ProjectDevelopmentAIGuide Project Development with Agents cluster_human ① Vision cluster_foundation ② Foundation - Single Source of Truth cluster_goal ③ /goal - Design & Evolve Systems cluster_loop ④ /loop - Automation cluster_guard ⑥ Security cluster_channels ⑤ /channels - Listen & React You Human does what only a human can - Sets intent, taste & priorities - Makes the hard trade-off calls - Reviews & approves - Judgment Stays in the loop, not in the weeds Context Context + Source code Specs - the contract high-level peer reviewed, low-level formally verified Roadmap - done / wip / next long-term context Diagrams - kept live in DOT architecture & flows that evolve with the code ADR - Architecture Decision Records the why behind choices; settled stays settled Glossary - domain dictionary & recipes one canonical name per concept; zero drift Pain points - recurring friction log flaky areas, hot spots, repeat regressions You->Context curate intent → facts GoalFlow Spec-driven build loop thinking before vibe-coding 1. Draft a candidate spec from intent 2. Refine with the human 3. Formally verify 6. Update/Promote Context ② 7. Implement with the context 8. Test, deploy, e2e, ... You->GoalFlow refine cycle AI drafts, dev steers; iterate to agreement Outcome ⑦ VALUE · SUCCESS · JOY the right approach compounds ship only high quality and useful sofware You->Outcome stays accountable for the result Context->GoalFlow spec is contract evolving with each iteration. ADR, glossary, DOT too LoopReg Regression hunt hunt regressions → report issues proactive: find before users do Context->LoopReg guides automation LoopIssue Issue intake GitHub issues channel await new issue → fix human review + merge reactive: triage on arrival Context->LoopIssue guides automation GoalFlow->Outcome LoopReg->Context:pain updates pain points LoopReg->Outcome LoopReg->LoopIssue reports issue Guard Sandbox the agent is powerful - fence it in - No full host access (sudo) - No web access ? - GH access scoped: one repo, no admin - No ssh / gpg keys - No secrets / tokens in env - Human approves every merge Guard->GoalFlow runs sandboxed Guard->LoopReg runs sandboxed Guard->LoopIssue runs sandboxed Threat ⚠ Prompt injection - Untrusted issues - Malicious repo content - Web pages & honey pots - Tool output with hostile instructions Threat->LoopIssue attack surface untrusted input enters here LoopIssue->Outcome LoopAlert Alert watch Prometheus + centralized logs channel Listen to alerts → Investigate in →   - source code   - MCP: API & logs Create issue reactive: prod signal → triage LoopAlert->Context:pain updates pain points recurring issues & alerts LoopAlert->LoopIssue creates issue
Overview
0 / 0
Space next · prev · Home overview · End last · 19 jump · H hide chrome · F fullscreen