Practical patterns, templates, and threat models for secure AI-assisted software delivery.
This repository treats AI coding agents as semi-autonomous delivery participants, not smarter autocomplete. The goal is to help senior engineers, platform teams, AppSec teams, and mobile/client teams adopt coding agents without weakening delivery controls.
- Senior, staff, and principal engineers introducing agent-assisted delivery
- Platform teams defining paved paths for AI coding tools
- AppSec teams reviewing agent risk, credentials, evidence, and auditability
- Mobile/client teams using agents in React Native, iOS, Android, and Kotlin Multiplatform repositories
A secure agent workflow is a constrained delivery loop:
- Define a bounded task
- Provide curated repository context
- Run the agent in a sandbox with scoped credentials
- Require tests, evidence, and review notes
- Apply normal SDLC gates
- Preserve audit trails and rollback paths
Agents can accelerate work, but they also introduce new failure modes: over-broad changes, hidden dependency updates, credential exposure, generated code that bypasses architectural constraints, fabricated evidence, and insecure defaults. This repository gives teams reusable controls rather than generic advice.
| Path | Purpose |
|---|---|
docs/secure-coding-agent-workflow.md |
End-to-end secure agent workflow |
docs/threat-model.md |
Threat model for agent-assisted delivery |
docs/task-risk-matrix.md |
Risk tiers and required controls |
docs/mobile-agent-safe-checklist.md |
Mobile/client-specific guardrails |
templates/ |
Drop-in repo templates for agent instructions and review controls |
examples/ |
Example task and PR contracts |
diagrams/secure-agent-workflow.mmd |
Mermaid workflow diagram |
- Copy
templates/AGENTS.mdinto the target repository root - Add
templates/SECURITY_INVARIANTS.mdand adapt it to the system - Use
docs/task-risk-matrix.mdto classify agent tasks before execution - Require
examples/agent-task-contract.mdfor medium/high-risk agent work - Add
templates/REVIEW_CHECKLIST.mdto PR review expectations - Move repeated controls into CI, pre-commit hooks, branch protection, and release gates
- Test generation for well-scoped modules
- Documentation updates from existing code
- Dependency update preparation with human review
- Refactors constrained to one package or feature flag
- Static analysis finding remediation where the finding is already understood
- Mobile UI test scaffolding with explicit platform constraints
- Authentication, authorization, cryptography, payment, or privacy-sensitive rewrites
- Broad architecture migrations without a human-authored plan
- Release automation changes without rollback testing
- Mobile build/signing/provisioning changes using production credentials
- Large dependency upgrades with transitive supply-chain risk
- Bound the task before invoking the agent
- Provide only the context needed for the task
- Prefer read-only credentials by default
- Never expose production secrets to the agent runtime
- Treat agent output as untrusted until reviewed and tested
- Require evidence, not claims
- Make rollback boring
- Keep humans accountable for merge and release decisions
Early public starter structure. Expect the templates to evolve as teams apply them to real repositories and CI/CD systems.