Gnesis Build Engine

Status: Private beta. Public launch Q3 2026. Owners: Rabih Naja (Founder & Chief Builder), Wassim Moumneh (Co-Founder & Chief Orchestrator) Last updated: 2026-04-23

---

1. Purpose

The Build Engine is the mechanical heart of Aleph. It turns a signed-off brief into a running, multi-tenant application and keeps it running. This doc specifies the engine's responsibilities, its stages, its 17 internal gates, and the commit and deploy model.

Build Engine behavior is the same across tiers. What differs is isolation mode, support SLOs, and compliance posture.

Scope: this doc covers the code track (application build, test, deploy, operate). The sibling Aleph Assembly Line produces the 30+ business-setup deliverables in parallel and is specified in the Section 9 docs (Generated-Business-Standard for the floor, each generator-spec for per-deliverable mechanics). The two tracks share the audit log, the decision record model, the commit style, and the eject path. They do not share gates or pipeline stages.

2. Inputs

The engine accepts four inputs per project.

1. Brief. Structured markdown produced by Shakeeb. Includes goals, user personas, domain entities, auth requirements, integrations, tenancy expectations, and non-goals.
2. Plan. Architecture and data model proposals approved by the user.
3. Tool selection. Tools loaded into the project from the Tool Registry.
4. Policy. Shakeeb posture preset plus any custom rules.

3. Outputs

Per project, the engine produces and maintains:

• A git repository (full history, conventional commit style).
• A deployed staging environment.
• A deployed production environment.
• A database with migrations tracked.
• A secret vault namespace.
• An audit log.
• A telemetry stream (errors, product events, traces, metrics).

4. Pipeline stages

Seven stages. Same seven as the product spec. Repeated here with engine-level detail.

4.1 Brief

The engine stores the brief as a first-class artifact. Every downstream change links back to a brief version. Brief updates produce a diff that Shakeeb surfaces before plan changes ripple.

4.2 Plan

The engine drafts architecture and data model proposals from the brief. Proposals are typed objects, not freeform text. Shakeeb renders them into a human conversation.

4.3 Scaffold

The engine generates the base repo from the opinionated stack of record.

• Next.js 16 with React 19, app router.
• tRPC v11 routers and procedures.
• Drizzle schema, initial migrations (numbered, aligned with the 23 base migrations), seed.
• Per-tenant Postgres provisioned via Coolify (default for Team and Business).
• BullMQ job queues on Redis, with retry and dead-letter handling.
• Better Auth configured for email, magic link, OAuth (Google, GitHub, Apple), SAML and SCIM.
• Stripe scaffolded with pricing page, customer portal, webhook handlers, and cent-exact metering.
• next-intl scaffolded with EN, AR, ES message files and RTL support.
• MinIO object storage wiring for artifacts, uploads, and generated-app assets.
• GHCR-published container image built for Coolify deploy.
• Observability wiring (Sentry, PostHog, OpenTelemetry).
• Docker compose local runtime (Postgres 16, Redis 7, MinIO).
• CI config (6 gates).

4.4 Build

The engine writes feature code in small, atomic commits. Each commit has:

• A conventional-commit subject line.
• A Shakeeb decision record ID in the trailer.
• A link to the brief section it implements.

No feature is batched into a single giant commit. Rollback is always possible at commit granularity.

4.5 Test

The engine auto-generates tests from the brief. Three kinds, all bundled into the single test CI gate:

• Unit tests for pure logic (Vitest).
• Integration tests for tRPC routers (Vitest against a test database).
• E2E tests for critical flows (Playwright against the staging preview).

Plus the 17 Aleph gates and 6 CI gates (lint, typecheck, build, test, RLS audit, registry).

4.6 Deploy

The engine deploys to staging on every commit that passes all gates. Production deploys require:

• A staging preview.
• User signoff on the diff.
• A Shakeeb recommendation (go, hold, or rollback candidate).
• Optional custom policy approvals.

4.7 Operate

Once a project is live, the engine runs:

• Ambient monitoring via the observability stack.
• Cost, error, and usage anomaly surfacing.
• Change request loop back to Build.
• Assembly Line execution in parallel. The bundle delivery cadence (legal day 3, finance day 5, marketing + content day 8, compliance day 10, ops + sales day 12, closeout day 14) runs during this stage. Bundle deliverables are produced by the Assembly Line, gated by the 8 Assembly Line gates, and surfaced through the bundle timeline.

5. The 17 Aleph gates

Gates run before CI. They check the generated code for shape, not for functional correctness (that is CI's job). Targets are measured per project.

