v1.0.1-GH
Technical Specification v1.0

SOLO

SINGLE OPERATOR LOOP ORCHESTRATION

A production-grade framework for AI-first software engineering. Scale individual developers through rigorous orchestration, security-first architecture, and adversarial audit loops.

Skip to the Manual ↓

The Reality of AI-First Development

Modern AI agents can generate thousands of lines of code in minutes. But speed without structure creates chaos.

❌ Without SOLO

  • Quality Roulette: LLMs choose the shortest path, not the most robust or secure solution
  • Security Debt: Auth and permissions become "future tickets"
  • API Drift: Without concrete contracts, business logic leaks across boundaries making code fragile and easy to break
  • Incomplete Exposure: Lack exposure to PM, architecture, UI design, sprint planning, QA, deployment, and failure remediation
  • Context Amnesia: Automatic compaction puts us at the mercy of tooling to decide what's important

✅ With SOLO

  • Critique Loops: Mandatory adversarial review before implementation
  • Security-First: Auth designed before the first feature line
  • API-First Contracts: Clean separation between frontend and backend from day one
  • Orchestrated Workflows: Six pillars that enforce best practices across the entire dev loop
  • Human-Directed Memory: You decide what information needs to be carried forward

SOLO transforms sloppy AI outputs into production-grade software through structured workflows that demand rigor at every stage.

The Six Pillars

Spec-Driven Development

Spec-Driven Development

Implementation is forbidden until the design survives the critique loop. C4 modeling by default.

API First

API-First

Typed contracts are the canonical source of truth. Schema synchronization is non-negotiable.

Security First

Security-First

Auth and RBAC are designed before feature code. Zero-Trust authorization is the foundation.

Trust but Verify

Trust but Verify

AI orchestrates; Human validates. Mandatory approval gates between every engineering phase.

Zero Bug

Zero-Bug

Production code is a liability without tests. TDD is the default mode for all critical business logic.

Persistent Context

Infinite Context

Session memory preserves architectural "gotchas" across weeks of non-contiguous development.

Planning Cycle

The Planning Gauntlet

Adversarial design refinement to eliminate drift before the first line of code.

ARCHITECT
System & API Design
DESIGN
UI/UX Design
CRITIQUE
Adversarial Gap Analysis
REVISE
Strategic Plan Hardening
TICKETS
Sprint Ticket Decomposition
Adversarial Protocol

The /critique Directive

Why cast the AI as a Skeptical Auditor?

Because optimistic engineering is a liability. The default state of software is 'broken until proven robust'.

Critique Investigation Visual

The Mindset

It views your code as a potential liability, hunting for complexity, gold-plating, and fragile abstractions. It does not optimize; it scrutinizes everything that is not essential.

The Protocol

Every 'TODO' is a blocker. Every caught exception must have a recovery strategy. If the implementation_plan is vague, it halts the loop immediately.

"Complexity is a liability. Simplify ruthlessly."

Production Cycle

The Execution Loop

Resilient implementation with mandatory human validation gates.

CODE
Standard TDD
CODE++
Refactor++
REVIEW
Logic Audit
FIX
Remediation
TEST
Verification
COMMIT
Release
DEPLOY
Ship
Resolution Cycle

The Debug Phase

Systematic Root Cause Analysis (RCA) when verification fails.

FAILURE
Issue in Production
SHERLOCK
Root Cause Analysis
ARCHITECT
Design Proper Fix
CRITIQUE
Plan Verification
REVISE
Plan Hardening
EXECUTION LOOP
Resume Cycle
Protocol Theory

The /sherlock Directive

Why cast the AI as Sherlock Holmes?

Because adopting a persona intentionally unrelated to software development acts as a cognitive power up.

Sherlock Investigation Visual

The Shift

It forces the model to abandon its training to apply "standard fixes" and instead unlocks a relentless, deductive mode of reasoning that standard engineering prompts cannot reach.

The Protocol

When the investigation hits a dead end, he suspects every variable, refuses to guess, and enlists Watson's help (the User) when standard deductive processes yield no answers.

