Agent Ecosystem v2 — 5-Agent Flat Structure
Last verified: 2026-03-13
When
2026-03-13.
What changed
| v1 Agent(s) | v2 Agent | Change |
|---|---|---|
| Publisher, Writer | Publisher (Opus) | Publisher writes directly, no writer subagent |
| Researcher | Researcher (Sonnet) | Stripped to read-only, no Write tool |
| Reviewer, Fact Checker | Reviewer (Opus) | Merged fact-checking into review, read-only |
| QA | QA (Sonnet) | Stripped to read-only (no Write/Edit) |
| Privacy Auditor, CSO | Security Auditor (Opus) | Merged privacy rules + added OWASP LLM checks |
| Pai, AR, CMO, CFO, CTO, CDO, Librarian, SEO, Cost Tracker | Removed | No replacement needed |
Why
Lessons from three sources:
Start simple (Anthropic best practices)
17 agents was overbuilt for the actual workload. Most C-suite agents were invoked rarely or never. The org chart added coordination overhead without proportional value.
Deny-by-default (OWASP LLM06 — Excessive Agency)
Most v1 agents had Write and Bash tools they didn't need. The researcher could write files. The reviewer could write files. This violated the principle of least privilege. v2 agents are read-only by default; only the publisher (who must write blog posts) has write tools. QA has Bash for running builds but no Write/Edit.
Route by risk (ChatGPT deep research report)
Not all tasks need the most capable model. Research and QA are mechanical — Sonnet handles them well. Review and security auditing require judgment — Opus is appropriate. v1 used Haiku for the researcher and reviewer, which was underspecced for the judgment those roles require.
Artifacts not pass-through (Anthropic multi-agent guidance)
v1 passed large context between agents through prompts. v2 uses files as intermediate state. Subagents write reports to files; the publisher reads those files. This keeps agent context windows small.
No shared wiki state
The bot-wiki and Librarian added a coordination layer that duplicated what git and Claude Code memory already provide. v2 uses git for shared state and memory for cross-session context.
What was preserved
These patterns worked well in v1 and carried forward:
- Substance gate: three-question check before writing (perspective, reader value, source substance)
- Editorial brief: angle, target reader, and scope boundary required before writing
- Adversarial loop: reviewer/writer revision cycle with a 3-pass cap and escalation
- QA checklist: frontmatter, build, render, internal links, external links
- Privacy audit rules: "if you would need to log in to see it, it's private" — BLOCK/REDACT/OK severity levels
- Research brief format: structured facts grouped by subtopic with source and confidence level