π Inspiration π
Insecure code often slips through reviews due to human error, time constraints, or a lack of security expertise. Traditional linters and static analysis tools have limited contextual understanding. We wanted to build a smart AI-powered agent that deeply understands code and helps developers ship secure, clean, and compliant software β without slowing them down.
π‘ What It Does π‘
Our AI security and code review agent is tailored for modern development teams. It can:
- π Scan codebases for security vulnerabilities and logic flaws
- π Check for insecure permission usage, exposed components, and data leaks
- β οΈ Flag deprecated or dangerous SDK functions
- π Log issues into a database with fix recommendations
π οΈ How We Built It π οΈ
LLM Agents for SDLC Phases:
We designed an LLM Agent for each stage of the Software Development Lifecycle (SDLC)βincluding cloning, building, reviewing, testing, and scanning. These agents are orchestrated using a Sequential Agent to ensure step-by-step execution.Spring Boot for Issue Logging:
We used the Java Spring Boot framework to log and persist issues identified by the agents during code review, or security scans. This allows for centralized issue tracking and transparency.Callback Methods with ADK:
We leveraged callback methods provided by the Google Agent Development Kit (ADK) to implement a shared monitoring mechanism. This captures each agentβs response, validates output quality, and triggers appropriate downstream actions if errors occur.
β οΈ Challenges We Ran Into β οΈ
Integrating Spring Beans into a Static Callback Class
We encountered difficulty injecting Spring-managed beans into a static context, which limited access to required services within the callback logic.Halting the Sequential Agent on Error
Preventing the sequential agent from continuing execution after an error was challenging. The default behavior proceeds to the next step regardless of tool output, so we had to explore ways to break the flow gracefully.
π Accomplishments that we're proud of π
End-to-End Automation of SDLC via AI Agents
Successfully orchestrated a complete Software Development Lifecycle using chained LLM agents β from cloning and building to reviewing, testing, and security scanning.Error-Aware Agent Execution with Callbacks
Implemented custom callback logic using Google ADK to monitor agent responses and halt the workflow gracefully when critical issues are detected.Seamless Integration with Spring Boot for Logging
Integrated Spring Boot to persist issues into a database, enabling centralized visibility, traceability, and future integration with ticketing tools.Static Class Access to Spring Beans
Overcame static context limitations by enabling access to Spring Beans inside callback classes, unlocking service-level capabilities in otherwise restricted contexts.Security-Specific Code Insights
Built a domain-aware agent capable of detecting vulnerable patterns such as insecure permissions, unsafe SDK usage, and potential data leaks with contextual recommendations.Developer-Centric Feedback Loop
Ensured actionable feedback by logging errors with recommended fixes and paving the way for future automated ticket generation and notifications.
π What We Learned π
Chaining LLM Agents for Complex Tasks:
We learned how to break down complex SDLC workflows into modular LLM agents and coordinate them effectively using Sequential Agents.Integrating AI with Traditional Frameworks:
Combining AI-driven agents with Java Spring Boot allowed us to bridge modern AI capabilities with enterprise-grade application frameworks.Importance of Robust Monitoring:
Implementing callback methods through the ADK taught us the value of consistent validation and logging to maintain control over AI agent outputs and ensure reliability across the pipeline.
What's Next for GCP 25 Software Development AI Agent
Post-Execution Cleanup:
Introduce an automated cleanup mechanism to remove temporary files, containers, or cloned repositories after the pipeline execution. This helps manage resource usage, improve security, and maintain a clean execution environment.Conditional Interruption of the AI Agent Workflow:
We plan to implement custom logic to interrupt the AI Agent's current process when an error is detected. This mechanism will ensure that the workflow halts immediately upon encountering critical issues, preventing further processing and reducing unnecessary resource usage.Automated Ticketing and Notifications:
We plan to implement a workflow that automatically creates tickets for any errors identified during the SDLC process. These tickets will be logged in the issue-tracking system, and email notifications will be sent to ensure prompt resolution.
π Related Repositories π
| Repository Name | GitHub Link | Server Port | DB Port |
|---|---|---|---|
| Case Management Service | π Case Management Service | 8081 |
3307 |
| AI Agent Common Core | π AI Agent Common Core | N/A |
N/A |
| AI Agent | π AI Agent | 9090 |
N/A |
Log in or sign up for Devpost to join the conversation.