Cicaddy supports AI-powered sub-agent delegation: instead of running a single agent, an AI triage step analyzes the context, selects specialized sub-agents, runs them in parallel with sibling awareness (each agent knows what others cover to avoid duplication), and aggregates results.
- Triage — An AI call analyzes the context (diff, task description, etc.) and selects which sub-agents to activate from the registry
- Parallel Execution — Selected sub-agents run concurrently with focused prompts, filtered tools, sibling awareness, and divided token budgets
- Aggregation — Results are merged into a unified output with per-agent sections
Each sub-agent receives a SiblingInfo list describing the other agents in the same batch. When running solo (common for small changes), the agent is told it is the sole reviewer and should provide comprehensive coverage. When running alongside specialists, it knows their categories and avoids duplicating their work.
Sub-agents share the parent's MCP connections and tool registry — no new server processes are created. They also inherit the parent's workspace context: bundled skills, per-repo agent rules (AGENT.md/CLAUDE.md/GEMINI.md), and per-repo skills (.agents/skills/). This ensures sub-agents have the same knowledge and guidelines as the parent agent. Side-effect tools (posting comments, merging PRs) are blocked by default via plugin entry points.
| Variable | Default | Description |
|---|---|---|
DELEGATION_MODE |
none |
none (single-agent) or auto (AI-powered delegation) |
MAX_SUB_AGENTS |
3 |
Maximum concurrent sub-agents (1-10) |
SUB_AGENT_MAX_ITERS |
5 |
Max inference iterations per sub-agent (1-15) |
DELEGATION_AGENTS |
"" |
JSON config for custom sub-agent definitions |
DELEGATION_AGENTS_DIR |
.agents/delegation |
Directory for user-defined sub-agent YAML files |
TRIAGE_PROMPT |
"" |
Optional custom instructions for the triage AI |
DELEGATION_SUMMARIZE |
true |
Enable AI-powered review summarization for multi-agent results (v0.10.0+) |
DELEGATION_SUMMARIZATION_PROMPT |
"" |
Optional custom instructions for the summarization AI (v0.10.0+) |
cicaddy run --env-file .env --delegation-mode auto --max-sub-agents 2These override the corresponding env vars. Other delegation settings (SUB_AGENT_MAX_ITERS, TRIAGE_PROMPT, etc.) are env-var only.
Activated when the parent agent type is a review type (e.g., merge_request, branch_review).
| Agent | Focus Areas |
|---|---|
security-reviewer |
Auth, crypto, secrets, injection, access control |
architecture-reviewer |
Design patterns, module boundaries, interfaces |
api-reviewer |
Endpoints, schemas, versioning, backward compat |
database-reviewer |
Queries, migrations, schema changes, indexes |
ui-reviewer |
Frontend components, accessibility, UX |
devops-reviewer |
CI/CD pipelines, Docker, deployment |
performance-reviewer |
Algorithms, caching, concurrency, resource usage |
general-reviewer |
Code correctness, clarity, naming, error handling, test coverage |
Activated when AGENT_TYPE=task.
| Agent | Focus Areas |
|---|---|
data-analyst |
Data processing, statistics, pattern recognition |
report-writer |
Report generation, formatting, documentation |
general-task |
General-purpose catch-all |
Place YAML files in .agents/delegation/{agent_type}/ to define custom sub-agents:
.agents/delegation/
├── review/ # Review-specific agents
│ └── compliance-reviewer.yaml
├── task/ # Task-specific agents
│ └── data-validator.yaml
└── shared-analyst.yaml # agent_type: * (available to all)
YAML format:
# .agents/delegation/review/compliance-reviewer.yaml
name: compliance-reviewer
agent_type: review
persona: compliance engineer specializing in regulatory requirements
description: Reviews changes for regulatory and compliance impact
categories: [security, configuration]
constraints:
- Focus on regulatory compliance (SOC2, GDPR, HIPAA)
- Flag any PII handling changes
- Check audit logging requirements
output_sections:
- Compliance Impact
- Regulatory Risks
- Required Controls
priority: 15
# Optional tool filtering
allowed_tools: ["read_file", "list_directory"] # strict whitelist (if set)
blocked_tools: [] # additional blocksDefine agents inline via the DELEGATION_AGENTS env var:
DELEGATION_AGENTS='[{"name": "compliance-reviewer", "agent_type": "review", "persona": "compliance engineer", "description": "Reviews compliance impact", "categories": ["security"]}]'- Built-in agents (lowest priority)
- User YAML files from
DELEGATION_AGENTS_DIR DELEGATION_AGENTSJSON overrides (highest priority)
User-defined agents with the same name as a built-in agent will replace it.
