Claude-Pipeline
Health Warn
- No license — Repository has no license file
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Community trust — 39 GitHub stars
Code Fail
- rm -rf — Recursive force deletion command in .claude/hooks/cache.sh
- process.env — Environment variable access in demo/starter-project/src/index.js
Permissions Pass
- Permissions — No dangerous permissions requested
No AI report is available for this listing yet.
Tool-agnostic 13-phase AI development pipeline — turns a task description into reviewed, committed code through automated design, adversarial review, security, test, and code-review gates. One bash engine, balanced Opus/Sonnet routing, self-healing commit review.
Claude Code Auto-Pipeline
AI coding tools generate code fast — but ship bugs faster.
This pipeline adds structured quality gates between "idea" and "production" so you stop crossing your fingers every time you deploy.
One command. 13 phases (0–12). Design review, security, testing, and a final code-review-and-commit gate — handled automatically. Phase prompts are structured CONSTRAINTS→CONTEXT→TASK→FORMAT→VERIFY.
/auto-pipeline "add user authentication with JWT"
# or run the engine directly:
bash run-pipeline.sh "add user authentication with JWT"
Works with Claude Code, Cursor, Cline, Windsurf, GitHub Copilot, and Aider.
Why This Exists
You've seen it before: Claude writes 200 lines, you hit "accept all," and 10 minutes later something's broken. No tests, no security check, no one asked "does this even match the existing code?"
This pipeline fixes that. Every feature goes through pre-flight checks, adversarial review, drift detection, and a full QA suite before a single line ships. It catches the things you'd catch in code review — except it catches them before you commit.
What it does:
- Reviews the design adversarially and scans for OWASP issues before anything ships
- Gates Phase 9 on your project's real test exit code — a signal a model can't fake
- Reviews the actual git diff (Phase 12) and commits only on
APPROVE, auto-healing up to twice first - Scopes each subprocess's tools to cut the per-phase bootstrap 50–78% (measured)
- Works with any codebase — drop in the
.claude/folder and go
Cost: a full 13-phase run is typically ~$3–6 (measured on the demo task). See
Cost Efficiency for the model routing and the real per-phase breakdown.
The Problem
AI coding tools are brilliant but impulsive. Tell one "add login to my app" and it starts writing code immediately — no requirements gathering, no design review, no security check. The result? Hallucinated architectures, missed edge cases, scope creep, and vulnerabilities that slip into production.
The Solution
This pipeline makes AI follow the same process a senior engineering team would:
- Understand what you're actually asking for
- Design a solution backed by real documentation
- Critique the design from three different angles — before writing a single line of code
- Plan every file change in advance with exact before/after diffs
- Verify the plan matches the design (nothing lost, nothing added)
- Build step by step, following the plan exactly
- Check the result — types, tests, docs, and security
Every phase produces a readable artifact. Every design decision cites a source. Every critique issue has a fix. Full traceability from task to code.
| Feature | Benefit |
|---|---|
| 4 Profiles | yolo (fast), fast, standard (balanced, default), paranoid (thorough) |
| Pre-Check Phase | Finds existing code/libraries before building from scratch |
| Balanced Model Routing | Opus on Design, Adversarial, and Code-Review; Sonnet everywhere else — never Haiku |
| Test-Exit-Code Gate | Phase 9 gates on your real test suite's exit code, not a model's say-so |
| Commit Code-Review | Phase 12 reviews the real diff and commits on APPROVE, with a bounded auto-heal loop |
| Per-Phase Tool Scoping | Loads only the tools each phase needs — 50–78% smaller bootstrap per subprocess |
| Auto-Recovery | Design revision, drift repair, build retries, and code-review healing before pausing |
| Tool Agnostic | Works with Claude Code, Cursor, Windsurf, Copilot, Cline, Aider |
Quick Start
1. Copy to your project
git clone https://github.com/TheAstrelo/Claude-Pipeline.git
cp -r Claude-Pipeline/.claude/ /path/to/your/project/
2. Start your AI tool
# Claude Code
npx @anthropic-ai/claude-code@latest
# Or open in Cursor, Cline, Windsurf, Copilot, or Aider
3. Run the pipeline
# Fast prototyping — skip adversarial, drift, and QA; just build
/auto-pipeline --profile=yolo "add a logout button"
# Balanced (default) — full pipeline
/auto-pipeline "implement user dashboard"
# Full oversight — pause on any issue
/auto-pipeline --profile=paranoid "payment integration"
# Skip QA phases only, keep adversarial + drift + security
/auto-pipeline --profile=fast "add dashboard widget"
Flags
These are the flags the engine (run-pipeline.sh, and the /auto-pipeline wrapper that
forwards to it) actually parses:
| Flag | Description |
|---|---|
--profile=yolo|fast|standard|paranoid |
Select a profile (default: standard) |
--mode=auto|dev |
auto (non-interactive) or dev (pause after each artifact-producing phase) |
--skip-arm |
Skip Phase 1 (Requirements) |
--skip-ar |
Skip Phase 3 (Adversarial Review) |
--skip-pmatch |
Skip Phase 5 (Drift Detection) |
--model-strong=MODEL |
Model for Phases 2, 3, 12 (default: claude-opus-4-8) |
--model-fast=MODEL |
Model for all other phases (default: claude-sonnet-5) |
--max-budget-usd=N |
Per-phase spend cap (default: 4.00) |
--max-run-budget-usd=N |
Whole-run spend cap (default: 15.00) |
There is no --yolo/--fast/--paranoid shorthand — use --profile=.
