Governance

Shared standards for teams that build alongside AI. Clear rules so both sides stay aligned.

Project Lifecycle
Governance Principles

Governance Principles

Principles that keep both you and your agent building the same thing.

1

1. Hardening

Security by Default

  • Configuration isolation and boundary-level security enforcement. Fail-fast protocols for incomplete environments. Default-to-deny access control.

2

2. Resilience

Fault Tolerance

  • Defensive design for system stability and execution repetition. Idempotency and failure management protocols (graceful degradation) are mandatory standards.

3

3. The Cascade

Code as a Story

  • Caller-callee separation using top-down orchestration. Entry points must reveal high-level logic through vertical density and para-logical grouping.

4

4. Visual Excellence

Consistency

  • Rigorous adherence to semantic design tokens. High-contrast typography and layout consistency for technical interfaces.

5

5. Boundaries

Scope Control

  • Restricted scope execution. Atomic actions only. Do not modify code outside the explicit project plan. Modifications are limited to files and functions defined in the current sprint.

6

6. Reflection

Reasoning First

  • Systematic architecture evaluation. Perform an internal reasoning trace before proposing plans or generating code blocks.

Software Development Lifecycle (SDLC)

Software Development Lifecycle (SDLC)

Eight phases, from project start to production. Each one builds on the last.

1

1. Foundation

Set up linting and the core configuration. Get the fundamentals right from the start.

2

2. Observability & Security

Add logging, error tracking, and the security defaults your team should always have.

3

3. CI/CD Pipeline

Wire up CI/CD so every push runs the same checks automatically.

4

4. Role-Based Access Control

Add authentication and access control. Define who can do what, and where.

5

5. Design System & UI/UX

Build the component library and design tokens so the UI stays consistent.

6

6. Feature Evolution

Ship features using the patterns and domain structure established in earlier phases.

7

7. Production Readiness

Verify the deploy pipeline works end to end, including how to roll back cleanly.

8

8. Operational Governance

Monitor in production and keep a clear playbook for when things go wrong.

Governance Rules

Governance Rules

All the quality standards in one place, for engineering that holds up.

API Design: Consistency, Resilience, and Contracts

Architecture4 rules

  • The Law of Resilience (Contract Reliability)

  • The Law of Hardening (Data Masking)

  • The Law of the Cascade (Endpoint Narrative)

  • Alignment Protocols

Data Access: Performance, Safety, and Scalability

Architecture8 rules

  • Connection Management

  • Query Performance

  • Indexing Strategy

  • Pagination

  • Caching Strategy

  • Migrations & Schema Evolution

  • Transaction Boundaries

  • Data Integrity at the Database Level

SDG Icon

Spec-DrivenGuide

v1.8.1
Conventions and standards for developers and agents © 2026