Overview
This standard covers AI-assisted and AI-native development workflows — how to effectively use LLMs and AI agents across the entire software development lifecycle, from planning and scaffolding to debugging and deployment.
Prerequisites: General Standards (workflow section, Git conventions).
What this covers:
- AI-assisted SDLC (planning, coding, testing, reviewing)
- Prompt engineering for code generation
- Agent-based development (multi-step autonomous tasks)
- MCP (Model Context Protocol) server integration
- Building AI features into your products
- AI tool selection and configuration
Stack & Tools (2026)
| Role | Primary | Alternative |
|---|---|---|
| Code generation | Antigravity (primary AI coding partner) | Claude, Gemini, Copilot |
| Code review | Code Reviewer agent (opencode) | — |
| Search & exploration | Explore agent (opencode) | — |
| Commit writing | Commit agent (opencode) | — |
| Documentation | Docs Writer agent (opencode) | — |
| Security audit | Security Auditor agent (opencode) | — |
| Deployment | Deploy agent (opencode) | — |
| Prompting | Claude (reasoning), Gemini (analysis) | GPT-4o, DeepSeek |
| MCP servers | Tool-specific (filesystem, git, terminal, web) | — |
| Context management | AGENTS.md, PROJECTS.md, AGENT_INSTRUCTIONS.md | — |
AI-Assisted SDLC
The Development Loop
1. PLAN → AI helps explore requirements, identify risks, break down work
2. CODE → AI generates scaffolding, implementations, refactoring
3. REVIEW → AI reviews for bugs, security, performance, conventions
4. TEST → AI generates test cases, runs and fixes them
5. DOCS → AI drafts documentation from the implementation
6. SHIP → AI assists with CI/CD, deployment, monitoringPhase 1: Planning (Exploration)
Prompt structure for exploration:
Task: [describe the feature or problem]
Context: [current architecture, relevant files, constraints]
Questions:
1. What files need to change?
2. What are the edge cases?
3. What could go wrong?
Output: Return a structured plan with file paths and change descriptions.Output format request: Always ask AI to return a plan first before executing. This saves time and catches issues early.
Phase 2: Code Generation
Context injection pattern:
Before generating code, I need you to understand:
- Project conventions: [link to AGENTS.md or paste relevant sections]
- File structure: [tree of affected directories]
- Existing patterns: [paste examples of similar code in the project]
- Tech stack: [framework, language, libraries with versions]Iterative prompting:
- First pass: “Generate the implementation for X following the pattern in Y”
- Review pass: “Check the generated code for type errors, edge cases, and a11y issues”
- Refinement: “Optimize this for [performance/readability/bundle size]“
Phase 3: Code Review
Code reviewer prompt:
Review this diff for:
1. Type safety — any implicit any or unchecked casts?
2. Error handling — uncaught exceptions or ignored errors?
3. Performance — unnecessary allocations, expensive operations?
4. Accessibility — missing ARIA, keyboard nav, color contrast?
5. Security — injection vectors, sensitive data exposure?
6. Conventions — naming, file structure, import order?Phase 4: Testing
Test generation prompt:
Write tests for [component/function] covering:
- Happy path
- Edge cases (empty, null, boundary values)
- Error states
- Accessibility assertions (if UI)
Use the same testing framework and patterns as [reference test file].Agent Architecture & Patterns
When to Use Agents
| Scenario | Agent Type | Example |
|---|---|---|
| Codebase exploration | Explore | ”Find all API endpoints and their rate limiting” |
| Multi-step implementation | General | ”Add user settings page with validation and persistence” |
| Security audit | Security Auditor | ”Audit this codebase for secrets and injection vectors” |
| Documentation | Docs Writer | ”Write API documentation for the new endpoints” |
| Code review | Code Reviewer | ”Review this PR for bugs and best practices” |
| Deployment | Deploy | ”Deploy to Vercel production” |
| Commit & push | Commit | ”Stage and commit with a conventional commit message” |
Agent Communication Pattern
User → Orchestrator (human)
│
├── Explore Agent ────── Context gathering
├── General Agent ────── Multi-step implementation
├── Code Reviewer ────── Quality assurance
├── Commit Agent ─────── Version control
└── Deploy Agent ─────── Ship to productionKey Agent Design Principles
- Single responsibility — Each agent handles one type of task well
- Structured output — Agents return formatted results (tasks, files, plans)
- Tool-restricted — Agents only have the tools they need (principle of least privilege)
- Human in the loop — Never auto-approve destructive operations (deploy, delete, force-push)
- Context files — AGENTS.md, PROJECTS.md, and per-project conventions files
MCP Server Integration
What MCP Provides
MCP (Model Context Protocol) servers bridge AI tools with local or remote resources:
| MCP Server | Purpose |
|---|---|
| Filesystem | Read, write, edit project files |
| Git | Repository operations (status, diff, log, commit) |
| Terminal | Run commands, scripts, builds |
| Web fetch | Retrieve documentation, API specs |
| Search | Grep, glob, content search |
| Database | Query schemas, run EXPLAIN, check migrations |
Standard MCP Configuration
{
"mcpServers": {
"filesystem": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-filesystem"],
"env": { "PATH": "/workspace" }
},
"github": {
"command": "npx",
"args": ["-y", "@modelcontextprotocol/server-github"],
"env": { "GITHUB_TOKEN": "${GITHUB_TOKEN}" }
}
}
}MCP Best Practices
- Verify server capabilities before relying on them
- Use environment variables for tokens and credentials
- Keep MCP configurations in version control (opencode.json)
- Test MCP connections on tool initialization
- Document available MCP servers in AGENTS.md
Prompt Engineering Standards
Code Generation Prompts
Good prompt structure:
Role: [You are a senior TypeScript developer...]
