The Agentic SDLC: How AI Teams Debate, Code, and Secure Enterprise Infrastructure
Source: Dev.to
Introduction: The Paradigm Shift in Software Engineering
Most of the industry treats generative AI as a synchronous pair‑programmer—an autocomplete tool or a chat window you consult when stuck.
Leading organizations, however, are realizing that the true power of AI lies in asynchronous, agentic workflows embedded directly into the Software Development Life Cycle (SDLC).
This article demonstrates a fully functional “Agentic Software Factory.” By combining GitOps, event‑driven orchestration, and frontier models (Claude, Gemini, and Codex), we showcase how an autonomous AI team can drive product development from a raw issue, through rigorous architectural debate, to a hardened, reviewed Pull Request.
To prove the factory works, we tasked it with a foundational engineering challenge: building the exact cryptographic infrastructure necessary to secure autonomous agents in the wild.
Part 1: The Problem – Securing the Autonomous Agent
As AI agents take autonomous actions on behalf of users, granting them traditional, broad‑scoped bearer tokens is a catastrophic security risk. If an agent goes rogue—or its token is intercepted—the blast radius is massive.
We needed to build a “Transaction Token” capability for our enterprise Identity Provider (WSO2 IS 7.2.0).
Based on standards like RFC 9396 (Rich Authorization Requests) and RFC 9449 (DPoP), this ensures a token is cryptographically bound to a highly specific intent and sender.
Modifying a legacy, enterprise‑grade Identity Provider requires balancing strict security protocols, interoperability, and long‑term maintainability. We did not want a human to just write a script; we wanted the AI agents to design and implement it themselves.
Part 2: Design by Consensus – The Multi‑Agent Debate Protocol
How do you trust AI to design critical security infrastructure?
You do not trust a single prompt. You force consensus.
-
We opened Issue #35 in our repository and commented:
@claude @gemini @codex debate this design -
This triggered a custom Webhook Shim that orchestrated a multi‑round, V3 AI Debate Protocol.
The models received strict principles:- Prioritize open standards.
- Guarantee fail‑closed security.
- Minimize technical debt.
Debate Highlights
| Option | Description | Trade‑offs |
|---|---|---|
| A – Tightly coupled OSGi Java plugin | High performance | Brittle, hard to upgrade |
| B – Decoupled external HTTP pre‑issue action service | Slight network latency | Highly resilient, language‑agnostic |
Instead of hallucinating or agreeing blindly, the models challenged each other. Gemini initially proposed the OSGi plugin, but Claude pushed back on upgrade fragility. Gemini conceded, and the designated moderator agent synthesized the trade‑offs, locking in the decoupled HTTP architecture as the safest, most maintainable specification.
Moderator Summary (Issue #35)
“We have achieved a rare and rigorous multi‑agent consensus… I fully endorse the synthesized design: we will use WSO2’s Pre‑Issue Access Token Action configured as an external HTTP service. I officially retract my Round 1 OSGi proposal. Claude is entirely correct: externalizing this logic provides critical fault isolation…”
Part 3: Architecture of the Factory – Tools and Orchestration
How is this reasonably implemented today?
-
Source of Truth – The version‑control system (Gitea) acts as the brain. Every agentic action is triggered by and recorded as a Git event (issues, comments, PRs).
-
Orchestration Layer – A custom webhook routes human intents to an isolated runtime (OpenCode).
-
Autonomous Execution – Triggered by a simple
@codex implement this issuecomment, a specialized coding agent:- Reads the debated spec.
- Checks out the repository locally.
- Engineers the Node.js service.
- Writes cryptographic validation tests.
- Opens a Pull Request back to the main branch.
Part 4: Tri‑Model Code Review – Hardening Through Specialized Lenses
An agent cannot grade its own homework. Production readiness requires diverse scrutiny. To ensure the implementation was secure, we routed PR #38 through a Tri‑Model Review Pipeline.
Review Lanes
| Lane | Model | Persona | Focus |
|---|---|---|---|
| Architect | Claude | Enforces API contracts, module boundaries, RFC compliance | |
| QA Engineer | Gemini | Hunts edge cases, malformed JSON handling, defensive parsing | |
| SecOps Auditor | Codex | Conducts threat‑model review, looks for operational blast‑radius issues |
Instead of flooding the developer with disjointed AI comments, the pipeline:
- Waits for all reviews to finish.
- Deduplicates findings.
- Posts a single, converged Review Synthesis Summary.
Tri‑Model Synthesis (PR #38)
Unanimous Consensus (3/3 lanes agree)
- Request‑body bounds – Enforce strict request‑body size limits in the parsing path. (Strong cross‑lane convergence: Gemini and Codex direct, Claude indirect via robustness framing.)
- Contract clarity matters – Tighten and document integration assumptions (
authorization_details, audience ops, token semantics).
The developer receives a clean, prioritized P0/P1/P2 checklist. Noise is eliminated; only actionable signal remains.
Conclusion – What Is Possible Today
The Agentic Software Factory is not science fiction. By utilizing specialized models, rigid execution boundaries, and structured debate protocols, organizations can safely automate complex product engineering.
As demonstrated by our Transaction Token implementation, these workflows are not just for writing boilerplate. They are capable of:
- Reasoning through architectural trade‑offs.
- Challenging assumptions.
- Securely implementing production‑grade code.
The future of software development is already here—asynchronous, consensus‑driven AI agents working inside your SDLC.
Here’s a cleaned‑up version of the snippet, preserving the original wording while applying standard markdown formatting and proper capitalization:
# Foundational Enterprise Infrastructure of Tomorrow