PromptArchitect

The Operating Thesis

Ungoverned AI output destroys more engineering velocity than poor models. Modern AI assistants generate plausible PRDs, designs, and architectures — but plausibility is not governance. Every team using AI in the SDLC eventually pays the same tax: rework cycles, late-discovered architectural flaws, and silently mutated artifacts that nobody can audit. PromptArchitect exists because Verifier authority cannot be willpower-dependent — it has to be structurally enforced by the workbench itself.

What We Deploy

• 9-Phase SDLC Workshops: Ideation, PRD Creation, UI/UX Design, Architecture, Security, Development, Testing, Deployment, DevOps. Each phase has its own Refiner and Verifier, its own exit criteria, and its own hard-gate thresholds.
• Dual-Agent Engine: Refiner expands (stories, designs, threat models). Verifier rejects (adversarial scoring, NFR coverage, Mobile-First audit, STRIDE, OWASP). The two never run as the same agent — separation is enforced at the prompt layer.
• Sequential Dependency Chain: A workshop cannot start until the previous one has cleared its gate. Rollback Rule: any critical-category score below threshold reverts the workflow to the prior dependency stage. No override path exists.
• Artifact Vault: Approved outputs lock as immutable Records of Truth. No silent mutation. Re-opening an upstream artifact requires an explicit governance event that re-triggers downstream gates.
• Expert Commands: PRD Hard Gate Audit (12-section), UX/UI System Audit (10-step), Architecture Traceability Audit, Lock-In Mitigation, LLM Security Tests, Secret & Credential Audit — each a sub-workflow callable from any compatible phase.
• Mobile-First Mandate: Every Design-phase output is audited against 320–375px baseline, 44×44px tap targets, thumb-zone optimization, WCAG 2.1 AA. Mobile-First, Accessibility, or App-Grade scores below threshold block Architecture entry.
• Stateless Client Execution: Gemini 3.0 Pro Preview runs entirely client-side with environment-injected API keys. No server-side session state, no shared sandbox between projects, no cross-tenant prompt contamination.

The Architecture

Production-grade infrastructure built on React 19 and Vite 6 with strict TypeScript. Tailwind v3 powers the design system; Zustand 5 manages workshop state; react-router-dom 7 handles routing across 14 page surfaces. Authentication and persistence run on Supabase with Row-Level Security on every governance table — one user cannot read another user's gate results, period. AI workloads route through the official @google/genai SDK against Gemini 3.0 Pro Preview with thinking enabled. The Artifact Vault layer combines Supabase with IndexedDB and localStorage for offline-resilient locked artifacts. Vitest with v8 coverage backs the test suite. The governance engine is split into eight separated modules — governanceEngine, dependencyChain, gateScoring, rollback, stateLock, tierEscalation, healthMetrics, supabaseGovernance — so each enforcement surface can be reasoned about, tested, and replaced in isolation.

What's Built (Verified 2026-05-07)

• 14 page surfaces: Governance Overview, Ideation, PRD Creation, Design, Architecture, Security, Development, Testing, Deployment, DevOps, plus Workshop runner, Artifact Vault, Login, and User Manual.
• 10 workshop modules covering all nine SDLC phases plus a createWorkshop factory — each isolated, each independently testable.
• 8 governance engine modules: governanceEngine, dependencyChain, gateScoring, rollback, stateLock, tierEscalation, healthMetrics, supabaseGovernance. Three carry their own Vitest suites at the engine layer.
• 6 PostgreSQL tables: phases, gate_rules, gate_results, prompt_templates, phase_transitions, governance_health. Migration 002 enables RLS across the governance schema.
• LLM execution layer: typed Gemini client, golden prompt templates with delimiter discipline, request timeout module — all isolated from workshop logic.
• Three locked governance gates: PRD v3.2 (Gate 1: 11/11), Architecture v3.0 (Gate 2: PASS), Design v1.0 (Gate 3: 15/15) — under the same six-gate process used across the HavenWizards 88 portfolio.
• Strict toolchain: ESLint with --max-warnings 0, full TypeScript build (tsc -b && vite build), Vitest run on every commit. No advisory warnings; warnings fail the build.

Out of scope — by design

• Real-time collaborative editing: Single-author workflows only. Governance authority cannot be split across simultaneous editors without breaking the lock model.
• Native mobile apps: PWA-first. The workbench is a desk tool, not a phone tool — Mobile-First applies to the artifacts users produce, not to the producer surface.
• Custom LLM fine-tuning: Off-the-shelf frontier models only. Governance rigor compounds when the underlying model improves; fine-tuning a specific checkpoint locks the system to a single vendor lifecycle.
• Direct production deploys: Outputs feed external CI/CD. PromptArchitect refuses to be the production push button — that is a separate trust boundary with its own gate.
• Verifier override: There is no path to ship past a failed gate. The boundary is the moat. Removing it would collapse the entire product premise.

Why This Matters for the Platform

PromptArchitect is the SDLC-domain instance of the same thesis that powers every HavenWizards 88 venture: humans need externalized structure to behave well under uncertainty. The same six-gate governance process that runs CapitalWizards (capital behavior), AHA eCommerce (decision-grade marketplace tooling), and Bayanihan Harvest (60+ deployed agricultural systems) now runs the engineering lifecycle itself. The product is the governance philosophy turned into a workbench — and it is the toolchain the rest of the studio uses to build the next venture. Eating the cooking, on purpose.

Roadmap

• Phase 1 — Internal Workbench (current): Workshop suite feature-complete across all nine phases, full Verifier audit coverage, Artifact Vault store and schema, expanded Vitest coverage on workshop modules, end-to-end project run from Ideation lock to DevOps gate.
• Phase 2 — External B2B Release: Per-team licensing, organization-scoped Artifact Vault, custom scoring matrices per organization, integrations with Notion and Confluence as artifact destinations.
• Phase 3 — Platform Layer: Public API for governance event export, opt-in benchmark dataset of locked artifacts (anonymized), partner-led integrations with external CI/CD and IaC pipelines, expanded model support beyond Gemini.
• Out of scope — by design, forever: Verifier override paths, real-time multi-user editing on a single artifact, fine-tuned proprietary models, direct production deployment authority. The boundaries are the moat.