Skip to main content

Development Philosophy

Engineered by AI, Audited by Humans

TealTiger is built using Kiro’s Spec-Driven Development workflow — an agentic AI development process where every feature starts as a formal specification before a single line of code is written. This means there’s a 1:1 relationship between our security requirements and our implementation. Requirements are documented, designs are reviewed, and implementation tasks are tracked — all before code generation begins. Every line of AI-generated code undergoes strict human-led review and must pass automated test suites before it ships. No code reaches a release without a human approving it.
TealTiger is an AI security tool built with AI assistance. We believe this is a strength — we understand the systems we protect because we use the same technology to build them.

Why We’re Transparent About This

Developers evaluating a security SDK deserve to know how it’s made. Here’s our reasoning:
  • Trust through truth. Hiding how software is built erodes trust. We’d rather tell you upfront and let the code speak for itself.
  • AI for AI. Building AI governance tooling with AI-assisted workflows means we encounter the same risks our users face — cost spirals, hallucination risks, policy gaps. TealTiger is battle-tested against the problems it solves.
  • Spec-driven rigor. AI-assisted doesn’t mean unreviewed. Every feature follows a structured path: requirements → design → implementation → testing → human review.

Our Quality Process

1. Specification First

Every feature begins as a formal spec with requirements, design documents, and implementation tasks. No code is written until the spec is reviewed and approved.

2. Property-Based Testing

We define correctness properties for critical behavior and validate them with property-based tests. This catches edge cases that example-based tests miss.

3. Human Review

All code — whether AI-generated or hand-written — goes through the same review process. AI assistance accelerates development; it doesn’t replace judgment.

4. Deterministic Verification

TealTiger’s core promise is determinism: same input + same policy = same output. Our test suites verify this property across every release.

What This Means for You

  • The SDK is open source — you can inspect every line of detection logic. See Guardrail Internals for a full breakdown.
  • No hidden models — PII detection and prompt injection use transparent regex patterns, not opaque ML. Content moderation optionally uses OpenAI’s Moderation API, and we document exactly when data leaves your process.
  • Stable contracts — our spec-driven process means behavior is defined before it’s implemented, and it stays stable within a major version.

Guardrail Internals

How PII detection, injection checks, and content moderation actually work

Goals

What TealTiger is designed to achieve

Security Best Practices

How to deploy TealTiger securely

Stability Guarantees

What stays stable across versions