featurenumber.one← back to the talk
Initiative · 2026

A posse of
quality agents.

One reviewer, one job. Multiple agents ride every Merge Request — each one focused on a single class of problem, each one returning a verdict before a human ever opens the MR.

"You don't hire one ranger to do seven jobs. You ride a posse."

The review

One MR. Multiple verdicts.

A real Solidgate-shaped MR — a 3DS challenge fallback for declined transactions. Run the posse. See where it blocks, where it warns, where it waves you through.

click any agent → run alone
MR-2026-1042@oleksii
feat(payments): add 3DS challenge fallback for declined transactions
feature/3ds-fallbackmain
14 files +287 96
The posse

Each agent owns one problem. Nothing more.

Why one agent per problem? Because a single "review everything" agent collapses into a vague summary. Narrow scope = sharp prompt = useful verdict.

  • {}01

    Code Best Practices

    Lints for idiomatic patterns, naming, complexity, and project conventions.

    checks
    • Cyclomatic complexity per function
    • Naming consistency vs codebase conventions
    • Deprecated API usage
    • Guard clauses & early returns
  • 02

    Test Coverage

    Confirms that new and changed lines are exercised by unit tests.

    checks
    • Diff coverage of changed lines
    • Branch coverage of new conditionals
    • Tests exist for new public methods
  • 03

    Backward Compatibility

    Scans dependent services in the monorepo for breakage. Reads call sites + contracts (protobuf, OpenAPI).

    checks
    • API contract diff vs consumers
    • Shared model field changes
    • Downstream service call sites
    • DB schema migrations
  • 04

    E2E Test Coverage

    Verifies end-to-end coverage for the user-visible behavior the diff introduces or changes.

    checks
    • Diff touches a user-facing flow?
    • Matching E2E scenarios exist?
    • Scenarios reflect the new spec?
  • 05

    Security Vulnerabilities

    Checks for OWASP-class issues, secret leaks, new dependency CVEs, unsafe defaults.

    checks
    • Input validation on new endpoints
    • Secrets in code or env files
    • Dependency CVE diff
    • Auth/authz on new routes
  • §06

    Jira Acceptance Criteria

    Compares the diff against the linked Jira issue's acceptance criteria. Flags scope creep and missed items.

    checks
    • Linked issue exists & is in-progress
    • Each AC item addressed in the diff
    • Scope creep — diff outside AC?
Why a posse, not a sheriff

Specialization beats generality.

A single "review my MR" agent reads the diff, finds a bit of everything, returns a paragraph. That paragraph is always polite, usually shallow, and rarely actionable.

A posse of narrow agents runs in parallel, each with a sharp prompt, tight context, and a single verdict to render. The output is a checklist — not an essay.

Most importantly: each agent's output can be graded. Did the security agent miss a CVE? Tighten its prompt. Did the backward-compat agent cry wolf? Adjust the contract source list. You can't debug a generalist.

Feature Number One starts before the first line of code. It continues at every checkpoint between draft and main.