Hey everyone! I am Shivam Goyal, a Microsoft MVP, and I am super excited to share a project that is going to save you a massive amount of time.
Designing software architecture is arguably one of the most creative and enjoyable parts of engineering. Documenting it, reviewing it for security flaws, and keeping the diagrams updated as the system evolves? Not so much.
We have all been there. You sketch out a brilliant microservices architecture on a whiteboard, take a blurry photo of it, and spend the next three hours wrestling with boxes, arrows, and alignment tools. By the time you finally get to the actual security and risk review, the architecture has already changed.
What if you could just explain your system in plain English, or point a tool to a messy README, and instantly get a prioritized risk assessment, actionable recommendations, and an editable architecture diagram?
Enter the Architecture Review Agent, an open-source AI sample my team and I built with the Microsoft Agent Framework, Azure OpenAI, and Excalidraw MCP.
What is the Architecture Review Agent?
At its core, the Architecture Review Agent is an automated pipeline that takes architectural descriptions in almost any format and transforms them into structured insights and visual maps.
Whether you feed it a strictly formatted YAML file, a Markdown design doc, or just a brain dump like: "We have a React frontend hitting a Kong gateway, which routes to three microservices, each with its own Postgres DB," the agent processes it in seconds.
Here is what you get back:
- An Interactive Excalidraw Diagram: No more static, uneditable images. The agent renders a fully interactive diagram via Excalidraw MCP that you can immediately tweak right in your browser.
- Prioritized Risk Analysis: An automated assessment of Single Points of Failure (SPOFs), scalability bottlenecks, security gaps, and architectural anti-patterns.
- Component Dependency Mapping: A detailed breakdown of fan-in and fan-out metrics, plus detection of orphaned components.
See it in action: Check out this end-to-end review of an architecture, from file upload to risk detection and interactive diagram generation.
Why You Should Add It to Your Workflow
I wanted this agent to adapt to how developers actually work, rather than forcing you to learn a new proprietary diagramming language.
1. Smart Input Intelligence
The agent works with what you already have. If you pass it structured YAML or Markdown, it uses a lightning-fast rule-based parser. If you pass it unstructured text, code files, or meeting notes, it automatically falls back to Azure OpenAI (we highly recommend GPT-4.1) to intelligently infer the components, their types, and how they connect.
2. Actionable, Context-Aware Reviews
This isn't just about drawing boxes. The AI analyzes your data flow to flag real-world issues. It will warn you about shared database anti-patterns, highlight missing API gateways, or point out infrastructure components that lack redundancy. The risks are bucketed by severity (Critical to Low) so you know exactly what to tackle first.
A Quick Note on AI Recommendations: While the agent is incredibly powerful, it is designed to be a co-pilot for your architecture team, not a replacement for human expertise. Always treat the AI-generated risk assessments and recommendations as a starting point. They are an amazing tool to accelerate your review process, but you should always verify the findings and conduct formal security audits with your human experts!
3. Exports That Actually Matter
Need a slide for your next architecture review board? Grab the high-res PNG export. Need your team to collaborate and refine the design? Download the .excalidraw JSON file or edit it directly in the React web UI.
Deploy It Your Way: Featuring Microsoft Foundry Hosted Agents
The repository ships with scripts to get you up and running immediately. You have two production-ready deployment paths: a traditional full-stack web app, or my absolute favourite approach, a Hosted Agent via Microsoft Foundry.
Option A: Full-Stack Web App (Azure App Service)
This is perfect if your team wants a custom, drag-and-drop React web interface. This path deploys a FastAPI backend and a React frontend to Azure App Service, giving you full ownership over the API surface and the UI.
Option B: The Future of Zero-Ops AI (Microsoft Foundry Hosted Agents)
If you want to build a scalable, enterprise-grade API without wrestling with infrastructure, Hosted agents in Foundry Agent Service (preview) - Microsoft Foundry is the way to go.
Recently introduced in preview, Hosted Agents allow you to bring your own agent code (built with the Microsoft Agent Framework) and run it as a fully managed containerized service. Microsoft Foundry handles the heavy lifting so you can focus purely on your agent's logic.
Here is why deploying the Architecture Review Agent on Microsoft Foundry is a complete game changer:
- Zero-Ops Infrastructure: The platform automatically builds your container via ACR Tasks and manages the compute. It scales seamlessly from 0 to 5 replicas, including scaling to 0 to save costs when idle.
- Built-in Conversation Persistence: You do not need to build your own database to remember chat history. The Foundry Agent Service natively manages conversation state across requests.
- Enterprise Security Out-of-the-Box: Say goodbye to hardcoding API keys. Hosted Agents use system-assigned Managed Identities (Entra ID) with Role-Based Access Control (RBAC).
- Publish Anywhere: Once deployed to Foundry, you can publish your agent directly to Microsoft Teams or Microsoft 365 Copilot with no extra code required. Your team can literally ask Copilot in Teams to review an architecture spec!
- Seamless VS Code Deployment: We have integrated this sample with the Microsoft Foundry for VS Code extension. Deploying to the cloud is as simple as opening the Command Palette, running Microsoft Foundry: Deploy Hosted Agent, and following the prompts.
Get Started in 5 Minutes
The project is completely open-source and waiting for you to test it out. If you have Python 3.11+ and access to Azure OpenAI or a Microsoft Foundry project, you can generate your first architecture review right now.
Just clone the repository, run the setup script, and try feeding it your messiest system architecture description.
GitHub Repo: Azure-Samples/agent-architecture-review-sample
Learn More & Let's Connect!
Building this agent has been an incredible journey, and I truly believe tools like this are the future of how we design and review software. But this is just the beginning, and I would love for you to be a part of it.
If you want to dive deeper into the technology stack powering the Architecture Review Agent, here are some fantastic resources to get you started:
- Azure-Samples/agent-architecture-review-sample
- GitHub - excalidraw/excalidraw-mcp: Fast and streamable Excalidraw MCP App
- Hosted agents in Foundry Agent Service (preview) - Microsoft Foundry
- Quickstart: Deploy your first hosted agent - Microsoft Foundry
- Deploy a hosted agent - Microsoft Foundry
- Publish agents in Microsoft Foundry - Microsoft Foundry
- Create hosted agent workflows in Visual Studio Code - Microsoft Foundry
I want to hear from you. Whether you are deploying this for your enterprise, hacking on it over the weekend, or have a cool idea for a new feature, I would love to connect.
- Drop a star or open an issue on GitHub: Architecture Review Agent Sample
- Connect with me on LinkedIn: linkedin.com/in/shivam2003
- Check out my other projects: github.com/ShivamGoyal03
Let me know what you think in the comments below, and happy architecting!
