CAF is the fail-closed architecture control layer for AI-assisted software delivery.
CAF helps teams move faster with coding agents while keeping the architecture in the loop.
CAF turns PRDs and architecture decisions into checkpoints, evidence, plans, and candidate code so teams can move quickly without losing control, traceability, or auditability.
CAF is not prompt-to-code.
CAF keeps product intent, architecture decisions, planning, candidate code, and the optional richer UX lane connected through durable artifacts and fail-closed gates.
- starts from product intent rather than a one-off build prompt
- keeps architecture active across planning and build
- produces candidate code, not silent autopilot-to-production output
- fails closed when required inputs or decisions are missing
git clone https://github.com/arylwen/caf.git
cd caf
/caf ask For codex-saas, what architecture decisions did we make, and why?Use the canonical codex-saas sample to understand CAF before generating anything new.
Questions you can ask right away:
/caf ask Summarize the main features of the codex-saas reference architecture./caf ask Which patterns were selected for codex-saas, and which pins drove them?/caf ask Given pin CP-4, what work is implied?/caf ask If we change code/ap/widgets/service.py, what intent/work is most likely impacted?
Replace <instance> with your own name.
| Command | Why you run it | Learn more |
|---|---|---|
/caf saas <instance> |
Seed a new workspace with editable source docs, including PRD, platform PRD, UX vision, and guardrail defaults. Product manager and architect refine these seeded sources before downstream derivation. | Installation, PRD-first lifecycle, Product manager view |
/caf prd <instance> |
Resolve the PRD sources into lifecycle-ready product intent and architecture shape. This is the normal bridge from seeded documents into a usable downstream architecture flow. | PRD workflow, PRD-first lifecycle |
/caf arch <instance> |
First architecture discovery pass. CAF proposes best-fit architectural choices and patterns from the promoted shape; the architect reviews and adjusts options before checkpointing. Examples include auth/session posture, deployment/runtime shape, persistence and API boundary structure. | PRD-first lifecycle, Core concepts, Pattern browser |
/caf next <instance> apply |
Checkpoint the adopted architecture so later phases consume a deterministic, auditable state instead of an in-progress scaffold. | PRD-first lifecycle, Instances, phases, and state |
/caf arch <instance> |
Second architecture/design pass. CAF elaborates technology and design choices needed for planning, such as contract declarations, control-plane/application design, normalized domain models, and implementation-oriented pattern choices. | PRD-first lifecycle, Core concepts |
/caf plan <instance> |
Compile obligations and adopted technology choices into the planner-owned task graph, task plan, and backlog that drive build. | PRD-first lifecycle, Feedback packets and debugging |
/caf build <instance> |
Run the candidate build lane. CAF dispatches the planned tasks, tracks wave-state, and produces candidate code plus task reports/reviews. | PRD-first lifecycle, Traceability |
/caf ux <instance> |
Derive the canonical richer UX artifacts after the second /caf arch, including UX design and visual-system semantics. |
Skills, runners, and command surface |
/caf ux plan <instance> |
Turn the UX artifacts into the UX task graph, plan, and backlog for the separate UX realization lane. | Skills, runners, and command surface, PRD-first lifecycle |
/caf ux build <instance> |
Realize the richer UX lane against the already-built backend/runtime truth, typically in a separate ux namespace/service within the same stack. |
Skills, runners, and command surface, PRD-first lifecycle |
The UX commands extend the main lifecycle. Run /caf ux after the second /caf arch, run /caf ux plan after /caf ux, and run /caf ux build after the main /caf build for the same instance.
CAF itself stays runner-neutral and uses the /caf ... command surface inside the agent. For terminal runners, this repo also includes resumable helper wrappers under tools/caf/cli/:
- Codex:
tools/caf/cli/codex/- default helper model:
gpt-5.3-codex - default reasoning effort:
medium
- default helper model:
- Claude Code:
tools/caf/cli/claude/- uses Claude print mode and skips permission prompts unless you override that behavior
- Claude local / LM Studio:
tools/caf/cli/claude-local/- preserves the Claude helper lifecycle but injects local-endpoint environment plus LM Studio recovery/load knobs
- Antigravity: use the repo
.agent/runner surface today; a packaged terminal wrapper is not included yet
Preferred launcher examples from the repo root:
# Preferred on Windows: call the Node entrypoint directly
node .\tools\caf\cli\codex\run_caf_flow_v1.mjs codex-saas
node .\tools\caf\cli\claude\run_caf_flow_v1.mjs codex-saasSee the runner-specific READMEs for flags and resume behavior:
- CAF produces architecture, project plans, and candidate code.
- CAF is not a ship-to-production generator: outputs are candidate-only and require human review.
- CAF is fail-closed: if inputs are missing or ambiguous, it emits a feedback packet instead of guessing.
What is CAF? — Get the shortest explanation of what CAF does and why it exists.
- PRD-first lifecycle — Follow the default product-intent to architecture to plan to build path.
- Answering questions with CAF — See how
/caf askturns CAF into a queryable delivery surface. - Architect docs — Go deeper on decisions, sizing, impact, and architect-operated workflows.
- User docs:
docs/user/README.md - Architect docs:
docs/architect/README.md - Maintainer guide:
docs/maintainer/README.md - Invariants and bounded claims:
docs/architect/invariants/README.md - Pattern browsing:
docs/patterns/README.md
architecture_library/— normative CAF intent: catalogs (patterns, TBPs, PBPs, policy matrices)skills/— canonical skill implementations; uses nodejs scripts to optimize token usageskills_portable/— instruction-only skill set (portable baseline).agent/— router shim discovered by runners that use/cafunder Antigravity.claude/— router shim discovered by runners that use/cafunder Claude.codex/— router shim discovered by runners that use/cafunder Codex.copilot/— router shim discovered by runners that use/cafunder Copilot.kiro/— workspace skill shim discovered by Kiro IDE for/cafslash-command support
Generated at runtime (typically gitignored; may not exist until you run CAF):
reference_architectures/<instance>/— generated architecture artifacts (do not hand-edit outsideARCHITECT_EDIT_BLOCK)companion_repositories/<instance>/— generated candidate code workspace
- Review the agent permissions in
.vscode/settings.jsonand.claude/settings.local.jsonand make sure they meet your security requirements before running the agent. - If you use Kiro IDE, keep
.kiro/skills/in the repo so the workspace slash-command surface can discover CAF without copying canonical skills. - Safety rule (agents): CAF workflows should not run any
gitcommands (read or write). Treat the working tree as the source of truth.