LabACT
Writing

June 2025

AI Engineering Controls

Versioning, evaluation, approvals, logs, retries, and security gates.

Controls are what make AI-assisted software feel boring in production. That is the goal. Excitement belongs in the lab.

Versioning

Prompts in git. Model names in config, not hardcoded strings scattered across files. Lock files or pinned API versions. Every deploy knows exactly which model and prompt it shipped with.

Evaluation

Golden datasets for extraction and classification. Score precision and recall before release. Track drift when vendors update models. A small set of real files beats a hundred synthetic edge cases nobody sees in production.

Approvals and logs

Human sign-off where SOP requires it. Structured logs: input hash, model version, output, latency, user override. Logs go to the same retention policy as the rest of your regulated data.

Retries and security

Retry transient failures with caps. Never retry a partial write without idempotency keys. Strip PII from logs. Restrict which services can call models. Review new tools and data paths like any other production change.