ldraney/claude-custom
1
0
Fork 0
Code Issues 32 Pull requests Projects Releases Packages Wiki Activity Actions

Add DevOps, Frontend-QA, Dev-QA, DevOps-QA agent configs #100

Merged
forgejo_admin merged 3 commits from 99-agent-specialization-configs into main 2026-03-14 23:13:31 +00:00
Conversation 2 Commits 3 Files changed 9 +458 -6
forgejo_admin commented 2026-03-14 22:22:18 +00:00
Contributor
Copy link

Summary

Deploy domain-specialized agent configs for the 6-to-9 agent model split. Adds DevOps execution agent, three domain-specific QA agents (Frontend-QA, Dev-QA, DevOps-QA), narrows Dev-Backend to exclude IaC, and deprecates the generalist QA agent.

Changes

  • agents/devops.md — New DevOps execution agent config (Terraform/Salt/k8s/ArgoCD/Helm, worktree isolation, tofu constraints, secrets pipeline awareness)
  • agents/frontend-qa.md — New Frontend-QA expert reviewer (a11y, perf, responsive, UX, Impeccable compliance; read-only with block-write-tools.sh hook)
  • agents/dev-qa.md — New Backend Dev-QA expert reviewer (PEP, OWASP, SQLAlchemy, test coverage, DORA process audit; read-only with block-write-tools.sh hook)
  • agents/devops-qa.md — New DevOps-QA expert reviewer (TF state, k8s security, ArgoCD, Salt, CNPG; read-only with block-write-tools.sh hook)
  • agents/dev-backend.md — Narrowed scope: removed IaC, now Python/FastAPI/SQLAlchemy only, added constraint against writing Terraform/Salt/k8s
  • agents/qa.md -> agents/qa.md.deprecated — Generalist QA replaced by three domain specialists
  • schemas/agent-spawn-requirements.json — Registered all 4 new agent types with appropriate spawn gate patterns
  • settings.json — Updated SubagentStart matcher to include devops, frontend-qa, dev-qa, devops-qa

Test Plan

  • Validated YAML frontmatter in all 4 new agent files (python3 yaml.safe_load — all pass)
  • Validated JSON schema (python3 json.load — valid, all 8 types present)
  • Tested spawn gate hook accepts all new types with valid prompts (exit 0)
  • Tested spawn gate hook correctly denies new types with missing required patterns (deny output)
  • Verified qa.md renamed to qa.md.deprecated (git mv)

Review Checklist

  • All new agent .md files have valid YAML frontmatter
  • QA agents have disallowedTools and block-write-tools.sh hook
  • DevOps execution agent has worktree isolation and tofu constraints
  • Dev-Backend narrowed to exclude IaC scope
  • Spawn gate schema recognizes all new agent types
  • SubagentStart matcher updated in settings.json
  • Each agent references its pal-e-docs profile via get_note slug
  • No unrelated changes

