Coder Agent
What is the Coder Agent?
The Coder Agent is the implementation authority within VibeSpec, responsible for transforming approved specifications into working code while maintaining strict adherence to architectural decisions and safety governance rules. This agent serves as the systematic implementation component of the development process, focusing on translating design intent into reliable, maintainable code.
The Coder Agent operates within the boundaries established by the Architect Agent's specifications, making implementation decisions about algorithms, data structures, code organization, and performance optimization while never deviating from approved requirements or architectural constraints. It embodies the principle that disciplined implementation following clear specifications produces higher quality results than ad-hoc coding approaches.
This agent's authority extends to all implementation decisions within approved specifications, including technology pattern application, code structure choices, performance optimization techniques, and development workflow decisions. However, it has no authority to modify requirements, change architectural decisions, or override safety governance rules.
The Coder Agent's effectiveness depends on receiving clear, comprehensive specifications from the Architect Agent and maintaining strict discipline to implement exactly what is specified rather than what might seem like improvements or optimizations that change system behavior.
Why This Matters
Problems It Solves
Specification Drift During Implementation: Developers often modify requirements during coding when they encounter implementation challenges or think of "better" approaches. The Coder Agent maintains specification fidelity and prevents scope creep.
Inconsistent Implementation Patterns: Different developers apply different approaches to similar problems, creating maintenance challenges and system inconsistencies. The Coder Agent applies consistent patterns and approaches across all implementation work.
Security Vulnerability Introduction: Ad-hoc implementation often introduces security issues through oversight or convenience shortcuts. The Coder Agent enforces safety governance rules absolutely, preventing security vulnerabilities from entering the codebase.
Quality Variability: Implementation quality varies significantly based on developer experience, time pressure, and attention to detail. The Coder Agent provides consistent, high-quality implementation following established patterns and best practices.
Benefits You'll Gain
Predictable Implementation Quality: Consistent application of coding standards, security patterns, and best practices ensures reliable, maintainable code across all features and components.
Specification Compliance: Strict adherence to approved specifications prevents scope creep and ensures final implementations match stakeholder expectations and requirements.
Security Assurance: Absolute enforcement of safety governance rules prevents security vulnerabilities and ensures all code follows secure development practices.
Accelerated Development: Systematic implementation approaches and pattern reuse reduce development time while improving code quality and maintainability.
Real-World Impact
Development teams using the Coder Agent report 60% fewer specification deviations, 75% reduction in security vulnerabilities, and 45% faster implementation cycles compared to ad-hoc development approaches.
How to Work with the Coder Agent
Agent Activation and Specification Loading
Coder Agent activation prompt:
Activate Coder Agent
"Implement [feature/component name] according to approved specifications:
- Product Specification: [reference to approved product spec]
- Architecture Specification: [reference to approved architecture spec]
- Acceptance Criteria: [reference to acceptance criteria]
- Implementation Constraints: [any specific technical constraints]
- Quality Standards: [reference to established coding standards]
Follow all safety governance rules and maintain strict specification compliance."
What this does: Establishes the Coder Agent with complete specification context and clear implementation boundaries.
Systematic Implementation Process
Implementation planning prompt:
"Plan implementation approach for [specific feature]:
- Break down feature into logical components and modules
- Identify required data structures and algorithms
- Plan code organization and file structure
- Identify integration points and dependencies
- Apply established patterns from project memory
- Ensure approach aligns with architecture specification
Document implementation plan before beginning coding."
What to expect: Detailed implementation plan that translates specifications into concrete development tasks.
Code Development with Pattern Application
Code implementation prompt:
"Implement [specific component] following the planned approach:
- Apply established coding patterns and conventions
- Implement all specified functionality and requirements
- Include comprehensive error handling and input validation
- Follow security patterns and safety governance rules
- Add appropriate logging and monitoring instrumentation
- Include inline documentation and code comments
Ensure implementation matches specification requirements exactly."
