Each engineering chief watching the agentic coding wave is ultimately going to face the identical query: if AI can generate production-quality code sooner than any group, what does governance appear like when the human isn't writing the code anymore?
Most groups don't have a superb reply but. Treasure Information, a SoftBank-backed buyer knowledge platform serving greater than 450 international manufacturers, now has one, although they discovered components of it the laborious method.
The corporate at the moment formally introduced Treasure Code, a brand new AI-native command-line interface that lets knowledge engineers and platform groups function its full CDP by way of pure language, with Claude Code dealing with creation and iteration beneath. It was constructed by a single engineer.
The corporate says the coding itself took roughly 60 minutes. However that quantity is nearly inappropriate. The extra essential story is what needed to be true earlier than these 60 minutes had been doable, and what broke after.
"From a planning standpoint, we nonetheless must plan to derisk the enterprise, and that did take a few weeks," Rafa Flores, Chief Product Officer at Treasure Information, instructed VentureBeat. "From an ideation and execution standpoint, that's the place you type of simply mix the 2 and also you simply go, go, go. And it's not simply prototyping, it's rolling issues out in manufacturing in a secure method."
Construct the governance layer first
Earlier than even a single line of code was written, Treasure Information needed to reply a more durable query: what does the system have to be prohibited from doing, and the way do you implement that on the platform degree slightly than hoping the code respects it?
The guardrails Treasure Information constructed reside upstream of the code itself. When any consumer connects to the CDP by way of Treasure Code, entry management and permission administration are inherited immediately from the platform. Customers can solely attain sources they have already got permission for. PII can’t be uncovered. API keys can’t be surfaced. The system can’t communicate disparagingly a couple of model or competitor.
"We needed to get CISOs concerned. I used to be concerned. Our CTO, heads of engineering, simply to ensure that this factor didn't simply go rogue," Flores stated.
This basis made the subsequent step doable: letting AI generate 100% of the codebase, with a three-tier high quality pipeline imposing manufacturing requirements all through.
The three-tier pipeline for AI code era
The primary tier is an AI-based code reviewer additionally utilizing Claude Code.
The code reviewer sits on the pull request stage and runs a structured evaluation guidelines in opposition to each proposed merge, checking for architectural alignment, safety compliance, correct error dealing with, check protection and documentation high quality. When all standards are happy it will possibly merge robotically. After they aren't, it flags for human intervention.
The truth that Treasure Information constructed the code reviewer in Claude Code will not be incidental. It means the device validating AI-generated code was itself AI-generated, a proof level that the workflow is self-reinforcing slightly than depending on a separate human-written high quality layer.
The second tier is a regular CI/CD pipeline working automated unit, integration and end-to-end exams, static evaluation, linting and safety checks in opposition to each change. The third is human evaluation, required wherever automated techniques flag threat or enterprise coverage calls for sign-off.
The interior precept Treasure Information operates underneath: AI writes code, however AI doesn’t ship code.
Why this isn't simply Cursor pointed at a database
The apparent query for any engineering group is why not simply level an present device like Cursor at your knowledge platform, or expose it as an MCP server and let Claude Code question it immediately.
Flores argued the distinction is governance depth. A generic connection offers you pure language entry to knowledge however inherits not one of the platform's present permission buildings, that means each question runs with no matter entry the API key permits.
Treasure Code inherits Treasure Information's full entry management and permissioning layer, so what a consumer can do by way of pure language is bounded by what they're already approved to do within the platform.
The second distinction is orchestration. As a result of Treasure Code connects on to Treasure Information's AI Agent Foundry, it will possibly coordinate sub-agents and abilities throughout the platform slightly than executing single duties in isolation: the distinction between telling an AI to run an evaluation and having it orchestrate that evaluation throughout omni-channel activation, segmentation and reporting concurrently.
What broke anyway
Even with the governance structure in place, the launch didn't go cleanly, and Flores was candid about it.
Treasure Information initially made Treasure Code obtainable to clients with no go-to-market plan. The idea was that it could keep quiet whereas the group discovered subsequent steps. Clients discovered it anyway. Greater than 100 clients and near 1,000 customers adopted it inside two weeks, totally by way of natural discovery.
"We didn't put any go-to-market motions behind it. We didn't assume individuals had been going to search out it. Nicely, they did," Flores stated. "We had been left scrambling with, how can we really do the go-to-market motions? Will we even do a beta, since technically it's reside?"
The unplanned adoption additionally created a compliance hole. Treasure Information remains to be within the means of formally certifying Treasure Code underneath its Belief AI compliance program, a certification it had not accomplished earlier than the product reached clients.
A second downside emerged when Treasure Information opened talent improvement to non-engineering groups. CSMs and account administrators started constructing and submitting abilities with out understanding what would get accredited and merged, creating important wasted effort and a backlog of submissions that couldn't clear the repository's entry insurance policies.
Enterprise validation and what's nonetheless lacking
Thomson Reuters is among the many early adopters. Flores stated that the corporate had been making an attempt to construct an in-house AI agent platform and struggling to maneuver quick sufficient. It related with Treasure Information's AI Agent Foundry to speed up viewers segmentation work, then prolonged into Treasure Code to customise and iterate extra quickly.
The suggestions, Flores stated, has centered on extensibility and adaptability, and the truth that procurement was already carried out, eradicating a big enterprise barrier to adoption.
The hole Thomson Reuters has flagged, and that Flores acknowledges the product doesn't but handle, is steering on AI maturity. Treasure Code doesn't inform customers who ought to use it, what to deal with first, or methods to construction entry throughout totally different talent ranges inside a corporation.
"AI that means that you can be leveraged, but additionally tells you methods to leverage it, I feel that's very differentiated," Flores stated. He sees it as the subsequent significant layer to construct.
What engineering leaders ought to take from this
Flores has had time to mirror on what the expertise really taught him, and he was direct about what he'd change. Subsequent time, he stated, the discharge would keep inside first.
"We are going to launch it internally solely. I can’t launch it to anybody exterior of the group," he stated. "Will probably be extra of a managed launch so we are able to really study what we're really being uncovered to at decrease threat."
On talent improvement, the lesson was to ascertain clear standards for what will get accredited and merged earlier than opening the method to groups exterior engineering, not after.
The widespread thread in each classes is identical one which formed the governance structure and the three-tier pipeline: velocity is just a bonus if the construction round it holds. For engineering leaders evaluating whether or not agentic coding is prepared for manufacturing, the Treasure Information expertise interprets into three sensible conclusions.
Governance infrastructure has to precede the code, not comply with it. The platform-level entry controls and permission inheritance had been what made it secure to let AI generate freely. With out that basis, the velocity benefit disappears as a result of each output requires exhaustive handbook evaluation.
A high quality gate that doesn't rely totally on people will not be elective at scale.
Construct a top quality gate that doesn't rely totally on people. AI can evaluation each pull request persistently, with out fatigue, and test coverage compliance systematically throughout all the codebase. Human evaluation stays important, however as a remaining test slightly than the first high quality mechanism.Plan for natural adoption. If the product works, individuals will discover it earlier than you're prepared. The compliance and go-to-market gaps Treasure Information remains to be closing are a direct results of underestimating that.
"Sure, vibe coding can work if carried out in a secure method and correct guardrails are in place," Flores stated. "Embrace it in a approach to discover technique of not changing the nice work you do, however the tedious work which you can in all probability automate."
