Skip to content

feat: SSDLC full lifecycle support with LangGraph orchestration (v4.0)#5

Merged
arthurpanhku merged 2 commits into
mainfrom
claude/intelligent-murdock
Mar 31, 2026
Merged

feat: SSDLC full lifecycle support with LangGraph orchestration (v4.0)#5
arthurpanhku merged 2 commits into
mainfrom
claude/intelligent-murdock

Conversation

@arthurpanhku

@arthurpanhku arthurpanhku commented Mar 31, 2026
edited
Loading

Copy link
Copy Markdown
Owner

Summary

Major upgrade to v4.0 introducing DocSentinel as an AI-powered SSDLC (Secure Software Development Lifecycle) platform. The project now spans all six phases of the development lifecycle with dedicated AI agents orchestrated by LangGraph and powered by LangChain.

Key Changes

Documentation & Specifications

  • SPEC.md (v3.0): Complete rewrite with:

    • Full SSDLC phase definitions (Requirements, Design, Development, Testing, Deployment, Operations)
    • Phase-specific user stories and features
    • LangChain + LangGraph technology stack
    • NIST SSDF and OWASP SAMM alignment

  • ARCHITECTURE.md (v4.0): Redesigned architecture with:

    • LangGraph StateGraph for stateful phase orchestration
    • Six dedicated phase agents with conditional routing
    • Cross-phase state management via LangGraph checkpointing
    • Phase-specific Knowledge Base collections

  • README.md: New product positioning emphasizing:

    • Full SSDLC lifecycle coverage vs. pre-release-only approach
    • Intelligent agent orchestration (LangGraph)
    • Phase-specific capabilities table
    • Updated quick start and MCP integration guide

  • README_zh.md: Chinese version with same content

Technical Documentation

  • docs/01-architecture-and-tech-stack.md (v1.0): LangGraph orchestration, LangChain framework, phase-specific KB collections
  • docs/03-assessment-report-and-skill-contract.md (v2.0):
    • Assessment report schema with ThreatModel, Vulnerability, CrossPhaseRef
    • Phase-tagged reports with cross-phase traceability
    • 12 built-in phase-specific skills (Threat Modeler, Secure Code Reviewer, Pentest Analyst, etc.)

Changelog & Guidelines

  • CHANGELOG.md: v4.0.0 entry with complete feature list
  • CONTRIBUTING.md: Updated for LangGraph/LangChain stack, SSDLC skill contributions
  • SECURITY.md: References to LangGraph state and checkpoint security
  • docs/README.md: Updated index for v4.0 documentation

Architecture Highlights

  • LangGraph: Stateful, graph-based agent orchestration with conditional routing and human-in-the-loop
  • Phase Agents: Requirements, Design, Development, Testing, Deployment, Operations — each with specialized prompts and tools
  • Cross-Phase State: LangGraph checkpointing enables findings from one phase to inform later phases (e.g., Design threats → Testing test cases)
  • Phase-Specific KB: Separate knowledge base collections ensure agents retrieve the most relevant context
  • Threat Modeling: Design Agent performs automated STRIDE/DREAD analysis
  • SAST/DAST Integration: Testing Agent can parse SARIF, SonarQube, Checkmarx, Burp, ZAP reports

Migration Notes

This is a major version upgrade (v4.0). Existing assessments and skills should be reviewed for compatibility with the new phase-based model.

Test Plan

  • Updated all markdown documentation (SPEC, ARCHITECTURE, README, docs/)
  • Verified cross-references between documents
  • Confirmed SSDLC phase alignment with NIST/OWASP standards
  • Checked LangGraph/LangChain terminology accuracy
  • Manual review of PRD completeness
  • Review of architectural decisions

🤖 Generated with Claude Code | SSDLC-first approach for enterprise security automation

arthurpanhku and others added 2 commits March 31, 2026 16:18
@arthurpanhku @claude
feat: add SSDLC full lifecycle support with LangGraph orchestration
2bf9dfb 
Major upgrade to v4.0: Introduce AI-powered SSDLC (Secure Software Development
Lifecycle) platform with six dedicated phase agents (Requirements, Design,
Development, Testing, Deployment, Operations) orchestrated by LangGraph.

Key changes:
- SPEC.md v3.0: Full SSDLC phase definitions, phase-specific user stories,
  LangChain + LangGraph tech stack
- ARCHITECTURE.md v4.0: LangGraph StateGraph design, phase agent details,
  cross-phase state management via LangGraph checkpointing
- README.md: New SSDLC positioning, phase table, LangGraph + LangChain badges
- README_zh.md: Chinese version with SSDLC phase coverage
- docs/01-*: Technology choices updated for LangGraph orchestration
- docs/03-*: Assessment report schema v2.0 with ThreatModel, Vulnerability,
  CrossPhaseRef for cross-phase traceability; phase-specific skills
- CHANGELOG.md: v4.0.0 entry with feature list
- CONTRIBUTING.md: Updated with LangGraph/LangChain stack notes
- SECURITY.md: References to LangGraph state handling

Co-Authored-By: Claude Haiku 4.5 <noreply@anthropic.com>
@arthurpanhku @claude
merge: resolve conflicts with main branch
4796242 
Integrate latest main changes into SSDLC feature branch, combining
both feature branch additions and main updates across documentation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@arthurpanhku arthurpanhku merged commit 4a1bbfc into main Mar 31, 2026
0 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arthurpanhku