Spec Driven Development Fans, You'll Love sdd-flow

Last week I shipped Redakt, an open-source GDPR compliance tool. Six features for a web UI and REST API to help us better handle PII (Personally Identifiable Information).

I had been using the spec driven development (SDD) process for months through a plugin I built. When I saw that Claude had expanded the context window to a million tokens, I thought to myself, "Why not try to push the limits of how I was developing software?" What I mean by that is that the SDD process was created to help with context management. It follows a traditional and rigorous software development cycle, but it was slow relative to how fast things move within the AI space. I decided to try just one-shotting a feature using a skill to orchestrate the phases of a development cycle, and it worked surprisingly well.

The skill was not the only thing that optimized the process. Anthropic's release of --permission-mode auto last week was the push that I needed to remove the diapers. I was excited to try it out. This mode is limited for now to Teams accounts. It was flaky initially, but it gave me a taste of the forbidden fruit. I didn't want to go back to confirming every request. At home, I knew there was another option though, a dangerous one, that I had avoided until now: --dangerously-skip-permissions. After close to a year of using Claude, and never having had any "oh shit" moments, I decided to remove all guardrails and bypass permissions. It felt like my face was being pushed back by gravity as you see in fighter pilot videos when they fly at multiple Machs... and the feeling is addictive.

SDD, Not STD

Not STD, as my speech-to-text model often spits out. Specification-driven development guides the AI to research the codebase and the requirements, write the specification, and then implement against that specification. The spec becomes what you version-control and review, while the code is output.

I liked the concept and loved the results.

What /sdd-flow Does

/sdd-flow is a Claude Code skill, a custom slash command that you invoke with a task:

/sdd-flow Add GDPR-compliant audit logging for all anonymization requests

Then a pipeline of subagents takes over. Separate Claude conversations, each with a fresh context window, each handling one phase.

Research. The first subagent investigates the codebase. For Redakt's audit logging feature, it mapped the existing logging setup, found a duplicate handler bug I didn't know about, and flagged that the schema in the code had drifted from the original spec. It produced a research document with file paths, specific line numbers, and integration points.

Adversarial review of the research. A second subagent tears the research apart. For audit logging, it found real issues: six critical gaps, four questionable assumptions, four missing perspectives.

Specification. A planning subagent reads the reviewed research and writes a full spec: functional requirements, edge cases, failure scenarios, security constraints.

Adversarial review of the spec. For audit logging, this caught an issue that if it was fixed at the audit layer, would have meant invasive changes to shared functions upstream.

Implementation, code review, critical review. Code and tests get written against the spec. A code review subagent checks alignment while a critical review subagent does a final adversarial pass. Every finding, no matter how severe, gets resolved before a commit.

How /sdd-flow Looks

After /sdd-flow finishes, you get a directory like this:

SDD/
├── research/
│   └── RESEARCH-006-audit-logging.md
├── requirements/
│   └── SPEC-006-audit-logging.md
├── prompts/
│   ├── PROMPT-006-audit-logging-2026-03-29.md
│   ├── implementation-complete/
│   │   └── IMPLEMENTATION-SUMMARY-006-...md
│   └── context-management/
│       └── progress.md
└── reviews/
    ├── CRITICAL-SPEC-audit-logging-20260329.md
    └── CRITICAL-IMPL-audit-logging-20260329.md

One Skill, Two Modes

Supervised mode is the default because it forces you to make critical decisions that shouldn't be automated, typically. These decisions include reviewing the completed research and reviewing the code before commit.

Autonomous mode exists for features where requirements are clear and you are feeling confident. I used it for some of the later Redakt features after the first two proved the process. But pausing to review is the default for a reason, because confidence is often overconfidence.

Try It

Both the skill and plugin are open source:

• Skill (orchestrator): claude-skills
• Plugin (phase commands): claude-plugins
• Redakt (built with it): redakt, check the SDD/ directory for the full artifact trail

The artifacts in Redakt's SDD/ directory are the best pitch I can make. Read the research documents, the specs, and especially the critical reviews. Then just let the SDD flow.