01 · Engineering
You ship code where the stakes are tenant isolation and PHI safety. Every merge passes CI gates that encode our invariants: RLS on every PHI table, a three-method supervisor, a capability-agnostic orchestrator, Firecracker/gVisor for anything touching PHI. Claude Code is your primary surface — it auto-loads CLAUDE.md, so the invariants are already in the room.
Prompt iteration example
Section titled “Prompt iteration example”Use case: Build a new agent capability end-to-end.
You’re adding a new intake agent to the à la carte surface. You open Claude Code at the monorepo root and type:
Confirm you’ve loaded CLAUDE.md. I’m adding a new intake agent. Before writing code, state: (1) which architectural invariants apply, (2) which files you’ll touch, (3) whether this crosses the PHI boundary — if yes, name the sandbox and RLS controls that apply. Then wait for my go-ahead.
Claude responds with the invariant checklist and a file plan. The plan looks right, but you want the manifest handled first:
Good. Start with the agent manifest only: digest-pinned image, explicit egress allowlist, hard resource ceilings. Show me the manifest before touching the orchestrator.
You review the manifest and approve. Now the wiring:
Manifest approved. Wire the registration path. Remember: zero per-agent branches in orchestrator code — if you feel the urge to add a conditional keyed on agent type, stop and tell me instead.
Claude wires it cleanly. Before opening the PR:
Generate the pgTAP RLS tests for the new intake tables and a PR description with sections: What / Why / Security-relevant changes / Test evidence / Rollback plan.
Example use cases
Section titled “Example use cases”Backend engineer · Rust / Go
Section titled “Backend engineer · Rust / Go”Use case: Security-first code review. A teammate’s PR touches the gateway and a PHI table. You type:
Review this diff as a hostile security auditor for a multi-tenant healthcare platform. Check: cross-tenant leakage — is every PHI query scoped by (tenant_id, agent_id) with RLS as backstop, not just app-layer filtering? Supervisor surface — anything beyond the three permitted methods is a blocker. Egress — any network call outside the manifest allowlist? Secrets outside Vault? Output BLOCKER / WARN / NIT with file:line.
Use case: FSM change verification. A diff modifies the six-phase agent lifecycle. You type:
This diff touches the lifecycle FSM. Verify: no state reachable without manifest verification; every terminal state tears down the sandbox and wipes working memory; no transition lets an agent outlive its resource ceiling. If the state chart in ARCHITECTURE.md no longer matches the code, list the drift.
Use case: Debugging rubber duck. Something’s wrong between the orchestrator and a sandbox. You type:
I’m debugging. Don’t propose fixes yet. Ask me the 5 questions most likely to isolate the fault, one at a time, updating based on my answers. Stack: Rust/axum gateway, Go orchestrator, Supabase Postgres, Firecracker sandboxes, Linkerd mTLS. Symptom: [symptom].
Frontend engineer · Next.js 15
Section titled “Frontend engineer · Next.js 15”Use case: Build a diff/approve surface.
Build the review-and-approve view for [agent] output per prds/02-frontend.md. Constraints: active-task PHI in memory only — nothing in localStorage, sessionStorage, or IndexedDB; state strip must reflect the real backend lifecycle states from ARCHITECTURE.md §5, not invented ones. Show me the component tree before writing code.
Use case: PHI-in-browser audit.
Audit this frontend diff for PHI persistence: any write to browser storage, any PHI in URL params, any PHI reaching analytics or logging calls. Also flag PHI that could survive in React Query cache beyond task completion.
Infrastructure / DevOps
Section titled “Infrastructure / DevOps”Use case: Terraform / K8s sanity check.
Review this infra diff for: blast radius, anything widening egress beyond manifest allowlists, anything downgrading a PHI agent from Firecracker/gVisor toward plain runc, secrets outside Vault, drift from ARCHITECTURE.md. Output go/no-go with reasons.
Use case: Red-team a feature before build.
Before we build [feature], attack it. Attacker profiles: (a) malicious tenant admin, (b) compromised agent image, (c) insider with orchestrator repo access. For each: attack path → what invariant stops it → what test proves the invariant holds. Any path with no stopping invariant: say BLOCKED: NEEDS DESIGN and stop.
Use case: PR description generator.
Write a PR description from this diff. Sections: What / Why / Security-relevant changes (explicitly say “none” if none) / Test evidence / Rollback plan. Terse. No marketing language.