NextGen SDLCLive

Human Intent. AI Execution.

Human sets the intent, a fleet of AI agents handle the rest, and a real production app, cuppati.com, comes alive and stays operational supporting a business.

CLIP 00

Before the First Keystroke — The MCP Agent

claude-code · zsh

Before any feature is written, a custom MCP (Model Context Protocol) server is registered with Claude Code using claude mcp add. It exposes live codebase tools: reading the beans catalog, inspecting the route tree, checking cart state, so the agent operates on live data, not static file dumps.

CLIP 01

The Feature — GitHub Issue Created

caldo-coffee-shopIssue #12Open

Add Spring Roast promo — 20% off single-origin beans

enhancementai-assigned

Create a promo banner on the home page and /beans route. Apply 20% discount to featured beans. Add badge to bean cards. Feature flag off by default.

Branch created from issue: feature/spring-roast-promo

A single GitHub issue kicks off the entire delivery chain. The branch is created directly from the ticket. No Slack thread. No meeting. One source of truth.

CLIP 02

Code, Part 1 — The MCP Agent Writes It

claude-code · zsh

One prompt. The MCP agent reads live codebase state, writes across 6 files, builds, lints, and self-verifies, without a single keystroke from the developer.

CLIP 03

Code, Part 2 — Closing the Gap

claude-code · zsh

A second prompt catches an insight gap: ad traffic bypasses the banner. The agent finds the route, adds the discount to checkout, extracts a shared util. Two prompts. Feature complete.

CLIP 04

The PR — AI Writes the Description

PR #47feature/spring-roast-promo → mainAI-described

feat: Spring Roast promo — 20% off featured single-origin beans

This PR was described by Claude Code.

File	Change
src/routes/index.tsx	Added PromoBanner (feature-flagged)
src/routes/beans.tsx	Filter + badge on featured beans
src/routes/checkout.tsx	Promo line item in order summary
src/components/PromoBanner.tsx	New component
src/components/BeanCard.tsx	Promo badge added
src/context/CartContext.tsx	20% discount logic
src/lib/discount.ts	Shared discount util extracted
src/data/beans.json	featured flag on 3 beans

The agent writes the PR description, links the issue, and generates a change table for every file, before any human has reviewed a line.

CLIP 05

Secrets Stay Secret — Push Protection

$ git push origin feature/spring-roast-promo

remote: ——————————————————————————————————
remote: GitHub Push Protection
remote: ——————————————————————————————————
remote: 1 secret detected in commit a3f91b2
remote:   Cloudflare API token: CLOUDFLARE_API_TOKEN
remote:   Location: src/config/env.ts, line 4
remote: Push BLOCKED. Remove the secret and retry.

# Correct: use environment variables
CLOUDFLARE_API_TOKEN=...  ← in .env (gitignored)
src/config/env.ts reads from process.env  ✓
Push allowed.

Push protection scans every commit for credentials before they leave the developer's machine. One detected token is enough to block the entire push.

CLIP 06

The Pipeline — 13 Jobs, One Push

Sequential

✓Commit Signing

→

✓Build

→

✓Lint

→

✓Tests

Parallel (fires after row 1)

✓CodeQL

✓Checkmarx

✓Dependabot

✓SonarQube

✓SBOM Gen

✓Artifact Sign

✓Deploy Attest

13 artifacts → JFrog · SBOM generated · Release notes drafted

One push triggers 13 parallel and sequential jobs. Commit signing, build, lint, and test run first. Then six security scanners fire in parallel. Every artifact is published to JFrog with a signed SBOM. No human scheduled this.

CLIP 07

The Security Wall — Four Scanners

CodeQL

4 findings (all low)

Scans for SQL injection, XSS, path traversal. Finds vulnerabilities in the code logic itself.

Checkmarx SAST

0 critical

247 files scanned in 90 seconds. 10 vulnerability classes checked.

Dependabot

PR #31 auto-created

react-router 6.21.0 → 6.22.1 (XSS patch). Turns a 2pm CVE into a 2:05 fix.

SonarQube

0 bugs · Quality gate: A

PR #47 passed. 0 bugs, 0 code smells.