Related

  • Plan: plan-pal-e-agency (traceability)
  • Forgejo issue: #99

Closes #99

## Summary Deploy domain-specialized agent configs for the 6-to-9 agent model split. Adds DevOps execution agent, three domain-specific QA agents (Frontend-QA, Dev-QA, DevOps-QA), narrows Dev-Backend to exclude IaC, and deprecates the generalist QA agent. ## Changes - `agents/devops.md` — New DevOps execution agent config (Terraform/Salt/k8s/ArgoCD/Helm, worktree isolation, tofu constraints, secrets pipeline awareness) - `agents/frontend-qa.md` — New Frontend-QA expert reviewer (a11y, perf, responsive, UX, Impeccable compliance; read-only with block-write-tools.sh hook) - `agents/dev-qa.md` — New Backend Dev-QA expert reviewer (PEP, OWASP, SQLAlchemy, test coverage, DORA process audit; read-only with block-write-tools.sh hook) - `agents/devops-qa.md` — New DevOps-QA expert reviewer (TF state, k8s security, ArgoCD, Salt, CNPG; read-only with block-write-tools.sh hook) - `agents/dev-backend.md` — Narrowed scope: removed IaC, now Python/FastAPI/SQLAlchemy only, added constraint against writing Terraform/Salt/k8s - `agents/qa.md` -> `agents/qa.md.deprecated` — Generalist QA replaced by three domain specialists - `schemas/agent-spawn-requirements.json` — Registered all 4 new agent types with appropriate spawn gate patterns - `settings.json` — Updated SubagentStart matcher to include devops, frontend-qa, dev-qa, devops-qa ## Test Plan - Validated YAML frontmatter in all 4 new agent files (python3 yaml.safe_load — all pass) - Validated JSON schema (python3 json.load — valid, all 8 types present) - Tested spawn gate hook accepts all new types with valid prompts (exit 0) - Tested spawn gate hook correctly denies new types with missing required patterns (deny output) - Verified qa.md renamed to qa.md.deprecated (git mv) ## Review Checklist - [x] All new agent .md files have valid YAML frontmatter - [x] QA agents have disallowedTools and block-write-tools.sh hook - [x] DevOps execution agent has worktree isolation and tofu constraints - [x] Dev-Backend narrowed to exclude IaC scope - [x] Spawn gate schema recognizes all new agent types - [x] SubagentStart matcher updated in settings.json - [x] Each agent references its pal-e-docs profile via get_note slug - [x] No unrelated changes ## Related - Plan: `plan-pal-e-agency` (traceability) - Forgejo issue: #99 Closes #99
Split agent model into domain-specialized execution and QA agents:
- agents/devops.md: DevOps execution agent (Terraform/Salt/k8s/ArgoCD)
- agents/frontend-qa.md: Frontend QA expert (a11y, perf, responsive, UX)
- agents/dev-qa.md: Backend Dev QA expert (PEP, OWASP, SQLAlchemy, tests)
- agents/devops-qa.md: DevOps QA expert (TF state, k8s security, ArgoCD)
- agents/dev-backend.md: Narrowed to Python/FastAPI only, IaC excluded
- agents/qa.md -> qa.md.deprecated: Generalist QA replaced by specialists
- schemas/agent-spawn-requirements.json: All 4 new types registered
- settings.json: SubagentStart matcher updated for new agent types

Closes #99

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-14 22:29:52 +00:00
Author
Contributor
Copy link

PR #100 Review

BLOCKERS

1. inject-subagent-context.sh does not handle any of the new agent types

The SubagentStart matcher in settings.json was correctly updated to include devops|frontend-qa|dev-qa|devops-qa, and the hook is invoked. However, the hook itself (hooks/inject-subagent-context.sh) was NOT updated. Its case statement only handles three types:

qa)     -> injects QA context
dev)    -> injects Dev context
general-purpose|dottie) -> injects Dottie context
*)      -> exit 0 (no context)

All four new agent types (devops, frontend-qa, dev-qa, devops-qa) fall through to the * wildcard and receive zero context injection. This also affects the pre-existing dev-backend and dev-frontend types from PR #96 -- they have the same gap.

The context injection includes critical guidance like "You MUST NOT use Write, Edit, or Bash tools" for QA agents. Without it, the QA agents rely solely on their .md frontmatter disallowedTools and PreToolUse hook, which is defense-in-depth but the context injection is a declared part of the enforcement architecture.

The hook needs case entries for at minimum:

  • devops (execution agent context)
  • frontend-qa|dev-qa|devops-qa (read-only QA context with tool restrictions)
  • dev-backend|dev-frontend (existing gap from PR #96)

This is a blocker because the hook update is listed as a deliverable scope item -- the SubagentStart matcher was updated in settings.json but the hook it routes to was not updated to match.

