the missing half

Why AI agents need rules.

An AI agent that can do anything will eventually do the wrong thing — confidently, in production, at a speed no human can catch. The fix isn't a smarter model or a tighter prompt. It's a rulebook the agent can't escape: standards encoded once, gates that verify every change before it ships. Rules are what turn raw autonomy into autonomy you can trust.

Get in line for first access See pricing

the core problem

An agent decides at runtime — so the behaviour you reviewed isn't the behaviour you get.

Classic software does exactly what was written. An agent interprets your intent at runtime, pulls in changing context, and chooses its own next step — so what you saw in a demo is not what runs in production. It doesn't need rules because it's malicious; it needs rules because it's confident and fast. A hallucinated assumption, an over-broad refactor, a 'helpful' deletion — each lands before anyone looks. Multiply that by an agent acting continuously instead of one prompt at a time, and a single ungoverned mistake compounds into a mess no review meeting can unwind.

the failure mode

Vibe coding is exactly this problem with the brakes off.

Vibe coding — generating software by describing it to an AI — is intoxicating because the agent will say yes to anything. That's also why it rots. In a company it becomes the unreviewed pull request nobody can explain, the security hole shipped at 2am, the abstraction that fights every future change. The diagnosis is always the same: the agent was free, and nothing it produced was held to a standard. Free agents don't fail because the model is bad. They fail because 'do whatever works' has no definition of works — no rule that says what good, safe and shippable mean here.

Scope creep is the #1 production failure mode — agents touch what they shouldn't because nothing told them not to.
Confident wrong output ships when there's no gate between generation and production.
Code nobody set the rules for is code nobody can maintain — the debt is structural, not stylistic.

the real definition

Bounded autonomy: free to act, inside lines it can't cross.

The goal was never to leash the agent into uselessness, and it was never to let it run wild. It's guided freedom — the agent moves fast inside an explicit boundary and escalates the moment it hits a limit. The industry calls this bounded autonomy, and the boundary is made of encoded rules: what the agent may touch, the conventions it must follow, the bar it has to clear. Low-risk work runs fully automatic; anything risky stops for verification. Rules don't slow a good agent down — they're the only thing that lets you safely let it off the leash.

Bounded authority: define what the agent is and isn't allowed to touch, so scope creep can't happen.
Encoded standards: architecture, naming, security, your company's own rules — written down, not hoped for.
Risk-weighted escalation: routine change ships itself; anything dangerous waits for a human yes.

encode once

Rules belong in a rulebook the agent reads, not in your head.

Most teams 'have standards' that live in a senior engineer's memory and a few stale wiki pages. An agent can't read those. The rules it obeys have to be readable, editable and enforceable — encoded where every agent boots inside them automatically. That's the Tech Lead's job in the Digital Native Method: a Product Owner describes the intention on the live product, the Tech Lead encodes the rules one time, and every agent that spawns inherits them. You don't re-explain your standards on every task. You write them down once and the structure carries them forever.

Standards encoded once propagate to every agent, every task — no drift, no re-litigating conventions.
Humans set intent and rules; agents do the implementation inside them.
The rulebook lives in your repo — versioned, auditable, owned by you, not buried in a chat log.

rules need teeth

A rule nobody checks is a suggestion. Gates make rules real.

Telling an agent the rules isn't enough — agents, like people, drift. So the rules are enforced by deterministic gates, not by trust: lint, types, tests and security scans run on every change before anything reaches production, costing zero AI tokens and giving zero benefit of the doubt. Green or it doesn't land. And everything ships through your own GitHub, so 'I never read the code' never means 'nobody did' — it means a structure read it, every single time, instead of a human reading it sometimes. That's the difference between bounded autonomy and blind faith.

Gates run before prod: lint, types, tests, security — deterministic, every change, no exceptions.
Ships through your GitHub, on your existing AI plan — your code stays yours.
Verification is the structure's job, not a tired reviewer's at the end of the day.

cocorico

French software for the rules layer — sovereign where it counts.

Here's the honest version of sovereignty: nobody in Europe owns the frontier models, and pretending otherwise is theatre. But with just a model you can't do much — the value is in the structure that orchestrates it, encodes the rules, and verifies the output. That layer can absolutely be European, and ours is. Agentation is built by a French team: the orchestration runs on EU infrastructure (Hetzner, Germany), your data lives in the EU (Supabase), your code stays in your own GitHub, and the whole thing is GDPR-native. We don't own the models — we own the rules engine on top, and that's the part that decides what your agents are actually allowed to do.

French company, French team — the tooling that governs your agents isn't offshore.
EU hosting (Hetzner), EU data (Supabase), your code in your GitHub, GDPR by design.
Sovereignty on the orchestration layer — the part that turns a borrowed model into governed software.

FAQ

Why do AI agents need rules if the model is already smart?

Because intelligence isn't the same as judgement about your context. A capable model will still touch files it shouldn't, invent a plausible-but-wrong assumption, or ship a security hole — confidently and fast. Rules define what 'good and safe' means here, and gates enforce it. Without them you don't have an autonomous agent, you have an unsupervised one.

What's the difference between rules and guardrails for AI agents?

They're two halves of the same thing. Rules are the encoded standards — what the agent may touch, the conventions it must follow, the bar it must clear. Guardrails are the enforcement that makes those rules binding: bounded authority so it can't exceed scope, and deterministic gates (lint, types, tests, security) that block anything non-compliant before it reaches production.

Won't rules just slow the agent down and kill the point of automation?

No — that's the misconception. The goal is bounded autonomy, not micromanagement. Inside the boundary the agent runs at full speed and ships routine work itself; it only stops when it hits a risk threshold that genuinely needs a human. Rules are what let you safely give an agent more freedom, not less. Ungoverned speed is the thing that actually slows you down later, in cleanup.

Where should the rules for AI agents live?

In an encoded rulebook in your repository, not in someone's head or a stale wiki. In the Digital Native Method a Tech Lead encodes architecture, conventions, security and your company's own rules once, and every agent boots inside them automatically. Because the rulebook is versioned in your GitHub, it's auditable and editable, and it propagates to every task without re-explaining.

How is this different from just prompting an agent carefully?

A careful prompt is advice the agent can ignore or forget on the next turn — and it doesn't verify anything. Encoded rules plus deterministic gates don't rely on the agent's goodwill: scope is bounded so it can't overreach, and lint/types/tests/security must pass before any change lands in production. You move from hoping the output is right to a structure proving it is.

Give your agents rules they can't escape.

Get in line for first access