Drafting: summaries, first-pass proposals, PRs under templates.
Retrieval and monitoring: surface signals, anomalies, and deltas.
Logging and traceability: produce artifacts for review.
Default rule: If the cost of a wrong decision is high or irreversible, keep it Human or Hybrid. If it’s repetitive, checkable, and reversible, make it AI.
It answers ONE specific question. Not a collection of related ideas—one decision.❌ Bad: “Our design should be clean, consistent, and user-friendly”
✅ Good: “Use max one primary button per screen section”
No room for interpretation. Two people reading it make the same choice.❌ Bad: “Use color intentionally”
✅ Good: “Brand colors only for interactive elements—buttons, links, focus states”
Gene: [Name] Clear, specific identifierContext: [Why this rule exists] The reasoning behind the decisionRule: [The actual decision] The explicit constraint or patternConstraints: [What this affects or limits] Which other genes or strands this impactsExample: [Real-world application] How this looks in practiceExecutor: [Human | AI | Hybrid] Who executes this gene in practiceAI Scope: [Allowed actions / Prohibited actions] What the AI may automate vs. must not doReview: [None | Spot-check | 100% sign-off] Human oversight required for outputsData: [Approved data sources / scopes] What data the executor (AI/Human) may accessAudit: [Log spec] How outputs, prompts, and decisions are recordedTests: [Acceptance criteria] Small set of checks that prove compliance
Gene: Brand Voice - PersonContext: We want to feel direct and personal, not corporateRule: Always write in second person ("you"), never third person ("users" or "customers")Constraints: - Applies to all product copy, docs, and marketing - Sales emails can use first person ("we") when appropriateExample: ✅ "Your data is encrypted" ❌ "User data is encrypted"Executor: HybridAI Scope: - May rewrite drafts into second person - Must not publish without human spot-check for key pagesReview: Spot-checkData: Public brand guide + approved copy corpusAudit: Store diffs of AI rewrites with author + timestampTests: - 10-sample monthly audit shows ≥95% second-person compliance
Gene: Feature Scope - Power Users FirstContext: We're building for experts, not beginners. Depth matters more than ease.Rule: New features must provide value to power users. If a feature is "nice for beginners but not useful for experts," we don't build it.Constraints: - Onboarding features are the exception - If experts would turn it off, don't ship itExample: ✅ Advanced filters, keyboard shortcuts, batch actions ❌ Tooltips explaining basic conceptsExecutor: HumanAI Scope: - May suggest features based on usage data - Must not decide scope without human approvalReview: 100% sign-off for new featuresData: User research, usage metricsAudit: Feature approval tickets retained 12 monthsTests: - User testing shows power users benefit clearly
Gene: Button HierarchyContext: Consistent visual weight prevents decision paralysisRule: - Primary button: Solid, brand color, for main action - Secondary button: Outline, brand color, for alternate action - Tertiary button: Text only, for low-priority actions - Max one primary button per screen sectionConstraints: - Destructive actions use tertiary with red text - Loading states maintain button type (primary stays primary)Example: In a modal: - "Save" = Primary - "Cancel" = TertiaryExecutor: AIAI Scope: - May enforce button styles via linting - Must not change button hierarchy without reviewReview: None for style enforcement, Human for hierarchy changesData: UI component libraryAudit: CI logs for linting violationsTests: - CI fails if button hierarchy rules are violated
Gene: Error Handling - Inline FirstContext: Errors should appear where the problem is, not as interruptionsRule: - Form errors: Inline, next to the field - Action errors: Toast notification, bottom-right - System errors: Modal, only when action cannot continueConstraints: - Never use alert() or browser dialogs - Errors must be dismissable (except blocking modals)Example: - Email validation fails → red text below field - Network request fails → toast: "Connection lost. Retrying..."Executor: AIAI Scope: - May lint PRs and auto-comment when rules are violated - May open autofix PRs for copy-only or placement changesReview: None for lint comments, Human merge for autofix PRsData: UI codebase + component libraryAudit: CI logs of violations and autofix PRsTests: - CI blocks merge if violations > 0
Gene: API Response FormatContext: Consistent API responses simplify client code and reduce bugsRule: All API endpoints return JSON:API format { data: {...}, meta: {...}, errors: [...] }Constraints: - No direct status codes in response body - Use HTTP status codes correctly (200, 400, 500) - Errors always as array, even if single errorExample: Success: { data: { id: 1, name: "..." }, meta: { timestamp: ... } } Error: { errors: [{ status: 400, detail: "Invalid email" }] }Executor: HybridAI Scope: - May enforce via schema checks and code mods - Must not accept breaking changes without ticket + approvalReview: 100% sign-off for schema changesData: API repo + contract testsAudit: Contract test artifacts retained 12 monthsTests: - Contract tests pass across all endpoints
