Mise en Place
Before AI lets you cook, organise your station
Field Note from “The Centrifuge” — Individual Level
I let an agent loose in a repo on a Tuesday.
By Wednesday it had committed three times under my personal email to a client’s repository, built the site against whatever version of Hugo my laptop happened to have installed that month, and — this is the part I think about — helpfully echoed an API token into a log file while debugging a failed deploy. None of it was the agent’s fault. It did exactly what my environment told it to do. The environment just happened to be telling it the wrong things, quietly, the way it had been telling me the wrong things for years. I’d never noticed, because I was slow enough to catch my own mistakes before they mattered.
That’s the thing nobody warns you about. AI doesn’t introduce new failure modes into your local setup. It takes the ones you already had and runs them at a speed where you can no longer step in. The mis-attributed commit, the wrong toolchain version, the secret sitting in cleartext two directories from a `git add .` — all of that was already there. It was survivable because you moved at human speed. You’d notice the warning sign on the way past. Now there is no “on the way past.” There’s the prompt, and then there’s the result.
A professional kitchen runs at a pace that would look insane from the outside. Twelve covers land at once, every one different, every one urgent, and the line doesn’t break. It doesn’t break because of the two hours nobody sees. Before service, every station is prepped: vegetables cut, sauces reduced, tools laid out in the same place they’re laid out every night, everything within reach. The French call it mise en place — everything in its place. Escoffier built the modern kitchen brigade around it. The discipline isn’t what slows the kitchen down. It’s the only reason the kitchen can go that fast without burning the room down.
The rush is the easy part to picture. The prep is what makes the rush survivable.
AI-assisted development is service rush. The orders come faster than you can think, and the temptation is to believe the tool will absorb the chaos for you. It won’t. It accelerates into the chaos. A chef with a disorganised station doesn’t get faster when the orders pile up — they get a fire. And the engineering equivalent of a fire is the leaked key, the irreproducible build, the commit nobody can trace, the afternoon spent reverse-engineering what your own machine did while you weren’t looking.
The unglamorous truth is that the prep was always the point. We just got away with skipping it for as long as the work stayed slow.
So what does mise en place look like for a developer’s local environment? Four things, in order of how much they’ll hurt you if you skip them.
A reproducible toolchain. “Works on my laptop” is a confession, not a status. The version of Hugo, Go, Node, or Python that builds your project should be declared in the repo and locked, so it’s identical on your machine, the next machine, and the agent’s process. I use Nix flakes with a committed lockfile: the recipe and its exact versions travel with the code. The payoff isn’t purity points. It’s that a build can never silently depend on something that only exists in your shell history.
Secrets that never touch the working tree. A token in a `.env` file is a token in a commit waiting to happen — and agents read files for a living. Secrets belong in a vault (OpenBao, in my setup), fetched at runtime by a small gitignored wiring file, never written into anything tracked. And the rule that actually saves you: anything that was ever in cleartext — an old config, a committed file, your shell history — is compromised. Rotate it at the source. Copying a leaked value into a vault doesn’t un-leak it.
An identity that fails loud. Set no global git name or email, and turn on `useConfigOnly` so git refuses to invent one from your username. Bind identity to context with `includeIf` rules keyed to directories: work repos under one identity, client repos under that client’s, personal under personal. A repo in the wrong place then refuses to commit — “author identity unknown” — instead of cheerfully stamping a client’s history with your personal address. When the thing doing the committing is an agent with no instinct for “wait, which account am I?”, a loud failure is the only guardrail you have.
Tooling that loads itself. You will not remember to activate the right environment every time, and neither will a fresh agent process. direnv makes the environment a property of the directory: step into the folder, the right toolchain and the right wiring are simply there. Discipline you have to remember isn’t discipline. It’s a coin flip you run several times a day.
None of this is new. Reproducible builds, secret hygiene, and identity isolation are decades old. What’s new is that the cost of not having them used to be paid slowly, in occasional bad afternoons, and now it’s paid instantly, at the speed of whatever you just delegated.
Delegation is where the whole thing stops being optional.
The moment you hand an agent your filesystem, every ambiguity in your environment becomes its problem — and therefore yours, a few seconds later and several commits deeper. You have instincts the agent doesn’t. You feel a flicker of doubt before pushing to the wrong remote. You half-remember that this client uses a different account. The agent has none of that. It reads the environment as ground truth and acts on it at full speed. Whatever your setup implies, it will do, confidently, dozens of times before you look up.
This reframes the prep work entirely. A reproducible toolchain, secrets out of the tree, an identity that fails loud — these aren’t hygiene for its own sake. They’re the contract that makes handing off the keys safe. They’re the difference between an environment you can delegate into and one where delegation is a slow-motion accident. The prepared station is what lets you say “go” and mean it.
You can’t have an agent prep your mise en place for you, either. That’s the joke of it. The setup is the one part that has to be deliberate, because it’s the part that defines what “fast” is even allowed to mean for everything downstream.
The Centrifuge is about staying whole as the spin accelerates — usually that conversation lives at the level of pace, rest, and how teams fracture along speed lines. This is the same problem one layer down, at the bench you actually put your hands on. You can’t out-discipline burnout with a tidy flake file. But you also can’t go fast safely on a foundation that was only ever held together by you being slow enough to catch it.
The centrifuge throws off whatever isn’t anchored. Your local environment is the anchor closest to your hands. Spend the two hours on prep before the orders land, not during.
I packaged the way I do this — Nix flakes, direnv, per-context git identity, OpenBao — into an open kit, so the setup is a few stated intents rather than a weekend of yak-shaving: github.com/sprantic/sprantic-dev-kit. Take it, fork it, swap the vault for yours.
Where’s your station messy? The honest answer is usually the secret in the file you keep meaning to move.