Brainstorm on an agentic SDLC
Ticket #256: Brainstorm on an agentic SDLC — Spec Kit & LangChain
Type: Governance / SDLC / AI
Affected Component: .github/agents/, .specify/, specs/008-agentic-brainstorm/, docs/activity_report/, docs/fr/activity_report/
1. Context and Objective
From the start, the vision for the AFA project has been clear: to make it a concrete laboratory for SDLC automation with AI, not merely a business application. The reflection presented in this report marks a decisive step in that direction.
The initial idea was to build an agentic universe inspired by a virtual company. In this model, I play the role of the President—a non-technical profile who expresses needs and expectations in plain language. A first agent, the Chief Executive Officer, receives these directives, translates them into a technical action plan, coordinates execution by a team of specialized VPs, then returns results and improvement suggestions to me—always in non-technical language. Each VP is an expert in their domain: product, infrastructure, development, and quality assurance.
The objective of this reflection session was therefore to determine whether this vision could be implemented in a realistic manner, without compromising the governance, security, and maintainability of the SDLC already in place with Spec Kit.
2. Doubts and Risk Assessment
From the very first exchanges with Gemini, my brainstorm assistant during this session, several legitimate questions emerged, each raising a concrete risk.
- Duplication risk: By adding a hierarchy of LangChain agents, would we risk reproducing what Spec Kit already does with its own framing and delivery agents?
- Over-automation risk: To what extent should we allow AI to act autonomously, particularly on operations as sensitive as production deployment and rollback?
- Orchestration debt risk: Would a large number of agents interacting with each other ultimately cost more to maintain than the value they produce?
- Governance dilution risk: How could we preserve mandatory owner approval and the deterministic safeguards already in place if agents make decisions autonomously?
These four risks guided the entire reflection that followed.
3. Structuring Clarification from the Discussion
To move forward, a fundamental distinction became clear.
Spec Kit is the framing and delivery layer: specification, planning, task decomposition, guided implementation. It is the skeleton of SDLC. LangChain, for its part, should not compete with this role. Its most useful contribution lies elsewhere: in analysis, synthesis, and decision support, as a complement to what Spec Kit already does.
By establishing this boundary clearly, we eliminate the principal trap identified: rebuilding Spec Kit in LangChain, with two orchestrators that overlap and contradict each other.
4. Final Point of Convergence
This reflection resulted in a consensus articulated in four firm decisions.
- Maintain the deterministic layer as release authority: GitHub Actions and Pytest remain the final arbiters—a test suite that passes or fails, with no ambiguity or probabilism.
- Preserve human-in-the-loop: all sensitive write operations remain conditional on explicit owner approval.
- Start LangChain with only two analytical agents:
- an Incident Analyzer, to diagnose anomalies and propose remediation suggestions, in advisory-only mode;
- a Retrospective Synthesizer, to produce drafts of activity reports and lessons learned from session artifacts, also in advisory-only mode.
- Explicitly exclude any LLM autonomy over deployment or rollback at this stage.
5. Formalized Decision and Traceability
To formalize this consensus and prepare the next phase, a parent issue was created in the GitHub repository: #256.
This issue serves as a strategic container for future decomposition into child issues, covering architecture, interface contracts, incremental implementation, observability, and validation criteria.
6. Business and Engineering Impact
This framework offers a robust balance between acceleration and risk control.
- Speed: AI continues to accelerate content production and incident analysis.
- Control: the quality of each release remains validated by deterministic systems, without dependence on a probabilistic model.
- Governance: final responsibility for critical decisions remains clearly human.
- Maintainability: by limiting the number of agents from the start, we avoid premature explosion of orchestration complexity.
In practice, we avoid an "agent factory" while preserving the concrete value that AI can bring.
7. Lessons Learned
Three key insights emerge from this reflection.
- The best strategy is not to automate the maximum number of tasks, but to automate the right layer at the right time.
- When two approaches both appear valid, the right decision typically emerges from a clear separation of responsibilities between layers.
- AI produces more durable value in post-run analysis and decision synthesis than in autonomous control of production actions.
8. Next Step
The next step is to decompose parent issue #256 into executable child issues, then launch a minimal first batch:
- Incident Analyzer interface contract,
- Retrospective Synthesizer interface contract,
- SDLC acceptance criteria and governance safeguards.