NITS

  1. qa type still active in spawn schema: agent-spawn-requirements.json retains the qa type entry, and the SubagentStart matcher still includes qa. Since qa.md was renamed to qa.md.deprecated, spawning a qa agent will fail (no config file found) or fall back to unknown behavior. Consider either removing qa from the schema or adding a note that it is deprecated. Not blocking -- the deprecation is documented in the PR body.

  2. betty-sue.md stale agent references: agents/betty-sue.md line 73-75 references agent-dev and agent-qa in its Related section. These are now deprecated names. Should reference the new specialized agents. Non-blocking since this file is not in the PR scope, but worth a follow-up issue.

  3. Impeccable with capital I: frontend-qa.md description says "Impeccable compliance" with a capital I. This reads like a branded term (which may be intentional for the Impeccable design system). If intentional, fine. If not, lowercase it.

SOP COMPLIANCE

  • Branch named after issue (99-agent-specialization-configs references issue #99)
  • PR body has: ## Summary, ## Changes, ## Test Plan, ## Related
  • Related section references plan-pal-e-agency (traceability)
  • Closes #99 present in PR body
  • No secrets, .env files, or credentials committed
  • No unnecessary file changes -- all 8 files are in scope
  • Review Checklist included and checked
  • All agent configs reference pal-e-docs profile slugs (agent-devops, agent-dev-qa, agent-frontend-qa, agent-devops-qa) -- these notes must exist in pal-e-docs or the agents will fail on first instruction. Cannot verify from this repo.

PROCESS OBSERVATIONS

  • The three QA agent configs are structurally consistent with each other and with the deprecated qa.md. Good template discipline.
  • The DevOps execution agent mirrors dev-backend.md and dev-frontend.md structure well. The tofu plan PR template requirement is a good domain-specific addition.
  • The dev-backend.md narrowing (removing IaC, adding constraint against Terraform/Salt/k8s) cleanly complements the new DevOps agent. No overlap in declared scope.
  • Spawn gate patterns for all three QA types correctly require both issue and PR references, matching the existing qa pattern.

VERDICT: NOT APPROVED

One blocker: the inject-subagent-context.sh hook must be updated to handle the four new agent types (and ideally the two pre-existing types from PR #96 that also fall through). The SubagentStart matcher routes to the hook, but the hook silently drops the new types.

