First principles • workflow design • engineering practice

Build AI-native engineering workflows around how models actually work.

For us, AI-assisted software development is best treated as a systems design problem, not a prompting problem. Modern LLMs operate under token and context limits, drift over long tasks, rely on external tooling and orchestration, and need explicit verification. Start from those facts, and the real engineering questions come into focus: how to shape context, control long-running work, reduce architectural ambiguity, verify outcomes, and keep human judgment where it matters.

See the principles See the operating model
Operator notes Model constraints → workflow design
tokens → context → control → architecture → verification → leverage
Starting point Start from how models behave

Start with the actual strengths and constraints of modern LLMs, not marketing copy or prompt folklore.

Main bet Workflow over one-shot chat

The durable gains usually come from better systems: context shaping, explicit state, orchestration, verification, and repeatable operating loops.

Control Long tasks need structure

Long-running tasks should be assumed to drift unless the workflow makes mission state, checkpoints, and recovery explicit.

Human role Judgment stays central

AI is most useful when it carries throughput and repetitive execution while humans retain judgment over framing, tradeoffs, meaning, and risk.

Executive Summary

What this document aims to clarify

The central claim is simple: AI-assisted engineering is not mainly about access to a stronger model. It is about workflow design, architectural clarity, verification, and governance. Durable gains come from building organizational capability around those surfaces, not from prompt tricks alone.

What this means organizationally

  1. The limiting factor is not access to an LLM, but whether the organization can use it inside clear workflow and verification boundaries.
  2. Small, local tasks can stay lightweight; long-running or high-risk work needs explicit control, resumable state, and governed stop criteria.
  3. Architecture clarity matters because ambiguity increases both implementation error and the amount of context AI must read to work safely.
  4. Verification, review, and evidence are not optional overhead. They are part of making AI-generated work trustworthy at team scale.

What this requires from the organization

  1. Invest in workflow control surfaces for long-running work rather than treating every task as direct chat.
  2. Reduce architectural ambiguity so both humans and AI can place logic, state, and navigation decisions consistently.
  3. Treat verification scaffolding, review loops, and evidence capture as real capability investments.
  4. Centralize provider routing, budget policy, fallback behavior, and observability behind shared model-access boundaries instead of depending on per-engineer implementation discipline.
  5. Turn repeated successful patterns into reusable internal capability instead of relying on individual heroics.
#1 Context First Principles

First Principles

What matters before you design any AI workflow

Before asking which AI tool to use, ask what the underlying model can and cannot reliably do. Those constraints determine which workflows can be fast, stable, cost-effective, and trustworthy.

Why current LLMs have these limits. Most current LLMs are, broadly speaking, transformer systems trained to predict the next token within a finite context window. That makes them remarkably capable language engines, but it also explains several practical limits: context behaves more like a working set than durable memory; long tasks drift unless state is made explicit; plausible text is not the same as verified correctness; and tool execution, recovery, and validation remain responsibilities of the surrounding system. These workflow conclusions are not matters of style. They follow from how current models work.

M1

Next-token prediction optimizes for local coherence

Current LLMs are trained to continue sequences well. That makes them fluent, but it does not automatically give them durable goal tracking, stable long-horizon planning, or reliable self-correction.

M2

Finite context behaves like a working set, not memory

Inference only happens over the tokens currently in view. Any state that needs to persist across time therefore has to be reintroduced, compressed, or stored outside the model.

M3

More context does not guarantee more focus

Longer prompts let more information in, but they also increase competition, noise, cost, and latency. Context only helps when the working set is deliberately shaped.

M4

Tools and verification belong to the surrounding system

A model can request an action, but permissions, argument validation, retries, failure handling, tests, and rollback remain responsibilities of the runtime and workflow around it.

01

Tokens are the interface the model actually sees

A model does not read intent directly. It processes tokenized input and emits tokenized output, so cost, latency, context pressure, and many optimization opportunities all follow from that interface.

02

Context is a working set, not free memory

More context is not automatically better. Long prompts raise first-token latency, cost, and noise, and beyond a point they often reduce focus rather than improve it.

03

Long-running tasks naturally drift

Current LLMs do not reliably preserve mission state over long horizons. Without system support, goals blur, earlier decisions fall out of scope, and local actions begin to dominate.

04

Tool use is really an orchestration problem

A model can ask to use a tool, but the surrounding system still owns exposure, validation, execution, retries, constraints, and recovery when things fail.

05

Plausible output is not verified work

LLMs are good at producing plausible language. Reliable engineering still requires explicit checks, evidence, structured outputs, and clear validation paths.

