~ / headless_mode /
$ docs $ releases $ github $ about
$ AI agent governance, security tooling, and mechanical enforcement.

Just Because You Can... A Discovery in Vibe Engineering

ai-development, claude-code, vibe-engineering, rigscore, lessons-learned

First came the true governance. Mechanical enforcement of boundaries that align with my workflow at the system, group, user, file, and command level. Not behavioral rules in a prompt — filesystem permissions, mount points, command allowlists. The kind of constraint the AI cannot rationalize around because it is not asking the AI for permission.

Then the building started. Over three months on the Claude Max tier I produced about 20 distinct projects across content generation, dev tooling, and data-intelligence work. Roughly 147,000 lines of source. Six of those reached real production use.

As I tried to find the LLM’s limits and boundaries, waiting for things to break, I found that it worked great for my main project, but for the rest the complexity was growing as the value of pursuing these projects was dwindling. Today’s pace of the industry is “today’s feature is tomorrow’s default capability.” The heavier pieces of my earlier stack have been retired. What replaced them is simpler: pre-commit hooks for enforcement, a governance test suite, and rigscore.

The scorer is the piece I kept reaching for across projects, so I split it out. It reads local filesystem state — MCP configs, CLAUDE.md files, skill files, .claude/settings.json, Docker compose, git hooks, secrets patterns — and returns a score out of 100 with actionable findings. Zero network calls. One dependency graph you can audit in a minute.

A few takeaways from the whole run, in the order they bit me:

  • Mechanical enforcement first. Behavioral rules drift; filesystem permissions don’t.
  • Be mindful of git management and multiple parallel sessions.
  • The value isn’t in writing the perfect prompt. It’s in saving prompts, maturing them, and retiring the ones that stop earning their keep.
  • Recurring management of saved prompts, skills, agents, and especially auto-memory is crucial. More is not better.
  • Watch what is loaded into memory and your context window. Deliberately end sessions.
  • Define where non-deterministic behavior belongs. Graduate everything else to deterministic code.

The saying is “just because you can, doesn’t mean you should” — but it also doesn’t mean you shouldn’t. Comparing this price to any class is well worth the consideration if you are careful. It’s not a magic wand.

If you want to check your own setup against the patterns I kept running into, the tool is one line:

1

npx github:Back-Road-Creative/rigscore .

More on the rigscore docs.

Configuration details reflect a production environment at time of writing. Implementation specifics vary based on tooling versions, platform updates, and organizational requirements. Validate approaches against current documentation before deployment.

← Back to Journal