David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · INTERNAL PRODUCT
Internal Product
GitOps Multi-Agent SDLC Automation Platform
A Git-backed agentic software delivery system using workflow graphs, code remediation agents, evaluator agents, acceptance criteria, audit trails, issue...
Designed and implemented a GitOps-oriented multi-agent SDLC automation platform where AI agents analyze repositories, propose fixes, remediate bugs, generate patches, validate outputs, score acceptance criteria, preserve audit...
Client
Internal Product / Confidential Platform
Engagement Type
Internal product buildout
Period
2025–2026
Role
Principal Architect / AI Systems Architect / Agentic SDLC Engineer
Focus Areas
GitOps, Multi-Agent SDLC, Bug Remediation, Patch Generation
The Research Narrative
Strategic Problem
The challenge was making agents work inside the SDLC rather than around it. Generated patches needed acceptance criteria, evaluator scoring, security checks, review gates, and a durable trail of work.
What David Did
David designed a GitOps multi-agent architecture where repository analysts, planners, patch generators, reviewers, evaluators, and security scanners coordinate through GitLab-style...
What Became Clearer
The result is a practical pattern for governed AI-assisted software delivery. It turns agent work into traceable engineering evidence, aligning automation with DevSecOps, ISO 42001-style...
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
AI coding assistants can generate code quickly, but software delivery is more than code generation. Real engineering requires issues, branches, tests, review, traceability, ownership, rollback, and evidence.
The Challenge
The challenge was making agents work inside the SDLC rather than around it. Generated patches needed acceptance criteria, evaluator scoring, security checks, review gates, and a durable trail of work.
What I Did
David designed a GitOps multi-agent architecture where repository analysts, planners, patch generators, reviewers, evaluators, and security scanners coordinate through GitLab-style workflows and structured task contracts.
- •Designed Git as the source of truth for agentic SDLC work, including issues, branches, commits, merge requests, reviews, remediation records, and audit trails
- •Defined agent workflows for repository analysis, bug triage, task decomposition, patch generation, code review, test planning, security scanning, and documentation updates
- •Used workflow-graph thinking inspired by LangGraph, CrewAI, and GitOps patterns to make agent actions explicit rather than hidden inside chat
- •Created acceptance-criteria models so agents could judge whether generated work satisfied the original task before presenting it for review
- •Designed evaluator agents to score generated patches, identify regressions, compare outputs against expected behavior, and flag weak or unsupported changes
- •Integrated security review concepts such as SAST, dependency checks, secrets scanning, prompt-injection-aware tool use, and unsafe-code pattern detection
- •Connected agent activity to GitLab-style workflows for bugs, remediation tasks, service tickets, commits, merge requests, and audit evidence
- •Designed trail-of-work records so every agent suggestion, patch, decision, failure, retry, and acceptance score could be reconstructed
The Outcome
The result is a practical pattern for governed AI-assisted software delivery. It turns agent work into traceable engineering evidence, aligning automation with DevSecOps, ISO 42001-style governance, and OWASP LLM security practices.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Dashboard Development
Operational and executive views
Operational Reporting
Actionable views for security operations
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
SIEM Alert Debugging
Noise reduction and signal validation
Executive Reporting
Security data translated for leadership
Telemetry Normalization
Consistent and trusted data
Public-Safe Evidence
Shareable insights without sensitive data
Key Deliverables
- •GitOps multi-agent SDLC architecture
- •Agent role and workflow model
- •Repository analysis workflow
- •Bug remediation workflow
- •Patch generation and review workflow
- •Evaluator-agent scoring model
- •Acceptance-criteria model
- •Trail-of-work and audit evidence model
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.