
Instructions Don't Scale. Guardrails Do.
If your marketing team is evaluating an AI-accelerated platform engagement, you probably have questions about security, compliance and reliability. In simpler terms, you need to understand how you can fully trust the system.
Here is the failure mode we designed against: instructed AI regresses to the mean. You can tell an AI agent "always use the design system, never hardcode colors, keep the brand voice," and it will, mostly, until context pressure, novel situations, or simply judgment errors produce the exception. At the velocity AI enables, on the No Greater Sacrifice build that meant over 1,400 discrete changes in roughly 30 days, "mostly" is a defect factory. Review cannot scale to that tempo. Post-hoc review of AI output is exactly the boring, error-prone work humans do worst.
Our answer: standards are executable, or they do not exist. Machinery that fails the build enforces every rule that matters, in place of a wiki nobody reads under deadline. On the NGS platform, that meant the following, concretely.
The enforcement stack
Design-system enforcement as custom static analysis. Eleven custom lint rules, all error-level, all build-breaking, each with its own test suite. No raw color literals anywhere in the codebase; every color flows through the surface-token system, which is how brand consistency and contrast guarantees survive 1,400 changes. No hand-rolled buttons or headings; components must compose the system's primitives. Layer boundaries, from atoms up through pages, exist as import restrictions. A lower-level component cannot import from a higher layer. The build fails.
The rule that guards the rules. Our favorite, and the one technical audiences immediately understand: a lint rule whose only job is to detect and reject attempts to suppress the other lint rules. An AI agent, or a rushed human, that tries to disable its way past a design-system gate trips a gate about gates. The system does not allow itself to be quietly unbuckled.
Editorial canon compiled to code. The organization's mission statement, every ratified statistic, and the brand-voice capitalization table live as typed constants with evidence tests. If the verbatim mission text or a canonical figure drifts anywhere in the codebase, CI fails. Site copy references figures via tokens resolved from a single source at render time, so "update the Scholar count" is a one-line change that propagates to every page citing it. A separate content linter runs against the live published CMS content in Contentful, applying 23 rules that encode client-ratified language decisions: phrases that must never appear, figures that must be tokenized, honorific capitalization. It reports for human review.
Mechanical versus judgment, encoded. Every editorial rule carries a machine-readable classification. Mechanical rules the machine enforces absolutely. Judgment rules it may only flag; a human decides. Honorific capitalization, specifically, is deliberately flag-only, because context determines whether "alumni" refers to the client's Alumni or someone else's, and quoted third-party material is never restyled. The enforcement architecture explicitly models where automated authority ends. We consider this taxonomy the most important design decision in the stack.
Accessibility as a hard gate, not an audit. Every component ships with a full catalog in Storybook: 160 story files, roughly ten examples each, across surfaces. Every example renders in a real browser in CI and runs a full axe accessibility scan. Any violation fails the build. WCAG 2.2 AA and Section 508 compliance on the NGS platform is not an annual audit finding; it is a precondition for code existing. One real catch makes the case: text that passed contrast math against its flat background color failed when composited over a decorative watermark layer. The gate caught it only because it tests the rendered composite, not the token arithmetic.
Hygiene gates. Dead-code detection, orphaned-CSS detection, copy-paste duplication limits, circular-dependency checks, and file-size ceilings, all error-level in CI. The rationale for the unusual ones: an unreferenced CSS class is bait for a future agent to wire up and assume sanctioned, and dead code is ambiguity an AI will confidently misread. At AI velocity, repository hygiene is a safety property, not aesthetics.
The build, by the numbers
Verification: the gates must prove themselves
Guardrails have a failure mode of their own: checks that verify themselves. We treat this as the most dangerous class of bug in AI-assisted delivery, because it produces confident green lights over broken reality. Three doctrines, all born from real incidents on this engagement.
A checker does not count until it catches a planted failure
Mid-build, we found a content-migration verification gate comparing the migration's output against the migration's own output. Circular, and green by construction. We rebuilt it to verify against the original source material and adopted the standing rule: every automated check must demonstrably catch a deliberately planted positive before anyone trusts its clean result.
Verify against the live artifact, never a proxy
Local checks pass, CI passes, the deploy pipeline reports success, and production can still be broken. We caught exactly this: three green signals over a failing production build, traced to a stale local cache. House rule: completion claims require evidence from the deployed system, the live page, the rendered output, the actual network response, not the proxy that predicts it.
Every incident becomes a gate, fast
We did not design our quality gates up front in a big requirements document. Nearly every one traces to a specific caught incident, and the median time from catch to permanent enforcement ran in hours. The fastest was 33 minutes from discovering a class of hazard to a CI gate that eliminates it. That is the operational loop. Human judgment identifies a failure class once. Engineering makes it structurally unrepeatable. Velocity resumes.
The philosophy behind that loop, and the people running it, is the subject of The Most Important Layer of Our AI Stack Is Human (opens in a new tab).
Governance changes at launch
One more decision technical leaders tend to appreciate. At go-live, we deleted our own bulk-content automation: dozens of scripts that had been legitimate build-phase tooling. Post-launch, the CMS became the client's editors' system of record, and any repo-to-CMS push tool is now a mechanism for silently overwriting an editor's live work. Rather than trust future operators to remember that, we removed the capability and encoded the policy. Content changes are drafted via API and published by humans. Least-privilege applies to tooling, not just people.
The boring credentials
AgencyQ is ISO 9001 certified as an organization. The architecture and delivery practices described here are SOC 2 and NIST compliant. The platform delivered for NGS runs on current, mainstream, boring-in-the-good-way infrastructure: Contentful (opens in a new tab) as the composable content platform, a modern React framework deployed on Vercel (opens in a new tab), Storybook (opens in a new tab) as the living design-system reference, AI agents built on Anthropic's Claude (opens in a new tab), and the client's existing Salesforce (opens in a new tab) org as the system of record. Zero exotic dependencies your team would have to reverse-engineer later. Everything above, the gates, the tests, the documentation, ships with the platform; the client's repository contains the enforcement machinery, not just its output.
What to take from this
If your team wants to build this in-house, parts of this article are a decent starting spec, and strong engineering organizations should consider it.
If your organization needs the outcome without building the machine shop, the point of this piece is that "we use AI responsibly" can be a checkable engineering claim rather than a slide. Ask any vendor who says it to show you the gate that stops the AI from disabling their gates. We will show you ours.
Numbers matter, make them accountable: Every Number Traces to the System of Record

Steve Hamilton
SVP, DXP and Custom Solutions Practice
Stay Informed
Get industry-leading insights delivered to your inbox.
Industry Leading Insights
Our latest thinking on personalization, digital transformation and experience design




