Enforced multi-agent pipelines with mechanical guardrails for AI-assisted software development. Available as a plugin for Claude Code and OpenAI Codex.
APD works as an exoskeleton for any LLM. Here's Claude Opus vs GLM-5 on a TinyMCE → TipTap migration — 7 React components, 99 files.
.agents, skipping adversarial, direct code-writes.guard-orchestrator), commit without pipeline steps (blocked by pipeline-gate), write .agents via bash (blocked by guard-bash-scope), and skip adversarial review (blocked by verifier). Every bypass attempt was mechanically stopped. Final: 99 files changed, 1349 insertions, 2208 deletions.
No bypass from within Claude Code or Codex. Each step is blocked by a hook script (CC) or MCP guard tool (Codex) that runs before it completes.
hooks/spec-hash.sh · max 7 acceptance criteria · hash frozen mid-pipelinehooks/pipeline-gate.sh · plan.done signed before builder can starthooks/guard-bash-scope.sh · write-scope locked to spec files · orchestrator cannot edit codehooks/guard-reviewer-order.sh · must run before adversarial · findings loggedhooks/adversarial-gate.sh · context-free audit · zero spec knowledge · opt-out requires spec-card entryhooks/verify-trace.sh · R* criteria traced to test files via @trace · blocks commit if any criterion untestedhooks/commit-gate.sh · all 4 .done files HMAC-signed · tamper-proof audit trailNo honor system. No convention-based hope. CC enforces through hook scripts; Codex through MCP guard tools (apd_guard_write, apd_advance_pipeline). Both exit non-zero when things go wrong.
Commits blocked without all 4 pipeline steps. Spec hash frozen mid-pipeline. Max 7 acceptance criteria.
Agents scoped to specific files. Orchestrator blocked from writing code. Bash writes to pipeline state blocked.
R* acceptance criteria traced to test files via @trace markers. Verifier blocks commit if any criterion untested.
Context-free code review with zero spec knowledge. Finds what code-reviewer misses. Opt-out per task via spec-card.
Pipeline .done files signed with compiled Go binary. Orchestrator cannot forge completion. Tamper-proof audit trail.
Full recap in CLI. Step timing, spec coverage bars, adversarial insights, trend analysis, session stats.
8 tools — apd_ping, apd_doctor, apd_advance_pipeline, apd_guard_write — bring the same enforcement to Codex. Self-registers via plugin .mcp.json; no per-project install path needed.
v6.0+ ships every framework binary inside plugins/apd/ — Codex plugin cache contains everything the MCP server needs. Plugin install is the only step. No PATH hacks, no abs-path config, no follow-up `pip install`.
Every run, every block, every bypass attempt is logged. These stats are live — they come from the same audit trail the verifier uses.
From zero to enforced pipeline.
codex plugin marketplace add zstevovich/claude-apd.[plugins."apd@codex-apd"] enabled = true.all 10 guards ready.