04 architect · Governance
Enterprise Architect
Constitution and ADRs.
The Enterprise Architect is the persona that authors the constitution and curates the decision record. In an AI-native SDLC, the Enterprise Architect operates a stack of validated primitives that turn principles into enforceable policy.
Executive summary
The Enterprise Architect defines the enduring architectural principles, capability model, and decision records that constrain every squad decision in the organization. In an AI-native SDLC the Enterprise Architect operates inside the Governance phase with a fixed set of primitives: one ADR authoring agent, four slash prompts, scoped instructions, schema-validated hooks, and a curated list of validated MCPs. Primary outputs are the CONSTITUTION.md, the Architecture Decision Record catalog, the capability scan report, and the principle-check gates that run on every pull request.
Role and responsibilities
Think of the Enterprise Architect like a constitutional court. They do not pass laws and they do not deliver judgments on every parking ticket, but when a case brings a principle into question, the judgment they render becomes binding precedent. In an AI-native SDLC the principles live in CONSTITUTION.md, the precedents live in ADRs under docs/adr/, and the Enterprise Architect is accountable for coherence across both.
Primary responsibilities:
- Author and maintain
CONSTITUTION.mdwith the enduring architectural principles and constraints - Curate the ADR catalog with a stable ID schema, status lifecycle, and supersession links
- Run capability scans that surface coverage, overlap, and gaps across the enterprise technology portfolio
- Govern the principle-check gate that runs on every architecture-adjacent pull request
- Operate the ADR Drafter agent and the
/constitution,/adr,/principle-check,/capability-scanprompts - Publish the quarterly architecture review to the leadership Teams channel
- Align enterprise direction with Microsoft Azure Well-Architected Framework pillars and GitHub platform standards
Jobs to be done
- As an Enterprise Architect, I want principles authored in markdown with machine-readable tags, so that gates can enforce them without me in the loop.
- As an Enterprise Architect, I want every significant decision captured as an ADR within 48 hours, so that context never evaporates with the author.
- As an Enterprise Architect, I want principle checks to run on every architecture PR, so that violations are caught before merge.
- As an Enterprise Architect, I want capability scans to surface overlap and gaps, so that portfolio rationalization is data-driven.
- As an Enterprise Architect, I want ADRs to supersede, not overwrite, so that the decision history remains auditable.
- As an Enterprise Architect, I want quarterly reviews generated from the ADR diff, so that leadership sees the direction of travel.
Pain points before AI-native
- Principles trapped in slide decks. Slides cannot be enforced by a hook or referenced by a PR comment. Compliance drifts silently.
- ADRs written after the fact. Records authored months later miss the real trade-offs and the people who made them have moved on.
- Capability portfolio invisible. Multiple teams solve the same problem with different stacks, and nobody notices until an acquisition.
- Principle checks done in review meetings. A review that catches a violation after sprint planning is weeks too late.
- Supersession as edit in place. When an ADR is overwritten, audit trail and reasoning evaporate.
AI-native daily workflow
The Enterprise Architect operates a fixed loop each day. The loop uses GitHub Copilot primitives inside Visual Studio Code and Claude Code at the terminal, plus a small catalog of validated MCPs for external context.
Morning setup
- Open the architecture repository in Visual Studio Code. GitHub Copilot Chat loads
AGENTS.mdand the scoped constitution instructions. - Pull the latest
main, review overnight ADR drafts, and list architecture PRs awaiting principle-check. - Run
/principle-checkacross open PRs using the GitHub MCP to surface potential violations. - Review the capability scan dashboard generated from the Azure MCP Server telemetry.
Midday execution
- ADR drafting. Invoke
/adron each decision captured in yesterday’s design conversation. The ADR Drafter agent produces a dated record with context, options, decision, and consequences. - Constitution update. Invoke
/constitutionwhen a recurring ADR pattern warrants a new principle. The agent drafts the clause, tags it, and proposes the gate expression. - Capability scan. Invoke
/capability-scanon the portfolio to detect overlap, gaps, and principle violations in production workloads. The agent uses the Azure MCP and GitHub MCP to aggregate evidence. - Principle-check consultations. Respond to squad requests in Microsoft Teams via the Microsoft 365 Agents SDK, with ADR links as the canonical citation.
