Controlled AI-assisted software deliveryCall (888) 995-4340
The Buildfactory approach

AI produces possibilities. Engineering decides what passes.

Buildfactory applies Sarolta's zero-trust approach to AI-assisted software delivery: probabilistic generation inside a controlled process of specification, tests, review, proof, repair, and human acceptance.

Inference, not intelligence

An LLM predicts a plausible answer. It does not prove that answer is right.

Generative AI is a powerful production input. Like every industrial input, its output must be processed into something fit for purpose. In Buildfactory, the processing is engineering: clarify the request, establish proof, build, check, correct, and accept.

Reliable AI-assisted code is therefore a process-engineering problem—not just a model-selection problem.

The axiom

Generated output is not trusted by default.

Confidence, a completion narrative, or a model reviewing its own work are not proof. The delivery process has to establish what is true.

Not trusted

Verify every output independently.

Code, tests, specifications, findings, and evidence are checked against the claim they make.

Not assumed safe

Use deterministic facts where possible.

When a check can be pass/fail, a deterministic gate owns the decision rather than an LLM score.

No drift accepted

Check alignment throughout delivery.

Independent challenge catches a specification deviation before it becomes accepted work.

No proof, no passage

Do not advance on assertion.

Current artifacts, configured checks, and accountable decisions determine whether a stage may continue.

Built from operational work

These controls were not invented as a checklist.

Buildfactory began with infrastructure deployment, upgrades, repair, and configuration automation. As it was used across real projects, each repeated failure, unsafe handoff, or missing proof became another working control in the delivery base.

Used first. Productized later.

Workers, gates, sandboxes, repair paths, and management controls exist because the work required them. See how Buildfactory was built →

Four pillars

Four controls for four different failure modes.

These work together. The selected Build Profile determines how deeply each is applied for a delivery.

Bounded worker enclosureConcept 01

Zero-trust agent architecture

Workers have defined roles, repositories, environments, procedures, and handoffs. A model request does not extend its authority.

Independent review stationConcept 02

Adversarial review pipeline

Independent review and inquisitor roles assess work against the specification and evidence, not the producing worker's account.

Deterministic quality gateConcept 03

Deterministic quality gates

Artifact structure, repository state, tests, coverage, required evidence, and controlled transitions can be verified mechanically.

Sandboxed execution environmentConcept 04

Sandboxed execution environments

Git worktrees, Docker, Proxmox, and bounded environments isolate work and preserve an accountable run history.

What responsible AI requires

Do not ask an LLM to judge itself.

The point is not to slow work down for ceremony. It is to catch the ordinary, plausible failures before they compound.

Uncontrolled deliveryBuildfactory delivery
LLM judges its own output.Independent review challenges work against its specification and evidence.
Tests pass mostly; missing proof is discovered later.Configured deterministic gates decide whether proof is sufficient to advance.
Scope drift emerges during or after release.Scope is specified, bounded, and checked at major transitions.
Failures are reconstructed after the fact.Artifacts, decisions, evidence, and remediation are retained through the line.
Flexible controlled phases

A framework for the work, not a fixed eight-step ceremony.

Buildfactory does not assume an incoming request is sufficient. PRD analysis and remediation identify missing constraints, unclear behavior, contradictions, and untestable expectations before downstream work compounds the problem.

Start with a working delivery line. Keep it, or modify it to suit the application you are building.

What runs in each phase depends on the Build Profile and the application. A PoC, an MVP, a SaaS product, and a high-consequence system need different workers, checks, evidence, environments, and human decisions. Some phases can be combined for a bounded product change; others need to be expanded or repeated. The controlled framework keeps the relevant obligations, alignment checks, and remediation paths explicit while allowing the process to fit the product.

01 / PRD

Analyze and remediate the requirement.

Required: structured findings, amendments, reanalysis

Inspect the source request, write actionable deficiencies, apply agreed amendments, and reanalyze before the request is accepted as a build obligation.

02 / SPEC

Define the obligation.

Required: specification, constraints, evidence contract

Translate the remediated requirement into precise behavior, acceptance criteria, boundaries, and expected proof.

03 / TEST

Prove missing behavior.

Required: test artifacts and controlled RED evidence

Create tests capable of detecting the requested behavior and distinguish real integration proof from mocks or irrelevant happy paths.

04 / CODE

Implement the owned change.

Required: implementation, execution evidence, review input

Make the change under the defined specification and test obligation, without silently expanding the scope.

05 / DISCOVER

Search beyond the visible pass.

Required: discovery findings and routing decision

Look for missed obligations, hidden integration effects, weak evidence, and assumptions that a normal phase review did not expose.

06 / IMPL

Judge the integrated result.

Required: implementation review and remediation outcome

Review the resulting behavior against the specification, tests, evidence, and engineering rules, then route any failure to the responsible station.

07 / UAT

Validate use and architectural fit.

Required: user and system findings

Confirm that the completed work is usable, fits the surrounding system, and satisfies the human intent behind the requirement.

08 / ACCEPT

Make the release decision.

Required: current evidence and unresolved-risk visibility

Decide from the linked requirement, artifacts, reviews, repairs, and outstanding findings—not a worker's declaration of completion.

Pipeline architecture

Probability generates. Controls decide.

The pipeline's intelligence is in its structure as well as its models: no stage advances because an agent sounds confident, and no exception is made because of time pressure.

Every gate is a hard decision point.

Specification, Test, Code, inquisitor, integration, and acceptance controls return work to the phase that can actually resolve the finding.

Beyond code

One controlled pattern for any digital artifact that must be correct.

Software is the primary domain. The same system applies when an AI step needs stated criteria, evidence, independent review, and a responsible acceptance point.

Code and software

Spec → Tests → Implement → Deploy

Transform PRDs into verified code through worker loops, deterministic gates, and evidence.

Reports and documents

Brief → Criteria → Draft → Final

Check completeness, structure, evidence, and approval criteria before release.

Research and analysis

Question → Method → Findings → Review

Make sources, method, claims, and conclusions reviewable against a research contract.

Content and copy

Guide → Rules → Write → Publish

Apply factual checks, brand rules, and independent review before publication.

The approach in practice

Use AI for generation. Use engineering to decide what is good enough.

Start from a working system, select the proof required for the work, integrate it with your environment, and keep accountable human judgment where it belongs.

Plan a technical evaluation →