Examples
# Balanced pipeline
/auto-pipeline "add user authentication"
# Skip adversarial review, keep everything else
/auto-pipeline --skip-ar "add dashboard widget"
# Cap spend and pick models explicitly
bash run-pipeline.sh --max-run-budget-usd=8 --model-fast=claude-sonnet-5 "add dashboard widget"
# Standalone runner in interactive dev mode (pauses between phases)
bash run-pipeline.sh --mode=dev --profile=paranoid "handle payments"
Roadmap (not yet implemented):
--resume,--batch-qa,--template,--dry-run,--test,--branch,--pr,--estimate,--fix, and--only.
The engine ignores these today. SeeAUDIT-FABLE.md(§6, Remediation) for sequencing.
Templates
Roadmap — not yet wired.
--templateis not parsed by the engine today; the files under.claude/templates/are pattern references, not an implemented flag. The examples below show
the intended interface.
Skip requirements gathering with pre-configured templates:
| Template | Use Case |
|---|---|
api-endpoint |
REST API endpoints with validation |
auth-flow |
JWT/OAuth authentication |
crud-page |
Full CRUD interface (list, create, edit, delete) |
webhook |
Webhook handlers with signature verification |
/auto-pipeline --template=api-endpoint "users GET /api/users"
/auto-pipeline --template=auth-flow "jwt with refresh tokens"
/auto-pipeline --template=crud-page "products with name, price, category"
/auto-pipeline --template=webhook "stripe payment_intent.succeeded"
Pipeline Commands
Core Pipeline
| Command | Description |
|---|---|
/auto-pipeline <task> |
Run full pipeline with all flags |
/pipeline-undo |
Revert last pipeline run |
/pipeline-history |
Show past runs with costs |
/pipeline-estimate <task> |
Preview cost before running |
/pipeline-scan |
Proactive issue detection |
Individual Phases
| Command | Phase | What It Does |
|---|---|---|
/pre-check <task> |
0 | Search for existing solutions |
/arm <task> |
1 | Requirements crystallization |
/design |
2 | Technical design |
/ar |
3 | Adversarial review |
/plan |
4 | Implementation planning |
/pmatch |
5 | Drift detection |
/build |
6 | Execute the plan |
/denoise |
7 | Remove debug artifacts |
/qf |
8 | Quality fit check |
/qb |
9 | Quality behavior check |
/qd |
10 | Quality docs check |
/security-review |
11 | Security audit |
Intelligent Suggestions
Illustrative / aspirational. The mock terminal output below shows an intended suggestion
UX./pipeline-scanis backed by thecode-scanneragent, but the on-failure and on-success
suggestion flows — and the--fix,--test, and--prflags they reference — are not yet
wired into the engine.
