Summary
Foundational properties
| Property | Description |
|---|---|
| Statelessness | The LLM remembers nothing between turns. The whole conversation is reassembled and resent on every message, so anything the agent must keep has to live on disk. |
| Non-determinism | The same input always produces different output. The LLM generates plausible text, not correct text. |
| Degradation | The longer the input, the less precisely the LLM attends to each part. Earlier instructions get buried. |
| Truncation | When input exceeds the context limit, older content is summarised or dropped. Information is silently lost. |
Engineering principles
| # | Principle | Chapter | Software engineering name | One-line summary |
|---|---|---|---|---|
| 1 | Only build workflows around things you already do well | 4 | — | You must be an expert at the process before you automate it. |
| 2 | One agent, one job | 5 | Unix philosophy | Separate work into distinct agents with separate folders and instructions. |
| 3 | Self-containment | 6 | Encapsulation | Everything the agent needs must be in its folder, and nothing else. |
| 4 | Always verify non-deterministic output | 7 | — | Every change the LLM makes could be wrong; every change must be checked. |
| 5 | One session, one task | 8 | — | Pick one thing, do it, save the results, end the session. |
| 6 | Principle of least privilege | 9 | Least privilege | Give the agent only the access it needs and can reliably handle. |
| 7 | Reduce the surface where non-determinism can act | 11 | Attack surface reduction | Move procedures into skills, data into separate files, and mechanical work into scripts. |
| 8 | Practise supply-chain hygiene | 12 | Supply-chain security | Every dependency you import is a trust decision. Read, learn, then build your own. |
| 9 | Change one thing at a time | 15 | One Variable at a Time (OVAT) / bisection | When you want to know what caused a change in behaviour, only one thing should change between the working state and the broken one. |
Antipatterns
| Antipattern | Chapter | What goes wrong |
|---|---|---|
| Auto-memory | 10 | Claude Code’s automatic memory writes rules outside the project folder without review. Casual remarks get escalated to commandments, stale snapshots become lies the agent follows. Breaks self-containment, review, and least privilege. |
| Mixing tasks in one session | 8 | Data from a finished task stays in context and contaminates the next one. Thirty messages that say ‘EUR’ are louder than one line in CLAUDE.md saying ‘use USD’. |
| Overloaded CLAUDE.md | 11, 14 | Putting all instructions, data, and procedures in CLAUDE.md loads everything every session. Wastes attention and tokens on content the current task doesn’t need. |
| Using LLM for mechanical work | 11 | Having the LLM read, parse, count, or sort when a deterministic script could do it. Adds non-determinism to steps that don’t need judgement, costs more, and breaks on model updates. |
| Enforcing rules via CLAUDE.md instead of hooks | 13 | Pattern-matching checks (em-dashes, date formats, banned phrases) as CLAUDE.md instructions that the LLM can ignore. A hook running a linter cannot be ignored. |
| Giving the agent irreversible access | 9 | Letting the agent send emails, post to APIs, or interact with services where mistakes can’t be undone. A sent email has no git revert. |
| Desktop agents with full system access | 9 | Tools like Claude Cowork that access the entire computer, browser, and email. The blast radius is not one folder but everyone the agent can reach. |
| Importing third-party skills directly | 12 | Installing someone else’s skill without review. No audit gate, no test harness, and the same skill produces different output on different machines due to non-determinism. |
| No bounds or circuit breakers for costs | 14, 16 | Without spending limits or automatic stops, costs compound silently. In one case, two agents in a multi-agent setup got trapped in a dialogue loop for eleven days, running up tens of thousands of dollars before anyone noticed. |
Payoff
The principles above limit what non-determinism can damage. One chapter covers what the discipline gives back: once your work is contained in agents, the accumulated record lets you analyse your own work.
| Payoff | Chapter | What it enables |
|---|---|---|
| Analysing your own work | 17 | The contained work becomes a complete, version-stamped record of inputs, processing and outputs. It supports self-assessment, job analysis, delegation decisions, and period-over-period comparison. The agent assembles the record; you supply the judgment. |