Context Is the New Code — Patrick Debois, Tessl

Context is the new code in AI-driven development; managing context through a structured lifecycle (generate, test, distribute, observe) enables better AI age...

Context as the New Code: A Framework for Managing AI Agent Development Lifecycles

Abstract

As artificial intelligence agents increasingly generate code from natural language prompts, software development is transitioning from manual code authorship to context engineering. This paper examines the Context Development Lifecycle (CDLC), a systematic framework that treats context as a first-class engineering artifact requiring rigorous generation, testing, distribution, and observation processes. Drawing parallels to the DevOps transformation, this analysis demonstrates how structured context management enables scalable AI agent performance across organizational hierarchies. Key contributions include validation methodologies for non-deterministic outputs through error budgets, packaging strategies for reusable context artifacts via skills registries, and observability patterns that establish feedback loops for continuous improvement. The framework addresses critical challenges including hallucination prevention through external context integration, security controls for context supply chains, and semantic validation using LLM-as-judge patterns. Findings indicate that organizational success with AI agents requires shifting engineering investment from code writing to context refinement and evaluation development.

1. Introduction

The proliferation of AI coding agents has fundamentally altered software development workflows. Rather than authoring code directly, developers now craft prompts that instruct agents to generate implementation artifacts. This transition represents a paradigm shift where context—the information provided to AI agents—becomes the primary engineering deliverable that determines system behavior and output quality.

This phenomenon necessitates new engineering frameworks. If context governs AI agent performance, organizations require systematic methodologies for creating, validating, distributing, and maintaining context with comparable rigor to traditional source code management. The absence of such frameworks creates operational challenges: inconsistent agent outputs, context drift across teams, security vulnerabilities in shared prompts, and inability to diagnose performance degradation.

This paper examines the Context Development Lifecycle (CDLC), a framework comprising four phases: Generate (creating and composing context), Test (evaluating context quality), Distribute (packaging and sharing context), and Observe (monitoring and feedback loops). The analysis establishes theoretical foundations, presents technical implementation patterns for each phase, and discusses organizational scaling strategies. Throughout, emphasis remains on actionable engineering practices validated through production deployment experiences.

2. Background and Related Work

The conceptual foundation for context-as-code derives from the DevOps movement circa 2009, which reconceptualized operations through a development lens with the question "What if ops looked more dev?" The analogous formulation—"What if context is the code?"—motivates the CDLC framework. This perspective recognizes that AI agents function as execution engines whose performance depends critically on input quality rather than solely on model capabilities.

Traditional Software Development Lifecycle (SDLC) methodologies address code creation, testing, deployment, and maintenance through deterministic processes. The CDLC adapts these principles while acknowledging fundamental differences in the problem domain. Context evaluation involves non-deterministic systems where identical inputs may yield varying outputs. Distribution requires dependency resolution across semantic rather than syntactic boundaries, as context packages can conflict when they encode incompatible assumptions about frameworks or conventions. Observation must capture emergent failure patterns rather than deterministic bugs, necessitating statistical approaches to quality assessment.

The LLM-as-Judge pattern serves as a foundational enabling technology, wherein language models evaluate outputs from other language models. This meta-evaluation approach enables semantic validation beyond regex pattern matching, assessing whether generated code adheres to team conventions or architectural principles. However, this introduces additional non-determinism requiring specialized testing methodologies such as error budgets.

3. Core Analysis

3.1 Context Generation and Composition Strategies

Context generation begins with human-authored prompts as the baseline interaction mode. However, repetitive prompting introduces inefficiency and inconsistency across development sessions. Standardized formats such as agent.md or instructions files enable reusable prompt templates that reduce manual effort while ensuring consistent agent behavior. These files function as executable specifications that agents reference during code generation.

External context integration addresses a critical failure mode: AI agents hallucinate when lacking current information about dependencies, APIs, or organizational conventions. Pulling context from documentation repositories, version control systems (GitHub, GitLab), communication platforms (Slack), and issue tracking systems provides agents with ground truth that prevents generating code for deprecated library versions or non-existent API endpoints. This external context acts as a retrieval-augmented generation mechanism at the development workflow level.

