Zum Hauptinhalt springen

/ Thinkia · Methodology /

Exponential AI delivery.

Copilots accelerate individual engineers. The exponential leverage is in the delivery system. Six governed phases, one Golden Spec, three risk tiers — reproducible AI delivery at enterprise scale.

The copilot plateau

Copilots accelerate engineers. They don't fix the delivery system.

  • No shared context

    Each sprint starts from scratch. Without a Context Package, AI agents lose the intent, constraints, and decisions made in every previous phase.

  • Ungoverned generation

    Code ships without traceability. No AI-BOM to inventory what was generated, no risk classification, no sign-off chain — only a diff.

  • Spec drift

    Requirements scatter across tickets and chat. Without a living `.spec.md`, architecture decisions vanish and intent decouples from implementation.

  • Model sprawl

    Every engineer picks a different AI tool. No unified gateway means no cost control, no data sovereignty, and no consistent policy enforcement.

  • Rework dominates

    Without a methodology, 60% of time goes on rework and debugging AI output. Speed at generation becomes slowness at delivery.

  • No repeatability

    Results depend on who was in the room, not on a system. What worked in one project cannot be transferred, audited, or scaled.

Paradigm shift

Stop writing code. Start specifying intent.

VibeCoding — AI-assisted typing, faster prototyping — is the first step. Spec-Driven Development is the next. The same AI, now operating on a governed delivery system shared by the entire team.

The four pillars

  1. Specification is the new source code.

    Tacit knowledge from senior engineers becomes explicit artifacts. The specification acts as the contract that the code implements.

  2. Review is the central activity.

    Engineer time shifts from writing code to validating it, increasing from 20% to 50% of their time.

  3. Architecture is designed to be readable by agents.

    Patterns and conventions are stored in versioned artifacts rather than just being part of conversations.

  4. Governance is integrated into the flow.

    Quality gates, Data Loss Prevention (DLP), and traceability are built into the process edges rather than being separate layers.

Maturity journey

The journey of AI-assisted software.

Not every organisation starts at the same point. There are five stages in the maturity of AI-assisted software development — and knowing where you are defines what you should do next.

  1. Traditional Development

    Software is built manually, with full control but at a high cost.

  2. VibeCoding

    Software is generated fast… but without control or consistency.

  3. Coding 3.0

    Software is accelerated with AI, but still relies on the developer.

  4. Spec-Driven Development

    Software is defined through structured intent within a rules framework.

  5. Destination

    Enterprise AI-SDLC

    Software is orchestrated as a governed system of rules, specs, and capabilities.

The critical jump: from VibeCoding to Spec-Driven

The biggest mistake organisations make is confusing VibeCoding with transformation. Generating code fast without governance creates technical debt at AI speed. The key is not generation speed — it is the quality of the specification that precedes it.

Enterprise AI-SDLC: the destination

At the Enterprise stage, software stops being an artisanal product and becomes the governed output of a system of rules, specs, and capabilities. AI does not replace the engineer — it redefines what kind of engineer you need to be.

Six phases

F0 to F5 — six phases, six signed outputs.

The five phases — Framing, Spec, Generation, Review, Delivery — map to six signed outputs: F0 through F5. Each phase starts with the Context Package from the previous one: the Golden Spec, the AI-BOM, and the last Health Report.

  1. 1

    F0 — Input Bundle

    Strategic alignment, backlog refinement, risk inventory, and context map. The signed output is the Context Package that all subsequent agents read before generating anything.

  2. 2

    F1 — Problem Framing

    Precise problem definition, scope boundaries, and the first risk-tier assignment. Produces the `.spec.md` System Brief — the intent document every agent operates against.

  3. 3

    F2 — Spec Engineering

    Structured specification work: architecture decisions, component contracts, and interaction design captured in machine-readable form. Produces the `.design.md` Architecture Decision Record and the `.ui-spec.md` interaction specification — completing the Golden Spec before generation starts.

  4. 4

    F3 — Construction

    AI-assisted parallel development against the Golden Spec. Each code unit is risk-classified (Green / Amber / Red), logged in the AI-BOM, and validated by the 17-point quality gate before sign-off.

  5. 5

    F4 — QA & Validation

    Structured testing gates: functional, performance, security, compliance. The skill library runs all 17 automated validators and produces a phase Health Report before any signature is collected.

  6. 6

    F5 — Production Handoff

    Deployment, monitoring baseline, and operational runbook. The five-signature chain closes — PM, Architect, Security, Legal/Compliance, Platform Owner — making every delivery traceable end-to-end.

You do not have to adopt all six phases at once. Most teams start with F0 (Input Bundle) and the Golden Spec, and expand the framework incrementally as confidence grows.

The governance backbone

The Golden Spec

One mandatory artefact per sprint. Three master files that define what gets built. Five signatures that confirm it is safe to build it.

What it is

The Golden Spec is the governance backbone of every AI-SDLC project. It is created at F0 and signed at every phase gate. Without it, no AI agent generates — and no output ships.

`.spec.md` — System Brief

The project's intent in a single file — goals, personas, constraints, and non-functional requirements. This is what every AI agent reads before generating anything. The contract between business intent and technical execution.

`.design.md` — Architecture Decision Record

Every structural decision with its full rationale — what was chosen, what was rejected, and why. Prevents architecture drift as the project evolves and gives the five-signature chain a concrete artefact to review.

