Manifesto

Building agentic systems with method, governance, and clarity.

The ADLC manifesto defines common principles for designing governed, tool-agnostic agentic systems driven by an explicit lifecycle.

Read the manifesto Explore the lifecycle

ADLC Manifesto

A design pact for solid agentic systems

Purpose

Define common principles for building agents and agentic systems in a consistent and scalable way.

Guardrail

The lifecycle works only when requirements pass a clear and shared quality gate.

Focus

Reuse, orchestration, tool independence, and governed change.

SDLC Extension

ADLC is designed as an extension of the SDLC. It preserves the discipline of the software lifecycle while expanding it to cover the specific needs of agentic systems, including governance, orchestration, human-in-the-loop control, and continuous operational improvement.

Positioning

We affirm that agentic delivery must be governed end to end. Security, runtime monitoring, and operational control are necessary, but they are not sufficient on their own. ADLC begins with requirements quality and extends through orchestration, human checkpoints, traceability, and continuous operational improvement.

Open Source Repository

The ADLC Manifesto source, license, contribution guidelines, and website files are available in the public repository.

Open GitHub repository

Principles

Three simple rules to guide every decision

Start from validated requirements

Every initiative starts from requirements that are verified, understandable, and mature enough to reduce ambiguity and rework.

Ensure reuse and orchestration

Components, agents, and capabilities should be designed to be reused, connected, and orchestrated over time.

Remain independent from tools

Tools help, but they should not dictate the architecture: process and governance come before the tool.

Stage 0

Requirements Quality Gate

Before implementation, the customer must have a dedicated requirements quality gate agent. It is fundamental for entering the ADLC because it helps write requirements as clearly as possible, so they become complete, coherent, traceable, and ready for execution.

Human presence is required here to confirm scope, intent, business meaning, and approval before the lifecycle can start.

ADLC Lifecycle

From requirements to operations, in a continuous cycle

Requirements Quality Gate

Entry into the ADLC starts only when a dedicated quality gate agent has helped the customer shape requirements that are validated, traceable, and clear enough to guide implementation, testing, governance, and delivery without ambiguity.

Human in the loop: mandatory approval of requirements quality and intent.

Implement

Turn approved requirements into concrete capabilities, services, prompts, workflows, integrations, and reusable components. This is the stage where intent becomes a real solution, structured in a way that can be reviewed, tested, governed, and evolved over time without losing architectural coherence.

Review

Review the solution for quality, consistency, security, maintainability, and alignment with manifesto principles before advancing toward validation.

Human in the loop: expert review, risk judgment, and decision to proceed.

Test

Validate expected behavior, edge cases, failure modes, reliability, and operational readiness through structured test evidence and measurable acceptance criteria.

Testing also covers behavioral regression caused by changes to prompts, RAG content, shared skills, model configuration, tools, and orchestration rules.

Deploy

Release in a controlled, observable, and repeatable way, with rollback options, release notes, ownership, and deployment evidence clearly defined.

Release evidence must identify code changes, prompt changes, RAG or documentation changes, tool changes, model configuration changes, and orchestration changes.

Human in the loop: release authorization and accountability for go-live.

Operate

Operate the solution using monitoring, alerts, runbooks, support flows, and governance checkpoints that keep the system reliable in real conditions.

Operations must monitor not only technical health, but also behavioral drift, unexpected answers, outdated knowledge usage, retrieval failures, and regressions introduced by knowledge updates.

Human in the loop: incident handling, escalation, and governance oversight in production.

Improve

Improve continuously based on production feedback, incidents, analytics, user insight, and delivery learnings that reveal what should be refined next.

Orchestrate

Coordinate agents, flows, policies, and reusable capabilities in a composable ecosystem that scales beyond isolated implementations.

ADLC Operating Model

What each phase must produce to be governable in practice

Entry Conditions

Validated requirements, explicit business intent, named ownership, and a passed quality gate before any build activity starts.

Evidence Model

Each phase must leave traceable outputs: decisions, versioned knowledge sources, prompt history, test evidence, approvals, release notes, operational signals, and improvement actions.

