Previous All Posts Next

AI Coding Workflow: 22 Moves to Ship Safely

Posted: May 20, 2026 to AI.

A model that writes 600 lines a minute is wasted on a builder who cannot finish a feature without breaking three others. Speed without a workflow is just a faster way to make a mess that an auditor will eventually find. Here is the workflow we teach our enterprise clients, distilled for builders shipping with Claude Code, Cursor, Copilot, or Windsurf.

Why workflow beats prompt-craft

The most common mistake new AI builders make is treating the prompt as the whole game. The prompt is one input. The workflow around it is what decides whether the AI's output ever reaches production safely. We have audited shops that lost six figures on a single bad agent run, and shops that ship clean AI-assisted code every week. The difference is rarely the model. It is almost always the workflow.

A good AI coding workflow does four things: it captures intent before code is generated, it keeps every edit cycle small and verifiable, it adds human review at the points where mistakes become expensive, and it leaves an audit trail that survives the next compliance review. Skip any one of those and you are gambling with your code.

Planning and prompting: set the model up to win

Before you type the first prompt, write a three-sentence spec. State what the change should do, what it must not touch, and what done looks like. That spec lives in a scratch file, a comment, or the issue tracker. It does not matter where, as long as it exists in writing before any code is generated.

The next move is plan mode. Modern coding harnesses let the AI propose a step-by-step plan without touching a file. Read the plan, edit it, approve it. Bad assumptions are cheap to fix in a plan and expensive to fix in a diff. We have seen single sessions where plan-mode review caught a security regression that would have shipped 20 minutes later if the team had jumped straight to editing.

The third move is constraints. State them in the prompt, every time. The library you must use. The file you must not touch. The dependency you cannot add. The AI will follow instructions it sees, not instructions it should have inferred. We treat constraints the way we treat firewall rules: explicit, written down, easy to audit.

Two more planning moves matter. Example-driven prompts work better than verbal descriptions; paste a finished function and ask the AI to copy its shape, types, and error handling. Decomposition turns a project into a list of small scopes, each finishable in one sitting. Big-bang AI rewrites are how undetected vulnerabilities ship.

Iterating and verifying: the loop where bad ideas die cheap

Every AI-assisted change moves through one atomic loop: prompt, diff, run, fix, repeat. We call it the edit cycle. If a single edit cycle takes 10 rounds, your scope was too big or your spec was too vague. Stop, rewrite the spec, start the cycle over. Long edit cycles produce diffs no human can review.

The test-driven loop is the highest-leverage move in AI coding. Write the failing test first, then ask the AI to make it pass. The test is the contract. The AI can take any path it likes, but the result is verifiable in one command. This is dramatically faster than asking the AI to write tests after the fact, because a failing test is an unambiguous signal of done.

Diff review is non-negotiable. Three passes. First pass scans for new imports, new dependencies, and new external calls. Each one is a new trust boundary. Second pass reads every line that touches authentication, authorization, or user input. Third pass runs the tests, then runs the app. "The tests turned green" is not a substitute for diff review. We have lost count of the audits that found AI-introduced backdoors because a human "just looked at the file count."

Two more iteration moves are essential. The hallucination check verifies that every library, function, and API the AI named actually exists. Attackers now publish typosquat packages matching the most common hallucinated names; if you do not verify, you ship their malware. The eval loop is a small test suite you run against the AI itself, scoring its outputs across 20 to 60 examples. It is how you prove your AI system meets a compliance requirement.

Commit every passing change. A 4-hour-old commit is a 4-hour-long rollback window. We have walked clients through incidents where the difference between a five-minute recovery and a five-hour recovery was how often the team committed during the AI session. Rollback is faster than debugging an AI-generated mess; if the diff looks confused, throw it away and rewrite the spec.

Shipping and guardrails: what an auditor wants to see

The shipping side of an AI workflow is where compliance lives. Four moves carry the weight.

A review gate is a required human checkpoint before any AI action that costs money, sends mail, or touches production. The AI may draft the deploy command; a human must type "y" or "n" before it runs. Same for database migrations and outbound email. If an irreversible action ever happens without a human approving the exact diff, that is a missing control, and an auditor will flag it. We have built review gates into client harnesses in an afternoon; not building one almost always costs more later.

Sandboxes are the second move. A coding agent with shell access on your laptop is a remote-code-execution surface. Run it in a throwaway Docker container, under a non-root user, with a separate dev database it can drop without consequences. Permission scope follows the same logic: give the AI the narrowest set of files, commands, and credentials it needs for the current scope, and nothing more. Least privilege is a CMMC, HIPAA, and PCI requirement. It applies to AI tools the same way it applies to employees.

The fourth move is the audit trail. A timestamped log of every prompt, every diff, every command the AI ran, plus the human who approved each gate. Most harnesses can dump it; few teams turn it on. If an AI action ever causes harm, the audit trail is what answers "who is responsible?" Without it, you are. CMMC, HIPAA, and PCI all require it. We help clients wire that up cleanly without bloating their pipelines.

Two risks that exist only in AI workflows

The first is agent runaway. An agent told to "clean up the repo" deletes the test fixtures, fails CI, "fixes" CI by skipping tests, and pushes to main. We have responded to incidents like that. The defenses are simple and must be in place before you run an agent at all: a hard step limit, a hard token budget, a wallclock timeout, and a review gate before any irreversible action. If you ever see an agent fall into a loop on the wrong goal, treat it as a security incident and pull the logs.

The second is context overrun. By turn 40 of one long session, the model has forgotten your hard rule about not touching the auth folder and quietly rewrites it. Long sessions silently degrade safety. Start a fresh session for each new task. Re-summarize hard constraints into the system prompt. If you find yourself pasting "remember, do not touch /auth" for the tenth time, you have a context-overrun problem, not a prompting problem.

The ship-it gate

Before any AI-touched commit reaches your main branch, run six checks. The spec is checked into the repo, not just in your head. The plan was approved by a human before edits began. You read every changed line. Tests pass, with at least one new test for this change. Every library and API the AI named is verified to exist. An audit trail of prompts and diffs is captured for this commit. If you cannot answer yes to all six, the commit is not ready.

The workflow is the product

The model gets faster every quarter. Your workflow is the only thing that scales with it. Builders who treat each prompt as a one-shot will keep introducing the same five mistakes for years. Builders who run a disciplined cycle of spec, plan, edit, review, gate, and audit can ship AI-assisted code at a pace that holds up to a compliance review.

This is the same workflow we install for our regulated clients, sized down for an individual builder. We have packaged the 22 moves above into a one-page printable field guide. Pin it above your monitor, run the ship-it gate before every push, and your AI coding life gets dramatically less expensive.

Get the printable field guide and the in-depth web version free, with no obligation, at petronellatech.com/guides/vibe-coder/ai-workflow/. If you are handling Controlled Unclassified Information, protected health information, or payment-card data, and you want a security-grade AI workflow installed across your team, call Petronella at (919) 348-4912 or visit the guide page and we will follow up.

Need help implementing these strategies? Our cybersecurity experts can assess your environment and build a tailored plan.
Get Free Assessment
Explore Our Services
Cybersecurity AI Services Compliance HIPAA CMMC Managed IT

Related Articles

AI Vocabulary for Vibe Coders: 5 Terms Before You Ship Git for Vibe Coders: Version Control When AI Writes Code How to Build a Private LLM for Business Without a PhD (2026) Pi.dev Review: Secure Terminal AI Agent (2026) Pi.dev Review: Secure Terminal AI Agent (2026)

About the Author

Craig Petronella, CEO and Founder of Petronella Technology Group
CEO, Founder & AI Architect, Petronella Technology Group

Craig Petronella founded Petronella Technology Group in 2002 and has spent 20+ years professionally at the intersection of cybersecurity, AI, compliance, and digital forensics. He holds the CMMC Registered Practitioner credential issued by the Cyber AB and leads Petronella as a CMMC-AB Registered Provider Organization (RPO #1449). Craig is an NC Licensed Digital Forensics Examiner (License #604180-DFE) and completed MIT Professional Education programs in AI, Blockchain, and Cybersecurity. He also holds CompTIA Security+, CCNA, and Hyperledger certifications.

He is an Amazon #1 Best-Selling Author of 15+ books on cybersecurity and compliance, host of the Encrypted Ambition podcast (95+ episodes on Apple Podcasts, Spotify, and Amazon), and a cybersecurity keynote speaker with 200+ engagements at conferences, law firms, and corporate boardrooms. Craig serves as Contributing Editor for Cybersecurity at NC Triangle Attorney at Law Magazine and is a guest lecturer at NCCU School of Law. He has served as a digital forensics expert witness in federal and state court cases involving cybercrime, cryptocurrency fraud, SIM-swap attacks, and data breaches.

Under his leadership, Petronella Technology Group has served hundreds of regulated SMB clients across NC and the southeast since 2002, earned a BBB A+ rating every year since 2003, and been featured as a cybersecurity authority on CBS, ABC, NBC, FOX, and WRAL. The company leverages SOC 2 Type II certified platforms and specializes in AI implementation, managed cybersecurity, CMMC/HIPAA/SOC 2 compliance, and digital forensics for businesses across the United States.

CMMC-RP NC Licensed DFE MIT Certified CompTIA Security+ Expert Witness 15+ Books
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next
Free cybersecurity consultation available Schedule Now