On Failure
Get actionable fix suggestions with clickable file references:
✗ add auth endpoint · $0.12
FAILED: Phase 3 (Adversarial) — HIGH severity issue
Suggested fixes:
1. Add input validation for email field
└─ src/api/auth.ts:24
2. Use parameterized SQL query
└─ src/api/auth.ts:31
└─ Before: WHERE email = '${email}'
└─ After: WHERE email = $1, [email]
Run /auto-pipeline --fix to auto-apply these suggestions
On Success
Context-aware next steps based on what was built:
✓ add user dashboard · $0.19
Created:
src/pages/dashboard.tsx
src/api/dashboard/stats.ts
Suggested next steps:
1. Run tests → /auto-pipeline --test
2. Create PR → /auto-pipeline --pr
3. Add E2E test → /auto-pipeline "add cypress test for dashboard"
Proactive Scanning
Find issues before they become problems:
/pipeline-scan
Found 3 opportunities:
⚠ Missing tests
└─ src/api/users.ts has no corresponding test file
└─ Suggestion: /auto-pipeline "add tests for users API"
⚠ Security
└─ npm audit found 2 moderate vulnerabilities
└─ Suggestion: /auto-pipeline "fix npm audit vulnerabilities"
⚠ Documentation
└─ src/api/auth.ts missing JSDoc on 5 exports
└─ Suggestion: /auto-pipeline "add jsdoc to auth module"
Run suggested pipelines? [1/2/3/all/none]
The 13 Phases
Task Description
│
▼
┌─────────────┐ ┌──────────────┐ ┌──────────────┐
│ Phase 0 │───▶│ Phase 1 │───▶│ Phase 2 │
│ Pre-Check │ │ Requirements│ │ Design │
│ [HARD] │ │ [SOFT] │ │ [SOFT] │
└─────────────┘ └──────────────┘ └──────────────┘
│
┌──────────────────────────────────────┘
▼
┌─────────────┐ ┌──────────────┐ ┌──────────────┐
│ Phase 3 │───▶│ Phase 4 │───▶│ Phase 5 │
│ Adversarial│ │ Planning │ │ Drift Check │
│ [HARD] │ │ [SOFT] │ │ [SOFT] │
└─────────────┘ └──────────────┘ └──────────────┘
│
┌──────────────────────────────────────┘
▼
┌─────────────┐ ┌──────────────────────────────────┐
│ Phase 6 │───▶│ Phases 7-10 │
│ Build │ │ 7: Denoise 8: Quality Fit │
│ [NONE] │ │ 9: Behavior 10: Docs │
└─────────────┘ └──────────────────────────────────┘
│
▼
┌──────────────┐ ┌────────────────────┐
│ Phase 11 │───▶│ Phase 12 │
│ Security │ │ Commit Code-Review│
│ [HARD] │ │ [HARD] ─ commit │
└──────────────┘ └────────────────────┘
│
▼
APPROVE → commit · else auto-heal ×2 → human
| Phase | What It Does | Why It Matters |
|---|---|---|
| 0. Pre-Check | Searches your codebase for existing code and libraries | Prevents rebuilding what already exists |
| 1. Requirements | Extracts testable success criteria from your task | Turns a vague idea into a concrete spec |
| 2. Design | Creates architecture decisions citing real documentation | Decisions are traceable, not hallucinated |
| 3. Adversarial Review | Three critics stress-test the design | Catches security gaps and edge cases before code |
| 4. Planning | Produces exact BEFORE/AFTER code for every file change | Every change is deterministic |
| 5. Drift Detection | Verifies the plan covers every design requirement | Nothing gets lost or added |
| 6. Build | Executes the plan step by step with verification | No YOLO code dumps |
| 7. Denoise | Removes console.log, debugger, commented-out code | Clean production code |
| 8. Quality Fit | Type checking, linting, convention compliance | Code matches project standards |
| 9. Quality Behavior | Runs build + tests, verifies behavior | Code actually works as designed |
| 10. Quality Docs | Checks Swagger/JSDoc coverage | API documentation stays current |
| 11. Security | OWASP scan: injection, XSS, auth bypass, secrets | Vulnerabilities caught before merge |
| 12. Commit Code-Review | Reviews the real git diff against the brief; commits on APPROVE, else auto-heals (≤2) then asks a human |
The last line of defense — nothing commits unreviewed |
Profiles
| Profile | What Gets Skipped | Gate Mode | When To Use |
|---|---|---|---|
| yolo | 3, 5, 7-10 | soft | Prototyping, experiments |
| fast | 7-10 | standard | Feature dev, moderate risk |
| standard | Nothing | mixed | Normal development (default) |
| paranoid | Nothing | hard | Production, payments, auth |
/auto-pipeline --profile=yolo "quick prototype"
/auto-pipeline --profile=fast "add dashboard widget"
/auto-pipeline --profile=paranoid "handle payments"
History & Undo
View History
/pipeline-history
Pipeline History (last 10 runs)
# Status Task Cost Duration
─────────────────────────────────────────────────────────────
1 ✓ add user authentication $3.41 6m 22s
2 ✓ fix login bug $2.68 4m 10s
3 ✗ implement payment flow $2.15 3m 30s
└─ Failed: Phase 11 (Security)
Summary:
Total runs: 12 Success: 10 (83%) Failed: 2 (17%)
Total cost: $38.90
Undo Last Run
/pipeline-undo
Reverts to the git checkpoint created before the pipeline made changes.
Cost Efficiency
Model Routing (Balanced)
Two models, never Haiku, never max effort. Opus does the hard-reasoning and
last-line-of-defense work; Sonnet does everything else.
| Phases | Model | Effort |
|---|---|---|
| 2 Design, 3 Adversarial | claude-opus-4-8 |
high |
| 12 Commit Code-Review | claude-opus-4-8 |
xhigh (clamped to high if the CLI caps it) |
| 0 Pre-Check, 11 Security | claude-sonnet-5 |
high |
| 4, 5, 6, 9 | claude-sonnet-5 |
medium |
| 1, 7, 8, 10 | claude-sonnet-5 |
low |
Override with --model-strong= / --model-fast=. Each subprocess also loads only its phase's
tools (--tools) and runs hermetically (--strict-mcp-config), cutting the per-phase bootstrap
50–78%.
