Leanpub Header

Skip to main content

AI: Programming Like a God

The Heavenly Gates

AI writes code faster than you can review it. This book gives you the gates: automated guardrails that catch bugs, enforce standards, and verify behavior before bad code reaches production. Stop being the last line of defense. Build the gates that catch the slop first, so you design and verify instead of proofread.

Minimum price

$19.95

$34.95

You pay

Author earns

$

Also available for 1 book credit with a Reader Membership

PDF
EPUB
About

About

About the Book

Your team ships faster with AI. Your team also ships more bugs, more security holes, and more code nobody understands. It's a problem you can solve with gates...

The gate stack starts before the model writes a line of code, with a short, testable spec that catches the wrong problem, not just buggy code. The build gate comes next: the compiler becomes a hard wall the model gets no vote on, wired into a sixty-second pre-commit hook. Above the compiler sits a testing pyramid, six layers where each layer catches what the layer below misses, plus a second, independent model that reviews every change against a known-correct answer no prompt can argue past. Two more gates close the doors AI leaves open.

Roughly one in five packages an AI suggests do not exist, and attackers register those invented names to smuggle in malware, so lockfiles and allow-lists lock your dependencies down. Branch protection, the one gate no engineer can bypass makes every other gate required, and records which model shipped which change.

The proof is the book itself. The author, Tom Gilkison, drafted every chapter with AI and ran each page through the same gate stack the book teaches, and each page passed.