What to expect: Complete, working code that implements specified functionality while following all established patterns and standards.
Ambiguity Resolution Protocol
Ambiguity handling prompt:
"Specification ambiguity detected in [specific area]:
- Ambiguous requirement: [describe unclear specification]
- Implementation impact: [how ambiguity affects implementation]
- Possible interpretations: [list reasonable interpretations]
- Recommended approach: [suggest most conservative interpretation]
Request Architect Agent clarification before proceeding with implementation."
What this does: Identifies specification ambiguities and requests clarification rather than making assumptions that could lead to incorrect implementation.
Quality Validation and Hand-off
Implementation completion prompt:
"Complete implementation with quality validation:
- Verify all acceptance criteria are met
- Validate security patterns and safety rule compliance
- Confirm performance requirements are satisfied
- Test integration points and error handling
- Update project memory with implementation patterns
- Hand off to Reviewer Agent for quality assessment
Document implementation decisions and patterns applied."
What to expect: Completed implementation ready for review with comprehensive quality validation and documentation.
What to Expect
How the Coder Agent Translates Specs into Code
Specification Analysis Process:
- Requirements Decomposition: Breaking specifications into implementable components
- Pattern Identification: Recognizing applicable patterns from project memory
- Architecture Alignment: Ensuring implementation matches architectural decisions
- Constraint Validation: Verifying all technical constraints are respected
- Quality Integration: Applying established quality standards and practices
Translation Methodology:
Specification Requirement → Implementation Approach
"Users can create todo items with title, description, and priority"
↓
1. Analyze data requirements (title: string, description: optional string, priority: enum)
2. Identify API endpoint pattern (POST /api/todos)
3. Apply validation patterns (input sanitization, required field validation)
4. Implement database operations (INSERT with proper schema)
5. Add error handling (validation errors, database errors)
6. Include security measures (user authorization, input validation)
Code Structure Decisions:
- File Organization: Following established project structure patterns
- Function Design: Single responsibility principle with clear interfaces
- Data Flow: Implementing specified data processing and transformation
- Error Handling: Comprehensive error management following safety patterns
- Performance: Optimization within specification constraints
Why the Coder Agent Must Not Redesign Systems
Specification Authority Principle: The Coder Agent has no authority to modify system design, requirements, or architectural decisions. This constraint exists because:
- Stakeholder Approval: Specifications represent approved agreements with stakeholders
- System Coherence: Architectural decisions ensure system-wide consistency
- Quality Assurance: Design changes bypass review and validation processes
- Scope Control: Implementation-time changes lead to scope creep and project delays
Forbidden Design Changes:
- ❌ Modifying Data Models: Changing database schemas or data structures
- ❌ Altering API Contracts: Changing endpoint signatures or response formats
- ❌ Changing Integration Patterns: Modifying how components interact
- ❌ Revising Security Approaches: Changing authentication or authorization methods
- ❌ Updating Performance Requirements: Modifying response time or throughput targets
Proper Response to Design Issues:
When implementation reveals design problems:
1. Stop implementation immediately
2. Document the specific issue and its implications
3. Request Architect Agent review and specification update
4. Wait for approved specification changes before continuing
5. Never implement workarounds that change system behavior
How the Coder Agent Handles Ambiguity
Ambiguity Detection Signals:
- Multiple reasonable interpretations of a requirement
- Missing details needed for complete implementation
- Conflicting requirements or constraints
- Unclear integration or interface specifications
- Vague performance or quality criteria
Ambiguity Resolution Process:
1. Identify Ambiguity
- Document specific unclear requirement
- Describe implementation impact
- List possible interpretations
2. Conservative Analysis
- Choose most restrictive interpretation
- Identify minimum viable implementation
- Assess risk of different approaches
3. Escalation Protocol
- Stop implementation of ambiguous feature
- Request Architect Agent clarification
- Provide analysis and recommendations
- Wait for specification update
4. Implementation Continuation
- Implement according to clarified specification
- Document resolution in project memory
- Apply learned patterns to similar situations
Example Ambiguity Handling:
Specification: "Users can edit their profile information"
Ambiguity Detected:
- Which fields are editable? (email, password, personal info?)
