Skip to content

DBarr3/agentic-loops

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Agentic Loops

15 autonomous, self-contained "loop" systems that turn Claude Code (or any AI coding agent) into a full audit-and-fix pipeline — with built-in adversarial review, confidence scoring, and safe rollback.

GitHub stars License: MIT Made by Aether AI Claude Code Compatible PRs Welcome


Each loop is a complete, runnable audit-and-fix system in one markdown file — a mission, an execution DAG, a hostile adversarial reviewer, and quantitative exit criteria, all sharing one contract defined in PROTOCOL.md.

The 15 agentic loops, color-coded by risk class

Table of Contents

Quick Start

Pick a loop, paste its RUN PROMPT into your AI coding agent, done. No install required.

Run LOOP-01 on <your-repo> (scope: <api dir>)

The agent reads the loop file, reads PROTOCOL.md for the shared execution rules, and runs the whole audit end-to-end — handing you back a branch, a findings artifact, and nothing merged without your sign-off.

Three ways to use this repo:

  1. Copy-paste — open any file in skills/, copy the RUN PROMPT block at the bottom, paste it into Claude Code (or ChatGPT, Cursor, Windsurf, etc.) with your target repo.
  2. Install as a skill — each loop's frontmatter is already skill-compatible (see Installing as a Claude Code Skill).
  3. Clone the whole setgit clone this repo and point your agent at the skills/ folder for the full catalog.

The Loop Catalog

# Loop Domain Risk What it does
01 Backend & API Hardening Backend & API Architecture branch-mutating AST-driven audit: OWASP API Top 10 (BOLA/BOPLA/SSRF/auth/resource limits), N+1 queries, dead code, logging hygiene.
02 Frontend & Accessibility Frontend & Accessibility branch-mutating Component/bundle audit plus a live Playwright accessibility-tree interrogation (roles, ARIA, focus traps, contrast) that static scanners miss.
03 Mobile & Native Hardening Mobile & Native Platforms branch-mutating Dual-layer (JS/Dart + native) audit: bridge traffic, ANR hunters, list virtualization, manifest hardening, keystore/keychain, pinning.
04 Agent Runtime & Tooling Agent Runtime & Tooling read-only→branch Audits your own agent stack against the OWASP Agentic Top 10: MCP/tool schema strictness, least-privilege agency, prompt-injection surfaces.
05 Agentic Memory Hardening Memory & Cognitive Architecture branch-mutating Four-tier memory audit (working/episodic/semantic/procedural), tenant isolation, unbounded growth, GDPR erasure UI.
06 UX/UI Visual Integrity UX/UI & Human Factors branch-mutating Visual regression, stateful UI battery, graceful-degradation checks, memory-transparency panel audit.
07 Infrastructure & DevOps Infrastructure, Cloud & DevOps infra-touching Docker/K8s/Terraform/secrets/IAM/SBOM/supply-chain audit across your deployment mesh — read+plan, never live-mutates without approval.
08 CI/CD & Release Engineering CI/CD & Release Engineering branch-mutating Pipeline audit: is CI actually running, caching, test gating, artifact signing, rollback automation, canary/blue-green, feature flags.
09 Data Layer Integrity Data Architecture & Persistence infra-touching Schema/migration safety, FK/orphan/cascade audit, index coverage, RLS/grant self-escalation sweep, backup restore verification.
10 AI Security Red-Team Governance, Compliance & Risk read-only Red-teams your own AI stack: prompt injection, RAG/memory/embedding poisoning, model supply chain, jailbreaks, goal drift, reward hacking.
11 Adversarial Review Engine Cross-cutting engine read-only The debate engine every other loop calls inline: generator vs. hostile reviewer, FREE-MAD default, silent-agreement detection.
12 Test, Mutation & Chaos Continuous Evaluation branch-mutating Closes coverage gaps, mutation-tests your suite to find tests that don't actually test anything, injects chaos (DB/cache/LLM/MCP failures).
13 Architectural Drift & Debt Continuous Evaluation read-only Detects layer violations, circular deps, dead APIs/services; scores technical debt 0–100 across six axes, trended over time.
14 Governance & Telemetry Runtime Observability read-only Audits the autonomous system itself: is it improving, looping, degrading, wasting tokens, or getting less reliable?
15 Self-Optimization Meta-Loop Continuous Evaluation branch-mutating (loops only) The recursive-improvement loop: failure → root cause → fix → generalized pattern → proposed diff to the loops themselves. Human-gated always.

Risk classes: read-only never touches your code · branch-mutating works only on an isolated loop branch, never main · infra-touching reads live infrastructure and proposes plans, never applies changes without explicit approval.

How It Works

One shared contract in PROTOCOL.md — read it for the full spec:

  • 4-step protocol — ingest → scope → execute → adversarial check.
  • Confidence blocks — every output scored, risk-rated, with explicit unknowns.
  • 13-class failure taxonomy — routes, never just "fails."
  • Checkpointed rollback — every mutation on an isolated branch.
  • FREE-MAD debate — a hostile reviewer persona before anything ships.
  • Quantitative exit criteriaFAIL-with-artifact beats silent success.

Installing as a Claude Code Skill

Each loop's YAML frontmatter (name, description, etc.) is already skill-shaped. To install one:

mkdir -p ~/.claude/skills/loop-backend-api
cp skills/LOOP-01-backend-api.md ~/.claude/skills/loop-backend-api/SKILL.md

Repeat per loop, or copy the whole skills/ folder and adapt the frontmatter name field per file. Once installed, invoke with /loop-backend-api (or your agent's skill-invocation syntax) instead of pasting the RUN PROMPT manually.

Suggested Cadence

A reasonable starting rhythm — tune it to your team:

Cadence Loops
Weekly sweep 01 (backend), 02 (frontend), 13 (drift/debt)
Pre-release 08 (CI/CD), 12 (test/mutation/chaos), 06 (UX/UI)
Monthly deep audit 07 (infra), 09 (data layer), 10 (AI security), 05 (memory)
Continuous / every N runs 14 (governance), then 15 (self-optimization)

Contributing

New loops, sharper adversarial personas, better exit criteria — all welcome. See CONTRIBUTING.md.

License

MIT — use it, fork it, ship it.


Built by Aether AI

About

15 autonomous audit-and-fix loops for Claude Code (or any AI coding agent) - adversarial review, confidence scoring, and safe rollback built in. From Aether AI.

Resources

License

Contributing

Stars

5 stars

Watchers

1 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors