Agentic Process Orchestrator for the AI Era

Silver Bullet

THE PROCESS LAYER OF AI-DRIVEN DEV

Maximize AI-driven
Dev Process Reliability
at 10x Lower Cost

Enforce the Method Back to the AI Madness!

  • Engineering Best Practices
  • Dynamically Tailored Workflows
  • Verification & Validation Loops
  • Quality Gates
  • Spec-to-Release Traceability
  • Cost Optimization
  • Intent-Aligned Results
  • Knowledge Management

Silver Bullet is the orchestration layer that runs inside your Claude Code, Codex, or Cursor session. It composes the right workflow for the task, blocks unsafe commits, PRs, and releases until the evidence is real, and stays out of the way for the work that should be fast.

Without Silver Bullet
$ claude "ship rate limiter"
wrote rate_limiter.py + middleware patch
pytest: 4 passed (mocked Redis)
git commit → PR #847 merged
skipped spec — went straight to code
deploy.yml: no canary gate
pager: 429 storm on auth header
postmortem: no spec · no UAT · no trace
With Silver Bullet
$ /silver feature API rate limiter
AF-ROUTE → WF-SILVER-FEATURE
SPEC → PLAN → EXECUTE + tests green
review triad · verify · secure clean
completion-audit DENY
missing silver-quality-gates in state
$ /silver:quality-gates
PR trace block · CI green · shipped
100% Free Forever · No Strings Attached · No Telemetry
Claude Code Codex Cursor

A Good Prompt Is Not a Delivery System

You did not adopt an AI coding agent to ship inconsistent work. You adopted it to ship faster. But every team using agents at scale runs into the same walls — and those walls are not in the model. They are in the process around the model.

PAIN 01

The Agent Skips Planning and Jumps Straight to Editing Files

You gave it a task. It started coding. No spec, no accepted assumptions, no coverage check. The path of least resistance is always to start changing code — so that is what the agent does, even when a spec would have caught the wrong assumption in 90 seconds.

PAIN 02

Spec, Requirements, Plan, and PR Drift Apart Within Days

The accepted criteria live in one document. The plan lives in another. The PR description was written from memory. Reviewers cannot tell which criteria were actually delivered — and the next person to touch the code has no idea what the original intent was.

PAIN 03

“Done” Gets Declared Without the Evidence to Back It Up

The agent commits and opens a PR. No fresh tests since the last source change. No code review. No UAT evidence. No docs update. No release-readiness check. The PR is open and labeled ready, but the evidence is not in the record.

PAIN 04

Context Rot Silently Degrades Output Quality Mid-Session

As the context window fills, the agent’s outputs degrade. The early part of the conversation is forgotten. Instructions given two hours ago stop being followed. The best workflows in the world mean nothing if the agent is operating on a rotting context.

PAIN 05

Infrastructure Edits Ship Without the Blast-Radius Review Leadership Requires

Infrastructure edits are treated like any other commit. There is no map of what depends on this resource, what fails if it fails, or what the rollback plan looks like. One Terraform change becomes a four-hour outage because nobody asked the questions before the merge.

PAIN 06

Frontier API Spend Compounds While Cheaper Models Stay Delivery-Blind

Every session starts cold. The agent re-reads files it has already read. It re-discovers decisions already made. It re-fixes bugs already fixed. Context Mode and RTK exist for a reason — but most teams wire them in inconsistently or not at all.

PAIN 07

Project Knowledge Evaporates When the Session Ends

What did we agree last sprint? Why did we pick Postgres over DynamoDB? Where is the ADR for this? The answers exist somewhere in conversation history that nobody can find. The next session starts blind.

PAIN 08

Security Reviews Happen After the Merge, Not Before

Shell injection, markdown injection, hardcoded secrets, prompt injection in ingested artifacts — the agent does not check before it writes. Security gets bolted on in a follow-up PR that costs five times more than catching it at the source.

PAIN 09

Backlog Grows Faster Than the Agent Clears It

Deferred work gets mentioned in passing and never tracked. “Let’s come back to that” means never. The agent finishes a feature and immediately starts another, leaving a graveyard of half-promised improvements scattered across the repo.

Financial

Rework, incidents, and top-tier token burn compound — cheaper models without gates do not save money if they ship defects.

Time

Engineers re-litigate requirements, re-run tests, and re-review PRs agents already declared “done.”

Opportunity

Competitors orchestrate; teams on vibes accumulate security and traceability debt that compounds every sprint.

Emotional

Review fatigue and mistrust of agent output erode the AI investment story with leadership — even when individual PRs look fine.

It does not have to be ceremony for every typo — but high-risk work needs a system that pushes back.

What “We’ll Add Process Later” Actually Costs You

Process debt in an AI-driven codebase compounds differently than in a human-driven one. The agent does not ask for clarification. It does not push back on an ambiguous spec. It just produces output that looks complete.

39%
Of AI-generated code contains security vulnerabilities
Veracode 2025 study across 100+ enterprise codebases. Most teams catch them post-merge, not at write-time.
$14K–$28K
Average cost of a single AI-assisted outage from skipped review
Aggregated from incident retrospectives on agent-produced changes. Cheap to prevent. Expensive to recover from.
More rework when agents skip spec coverage validation
Internal benchmark across feature work with and without upfront coverage check. The agents are not the problem — the missing check is.
~30%
Of context-window tokens spent re-discovering prior decisions
RTK + Context Mode + persistent memory can reclaim this. Without it, every new session starts paying the same tax.
Reputational

When reviewers stop trusting agent PRs — or leadership stops trusting the team’s AI velocity numbers — the cost is not a line item. It is the story you have to rebuild before the next budget conversation.

The Future Where Your AI Agent Ships Like Your Best Senior Engineer

Imagine the agent you wish you had. Not a smarter model — the same model, working inside a process that actually pushes back.

You open Monday’s PR queue and every merge request links to accepted spec criteria — not a vague agent summary. Your team routes typos through a fast path and features through spec, review, and fresh tests without you re-explaining the rules each session. Leadership sees audit trails and gate evidence, while you keep using the models and hosts you already chose — including models that cost a fraction of frontier tiers.

The transformation

You ask the agent for a feature. It asks you which spec it should follow. It writes the spec coverage check before it writes any code. It commits in checkpoints. It opens a PR with a traceability block that links every line back to an accepted criterion. CI fails — it fixes CI. A review round flags a finding — it triages the finding and re-issues clean. The stop hook blocks it from declaring done until the evidence is in the record. You review the PR once and merge. The release gets shipped.

That is not a dream. That is what Silver Bullet’s two-tier discipline and twelve hook layers are designed to produce. The agent reasons. The environment decides whether unsafe actions proceed.

You get the speed of agentic execution with the rigor of an engineering organization. Small edits stay trivial. Big edits get the full chain. Every delivery boundary has evidence behind it or the boundary refuses to move.

The Layer That Makes Your Agent Trustworthy

If you have watched an agent skip the review skill the moment context compacts — or open a PR because it can, not because the evidence is there — you already know why we built this. Execution engines and review skills exist. Agents still bypass them when pressure rises.

Silver Bullet is hook-enforced orchestration across Claude Code, Codex, and Cursor — dogfooded daily in this alpha OSS repo. We did not build it to be smarter than the models. We built mechanical gates plus code-intelligence retrieval, not another prompt template, because no model can be trusted with delivery on its own.

The catalog is open. The plugin is free forever — no strings attached, no telemetry. The agent stays yours. Silver Bullet is the layer in between that makes the layer above it trustworthy.

Why Silver Bullet Works When Instruction-Following Doesn’t

The mechanism is not a better prompt. It is a catalog of 27 atomic flows composed into 22 task-shaped workflows, executed by your agent, with twelve hook layers that physically block unsafe progress. The model can reason. Only the environment can decide.

Dynamic Workflow Composition

/silver classifies the task and composes the chain it needs. Feature, bugfix, UI, DevOps, deploy, canary, refactor, test, worktree, content, benchmark, incident, retro, release, research, spec, ingest, validate, docs, tracking — and the fast path. Each route is pre-composed. The agent does not improvise the process.

Two-Tier Delivery Discipline

Intermediate commits require only the planning floor (default: silver:quality-gates). Final delivery — gh pr create, gh release create, deploy — requires the full deploy skill list and V-loop evidence at every flow step. Agents can move fast in the middle. They cannot ship unverified at the edges.

Twelve Hook Layers

SessionStart state reset, PreToolUse/Bash planning gate, completion audit, roadmap freshness, CI status, spec floor, planning-file guard, PostToolUse skill recording, prompt reminder, stop hook, completion audit at commit/PR, branch-finish readiness — all enforcing, none decorative.

V-Loop Evidence Schema

Every flow step emits a finding row with BLOCK / WARN / INFO severity. validate-evidence-findings runs at PR/release. Findings that are not closed cannot ship. The schema is the contract; the validator is the gatekeeper.

Spec-to-Release Traceability

Session-start captures spec version and JIRA ID. PR descriptions append a traceability block. Roadmap freshness is checked at commit time. Deferred validation warnings surface before release. The audit trail survives long sessions and context compaction.

Memory + Context That Compound

Graphify + agentmemory wire a knowledge graph of accepted decisions, ADRs, and durable learnings. RTK + Context Mode compress tokens and index large files. The next session starts where the last one left off — not from zero.

What The Catalog Actually Ships

Catalog authority: docs/apo-catalog.json. The catalog is the contract; the workflows and atomic flows are the implementation.

27 ATOMIC FLOWS

The Composable Primitives

Every workflow is built from the same atomic flow library. Reusable, testable, contractually defined.

  • ROUTE — task classification
  • BOOTSTRAP — project init
  • SPECIFY — requirements + ingestion
  • PLAN — phase coverage
  • EXECUTE — checkpointed implementation
  • VERIFY + SECURE + REVIEW
  • SHIP + RELEASE + DOCUMENT
22 WORKFLOWS

Task-Shaped Chains

Pre-composed sequences for every common delivery shape. You pick the task. The router picks the chain.

  • /silver:feature — governed build
  • /silver:bugfix — debug → ship
  • /silver:ui — design + UI gates
  • /silver:devops — blast radius first
  • /silver:deploy · /silver:canary
  • /silver:release · /silver:incident
  • /silver:retro · /silver:fast
85 FLOW-STEP V-LOOPS

Evidence at Every Step

Each flow step has a local V-loop with subagent dispatch and opted-in tool governance. Evidence is produced where the work is produced.

  • Subagent metadata baked in
  • Evidence schemas per step
  • Tool allow/deny by step context
  • Checkpoint markers in state file
  • Resumable across context compaction
Lower-Cost Models, Delivery-Ready

Host hooks block unsafe progress; workflow state records what actually ran; Graphify, agentmemory, RTK, and Context Mode keep cheaper models oriented in large repos. The thesis is not “use a worse model.” It is: enforced process plus retrieval so you are not paying frontier API prices for every planning pass, re-read, and gate check.

Keep Cheaper Models Oriented in Large Repos

Process gates stop unsafe delivery. Code intelligence stops context rot and knowledge blindness — the daily IC pain of re-reading the same files and re-discovering decisions every session.

Graphify

Builds a persistent knowledge graph of your codebase — symbols, dependencies, and inferred relationships. Query before you grep: scoped subgraphs, path between symbols, and concept explainers that surface cross-file edges cheap models miss.

agentmemory

Captures accepted decisions, ADRs, and durable learnings across sessions. When the conversation compacts, the graph does not. The next agent turn starts with what the team already agreed — not a blank slate.

RTK

Token compression for files the agent has already ingested. Stops paying to re-send solved context on every turn. Wired as an opt-in recommended tool with hook reminders when compression would reclaim budget.

Context Mode

Indexes large files and monorepo subtrees so the agent retrieves slices instead of stuffing whole trees into the window. Pairs with Graphify retrieval for orientation without frontier-model context limits.

What It Actually Does on Day One

Silver Bullet ships with a diagnostic probe that reports what enforcement tier your host actually supports. No marketing claims. The numbers come from the hooks on your machine.

12
Hook Layers

SessionStart, PreToolUse (Bash, Edit, Skill, MultiEdit), PostToolUse, Stop, UserPromptSubmit. The full enforcement surface is observable and auditable.

27
Atomic Flows (AF-*)

Every reusable primitive, contractually defined in docs/apo-catalog.json and kept in sync with generated views.

22
Pre-Composed Workflows (WF-*)

Each one routes by task signal. Each one ends with explicit ship evidence. The router does not improvise.

85
Flow-Step V-Loops

Local V-loops with subagent dispatch and tool governance. Evidence is produced where work is produced.

4–5
Enforcement Tier (Highest)

The catalog reports capability tier per host. Claude Code, Codex, and Cursor each reach their documented ceiling — no marketing-tier claims.

$0
Free Forever

No credit card. No telemetry. No vendor lock-in. Open catalog, hook-enforced gates — install once and keep your agent.

Alpha Honesty

Silver Bullet enforces process at the agent boundary — it does not replace production observability, load testing, or continuous security scanning. Those remain documented roadmap gaps. SB is designed to reduce skipped gates and traceability drift before code leaves the session; outcome validation in production remains your responsibility.

Real Enforcement, Not Documentation Promises

Planning Gate
🚫 HARD STOP — Planning incomplete.
Missing required skills:
/silver:quality-gates
Run /silver:quality-gates before editing any source file.
Then run /silver:plan.
Completion Audit
🧱 COMPLETION BLOCKED — Workflow incomplete.
/silver:review
review loop
/silver:verify
/verify-tests
Complete ALL required steps before finalizing.
Evidence Schema Gate
⚠ EVIDENCE SCHEMA — delivery warning.
validate-evidence-findings.py found malformed rows in REVIEW.md
Fix tables or set strict mode:
SILVER_BULLET_EVIDENCE_SCHEMA_STRICT=1
to hard-block PR/release.

Silver Bullet Owns the Core Lifecycle. Plugins Extend.

Core software-engineering workflows run through Silver Bullet skills. Optional DevOps and provider plugins remain extension points for specialized domains — not replacements for the process.

Lifecycle
Core Workflow Engine
The planning, execution, verification, review, security, and ship path is hook-enforced and recorded in the workflow state SB tracks.
  • silver:context and silver:plan for project framing
  • silver:execute for checkpointed or autonomous execution
  • silver:verify, silver:review, and silver:ship
  • Hook-enforced lifecycle markers
Review Discipline
Review Discipline
Review framing, review triage, TDD discipline, completion verification, and branch finishing are represented by Silver Bullet skills and markers.
  • Review request → review → triage V-loop
  • TDD discipline before implementation claims
  • /silver:completion-audit before delivery
  • /silver:branch-finish for branch readiness
Engineering Gates
Engineering Discipline
Testing strategy, documentation checks, deployment readiness, and incident learning are expressed as SB quality gates and runtime evidence workflows.
  • silver:test for tests, E2E, repair, performance, mutation
  • Technical documentation (PRD, ADR, CI/CD)
  • silver:deploy and silver:canary runtime evidence
  • silver:incident and silver:retro learning loops
Domain Packs
Specialized Quality
Domain-specific code, test, API, data, dependency, performance, content, runtime, and benchmark checks run through one SB evidence schema.
  • silver:domain-audit for specialized packs
  • silver:content for docs, search, migration, articles
  • silver:refactor for behavior-preserving change
  • silver:benchmark for repeatable agent or approach evals
Design Contract
UI/UX Validation
Design-system, UX copy, accessibility, critique, and handoff expectations are captured by SB UI contract and UI review skills, with durable state in .planning/interface/STATE.md.
  • silver:ui-contract stamps interface STATE on init
  • Design system audit: tokens, component reuse
  • Accessibility review (WCAG 2.1 AA)
  • Design critique and handoff specs
Product Framing
Product Planning
Spec elicitation, product framing, research synthesis, stakeholder context, and release coordination now live inside SB clarify/spec/release workflows.
  • Feature specs and product briefs
  • Roadmap updates and sprint planning
  • Research synthesis and competitive analysis
  • Stakeholder updates and release coordination
Memory + Token Stack: Built In, Not Bolted On

Silver Bullet integrates Graphify (knowledge graphs), agentmemory (durable cross-session memory), RTK (Rust Token Killer for shell/dev commands), and Context Mode (large-file indexing + query). The same hooks that enforce process also enforce the use of these tools — so the next session picks up where the last one left off without paying the rediscovery tax.

Optional DevOps Enrichment, Routed by Context

For the devops-cycle workflow, Silver Bullet integrates best-in-class DevOps plugins as optional contextual enrichments. A smart skill router maps your IaC toolchain and cloud provider to the best available skill — with automatic fallback chains.

HashiCorp
hashicorp/agent-skills
Official HashiCorp skills for Terraform HCL authoring, module design, provider development, and Packer image building.
  • Terraform code generation
  • Module & provider scaffolding
  • Packer builders & HCP integration
AWS Labs
awslabs/agent-plugins
AWS architecture, serverless patterns, database selection, CDK/CloudFormation, and deployment best practices.
  • Deploy-on-AWS architecture guidance
  • Lambda / API Gateway / Step Functions
  • RDS, DynamoDB, Aurora selection
Pulumi
pulumi/agent-skills
Pulumi programs, ComponentResource patterns, Automation API, and IaC migration from Terraform, CDK, CloudFormation, and ARM.
  • Pulumi best practices & components
  • IaC migration (TF/CDK/CF/ARM → Pulumi)
  • Pulumi ESC for secrets management
DevOps Skills
ahmedasmar/devops-claude-skills
Comprehensive DevOps toolkit: Terraform/Terragrunt, k8s troubleshooting, CI/CD pipelines, GitOps, monitoring, and AWS cost optimization.
  • Kubernetes troubleshooter
  • CI/CD & GitOps workflows
  • Monitoring, observability & cost optimization
wshobson/agents
Kubernetes Operations
Kubernetes manifests, Helm chart authoring, GitOps security, and multi-agent orchestration for complex cluster operations.
  • Kubernetes manifests & Helm charts
  • GitOps security & RBAC
  • Multi-agent team orchestration

Questions Teams Ask Before Installing

If you have used other agent plugins, you have been disappointed before. Here are the honest answers to the honest questions.

Will this slow down my agent and turn every commit into a paperwork exercise?
No. Two-tier discipline is the point: intermediate commits require only the planning floor (one quality-gates pass). Full ceremony kicks in at final delivery — PR creation, deploy, release. Small edits stay on silver:fast. The fast path escalates to feature composition only when scope actually expands.
What if my team is small and we don’t have a separate DevOps person?
Silver Bullet is designed for small teams. The orchestrator runs in your existing Claude Code / Codex / Cursor session. There is no separate UI, no separate runner, no separate credentials. One developer, one project, one session — and the hooks do the enforcement that a second reviewer would otherwise do by hand.
Will it lock me into a specific model or host?
No. Silver Bullet works with Claude Code, Codex, and Cursor today. Capability tiers are documented per host so you know exactly which enforcement layers are active. You can switch hosts without rewriting your workflow; the catalog stays the same.
What if my workflow doesn’t fit any of the 22 pre-composed routes?
Routes are the entry points. The 27 atomic flows are the primitives. Every composed workflow is built from atomic flows, and you can compose your own with the same primitives. /silver:process-maintenance is the explicit lane for phase, thread, backlog, and migration work that does not fit a delivery shape.
Does it replace my existing CI/CD, security scanner, or test runner?
No. Silver Bullet enforces that those tools ran and produced fresh evidence before delivery. The hooks do not run your tests; they block the PR if your tests did not run, or if they ran against code that has since changed. The agent stays honest about what is actually verified.
Is this enterprise-grade? Can I get support?
Silver Bullet is free open-source alpha software, dogfooded in production at multiple organizations. Innovated at Älo Labs. For teams needing prioritized support, custom plugin authoring, or audit-ready compliance reports, contact us through the Help Center. The plugin stays free — no credit card, no telemetry, no strings attached.

Silver Bullet Is the Wrong Tool If

You want a no-opinion hosted agent that just chats and edits.

Silver Bullet pushes back. If you want a permissive agent with no gates, the plugin will feel like friction. That friction is the product.

You need a unified numeric quality score across all audits.

Silver Bullet uses an evidence schema with BLOCK / WARN / INFO, not a 0–100 score. We do not collapse severity into a single number that erases meaning.

You want automatic model routing across providers.

Model routing is host-owned. Silver Bullet orchestrates the workflow around the model your host already runs — we do not own the model decision.

You are looking for a one-off code completion plugin.

Silver Bullet is the APO layer. It assumes you have an existing agent and want to put a process around it. If you only need inline code completion, this is overkill.

Breadth Plus Hook-Enforced Accountability

Silver Bullet matches the capability families quality-layer tools advertise — domain audits, test depth, deploy/canary, backlog, session recovery — but routes them through hook-enforced workflows with artifacts and gates instead of per-concern commands or numeric grades.

Concern Typical quality-layer plugins Silver Bullet (v0.51.0)
Workflow entry Session-start auto-routing; large skill menus Explicit /silver router; 22 pre-composed workflow routes plus 36 marketplace command stubs behind one entry point
Enforcement Mostly instruction-following; refusal when agents cooperate Twelve hook layers: completion audit, stop hook, planning guards, CI/test freshness
Quality findings Tiered numeric scores and grade bands Shared docs/evidence-schema.md with BLOCK/WARN/INFO; delivery gate via validate-evidence-findings
Domain audits Many named audit/fix commands /silver:domain-audit pack matrix inside existing workflows
Backlog & deferred work Tech-debt lists in reviews /silver:add with fingerprint, dedup, and prioritization scripts
Hosts Multi-host marketing with uneven enforcement proof Claude Code, Codex, and Cursor with documented capability tiers 0–3 and sb-diagnostics
Release path Ship/deploy/canary as separate commands Milestone audit, UAT, docs gates, /silver:ship, /silver:create-release

Install Free. Enforce Every Delivery. Risk-Free.

100% free forever. No credit card. No telemetry. No vendor lock-in. The plugin is yours; the hooks are yours; the agent stays yours.

# Onboarding probe (jq, diagnostics, next steps)
bash scripts/sb-bootstrap.sh
# Capability tier report (claude | codex | cursor)
bash scripts/sb-diagnostics.sh
 
# Install Silver Bullet (Claude Code)
/plugin install alo-exp/silver-bullet
# Or public marketplace: alo-labs/claude-plugins
 
# Install or refresh Silver Bullet (Codex)
Use the public alo-labs/codex-plugins marketplace package
# Codex exposes native /silver: entries and hides internal skill-source files
 
# Install or refresh Silver Bullet (Cursor)
Use the public alo-labs/alo-labs-cursor-marketplace package
# Or: bash scripts/install-cursor.sh --public-release
 
# Initialize your project
/silver:init
# Guides you through dependencies, then asks: app or DevOps project?
 
# Compose the workflow for a task (explicit entry point)
/silver quality review my architecture
# Classifies complexity and composes the smallest safe chain
Enforcement Starts Immediately

After running /silver:init, hooks are active and the workflow is live. Use /silver <anything> when you want SB to classify the task and compose the right chain. For app projects, SB runs the core lifecycle directly. For DevOps projects, blast radius assessment and IaC-adapted quality gates are composed in automatically. Missing required SB gates fail closed with install-and-retry guidance.

22 Workflows. 27 Atomic Flows. One Contract.

The authoritative source of truth is docs/apo-catalog.json. Generated views stay in sync via CI. Every workflow is composed from the same atomic flow library.

27 atomic flows · 22 workflows · 85 flow-step V-loops with subagent dispatch and tool governance

Workflow Entry signals Key steps
/silver "/silver", "route" ROUTE(composes feature or fast)
/silver:feature "feature", "implement", "build feature" BOOTSTRAPORIENTCLARIFYDECIDESPECIFYQUALITY_GATEPLANEXECUTEREVIEW_REQUESTREVIEWREVIEW_TRIAGEVERIFYSECUREQUALITY_GATEBRANCH_FINISHCOMPLETION_AUDITSHIP
/silver:ui "ui", "frontend" BOOTSTRAPORIENTCLARIFYSPECIFYQUALITY_GATEPLANDESIGN_CONTRACTEXECUTEUI_QUALITYREVIEWVERIFYSECUREBRANCH_FINISHCOMPLETION_AUDITSHIP
/silver:bugfix "bug", "fix", "debug" ORIENTDEBUGPLANEXECUTEREVIEW_REQUESTREVIEWREVIEW_TRIAGEVERIFYSECUREBRANCH_FINISHCOMPLETION_AUDITSHIP
/silver:deep-research "research", "decide", "compare" CLARIFYDECIDEDOCUMENTVALIDATE
/silver:clarify "idea", "fuzzy requirement", "scope" CLARIFY → context/plan handoff
/silver:spec "spec", "acceptance criteria", "user stories" SPECIFY
/silver:ingest "JIRA", "Figma", "external artifact" SPECIFY (ingest sub-step)
/silver:validate "validate", "gap analysis" VALIDATE
/silver:devops "devops", "infra", "iac" BLAST_RADIUSDEVOPS_ROUTEQUALITY_GATESECUREORIENTPLANVALIDATEEXECUTEREVIEWVERIFYBRANCH_FINISHCOMPLETION_AUDITSHIP
/silver:deploy "deploy", "roll out" BLAST_RADIUSVERIFYSECURESHIP
/silver:canary "canary", "progressive rollout" BLAST_RADIUSVERIFYSHIP
/silver:release "release", "version", "tag" QUALITY_GATEREVIEWVERIFYSECUREBRANCH_FINISHCOMPLETION_AUDITSHIPRELEASE
/silver:fast "fast", "small change", "typo" FAST_PATHQUALITY_GATEPLANVALIDATEEXECUTEVERIFY
/silver:test "test", "test hardening", "coverage" PLANEXECUTEVERIFY
/silver:refactor "refactor", "behavior-preserving" PLANEXECUTEVERIFY → post-exec gates
/silver:benchmark "benchmark", "eval", "compare models" ORIENTEXECUTEVERIFYDOCUMENT
/silver:content "content", "docs", "article" CLARIFYSPECIFYEXECUTEVERIFYDOCUMENT
/silver:incident "incident", "outage", "p1" BLAST_RADIUSDEBUGSECUREVERIFYDOCUMENT
/silver:retro "retro", "postmortem" ORIENTDOCUMENTDECIDE
/silver:forensics "forensics", "deep-dive" DEBUGDOCUMENTVALIDATE
/silver:process-maintenance "phase", "thread", "backlog", "migration" PHASE_MANAGEDOCUMENTVALIDATE
Reusable Workflow Components (Composed Internally)
post-exec-gates After EXECUTE — used by feature, ui, bugfix, refactor UI_QUALITYREVIEW_REQUESTREVIEWREVIEW_TRIAGEVERIFY (verify-tests) → SECUREVALIDATE as needed → QUALITY_GATEBRANCH_FINISHCOMPLETION_AUDITSHIP
review-triad REVIEW phase — composed inside most delivery flows REVIEW_REQUESTREVIEWREVIEW_TRIAGE
ship-readiness Pre-ship branch completion BRANCH_FINISHCOMPLETION_AUDITSHIP
validate-substep Spec-to-plan gap analysis VALIDATE
Slug Role
ROUTEintent classification and workflow composition
BOOTSTRAPproject bootstrap and enforcement activation
ORIENTcodebase and planning context orientation
CLARIFYscope clarification and assumption lock
DECIDEdecision research and trade-off synthesis
SPECIFYrequirements specification and ingestion
PLANexecution planning with phase coverage
DESIGN_CONTRACTdesign contract and interface expectations
VALIDATEspec-to-plan gap validation
QUALITY_GATEcross-cutting quality dimensions (pre-plan and pre-ship)
FAST_PATHbounded fast path for low-risk edits
EXECUTEcheckpointed implementation execution
DEBUGfailure diagnosis and root-cause analysis
UI_QUALITYUI quality, accessibility, and design review
VERIFYverification, testing, and evidence freshness
SECUREsecurity and LLM safety review
REVIEW_REQUESTstructured review request and scope framing
REVIEWartifact and code review with evidence
REVIEW_TRIAGEfinding triage, fix ladder, and clean-pass tracking
BLAST_RADIUSblast-radius assessment for infra changes
DEVOPS_ROUTEIaC toolchain and provider routing
BRANCH_FINISHbranch hygiene before ship
COMPLETION_AUDITcompletion evidence before delivery
SHIPship readiness and promotion evidence
RELEASEversioned release and changelog publication
DOCUMENTdurable documentation and release notes
PHASE_MANAGEphase and workflow state management

Stop Hoping Your AI Agent Follows the Process. Enforce It.

Install Silver Bullet once. The hooks activate on every commit, PR, and release. The agent keeps its autonomy where autonomy is safe. The environment decides when it is not.

Install Silver Bullet ↓

Free forever. No credit card. No telemetry. Cancel anytime (it is a plugin).

What Happens in the First Hour

Most teams have Silver Bullet blocking their first unsafe PR within the first session. Here is the typical onboarding arc.

Minutes 0–10: Install + Probe

Install the plugin, run sb-bootstrap.sh and sb-diagnostics.sh. SB reports your host’s enforcement tier and which hooks are active. /silver:init stamps your project.

Minutes 10–30: First Composed Workflow

Type /silver build a rate limiter for the auth service. SB classifies the task, composes the workflow, and starts the chain. The agent reasons; the hooks enforce.

Minutes 30–60: First Blocked Delivery

The agent tries to commit or open a PR before review. The completion audit hook refuses it and surfaces the missing required step. The team learns what the gate is — not by reading docs, by running into it.

From that point forward, every delivery boundary enforces what the agent claimed. The audit trail starts. The backlog gains a tracker. The session stops losing context.

Fred Brooks

“There is no single development, in either technology or management technique, which by itself promises even one order-of-magnitude improvement in productivity, in reliability, in simplicity.”

Fred Brooks, No Silver Bullet (1986) · Turing Award, 1999

Brooks Was Right. Until Now.

In 1986, Brooks argued no single development would deliver an order-of-magnitude improvement in software engineering. He was right for thirty-eight years. Models got smarter. The gap between work started and work correctly delivered did not move.

What changed is the unit of work. An AI agent is not a faster developer. It is a different operator — one that does not pause when the spec is ambiguous, does not push back when the gate is missing, does not re-read the diff. It ships whatever looks like completion.

The remedy is not a better prompt. It is the process layer — the part the model was never going to build for itself.

Silver Bullet is that process layer.

Twelve hook layers. Twenty-two workflows. A spec-to-release trace, blast-radius gate, and an evidence schema the agent cannot forge. None of this makes the model smarter. It changes the boundary between “the agent produced this” and “this has been verified” — the silver bullet Brooks said did not exist. It exists now. It is free forever — no strings attached. You can install it before lunch.