Define the lane
Write what is allowed, what is out of bounds, what the operator must decide, and what would make the run unsafe.
This is the public-safe version of how I work: how an idea becomes a scoped target, then evidence, then a verified artifact, then a shipped or disclosed result. The point is not mystique. The point is that someone else should be able to copy the loop without copying any private targets, credentials, exploit steps, or unreleased details. It is a loop, not a religion: light while exploring, strict when a claim leaves the room.
The diagram is deliberately simple. Real work bounces backward whenever evidence contradicts the plan. That bounce is not failure; it is the safety mechanism.
Each pass tries to end with a durable artifact. If something cannot be verified, it gets downgraded instead of polished into a better-sounding story.
Write what is allowed, what is out of bounds, what the operator must decide, and what would make the run unsafe.
Use repo docs, boards, tests, CI, public metadata, and current git status before trusting memory or summaries.
List projects, risks, owners, missing rails, and proof paths. Give every surface a role and a next action.
Create reviewer-safe materials, patch plans, claim cards, checklists, and snippets before touching public systems.
Run safe checks, inspect tests, compare docs to code, and downgrade anything unsupported.
Only edit repos, publish pages, commit, push, deploy, or touch billing when that exact slice is approved.
Append concise run notes only when something meaningful changed. Idle runs stay quiet.
Every false positive, stale metric, blocker, and good pattern becomes a better rail for the next run.
The system should not wear the same armor for every task. The strictness changes with risk, audience, and whether the output can affect other people.
Use lightweight notes, fast sketches, and disposable probes. No claim cards unless a result is about to be reused, published, or sent outside the room.
Turn on the gates: source check, caveat, claim state, validation command, review surface, and journal entry. Public wording must be weaker than the evidence, never stronger.
Default to strict. Scope comes first, secrets stay out, external actions need approval, and scanner or model output remains a lead until independently checked.
This page is intentionally high level. The method is copyable; sensitive material is not.
A concrete example, stripped of private material: refining this page after a blunt outside review called it too linear, too text-heavy, and too easy to turn into process theater.
Different work needs different proof, but the public pattern stays the same: define the boundary, test a clean control and a meaningful refusal, then say what the result cannot establish.
Scope: synthetic, loopback-only MCP-shaped tool calls. Check: an exactly scoped read beside bearer, resource, audience, scope, session, and token-handling refusals.
Public artifact: a self-contained test, evidence snapshot, and explicit non-conformance boundary.
Scope: an operator-owned local reference with synthetic identities and a persisted replay marker. Check: a first valid operation, a valid replay, malformed state, and interrupted-state refusal paths.
Public artifact: local tests, a sanitized scenario receipt, and a recovery limitation statement.
The work is organized around artifacts that outlive the session. Each artifact has a job, an evidence level, and a publication boundary.
| Artifact | Purpose | Public-safe version |
|---|---|---|
| Board | Source of truth for lanes, blockers, and approval gates. | High-level roadmap and status. |
| Decision log | Operator choices that change what can be edited, named, or published. | Only the approved result, not private deliberation. |
| Claim card | One claim, one evidence bundle, one caveat list. | Short sourced statement with links. |
| Run journal | Append-only notes for meaningful progress and blockers. | Summarized changelog. |
| Security ledger | Disclosure history without exploit detail. | Date, class, status, public reference. |
| Patch plan | Safe route from draft to external edit. | Scope, files, validation, approval gate. |
| Receipt or test | Proof that a result can be reproduced or inspected. | Command, CI artifact, run id, or hash. |
When something fake, stale, or overconfident appears, the workflow does not panic. It diagnoses.
1. Freeze the claim.
2. Locate the source of truth.
3. Classify the failure.
4. Verify with the smallest safe check.
5. Downgrade, patch the draft, or add a blocker.
6. Continue quietly unless operator input is needed.This workflow is not meant to turn every thought into a compliance exercise. Use something lighter when the cost of being wrong is low.
The workflow fails if it becomes a shrine to itself. These checks keep the system useful.
This is the portable version. It works for security research, AI evaluation, product building, writing, grants, games, or any other complex loop where hallucination and drift can ruin the output.