Sub-agents receive a filtered subset of the parent's tools:
- Base blocked:
delegate_task(prevents recursive delegation) - Plugin blocked: platform plugins register side-effect tools via
cicaddy.delegation_blocked_toolsentry point - Per-agent:
SubAgentSpec.allowed_tools(strict whitelist) andblocked_tools(additional blocks)
Plugins register their blocked tools in pyproject.toml:
[project.entry-points."cicaddy.delegation_blocked_tools"]
my_platform = "my_plugin.plugin:get_delegation_blocked_tools"def get_delegation_blocked_tools() -> set[str]:
return {"create_comment", "merge_pr", "update_issue"}When multiple sub-agents review code, the combined output can exceed 2000 words. The SummarizationAgent condenses multi-agent reviews into a concise ~300-500 word summary with structured findings for inline comment placement.
- Sub-agents quote code — Instead of guessing line numbers, reviewers quote
existing_codesnippets from the diff - Deterministic resolution —
find_line_in_diff()matches snippets to diff line numbers using exact, normalized, and fuzzy matching (93% cutoff, single-line only) - AI fallback — Unresolved snippets trigger a lightweight AI call with annotated diff context
- Structured output — Findings include file path, line range, severity, message, and suggestion
DELEGATION_SUMMARIZE=true # Enable multi-agent summarization (default)
DELEGATION_SUMMARIZATION_PROMPT="" # Optional custom instructionsThe delegation result includes:
summarized: bool— True if any summarization was performed (AI or fallback concatenation)ai_summarized: bool— True only if AI summarization succeeded (distinguishes from fallback)findings: list[Finding]— Structured findings with line numbers for inline comments
Each Finding includes:
@dataclass
class Finding:
file: str # File path relative to repo root
line: int | None # Best-effort line number (null for file-level)
severity: str # critical | major | minor | nit
message: str # Human-readable finding description
suggestion: str | None # Concrete fix or null if none
agent_source: str # Which sub-agent identified this
existing_code: str | None # Code snippet quoted by reviewer
start_line: int | None # Start line in diff (null for file-level)
end_line: int | None # End line in diff (null for single-line)When delegation selects only one sub-agent (common for small changes), summarization is skipped to avoid AI overhead. The single agent's output is used directly with summarized=False.
If AI summarization fails (JSON parse error, empty response, timeout), the orchestrator falls back to deterministic concatenation with ai_summarized=False but summarized=True to indicate the result was processed.
When using AI_TASK_FILE with DELEGATION_MODE=auto, the task definition (persona, constraints, tool restrictions, output format) is loaded and provided to the triage agent as context. This enables task-aware delegation — the triage model understands the task's intent and can make better sub-agent assignments.
The task's forbidden_tools are automatically cascaded to all sub-agents' blocked_tools, ensuring sub-agents respect the task's tool restrictions.
# DSPy task with delegation
AI_TASK_FILE=examples/dora_metrics_task.yaml
DELEGATION_MODE=auto
# Triage sees: task name, persona, constraints, required_tools, output_format
# → selects data-analyst for SQL queries + report-writer for HTML outputSee examples/delegation/ for:
delegation_review.env— example .env for delegated code reviewreview/compliance-reviewer.yaml— custom compliance reviewerreview/dependency-reviewer.yaml— custom dependency reviewer