A methodology framework for AI-assisted software development. Structure your AI coding workflow with checkpoints, escalation rules, and human oversight to ship quality code faster.
AI coding assistants can generate code fast, but without structure:
- Developers spend too much time validating AI output
- Quality is inconsistent across sessions
- Security issues slip through
- No clear process for when to trust vs. verify
This framework provides guardrails that make AI-assisted development predictable, secure, and scalable.
| Component | Purpose |
|---|---|
| Checkpoints (C0βC3) | Structured workflow: Scope β Plan β Implement β PR |
| Escalation Rules | When AI must stop and ask the human |
| Quality Gates | Automated + human verification at each stage |
| Security Module | DevSecOps for AI-generated code |
| Factory Model | Scale to multiple agents and batch processing |
| Your Goal | Start With |
|---|---|
| Apply to your project | Bootstrap Guide |
| Learn the workflow | Agent Quickstart |
| Understand checkpoints | Checkpoints Spec |
| See real examples | Case Studies |
| Scale to teams | Factory Model |
| Secure AI code | Security Module |
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β BEFORE ANY WORK β
β Check Escalation Triggers β If any apply β STOP β Ask β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β C0: SCOPE β
β β’ Understand the task β
β β’ Define what's in/out of scope β
β β’ Identify affected files β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β C1: PLAN (for non-trivial tasks) β
β β’ Document approach β
β β’ Identify risks β
β β’ Get human validation if needed β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β C2: IMPLEMENT β
β β’ Write code following plan β
β β’ Run tests β
β β’ Pass automated gates β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β C3: PR & PROOFS β
β β’ Document what was done β
β β’ Provide evidence (tests, screenshots) β
β β’ Human reviews and approves β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
AI agents must stop and ask when:
| Trigger | Example |
|---|---|
| Architecture decisions | New service, schema change, new dependency |
| Security concerns | Auth changes, crypto, access control |
| Data handling | PII, migrations, retention policies |
| Breaking changes | API changes, deprecations |
| Uncertainty | Multiple valid approaches, unclear requirements |
Not every task needs the full workflow:
| Size | Lines | Workflow |
|---|---|---|
| Trivial | < 10 | Fast Path (C0 + C3 only) |
| Small | 10-50 | Lite (C0 + C2 + C3) |
| Medium | 50-200 | Full (C0 β C1 β C2 β C3) |
| Large | > 200 | Full + Extra Review |
βββ core/
β βββ agent-operating-model/ Roles, escalation, golden rules
β βββ spec/ Checkpoints, templates
β βββ security/ DevSecOps for AI code
β βββ factory-model/ Scale: multi-agent, batch, metrics
β
βββ runtime/
β βββ golden-path/ Quickstarts, bootstrap
β βββ prompts/ System prompts for agents
β βββ quality-gates/ Definition of done
β
βββ case-studies/ Real workflow examples
βββ bench/ Benchmark tasks
βββ examples/php-symfony-k8s/ Complete reference implementation
βββ tools/ Validation utilities
AI-generated code needs additional security controls:
| Component | Purpose |
|---|---|
| Secure Code Generation | Security-aware prompts, OWASP rules |
| Security Gates | SAST, secrets detection, dependency scanning |
| Supply Chain Security | Dependencies, AI model trust |
| Audit Trail | Traceability for all AI-generated code |
When you need more than 1 developer + 1 AI:
| Component | Purpose |
|---|---|
| Multi-Agent Orchestration | Coordinate N agents on M tasks |
| Batch Pipeline | Overnight code generation |
| Automated Gates | Pre-review quality checks |
| Metrics Dashboard | Track and optimize |
| Level | Files | Time to Start |
|---|---|---|
| Micro | 2 files | 10 minutes |
| Minimal | 6 files | 30 minutes |
| Full | Complete framework | 2 hours |
| Factory | + Scale modules | 1 week |
See Bootstrap Guide
AI executes autonomously within bounds. Humans approve at defined gates.
When in doubt, the AI asks. It's faster to clarify than to fix bad code.
Trivial tasks get fast path. Complex tasks get full workflow.
Every line of AI-generated code goes through security gates.
See CONTRIBUTING.md for guidelines.
MIT License β See LICENSE for details.
Laurent Giovannoni
A methodology framework for AI-assisted software development β ship quality code faster with human oversight.