Course Home · bookmark this page
The New SDLC With Vibe Coding
Google's 5-whitepaper series on agentic engineering, taught as a system.
A self-paced course on Google's five-whitepaper "Vibe Coding" series, taught as one system: 32 short lessons across five days, plus a whole-series synthesis. Dark by design, for easy reading.
The through-line (what every lesson hangs off)
Two independent axes, one instrument. The build dial (vibe → structured →
agentic) asks is the output verified before it ships? The
governance axis
(Unseen → Observed → Controlled → Autonomous) asks while it runs, can we see it, stop it,
and own it? "Production-ready" is the top-right corner, and only that corner.
Day 1 — The New SDLC With Vibe Coding
-
01
The Spectrum: One Dial, Not Two Camps
One dial set per task; verification is the differentiator. Plus the governance second axis.
-
02
The Harness: Why It's Almost Never the Model
Agent = Model + Harness. Most failures are configuration failures, not model failures.
-
03
The Factory Model: Your Output Is the Line, Not the Widget
Your primary output is the system that produces code — specs, agents, gates, feedback loops.
-
04
Context Engineering: The Right Payload, Not the Clever Prompt
Six types of context; static vs dynamic; Skills & progressive disclosure. (Bridges to Day 3.)
-
05
Conductor & Orchestrator: Two Modes, and the 80% That Decides
How the developer's role splits, and where AI's last 20% bites.
-
06
The Economics: Why the Dial Is a CapEx/OpEx Curve
CapEx/OpEx, the token economy, model routing — the team + org economics lens. Day 1 capstone.
-
✦
Day 1 Synthesis: Reassemble the System from Memory
Recall-only checkpoint — rebuild the six-level stack + the two axes from memory. No new material.
Day 2 — Agent Tools & Interoperability with MCP
-
01
Tools: The Eyes and Hands
To-know vs to-do; function / built-in / agent tools; the tool as a contract.
-
02
Designing Tools the Model Can Use
Describe actions not APIs; publish tasks; stay granular; validate; useful errors.
-
03
MCP: One Protocol Instead of N×M Connectors
Why a standard exists, and the Host/Client/Server architecture that delivers it.
-
04
MCP For and Against: The Honest Ledger
Dynamic discovery & a reusable ecosystem vs context bloat & enterprise gaps — wrap it in governance.
-
05
The Threat Landscape & the Confused Deputy
Tool shadowing, capability injection, the confused-deputy privilege escalation — the governance wrapper.
-
✦
Day 2 Synthesis: Reassemble Tools & MCP from Memory
Recall-only checkpoint — rebuild the five-lesson line + the governance thesis. No new material.
Day 3 — Context Engineering: Sessions & Memory
-
01
Context Engineering, Deepened
Context is assembled fresh every turn; the fetch→prepare→invoke→upload loop; context rot.
-
02
Sessions: The Workbench
Events + state; stateless → persistence; compaction & triggers; isolation + PII.
-
03
Memory vs RAG: Expert on the User
Expert on the user vs expert on facts; isolation; declarative vs procedural.
-
04
Memory Generation: The LLM-Driven ETL
Extract → consolidate (merge/update/delete + forget); provenance = trust; async.
-
05
Retrieval, Inference & Risk
Score relevance/recency/importance; placement; procedural memory; poisoning & exfiltration.
-
✦
Day 3 Synthesis: Reassemble Sessions & Memory
Recall-only checkpoint — the five-lesson line + the two engines. No new material.
Day 4 — Agent Security & Evaluation
-
01
Two Axes of Trust & the 7 Pillars
Security vs evaluation; Effective Trust; the 7 pillars mapped onto VERDICT.
-
02
Securing the Vibe Loop
Ephemeral sandboxes; slopsquatting & SBOM; egress; client-side secrets; IDE vs CI/CD.
-
03
Identity & High-Stakes Actions
Confused deputy; agentic vs delegated identity; zero ambient authority + JIT; the Vibe Diff.
-
04
Agentic SecOps: Red, Blue, Green
The triad; Denial of Wallet; intent drift & trust decay; circuit breakers.
-
05
Evaluation: What to Measure
Why it's different (no spec); the seven dimensions of quality.
-
06
Evaluation: How to Measure It
Methods per dimension; observability; session-prefix rubric; mine corrections.
-
✦
Day 4 Synthesis: Reassemble Security & Evaluation
Recall-only checkpoint — the six-lesson line + the 7-pillar ↔ VERDICT map.
Day 5 — Spec-Driven Production Development
-
01
Spec-Driven Development: The Code Is Disposable
Code is disposable, the spec is the asset; BDD/Gherkin; the format tax.
-
02
Where Instructions Live & Execution Modes
Chat / specs-folder / skills / system-prompts; the five modes.
-
03
Code Review at Scale
The PR deluge; Conditional LGTM; the three-tier continuous-review spectrum.
-
04
Zero-Trust Development: The Safety Net
Sandbox, HITL, the Policy Server (structural + semantic gating), context hygiene.
-
✦
Day 5 Synthesis: Reassemble Spec-Driven Production
Recall-only checkpoint — the four-lesson line + the whole five-day arc.
★ The Finale
-
★
The Arc: Five Days, One System
The whole series as one system — two axes, the through-threads, the governance spine, applied at IC/Team/Org.
Reference shelf
The compressed, reusable cards, these you'll revisit long after the lessons.