Claude Code Subagent Workflow

A Multi-Subagent System for Infrastructure Orchestration

Version 2.0 - January 2026

5 Specialized Subagents AI Review Board Peer Review 15+ Infrastructure Skills Automated Quality Gates
1

Executive Overview

30-second understanding of the system

What Is This System?

A coordinated team of AI subagents that work together to design, implement, test, and deploy infrastructure services. Each subagent specializes in a specific domain, ensuring expert-level execution at every stage.

The Subagent Team

PM Orchestrator Architect Design Security Network/Auth Developer Implement QA Test/Validate Workflow Direction
PM

Project Manager

Plans projects, coordinates subagents, synthesizes results

AR

Architect

Designs systems, evaluates technology, creates specifications

SE

Security

Configures networks, authentication, Traefik routing

DE

Developer

Implements code, deploys services, debugs issues

QA

Quality Assurance

Creates tests, validates implementations, quality gates

2

Subagent Coordination

How subagents work together with AI Review Board peer review

Complete Workflow with AI Review Board

Planning Design Implementation Validation User Request PM Creates Plan (EnterPlanMode) AI Review Board Review Gemini + Codex + Claude (Major Plans Only) Feedback User Approves (ExitPlanMode) Architect Designs (ADR Created) Swarm Reviews Design (Major Designs Only) Iterate Security Configures (Network, Auth) Developer Implements (Code + Deploy) Creates Spec for QA (API, Functions, Examples) QA Creates Tests (From Dev Spec) Runs Tests (pytest, jest, etc.) Fix Failures Quality Gate Pass (All Tests Pass) PM Synthesizes Report

AI Review Board Peer Review

For major milestones only, the PM dispatches plans and designs to three AI CLIs running in Docker containers. Each CLI has full read-only access to all projects and returns structured JSON responses.

Native CLI Integration Not API calls — full CLI agents with filesystem access
G

Gemini CLI

Google's CLI with web search + project read access

gemini
C

Codex CLI

OpenAI's CLI with code analysis + project read access

codex
A

Claude CLI

Anthropic's CLI with reasoning + project read access

claude
JSON Interface: All swarm nodes return structured JSON with assessment, concerns, suggestions, and approval fields for consistent parsing.
When to use swarm: Initial project plans, initial architecture designs, user-requested reviews.
When NOT to use: Minor changes, bug fixes, routine deployments.

Major Project Workflow

  1. PM Creates structured plan
  2. Swarm Reviews plan
  3. User Approves plan
  4. Architect Designs solution
  5. Swarm Reviews design
  6. Security Configures network/auth
  7. Developer Implements + creates spec
  8. QA Creates tests, validates
  9. PM Synthesizes final report

Minor Change Workflow

  1. PM Assigns task directly
  2. Swarm Skipped
  3. User No approval needed
  4. Developer Implements + creates spec
  5. QA Validates
  6. PM Reports completion
3

Subagent Details

Deep dive into each subagent's responsibilities and capabilities

PM

Project Manager Subagent

~/.claude/agents/pm.md

Capabilities

  • Creates structured plans using EnterPlanMode
  • Coordinates AI Review Board peer review for major milestones
  • Orchestrates sequential and parallel subagent execution
  • Synthesizes multi-subagent work into coherent reports
  • Tracks progress and identifies blockers

Tools

Read Write Grep Glob Bash

Workspace Files

$HOME/projects/data/claudeagents/pm/
  • plans/{project}/plan.md - Project plans
  • reviews/{project}/ - Swarm review syntheses
  • tasks/{project}/ - Task breakdowns
  • reports/{project}/ - Final reports
AR

Architect Subagent

~/projects/.claude/agents/architect.md

Capabilities

  • Designs system architecture and technology stack
  • Creates Architecture Decision Records (ADRs)
  • Evaluates technology trade-offs
  • Iterates designs based on swarm feedback
  • Enforces centralized infrastructure principle

Tools

Read Write Grep Glob Bash

Workspace Files

$HOME/projects/data/claudeagents/architect/
  • decisions/{project}/architecture.md - ADRs
  • decisions/{project}/design.md - Specifications
  • notes/{project}/research-*.md - Evaluations
SE

Security Subagent

~/projects/.claude/agents/security.md

Capabilities

  • Configures Docker network topology
  • Sets up Traefik routing and SSL/TLS
  • Manages Keycloak OAuth2/OIDC clients
  • Implements firewall rules
  • Performs security audits

Tools

Read Write Grep Glob Bash

Workspace Files

$HOME/projects/data/claudeagents/security/
  • decisions/{project}/network.md - Network topology
  • decisions/{project}/traefik.md - Routing rules
  • decisions/{project}/keycloak.md - Auth setup
DE

