Skip to content

AI Development Protocol — Pre-PR Checklist

For all engineers at CMMD building with AI agents (Cursor, Claude, Codex). Not about slowing down — about keeping velocity high without accumulating hidden debt.

For all engineers at CMMD building with AI agents (Cursor, Claude, Codex, or any other tool). Not about slowing down — about keeping velocity high without accumulating hidden debt.

Run before every PR — whether you wrote the code, paired with AI, or had an agent build the feature end-to-end.

Run the app, navigate to the feature, use it the way a real user would. Screenshots before and after for every UI change. npm run dev + manual verification is non-negotiable. Build passing ≠ feature working.

Every PR must include test coverage. Zero-test PRs do not merge.

  • API endpoints and business logic → TDD: write a failing test first, implement, refactor
  • Background services, jobs, AI pipelines → integration tests against observable outcomes. Mock external providers (LLM, Stripe, email), not the DB.
  • Pure functions and utilities → TDD always, no exceptions

Before pushing:

Terminal window
git fetch origin main
git merge origin/main

A branch behind main will fail CI, miss recent fixes, and create unnecessary merge commits. This is the most common oversight in long-running AI agent sessions — the agent starts from a stale branch and neither party notices until CI fails.

Terminal window
npm test # unit tests pass
npm run check:client # TypeScript — zero errors
npm run check:smart # server TypeScript — zero errors
npm run lint # ESLint — zero warnings

If pre-push fails, fix it. Do NOT skip with --no-verify unless explicitly discussed with the team first.

Review your changes against Standards. At minimum:

  • Every DB query is org-scoped (organizationId present)
  • Every log.error() includes stack: — ESLint enforces, but verify
  • No any types — use unknown with type guards
  • No console.error — use log from server/lib/logger
  • Design tokens only — no hardcoded Tailwind gray/neutral/slate/zinc
  • New page uses WorkspacePage / StandardPage / ControlPage wrapper

If your good work conflicts with a rule, that’s a signal, not a blocker. Surface the tension in the PR description under “Standards Discussion.” Rules encode lessons from past mistakes — but they should evolve as we learn. Propose the update alongside your code. Don’t silently comply with a rule that makes the codebase worse.

  • Mechanical refactoring across many files
  • Boilerplate (routes, repos, types)
  • Catching established patterns and replicating them
  • Fast codebase exploration
  • Architecture decisions — the AI will build whatever you tell it. If you don’t question the approach, you get a plausible-sounding but potentially wrong one.
  • Prompt design for LLM-facing features — this is product design, not engineering
  • Whether a rule should change vs. code should change — you make the call
  • “Does this feel right?” — UX quality cannot be automated

AI tools make it easy to generate a lot of code fast. The risk is not bad code — it’s code that looks right, passes lints, and has a subtle assumption baked in nobody questioned because velocity felt productive.

Slow down at these moments:

  • AI generated >3 new files in one PR → read each one
  • You can’t explain what a function does without reading the implementation
  • AI “fixes” something by adding complexity instead of removing it
  • Test passes but you’re not sure what it’s verifying
  • PR is long, every file “makes sense” individually, but you haven’t checked composition
  • Agent has been running long without check-ins — context drift accumulates

The rule: at any point during an AI session, you should be able to explain what changed and why. If you can’t, pause and read the diff before continuing.

CLAUDE.md, AGENTS.md, and .claude/rules/ are living documents. They encode lessons from real incidents — the data-access repository rule exists because AI-generated inline queries caused 6 production DB failures. The logging stack rule exists because a production bug took hours to diagnose without stack traces.

  • Rule forces boilerplate with no reuse benefit
  • Rule written for one context (routes) being applied to another (background jobs) where risk profile is different
  • Rule prevents a clearly better pattern from emerging
  • Same tension between good work and a rule keeps surfacing across PRs
  1. Add a “Standards Discussion” section to your PR description
  2. State: what the rule says, what the conflict is, what you propose (fix code, update rule, or scoped exception)
  3. Tag the team — rule changes are team decisions
  4. If approved, update CLAUDE.md in the same PR as the feature
SituationAction
Branch behind maingit fetch && git merge origin/main
AI-generated code, unsureRead the diff. Explain every file.
Pre-push hook failsFix it. Don’t skip.
PR has zero new test filesAdd tests before requesting review
Good code conflicts with ruleSurface in PR — propose rule update
Agent ran longCheck in. Re-read the goal. Verify approach.
Rule feels wrongSay so. Rules evolve.