This site is under active development — some features may be incomplete
Back to all articles
2026-02-20 14 min read

AI Agent Development Protocol: A Practical Guide

How to stop AI agents from hallucinating your codebase into oblivion

AI coding agents — Claude, Gemini, GPT — are genuinely useful. They write functions, debug issues, scaffold entire modules. But anyone who has used them on a real codebase for more than a few hours has hit the same wall: without grounded context, they hallucinate. They invent files that don't exist. They refactor code they weren't asked to touch. They run destructive commands without asking. They forget what they were doing halfway through a task.

The AI Agent Development Protocol (AADP) is an open-source framework I built to solve these problems. It's not a wrapper or an abstraction layer — it's a set of injected documents, a JIT context engine, and workflow conventions that turn a general-purpose LLM into a disciplined engineering partner.

This article is a practical, step-by-step guide. By the end, you'll have AADP running in your own project.

dadadance/ai_protocol
AI Agent Development Protocol — full source with bootstrap scripts, JIT context engine, templates, and 58+ tests

The Problem: Context Collapse

When you open a new chat with an AI agent and say "add a retry mechanism to the API client," the agent has no idea:

  • What your project structure looks like
  • What coding standards you follow
  • What branch you're working on
  • What testing framework you use
  • What files are safe to modify vs. what's generated code

So it guesses. Sometimes it guesses right. Often it doesn't. And when it doesn't, you spend more time cleaning up the agent's mess than you saved by using it in the first place.

AADP solves this with three mechanisms: injected protocol documents that set behavioral rules, a JIT context engine that feeds task-relevant documentation on demand, and safety handshakes that prevent destructive actions without confirmation.

Architecture: The Seed Bank Pattern

AADP uses what I call the Seed Bank pattern. The protocol lives in a central repository — the "seed bank" — and gets injected into target projects via a bootstrap script. This keeps the protocol source centralized and versioned, while each target project gets its own copy that it can customize.

Seed Bank Architecture
ai-protocol/ (Seed Bank) templates/PROTOCOL_BOOTLOADER.md templates/scripts/context.py templates/docs/* scripts/bootstrap.py bootstrap.py --agent claude Project A CLAUDE.md scripts/context.py docs/context_registry.json Project B GEMINI.md scripts/context.py docs/context_registry.json Project C (monorepo) CLAUDE.md sub-a/CLAUDE.md (thin) sub-b/CLAUDE.md (thin)

The separation is important. The templates/ directory is the payload — these are the files that get copied into target projects. The scripts/ directory is the injector — the bootstrap mechanism that does the copying. This means you can update the protocol centrally, bump the version, and re-bootstrap target projects to pick up changes.

Step 1: Bootstrap Your Project

Pick any existing project and inject the protocol into it. You need uv installed (it handles Python dependencies automatically):

# From anywhere — point at your target project
uv run /path/to/ai-protocol/scripts/bootstrap.py /path/to/your-project --agent claude

The --agent flag is required and determines the name of the agent instruction file. Use claude for Claude, gemini for Gemini, etc. The bootstrap copies these files into your project:

Source (templates/) Destination Purpose
PROTOCOL_BOOTLOADER.md CLAUDE.md Agent instructions — behavioral rules, workflow triggers
PROTOCOL.md PROTOCOL.md Full protocol reference — safety rules, branching, documentation
scripts/context.py scripts/context.py JIT context engine — fetches docs on demand
docs/context_registry.json docs/context_registry.json Maps context keys to documentation files and sections
docs/CODING_STANDARDS.md docs/CODING_STANDARDS.md Project coding standards template
docs/TESTING.md docs/TESTING.md Testing strategy and framework conventions
docs/PROGRESS.md docs/PROGRESS.md Task tracking — agents update this as they work
SCRIPTS-CATALOG.md SCRIPTS-CATALOG.md Registry of available automation scripts

The bootstrap is safe by default — it won't overwrite existing files. If you're re-bootstrapping after a protocol update, use --force:

