← The Lab
June 30, 2026enrique

Building something new, in public

I've started building a new product. It's an AI-native system in a regulated, trust-heavy corner of B2B — the kind of domain where a wrong answer is worse than no answer, and where "the AI said so" is not an acceptable citation.

I'm not going to tell you what it is yet. What I will do is build it in the open the way I build everything: discipline first, product second.

So before writing a single line of product logic, I spent the first session standing up the things most people bolt on later (or never):

  • Governance before code. A repo brain (CLAUDE.md), a library of skills, and custom review subagents — so quality is enforced by the repo, not by willpower.
  • Two invariants I'm guarding jealously. Every finding the system produces must trace to its source evidence — unsourced claims are bugs, enforced in the type system. And every record is scoped to its engagement: no cross-customer data leakage, ever. Both are cheap to bake in now and brutally expensive to retrofit.
  • Read-only, least-privilege by default. The system reaches into sensitive client systems. It does so with the narrowest, time-boxed, fully-audited access it can — and never a write path.
  • Quality gates from commit one. Strict typing, lint, coverage thresholds, SAST, dependency supply-chain guards, secret scanning, and a security-reviewer agent that runs before anything merges.

The bet: in a trust business, the moat isn't the model — it's everything around the model that makes a serious buyer believe the output. That work starts on day one, not after the demo.

More as it ships.

agentsbuilding-in-public