Security & Quality

Adoption & Scaling

6,298Real Tests

6,298 real tests. 104K lines of mock theater deleted. SOC2 + APRA CPS 234 alignment. Zero testing theater.

⚡ First SAST scan in <2 minutes via container

AI agents build governed & Humans ship trusted. 80% autonomy & 100% accountability.

Section Six (Ch.28-32)

The Keys to Unlock Adoption and Scaling

“For every $1 you spend on developing a digital solution, plan to spend at least another $1 (and sometimes more) to ensure full adoption and scaling. That additional $1 will go toward implementing process changes, user training, change management initiatives.”

Chapter 31: Managing risk and building digital trust. Beware of the new risks introduced by your digital and AI transformation into areas such as cybersecurity, data privacy, and AI biases. ADLC addresses this through deterministic hook enforcement, APRA CPS 234 + SOC2 alignment, supply chain SBOM, and the Testing Theater anti-pattern elimination.

Source: Rewired: The McKinsey Guide to Outcompeting in the Age of Digital and AI (Lamarre, Smaje, Zemmel, 2023)

Platform Evolution

AI vulnerability detection improves with model updates. NemoClaw kernel-level sandboxing adds hardware-enforced boundaries. Anti-pattern catalog grows with each incident.

Component Map

9 components implementing this pillar

Type	Name	Why	Business Value
Agent	`security-compliance-engineer (opus)`	SOC2, APRA CPS 234, ISO 27001, PCI-DSS compliance gating	Regulatory risk caught at design — not after audit
Agent	`qa-engineer (sonnet)`	3-tier test strategy: snapshot / LocalStack / AWS live	90-100% bug detection before production deployment
Agent	`devops-security-engineer (sonnet)`	CI/CD supply chain hardening, SBOM, Trivy scanning	SLSA Level 2+ provenance on every release
Command	`/security:sast`	SAST + container scanning via nnthanh101/terraform:slim	Zero critical/high vulnerabilities before merge
Skill	`testing/3-mode-validation`	Playwright + AWS MCP combined accuracy gate (>=97%)	Two independent sources — SELF_COMPARISON_VALIDATION prevented
Skill	`testing/battle-conftest`	L1 (--help) / L3 (real READONLY) battle test tiers	DRYRUN_OVER_READONLY prevented — real API validation
Skill	`bdd/feature-coverage`	BDD scenarios with pytest-bdd step definitions	Business language tests that non-engineers can read
Hook	`detect-testing-theater.sh`	Block mocks without assertions, coverage omit expansion	6,298 real tests — 104K lines of mock theater deleted
Hook	`detect-hardcoded-env-data.sh`	Block AWS account IDs, org IDs in product docs	HARDCODED_ENV_IN_PRODUCT_DOCS eliminated from git history

Risk & Scalability

What happens without this pillar, and why ADLC scales from 1 person to enterprise

What if you skip?

McKinsey: “For every $1 you spend on developing a digital solution, plan to spend at least another $1 (and sometimes more) to ensure full adoption and scaling” (Rewired S6, p.287). Chapter 31 warns: “Beware of the new risks introduced by your digital and AI transformation into areas such as cybersecurity, data privacy, and AI biases” (p.288). Without security and quality gates, adoption fails because users don’t trust the system.

Scalability

Testing theater detection and supply chain enforcement are automated via hooks. Coverage gates are honest (fail_under measured, not estimated). The quality bar is the same whether shipping a PyPI package or deploying to production AWS accounts.