DEV Community

Vilius
Vilius

Posted on • Originally published at github.com

Trusted Code Review Pipeline — 4 Agents, 1 Cloud Run Deploy

#agents #buildmultiagents #gemini #adk

Education Track: Build Multi-Agent Systems with ADK

I built a multi-agent code review system for the Build Multi-Agent Systems with ADK track. Four specialized agents replace what would normally be one giant prompt. Each has a focused responsibility, and they pass work through a sequential pipeline deployed to Google Cloud Run.

What I Built

A web app that takes a GitHub repo URL and runs a full code review through four agents. Paste a link, and the pipeline takes over.

The flow: User → Planner → Security Scanner → Quality Gate → Archive & Verify → Audit Report

Each agent's output feeds into the next. The final result is a signed audit report with trust scores for every agent in the chain.

Cloud Run Embed

Your Agents

I used ADK's sequential agent chaining to connect four specialized agents:

  • Planner — clones the repo, analyzes file structure, identifies the primary language and test coverage, creates a review plan
  • Security Scanner — deep-scans every file for hardcoded secrets, unsafe patterns, and exposed configuration. Each finding is severity-rated.
  • Quality Gate — checks for LICENSE, README completeness, CI/CD pipeline, and security posture. Assigns a tier: trusted, caution, or untrusted.
  • Archive & Verify — rates every agent with a trust score, cryptographically verifies all signatures in the chain, and produces the final audit report.

The sequential flow means each agent focuses on one job. The Planner doesn't scan for secrets. The Security agent doesn't check licenses. Each prompt is short and focused — no agent needs to do everything.

Key Learnings

  1. Agent directory structure matters more than you'd expect. ADK scans for agents inside your project directory. One wrong path and your perfectly working agent disappears from discovery entirely.

  2. Cloud Run's defaults can surprise you. The port your container listens on isn't what most deployment guides assume. One hardcoded number and the container starts fine but never passes the health check.

  3. Static files and agents don't mix. Putting a frontend inside an agent directory confuses ADK's discovery — it starts listing your HTML folder as an agent. Keep them separate.

  4. Cloud APIs are independent. Enabling one Google Cloud API doesn't enable the others your agents depend on. You'll get an unhelpful error and a link to the exact page where you should've clicked enable.

Repo: github.com/vystartasv/adk-code-review
Stack: Google ADK + A2A + Cloud Run + Gemini 2.5 Flash
License: CC BY 4.0

Top comments (0)