Task: [Build a React component that...]
Constraints: [No external dependencies, must be accessible...]
Context: [Here's the existing code this connects to...]
Output format: [Return the complete file contents...]
Verification: [Check for type errors and edge cases...]Common Prompt Templates
Bug fix:
I'm seeing [error/behavior] in [file:line].
Expected: [expected behavior]
Actual: [actual behavior]
Environment: [OS, browser, versions]
Related code: [paste relevant section]
Find the root cause and fix it.Architecture decision:
I need to choose between [option A] and [option B] for [feature].
Requirements:
- [requirement 1]
- [requirement 2]
Constraints:
- [constraint 1]
Analyze trade-offs and recommend with reasoning.Code review:
Review this implementation. Check for:
1. TypeScript strict mode compliance
2. Missing error handling
3. Performance issues
4. Accessibility problems
5. Security vulnerabilities
6. Test coverage gaps
Return issues grouped by severity (critical, major, minor).Building AI Features into Products
Integration Patterns
| Pattern | Use Case | Example |
|---|---|---|
| Prompt API | Direct LLM calls with user input | AI reply generation (Xcelerate SmartReply) |
| RAG | Retrieve + generate (context-augmented) | Documentation Q&A bot |
| Structured output | LLM returns typed data | AI-powered analytics insights |
| Agent loop | Multi-step autonomous task | Content pipeline automation |
| Local inference | On-device AI (Chrome built-in) | Privacy-sensitive analysis |
AI Feature Checklist
- Prompt injection protection — sanitize user input before LLM context
- Rate limiting — prevent abuse of AI endpoints
- Fallback behavior — graceful degradation when AI is unavailable
- Cost tracking — monitor token usage per feature
- Latency budget — AI features should not block page load
- Privacy review — user data sent to AI providers must be disclosed
Review & Shipping Checklist
- AI-generated code reviewed and understood before committing
- Prompt injection vectors assessed for user-facing AI features
- AI tool configurations committed (opencode.json, .cursorrules, etc.)
- AGENTS.md updated with project-specific AI conventions
- Context files maintained (PROJECTS.md for status, ARCHITECTURE.md for design)
- AI tool dependencies documented in README
- Cost tracking set up for paid AI APIs
- Fallback behavior tested with AI services offline
Trends to Watch (2026+)
- Agent orchestration — Multi-agent systems coordinating for complex tasks
- Context window growth — Million-token contexts enabling whole-codebase awareness
- Tool-augmented LLMs — AI models natively calling APIs, databases, and filesystems
- AI-first IDEs — Cursor, Zed, and VS Code Copilot evolving into agentic development environments
- Code review automation — AI catching increasingly subtle bugs and design issues
- Autonomous testing — AI generating and running test suites without human prompts
References
- AI-Accelerated Development in 2026 — The AI-assisted SDLC workflow
- AI Active Memory & Context Hardening — Managing AI context across sessions
- Building Cloud Cost Guardian with Minimalist Architecture — AI-powered analytics in production
- Securing AI Developer Workflows — Security practices for AI-assisted development
- Market Scan 2026 — AI tooling landscape analysis
- External: Anthropic Prompt Engineering Guide, OpenAI Best Practices, MCP Specification