Skip to main content

Part V: Constraint Engineering

Constraints Protect Systems from AI Mistakes

In Spec-Driven Development, specifications define what should happen. Constraints define what must never happen. This distinction is critical when AI agents generate code: specifications guide implementation, but constraints protect against the systematic failures that AI tends to produce.

Without constraints, AI agents over-generate. They add unnecessary abstractions, create speculative features, make implicit architectural decisions, and produce code that "works" but violates your system's integrity. A specification might say "implement user registration." An unconstrained AI might implement user registration plus a custom ORM layer, plus a generic repository pattern, plus three levels of abstraction—all technically correct, none of it what you wanted.

Constraints are the guardrails. They define the boundaries within which AI may operate. They answer the question: "What must never appear in our codebase, regardless of what the specification says?"

What You Will Learn

Chapter 12: Constraint Types and Architecture Constraints

You will learn the five constraint categories—Architecture, Security, Performance, Data, and Compliance—and understand why constraints exist: protecting against AI over-generation and implicit decisions. The chapter focuses on architecture constraints with concrete examples: controllers cannot contain business logic, services must be stateless, database access only through repositories, maximum three projects for initial implementation. You will define layered architecture constraints, dependency direction constraints, and learn the constraint document format. A hands-on tutorial guides you through defining architecture constraints for a running project.

Chapter 13: Security and Performance Constraints

Security and performance constraints translate non-functional requirements into enforceable rules. You will learn security constraints: JWT token policies (expiration, signing algorithm), password hashing requirements (bcrypt, cost factor), PII handling rules (no PII in logs, encryption at rest), authentication requirements (all endpoints require auth by default), rate limiting policies, and input validation mandates (SQL injection, XSS prevention). Performance constraints cover frontend bundle size limits, API latency budgets, database query limits, memory usage caps, and connection pool sizing. You will create a security and performance constraint document, learn how constraints become CI/CD gates, and understand constraint violation as build failure.

Chapter 14: The Constitutional Foundation

The constitution is the highest form of constraint: immutable principles that govern how specifications become code. You will learn the Nine Articles model from the SDD methodology—Library-First Principle, CLI Interface Mandate, Test-First Imperative, Simplicity and Anti-Abstraction, Integration-First Testing—and how constitutions are enforced through templates and phase gates. You will implement pre-implementation gates (Simplicity Gate, Anti-Abstraction Gate, Integration-First Gate), understand the constitutional evolution and amendment process, and create a project constitution for your running project. The chapter covers template-driven quality, preventing premature implementation details, forcing explicit uncertainty markers, and the compound effect of multiple constraints working together.

The Connection

The three chapters form a hierarchy:

  1. Chapter 12 establishes the taxonomy—the five constraint categories and the architecture constraints that shape system structure.
  2. Chapter 13 adds operational constraints—the security and performance rules that protect systems in production.
  3. Chapter 14 elevates constraints to constitutional principles—the immutable rules that govern the entire development process.

Together, they give you the complete constraint engineering toolkit. By the end of Part V, you will be able to define constraints that protect your systems from AI mistakes, express them in specification documents, enforce them through CI/CD, and embed them in a constitutional foundation that shapes every generated implementation.

Next: Chapter 12 — Constraint Types and Architecture Constraints