Cost
Measured on the demo task (add a GET /api/version endpoint), a full 13-phase run is ~$3–6:
the three Opus phases (Design, Adversarial, Code-Review) run ~$0.8–1.7 each and dominate; the
Sonnet phases run ~$0.13–0.26 each. A --skip-ar run with no code-review healing landed at
$3.06; a run that hit REQUEST_CHANGES and auto-healed once cost $3.83 (the extra ~$1
buys a fix pass + a second Opus review instead of a human interrupt).
Spend is capped by --max-budget-usd (per phase, default $4) and --max-run-budget-usd (whole
run, default $15). Every phase emits --output-format json, so per-phase total_cost_usd is
recorded in .claude/history.json — run once to get real numbers for your own tasks.
File Structure
Claude-Pipeline/
├── run-pipeline.sh # THE engine (13 phases, gates, commit)
├── .claude/
│ ├── commands/ # 22 slash commands
│ │ ├── auto-pipeline.md # Thin wrapper that runs run-pipeline.sh
│ │ ├── plan-review.md # Plan → review (dispatches to agents)
│ │ ├── design.md · ar.md · pmatch.md · security-review.md # per-phase helpers
│ │ └── pipeline-scan.md # Proactive scanning (code-scanner agent)
│ ├── agents/ # 15 agents — reachable from a live slash command
│ │ ├── architect.md · atomic-planner.md · adversarial-coordinator.md
│ │ ├── security-auditor.md · code-scanner.md · builder.md · denoiser.md …
│ ├── lib/ # Reference docs (error patterns, next steps, context)
│ ├── templates/ # Pattern references (api-endpoint, auth-flow, crud-page, webhook)
│ ├── hooks/ # protect-files.sh + auto-format.sh (Claude Code, via settings.json);
│ │ │ # detect-project.sh + notify.sh (run-pipeline.sh startup/exit)
│ ├── history.json # Run history (per-run costUSD)
│ └── artifacts/ # Per-session output ({session}/*.md + .raw/.err/.verdict)
│
├── targets/ # Other tool ports (cursor, cline, windsurf, copilot, aider, codex)
├── demo/ # Demo kit (starter Express project + red acceptance test)
└── pipeline-viz/ # Real-time pixel-art visualization
Customization
Rules
Add project-specific conventions in .claude/rules/:
# .claude/rules/api.md
- Use Hono instead of Express
- Return { data, error } shape
Hooks
Claude Code hooks (wired in .claude/settings.json, enforced by the harness):
# protect-files.sh — PreToolUse(Edit|Write): blocks edits to .env, .git/,
# package-lock.json, amplify.yml, and .claude/settings.json.
# Fails CLOSED (denies on parse failure) and uses node, not jq.
# auto-format.sh — PostToolUse(Edit|Write): formats the file that was just written.
Engine lifecycle hooks (wired into run-pipeline.sh):
# detect-project.sh — runs at startup: detects the stack (framework, language,
# test/build/lint commands, search dirs), writes
# project-config.json into the session artifacts, fills the
# test command if none was found, and prepends a one-line
# "match this stack" note to every phase prompt.
# notify.sh — fires on EVERY exit (success, HARD-gate halt, budget cut,
# error) via an EXIT trap: desktop notification + terminal bell,
# cross-platform (macOS / Linux / Windows toast + beep).
Tool Support
This pipeline is tool-agnostic. Drop the .claude/ folder into any project and use it with:
| Tool | Status | Notes |
|---|---|---|
| Claude Code | Full support | Native slash commands |
| Cursor | Full support | Via rules and agents |
| Windsurf | Full support | Via rules and agents |
| GitHub Copilot | Full support | Via instructions |
| Cline | Full support | Via custom instructions |
| Aider | Full support | Via conventions |
Live Visualization
The pipeline-viz/ folder includes a real-time pixel-art visualization that shows your pipeline progress as an animated isometric office with agents working at desks.
cd pipeline-viz && npm install && npm start
Requirements
- An AI coding tool (Claude Code, Cursor, Cline, Windsurf, Copilot, Codex, or Aider)
- Node.js (for build/type-check steps in QA phases)
- A project with a
CLAUDE.mdfile
Contributing
Contributions are welcome — open an issue or a PR. Whether it's a new agent, a
bug fix, or better docs, it's appreciated.
License
MIT-licensed in intent — use it, adapt it, ship it. (A LICENSE file has not
yet been added to this repo; add one to formalize.)
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found