Course Home · bookmark this page

The New SDLC With Vibe Coding

Google's 5-whitepaper series on agentic engineering, taught as a system.

A self-paced course on Google's five-whitepaper "Vibe Coding" series, taught as one system: 32 short lessons across five days, plus a whole-series synthesis. Dark by design, for easy reading.

The through-line (what every lesson hangs off)

Two independent axes, one instrument. The build dial (vibe → structured → agentic) asks is the output verified before it ships? The governance axis (Unseen → Observed → Controlled → Autonomous) asks while it runs, can we see it, stop it, and own it? "Production-ready" is the top-right corner, and only that corner.

Day 1 — The New SDLC With Vibe Coding

  1. 01 The Spectrum: One Dial, Not Two Camps
    One dial set per task; verification is the differentiator. Plus the governance second axis.
  2. 02 The Harness: Why It's Almost Never the Model
    Agent = Model + Harness. Most failures are configuration failures, not model failures.
  3. 03 The Factory Model: Your Output Is the Line, Not the Widget
    Your primary output is the system that produces code — specs, agents, gates, feedback loops.
  4. 04 Context Engineering: The Right Payload, Not the Clever Prompt
    Six types of context; static vs dynamic; Skills & progressive disclosure. (Bridges to Day 3.)
  5. 05 Conductor & Orchestrator: Two Modes, and the 80% That Decides
    How the developer's role splits, and where AI's last 20% bites.
  6. 06 The Economics: Why the Dial Is a CapEx/OpEx Curve
    CapEx/OpEx, the token economy, model routing — the team + org economics lens. Day 1 capstone.
  7. Day 1 Synthesis: Reassemble the System from Memory
    Recall-only checkpoint — rebuild the six-level stack + the two axes from memory. No new material.

Day 2 — Agent Tools & Interoperability with MCP

  1. 01 Tools: The Eyes and Hands
    To-know vs to-do; function / built-in / agent tools; the tool as a contract.
  2. 02 Designing Tools the Model Can Use
    Describe actions not APIs; publish tasks; stay granular; validate; useful errors.
  3. 03 MCP: One Protocol Instead of N×M Connectors
    Why a standard exists, and the Host/Client/Server architecture that delivers it.
  4. 04 MCP For and Against: The Honest Ledger
    Dynamic discovery & a reusable ecosystem vs context bloat & enterprise gaps — wrap it in governance.
  5. 05 The Threat Landscape & the Confused Deputy
    Tool shadowing, capability injection, the confused-deputy privilege escalation — the governance wrapper.
  6. Day 2 Synthesis: Reassemble Tools & MCP from Memory
    Recall-only checkpoint — rebuild the five-lesson line + the governance thesis. No new material.

Day 3 — Context Engineering: Sessions & Memory

  1. 01 Context Engineering, Deepened
    Context is assembled fresh every turn; the fetch→prepare→invoke→upload loop; context rot.
  2. 02 Sessions: The Workbench
    Events + state; stateless → persistence; compaction & triggers; isolation + PII.
  3. 03 Memory vs RAG: Expert on the User
    Expert on the user vs expert on facts; isolation; declarative vs procedural.
  4. 04 Memory Generation: The LLM-Driven ETL
    Extract → consolidate (merge/update/delete + forget); provenance = trust; async.
  5. 05 Retrieval, Inference & Risk
    Score relevance/recency/importance; placement; procedural memory; poisoning & exfiltration.
  6. Day 3 Synthesis: Reassemble Sessions & Memory
    Recall-only checkpoint — the five-lesson line + the two engines. No new material.

Day 4 — Agent Security & Evaluation

  1. 01 Two Axes of Trust & the 7 Pillars
    Security vs evaluation; Effective Trust; the 7 pillars mapped onto VERDICT.
  2. 02 Securing the Vibe Loop
    Ephemeral sandboxes; slopsquatting & SBOM; egress; client-side secrets; IDE vs CI/CD.
  3. 03 Identity & High-Stakes Actions
    Confused deputy; agentic vs delegated identity; zero ambient authority + JIT; the Vibe Diff.
  4. 04 Agentic SecOps: Red, Blue, Green
    The triad; Denial of Wallet; intent drift & trust decay; circuit breakers.
  5. 05 Evaluation: What to Measure
    Why it's different (no spec); the seven dimensions of quality.
  6. 06 Evaluation: How to Measure It
    Methods per dimension; observability; session-prefix rubric; mine corrections.
  7. Day 4 Synthesis: Reassemble Security & Evaluation
    Recall-only checkpoint — the six-lesson line + the 7-pillar ↔ VERDICT map.

Day 5 — Spec-Driven Production Development

  1. 01 Spec-Driven Development: The Code Is Disposable
    Code is disposable, the spec is the asset; BDD/Gherkin; the format tax.
  2. 02 Where Instructions Live & Execution Modes
    Chat / specs-folder / skills / system-prompts; the five modes.
  3. 03 Code Review at Scale
    The PR deluge; Conditional LGTM; the three-tier continuous-review spectrum.
  4. 04 Zero-Trust Development: The Safety Net
    Sandbox, HITL, the Policy Server (structural + semantic gating), context hygiene.
  5. Day 5 Synthesis: Reassemble Spec-Driven Production
    Recall-only checkpoint — the four-lesson line + the whole five-day arc.

★ The Finale

  1. The Arc: Five Days, One System
    The whole series as one system — two axes, the through-threads, the governance spine, applied at IC/Team/Org.

Reference shelf

The compressed, reusable cards, these you'll revisit long after the lessons.

GlossaryCanonical vocabulary every lesson adheres to. The Governance LayerVERDICT + Maturity Ladder, overlaid as the second axis.