AI coding systems need a control plane, not just a better model.
This repo is a public, docs-first reference for teams that want agentic coding without chaos. It focuses on the five gates that protect code integrity while still preserving speed: plan, permission, tool trust, verification, and runtime accountability.
The core reframe is simple: boundaries are not bottlenecks. Good boundaries are how teams get sustainable velocity.
Most discussion about AI coding systems still centers on generation speed. That misses the harder problem. The risk is not that agents can write code quickly. The risk is that they can write and execute changes quickly without enough planning, review, verification, trust controls, and runtime accountability.
This repo packages a reusable framework for evaluating and designing governed agent autonomy. It is meant to be easy to repurpose into:
- talk and workshop material
- blog posts and teardown pieces
- internal platform standards
- procurement and evaluation checklists
- lightweight team rollout guides
The same control-plane logic applies after code generation too. Packaging and publish workflows are part of code integrity, not a separate concern.
| Gate | Purpose | Core question |
|---|---|---|
plan |
Separate exploration from execution | Can the system pause, inspect, and propose before it mutates code? |
permission |
Gate risky actions with explicit policy | Can the system distinguish safe, risky, and disallowed behavior? |
tool trust |
Review risky tools and settings before enablement | Are external capabilities explicitly approved before the agent can rely on them? |
verification |
Keep implementation and validation independent | Does a separate verifier produce evidence instead of self-grading? |
runtime accountability |
Make execution state, usage, and spend governable | Can operators see what the system is doing, where it is running, and what it is costing while it runs? |
Visibility still matters, but it is not a floating concept here. In this repo, visibility becomes operational through the runtime accountability gate: execution state, traceability, quota decisions, cost attribution, and audit surfaces that let operators supervise autonomous work.
In the visual set, the fifth gate is rendered as a telemetry and quota gate. In this repo, that control surface is named runtime accountability because it governs state, usage, spend, and threshold-based intervention together.
This control plane keeps generation power inside explicit operational boundaries. The point is not to stop work. The point is to make safe work easy and unsafe work obvious.
See the diagrams page for the supporting visual set and portable mermaid versions.
If you are an engineering leader:
- use the scorecard to evaluate tools or internal platforms
- use the diagrams to explain why controls accelerate safe adoption
- use the gate pages to define rollout expectations for teams
If you are a platform or developer tooling team:
- start with the gate pages
- review runtime accountability if you operate remote or budgeted workflows
- review the governed publish pipeline if you own release automation
- copy the examples into internal docs or prototypes
- adapt the scorecard into design review gates or vendor questionnaires
If you are a practitioner or staff engineer:
- use the gate docs as a checklist for what to demand from agentic workflows
- use the examples as a starting point for policy files, verifier contracts, approval records, and runtime-accountability templates
- Scorecard: evaluate integrity support instead of speed alone
- Diagrams: portable visuals for talks, posts, and internal docs
- Plan gate: pre-mutation planning and explicit approval
- Permission gate: allow, ask, deny, and dangerous overrides
- Tool trust gate: explicit approval for external tools and risky settings
- Verification gate: independent validation with evidence
- Runtime accountability gate: execution-state visibility, quota checks, and spend attribution
- Runtime accountability templates: copyable records for execution state, threshold rules, cost attribution, and overage approval
- Governed publish pipeline: apply the framework to packaging and release workflows
- Examples: copyable templates and tiny dependency-free demos
The examples and receipts in this repo are adapted from a private production codebase. They are deliberately trimmed, lightly renamed, and annotated for teaching value. The goal is not to publish a hidden product. The goal is to surface the control-plane patterns that matter.
Each adapted excerpt is marked with this note:
Adapted from a private production codebase; trimmed and renamed for clarity.
If you want a quick evaluation path:
If you want an implementation path:
- Start with plan.
- Add permission.
- Add tool trust.
- Add verification.
- Add runtime accountability.
- Apply the same controls to packaging and release with the governed publish pipeline.
If you want material to repurpose:
- Pull the control-plane diagram from diagrams.
- Pull the evaluation criteria from the scorecard.
- Pull one adapted receipt from each gate page.
This repo is structured so the same core material can be lifted into multiple formats with minimal rewriting.
READMEbecomes a talk opening, landing page, or long-form article backbone.scorecardbecomes a buyer guide, internal rubric, or platform review worksheet.diagramsbecome presentation slides, blog visuals, or onboarding illustrations.gate pagesbecome policy docs, team standards, or technical teardown sections.examplesbecome copyable templates for pilots and internal prototypes.
Agentic coding systems should not be judged only by how much code they can produce. They should be judged by whether they help teams preserve code integrity while moving quickly enough to matter.
