PromptArchitect
PromptArchitect deploys a structured SDLC workbench where a Refiner builds and a Verifier locks — turning AI-generated artifacts into governed, audit-trailed engineering output.
The Challenge
The Solution
Want to build something like PromptArchitect?
We deploy the same production-grade systems powering this venture to partner projects. No prototypes — real infrastructure, real operators.
How We Built It
The Operating Thesis
Ungoverned AI output destroys more engineering velocity than poor models. Modern AI assistants generate plausible PRDs, designs, and architectures — but plausibility is not governance. Every team using AI in the SDLC eventually pays the same tax: rework cycles, late-discovered architectural flaws, and silently mutated artifacts that nobody can audit. PromptArchitect exists because Verifier authority cannot be willpower-dependent — it has to be structurally enforced by the workbench itself.
What We Deploy
- 9-Phase SDLC Workshops: Ideation, PRD Creation, UI/UX Design, Architecture, Security, Development, Testing, Deployment, DevOps. Each phase has its own Refiner and Verifier, its own exit criteria, and its own hard-gate thresholds.
- Dual-Agent Engine: Refiner expands (stories, designs, threat models). Verifier rejects (adversarial scoring, NFR coverage, Mobile-First audit, STRIDE, OWASP). The two never run as the same agent — separation is enforced at the prompt layer.
- Sequential Dependency Chain: A workshop cannot start until the previous one has cleared its gate. Rollback Rule: any critical-category score below threshold reverts the workflow to the prior dependency stage. No override path exists.
- Artifact Vault: Approved outputs lock as immutable Records of Truth. No silent mutation. Re-opening an upstream artifact requires an explicit governance event that re-triggers downstream gates.
- Expert Commands: PRD Hard Gate Audit (12-section), UX/UI System Audit (10-step), Architecture Traceability Audit, Lock-In Mitigation, LLM Security Tests, Secret & Credential Audit — each a sub-workflow callable from any compatible phase.
- Mobile-First Mandate: Every Design-phase output is audited against 320–375px baseline, 44×44px tap targets, thumb-zone optimization, WCAG 2.1 AA. Mobile-First, Accessibility, or App-Grade scores below threshold block Architecture entry.
- Stateless Client Execution: Gemini 3.0 Pro Preview runs entirely client-side with environment-injected API keys. No server-side session state, no shared sandbox between projects, no cross-tenant prompt contamination.
The Architecture
Production-grade infrastructure built on React 19 and Vite 6 with strict TypeScript. Tailwind v3 powers the design system; Zustand 5 manages workshop state; react-router-dom 7 handles routing across 14 page surfaces. Authentication and persistence run on Supabase with Row-Level Security on every governance table — one user cannot read another user's gate results, period. AI workloads route through the official @google/genai SDK against Gemini 3.0 Pro Preview with thinking enabled. The Artifact Vault layer combines Supabase with IndexedDB and localStorage for offline-resilient locked artifacts. Vitest with v8 coverage backs the test suite. The governance engine is split into eight separated modules — governanceEngine, dependencyChain, gateScoring, rollback, stateLock, tierEscalation, healthMetrics, supabaseGovernance — so each enforcement surface can be reasoned about, tested, and replaced in isolation.
What's Built (Verified 2026-05-07)
- 14 page surfaces: Governance Overview, Ideation, PRD Creation, Design, Architecture, Security, Development, Testing, Deployment, DevOps, plus Workshop runner, Artifact Vault, Login, and User Manual.
- 10 workshop modules covering all nine SDLC phases plus a createWorkshop factory — each isolated, each independently testable.
- 8 governance engine modules: governanceEngine, dependencyChain, gateScoring, rollback, stateLock, tierEscalation, healthMetrics, supabaseGovernance. Three carry their own Vitest suites at the engine layer.
- 6 PostgreSQL tables: phases, gate_rules, gate_results, prompt_templates, phase_transitions, governance_health. Migration 002 enables RLS across the governance schema.
- LLM execution layer: typed Gemini client, golden prompt templates with delimiter discipline, request timeout module — all isolated from workshop logic.
- Three locked governance gates: PRD v3.2 (Gate 1: 11/11), Architecture v3.0 (Gate 2: PASS), Design v1.0 (Gate 3: 15/15) — under the same six-gate process used across the HavenWizards 88 portfolio.
- Strict toolchain: ESLint with --max-warnings 0, full TypeScript build (tsc -b && vite build), Vitest run on every commit. No advisory warnings; warnings fail the build.
Out of scope — by design
- Real-time collaborative editing: Single-author workflows only. Governance authority cannot be split across simultaneous editors without breaking the lock model.
- Native mobile apps: PWA-first. The workbench is a desk tool, not a phone tool — Mobile-First applies to the artifacts users produce, not to the producer surface.
- Custom LLM fine-tuning: Off-the-shelf frontier models only. Governance rigor compounds when the underlying model improves; fine-tuning a specific checkpoint locks the system to a single vendor lifecycle.
- Direct production deploys: Outputs feed external CI/CD. PromptArchitect refuses to be the production push button — that is a separate trust boundary with its own gate.
- Verifier override: There is no path to ship past a failed gate. The boundary is the moat. Removing it would collapse the entire product premise.
Why This Matters for the Platform
PromptArchitect is the SDLC-domain instance of the same thesis that powers every HavenWizards 88 venture: humans need externalized structure to behave well under uncertainty. The same six-gate governance process that runs CapitalWizards (capital behavior), AHA eCommerce (decision-grade marketplace tooling), and Bayanihan Harvest (60+ deployed agricultural systems) now runs the engineering lifecycle itself. The product is the governance philosophy turned into a workbench — and it is the toolchain the rest of the studio uses to build the next venture. Eating the cooking, on purpose.
Roadmap
- Phase 1 — Internal Workbench (current): Workshop suite feature-complete across all nine phases, full Verifier audit coverage, Artifact Vault store and schema, expanded Vitest coverage on workshop modules, end-to-end project run from Ideation lock to DevOps gate.
- Phase 2 — External B2B Release: Per-team licensing, organization-scoped Artifact Vault, custom scoring matrices per organization, integrations with Notion and Confluence as artifact destinations.
- Phase 3 — Platform Layer: Public API for governance event export, opt-in benchmark dataset of locked artifacts (anonymized), partner-led integrations with external CI/CD and IaC pipelines, expanded model support beyond Gemini.
- Out of scope — by design, forever: Verifier override paths, real-time multi-user editing on a single artifact, fine-tuned proprietary models, direct production deployment authority. The boundaries are the moat.
Tech Stack
Other Ventures We Build & Operate
Get the Founder's Briefing
A bi-weekly, no-fluff dispatch of the systems, playbooks, and decisions we are using right now inside our ventures and partner builds. Expect short, tactical notes you can apply in the same week.
No spam. Unsubscribe anytime.