The Challenge
• Belgian Integrated Police (iPolice) — a €440 million digital transformation
• 80+ fragmented legacy applications — no unified search, no single sign-on
• Compliance gap: GDPR, LED (Law Enforcement Directive), Belgian LPD
• Goal: One platform. One search. Full compliance.
iPolice — Unified Person Search
2
Two Months of Module A — What We Delivered
Over the past two months, a team of 14 specialised AI agents — guided by two human developers — designed, built, tested, and documented a complete prototype of the Unified Person Search module for the Belgian Integrated Police platform.
• Module A = Unified Person Search
• Quality & security
iPolice — Unified Person Search
3
Meet the Team
6 Instructions
global · backend · frontend · dba · ciso · powerpoint
6 Prompts
feature backend/frontend · presentation full/pitch/canva · customer theme
4 Skills
angular-component · responsive · frontend-styling · translate
Guided by 2 human developers — 50% run & integrate · 30% review & correct · 20% spec & guide
iPolice — Unified Person Search
5
Agent Process Flow — Feature Request to Production
① PLANNING
Human Developer
Feature request &
acceptance criteria
▶
Jira Planner Agent
Reads specs → creates
Epic / Story / Task
▶
Jira Tickets
One story per agent
+ guardrail refs
▶
Jira Executor Agent
Picks up tickets &
delegates to agents
② IMPLEMENTATION
Executor delegates in PARALLEL — 9 agents work independently on their domains
NET
Backend
Architect
.NET 10 / C#
NG
Frontend
Architect
Angular 21
DO
DevOps
Engineer
Docker / IIS
BT
Backend
Test Eng.
xUnit / TC
FT
Frontend
Test Eng.
Jest + PW
BR
Branding
Research
Brand Identity
FS
Frontend
Styling
SCSS / Material
③ SECURITY & REVIEW
All agent outputs converge — CISO & DPO gate every PR before merge
CISO Security
Review
OWASP Top 10 / STRIDE
Compliance gate
▶
Findings
Addressed
Agents re-iterate on
flagged findings
▶
PR & Review
Agent
AI-assisted code review
+ quality gate
▶
Merged to
Main Branch
Feature complete +
ready for staging
↺ Security findings → relevant agents re-iterate before re-review
iPolice — Unified Person Search
6
Example Jira Story — Created Automatically by the Jira Planner Agent
Epic > UPS-1 : Implement Unified Person Search Feature
Story | UPS-12
HIGH
IN PROGRESS
Assignee: Backend Architect Agent
Backend: Implement SearchPersonsQuery — multi-source fan-out with audit logging (FR-13, FR-24)
DESCRIPTION
Implement the SearchPersonsQuery CQRS handler in the Application layer. The handler must fan out to all active data-source schemas in parallel, merge results, write an audit entry, and return a paged response.
ACCEPTANCE CRITERIA
AC-1
Handler fans out to ALL active schemas in parallel — no sequential per-source calls
AC-2
Purpose field required — HTTP 400 returned if empty or missing (FR-24)
AC-3
PersonResult includes dataSourceId + dataSourceName on every row (compliance #13)
AC-4
audit.access_logs entry written after every search (actor_id, role, purpose, sources)
AC-5
p95 response time < 2 s on a 10,000-row dataset (NFR 4.2) — load test required
AC-6
80 %+ unit-test line coverage for Application layer (NFR 4.3)
SUBTASKS
SUB-1
[ ] Define SearchPersonsQuery + SearchPersonsResponse models (Name / DOB / NRN / Purpose / PageSize)
SUB-2
[ ] Implement IQueryHandler<SearchPersonsQuery, PagedResult<PersonResult>> in Application layer
SUB-3
[ ] FluentValidation validator: Purpose (NotEmpty), PageSize (1–50), at least one search criterion
SUB-4
[ ] Fan-out: load schema names from ops.data_sources; Task.WhenAll with per-source timeout
SUB-5
[ ] Audit write: actor_id (JWT sub), actor_role, purpose, data_sources_queried, results_count
SUB-6
[ ] Write 15+ unit tests with mocked IPersonDataSourceRepository; verify audit entry fields
TICKET DETAILS
Sprint
Sprint 1 — Module A Prototype
Agent
Backend Architect Agent
Component
Application / Infrastructure
Labels
FR-24 · audit · CQRS · .NET10
Guardrails
Clean Arch · SOLID · TLS 1.3 · PostgreSQL only
Related FRs
FR-13 (cross-DB search) · FR-24 (purpose audit) · FR-03 (least-privilege)
Non-Func.
NFR 4.2 (p95 < 2 s) · NFR 4.3 (80%+ coverage)
Created by
Jira Planner Agent — derived from HighLevelSpecs.md
Source ref.
§ FR-13, § FR-24, § NFR 4.2, § NFR 4.3
iPolice — Unified Person Search
7
Challenges & Lessons Learned
• Challenges
– Agent quality depends on the full team — skipping any specialist agent visibly reduces output quality.
– Security rules and RBAC roles are complex: without an explicit security agent, inconsistencies crept in across layers.
– Maintaining correct security posture during active development required the CISO agent to review every significant PR.
– Agents deviated without explicit instruction files — wrong patterns, missing audit writes, ignored guardrails.
– Multi-source federation: data_sources_queried in audit entries required several correction cycles to stay accurate.
• Lessons Learned
– Working with the full agent team gave deep knowledge and insights into AI-driven software development at every layer.
– Agents require regular maintenance: adding new rules, tightening guardrails, and steering them back on course as scope grows.
– The upfront investment in quality instruction files compounds — they are reused on every task, paying back quickly.
– Working together as a team brought new challenges because of the speed of the AI agents (merge conflicts)
iPolice — Unified Person Search
8