Developer Subagent

~/projects/.claude/agents/developer.md

Capabilities

  • Implements code following design specs
  • Creates Docker containers and compose files
  • Deploys and manages services
  • Creates specifications for QA testing
  • Debugs and troubleshoots issues

Tools

Read Write Edit Grep Glob Bash

Workspace Files

$HOME/projects/data/claudeagents/developer/
  • specs/{project}/spec.md - Specs for QA
  • notes/{project}/deployment.md - Deployment logs
  • notes/{project}/debug-*.md - Debug notes
QA

QA Subagent

~/projects/.claude/agents/qa.md

Capabilities

  • Creates test suites from developer specifications
  • Writes actual test code (pytest, jest)
  • Commits tests to GitLab, triggers CI pipeline
  • Monitors pipeline via GitLab API
  • Enforces quality gates from CI results

GitLab Integration

Create tests Push to GitLab CI runs tests Read results

Tests execute in GitLab CI runners (not locally)

Tools

Read Write Edit Grep Glob Bash GitLab API

Workspace Files

$HOME/projects/data/claudeagents/qa/
  • workspace/{project}/ - Git clones
  • tests/{project}/ - Test files before commit
  • results/{project}/results.md - Pipeline results
  • reports/{project}/quality-report.md - Quality assessment

File-Based Communication

All subagents communicate through a shared file system. This enables asynchronous collaboration, persistent context, and a clear audit trail.

$HOME/projects/data/claudeagents/
├── pm/
│   ├── plans/              # Project plans
│   ├── reviews/            # AI Review Board review syntheses
│   ├── tasks/              # Task breakdowns
│   └── reports/            # Final reports
├── architect/
│   ├── decisions/          # Architecture Decision Records
│   └── notes/              # Research and evaluations
├── security/
│   └── decisions/          # Network, Traefik, Keycloak configs
├── developer/
│   ├── specs/              # Specifications for QA
│   └── notes/              # Deployment logs, debug notes
└── qa/
    ├── tests/              # Actual test files
    ├── results/            # Test execution results
    └── reports/            # Quality reports
4

Infrastructure Layer

Skills, Hooks, and MCP Tools that power the agents

S Skills System

Reusable expertise modules that subagents invoke for specialized procedures

Architect Developer Security Skills Library (15+ Skills) architecture-diagram-creator service-deployment postgres-integration keycloak-setup traefik-setup logging-observability troubleshooting naming-validator nginx-static-site secrets-security network-config ai-communication gitlab-integration skill-creator

Architect Skills

  • architecture-diagram-creator

Developer Skills

  • service-deployment
  • postgres-integration
  • keycloak-setup
  • traefik-setup
  • logging-observability
  • troubleshooting
  • naming-validator
  • nginx-static-site

Security Skills

  • secrets-security
  • network-config

H Hooks System

Lifecycle event handlers that run automatically at key moments

START session-start.sh Load context USER user-prompt-submit.sh Log prompts PRE pre-tool-use.sh Security checks POST post-tool-use.sh Audit logging STOP stop.sh Progress summary Session Lifecycle
S

session-start.sh

Runs when Claude Code starts. Detects project context and available subagents/skills.

U

user-prompt-submit.sh

Logs all user prompts for analytics and debugging purposes.

P

pre-tool-use.sh

Security gate that blocks dangerous operations (force push, secrets deletion).

A

post-tool-use.sh

Audit logging of all tool calls with timestamps and subagent context.

X

stop.sh

Creates session summary and cleans up when subagent stops.

M MCP Tools

Model Context Protocol server providing external capabilities through code-executor

Architecture: Single Gateway Pattern

Subagents access one MCP server: code-executor. This server provides two pathways: execute_code for 71 tools across 9 servers, and dispatch_to_reviewboard for AI peer review.

execute_code
TypeScript execution with MCP tools
filesystem postgres timescaledb memory arangodb minio n8n playwright ib
9 servers / 71 tools
Subagent
code-executor
dispatch_to_reviewboard
AI peer review for major decisions
Gemini Codex Claude
3 AI models / parallel execution

code-executor Primary

The only MCP server subagents call directly. Executes TypeScript with access to all underlying tools.

execute_code dispatch_to_reviewboard swarm_health search_tools get_tool_info list_mcp_tools

Underlying Tool Servers (Accessed via code-executor)

These are not directly accessible to subagents. The code-executor imports their tool wrappers at runtime:

filesystem 9 tools read_file, write_file, list_directory, search_files, move_file, etc.
postgres 9 tools execute_query, list_tables, describe_table, list_schemas, etc.
timescaledb 6 tools execute_query, list_hypertables, list_tables, etc.
memory 9 tools create_entities, create_relations, search_nodes, read_graph, etc.
arangodb 7 tools arango_query, arango_insert, arango_update, arango_backup, etc.
minio 9 tools upload_object, download_object, list_buckets, list_objects, etc.
n8n 6 tools execute_workflow, get_workflows, activate_workflow, etc.
playwright 6 tools navigate_to_page, click_element, fill_form, take_screenshot, etc.
ib 10 tools get_historical_data, get_positions, search_contracts, etc.