## PR #100 Review ### BLOCKERS **1. `inject-subagent-context.sh` does not handle any of the new agent types** The SubagentStart matcher in `settings.json` was correctly updated to include `devops|frontend-qa|dev-qa|devops-qa`, and the hook is invoked. However, the hook itself (`hooks/inject-subagent-context.sh`) was NOT updated. Its `case` statement only handles three types: ``` qa) -> injects QA context dev) -> injects Dev context general-purpose|dottie) -> injects Dottie context *) -> exit 0 (no context) ``` All four new agent types (`devops`, `frontend-qa`, `dev-qa`, `devops-qa`) fall through to the `*` wildcard and receive **zero context injection**. This also affects the pre-existing `dev-backend` and `dev-frontend` types from PR #96 -- they have the same gap. The context injection includes critical guidance like "You MUST NOT use Write, Edit, or Bash tools" for QA agents. Without it, the QA agents rely solely on their `.md` frontmatter `disallowedTools` and PreToolUse hook, which is defense-in-depth but the context injection is a declared part of the enforcement architecture. The hook needs `case` entries for at minimum: - `devops` (execution agent context) - `frontend-qa|dev-qa|devops-qa` (read-only QA context with tool restrictions) - `dev-backend|dev-frontend` (existing gap from PR #96) This is a **blocker** because the hook update is listed as a deliverable scope item -- the SubagentStart matcher was updated in `settings.json` but the hook it routes to was not updated to match. ### NITS 1. **`qa` type still active in spawn schema**: `agent-spawn-requirements.json` retains the `qa` type entry, and the SubagentStart matcher still includes `qa`. Since `qa.md` was renamed to `qa.md.deprecated`, spawning a `qa` agent will fail (no config file found) or fall back to unknown behavior. Consider either removing `qa` from the schema or adding a note that it is deprecated. Not blocking -- the deprecation is documented in the PR body. 2. **betty-sue.md stale agent references**: `agents/betty-sue.md` line 73-75 references `agent-dev` and `agent-qa` in its Related section. These are now deprecated names. Should reference the new specialized agents. Non-blocking since this file is not in the PR scope, but worth a follow-up issue. 3. **Impeccable with capital I**: `frontend-qa.md` description says "Impeccable compliance" with a capital I. This reads like a branded term (which may be intentional for the Impeccable design system). If intentional, fine. If not, lowercase it. ### SOP COMPLIANCE - [x] Branch named after issue (`99-agent-specialization-configs` references issue #99) - [x] PR body has: ## Summary, ## Changes, ## Test Plan, ## Related - [x] Related section references `plan-pal-e-agency` (traceability) - [x] `Closes #99` present in PR body - [x] No secrets, .env files, or credentials committed - [x] No unnecessary file changes -- all 8 files are in scope - [x] Review Checklist included and checked - [ ] All agent configs reference pal-e-docs profile slugs (`agent-devops`, `agent-dev-qa`, `agent-frontend-qa`, `agent-devops-qa`) -- these notes must exist in pal-e-docs or the agents will fail on first instruction. Cannot verify from this repo. ### PROCESS OBSERVATIONS - The three QA agent configs are structurally consistent with each other and with the deprecated `qa.md`. Good template discipline. - The DevOps execution agent mirrors `dev-backend.md` and `dev-frontend.md` structure well. The `tofu plan` PR template requirement is a good domain-specific addition. - The `dev-backend.md` narrowing (removing IaC, adding constraint against Terraform/Salt/k8s) cleanly complements the new DevOps agent. No overlap in declared scope. - Spawn gate patterns for all three QA types correctly require both issue and PR references, matching the existing `qa` pattern. ### VERDICT: NOT APPROVED One blocker: the `inject-subagent-context.sh` hook must be updated to handle the four new agent types (and ideally the two pre-existing types from PR #96 that also fall through). The SubagentStart matcher routes to the hook, but the hook silently drops the new types.
The case statement in inject-subagent-context.sh only handled qa, dev,
and general-purpose|dottie. The four new agent types (devops, frontend-qa,
dev-qa, devops-qa) plus pre-existing dev-backend and dev-frontend all
silently fell through with zero context injection.

- Route dev-backend, dev-frontend, devops to the dev execution context
- Route frontend-qa, dev-qa, devops-qa to the qa review context
- Add dev-backend and dev-frontend to settings.json SubagentStart matcher

Closes #99

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-14 22:40:04 +00:00
Author
Contributor
Copy link

PR #100 Review (Re-review)

Previous review found a blocker: inject-subagent-context.sh did not handle the four new agent types, meaning they would silently get no context injection. A fix was pushed to the same branch. This re-review verifies the fix and checks for remaining issues.

BLOCKER FIX ASSESSMENT

Fixed. The inject-subagent-context.sh case statement now correctly routes:

  • qa|frontend-qa|dev-qa|devops-qa to the QA context branch (line 19)
  • dev|dev-backend|dev-frontend|devops to the dev context branch (line 22)

All four new agent types will receive context injection as intended. The fix is correct and complete.

BLOCKERS

None.

NITS

  1. Context injection points specialized agents to generic profile slugs. The QA branch injects get_note(slug="agent-qa") for all QA variants, but each new agent's own .md config correctly references its specific slug (e.g., agent-dev-qa, agent-frontend-qa, agent-devops-qa). Same for devops getting agent-dev instead of agent-devops. Not a functional problem -- the agent's own config file has the correct slug and takes precedence -- but it means the additionalContext string is slightly misleading for specialized agents. Consider parameterizing the slug in a follow-up.