Stage	Primary Output	Human Checkpoint	Evidence or Governance Need
0. Requirements Quality Gate	Clarified requirements, acceptance criteria, business intent, traceability links, approved RAG and knowledge sources	Explicit approval that requirements are clear enough to enter the ADLC	Requirements must be complete, coherent, ready for execution, and traceable to approved RAG and knowledge sources
1. Implement	Services, prompts, agents, workflows, integrations, reusable components, prompt and change history	Not mandatory as a formal gate in this phase	Architecture and knowledge changes remain reviewable, testable, and ready for controlled evolution
2. Review	Review evidence, risk assessment, design corrections, readiness decision	Accountable judgment on quality, security, and fitness to proceed	Quality and risk must be evaluated before moving forward
3. Test	Test evidence, acceptance validation, reliability checks, behavioral regression evidence, known issues	Optional depending on context, but escalation remains available	Behavior, including regressions from prompts, RAG content, skills, model configuration, tools, and orchestration, must be measured before deployment
4. Deploy	Release notes, deployment evidence, knowledge-layer change record, rollback plan, ownership, go-live record	Formal release authorization and responsibility for production entry	Release evidence must identify code, prompt, RAG or documentation, tool, model configuration, and orchestration changes
5. Operate	Monitoring signals, incidents, runbooks, operational decisions, governance logs, drift and retrieval signals	Production oversight, escalation handling, and accountable intervention	Live operations must remain observable and governable across technical health and knowledge-driven behavior
6. Improve	Improvement backlog, lessons learned, policy updates, refinement priorities	Not a mandatory gate, but accountable prioritization is expected	Live evidence must feed the next iteration instead of remaining isolated
7. Orchestrate	Shared flows, coordination rules, reusable capabilities, policy alignment	Human oversight depends on scope and impact of orchestration changes	Orchestration must preserve traceability from requirement → knowledge source → agent behavior → test evidence → release

ADLC in Practice

How the lifecycle behaves as a governed infinite loop

In practice, ADLC is not a one-way pipeline. Teams enter through a requirements quality gate, move through delivery, and then loop back through operations, improvement, and orchestration to refine the next iteration.

Requirements enter only after a dedicated quality gate and human approval.
Implementation, review, and test transform intent into a governed solution.
Knowledge updates, RAG sources, prompts, and shared skills are treated as controlled changes and must feed the same evidence, review, test, and improvement loop as code and workflows.
Deploy and operate create live evidence, not just release output.
Improve and orchestrate feed the next cycle with learning, reuse, and coordination.

Human in the loop checkpoint

Governance Guardrails

Controls that are mandatory to enter and govern the ADLC

Governance

Human in the Loop

Human oversight is a mandatory control layer in the ADLC, especially when approving requirements, validating quality, authorizing releases, and governing production behavior.

Agents accelerate and structure the work, but accountable human decisions remain explicit at the critical checkpoints.

Entry Control

Requirements Quality Gate

The ADLC cannot start without a quality gate that ensures requirements are clear, complete, traceable, and meaningful from a business perspective.

This gate is fundamental because it determines whether implementation should begin at all.

Knowledge Governance

Knowledge and RAG Governance

The ADLC treats the knowledge layer as a governed part of the system. Documents, prompts, RAG sources, shared skills, policies, examples, and tool instructions can influence agent behavior and may introduce silent regressions even when no application code changes.

Knowledge changes must therefore be reviewed, versioned, traceable, and validated against expected behavior before they are used in production.

Shared Agents

Reusable capabilities that support the full ADLC

Knowledge Base

Documentation Agent

Creates and updates human-facing documentation in the official human knowledge base, such as Confluence, SharePoint, Notion, GitBook, Backstage TechDocs, Read the Docs, or similar platforms.

Human documentation is optimized for reading, review, onboarding, governance, and auditability. It is not the default context interface for AI agents.

Owns ADRs, runbooks, onboarding pages, architecture notes, FAQs, and process documentation tied to real delivery events.

Delivery Flow

PR Governance Agent

Supports pull requests end-to-end by summarizing changes, checking policy, highlighting risk, and proposing reviewers.

Helps keep reviews consistent, traceable, and aligned with shared engineering guardrails.

Communication

Release Notes Agent

Generates release notes from merged work, grouping features, fixes, breaking changes, migrations, and operational notes.

