Open source · Codex + Claude Code

Run AI coding agents
in fleets — safely.

The ShakaCode Agent Workflow Playbook is a portable pack for planning, batching, reviewing, and auditing multi-PR agent work across all your repos. Install the process once; each repo exposes a tiny seam.

The agent batch lifecycle GitHub issues and PRs pass a security preflight gate, then flow through plan, triage, pr-batch, review, and audit, all backed by a coordination backend tracking claims, heartbeats, and liveness. from github issues & prs security preflight untrusted text ≠ instructions plan triage pr-batch review audit coordination backend · claims · heartbeats · liveness

The batch lifecycle — the amber gate is the differentiator: untrusted input is checked before an agent ever acts on it.

01 / the problem

One agent, one PR doesn’t scale.

A single agent on a single PR is easy. Running many agents across many repositories is where it breaks — trust boundaries, CI parity, review load, scope creep, merge safety. The playbook turns that into a repeatable, gated process instead of a pile of prompts.

02 / how it works

Install the process once. Expose a tiny seam per repo.

The shared pack carries the process. Each adopting repo keeps its real commands in a small .agents/ seam, so shared workflows resolve every repo’s base branch, validation, CI triggers, and review gates without copying — and drifting — a full config tree into every checkout. The same pack runs on Codex Desktop and Claude Code Desktop with identical skill text; host-specific verbs map at runtime.

  1. 01 plan-pr-batchTurn issues into a scoped, dependency-aware batch and a goal prompt.
  2. 02 triageMap the whole surface; split work to fit your agent and machine capacity.
  3. 03 pr-batchRun the workers — one lane per target, coordinated through the backend.
  4. 04 adversarial-pr-reviewSkeptical pre-merge review that hunts for what is wrong.
  5. 05 post-merge-auditSweep the merged batch for gaps and cross-PR surprises.
03 / what you get

A skill for every step of the loop.

Twenty-six portable skills and workflow prompts for Codex and Claude Code — install them once under your skill root and each repo’s seam does the rest. A curated look:

plan-pr-batch

Shape candidate issues and PRs into a ready batch plan and a pasteable goal prompt — before any worker starts.

triage

Build a whole-surface issue/PR inventory, a dependency graph, and a capacity-aware split across agents and machines.

pr-batch

Run one coordinated PR lane or a multi-lane batch across worktrees and machines, safely and in dependency order.

adversarial-pr-review

Red-team a change before merge — correctness, security, scope, and merge-readiness, not a summary.

post-merge-audit

Audit merged batch work for missed reviews, changelog gaps, cross-PR interactions, and release risk.

replicate-ci

Reproduce a CI-only failure locally when the hosted run is red but your machine is green.

verify / verify-pr-fix

Run a local verification loop and prove a bug is actually gone — reproduce before, confirm after.

spec / tdd / plan-review

Turn vague intent into a spec, drive it test-first, and pressure-test the plan before code.

security preflight 04 / the safety story

Agents a public issue can’t hijack.

The real differentiator isn’t speed — it’s that untrusted input, secret access, and unattended state-change never meet in one session.

  • 01 Security preflightUntrusted GitHub text — issues, PRs, comments, review bodies, diffs — is treated as data, never instructions, until a maintainer has verified the author, scope, and trust boundary.
  • 02 The Rule of TwoA least-privilege boundary from the “lethal trifecta”: untrusted input, secret access, and unattended state-change are never allowed to meet in one session.
  • 03 Operator hard-stopsRisky steps — deploys, secret handling, token provisioning, machine flips — stop and hand off to you instead of improvising.
  • 04 Trust-gated actorsA fail-closed allowlist decides who can steer a batch; everyone else is metadata-only. Tighten it with strict-trust, or waive a specific risk per target.
05 / the stack

The pack, the backend, and the dashboard.

Three focused pieces. The pack is the public process layer; the coordination backend is the protocol plane; the dashboard is a separate operator view that reads the same state.

How the pieces fit together Codex and Claude Code run the agent-workflows pack, installed once with a seam per repo. Consumer repos drive the agent-coordination backend. The dashboard is a separate repo that reads coordination state over a published contract. Codex Claude Code agent-workflows the portable pack — installed once, one .agents/ seam per repo your repos — the seam contract agent-coord agent-coordination MIT protocol plane agent-coord CLI Worker + D1 claims · heartbeats · liveness state private agent-coordination-dashboard operator view — separate repo reads coordination state · HTTP API
06 / methodology
“Use AI aggressively, verify the risky parts, document what was learned, and keep shipping.”

The playbook is that method, compiled: adversarial review before merge, CI logs as evidence rather than decoration, manual QA where behavior can change, and every vague blocker turned into a specific issue or a docs PR.

Read the methodology →