Usage Pattern

// Subagent calls code-executor to access underlying tools
mcp__code-executor__execute_code({
  code: `
    import { execute_query } from '/workspace/servers/postgres/execute_query.js';
    const result = await execute_query({ sql: 'SELECT * FROM users' });
    return result;
  `
})

Token Efficiency

The MCP code-executor implements lazy loading of tool definitions, achieving 96% token savings (275 tokens vs 7,683 tokens at boot).

Lazy Loading: 275 tokens
Full Loading: 7,683 tokens
5

Implementation Details

Complete reference for all components

Complete Skills Reference

Skill Subagent Description Trigger
architecture-diagram-creator Architect Creates comprehensive HTML architecture diagrams "create architecture diagram"
service-deployment Developer Complete Docker deployment with OAuth2, Traefik "deploy service", "install"
postgres-integration Developer Database creation, user management, connections "create database", "postgres"
keycloak-setup Developer OAuth2/OIDC client configuration "keycloak client", "SSO"
traefik-setup Developer Routing, SSL/TLS, middleware configuration "traefik routing", "SSL"
logging-observability Developer Loki, Promtail, Grafana, monitoring "logging", "monitoring"
troubleshooting Developer Systematic debugging methodology "debug", "troubleshoot"
naming-validator Developer Resource naming standards validation "install", "create", "deploy"
nginx-static-site Developer Static website deployment "deploy site", "static site"
secrets-security Security Secrets management, security hardening "secrets", "security audit"
network-config Security Docker networks, port mappings, DNS "network", "ports", "DNS"
ai-communication General AI-to-AI communication, swarm dispatch "peer review", "aichat"
gitlab-integration General GitLab repository and CI/CD operations "gitlab", "repository"
skill-creator PM Guide for creating new skills "create skill"

Hooks Reference

Hook Location Trigger Purpose
session-start.sh ~/.claude/hooks/ Claude Code starts Load project context, detect available subagents
user-prompt-submit.sh ~/.claude/hooks/ User sends prompt Log user prompts for analytics
pre-tool-use.sh ~/.claude/hooks/ Before any tool call Block dangerous operations (force push, rm secrets)
post-tool-use.sh ~/.claude/hooks/ After any tool call Audit logging to ~/.claude/audit/
stop.sh ~/.claude/hooks/ Subagent stops Create session summary, cleanup

Developer Specification Template

The template Developer uses to communicate with QA:

# Developer Specification: {Feature/Service}

## Overview
{What was implemented}

## API Endpoints

### POST /api/v1/resource
**Description**: Create a new resource
**Request Body**:
```json
{
  "name": "string (required)",
  "description": "string (optional)"
}
```
**Response** (201):
```json
{
  "id": "int",
  "name": "string",
  "created_at": "ISO datetime"
}
```
**Errors**:
- 400: Invalid input
- 500: Database error

## Example Inputs/Outputs

### Happy Path
Input: {"name": "Test"}
Output: {"id": 1, "name": "Test", "status": "active"}

### Edge Cases
- Empty name: Should raise ValueError
- Max length (255 chars): Should accept

AI Review Board Review Synthesis Template

How PM synthesizes feedback from multiple AI reviewers:

# Peer Review Synthesis: {Topic}

## Consensus (All Reviewers Agreed)
- {Point that all three models agreed on}
- {Another consensus point}

## Critical Issues (Must Address)
| Issue | Severity | Recommendation |
|-------|----------|----------------|
| {Issue description} | Critical | {How to fix} |

## Suggestions (Consider)
- Gemini: {Suggestion from Gemini}
- Codex: {Suggestion from Codex}
- Claude: {Suggestion from Claude}

## Conflicts (Need User Decision)
- {Topic where reviewers disagreed}
  - Gemini says: X
  - Codex says: Y

## Action Items
1. {Specific action to take}
2. {Another action}

Audit Log Format

Tool calls are logged to ~/.claude/audit/YYYY-MM-DD.log

2026-01-17 16:45:32 | Subagent: developer | Tool: Bash | Session: abc123
  Command: docker ps | grep analytics
2026-01-17 16:45:35 | Subagent: developer | Tool: Write | Session: abc123
2026-01-17 16:45:40 | Subagent: qa | Tool: Bash | Session: abc123
  Command: pytest tests/ -v