marketing-agent, the constraint-file pattern.

marketing-agent is internal Startvest LLC tooling. A context-layered marketing execution agent: validation reports → drafts → review queue → Buffer (LinkedIn) or CMS API (SEO blog). The agent uses Anthropic SDK for drafting. All AI output is draft-only and gated through manual review before any external surface receives it.

The audit was scoped specifically to verify that marketing automation's adjacent failure modes — auto-posting, cold email, scraping, strategy capture by AI, false urgency framing, fabricated citations — are avoided. They are.

Mechanical: 9 of 11 integrity-cli rules passed. Two CRITICAL fails are both substantively PASS via structural gates (Buffer queue + manual click); mechanical marker fields (reviewedBy, citation provenance) are tracked tickets.

The interesting finding is not in the code. It is in a single repo-root file — constraints.md— with 29 numbered “does NOT” items.

Layer 1 Veto 6 (TechCrunch Test) is structured around prohibiting every marketing-automation failure mode that has historically ended badly. constraints.md addresses them item-by-item.

constraints.md closes with kill-switch discipline applied to itself:

Edits to this file require a dated note. Removals require Tom's explicit sign-off — the file should grow over time, not shrink.

The constraint set governs itself. That self-reference is the point.

The constraint-file pattern may generalize. Layer 1 vetoes and Layer 3 guardrails that are policy / process surfaces (not code patterns) might be best authored as a constraint file with kill-switch discipline, rather than expressed as code-level CI rules. The framework's existing rules don't model this shape — they're all code-pattern checks.

But: no codification on a single instance. The discipline that produced six clean revisions in this audit cycle was that each revision was driven by at least one real product surfacing the gap. The constraint-file pattern has only one product example so far.

The pattern is being watched for in future audits — PRAPI when it ships, external adopters, quarterly cross-product re-audits. If it repeats, it'll be codified as an optional new check kind. If it doesn't, it stays a per-product extension pattern.

Two remediation tickets opened on the marketing-agent repo:

The smallest backlog in the portfolio. marketing-agent's substantive posture is strong; the open items are mechanical-marker fields that turn structural gates into machine-verifiable assertions.

1. Internal tooling can produce strong Layer 1 / Layer 3 framing without the framework's code-pattern CI rules. An explicit constraint file with kill-switch discipline is a different but legitimate shape.
2. Marketing automation specifically demands explicit anti-pattern enumeration. The category sits adjacent to too many failure modes (auto-posting, cold email, strategy capture, false urgency, fabricated citations) for implicit defense to suffice. Naming each one in writing is the discipline.
3. N/A is the correct answer when the rule was written for a different category. marketing-agent is correctly outside the customer-facing-compliance-product scope that most TIF rules are calibrated against. The audit doesn't manufacture gaps.

• 2026-04-29 — v1.0. Initial publication. No framework revision triggered (v1.9.0 held up cleanly). Constraint-file pattern documented for future watch-for.