`.ui-spec.md` — UI Specification

The interaction specification and component contract. Defines screen states, user flows, and component behaviour so AI-generated UI is anchored to deliberate design decisions, not model intuition.

AI-BOM + Health Reports

The AI Bill of Materials inventories every AI-generated code unit with its risk tier and sign-off status. Phase Health Reports are quality snapshots produced by the 17 skill library validators at each gate.

The five-signature chain

PM · Architect · Security · Legal/Compliance · Platform Owner. Every phase gate requires the full chain before the Context Package advances. No partial sign-offs, no exceptions.

Golden Spec — governance document for AI-driven development

Risk governance

Three tiers. One policy.

Every code unit produced by or with AI is assigned a risk tier at generation time and logged in the AI-BOM. The tier determines which of the 17 quality validators run, the reviewers required, and the audit evidence that must exist before the unit can ship.

Green

AI-generated, human-reviewed

Low-risk units: documentation, test scaffolding, boilerplate. Generated freely against the Golden Spec, reviewed by one engineer. Single sign-off required before advancing.

Amber

AI-assisted, human-validated

Medium-risk units: business logic, API integrations, data transformations. Validated against the `.design.md` ADR with two sign-offs and a Health Report confirming all relevant validators passed.

Red

Human-authored, AI-supported

High-risk units: security controls, compliance logic, financial calculations. Human authors the draft with AI support; the full five-signature chain is required before the unit enters the AI-BOM as cleared.

Outcomes

What governed AI delivery looks like in production

6–10×

Faster delivery

Same team, 6–10× the output. Engineers spend time on intent and sign-off, not on rework.

90%

Less context loss

The Context Package — Golden Spec, AI-BOM, Health Report — carries full project state across every phase and every sprint.

100%

Audit-ready

Every artefact signed. Every AI-generated unit inventoried in the AI-BOM. Every phase output traceable to a business requirement.

17

Quality validators

Pre-built checks covering functional, security, performance, and compliance gates — run automatically by the skill library at each phase boundary.

108

Validated skills

MCP-compatible skill library invokable by Claude, GPT-4o, or Gemini — no custom integration required in any compliant AI toolchain.

4–6 weeks

Stage 1 MVP

Sprint 0 takes 2–4 weeks to install the methodology. Stage 1 MVP ships in 4–6 weeks with CI enforcement and the full phase chain active.

Where it lands

Built for regulated, complex environments

Financial services

Audit trails, model risk controls, and compliance gates built into every phase — not bolted on afterwards.

Healthcare & life sciences

Patient data governance and clinical software validation requirements met by the risk-tier system and five-signature chain.

Enterprise software

Large engineering teams adopting AI at scale need structure, not just tools. The methodology gives them a shared operating model.

Public sector & defence

Sovereign deployment, classified context handling, and full auditability — the Red tier covers the highest-stakes code.

Retail & e-commerce

Fast delivery cycles without regression risk. AI-assisted construction under the Green/Amber framework cuts time-to-market safely.

Questions

Common questions

What is VibeCoding and why does it plateau?

VibeCoding is AI-assisted individual productivity — faster typing, faster prototyping — still relying on each engineer's local context. It plateaus because it doesn't fix shared specs, risk classification, or governance. Spec-Driven Development is the next step: the team, not just the individual, operates with AI at every layer of the delivery system.

How is this different from standard Agile or DevOps?

Agile and DevOps were designed before AI-generated code was a reality. The AI-SDLC adds a risk-tier classification system, a three-file machine-readable Golden Spec, and a five-signature governance chain designed specifically for AI-generated artefacts.

Do we need Thinkia Pulse to use the methodology?

No. The methodology is toolchain-agnostic. However, Pulse provides native support for the Golden Spec, the skill library, and the MCP gateway — making adoption significantly faster.

How does the risk-tier system work in practice?

At F3 construction, each code unit is tagged Green, Amber, or Red based on its business criticality and data sensitivity. The tier determines the review chain: one engineer for Green, two sign-offs for Amber, the full five-signature chain for Red.

Is this a tool or a methodology?

A methodology. The Enterprise AI-SDLC is a governance framework — a set of phases, artefacts, and review practices. Thinkia Pulse is the platform that implements it, but teams can adopt the methodology with their own tooling.

What is Sprint 0 and how do we start?

Sprint 0 is a structured onboarding engagement where Thinkia maps your current delivery process, installs the methodology, and produces the first Input Bundle and Golden Spec for your first AI-SDLC sprint. It typically takes 2–4 weeks.

What does "MCP-compatible" mean for the skill library?

The 108 skills in the library are packaged as Model Context Protocol tools. Any AI agent that supports MCP — including Claude, GPT-4o, and Gemini — can invoke them directly without custom integration.

Can we adopt it phase by phase?

Yes. Most teams start with F0 and the Golden Spec, then progressively adopt the risk-tier system, the quality validators, and the full phase chain. The methodology is designed for incremental adoption — no big-bang rollout required.

Two ways to start

Begin with structure.

Read the AI-SDLC Playbook — the complete methodology in a single document, with phase templates, the Golden Spec format, and the 17-validator checklist.

Or book a Sprint 0 conversation. We'll map your current delivery process and show you exactly where the methodology applies.