06

Architectural ambiguity makes model errors worse

When workflow logic and state are spread across UI, routers, repositories, and shell code, AI is more likely to put logic in the wrong layer, increase coupling, or make inconsistent changes.

The central question is not how to get one better answer. It is how to design a development system that keeps producing useful answers under real constraints.

#2 Response Implications

What These Realities Imply

Once the constraints are clear, the engineering response becomes clearer

These are practical conclusions drawn from how modern LLMs behave. They shape how workflows should be composed, where control should sit, and which assumptions can no longer remain implicit.

Implication
How it changes engineering behavior

Treat token and context budgets as first-class resources

Token flow is not bookkeeping trivia. It shapes cost, latency, and how much coherent working state the system can hold at once.

Context shaping belongs in the same category as CPU, memory, or network budgets: something to design deliberately, not leave to chance.

Prefer workflows to monolithic prompts

For meaningful software work, a single chat turn is rarely the right unit of control.

Explicit phases, checkpoints, acceptance criteria, and repeatable operating loops are usually more reliable than hoping one long prompt can do everything well.

Separate ordinary chat from governed long-running workflow

Ordinary conversation is useful for clarifying requirements, exploring options, and making small direct edits. Long-running execution benefits from an explicit workflow mode with resumable state and a clear start/stop boundary.

Workflow mode should be optional and explicit: confirm before writing canonical state, refuse weak startup input, and keep direct chat available when the full control plane is unnecessary.

Make state explicit for long-horizon work

Long tasks need a control surface. Without one, the workflow gradually collapses toward whatever is most locally salient in the current context.

Mission state, slices, recovery, and re-grounding should live outside the model’s transient conversational continuity.

Explore openly before converging deliberately

If the method is locked too early, the solution space shrinks to what was already obvious at the start.

Start with broader exploration, then compare tradeoffs, and only then lock the implementation direction, constraints, and verification plan.

Build verification into the path, not at the end

Convincing output is not enough. Trust comes from evidence, checks, and the ability to inspect what the system actually did.

Verification surfaces, test loops, and reviewable outputs should be part of the workflow, not an afterthought added at the end.

Design architecture to reduce ambiguity

The clearer the ownership boundaries, the easier it is for both humans and AI to change the system without collateral confusion.

Prefer one canonical workflow seam: keep “what happens next” in the core, keep side effects in adapters, and make state and navigation ownership explicit.

Distill repeated know-how into reusable capability

Once a pattern is understood and repeatable, it should stop living only in one person’s head.

Repeated manual skill should be turned into commands, workflows, checks, architecture guidance, or other reusable capabilities.

This is not prompt magic

Prompts matter, but they are only one surface. The larger gains usually come from context shaping, tool boundaries, explicit state, architecture, and verification.

This is not autonomy theater

The goal is not to remove the human at all costs. It is to allocate work so model strengths compound while responsibility remains legible.

This is not an argument for maximum context

“Just add more context” is often a poor strategy. Larger context windows do not remove the need for working-set discipline.

This is not about replacing engineering judgment

The point is to spend less human energy on repetitive execution and more on problem framing, tradeoffs, final decisions, and system design.

#3 Economics Cost Governance

Cost Governance

Why AI-native engineering also needs cost discipline

In AI-assisted engineering, cost is not just a pricing detail. Token usage, latency, verification loops, model routing, and workflow overhead all shape whether a system stays practical, focused, and worth running at scale.

01

Token budgets constrain focus, not just spend

Long prompts and broad retrieval cost more, but they also dilute signal. Cost governance begins by protecting the working set, not just by cutting the bill.

02

Verification costs compound across the workflow

Generation is only the first expense. Re-runs, tests, review, audit, and stop checks all add tokens, time, and human attention.

03

Bad architecture makes every task more expensive

When ownership is unclear, the system has to read more files, carry more context, and verify more surfaces. Clear seams reduce both noise and cost.

04

Use full workflow control selectively

Not every task deserves canonical state, review stages, and governed stop criteria. Heavier control planes should be reserved for work that genuinely benefits from them.

05

External state and control planes have upkeep cost

Canonical state, re-grounding, slice boundaries, and stop rules improve governability, but they also have to be maintained. In practice, teams often need a shared model-access boundary—such as a gateway or similar control surface—to centralize routing, budgets, fallback policy, and observability. That lets the team build one reusable workflow harness instead of solving the same governance problem in every engineer’s local setup. The machinery has to earn its keep.

