WE AS WEBAI LabBook a reviewBook a workflow review

Case file 02 — anonymized at the client's request

2× delivery throughput, with every agent action auditable

From “the agent says it’s done” to a verifiable delivery system — live across the engineering organisation of a global private-markets intelligence group.

The name is withheld. The engagement, the tools and the figures are real.

Global B2B intelligence · Private marketsAgent governanceDelivery toolingEvidence & audit systemsPlatform engineering
Before
Fast, ungoverned agent adoption — no record of what ran, what was checked, or what was verified.
Shipped
An operating layer connecting agents to issues, code, data, chat and review gates — all live.
Result
2× delivery throughput, 70% org adoption, every high-risk action gated and audited.
Ownership
Runs on their estate through controlled service boundaries; their teams operate it daily.
70%
Engineering org actively using the platform
Throughput on agent-assisted delivery workflows
100%
High-risk actions require human confirmation — policy-enforced, verified in audit logs
<1h
Fresh checkout to a verified, ready profile

Measured across agent-assisted delivery workflows — issue refinement, implementation, review and validation — in the production deployment. No sensitive client data appears in this file.

[01]

Fast agents. No governance.

Engineering organisations are adopting AI-agent workflows fast. Most deployments are impossible to govern.

Work scatters across local sessions, code-review threads, data tools, chat channels and issue trackers — with no consistent record of what happened, which controls were applied, or whether the result was actually verified.

Our client is a global, membership-focused business intelligence company serving investment professionals across private markets, with offices on three continents. We partnered with them to build an operating layer that connects agent workflows to issue tracking, source control, data platforms, team chat, shared memory and review gates — through controlled service boundaries. It is live across the full delivery loop, from onboarding through quality assurance to incident response, and in daily use across the engineering organisation.

ISSUESSOURCE CONTROLDATA PLATFORMSTEAM CHATAGENT OPERATING LAYERTYPED PAYLOADS · CONTROLLED SERVICE BOUNDARIESEVIDENCE PACKAGES ✓HUMAN GATES · POLICYSHARED MEMORYEVERY WORKFLOW RUNS ON THE SAME GOVERNED PRIMITIVES — SPEED WITHOUT LOSING CONTROL
Evidence package — one change, end to endIllustrative reconstruction · no client data
T+00:00issue_refinedacceptance criteria · 4 subtasks✓ OK
T+00:12branch_createdisolated working copy✓ OK
T+01:47checks_executedtests · lint · runtime proof✓ OK
T+01:52review_gate2 comments → resolved✓ OK
T+02:03merge_readinessready — no blockers✓ OK
T+02:04high_risk_actionmerge to main⏸ GATED
T+02:06human_confirmationapproved by reviewer✓ OK
T+02:07handoff_packagechanges · proof · owners✓ OK

[02]

Seven workflows, before and after

Seven places where “it probably works” became “here is the proof.”

AreaBeforeAfter
OnboardingManual credential-file editing and slow ramp-up for new engineers.Fresh checkout to a verified, ready profile — typically in under an hour.
Issue intake & planningVague tickets, ambiguous scope and lost decisions.Structured issues with acceptance criteria and subtasks, refined before work starts.
Delivery sign-offCompletion meant “the agent says it’s done.”Verifiable evidence packages — checks, runtime proof, blockers and handoff notes.
Code review & CI/CDManual chasing of review comments and pipeline state.A review engine with ready/blocked merge decisions and tracked comment resolution.
Quality assuranceManual visual checks, flaky tests and untraced data jobs.Automated visual QA, test repair and data-platform job-run tracing.
GovernanceAd-hoc, ungoverned agent use.100% of high-risk actions confirmation-gated, policy-bound and auditable.
Knowledge continuityContext re-gathered from scratch each session.Shared cross-session memory through a controlled service boundary.

[03]

What runs in production today

Not a roadmap — a live platform. Every capability below carries its real status.

Onboarding & readiness

live

Validates prerequisites, credentials, profile state and integration registration; reports fresh setups as ready or blocked, with remediation.

Model-execution policy

live

Routes work through approved execution paths; shared-secret and expensive paths restricted by default, with per-role cost visibility.

Issue-driven planning

live

Reads, validates, structures, estimates and decomposes issues through typed payloads — challenging weak requirements before work starts.

Implementation evidence

live

Blocks completion until branch state, tests, review checks, runtime proof and handoff comments are present and verified.

Review, CI & merge readiness

live

Exposes review threads, CI state, approvals and a ready/blocked merge decision; merges stay confirmation-gated.

Data-platform workflows

live

Classifies queries, runs safe read-only execution, gates mutations, and validates catalog, bundle, app, endpoint and notebook checks.

Quality assurance & test engineering

live

Visual QA with screenshot diffing, data job-run tracing, detection and repair of flaky tests, and merge gating on green checks.

Shared memory

live

Persists cross-session project memory behind a service boundary, with workspace-scoped recall and identity-gated access.

Team-chat command gateway

live

An allowlisted set of approved workflows callable from team chat; unknown commands are rejected before model execution.

Safety & policy guardrails

hardened

Blocks or surfaces risky writes, destructive commands, weak artifacts, unsafe test shortcuts, data hazards and environment leakage.

[04]

One request, end to end

From a broad idea to an auditable handoff — the loop every change now follows.

  1. 01

    A product owner files a broad issue.

  2. 02

    The layer refines it: scenario, acceptance criteria, dependencies, subtasks.

  3. 03

    A developer starts a ready subtask in an isolated working copy.

  4. 04

    A bounded change is applied with agent assistance, grounded in the right repositories.

  5. 05

    Agreed checks run and evidence is collected.

  6. 06

    The review queue surfaces unresolved comments and CI failures.

  7. 07

    Comments are resolved and checks repaired.

  8. 08

    Merge readiness reports ready or blocked — with reasons.

  9. 09

    The issue receives a final handoff package: changes, proof, blockers, owners.

  10. 10

    The tracker becomes the durable, auditable coordination layer.

[05]

Controls that ship with the platform

Not bolted on after — governance is part of the delivery system itself.

Untrusted external content

External issue, review and chat text is treated as untrusted; embedded tool requests are rejected and downgraded instructions are logged.

High-risk gating

Unsafe merges, mutating data operations, deployments and destructive actions are confirmation-gated or policy-blocked.

Evidence over assertion

Completion requires evidence packages with checks, runtime proof, review state and known blockers.

Identity

Identities are validated at setup; service identities stay distinct from human users, with rotation and audit.

Cost control

Work prefers approved execution routes; shared-secret and expensive paths are restricted by default.

Incident response

Incident output separates evidence from inference; rollback and mitigation stay human-approved.

[06]

How the figures were measured

Measurement basis

Basis
Delivery-workflow outcomes across issue refinement, implementation, review and validation, in the production deployment.
Environment
The client’s own estate, connected through controlled service boundaries.
Artifacts
Evidence packages, readiness reports, audit trails, policy gates, a shared-memory service and a team-chat command gateway — all live.
Not published
Client name, raw dashboards and internal figures. Measurement details are shared in conversation, with the client’s approval.