# Re-bootstrap after protocol update
uv run /path/to/ai-protocol/scripts/bootstrap.py . --agent claude --force

For monorepo submodules, use the --monorepo-submodule flag to inject a thin agent file that delegates to the root protocol:

# Inject thin agent into a monorepo submodule
uv run /path/to/ai-protocol/scripts/bootstrap.py ./services/api \
  --agent claude \
  --monorepo-submodule \
  --module-name "api-service" \
  --description "REST API service for the trading platform"

Step 2: Configure JIT Context

This is where AADP diverges from the typical approach of stuffing everything into a system prompt. Instead of loading your entire codebase's documentation upfront (which wastes tokens and dilutes attention), AADP uses Just-In-Time context injection — the agent fetches only the documentation it needs, when it needs it.

The context registry (docs/context_registry.json) maps keys to documentation files and sections:

{
  "_meta": {
    "protocol_version": "1.0.0",
    "description": "JIT context registry"
  },
  "protocol:init": {
    "file": "PROTOCOL.md",
    "section": "0. Core Protocol"
  },
  "protocol:safety": {
    "file": "PROTOCOL.md",
    "section": "0.1. Safety & Autonomy (Strict)"
  },
  "protocol:branching": {
    "file": "PROTOCOL.md",
    "section": "2.1. Strict Protocol: Git Branching & Scope"
  },
  "protocol:standards": {
    "file": "docs/CODING_STANDARDS.md"
  },
  "protocol:testing": {
    "file": "docs/TESTING.md",
    "section": "1. Testing Framework & Tools"
  }
}

The agent fetches context by running context.py:

# List all available context keys
python scripts/context.py list

# Fetch a specific context
python scripts/context.py fetch protocol:safety

The beauty of this design is that you customize it for your project. Add entries for your own documentation — API specs, database schemas, deployment procedures:

{
  "project:api-spec": {
    "file": "docs/API.md"
  },
  "project:db-schema": {
    "file": "docs/SCHEMA.md",
    "section": "Current Schema"
  },
  "project:deploy": {
    "file": "docs/DEPLOYMENT.md"
  }
}

When the agent is about to modify an API endpoint, the protocol triggers it to run context.py fetch project:api-spec first. It reads the actual spec, not a hallucinated version of it.

JIT Context Flow
AI Agent (Claude, Gemini) 1. Receives task 2. Matches trigger Context Triggers writing code? fetch standards branching? fetch branching 3. Runs context.py fetch <key> 4. Looks up context_registry.json key → file + section 5. Reads Project Docs CODING_STANDARDS.md TESTING.md, PROTOCOL.md 6. Extracted section returned to agent Agent now has real documentation grounding its next action — not a hallucinated version

Step 3: Enforce Safety Handshakes

This is the part most people skip — and then regret when an agent runs git push --force to main, or drops a database table, or deletes a directory it was supposed to preserve.

AADP's protocol bootloader defines mandatory safety handshakes. The agent must:

  1. Ask before acting on any system-modifying operation — file deletions, database changes, branch operations, deployments. The agent explains what it intends to do and waits for confirmation.
  2. Stop on error — if a command fails or produces unexpected output, the agent stops and reports rather than trying to brute-force its way through.
  3. Never run destructive commands without confirmationrm -rf, git reset --hard, DROP TABLE, force pushes. These are never autonomous.
  4. Read before modifying — the agent must read a file before editing it. No blind writes based on assumed content.

These aren't suggestions — they're embedded in the bootloader file (CLAUDE.md or GEMINI.md) that the agent reads at session start. The agent treats them as hard constraints.

Here's what the safety section looks like in practice:

## 0. Identity & Safety (MANDATORY)

You are an autonomous AI agent with safety-first principles.