Spec-driven development decomposes high-level specifications into sequential prompts that agents execute stepwise. Rather than providing a monolithic requirement, developers create structured workflows where each step produces intermediate artifacts that inform subsequent generation. This approach reduces cognitive load on individual agent invocations while maintaining coherence across the complete implementation.

The most sophisticated generation strategy involves skills—packaged units combining context, scripts, documentation, and dependencies as distributable artifacts. Skills encapsulate domain knowledge (e.g., "implement REST API following organizational conventions") in a format that enables reuse across projects and teams, analogous to software libraries but operating at the context layer.

3.2 Validation Methodologies for Non-Deterministic Systems

Context testing addresses the fundamental question: does context change produce intended agent behavior modifications? Traditional deterministic testing proves insufficient for probabilistic systems. The framework establishes three validation tiers with increasing sophistication.

Linting-level validation checks structural compliance: does context conform to format specifications, meet length constraints, or include required fields? These deterministic checks provide baseline quality gates. Grammarly-level validation assesses whether agents can parse context effectively, evaluating verbosity, completeness, and clarity through readability metrics or agent comprehension tests.

Semantic validation employs the LLM-as-judge pattern to verify generated code follows conventions beyond syntactic correctness. For instance, validating that all API endpoints include a specified prefix (e.g., /awesome/) requires understanding code semantics rather than pattern matching. Binding LLM judges with tooling (curl, sandbox execution environments) enables end-to-end testing where judges execute generated code and evaluate runtime behavior.

The non-deterministic nature of language models necessitates error budgets rather than absolute pass/fail criteria. Running identical tests multiple times and accepting X% failure rate across N executions accommodates inherent variability while detecting genuine regressions. This statistical approach represents a fundamental departure from traditional software testing, where flakiness indicates test quality problems rather than system characteristics.

3.3 Distribution and Security in Context Supply Chains

Context distribution leverages existing version control infrastructure—Git repositories enable zero-friction sharing across teams. However, context introduces unique challenges absent in code distribution. Skills registries function as marketplaces where teams discover and consume packaged context, but quality varies dramatically. As noted, "99.9% of the skills is crap," yet registries provide learning opportunities and accelerate adoption through examples.

Dependency management for context mirrors code versioning challenges with additional complexity. Context packages can encode conflicting assumptions: one skill may assume React 16 conventions while another expects React 18 patterns. Unlike code dependencies where version constraints provide explicit resolution mechanisms, context dependencies operate semantically, requiring human judgment to resolve conflicts.

Security concerns manifest throughout the context supply chain. Scanning tools adapted from code security (e.g., Snyk) detect credentials embedded in prompts, third-party vulnerabilities in referenced documentation, and supply chain risks from untrusted skill sources. AI SBOM (Software Bill of Materials) extends provenance tracking to context artifacts, capturing metadata: authoring entity, training model version, dependencies, and modification history. This enables security audits and incident response when compromised context propagates through organizations.

Context filters implement web application firewall-like mechanisms, blocking prompt injections and malicious patterns before agent.md or skill.md files load into agent memory. Sandboxing reveals attack vectors: agents attempting to access environment variables, read memory files, or execute system breakout commands. These security controls recognize that context represents an attack surface requiring defense-in-depth strategies.

3.4 Observability and Feedback Loop Architectures

Observation establishes feedback loops that drive continuous context improvement. Agent logs with standardized formats enable automated analysis to identify missing context patterns. When multiple developers encounter identical gaps, this signals opportunities to create and distribute context organization-wide, preventing repeated discovery of the same limitations.

Pull request feedback provides direct context quality signals. Rather than debating PR correctness, teams identify underlying context deficiencies that produced suboptimal outputs and refine prompts or skills to prevent recurrence. This transforms PR reviews from gatekeeping to context refinement activities.

Production monitoring instruments generated code to capture failures and automatically generate test cases. When deployed code exhibits unexpected behavior, the failure scenario becomes an eval that prevents regression. This creates a flywheel: production issues → test case generation → context refinement → improved future outputs.

Advanced practitioners employ consistency-as-context validation: running identical loose specifications through multiple agents in parallel and measuring output convergence. High consistency indicates well-defined specifications; divergent outputs reveal ambiguity requiring specification refinement. This meta-evaluation assesses specification quality rather than implementation correctness.

