Skip to content

How We Prepared For Coding Agents

Purpose: - Preserve this pre-coding baseline as a reusable playbook. - Show what must be done before agent-driven implementation starts.

Outcome

This repository reached a pre-coding readiness baseline where: - Contracts are the source of truth. - Security and ops launch gates are explicit. - Architecture tradeoffs are documented with revisit triggers. - Implementation work is phase-ordered with blocking prerequisites.

What Was Completed Before Coding

  1. Product and architecture clarity
  2. PRD finalized with explicit in/out scope and policy-driven decisions.
  3. Architecture and ERD/schema aligned with target-state flows.

  4. Prototype behavior separated from target-state design.

  5. Contract-first baseline

  6. OpenAPI and AsyncAPI hardened for SDK/CLI generation.
  7. Error envelopes, auth model, pagination, state-machine visibility, and event envelopes standardized.

  8. WebSocket auth model aligned to browser constraints and security policy.

  9. Security and governance baseline

  10. Coding standards, testing standards, contract invariants, and policy enforcement documented.
  11. Assumptions register created and linked across core docs.

  12. Production platform baseline and parallel ops track defined with launch gates.

  13. High-risk pre-code fixes

  14. Auth middleware made resolver-based for future extensibility.
  15. Rate limiter atomicity fixed (no INCR/EXPIRE race).
  16. NATS consumer model aligned for multi-instance safety.
  17. Outbox relay process explicitly scaffolded and documented.
  18. Terminal token single-use atomic consume requirement documented (GETDEL).

  19. Audit metadata allowlist defined.

  20. Operations readiness framing

  21. East/west controls and cert lifecycle made mandatory for public launch.
  22. Admin token emergency revocation moved to pre-production requirement.
  23. Watchlist tracks accepted MVP tradeoffs and pre-beta hardening backlog.

Mandatory Entry Points For New Contributors

  • doc/Implementation_Roadmap.md
  • doc/governance/Design_Baseline_Gate.md
  • doc/governance/UX_Contract_Gate.md
  • doc/governance/Assumptions_Register.md
  • doc/operations/Parallel_Ops_Track.md
  • doc/operations/Production_Platform_Baseline.md
  • doc/governance/Multi_Agent_Execution_Playbook.md
  • doc/governance/Agent_Work_Queue.yaml
  • doc/product/Brand_Guidelines.md
  • doc/api/openapi.draft.yaml
  • doc/api/asyncapi.draft.yaml

Working Rules For Agent-Driven Coding

  1. No implementation without contract reference.

  2. Every PR must cite affected OpenAPI/AsyncAPI contract section(s).

  3. No implementation without roadmap phase.

  4. Every PR must map to a roadmap phase and done criteria.

  5. No behavior-only PRs.

  6. If behavior changes, contracts/docs/tests must update in the same PR.

  7. No bypass of security gates.

  8. Pre-prod and launch-gate controls are non-optional.

  9. No hidden assumptions.

  10. New assumptions must be added to Assumptions_Register.md in the same PR.

What Still Remains (By Design)

  • Normal implementation phases in Implementation_Roadmap.md.
  • Open watchlist items in operations/Scalability_Security_Watchlist.md.
  • CI host finalization (GitHub/GitLab) and live pipeline activation.

This is expected and intentional: the baseline is complete enough to start coding safely, not complete enough to skip disciplined execution.

Publishing This Baseline (When Remote Is Ready)

Local baseline tag created: - prep-coding-agent-v1

When a git remote is available, publish commit history and tag: 

git push origin master --tags

If only the baseline tag should be published: 

git push origin prep-coding-agent-v1