Produces both technical and business-friendly summaries for internal and external communication.

Alignment

Knowledge Sync Agent

Detects gaps between code, tickets, releases, and documentation, then proposes or performs the missing updates.

Keeps the delivery reality and the knowledge base aligned over time.

Knowledge Governance

RAG Governance Agent

Reviews and governs knowledge sources before they are used by agents. It checks freshness, ownership, approval status, duplication, contradictions, business validity, traceability, and regression impact.

It helps ensure that RAG content and shared knowledge improve agent behavior without introducing uncontrolled change.

Governance

Compliance and Traceability Agent

Links requirements, implementations, tests, documentation, and releases into an auditable chain of evidence.

Supports quality gates, reviews, and governance checkpoints across the lifecycle.

Operations

Operational Readiness Agent

Checks that each release is backed by runbooks, ownership, rollback guidance, alerts, and operational readiness evidence.

Helps teams move from deployment to stable operation with fewer blind spots.

Shared Skills

Company-specific know-how that agents can reuse consistently

Principle

Adapted to the enterprise

Shared skills should be selected from consolidated frameworks where useful, but adapted to the company's architecture, policies, vocabulary, risk model, and delivery culture.

They turn reusable know-how into governed execution patterns that agents and teams can apply consistently.

Documentation

Documentation Skill

Defines how human documentation and agent context are produced as connected but separate artifacts.

Human documentation lives in tools designed for people. Agent documentation is exposed through governed Agent Context Endpoints, such as MCP servers, llms.txt files, retrieval indexes, or versioned context packs.

Agent-context tools may include Context7, GitMCP, MCPDoc, mcp-documentation-server, custom MCP servers built with open MCP SDKs, or equivalent open-source systems. These endpoints must expose stable URLs, source ownership, versioning, approval status, and retrieval rules.

Knowledge

RAG Governance Skill

Defines how knowledge sources are selected, approved, chunked, versioned, retired, tested, and traced.

It includes rules for source ownership, document freshness, contradiction handling, retrieval evaluation, citation expectations, and regression testing after knowledge updates.

Delivery

Release Notes Skill

Defines how release notes are generated, grouped, reviewed, and translated for technical, business, and operational audiences.

It can include rules for breaking changes, migrations, known issues, rollback notes, and customer-facing summaries.

Architecture

Architecture Skill

Captures the enterprise's architectural principles, decision criteria, reference patterns, and review expectations.

It helps agents reason with local standards instead of generic architecture advice.

Infrastructure

Infrastructure Skill

Encodes platform conventions for environments, deployment, observability, rollback, naming, ownership, and operational readiness.

It should reflect the real infrastructure model used by the company, not an abstract cloud checklist.

Security

CISO Security Skill

Security skills should be defined or validated by the CISO organization and aligned with enterprise policies.

Examples include data handling, identity, secrets, access control, threat modeling, secure prompt/tool usage, and audit evidence.

Useful Links

External resources for agentic delivery and governance

Resource	Description	Link
Microsoft APM	Open-source dependency manager for AI agents. It helps teams declare standards, prompts, skills, plugins, and MCP servers in a portable manifest so agent setup becomes reproducible.	github.com/microsoft/apm
GitHub Copilot Token Optimization	Community guide with practical techniques for reducing GitHub Copilot token consumption across Chat, Inline, and Coding Agent workflows while preserving code quality.	github.com/olivomarco/github-copilot-token-optimization
caveman	Skill/plugin for AI coding agents that compresses replies and context files, reducing token usage while preserving technical substance.	github.com/JuliusBrussee/caveman
Superpowers	Agentic skills framework and software development methodology for coding agents, with workflows for design, planning, TDD, review, and subagent-driven development.	github.com/obra/superpowers
OWASP State of Agentic AI Security and Governance	OWASP Gen AI Security Project report on securing and governing autonomous and agentic AI systems, including frameworks, governance models, and regulatory standards.	genai.owasp.org

Lifecycle Principles

Tool-agnostic lifecycle
Continuous improvement
Governed execution

Outcome

A framework that is simple to explain, readable even for people outside the technical detail, yet structured enough to guide delivery and governance.