ADLC Governance

Operating Model

22Enforcement Hooks

22 deterministic hooks enforce governance at tool level — not advisory, not optional. Exit code 2 blocks violations.

⚡ 22 hooks active from first session — zero configuration

AI agents build governed & Humans ship trusted. 80% autonomy & 100% accountability.

Section Three (Ch.13-16)

Adopting a New Operating Model

“Building and scaling digital and AI solutions requires companies to be much faster and more flexible in the way they develop technology. Developing that operating model is perhaps the most complex aspect of a digital and AI transformation.”

Four characteristics differentiate agile pods: mission-based with measurable outcomes, cross-disciplinary with dedicated resources, autonomous and accountable for achieving impact, fast moving and focused on user needs. ADLC enforces this through 22 deterministic hooks that cannot be bypassed — not advisory guidance, but exit-code enforcement.

Source: Rewired: The McKinsey Guide to Outcompeting in the Age of Digital and AI (Lamarre, Smaje, Zemmel, 2023)

Platform Evolution

Hooks are deterministic (exit code 2) regardless of AI model quality. As models improve, fewer violations fire — but the safety net never weakens.

Component Map

14 components implementing this pillar

Type	Name	Why	Business Value
Hook	`enforce-coordination.sh`	Block specialist tool calls before PO+CA approval	Zero STANDALONE_EXECUTION violations at tool level
Hook	`validate-bash.sh`	Block git mutations and GitHub API git object creation	Principle I: Agents prepare, Humans commit — enforced
Hook	`detect-nato-violation.sh`	Block completion claims without evidence paths in tmp/	NATO (No Action Talk Only) eliminated
Hook	`enforce-specialist-delegation.sh`	Block raw Edit/Write on domain files without Task delegation	COORDINATION_WITHOUT_DELEGATION prevented
Hook	`detect-testing-theater.sh`	Block new mocks without assertions, coverage omit expansion	Test quality maintained — no inflated pass rates
Hook	`enforce-docker-registry.sh`	Block non-compliant FROM and image: references	Supply chain integrity — only nnthanh101/* images
Hook	`validate-rescore-freshness.sh`	Block re-scoring before artifacts have changed	SCORING_THEATER and RACE_CONDITION_SCORING prevented
Hook	`validate-docs-sync.sh`	Block writes that destroy HAND-CURATED markers	Persona-optimized CLI docs survive regeneration
Rule	`adlc-governance.md`	Authority chain, NATO prevention, content classification	Single source of truth for all governance decisions
Rule	`principle-i-acceptable-agency.md`	Agents prepare, Humans decide, Humans commit	Legal accountability + audit trail integrity
Rule	`anti-patterns-catalog.md`	64 documented anti-patterns with prevention mechanisms	Institutional memory — each pattern cost real sessions
Rule	`operational-efficiency.md`	20% framework cap, 3-agent scoring, READONLY-first	80% time on product code, not coordination theater
Hook	`enforce-pdca-cycle`	Track artifact hashes across PDCA rounds	PROCESS_WITHOUT_OUTCOME blocked — fixes must precede rescores
Hook	`load-project-context`	Inject VERSION, project paths, profiles at SessionStart	Consistent context across all sessions and agents

Risk & Scalability

What happens without this pillar, and why ADLC scales from 1 person to enterprise

What if you skip?

McKinsey Exhibit 13.1 (Rewired p.120): Experienced agile teams deliver +27% productivity, -30% schedule slips, -70% defects vs non-agile. But “simply implementing agile rituals without making corresponding changes to how to set objectives, configure teams, and enforce accountability for results will lead to poor outcomes” (p.120). ADLC hooks ARE that enforcement layer.

Scalability

22 hooks enforce governance deterministically via exit codes — not advisory prompts. The same hooks work for a solo developer or a regulated enterprise. Governance scales because it’s code, not process.