Afternoon review
- Invoke
/principle-checkas the final sweep on all open architecture PRs. Block merge on unresolved principle violations, unblock with a linked ADR that either complies or explicitly supersedes. - Open a pull request on the ADR catalog and
CONSTITUTION.mdchanges. GitHub Copilot Code Review comments on clause quality and cross-references. - Regenerate the quarterly architecture review draft from the ADR diff. A post-commit hook updates the draft on every merge.
- Publish the daily architecture digest to the leadership Teams channel via the Microsoft 365 Agents SDK.
Recommended primitives
Agent
| Agent | File | Purpose |
|---|---|---|
adr-drafter | .github/agents/adr-drafter.agent.md | Draft and curate ADRs, maintain CONSTITUTION.md, run principle checks and capability scans |
The ADR Drafter uses claude-sonnet-4-6 by default. Tools: read, edit, search, grep, glob. No bash access. Extended thinking is enabled for /capability-scan only, where cross-portfolio correlation benefits from deep reasoning.
Slash prompts
| Command | File | Purpose |
|---|---|---|
/constitution | .github/prompts/constitution.prompt.md | Author or revise an enduring architectural principle |
/adr | .github/prompts/adr.prompt.md | Draft an Architecture Decision Record with context, options, decision, consequences |
/principle-check | .github/prompts/principle-check.prompt.md | Sweep open PRs for principle violations and ADR alignment |
/capability-scan | .github/prompts/capability-scan.prompt.md | Detect portfolio overlap, gaps, and principle violations in production |
Instructions scoped
Scoped applyTo reduces token cost by approximately 68 percent compared to global instructions.
Scope (applyTo) | File | Purpose |
|---|---|---|
CONSTITUTION.md | .github/instructions/constitution.instructions.md | Principle clause format, tag schema, gate expression syntax |
docs/adr/**/*.md | .github/instructions/adr.instructions.md | ADR template, status lifecycle, supersession rules |
docs/capability/**/*.md | .github/instructions/capability.instructions.md | Capability map schema and evidence requirements |
Hooks
Hooks cost zero LLM tokens. They are the strongest governance layer for enterprise architecture.
pre-commit: reject any ADR without context, options, decision, and consequences; reject any principle without a tag and a gate expressionpost-commit: regenerate the ADR index and the quarterly review draftpre-merge: run principle-check on the diff and block merge on unresolved violations unless a linked ADR supersedes
Validated MCPs
| MCP | Purpose | Owner |
|---|---|---|
| GitHub MCP Server | Read architecture PRs, ADRs, and principle-check runs across the organization | GitHub (official) |
| Azure MCP Server | Inspect production workloads, Azure Policy state, and Azure Monitor telemetry for capability scans | Microsoft (official) |
| Microsoft Learn Docs MCP | Ground principles and ADRs in the current Well-Architected Framework and Microsoft product documentation | Microsoft (official) |
| Azure DevOps MCP Server | Read Azure Boards portfolio items when the team uses Azure DevOps | Microsoft (official) |
| Microsoft 365 Agents SDK MCP | Publish digests to leadership Teams channels and ingest decisions from Outlook | Microsoft (official) |
Real examples
Example 1: author a new principle from a recurring ADR pattern
Input: Four recent ADRs independently adopted Azure Key Vault for secret storage in four different squads.
Invocation: /constitution followed by /principle-check.
Expected output:
- A new principle in
CONSTITUTION.mdtitled “Secret storage must use Azure Key Vault with managed identity”, taggedsecurity, with a gate expression that matches direct secret values in.envfiles. - Four ADR updates marking the prior decisions as instances of the new principle.