  2. Spawn schema description drift for dev-backend. Line 17 of agent-spawn-requirements.json still says "Backend dev -- Python, FastAPI, IaC, MCP servers" but this PR narrowed dev-backend.md to explicitly exclude IaC. The schema description is stale. (Inherited from PR #96, not introduced here -- but this PR touches the schema file and could have fixed it.)

  3. Nine changed files is at the upper boundary of review comfort. The PR is well-scoped (all agent configs + supporting infra), but future PRs of this nature could consider splitting execution agents and QA agents into separate PRs for easier review.

SOP COMPLIANCE

  • Branch named after issue: 99-agent-specialization-configs references issue #99
  • PR body has ## Summary, ## Changes, ## Test Plan, ## Related
  • Related section references plan slug: plan-pal-e-agency
  • Closes #99 present in PR body
  • No secrets, .env files, or credentials committed
  • No unnecessary file changes -- all 9 files are directly related to agent specialization
  • All three QA agents have disallowedTools: Write, Edit, Bash AND the block-write-tools.sh hook (defense in depth)
  • DevOps execution agent has isolation: worktree and tofu constraints
  • Spawn gate schema registers all 4 new types with correct required_patterns
  • SubagentStart matcher in settings.json lists all agent types

VERDICT: APPROVED

## PR #100 Review (Re-review) Previous review found a blocker: `inject-subagent-context.sh` did not handle the four new agent types, meaning they would silently get no context injection. A fix was pushed to the same branch. This re-review verifies the fix and checks for remaining issues. ### BLOCKER FIX ASSESSMENT **Fixed.** The `inject-subagent-context.sh` case statement now correctly routes: - `qa|frontend-qa|dev-qa|devops-qa` to the QA context branch (line 19) - `dev|dev-backend|dev-frontend|devops` to the dev context branch (line 22) All four new agent types will receive context injection as intended. The fix is correct and complete. ### BLOCKERS None. ### NITS 1. **Context injection points specialized agents to generic profile slugs.** The QA branch injects `get_note(slug="agent-qa")` for all QA variants, but each new agent's own `.md` config correctly references its specific slug (e.g., `agent-dev-qa`, `agent-frontend-qa`, `agent-devops-qa`). Same for devops getting `agent-dev` instead of `agent-devops`. Not a functional problem -- the agent's own config file has the correct slug and takes precedence -- but it means the `additionalContext` string is slightly misleading for specialized agents. Consider parameterizing the slug in a follow-up. 2. **Spawn schema description drift for `dev-backend`.** Line 17 of `agent-spawn-requirements.json` still says `"Backend dev -- Python, FastAPI, IaC, MCP servers"` but this PR narrowed `dev-backend.md` to explicitly exclude IaC. The schema description is stale. (Inherited from PR #96, not introduced here -- but this PR touches the schema file and could have fixed it.) 3. **Nine changed files is at the upper boundary of review comfort.** The PR is well-scoped (all agent configs + supporting infra), but future PRs of this nature could consider splitting execution agents and QA agents into separate PRs for easier review. ### SOP COMPLIANCE - [x] Branch named after issue: `99-agent-specialization-configs` references issue #99 - [x] PR body has ## Summary, ## Changes, ## Test Plan, ## Related - [x] Related section references plan slug: `plan-pal-e-agency` - [x] `Closes #99` present in PR body - [x] No secrets, .env files, or credentials committed - [x] No unnecessary file changes -- all 9 files are directly related to agent specialization - [x] All three QA agents have `disallowedTools: Write, Edit, Bash` AND the `block-write-tools.sh` hook (defense in depth) - [x] DevOps execution agent has `isolation: worktree` and tofu constraints - [x] Spawn gate schema registers all 4 new types with correct `required_patterns` - [x] SubagentStart matcher in `settings.json` lists all agent types ### VERDICT: APPROVED
Register the two new specialized dev agent types so the spawn hook
recognizes them. Both require a Forgejo issue reference.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin deleted branch 99-agent-specialization-configs 2026-03-14 23:13:31 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/claude-custom!100
No description provided.