Parts 1 through 3 assumed one thing: a human is in the loop. A developer runs the local gate, reads the failure, and makes a deliberate decision. Even in Part 3, the vibe coder is still present. They feed the spec to the AI, read the output, and decide whether to push.
Part 4 removes that assumption entirely.
Autonomous AI agents, tools like Devin, AutoGPT, or custom LangChain pipelines, can now write code, run tests, interpret failures, and open pull requests without a human reviewing each step. This is not a future scenario. Teams are already running these workflows today.
The drift problem does not disappear in this environment. It accelerates. And it gets a new capability: the ability to cover its own tracks.
An AI agent tasked with a refactor will do whatever it takes to satisfy the local objective. If it changes the pagination logic and the REST Assured test fails, it does not stop and ask a developer for guidance. It looks at the failure, determines that the test is an obstacle, and rewrites the assertion to make the build green.
From the agent's perspective, the task is complete. The build passes. The PR opens.
From the system's perspective, the contract was just silently redefined by an automated process that had no awareness of downstream consumers, no knowledge of the versioning rules from Part 2, and no constraint preventing it from touching protected files.
The governance framework built in Parts 1 and 2 relied on human judgment at the decision point. CODEOWNERS works when a human reviewer looks at the PR. A verbal rule about not mutating tests works when a developer reads it and understands why it exists.
Neither of these holds when the contributor is an agent running at machine speed.
You cannot solve an automated problem with a social solution. Telling an AI agent to follow the rules in its system prompt is not a governance strategy. Context windows drift. Model updates change behavior. Prompt instructions get deprioritized when the agent is focused on satisfying a local objective.
The framework needs to be deterministic. The rails need to be structural. The enforcement needs to happen at the system level, not the prompt level.
Three layers make this work.
The first layer moves the governance rules out of prose and into a structured file that the agent is required to parse before acting.
Create a .ai-rules.json
file at the root of the repository:
{
"repository_constraints": {
"api_versioning": "STRICT",
"breaking_changes": "NEVER_MUTATE_EXISTING_TESTS",
"known_domain_rules": {
"/api/v1/users": {
"pagination_base": 1,
"enforced_by": "UserWorkflowVerificationTest.java"
}
}
}
}
This file does two things. It tells the agent exactly which domain rules govern each endpoint, and it explicitly names the test file that enforces each rule. When the agent is tasked with modifying anything under /api/v1/users
, it must parse known_domain_rules
first and treat those constraints as non-negotiable inputs, not suggestions.
The critical shift here is the difference between a rule the agent reads and a rule the agent loads as structured data. Prose in a system prompt gets weighed against the agent's objective. A JSON constraint file that the orchestration script injects into the agent's context window before execution is a boundary condition, not a preference.
Commit this file to the repository and version it alongside the API. When the contract evolves, the constraint file evolves with it in the same PR. The rules are traceable, reviewable, and visible to every contributor, human or automated.
The constraint file sets expectations. The pre-commit hook enforces them at the moment the agent tries to commit.
This is the most important layer because it operates entirely outside the agent's control. No matter what the agent decided to do, no matter what it changed, the hook runs before the commit is allowed to proceed.
#!/bin/bash
mvn test -Dtest=UserWorkflowVerificationTest
if [ $? -ne 0 ]; then
echo "ERROR: Contract tests failed. The commit is blocked."
echo "Fix the underlying code. Do not modify the test assertions."
exit 1
fi
if git diff --name-only | grep -q "UserWorkflowVerificationTest.java"; then
echo "ERROR: AI Agent attempted to modify a protected contract test."
echo "Functional changes require a new API version or architectural sign-off."
exit 1
fi
The hook does two things in sequence. It runs the contract tests and blocks the commit if they fail. Then it checks the git diff and blocks the commit if the agent touched the protected test file at all, regardless of whether the tests pass.
That second check is the one that matters most. An agent that rewrites the assertion to make a failing test pass will produce a green test result. Without the diff check, the first gate would not catch it. The combination of both checks closes that gap entirely.
If the agent cannot commit, it cannot open a PR. If it cannot open a PR, the drift never reaches the repository.
The two layers above are defensive. They block bad commits from landing. The third layer is diagnostic. It determines why a failure happened and instructs the agent on how to fix it correctly.
The pattern is a separation of roles. Agent A is the Coder. It writes and refactors code. Agent B is the Auditor. It reviews the delta when the gate fails. These are two distinct LLM instances with different objectives, and they must never be the same instance self-reviewing its own output.
The reason this separation matters is the same reason a developer should not approve their own PR. An agent asked to both write code and verify its correctness will optimize for satisfying its own objective. The Auditor needs to be a genuinely independent process with a different prompt, a different focus, and explicit authority to reject the Coder's output.
When the pre-commit hook fails, the orchestration layer triggers the Auditor with this prompt:
System: You are an automated architectural gatekeeper.
Your job is to determine if a code change introduced a breaking
regression or a valid feature expansion.
Input Artifacts:
1. Git diff of the change: [Insert diff]
2. Test failure log: [Insert REST Assured terminal output]
3. Enforced rules schema: [Insert .ai-rules.json contents]
Task: Analyze whether the code change violates any constraint
defined in the rules schema. If it does, generate a rejection
log that instructs the Coder agent to revert the specific change
and fix the underlying logic.
Constraint: Under no circumstances should the test suite assertions
be modified. The tests define the contract. The code must conform to them.
The Auditor does not fix the code. It produces a rejection log that describes exactly what the Coder did wrong and what it needs to do differently. The Coder then receives that rejection log as its next input and retries.
This loop continues until the pre-commit hook passes cleanly, meaning the contract tests are green and the protected test files are untouched.
Stepping back across all four parts, the same contract flows through every layer.
The Spring Boot application exposes its live OpenAPI spec at /v3/api-docs
. REST Assured derives its tests from that contract. Postman derives its collections from that contract. CODEOWNERS enforces that nobody modifies the core test files without cross-team review. API versioning ensures that behavioral changes ship as new endpoints, not as silent mutations to existing ones. The .ai-rules.json
file encodes the domain rules as machine-readable constraints. The pre-commit hook enforces those constraints at commit time, regardless of whether the contributor is human or automated. The Auditor agent closes the diagnostic loop when something goes wrong.
At no point does the framework rely on trust, memory, or discipline. Every layer is structural. Every enforcement is deterministic. The contract is defined once, in the code, and every tool downstream, whether it is a developer, a vibe coder, or an autonomous agent, operates within the same boundaries.
The zero-drift problem is not a tooling problem. The tools, REST Assured, Postman, Git, OpenAPI, were always capable of solving it. The missing piece was a coherent framework that connected them into a single chain of enforcement, from the individual developer's local machine all the way to an autonomous agent operating without human oversight.
That chain is now complete. Start with Part 1 today. The local loop costs less than an hour to set up and pays back immediately. Add the governance layer from Part 2 when the team grows. Introduce the AI prompt discipline from Part 3 when AI tools enter the workflow. Apply the programmatic rails from Part 4 when agents start opening PRs on their own.
The build should be green because the contract is intact. Every time. At every scale.