06

Good governance allocates cost; it does not just minimize it

The goal is not to spend as little as possible. It is to spend where cost buys clarity, confidence, and durable throughput—and to avoid spending where it does not.

#4 Motion Operating Model

Operating Model

How AI fits into everyday engineering practice

The operating loop is simple in outline: frame the problem, widen the option space, converge deliberately, let AI absorb repetitive execution, verify the result, then distill what proves durable into reusable capability.

1

Frame the problem without locking the method too early

Clarify the objective, constraints, and success criteria without turning the first plausible approach into an implementation cage.

2

Use open exploration to widen the option space

Early on, the goal is to surface alternatives, tradeoffs, and structural options—not just comply with the first instruction on the table.

3

Converge into an explicit execution plan

Once the direction looks right, the mission should be re-grounded against the current state of the repo. Then scope, ownership, workflow shape, checkpoints, and verification can tighten into an explicit plan.

4

Let AI absorb as much repetitive work as possible

Patch drafting, test writing, change summaries, restructuring, and other repetitive coding tasks are exactly where AI can deliver the most throughput.

5

Switch to explicit control when work spans time or many surfaces

If the work crosses many turns, files, phases, or tools, ordinary chat should no longer be assumed to stay coherent on its own.

6

Distill repeatable patterns into capability

If the same kind of solution keeps appearing, it should be turned into reusable capability instead of replayed as manual performance each time.

Use governed workflow when

  • the work spans multiple sessions, files, or review stages
  • the task needs explicit checkpoints, resumable state, or audit-ready evidence
  • architectural ambiguity or workflow branching would make direct chat too brittle

Stay lightweight when

  • the task is small, local, and easy to verify
  • the work is exploratory, disposable, or not yet worth canonical state
  • direct implementation is faster than paying for a heavier control plane
#5 Loop Closed Loop

A Governed Long-Running Loop

What a serious long-running closed loop looks like in practice

For long-running AI-assisted engineering work, the important question is not which tool you happen to be using. It is what the control loop must contain if the system is expected to stay coherent across many turns, files, tools, and sessions. Once long-task drift, weak conversational memory, and verification risk are taken seriously, the workflow starts to converge on a more explicit closed loop.

The core move is to stop treating a long task as one extended chat and start treating it as a governed loop. That loop usually begins with explicit workflow entry and confirmed startup intent. Mission, canonical plan, active slice, verification evidence, and stop history then live in repo-local machine-readable state outside the model itself. The system can then re-ground against repo truth, execute one bounded slice, evaluate the result, reconcile canonical state, and only stop when current evidence says it should.

01

Workflow entry is explicit

Governed long-running work is opt-in rather than forced on every task. Ordinary chat stays available for lightweight work, while workflow mode adds confirm-first startup, resumability, and explicit control only when the extra machinery is worth paying for.

02

Repo truth repeatedly overrides stale summaries

A re-grounding step reconciles workflow state against the current codebase rather than trusting old plans or conversational continuity. That makes recovery possible after compaction, interruption, review findings, or plain drift over time.

03

Execution is bounded to one verifiable slice at a time

Implementation advances through one explicit slice with locked acceptance criteria, targeted verification, and a commit boundary. The goal is not to look busy across a wide surface, but to make progress in reviewable units that can be revalidated later.

04

Evaluation and reconciliation are part of the loop

A serious closed loop does not move straight from implementation into more implementation. Review, audit, and canonical reconciliation sit in the middle so the system can decide whether to accept the slice, reopen it, update the backlog, or select the next bounded step.

05

Closure is governed, not conversational

Done is not declared because the model sounds confident or the conversation feels complete. The loop only closes when current evidence, verification, and explicit stop criteria say the workflow can honestly stop.

This kind of closed loop is not ceremony for its own sake. It is a response to real model limitations: finite context, mission drift, weak implicit memory, and the gap between plausible output and verified engineering result. Once those constraints are taken seriously, external state, re-grounding, bounded slices, evaluation inside the loop, and governed closure start to look less like overhead and more like basic workflow infrastructure.

#6 Layers Capabilities

Required Capabilities

What serious AI-native engineering actually needs

This is better understood as a capability stack than as a single tool choice. If the goal is real engineering work rather than short-horizon assistance, these capabilities are difficult to avoid.

01

A realistic model of model behavior

A serious workflow starts with a clear view of what LLMs are good at, where they drift, and how outcomes should be judged.

02

Context shaping and working-set control

The system should decide what enters context now, what stays external, and how state is compressed, retrieved, or reintroduced over time.