- ALWAYS explain BEFORE executing system-modifying commands
- STOP and report on unexpected errors — never retry blindly
- ASK for clarification when requirements are ambiguous
- NEVER run destructive operations without explicit confirmation

This changes agent behavior dramatically. Instead of silently running a migration that drops columns, the agent says: "I need to run a migration that will drop the legacy_status column from the orders table. This is irreversible. Should I proceed?"

Step 4: Workflow Enforcement

Beyond safety, AADP enforces a structured workflow for how agents interact with your project. This covers branching, commits, progress tracking, and scope control.

Branching conventions

The protocol requires timestamp-based branch names with meaningful descriptions:

# Format: <type>/yyyymmdd-hhmmss-<description>
feature/20260220-143000-add-retry-mechanism
fix/20260220-150000-resolve-api-timeout
refactor/20260220-160000-extract-auth-module

This prevents the agent from creating branches like fix-stuff or update. Every branch is timestamped and self-documenting. When you look at your branch list six months from now, you know exactly when each change was made and what it was for.

Scope control

Each task gets a defined scope. The agent must:

  1. Confirm the task scope before starting
  2. Read the relevant requirements document
  3. Stay within the declared scope — no "while I'm in here, let me also refactor this"
  4. Update docs/PROGRESS.md as work progresses

Scope creep is one of the biggest problems with AI agents. They see a function they could "improve" and silently rewrite it. AADP's workflow rules prevent this — the agent declares what it will do, does it, and stops.

Progress tracking

The agent maintains docs/PROGRESS.md as a living document, updating it as tasks start, progress, and complete. This gives you a clear audit trail of what the agent did, when, and why — even across sessions.

Version Drift Detection

When you update the central protocol, target projects can fall behind. AADP includes a drift checker:

# Check if your project's protocol is up to date
uv run /path/to/ai-protocol/scripts/check_protocol.py /path/to/your-project

This reads the _meta.protocol_version from your project's context_registry.json and compares it against the source. If there's drift, it tells you to re-bootstrap with --force.

What Changes in Practice

After deploying AADP across several projects in my workflow, the changes were immediate and measurable:

Before AADP After AADP
Agent invents file paths that don't exist Agent reads project structure from context before acting
Agent writes code in wrong style/framework Agent fetches CODING_STANDARDS.md before writing code
Agent runs destructive commands silently Agent explains and asks before any system-modifying action
Agent scope-creeps into unrelated refactors Agent stays within declared task scope
No audit trail of what the agent did Progress tracked in PROGRESS.md with timestamps
Each session starts from scratch JIT context provides continuity across sessions

The biggest win is trust. When the agent asks before deleting files, stays in scope, and grounds its decisions in real documentation, you stop second-guessing every action. You spend your time reviewing meaningful work instead of damage control.

Getting Started in Five Minutes

Here's the minimal path to having AADP running in your project:

# 1. Clone the protocol
git clone https://github.com/dadadance/ai_protocol.git

# 2. Bootstrap into your project
uv run ai_protocol/scripts/bootstrap.py /path/to/your-project --agent claude

# 3. Customize the context registry
#    Edit your-project/docs/context_registry.json
#    Add entries pointing to your own documentation

# 4. Customize coding standards
#    Edit your-project/docs/CODING_STANDARDS.md
#    Add your project's conventions

# 5. Start your AI agent and tell it:
#    "Read CLAUDE.md to bootstrap your context and confirm you are ready."

The agent reads the bootloader, understands the protocol, fetches initial context, and confirms it's ready to work within the defined constraints. From that point on, every action is grounded, scoped, and safe.

Conclusion

AI agents are already capable enough to be genuinely useful for software engineering. The bottleneck isn't intelligence — it's context and discipline. AADP doesn't make agents smarter. It makes them grounded — connected to real project documentation, bound by safety rules, and constrained to a declared scope.

The entire protocol is open source, MIT-licensed, and designed to be forked and customized. If you're using AI agents for anything beyond throwaway scripts, give it a try. The difference between "AI that sometimes helps" and "AI that reliably ships code" is almost always a context problem — and that's exactly what AADP solves.

Back to all articles