Gate	What it checks
G1 Schema integrity	Drizzle migrations compile, no orphan FKs, no column drops without data plan
G2 Tenant scoping	Every new table has tenant_id or is explicitly shared; every query scopes by tenant
G3 RLS policy	Every tenant-scoped table has an active RLS policy
G4 Secret hygiene	No literal secrets; env reads go through typed config; vault references exist
G5 i18n completeness	Every new user-facing string has EN, AR, ES keys
G6 a11y floor	New UI passes WCAG 2.2 AA axe-core checks
G7 Auth coverage	Every new route declares auth requirement or is marked public
G8 Capability class	Every new tool call declares read, write, or destructive
G9 Rollback path	Every write has a documented rollback
G10 Observability hooks	Sentry, PostHog, OpenTelemetry wired on new flows
G11 Billing hook	Every metered surface emits a meter event with the correct unit
G12 Test coverage floor	Critical flows have at least one E2E, new routers have an integration test
G13 Migration class	Every migration is labeled destructive, reversible, or zero-downtime
G14 Design token use	New UI uses the locked palette and typography tokens, not hardcoded values
G15 Error boundary	Every route or component group has an error boundary
G16 Empty state	Every data surface has an empty state
G17 Voice fallback	Every voice flow has a text fallback path

Violations block the commit at the engine level, not at CI. A gate violation is a Shakeeb decision item the user can override with policy.

6. The 6 CI gates

Applied after Aleph gates pass. Standard CI on the generated repo.

1. Lint (ESLint + Stylelint).
2. Typecheck (tsc --noEmit).
3. Build artifact (Next.js 16 build, Drizzle generate, bundle analyzer threshold, GHCR image build).
4. Test (Vitest unit + integration against a test database, Playwright E2E against the staging preview).
5. RLS audit (tenant-scoped query audit across Drizzle schema; a schema change without a corresponding RLS policy blocks merge).
6. Registry (Tool Registry capability and policy check; every new tool call resolves to a registered, version-pinned entry with a declared capability class).

Target: first-try pass rate above 70 percent by Q3 2026.

7. Commit model

Every file mutation is a commit. No in-place edits that don't land in git.

• Author: Shakeeb <[email protected]> on behalf of the project owner.
• Trailer: Shakeeb-Decision: <decision-id> and Brief-Ref: <section-id>.
• Signing: commits are signed by the Aleph build-signing key; the public key is published.

A human can push to the same repo; Aleph treats human commits as trusted and does not re-run the 17 gates unless CI fails. (Humans are expected to have read the same spec; trust is mutual.)

8. Deploy model

Two environments per project: staging and production. Optional: preview per branch.

• Staging: automatic on green build.
• Production: gated on signoff (see 4.6).
• Preview: optional, per feature branch, one-click from the dashboard.

Deploys go through GHCR plus Coolify on the default stack. Aleph builds a container image, pushes it to GHCR, and Coolify pulls and rolls out against the per-tenant Postgres fleet. Enterprise VPC-Vault deploys go through the customer-managed pipeline: Aleph produces the deploy plan and the GHCR-published image; Coolify (or the customer-managed equivalent) executes the rollout inside the customer cloud.

9. Rollback model

Three rollback paths, all first-class.

1. Code rollback. git revert <sha> followed by redeploy. Most common.
2. Schema rollback. Recorded Drizzle down migration plus reconciliation steps. Used when a schema change is destructive in retrospect.
3. Config rollback. Vault and env restoration from the audit log. Used after a misconfiguration.

A rollback is itself a commit. It carries its own Shakeeb decision record and is visible in the audit log.

10. Migration handling

Three classes.

1. Zero-downtime. Additive schema change. Applied inline during deploy.
2. Reversible. Migration with a documented down path. Applied with a transaction.
3. Destructive. Irreversible column drop, table rename, or data migration. Requires explicit approval; posture cannot auto-approve.

Every migration carries a risk note authored by Shakeeb. Humans approve destructive migrations before apply.

11. 72-hour SLA mechanics (code track)

• Clock starts at brief signoff.
• Clock covers stages 2 through 6 (Plan, Scaffold, Build, Test, Deploy).
• Stages are not individually bounded. Complexity flexes where it should.
• Aleph dashboards show clock status per project.
• Missing the clock surfaces an incident on the Operate surface.

11a. 7-to-14-day SLA mechanics (bundle track)

• Clock starts at brief signoff (same as the code track).
• Milestones: legal pack day 3, finance day 5, marketing + content day 8, compliance day 10, ops + sales day 12, closeout day 14.
• Customer can accelerate or reorder packs at any time without penalty.
• Missing a milestone surfaces an incident on the Operate surface with the specific pack and cause (dependency, review hold, generation failure).
• Full specification: Generated-Business-Standard §4.

12. Metrics (internal)

Metric	Target
Gate-pass rate first try (code)	Above 70 percent by Q3 2026
Gate-pass rate first try (bundle / Assembly Line)	Above 80 percent by Q3 2026
TTFD (signup to first prod deploy)	Under 60 minutes at launch
TTFB (signup to full bundle delivered)	10 days median at launch, 7 days by end of 2026
Commit-to-staging median	Under 10 minutes
Commit-to-production median	Under 45 minutes (assuming approval)
Rollback MTTR	Under 15 minutes
Bundle deliverable regeneration median	Under 5 minutes per document

13. Open questions

Tracked in the Open-Questions-Ledger.

• Build sharding model for very large generated apps.
• Preview environments lifetime policy.
• Monorepo generation for ecosystems that need multiple apps.
• Opt-in pre-push local gate runner for developers who keep editing post-eject.

---

Related docs: Aleph-Product-Spec, Generated-App-Standard, Tool-Registry, Data-Model, Tenant-Model, Observability-Spec.