Format: Structured, readable findings
- Output Rules: Guidelines for reporting results
- Severity & Confidence: Framework for prioritizing findings
- No Code Modification: Agents only read and analyze, never modify
- Structured Output: Consistent, readable format for all findings
- Severity & Confidence: Clear prioritization framework
- Comprehensive Coverage: From syntax to security to user experience
- Systematic Approach: Each agent has clear methodology and scope
- Development Teams: Looking to systematically improve code quality
- DevOps Engineers: Validating build, deployment, and infrastructure practices
- Security Teams: Identifying vulnerabilities and compliance gaps
- QA Teams: Enhancing test coverage and documentation accuracy
- Architects: Ensuring maintainable, scalable system design
This repository is designed as a comprehensive toolkit for software quality analysis. Each agent is self-contained with clear documentation and can be extended or customized for specific project needs.
⭐ If you find this project useful, consider starring the repository.
This repository provides a systematic approach to software quality assurance, helping teams identify and address issues across the entire development lifecycle.