Use Cases

Automated Code Review

Set up a multi-agent review swarm that checks every PR for security vulnerabilities, performance issues, and style violations — in parallel. The orchestrator consolidates findings into a single, actionable review. Most teams catch 2–3x more issues than manual review alone.

What you'll have

  • Three specialized reviewers (security, performance, style) running in parallel
  • An orchestrator that deduplicates and consolidates findings
  • Webhook integration to trigger reviews from your CI pipeline
  • A team KB that accumulates review patterns for consistent standards

Step 1: Configure the review swarm

yaml
# astra.yml — code review setup
agents:
  - id: security-reviewer
    systemPromptTemplate: |
      You are a security-focused code reviewer. Check for OWASP top 10
      vulnerabilities, injection risks, auth bypasses, and secret leaks.
    providers: [claude]
    tools:
      allow: [code_review, codebase, file_read, git_ops]

  - id: perf-reviewer
    systemPromptTemplate: |
      You are a performance-focused code reviewer. Check for N+1 queries,
      unbounded loops, memory leaks, and missing caching opportunities.
    providers: [claude]
    tools:
      allow: [code_review, codebase, file_read]

  - id: style-reviewer
    systemPromptTemplate: |
      You are a style reviewer. Check for naming consistency, dead code,
      missing types, and adherence to the project's conventions.
    providers: [groq]
    tools:
      allow: [code_review, codebase, file_read]

  - id: review-orchestrator
    systemPromptTemplate: |
      You orchestrate code reviews. Spawn security, performance, and style
      reviewers in parallel, collect their findings, deduplicate, and
      produce a single consolidated review.
    providers: [claude]
    spawn:
      enabled: true
      allowedTargets: [security-reviewer, perf-reviewer, style-reviewer]
      maxDepth: 1

Step 2: Connect to your CI

Create a webhook that notifies your CI when a review is complete.

bash
# Set up a webhook to trigger reviews on PR events
curl -X POST http://localhost:3000/webhooks \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "url": "https://your-ci.example.com/review-complete",
    "events": ["agent_completed"],
    "description": "Notify CI when code review finishes"
  }'

Step 3: Fix issues with pair sessions

When the review finds critical issues, spin up a pair session where one agent generates the fix and the reviewer validates it.

bash
# After review, start a pair session to fix issues
curl -X POST http://localhost:3000/pair-sessions \
  -H "Authorization: Bearer ${JWT_TOKEN}" \
  -H "Content-Type: application/json" \
  -d '{
    "generatorId": "code-agent",
    "reviewerId": "security-reviewer",
    "task": "Fix the SQL injection vulnerability in user search endpoint"
  }'

Continuous improvement

  • Review findings are automatically added to the Team KB — the swarm gets smarter with every review
  • Use A/B testing to compare different reviewer prompts and see which catches more real issues
  • Track reviewer performance on the reputation system to identify which reviewer agents need prompt tuning