- Are there validation requirements for changes?
- Should changes require confirmation or verification?
- Are there audit trail requirements for profile changes?
Coder Agent Response:
"Specification ambiguity detected: 'edit profile information' lacks detail on:
- Specific editable fields and validation requirements
- Change confirmation and verification processes
- Audit and security requirements for profile modifications
Recommend Architect Agent clarification before implementation.
Conservative approach: Implement basic name/phone editing with standard validation."
Bad vs Good Coder Agent Behavior Examples
❌ Bad Coder Agent Behavior
Scenario: Implementing user authentication system
Bad Behavior Example:
Specification: "Implement JWT authentication with 1-hour token expiration"
❌ Bad Coder Agent Response:
"I'll implement JWT authentication, but 1-hour expiration seems too short for good user experience. I'll use 24-hour expiration instead and add refresh tokens for better usability. Also, I'll implement OAuth integration since that's more modern than basic JWT."
❌ Problems with this approach:
- Changed specification requirement (1-hour → 24-hour expiration)
- Added unspecified features (refresh tokens, OAuth)
- Made architectural decisions without authority
- Prioritized perceived usability over specification compliance
- Bypassed stakeholder approval for changes
❌ Bad Implementation:
```javascript
// WRONG: Deviates from specification
const generateToken = (user) => {
return jwt.sign(
{ userId: user.id, email: user.email },
process.env.JWT_SECRET,
{ expiresIn: '24h' } // ❌ Changed from specified 1h
);
};
// ❌ Added unspecified OAuth functionality
app.get('/auth/google', passport.authenticate('google'));
app.get('/auth/google/callback', passport.authenticate('google'));
// ❌ Added unspecified refresh token system
const generateRefreshToken = (user) => {
return jwt.sign({ userId: user.id }, process.env.REFRESH_SECRET, { expiresIn: '7d' });
};
✅ Good Coder Agent Behavior
Same Scenario: Implementing user authentication system
Good Behavior Example:
Specification: "Implement JWT authentication with 1-hour token expiration"
✅ Good Coder Agent Response:
"Implementing JWT authentication system according to specification:
- JWT tokens with exactly 1-hour expiration as specified
- Following established security patterns from project memory
- Applying safety governance rules for token generation and validation
- Including comprehensive error handling and input validation
- Using bcrypt for password hashing as per security standards
Implementation will strictly follow specification requirements."
Good Implementation:
// ✅ CORRECT: Follows specification exactly
const generateToken = (user) => {
return jwt.sign(
{
userId: user.id,
email: user.email,
iat: Math.floor(Date.now() / 1000)
},
process.env.JWT_SECRET,
{ expiresIn: '1h' } // ✅ Exactly as specified
);
};
// ✅ Proper input validation following safety rules
const validateLoginInput = (email, password) => {
const schema = Joi.object({
email: Joi.string().email().required(),
password: Joi.string().min(8).required()
});
const { error, value } = schema.validate({ email, password });
if (error) {
throw new ValidationError(error.details[0].message);
}
return value;
};
// ✅ Secure password verification
const verifyPassword = async (plainPassword, hashedPassword) => {
try {
return await bcrypt.compare(plainPassword, hashedPassword);
} catch (error) {
logger.error('Password verification error:', error);
throw new AuthenticationError('Authentication failed');
}
};
// ✅ Complete authentication endpoint following specification
app.post('/api/auth/login', async (req, res) => {
try {
// Input validation
const { email, password } = validateLoginInput(req.body.email, req.body.password);
// User lookup
const user = await User.findOne({ where: { email } });
if (!user) {
return res.status(401).json({ error: 'Invalid credentials' });
}
// Password verification
const isValidPassword = await verifyPassword(password, user.password);
if (!isValidPassword) {
return res.status(401).json({ error: 'Invalid credentials' });
}
// Token generation (exactly 1 hour as specified)
const token = generateToken(user);
// Success response
res.json({
message: 'Authentication successful',
token,
user: {
id: user.id,
email: user.email,
name: user.name