Four scanners in parallel, each looking at a different surface. The findings stream directly into the PR, with fixes proposed before review starts.

CLIP 08

Trust Before Prod — Artifact Signing

Artifacts: 8 components
SBOMs generated: 8 ✓
Signatures (cosign):
  caldo-web@v1.2.0        sha256:a3f9... ✓
  caldo-cart@v1.2.0       sha256:b12d... ✓
  caldo-checkout@v1.2.0   sha256:c88a... ✓
  caldo-beans-api@v1.2.0  sha256:d4e1... ✓
  caldo-auth@v1.2.0       sha256:e7b3... ✓
  caldo-orders@v1.2.0     sha256:f02c... ✓
  caldo-search@v1.2.0     sha256:1a99... ✓
  caldo-cdn@v1.2.0        sha256:2bf4... ✓

CVEs: 0
License violations: 0
Deployment attestation: SIGNED ✓

→ Harness manifest dispatched.

Every artifact is signed with cosign before Harness sees it. The SBOM is a full bill of materials: every dependency, version, and license. Only signed, verified artifacts get a deployment manifest. This is Trust Gate 2.

CLIP 09

The Starting Line — Harness CD

HARNESS CD — START

Triggered by:GitHub Actions (ci-pipeline #88)Repo:caldo-coffee-shopBranch:feature/spring-roast-promoCommit:a3f91b2Author:pdutta25Build:#88

Release Manifest

Component	Version	Change
caldo-web	1.2.0	Promo banner + bean badges
caldo-cart	1.2.0	Discount logic
caldo-checkout	1.2.0	Promo line item
caldo-beans-api	1.2.0	featured flag
caldo-auth	1.2.0	no change
caldo-orders	1.2.0	no change
caldo-search	1.2.0	index refresh
caldo-cdn	1.2.0	asset rev

Release Strategy: DEV → SIT → PROD (blue/green)

Harness renders the full dispatch context: who triggered it, what's shipping, and the full release strategy. Nobody typed this. CI dispatched; Harness rendered.

CLIP 10

Ship It — OPA Policy Gate

OPA Policy Evaluation

✓No critical CVEs in SBOM
✓All artifacts signed (cosign)
✓Change ticket #12 linked and approved
✓PR #47 approved (1 reviewer)
✓Deployment window: CLEAR (not a freeze period)
✓Lint: 0 errors
✓Tests: 52 passed, 0 failed
✓License scan: no violations

8 / 8 checks passedDecision: ALLOW ✓

Open Policy Agent evaluates 8 automated checks before any environment is touched. No CVEs, no missing approvals, no blocked windows. All 8 pass. Decision: ALLOW.

CLIP 11

One URL, Two Stacks — Blue/Green

cuppati.com

↓

Load Balancer

bluev1.1.0

3 pods

←100% traffic

greenv1.2.0

3 pods

⋯0% traffic

Staged. Waiting.

One URL. Two identical stacks behind it. Blue is live: v1.1.0, no promo, all traffic. Green is staged: v1.2.0, the Spring Roast feature, receiving nothing yet. The load balancer decides.

CLIP 12

The Swap — Zero Downtime

cuppati.com

↓

Load Balancer

bluev1.1.0

3 pods

⋯0% traffic

standby

greenv1.2.0

3 pods

←100% traffic

T+88s — Swap complete

All 8 components deployed to green. All health checks pass. One operation flips the load balancer. Traffic moves 100% to v1.2.0. Customers see the Spring Roast promo at the same URL. Zero downtime. Zero failed requests.

CLIP 13

The Incident — 12 Seconds After Swap

⚠️ SPLUNK ALERT FIRED — T+12s

Component:caldo-cartMetric:CPU utilizationValue:97.2% (threshold: 80%)Response time:42ms → 450ms ↑ 971%Error rate:0.0% → 0.0% (no errors yet)Status:DEGRADEDSOAR Playbook:incident-auto-rollback → TRIGGERED

Twelve seconds after the swap, Splunk fires. CPU on caldo-cart hits 97.2%. Response time spikes 10x. No errors yet, but the SOAR playbook triggers immediately. Something shipped that shouldn't have.

CLIP 14

The Recovery — 45 Seconds

T+0Swap to green (v1.2.0)
⚠️T+12sSplunk alert fires
T+14sSOAR playbook triggered
T+19sHarness rollback command issued
✓T+45sTraffic flipped back to blue
🔒T+57sGreen quarantined

45sAlert to Recovery

0Failed Customer Requests

The playbook reverses the swap. Traffic flips back to blue (v1.1.0) in 45 seconds. Green is quarantined. Zero failed requests. Customers saw slower responses for 45 seconds, then normal. No errors reached them.

CLIP 15

AI Diagnosis — Root Cause in Seconds

claude-code · zsh

Claude Code reads the deployment manifest, the Splunk spike, and the diff. It finds the root cause: calculateDiscount runs on every render with no memoization. Under load, 50+ cart items × concurrent users overwhelms the CPU. Not a guess, it read the code.

CLIP 16

The Receipt — GitHub Release

Release v1.2.1 — ROLLBACK NOTICE

caldo-coffee-shop · Published 4 min ago

⚠️ v1.2.0 auto-rolled back at T+45s (CPU incident)

Root cause: useMemo missing in CartContext.calculateDiscount

Fix: PR #48 — ships as v1.2.1

Component Status

caldo-web v1.2.0 → v1.1.0 (rolled back) BLUE
caldo-cart v1.2.0 → v1.1.0 (rolled back) BLUE
caldo-checkout v1.2.0 → v1.1.0 (rolled back) BLUE

DORA Metrics

Deployment Frequency:
Elite (multiple/day)
Lead Time:
Elite (88s)
MTTR:
Elite (45s)
Change Failure Rate:
Low

OPA Results: 8/8 passed

Nobody wrote this release. The pipeline did.

The GitHub Release is auto-generated: rollback notice, root cause, component statuses, DORA metrics, OPA results. Every number is real. Nobody wrote a post-mortem. The pipeline wrote it.

CLIP 17

The Finish Line — Harness END Stage

HARNESS CD — END
─────────────────────────────────────────
SUMMARY
  Components deployed:   8
  Environments:          DEV ✓  SIT ✓  PROD ✓ (rolled back)
  Active version:        v1.1.0 (blue)
  Staged version:        v1.2.0 (quarantined)

TRACEABILITY
  Commit:    a3f91b2
  CI Run:    #88
  Harness:   exec-4491
  Issue:     #12

TELEMETRY
  T+0s:    Deploy to green started
  T+88s:   Swap complete
  T+100s:  Splunk alert
  T+145s:  Rollback complete

  Lead Time:   88s  [Elite]
  MTTR:        45s  [Elite]
  Smoke Tests: 52 passed / 0 failed
  Auto-remediated rollbacks: 1
─────────────────────────────────────────
Developer didn't write this report. The pipeline did.

The Harness END stage fires automatically. Full component inventory, per-stage deployment status, quality gate results, artifact manifest, and a complete telemetry timeline. The developer gets a receipt. They didn't write it.

CLIP 18

See It Yourself — Toggle the Feature

cuppati.com/beans

☕ CuppatiShop · About · Cart (0)

Ethiopia Yirgacheffe

$18

Colombia Huila

$16

Sumatra Mandheling

$17

You are viewing: v1.1.0 — no promo active

This is the exact feature the MCP agent built. Harness caught the CPU incident and rolled it back in 45 seconds — but the feature shipped. It just hit production too early.

The Spring Roast promo is the exact feature this whole pipeline built and rolled back. Toggle it. The banner, the badges, the discounted prices, all of it shipped in 88 seconds and reverted in 45.

Issue

Prompts

Files

Security Jobs

OPA Checks

45s

MTTR

One issue. Two prompts. One push.
The MCP agent coded it. The pipeline secured it. Harness shipped it, caught the incident, rolled it back, diagnosed the root cause, and documented everything.

Zero customer impact.

cuppati.com is a real app. This is how it's built and maintained.

About

This is just the beginning.

Every engineering team deserves a pipeline this autonomous. If you're an investor who sees the same future, we'd love to hear from you.

hello@nextgensdlc.app