Gene: PII Access ControlContext: Privacy is non-negotiable, access must be auditableRule: Personally Identifiable Information (PII) only accessible by: - Backend services with explicit need - Admin users with 2FA enabled - All access logged to audit tableConstraints: - Frontend never receives raw PII (emails, addresses, etc.) - Use masked/hashed versions for display - Logs stored for 2 years minimumExample: - Admin sees: "john.doe@example.com" - Frontend sees: "j****e@example.com"Executor: HumanAI Scope: - May not access or process PII - May scan for compliance and report issuesReview: 100% sign-off for access changesData: User data access logsAudit: Access logs retained 2 yearsTests: - Regular audits show no unauthorized PII access
Gene: AI DisclosureContext: Users must know when they're talking to AI vs. humanRule: Always disclose AI-generated responses with visual indicator: - Avatar labeled "AI" - Subtle badge on message card - Disclaimer on first AI message in threadConstraints: - Never pretend AI is human - Even when AI is 99% accurateExample: AI message includes: "✨ AI-generated response"Executor: AIAI Scope: - May generate and send AI disclosures - Must not disable or obscure disclosureReview: NoneData: N/AAudit: Log all AI-generated messagesTests: - 100% of AI messages include disclosure
Gene: Meeting-Free DaysContext: Deep work requires uninterrupted blocksRule: No internal meetings on Tuesdays and ThursdaysConstraints: - Applies to all teams - External meetings (customers, investors) allowed - Exceptions require CEO approvalExample: - Monday: Planning meeting - Tuesday: Deep work - Wednesday: Sync meetings - Thursday: Deep work - Friday: Retros, demosExecutor: HumanAI Scope: - May suggest agenda items or action points - Must not schedule or cancel meetingsReview: NoneData: Team calendarsAudit: Meeting logsTests: - Calendar audit shows no internal meetings on off days
Gene: Discount Approval MatrixContext: Prevent margin erosion while giving reps flexibilityRule: - 0-10% discount: Rep decides - 11-15% discount: Sales Manager approval - 16-20% discount: VP Sales approval - >20% discount: CEO approval + written justificationConstraints: - Discounts apply to annual contracts only - No stacking multiple discountsExample: - $10k deal, 12% discount → Sales Manager approval requiredExecutor: HumanAI Scope: - May suggest discounts based on deal size and history - Must not approve discounts over 10% without managerReview: Spot-check for large discountsData: Sales data, discount historyAudit: Discount approval logsTests: - 100% of discounts over 10% have manager approval
Gene: Model Selection by Use CaseContext: Different models for different needs, optimize for cost/performanceRule: - Reasoning tasks (complex decisions): Claude Sonnet - Speed tasks (autocomplete, suggestions): GPT-4o - Embeddings: OpenAI text-embedding-3-smallConstraints: - Never use o1 for production (too slow) - Switch models based on latency SLAsExample: - Code review analysis → Claude Sonnet - Search query expansion → GPT-4oExecutor: AIAI Scope: - May select and switch models based on task - Must not use deprecated or unapproved modelsReview: NoneData: Model registryAudit: Model usage logsTests: - 100% of tasks use approved models
Gene: Authentication MethodContext: Passwords are a security risk and support burdenRule: OAuth only. No password-based auth. - Supported providers: Google, GitHub, Microsoft - Magic links for email-only usersConstraints: - No "forgot password" flows - No password storage, no bcrypt, no complexity rulesExample: - Login page shows: "Sign in with Google/GitHub/Microsoft" - Email-only option sends magic linkExecutor: HumanAI Scope: - May not create exceptions or temporary backdoors - May scan for violations and open issuesReview: 100% sign-off for auth changesData: Auth config + infra codeAudit: Security review tickets mandatoryTests: - Pen tests confirm zero password paths
Gene: AI Assignment & GuardrailsContext: Avoid misuse of AI; keep humans in charge of high-risk areasRule: - Tag each gene with Executor = Human | AI | Hybrid - AI may automate reversible, testable tasks only - Human sign-off required for legal, HR, security, pricing, or irreversible commitsConstraints: - AI cannot approve contracts, grant prod access, or override security policies - AI must operate within approved tools and data scopesExample: - AI drafts an SOW → Human must approve before sendingExecutor: HumanAI Scope: - Generate drafts, validations, alerts; no final approvalsReview: 100% sign-off for outputs affecting customers or prodData: Only approved, non-PII corp data unless DPO-approvedAudit: Store prompts/outputs for 90 days; link to ticketsTests: - Random weekly audit of 20 AI outputs → 0 critical violations