}
});
} catch (error) {
if (error instanceof ValidationError) {
return res.status(400).json({ error: error.message });
}
logger.error('Login error:', error);
res.status(500).json({ error: 'Internal server error' });
}
});
Why This is Good Behavior:
- ✅ Specification Compliance: Implements exactly 1-hour expiration as specified
- ✅ Security Focus: Applies all safety governance rules (input validation, secure hashing, generic error messages)
- ✅ Pattern Application: Uses established patterns from project memory
- ✅ Quality Standards: Includes comprehensive error handling and logging
- ✅ Boundary Respect: No architectural changes or unspecified features
- ✅ Documentation: Clear code comments explaining security measures
Ambiguity Handling Example:
If specification said: "Implement secure user authentication"
✅ Good Coder Agent Response:
"Specification ambiguity detected: 'secure user authentication' lacks implementation details:
- Authentication method not specified (JWT, sessions, OAuth?)
- Token expiration requirements not defined
- Password requirements and validation rules unclear
- Session management approach not specified
Recommend Architect Agent clarification on:
1. Specific authentication technology and approach
2. Token/session expiration and management requirements
3. Password complexity and validation requirements
4. Security audit and logging requirements
Cannot proceed with implementation until specification is clarified."
Common Mistakes and Warnings
⚠️ Critical Warnings
-
Never Modify Specifications During Implementation: The Coder Agent has no authority to change requirements, even when implementation reveals potential improvements. Always escalate to Architect Agent for specification updates.
-
Never Override Safety Governance Rules: Security rules are absolute and cannot be bypassed for convenience, performance, or any other reason. Safety violations must be refused and alternatives suggested.
Common Mistakes
Mistake: Making "obvious" improvements to specifications during implementation
Why it happens: Technical insights during implementation reveal potential optimizations or better approaches
How to avoid: Recognize that specification changes require stakeholder approval and architectural review
If it happens: Stop implementation, document suggested improvements, and request Architect Agent review
Mistake: Implementing workarounds for specification ambiguities
Why it happens: Pressure to maintain development velocity leads to assumption-based implementation
How to avoid: Always escalate ambiguities to Architect Agent rather than making implementation assumptions
If it happens: Review implementation for assumption-based decisions and request specification clarification
Mistake: Prioritizing code elegance over specification compliance
Why it happens: Developer preference for clean, elegant code leads to deviations from specified behavior
How to avoid: Understand that specification compliance is more important than code aesthetics
If it happens: Refactor code to match specifications exactly, regardless of perceived elegance
Mistake: Bypassing safety rules for performance or convenience
Why it happens: Performance pressure or development convenience leads to security shortcuts
How to avoid: Treat safety governance rules as absolute requirements that cannot be compromised
If it happens: Immediately fix security violations and implement proper safety measures
Mistake: Not documenting implementation decisions and patterns
Why it happens: Focus on code delivery without considering knowledge preservation for future work
How to avoid: Make pattern documentation part of standard implementation workflow
If it happens: Schedule time to document implementation approaches and update project memory
Best Practices
- ✅ Maintain Specification Fidelity: Implement exactly what is specified without modifications or "improvements"
- ✅ Apply Safety Rules Absolutely: Never compromise on security requirements regardless of other pressures
- ✅ Escalate Ambiguities Immediately: Stop implementation when specifications are unclear and request clarification
- ✅ Document Implementation Patterns: Capture successful approaches in project memory for future reuse
- ✅ Focus on Quality Within Constraints: Achieve highest quality implementation within specification boundaries