LDF Concepts

December 30, 2025 · View on GitHub

Understanding the philosophy and methodology behind LDF.


Visual learner? See Workflow Diagrams for ASCII diagrams of the entire process.


Core Principle: Spec-First Development

No code without approved specifications.

This isn't about bureaucracy - it's about:

  1. Clarity: Everyone understands what we're building
  2. Quality: Catch issues before they become bugs
  3. Efficiency: Less rework, faster delivery
  4. Knowledge: Specs serve as documentation

The Three Phases

┌──────────────────────┐
│   PHASE 1            │
│   REQUIREMENTS       │   What to build
│                      │   ↓
│  requirements.md     │   User stories, acceptance criteria
│                      │   Question-pack answers, guardrail matrix
└──────────┬───────────┘
           │ ✋ Approval Gate

┌──────────────────────┐
│   PHASE 2            │
│   DESIGN             │   How to build it
│                      │   ↓
│  design.md           │   Architecture, components, data models
│                      │   API contracts, guardrail mapping
└──────────┬───────────┘
           │ ✋ Approval Gate

┌──────────────────────┐
│   PHASE 3            │
│   TASKS              │   Implementation steps
│                      │   ↓
│  tasks.md            │   Numbered tasks, dependencies
│                      │   Guardrail checklist, testing
└──────────────────────┘

Phase 1: Requirements

Goal: Define WHAT we're building

Contents:

  • User stories in "As a... I want to... So that..." format
  • Acceptance criteria (measurable, testable)
  • Question-pack answers (domain-specific decisions)
  • Guardrail coverage matrix

Output: requirements.md

Approval Gate: Spec review by external agent or team

Phase 2: Design

Goal: Define HOW we're building it

Contents:

  • Architecture overview
  • Component definitions
  • Data models
  • API contracts
  • Guardrail mapping

Output: design.md

Approval Gate: Architecture review

Phase 3: Tasks

Goal: Define the implementation steps

Contents:

  • Numbered task list
  • Dependencies between tasks
  • Guardrail checklist per task
  • Testing requirements

Output: tasks.md

Approval Gate: Ready for implementation

Guardrails

Guardrails are constraints that ensure quality. They're not optional - they're requirements.

Core Guardrails (Always Enabled)

IDNameDescription
1Testing CoverageMinimum 80% coverage, 90% for critical paths
2Security BasicsOWASP Top 10 prevention
3Error HandlingConsistent error responses, no swallowed exceptions
4Logging & ObservabilityStructured logging, correlation IDs
5API DesignVersioning, pagination, error format
6Data ValidationInput validation at boundaries
7Database MigrationsReversible, separate from backfills
8DocumentationAPI docs, README, inline comments

Domain Presets

Additional guardrails for specific domains:

SaaS Preset:

  • Multi-tenancy isolation
  • RLS enforcement
  • Subscription billing
  • Audit logging

Fintech Preset:

  • Double-entry ledger
  • Money precision (NUMERIC)
  • Idempotency
  • Reconciliation

Healthcare Preset:

  • HIPAA compliance
  • PHI handling
  • Access logging
  • Consent management

Guardrail Coverage Matrix

Every spec must include a matrix showing how each guardrail is addressed:

| Guardrail | Requirements | Design | Tasks/Tests | Owner | Status |
|-----------|--------------|--------|-------------|-------|--------|
| 1. Testing | [US-1] | [S3.1] | [T-4.1] | Alice | DONE |
| 2. Security | [US-2] | [S4.1] | [T-5.1] | Bob | TODO |

Question-Packs

Question-packs ensure critical decisions are made early.

How They Work

  1. When creating a spec, LDF identifies relevant question-packs
  2. You answer questions before writing requirements
  3. Answers are captured in answerpacks (YAML)
  4. Linter verifies all critical questions are answered

Example Question-Pack (Security)

domain: security
critical: true
questions:
  authentication:
    - question: "What authentication method will be used?"
      options:
        - "Username/password with bcrypt"
        - "OAuth 2.0 / OpenID Connect"
        - "API keys"
        - "Service JWT"
      follow_ups:
        - "What is the session duration?"
        - "Is MFA required?"

When to Use Each Pack

PackUse When
securityAlways
testingAlways
api-designBuilding APIs
data-modelDatabase changes
billingPayment/subscription features
multi-tenancyMulti-tenant systems
provisioningExternal service integration
webhooksEvent-driven features

Multi-Agent Workflow

LDF supports using multiple AI agents for review and validation.

Agent Roles

AgentStrengthUse For
Your Primary ToolImplementation, contextPrimary development
ChatGPTPatterns, alternativesSpec review, code audit
GeminiEdge cases, gapsArchitecture, completeness

Supported primary tools: Claude Code, Gemini CLI, Codex CLI, Cursor, or any MCP-compatible assistant.

Why Multiple Agents?

  1. Different perspectives: Each model has unique strengths
  2. Catch blind spots: What one misses, another catches
  3. Validation: Independent review reduces errors
  4. Quality: Multiple passes improve output

Audit Triggers

PhaseAudit TypeAgent
Requirements completespec-reviewChatGPT
Requirements completegap-analysisGemini
Design completearchitectureGemini
Security featuresecurity-checkChatGPT
Before implementationedge-casesGemini
Code completecode-auditChatGPT

MCP Integration

MCP (Model Context Protocol) servers provide real-time access to spec status and coverage.

Token Efficiency

OperationWithout MCPWith MCPSavings
Get spec status~5,000 tokens~200 tokens96%
List tasks~3,000 tokens~150 tokens95%
Check coverage~10,000 tokens~200 tokens98%

Available Servers

  1. spec_inspector: Spec status, guardrails, tasks
  2. coverage_reporter: Test coverage metrics
  3. db_inspector: Database schema, RLS policies (optional)

Best Practices

DO

  • Write specs before code
  • Answer all question-pack questions
  • Complete guardrail matrix before approval
  • Run lint before requesting review
  • Get external audit for significant features
  • Update specs when requirements change
  • Mark tasks complete as you go

DON'T

  • Skip phases to save time
  • Leave guardrails marked N/A without justification (ldf lint will warn you)
  • Ignore audit findings
  • Let specs get out of sync with code
  • Over-engineer the spec process for small changes

When to Use LDF: Decision Tree

Is this a code change?

├─ NO → Not LDF (documentation, config, etc.)

└─ YES → How many lines of code?

    ├─ < 50 lines AND simple bug fix
    │   └─ → Skip LDF (link to GitHub issue)

    └─ > 50 lines OR new feature

        ├─ Public API or security-sensitive?
        │   └─ YES → ✅ FULL LDF (all 3 phases)

        ├─ Database schema change?
        │   └─ YES → ✅ FULL LDF (all 3 phases)

        ├─ Multi-file refactoring?
        │   └─ YES → ✅ FULL LDF (all 3 phases)

        └─ Internal utility or helper?

            ├─ Will be reused across features?
            │   └─ YES → ✅ FULL LDF

            └─ ONE implementation → Phase 1 only (requirements)

Rule of Thumb: If you're asking "Do I need LDF for this?", the answer is probably yes.

When LDF is Overkill

Not everything needs full spec treatment:

Use full LDF for:

  • New features
  • Significant changes
  • Security-sensitive code
  • External-facing APIs
  • Database migrations

Lighter touch for:

  • Bug fixes (link to issue)
  • Refactoring (describe in commit)
  • Documentation updates
  • Config changes
  • Dependency updates

Measuring Success

Spec Quality Metrics

  • Completion Rate: % of specs that reach implementation
  • Rework Rate: Changes after design approval
  • Bug Escape Rate: Issues found post-implementation
  • Coverage Score: Average guardrail coverage

Project Health Indicators

IndicatorHealthyWarningCritical
Specs in draft< 20%20-40%> 40%
Test coverage> 80%60-80%< 60%
Guardrail gaps01-2> 2
Audit response time< 24h24-48h> 48h

Evolution of LDF

LDF is designed to evolve with your project:

  1. Start Simple: Core guardrails only
  2. Add Domain Presets: As complexity grows
  3. Custom Question-Packs: For your specific domain
  4. Automated Audits: When volume justifies
  5. CI/CD Integration: For continuous validation

The goal is appropriate rigor, not maximum process.