03

Explicit state classification and long-running task control

Mission state, slices, checkpoints, recovery, and clear distinctions between durable, workflow-ephemeral, and UI-local state should not depend on conversational luck.

04

Runtime boundaries, semantic effects, and orchestration

Tool use and side effects need clear effect boundaries, execution rules, argument validation, failure handling, and observable results that can be inspected afterward.

05

One canonical seam and clear ownership

A feature should converge on one canonical workflow seam so both humans and AI know where “what happens next” belongs.

06

Verification surfaces and evidence loops

Good workflows make evidence easy to inspect through checks, tests, reviewable outputs, and clear traces of what actually happened.

07

Delivery hygiene and reviewable packaging

Work should end in clean, reviewable units—ideally one bounded slice at a time—instead of a pile of loosely related edits, scattered ownership, and rushed cleanup.

08

Learning and distillation

When a pattern works repeatedly, it should be distilled into reusable capability instead of being relearned through manual repetition.

09

Canonical external state and resumability

Workflow continuity should survive compaction, interruption, and restarts through machine-readable external state rather than conversational continuity alone.

10

Governed stop and closure

Done should be a controlled decision backed by current evidence, review, audit, and explicit stop criteria—not by model confidence or conversational momentum.

#7 Ownership Human Role

Where humans should remain in the loop

Human judgment is not removed. It is concentrated where it matters.

AI should absorb repetitive execution without quietly taking over the parts of engineering that still depend on meaning, risk, and accountable judgment.

Framing Before execution

Humans define the problem and the real constraints

Even the best workflow still needs a human to clarify intent, success criteria, boundaries, and the less obvious context that determines what “correct” actually means.

Tradeoffs During exploration

Humans choose which tradeoffs are worth making

Speed versus cleanliness, local patch versus broader refactor, short-term fix versus long-term consistency—these are engineering judgments, not purely statistical choices.

Convergence Before implementation

Humans decide when exploration becomes execution

Open exploration is valuable, but someone still has to decide when the option space is good enough and work should narrow around one path.

Meaning During review

Humans validate product meaning, not just passing checks

Tests can pass while user-facing meaning, architectural intent, or operational consequences are still wrong. Human review remains essential there.

Risk Before shipping

Humans accept risk and irreversible consequences

Deployments, migrations, security-sensitive changes, data writes, and other high-impact actions should remain clearly accountable human decisions.

Learning After the task

Humans decide what becomes reusable capability

Distillation is a judgment call too: what should become a playbook, command, constraint, or workflow—and what should remain a one-off decision?

#8 Limits Tradeoffs

Tradeoffs and failure modes

What this approach costs—and where it can still fail

A first-principles workflow does not become simple just because it is principled. It creates leverage, but it also introduces overhead, maintenance burden, and new ways to go wrong.

More explicit control means more machinery

Checkpoints, workflow state, and verification surfaces improve reliability, but they also make the system itself more complex to build, operate, and maintain.

Not every task deserves the full system

Some work is small enough that a short prompt or lightweight editing loop is still the right answer. Over-systemizing everything creates drag.

Custom workflow logic has maintenance cost

The more tailored the harness becomes, the more carefully it has to stay aligned with real practice. Otherwise it turns from useful workflow into stale ritual.

Control planes create their own upkeep

Canonical state, re-grounding, slice boundaries, and stop rules make long-running work more governable, but they also create ongoing process cost and maintenance burden.

Distillation can freeze current bias

Turning repeated know-how into reusable capability is powerful, but it can also hard-code today’s preferred pattern too early.

AI-friendly structure must still serve humans and product

Architecture should become clearer, not more doctrinaire. Optimizing for AI only helps if it also preserves human maintainability and serves real product needs.

Metrics help, but they never replace judgment

Token counts, cost, and test results are useful, but they are still partial signals. A workflow can look efficient while still solving the wrong problem.

Why this is still worth doing

The goal is not maximum autonomy. It is a development system in which model strengths compound and model weaknesses are deliberately constrained.

When the workflow is well designed, AI stops being just faster autocomplete. It becomes part of a broader engineering operating model—one that increases throughput, preserves judgment, and turns repeated know-how into reusable capability.

Minimum team operating standard

For non-trivial AI-assisted engineering work, our default baseline is:

  1. Make the mission explicit before scaling the workflow.
  2. Keep workflow logic and state in one place.
  3. Do not hide business branching in UI layers or adapters.
  4. Leave reviewable verification evidence for non-trivial AI-generated changes.
  5. Use heavier workflow control only when it earns its cost.