№ 01 AGENTIC HARNESS ENGINEERING

Your engineers
ship with AI —
securely, and keep
doing it after we leave.

A 12-week embedded engagement that makes one of your teams agentic-native — practicing Agentic Continuous Delivery on Claude Code. We engineer the harness; your engineers write the production code and own it after we leave.

Principal
Paul Duvall · LinkedIn ↗
Background
Ex-AWS Security Director · Co-founded Stelligent (acquired 2017)
Authored
Continuous Integration book coverContinuous Integration · Addison-Wesley
Shipping AI since
Early 2023
№ 02 THE PROBLEM

Tools bought, capability not built

MIT found ~95% of enterprise generative-AI initiatives never drove the growth they targeted. Licenses are easy; changing how a team ships is not.

Self-serve doesn't change teams

Courses and plugins teach individuals. They don't govern AI output, harden the pipeline, or change how a team delivers. That's an org-change problem.

Generalists staff it wrong

Big-4 engagements are junior-staffed and process-heavy, thin on current agentic-DevSecOps practice. The gap is one senior practitioner, embedded and hands-on.

№ 03 THE ENGAGEMENT

One quarter. Three phases. Your team owns the result.

Full-time, single-customer, twelve weeks — one senior principal embedded with your team. Your engineers do the building and keep everything we ship together.

№ 01 Weeks 1–3

Discovery

Assess 3–5 teams: toolchain, Claude Code adoption, security gates, and ACD/CD readiness. Define the target harness and choose the first pilot.

Output
Readiness baseline + harness spec
Metrics
DORA · DevSecOps · adoption
№ 02 Weeks 4–10

Embedded harness
engineering

Go deep with one pilot team (plus 1–2 light-touch shadow teams) on their real backlog. Engineer the Claude Code harness and install the ACD guardrails.

Outcome
Team practicing ACD on prod
You own
The harness, end to end
№ 03 Weeks 11–12

Rollout roadmap

A costed, sequenced plan to scale the harness past the pilot, plus train-the-trainer so internal champions can carry it forward themselves.

Output
Board-ready rollout roadmap
Handoff
Internal-champion playbook
№ 04 WHAT YOU OWN

An agentic harness your team operates and maintains.

The harness is the engineered Claude Code environment your engineers work inside, built on the open Agentic Continuous Delivery ↗ operating model. It lasts beyond the engagement because your team builds with it daily.

№ 01 Governance

Standards
& hooks

CLAUDE.md standards, plus .claude/ PreToolUse / PostToolUse hooks that enforce them automatically on every change.

№ 02 Context

Subagents, skills
& context

Reusable agents, skills, and slash commands — with MCP wiring that gives them your internal context.

№ 03 Security

Secure delivery
& ACD

OIDC identity, SAST / SCA / secret-scan gates on every change, versioned delivery-contract artifacts, and small-batch sessions.

№ 05 HOW WE MEASURE

Team delivery outcomes, not agent output.

The goal is shipping faster and more safely by adopting agentic techniques — not generating more code. So success is measured the way you'd measure any high-performing team. No agent-vs-human comparisons, no lines-of-code vanity. Targets are agreed and baselined in Discovery.

№ 01 Delivery

Ship faster,
safely

The DORA four keys: deployment frequency, lead time for changes, change failure rate, and failed-deployment recovery time.

№ 02 Security

Security
holds

OWASP DSOMM / NIST SSDF: mean time to remediate critical findings, critical vulns escaping to production, and security-gate coverage.

№ 03 Adoption

The practices
stick

What you keep: ACD guardrails in place, and teams operating the harness on their own.

№ 06 TRACK RECORD

Two decades of making CI/CD work — now applied to AI-generated code.

The patterns that took Continuous Integration from contrarian to standard practice now apply to AI-assisted engineering.

  1. 2007

    Wrote the book on Continuous Integration.

    Jolt Award-winning Continuous Integration: Improving Software Quality and Reducing Risk (Martin Fowler Signature Series) helped grow the discipline.

    Jolt Award WinnerMartin Fowler Signature Series
  2. 2008–2021

    Co-founded Stelligent. Zero to acquisition.

    Scaled from zero to nearly 100 enterprise customers and AWS Premier Partner status, then acquired in 2017.

    100 Enterprise customersAWS Premier Partner

    Customers served: Sony Pictures · Verizon · Citi · 3M · Prudential · Macy's · Northwestern Mutual · Commonwealth Bank of Australia · National Cancer Institute · CollegeBoard, and many others.

  3. 2021–24

    AWS: DevSecOps & Security Innovation.

    Led security engineering teams at AWS, building services and patterns that helped Fortune 500 customers operationalize DevSecOps across hundreds of engineering teams.

    AWS Engineering LeadershipAWS Hero 2016–2021
  4. 2025→

    Redacted Ventures.

    Founded Redacted Ventures to do for AI-native development what CI/CD did for software delivery: make the discipline repeatable, measurable, and teachable. Daily, hands-on AI coding practice since early 2023, visible in the open-source patterns we publish.

    700+ Stars across reposEarly 2023 Daily AI coding
№ 07 WRITING & OPEN SOURCE

The patterns are in the open — readable, forkable, and discussed in public.

Every pattern the engagement installs is public — free to read and build on. More writing at paulmduvall.com ↗.

→ FROM PAUL
More from Paul at paulmduvall.com
Writing on AI-native engineering, DevSecOps, and what comes after continuous delivery.
paulmduvall.com ↗
№ 08 START A CONVERSATION

Tell us where your team is — we'll figure out the next step together.

Scoping the engagement, exploring a 2-week Discovery on-ramp, or just stress-testing the idea before you bring it to your team? Typical response within one business day.

Response time
< 1 business day
Engagement
12 weeks · full-time
Time zones
US business hours