Skip to content
Safe Agentic

About

Philosophy

The gap between “AI can do the task” and “AI actually ships production value with trust” is not a model-capability problem — it is an engineering environment problem. Agentic engineering is the discipline of constructing that environment.

Five pillars, working together:

  1. Focus — narrow the agent’s world to what matters; what remains is the right context. Focus excludes, context includes — inseparable
  2. Validation — hard, deterministic rules that catch non-deterministic output
  3. Actions — the agent’s ability to act externally in the real world
  4. Safe Space — blast-radius containment, so “going wrong” has bounded cost
  5. Workflow — the meta-layer that ties 1–4 together, including periodic and proactive loops

Guiding principle: What is good for humans is good for the AI. A tidy, well-instrumented, well-guarded codebase scores well on this rubric whether the next contributor is a senior engineer or an agent. “Agentic engineering” is arguably just engineering done properly.

Corollary: Structural enforcement over procedural gating. Where a concern can be enforced by a mechanism — IaC for infrastructure, branch protection for source control, credential tenancy for identity, policy-as-code for IAM — the rubric scores the mechanism. Humans as judges of a mechanism’s correctness remain load-bearing; humans as executors of a procedural step are flagged as sub-level-2. Agents stress-test at scale and speed what would have broken under human load too.

Scope and boundary

The rubric is focused on engineering environments — it scores the readiness of a codebase to host agentic work. It is not a compliance framework; it does not replace organisational governance, formal attestation standards (SOC 2, ISO 27001, NIST), or third-party-risk programs. Where the rubric’s concerns coincide with those frameworks — most often in access control, change management, monitoring, availability — applying the rubric naturally builds toward compliance readiness on the overlapping dimensions. Where the rubric has not yet addressed a compliance-adjacent concern, open questions about which concerns to absorb, refine, or leave to complementary instruments are captured in the Open Questions section. Coexistence with compliance frameworks is the current stance; convergence is neither the goal nor foreclosed.

The rubric holds one additional boundary explicitly: engineering does not need PII. PII lives on the production-data side of the boundary between production and engineering systems. Logs, memory, caches, git history, CI artefacts, and agent tool surfaces are PII-free by design, not by layered masking. The criteria that implement this — PL4-pii-masking, PL4-memory-safety, PL4-prompt-injection-defence, and the ingestion discipline in PL1-real-world-feedback and PL3-emission-quality — realise a single bright line, not parallel defences.

rubric_version: v0.27 · apptivity-lab/agentic-engineering