Author

About the Author

Contents

Table of Contents

  • About this book
    • Who this book is for
    • Who this book is NOT for
  • About the author
  • How to use this book
  • Chapter 1: Before the Gates
    • 1.1 The five eras of coding
    • 1.2 Why vibe coding isn't enough
    • 1.3 The team dissolved into one plus a digital god
    • 1.4 The new job: design and verify
    • 1.5 The gates
  • Chapter 2: The Answer Is a Gate
    • 2.1 Pete meets the slop
    • 2.2 The worst thing to break
    • 2.3 The gate can't be you
    • 2.4 The answer has a name
    • 2.5 The kinds of gate
    • 2.6 The earliest gate is the cheapest
    • 2.7 Not everything belongs on the left
    • 2.8 The gates will be gamed
    • 2.9 Every bug is a missing gate
    • 2.10 Hard, not impossible
  • Chapter 3: Why AI can never write perfect code
    • 3.1 The SWE-bench Pro reality
    • 3.2 The mathematical impossibility theorem
    • 3.3 The context window problem
    • 3.4 Why each review pass catches something new
    • 3.5 The "fatal issues mask non-fatal ones" phenomenon
    • 3.6 What "one sweep" actually means
    • 3.7 Before the next gate
  • Chapter 4: Context engineering
    • 4.1 Prompt engineering vs context engineering
    • 4.2 Rails are context, not instructions
    • 4.3 Token budget is a real constraint
    • 4.4 Retrieval beats inclusion
    • 4.5 Agentic tool-calling vs single-prompt approaches
    • 4.6 The mindset shift
    • 4.7 Kit: a context budget for one task
    • 4.8 Before the next gate
  • Chapter 5: The rails
    • 5.1 What AGENTS.md and CLAUDE.md actually are
    • 5.2 Low-context encoding: patterns vs prose
    • 5.3 The WRONG / RIGHT / WHY template
    • 5.4 Keeping rails fresh
    • 5.5 Context window pressure
    • 5.6 The limit of rails
  • Chapter 6: Layer 0: specs
    • 6.1 What a spec is (and isn't)
    • 6.2 Why "did the code do what it should?" has no answer without a spec
    • 6.3 The EARS acceptance-criteria template
    • 6.4 A spec is a gate, not a phase
    • 6.5 The only layer that catches the wrong problem
  • Chapter 7: The build gate
    • 7.1 The commit that would have shipped broken
    • 7.2 Two things rails can't fix
    • 7.3 Layer 1: the compiler
    • 7.4 Layer 2: Roslyn and SonarAnalyzer
    • 7.5 Layer 3: format and lint
    • 7.6 The 60-second pre-commit hook
    • 7.7 Kit: the 60-second pre-commit hook
    • 7.8 The suppression taxonomy: five types, five tools
    • 7.9 The ROI
  • Chapter 8: Architecture fitness functions
    • 8.1 The boundary the rails couldn't hold
    • 8.2 What a fitness function is
    • 8.3 ArchUnitNET and NetArchTest
    • 8.4 Writing your first fitness function
    • 8.5 Why this one runs in CI
    • 8.6 Extending to custom rules
    • 8.7 The rail grew teeth
    • 8.8 Before the next gate
  • Chapter 9: The testing pyramid
    • 9.1 Unit tests: the baseline, and why they only prove the happy path
    • 9.2 Snapshot and approval testing
    • 9.3 Mutation testing with Stryker.NET
    • 9.4 Property-based testing with FsCheck
    • 9.5 Fuzz testing with SharpFuzz
    • 9.6 Contract testing with Pact
    • 9.7 Which layer fires when
    • 9.8 Kit: the layered test config
  • Chapter 10: AI reviews AI
    • 10.1 The model graded its own homework
    • 10.2 Why a smarter model won't save you
    • 10.3 A second reader with different blind spots
    • 10.4 What the second reader actually catches
    • 10.5 The human who rubber-stamps
    • 10.6 Wiring the reviewer into the gate
    • 10.7 Where AI reviewers go wrong in practice
    • 10.8 The reviewer can be gamed
  • Chapter 11: Supply chain safety
    • 11.1 What slopsquatting is and how it works
    • 11.2 The 20% statistic
    • 11.3 Lockfile pinning and integrity hashes
    • 11.4 Allow-listed registries
    • 11.5 Pre-install verification checklist
    • 11.6 SBOM generation
    • 11.7 Postinstall blocking in CI
    • 11.8 The AI rule every team needs in their rails
    • 11.9 Before the next gate
  • Chapter 12: The only gate that can't be skipped
    • 12.1 Why every other gate can be bypassed
    • 12.2 Branch protection: the minimum policy
    • 12.3 Kit: the branch-protection ruleset as code
    • 12.4 AI provenance and PR labelling
    • 12.5 Required disclosure in PR templates
    • 12.6 SBOM extension with agent and model identifiers
    • 12.7 Why provenance matters for post-incident analysis
    • 12.8 Signed commits and the audit trail
    • 12.9 Before the next gate
  • Chapter 13: Verification loops
    • 13.1 The agent's stopping condition
    • 13.2 ReAct: per-step loops
    • 13.3 CRITIC: per-task loops
    • 13.4 Reflexion: per-trajectory loops
    • 13.5 Tests as the executable definition of done
    • 13.6 Loop and drift detectors
    • 13.7 Acceptance criteria: the human escalation contract
    • 13.8 Before the next gate
  • Chapter 14: Multi-agent pipelines
    • 14.1 The conflict inside a single model
    • 14.2 The four roles and their optimization targets
    • 14.3 Orchestrating the pipeline
    • 14.4 Practical tooling today
    • 14.5 Kit: a multi-agent orchestration config
    • 14.6 Failure modes of multi-agent pipelines
    • 14.7 When to use multi-agent vs single-agent with good gates
    • 14.8 Before the next gate
  • Chapter 15: Agent safety
    • 15.1 The new threat model
    • 15.2 Filesystem isolation
    • 15.3 Network isolation
    • 15.4 Credential proxying
    • 15.5 Permission modes
    • 15.6 Container and VM isolation for long-running agents
    • 15.7 The blast radius principle
    • 15.8 Before the next gate
  • Chapter 16: Memory
    • 16.1 Stateless vs stateful agents
    • 16.2 DISCOVERY.md: the persistent learned-context record
    • 16.3 Decision records: preventing re-litigation of settled choices
    • 16.4 Feedback files: human corrections as a retrievable corpus
    • 16.5 Failure mode inventories
    • 16.6 Embedding strategies and retrieval indexes
    • 16.7 How memory compounds
    • 16.8 Before the next gate
  • Chapter 17: Cost and telemetry
    • 17.1 Token cost is the new compute cost
    • 17.2 What to measure
    • 17.3 LLM observability platforms
    • 17.4 The rule of three: promote recurring work to programmatic assets
    • 17.5 Code generators and scaffolders
    • 17.6 Custom analyzers and fix-it providers
    • 17.7 Slash commands and skills
    • 17.8 MCP servers and cached retrieval indexes
    • 17.9 Telemetry-driven harness refinement
    • 17.10 Before the next gate
  • Chapter 18: Risk tiers
    • 18.1 Why running every gate on every change backfires
    • 18.2 The five tiers
    • 18.3 Automatic tier assignment from the diff
    • 18.4 Tier escalation and de-escalation rules
    • 18.5 The blast radius principle applied
    • 18.6 Practical implementation in CI
    • 18.7 Before the next gate
  • Chapter 19: Pages through gates
    • 19.1 The fourteen em-dashes
    • 19.2 How context engineering shaped the manuscript structure
    • 19.3 The rails that governed AI drafting
    • 19.4 The quality stack applied to prose
    • 19.5 The agent architecture used
    • 19.6 Memory artifacts from the writing process
    • 19.7 What didn't work
    • 19.8 The receipts
    • 19.9 The one-page version: how this book was made
  • Chapter 20: Gatekeeper, the whole stack
    • 20.1 Every gate in one place
    • 20.2 Clone, run, and the per-chapter tags
    • 20.3 The architecture tour
    • 20.4 The seeded defects and which gate caught each
    • 20.5 Reader exercises: break it, then gate it
    • 20.6 Lift the configs into your own project
    • 20.7 Where Gatekeeper goes next

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $15 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub