ENTERPRISE ARCHITECTURE · AI-ASSISTED DEVELOPMENT

106 Issues Registered Before a Line of Code Was Written

Coalfire · Enterprise Sales Intelligence

The threat vector

A prior version of this platform — v5 — had failed. Not from a single catastrophic bug, but from the slow accumulation of small undetected issues that compounded until the system could no longer be trusted to produce accurate data. The pattern is well-known: each issue is individually trivial, the aggregate is fatal.

When v6 was scoped, the question was not "what features do we want". The question was "what threat vectors did v5 fail to register".

The response

The v6 response was a pre-engineering issue register. 106 distinct issues, organized into 11 categories: schema, authentication, commission logic, quota attainment calculation, concurrency, permissions, data integrity, audit, performance, observability, and operational handoff. Each issue had a severity classification.

Eight were blockers — meaning no sprint could start until they were resolved. All 8 were cleared first. The remaining 98 became the sprint backlog with predetermined ordering by severity and dependency.

The architecture

The system was built around a single server-side intelligence engine — one source of truth for opportunity scoring, quota attainment, and seller performance signals. 34,000+ Salesforce opportunities governed by one consistent rule set. Concurrency was designed at the data layer, not patched in later. Permission scopes were modeled before authentication was implemented.

This is not how AI-assisted development typically proceeds. This is what AI-assisted development can be when threat vectors are registered before execution.

The outcome

106 issues registered and triaged before sprint one — 8 blockers cleared first

34K+ Salesforce opportunities governed by a single server-side intelligence engine

$25M portfolio sales restructure informed by the engine's outputs

1 framework adopted as Coalfire's SFDC operating model

The pattern

The pattern is not "use AI to write code faster". The pattern is "use AI-assisted engineering to register threat vectors at specification time, then build with discipline that matches the threat profile". The 106-issue register is not a one-time artifact. It is a methodology: every enterprise system that handles material data needs its own equivalent, sized to the threat surface.

Vibe coding produces software that fails the way v5 failed. Threat-vector engineering produces software that survives contact with reality.

DOWNLOADABLE FRAMEWORK · MIT LICENSED

Pre-Engineering Framework

Threat Vectors Registered Before Sprint One — The 106-Issue Methodology

→