Agentic Engineering · Syllabus
Course overview
Vibe coding has shipped a lot of broken products. Replit wiped a database and fabricated 4,000 fake users. Lovable left thousands of projects exposed for 48 days. April's MCP RCE put 9,000+ servers at risk. The problem is not prompting. The problem is the moment you trust the agent before you should.
This course teaches the shipping disciplines working engineers actually use in 2026. Spec. Plan. Read the diff. Audit. Test. Eval. Permissions. Adversarial review. Every lecture produces a new small project. The final lecture aggregates all six into a creative portfolio you submit.
Not a prompting course. Not "build with Lovable in 90 minutes". Not a tour of Claude Code.
Who it is for
Early coders who can read code already and are still in the early stretch of learning to write it. A little HTML/CSS/JS or an equivalent language (Python, Java, Go, C#) is enough. Not the first programming course. Not for senior engineers. The middle, where 2026 hiring is concentrated.
You need: terminal fluency, Git basics, a working editor, a GitHub account, a Vercel account, and one agentic CLI installed (Claude Code, Cursor, or Codex CLI) before lesson 1.
After completing the course, you will be able to
- Direct an AI agent through a multi-week, multi-file feature without losing control
- Write specs the AI can execute end to end
- Run two-pass workflows: agent plans, you review as a staff engineer
- Build eval loops that grade the judgment calls a pass/fail test can't
- Audit another team's repo for security, scope, and quality
- Catch the AI's "I solved it" lie before it ships
- Defend your product against adversarial-agent attacks
- Ship to one real person and iterate on their feedback
Skills you will develop
- Claude Code, Cursor, Codex CLI: daily agentic workflows
- Spec writing in the Sean Grove pattern
- Plan Mode + staff-engineer review pass (Boris Cherny pattern)
- TDD with agents (Willison pattern: red, AI, green)
- Eval-loop construction: golden inputs, scorer, baseline, iteration
- Permissions hygiene: deny-first defaults,
CLAUDE.md,settings.json - Adversarial validation: prompt injection, supply-chain hygiene
- Peer code-audit reports
- Creative portfolio composition
Syllabus
Every lecture produces a small standalone project. A student leaves each lecture with a new deployed thing in a new public repo. The final lecture aggregates all six into a single creative portfolio URL, judged on creativity, presentation, and the audit trail behind each project.
Lecture #1 · Day One
- AI ate tactical coding; your strategic skill is the multiplier — your skill is the ceiling on what the agent can do
- The harness over the model: context (
CLAUDE.md/AGENTS.md), skills, and a codebase the agent can navigate - Watch a real product ship live, install the stack, then pick a real user and ship v0
- Setup: v0 — a real, deployed page for your user, built with a starter CLAUDE.md.
Lecture #2 · Reading What AI Ships
- 5-minute shape-test on a foreign repo; query the codebase with the agent, then verify its answers by reading
- Reading diffs at the hunk level; review of a real OSS pull request
- Write the 1-page brief, then ship a repo shape-test tool
- Project 01: a repo shape-test tool. Paste a GitHub URL, get a 5-bullet shape report.
Lecture #3 · First Audit Loop
- Constraint prompts and the hallucination catalog; audit every line into
/audit - The 3-prompt stop rule: close the chat, read the diff, find the bug the agent swears it fixed
- Project 02: an audited landing page for a real friend. Public /audit log committed.
Lecture #4 · Specs Are Source
- Sean Grove pattern: numbered clauses, example prompts as unit tests
- grill-me: a custom skill that turns the agent into an adversarial interviewer of your spec (procedures vs abilities)
- design.md: a source file that keeps the UI on-system (Vercel Geist tokens)
- Project 03: a small CRUD micro-app shipped from a grilled spec and a design.md. /specs/ committed.
Lecture #5 · Loop Engineering
- Plan Mode + a reviewer subagent (Boris Cherny two-pass); a queue of scoped tasks, human-in-loop vs AFK
- Test-first: the failing test is the agent's leash (Willison pattern)
- Eval loops with a held-out gate: don't tune against your only test set
- Project 04: a multi-file feature via two-pass plan, with a red→green test and a held-out eval.
Lecture #6 · Defensive Security
- Deny-first
settings.json; theNEXT_PUBLIC_*keys story; sandbox risky or AFK agents CLAUDE.md/AGENTS.mdhierarchy (global / project / local +#); hooks enforce what a rules file only requests- Project 05: a hardened repo with a CLAUDE.md/AGENTS.md hierarchy, deny-first settings.json, a hook, and audited env.
Lecture #7 · Offensive Security
- Supply-chain hygiene (the Bitwarden CLI hijack); prompt injection in production
- Adversarial agent against your own product: patch, then fix why it happened (buy the lock)
- Peer audit, round-robin: A, B, C, D, E, A
- Project 06: a hardened repo with /adversarial/report.md, the patch trail, and a peer-audit writeup of a neighbor's project.
Lecture #8 · Demo Day online
- Aggregate all six projects into a single creative portfolio
- One public URL, GitHub linked, audit trail behind each project
- Judged on creativity, presentation, and the depth of the audits
- Capstone: one portfolio URL + a linked GitHub. Six projects shown, the audit trail behind each.
Capstone, graded
- 30% portfolio creativity. A clear point of view across the six.
- 25% peer-audit writeup of another student's portfolio.
- 20% completeness. All 6 projects shipped, audits visible.
- 15% adversarial validation on a chosen project.
- 10% portfolio polish. Load time, mobile, typography.
No other AI-coding course in 2026 makes a peer-audited creative portfolio the bar. That is the bet.
Instructor · Nika
Growth engineer, building since 14. nikusha.com · GitHub · X
Last updated 2026-06-14 · nikusha.com