Enforcing rules and managing expectations for AI agents with CI and code review(rubyonai.com)
rubyonai.com
Enforcing rules and managing expectations for AI agents with CI and code review
https://rubyonai.com/how-do-you-know-the-software-is-working/
https://rubyonai.com/how-do-you-know-the-software-is-working/
Prompt injection is the obvious example. A malicious payload arriving via user input, tool outputs, or RAG retrieval won't show up in any code review. The adversarial content isn't in your codebase—it's dynamically constructed at inference time.
Do you have any thoughts on validating agent inputs at runtime vs. just at build time? CI catches what you control, but runtime inputs are adversarial territory where static rules can't reach.