4. Technical Insights

The CDLC implementation reveals several actionable technical patterns. First, standardized agent log formats enable programmatic extraction of missing context indicators, facilitating automated feedback collection at scale. Organizations should instrument agent interactions to capture not just outputs but decision traces that reveal reasoning processes.

Second, the LLM-as-judge pattern requires binding judges with execution tooling rather than limiting evaluation to static analysis. Judges must invoke curl commands, execute code in sandboxes, and assess runtime behavior to perform meaningful semantic validation. This integration complexity represents significant implementation overhead but proves essential for validating agent outputs beyond superficial correctness.

Third, error budgets for evals require statistical rigor: determining appropriate sample sizes (N test runs), acceptable failure thresholds (X% failure rate), and regression detection sensitivity. Organizations must develop methodologies for distinguishing random variation from genuine quality degradation, potentially employing statistical process control techniques adapted from manufacturing quality management.

Fourth, skills packaging formats must balance expressiveness with dependency resolution tractability. Including explicit version constraints for referenced frameworks, documenting assumed conventions, and providing compatibility matrices helps consumers evaluate skill applicability. However, excessive formalization may inhibit adoption by increasing authoring complexity.

Fifth, production instrumentation of generated code should minimize performance overhead while capturing sufficient diagnostic information. Wrapping generated functions with telemetry collection, implementing structured logging with correlation IDs, and establishing sampling strategies for high-volume code paths enable observability without prohibitive costs.

Finally, context filters require continuous updating as attack patterns evolve. Organizations should establish threat intelligence sharing for prompt injection techniques, maintain curated blocklists of malicious patterns, and implement anomaly detection for unusual context access patterns that may indicate compromise.

5. Discussion

The CDLC framework demonstrates that successful AI agent adoption requires reconceptualizing software engineering processes rather than simply adding AI tools to existing workflows. The time investment shifts from writing code to writing rigorous evals and refining context—representing significant additional work that organizations must resource appropriately.

Scaling context management across organizational levels presents distinct challenges. Individual developers can craft personal context markdown files relatively easily. Team-level adoption requires establishing context improvement reflexes: when gaps appear, teams must collaboratively add missing context rather than working around limitations. Organization-level scaling demands creating flywheels where fixes in one team become reusable context for all teams, requiring investment in registry infrastructure, governance processes, and quality standards.

Several areas warrant further investigation. First, formal methods for context dependency resolution remain underdeveloped. Unlike code dependencies with semantic versioning, context compatibility operates semantically, requiring research into automated conflict detection and resolution strategies. Second, optimal error budget parameters require empirical validation across diverse domains—acceptable failure rates for UI generation likely differ from infrastructure automation. Third, security implications of context supply chains deserve deeper analysis, particularly regarding adversarial context poisoning and backdoor injection attacks.

The framework also raises questions about skill transferability. As context engineering becomes central to development, what expertise remains valuable? Deep domain knowledge for crafting precise specifications gains importance, while implementation details become less critical. This shift has workforce implications requiring proactive management.

6. Conclusion

This analysis establishes the Context Development Lifecycle as a systematic framework for managing AI agent development. The key contribution lies in recognizing that context requires engineering rigor comparable to source code: systematic generation strategies, validation methodologies accommodating non-determinism, distribution infrastructure with security controls, and observability enabling continuous improvement.

Practical takeaways include: implementing error budgets for eval acceptance rather than demanding deterministic pass rates; establishing skills registries for context sharing while maintaining quality standards; instrumenting agent interactions to capture missing context patterns; and binding LLM judges with execution tooling for semantic validation. Organizations should view context engineering as a discipline requiring dedicated investment rather than an ancillary activity.

Future work should focus on developing formal dependency resolution mechanisms for context artifacts, establishing empirically validated error budget parameters across domains, and creating security frameworks specifically addressing context supply chain risks. As AI agents become increasingly capable, the engineering challenge shifts from building better models to building better context management systems—making the CDLC framework foundational for scalable AI-driven development.

Sources

• Context Is the New Code — Patrick Debois, Tessl - Original Creator (YouTube)
• Analysis and summary by Sean Weldon using AI-assisted research tools

About the Author

Sean Weldon is an AI engineer and systems architect specializing in autonomous systems, agentic workflows, and applied machine learning. He builds production AI systems that automate complex business operations.

LinkedIn | Website | GitHub