"It is a capital mistake to theorize before one has data."

Continuity Cycle

Operational Persistence

MEMORY
State Codification
RESUME
Context Re-hydration

Switch between tasks, days, or AI models without context decay. The protocol is the project's long-term memory.

Persistence Protocol

The /memory Directive

Why formalize Project Memory?

Because relying on "automatic memory compaction" is fragile. We must explicitly persist the project state to survive the session boundary.

Memory Protocol Visual

The Mindset

It treats the session as a finite unit of work. We start with a clean state for new features to ensure previous sessions don't pollute current results.

The Protocol

Before signing off, the context is compacted into a structured handoff (SESSION_MEMORY.md). On return, the agent re-hydrates strictly from this source of truth.

"Context is currency. We control what is retained."

Operational Protocol

Quick Reference

/architect
Principal Architect
System Blueprinting

SW Architecture Agent

/design
UX Oracle
User Experience Spec

Create distinctive, production-grade frontend interfaces with high design quality. Generates creative, polished code and UI design that avoids generic AI aesthetics.

/critique
Skeptical Auditor
Adversarial Audit

Adversarial analysis to identify gaps, risks, and brittleness.

/revise
Senior Designer
Plan Hardening

Revise a plan based on the critique

/tickets
Technical PM
Sprint Planning

Principal Technical Project Manager for sprint planning and ticket decomposition.

/code
Principal Engineer
High-Fidelity Implementation

High-fidelity Coding Agent for resilient, production-grade implementation.

/code++
Staff/Principal Engineer
Refactoring & Reference

High-fidelity refactoring with reference-first safety and legacy preservation.

/review
Senior Staff Engineer
Code Logic Audit

Code Review Agent for rigorous logic verification and technical debt audits.

/fix
Staff SRE
Issue Remediation

Implementation & Remediation Agent for production-grade refactoring and hardening.

/test
Test Runner
Verification Suite

Run all tests

/sherlock
Root Cause Detective
Root Cause Analysis

Sherlock Holmes investigation

/memory
Context Historian
Session Handoff

Context serialization and session management protocol.

/resume
Context Loader
Context Resurrection

Resume from session memory

Full Documentation

Protocol Specification

Get the workflows on GitHub

Executive Summary

This document describes a structured workflow for AI-assisted software development using Cursor IDE with custom slash commands. The workflow emphasizes planning before coding, iterative critique, and quality gates before deployment. It was refined over multiple iterations of a full-stack application migration.

Core Philosophy

01. Plan First, Code Second

Never jump directly into implementation. Every significant piece of work goes through a planning phase that includes analysis, explicit design decisions, and self-critique.

02. Trust But Verify

The AI agent does the heavy lifting, but the human maintains control through explicit approval gates, structured reviews, and quality checks before commits.

03. Persistent Context

Sessions can span days or weeks. Context preservation is critical: session memory files capture state, and the AI can resume work without re-explaining the project.

04. API-First Design

The API contract is the source of truth. Before implementation begins, define all endpoints and schemas. The .API/ folder contains the canonical contract enabling independent technology choices.

05. Test-Driven Development

Production code is a liability without tests. Quality is a prerequisite. Write tests before implementation—they define "done". No code ships without passing the full test suite.

06. Security-First Architecture

Security is not a feature; it is an architectural constraint. Auth and RBAC are designed before feature code. Zero-Trust is default. Security Audits are mandatory gates.

The Command System

Custom slash commands in .cursor/commands/ define specialized agent personas. Each command transforms the AI into a domain expert. Click a card to view the protocol specification.

/prod_mgmt

Vision & Requirements

/architect

System Design & C4

/security

Threat Modeling & Auth

/design

UI/UX Specifications

/critique

Plan Analysis

/revise

Iterative Improvement

/review

Code Review Logic

/code

Implementation

/code++

High-Fidelity Refactoring

/tickets

Ticket Management

/fix

Remediation & Repair

/test

Verification Suite

/memory

Context Management

/resume

Session Restoration

Detailed Phase Breakdown

Phase 1: Resume & Orient

Command: /resume

Start every session by loading context from the session memory file. The AI reads .tmp/SESSION_MEMORY.md and orients itself to project state, critical knowledge, and user preferences.

Phase 2: Architect & Plan

Command: /architect

For significant work, generate a technical specification before implementation. The architect persona produces structured documents including diagrams, API contracts, and security considerations. Outputs a comprehensive plan answering "what" and "why".

Phase 2b: Design the Experience

Command: /design

When UI is impacted, invoke the UX Oracle. Produces an "Experience Manifesto" utilizing JTBD Deep-Dives, Shadow Data Extraction, and Cognitive Load Mapping.

Phase 3: Critique the Plan

Command: /critique

Turns the AI against its own plan. Hunts for gaps, brittle design, code smells, and security concerns. Flags anti-patterns like "Gold-Plating," "Abstractions for One," and "Locked File Modification."

Phase 4: Revise with Best Practices

Command: /revise

Address every critique item. Does NOT write implementation code. Specifies patterns and trade-offs. Iterates with Critique until the plan is ready.

Phase 5: Decompose into Tickets

Command: /tickets

Convert the approved plan into prioritized, actionable tickets. Each ticket is self-contained, vertically sliced, prioritized, and testable.

Phase 6: Implement

Command: /code

With an approved plan, implementation begins following strict TDD discipline. All failure modes must be handled with zero-bug tolerance and mandatory test coverage. No production code without unit, integration, or E2E tests.

Phase 6b: Refactor++

Command: /code++

For complex refactoring, use the Reference-First workflow. Create a complete source of truth before applying changes incrementally with full verification at each step.

Standalone Test Verification: /test ensures all tests are "green and clean."

Phase 7: Review

Command: /review

After implementation, conduct a formal code review. Produces a structured report with a Summary of Findings and a Health Score.

Phase 8: Fix

Command: /fix

Remediate all issues from the review systematically by severity. Runs full test suite after fixes.

Phase 9: Release

Commit with conventional messages, tag the release, save context with /memory, and deploy.

Phase 10: The Debug Loop (Sherlock Protocol)

Command: /sherlock

Even with rigorous orchestration, runtime issues occur. The Debug Loop provides a systematic protocol for Root Cause Analysis (RCA) when verification fails.

The Protocol

  1. Isolate: Create a minimal reproduction case.
  2. Investigate: Use /sherlock to trace logs, state, and dependencies.
  3. Triage: Decide if it's a Minor Fix or Major Flaw.

Branching Logic

            ┌→ [Minor] → /critique → /revise → /fix → /test
/sherlock ──┤
            └→ [Major] → /architect → /critique → /revise → ...

Key Rule: Never apply a "blind fix". If /sherlock cannot explain why it broke, do not run /fix.

Key Principles in Practice

  • 01. Explicit Approval Gates: Pause points for human review after every phase.
  • 02. Context as Contract: .tmp/SESSION_MEMORY.md allows multi-session resiliency.
  • 03. Quality Over Speed: Tests must pass before commits. Formatting is enforced.
  • 04. Command Specialization: Different "expert personas" for focus and quality.

Adapting the Workflow

Smaller Tasks: /resume → /code → /review → /fix → commit

Backend-Only: Skip /design.

UI-Heavy: Include /design after architect.

Exploratory: iterate with /architect → /critique → /revise.

Debugging: /sherlock → /fix → /review

Protected Files: .lockedfiles

⛔ .lockedfiles Override Required

The .lockedfiles mechanism prevents agents from modifying stable code.

When to Lock:
  • Security-critical code (Auth, Encryption)
  • API contracts
  • Database migrations
  • Production configuration

Agents check this file before writing. If matched, they must pause and request a "Manual Override".

Conclusion

This workflow treats AI as a highly capable but supervised team member. The human provides strategic direction and approval; the AI provides deep analysis, consistent quality, and structured documentation. The result is production-grade code with a clear audit trail.