- A sweep report that flags three new violations across repositories, each filed as a GitHub issue via the GitHub MCP.
Example 2: capability scan ahead of a reorganization
Input: Leadership requests a portfolio rationalization view ahead of the fiscal planning cycle.
Invocation: /capability-scan with scope enterprise.
Expected output:
- A
docs/capability/2026-q3-scan.mdwith overlap rings for customer identity, payment processing, and document storage. - Nine principle violations in production workloads detected via the Azure MCP, each linked to the owning team and the offending resource ID.
- A summary digest posted to the leadership Teams channel via the Microsoft 365 Agents SDK.
Anti-patterns
- Principles without gates. A principle that cannot be checked is a poster. Mitigation: the
pre-commithook rejects principles without a gate expression. - ADRs edited in place. Overwriting destroys audit trail. Mitigation: supersession via a new ADR ID is the only allowed path.
- Verbal architecture reviews. If the review does not produce an ADR, the decision will be relitigated. Mitigation: every review closes by invoking
/adr. - Capability sprawl unmeasured. Without a scan, overlap grows quietly. Mitigation:
/capability-scanruns on a scheduled GitHub Actions workflow. - Principle-check as review-meeting item. Too late, too verbal. Mitigation:
pre-mergehook runs the check automatically.
KPIs and impact metrics
| KPI | Baseline | Target | Measurement |
|---|---|---|---|
| ADR cycle time, decision to merged record | 2 weeks | < 48 hours | GitHub PR timestamps |
| Principle-check PR coverage | 25 percent | 100 percent | GitHub Actions runs |
| Principles with gate expressions | 10 percent | 100 percent | Constitution linter |
| Capability scan cadence | Ad-hoc | Monthly | Scheduled GitHub Actions run |
| Principle violations remediated within SLA | 40 percent | > 90 percent | Violation issues closed |
| ADR supersession rate vs overwrite | 30 percent | 100 percent | ADR history diff audit |
Maturity in four levels
| Level | Name | Markers |
|---|---|---|
| L1 | Manual | Principles in slides, ADRs irregular, capability map verbal |
| L2 | Assisted | Copilot used to polish ADR prose, no gates, no catalog structure |
| L3 | Augmented | ADR Drafter agent, four slash prompts, scoped instructions, GitHub and Azure MCPs, principle-check on PR |
| L4 | Autonomous | Full primitives kit, hooks enforced, capability scans scheduled, quarterly review generated, supersession discipline |
Integration with other personas
- From Business Manager: OKR tree that informs principle priorities and capability coverage
- To Software Architect: principles and ADRs that constrain
CODEMAP.mdand API contract decisions - To Technical Lead: machine-readable principles that feed scoped instructions and hooks across squads
- To Platform Architect: capability scan evidence that drives platform service roadmap
- To InfoSec Officer: security principles with gate expressions that align with GitHub Advanced Security and Azure Policy
- To Compliance Auditor: ADR history as auditable decision record
- To DevOps Engineer: principle-check as a required status check on every architecture-adjacent workflow
Glossary
- Constitution: the living document of enduring architectural principles, tagged and bound to gate expressions.
- ADR: Architecture Decision Record. A dated, numbered record with context, options, decision, and consequences.
- Principle: a constraint that all squads must satisfy unless a linked ADR explicitly supersedes.
- Principle-check: automated sweep that verifies pull request changes against principle gate expressions.
- Capability scan: portfolio-wide analysis of coverage, overlap, and gaps across services.
- Supersession: the act of replacing an ADR with a new ADR that explicitly links the prior record.
References
- Azure Well-Architected Framework — pillars used as the backbone of enterprise principles
- Azure Policy documentation — policy as code that enforces principles on Azure resources
- GitHub Advanced Security documentation — security gates that align with enterprise principles
- GitHub Copilot documentation — agent mode, prompts, and instructions
- Microsoft Cloud Adoption Framework — governance patterns for enterprise architecture