Skip to main content

A2A Prompt Ops: stratt-run Marketing Site CI/CD + Iterative Hardening

What Are A2A Prompt Ops?

Agent-to-Agent operations (A2A ops) are automation workflows where one AI agent orchestrates tasks from another, with explicit gates and human-in-the-loop approval points. In the context of stratt-run, we use A2A ops to:
  1. Generate marketing site scaffold from a template
  2. Validate output against invariants (DOM purity, CSP headers, accessibility)
  3. Harden in stages (TS1 → TS6)
  4. Approve each gate before proceeding to the next phase
This approach is faster than manual iteration and auditable via Git + CI logs.

Campaign: “Marketing Site Hardening via A2A Validation”

Goal

Automate the journey from basic Astro scaffold → production-ready marketing site with zero manual quality checks. Each stage passes through a machine-verifiable gate before human approval.

Phases

Phase 1: Scaffold Generation (TS1)

Agent Role: Generate base files (package.json, astro.config.mjs, tsconfig.json, vercel.json, layouts, pages) Prompt: 
You are an expert Astro developer. Generate a production-ready marketing site scaffold for a Vercel deployment 
matching these constraints:
- Framework: Astro 5.7 (static output, Vercel adapter)
- Design: Dark theme with CSS tokens matching stratt-works
- Security: vercel.json with CSP headers, HSTS, Referrer-Policy
- Redirects: /about → /#about, /demos → /#terminal-demo, /docs → meridian.devarno.cloud, /enterprise → /#subscribe
- Pages: home (stub), 404 (styled), install, changelog, thanks, privacy
- Playwright config: port 4344, GitHub reporter
- Zero STRATT deps (pure marketing surface)

Output the directory structure and each file's contents.
Validation Gate (automated): 
bun run build  # Must succeed, producing dist/ with 2+ pages
bun run typecheck  # No TS errors
ls apps/stratt-run/public/{favicon.svg,robots.txt,security.txt}  # Static assets present
Human Gate: Review vercel.json security headers. Approve or request changes.

Phase 2: Content (TS2)

Agent Role: Generate landing content components (HeroSection, TerminalDemo, EmailCaptureForm) Prompt: 
Generate Astro components for a prompt engineering landing page:
1. HeroSection: tagline "outcome-first", subtitle, CTA to #subscribe
2. TerminalDemo: CSS-only animation showing a chain validation CLI flow (7 lines, no JS, respects prefers-reduced-motion)
3. EmailCaptureForm: email/name inputs, 3 interest checkboxes (chains, gates, cli), honeypot field, Turnstile placeholder

Use dark theme tokens: --accent: #6ea8ff, --bg: #0f1115, etc.
All components integrate into index.astro.
Validation Gate: 
bun run build  # Must succeed
grep -q "prefers-reduced-motion" src/components/TerminalDemo.astro  # Animation respects preference
grep -q "honeypot" src/components/EmailCaptureForm.astro  # Bot protection present
Human Gate: Lighthouse performance check (≥90 on landing page). Approve or request optimizations.

Phase 3: Integrations (TS3)

Agent Role: Wire Buttondown + Turnstile + analytics event tracking Prompt: 
Implement email subscription flow:
1. Create src/lib/subscribe.ts: typed wrapper for Buttondown embed endpoint, honeypot validation, tag mapping
2. Wire EmailCaptureForm.astro: client-side Turnstile captcha, POST to Buttondown, event tracking
3. Create /thanks.astro: double-opt-in confirmation page
4. Update .env.example with PUBLIC_TURNSTILE_SITE_KEY, PUBLIC_BUTTONDOWN_USERNAME

Ensure:
- Honeypot check prevents bots client-side
- Turnstile error shows graceful message ("Captcha failed, try again")
- Duplicate email (409 from Buttondown) handled gracefully ("Already subscribed")
- Success redirects to /thanks with confirmation message
Validation Gate: 
bun run build  # Must succeed
grep -q "trackEmailSubmit" src/components/EmailCaptureForm.astro  # Event tracking wired
grep -q "/thanks" src/components/EmailCaptureForm.astro  # Redirect configured
bun run typecheck  # All subscribe.ts types check out
Human Gate: Manual test with test Buttondown account. Verify email arrives, confirm link works, check for GDPR-compliant unsubscribe.

Phase 4: Static Data Pages (TS4)

Agent Role: Generate install + changelog pages, with prebuild script Prompt: 
Generate pages + data:
1. src/pages/install.astro: keyboard-accessible tabs (npm/bun/pnpm) with step-by-step commands
2. src/pages/changelog.astro: renders from src/data/releases.json (baked at build time)
3. src/data/install-instructions.ts: typed install steps per package manager
4. src/data/releases.json: seed data with 5 fake releases (v0.3.0 → v0.4.2)
5. scripts/fetch-releases.ts: GitHub API fetcher with graceful fallback

Include prebuild hook: package.json scripts: prebuild runs fetch-releases.ts before astro build.
Validation Gate: 
bun run build  # Must succeed, installing + changelog pages render
ls src/data/{releases.json,install-instructions.ts}  # Static data present
grep -q "prebuild" package.json  # Prebuild hook configured
Human Gate: Verify tab UI is keyboard-navigable (arrow keys switch tabs, tab key reaches submit buttons). Approve.

Phase 5: Invariants & CI (TS5)

Agent Role: Generate Playwright test suites and GitHub Actions workflow Prompt: 
Create test suite + CI:
1. tests/dom-purity.spec.ts: scan 5 routes for STRATT protocol tokens (stratt://, blake3:, fingerprint:, data-crdt)
   - Refined regex matching to avoid false positives on words like "fingerprints"
2. tests/redirects.spec.ts: verify vercel.json redirects (4 redirects: /about, /demos, /docs, /enterprise)
3. tests/smoke.spec.ts: render checks, nav accessibility, keyboard nav (7 tests)
4. .github/workflows/stratt-run.yml: typecheck → build → E2E on PR

All tests must pass before merge.
Validation Gate: 
bun run test:e2e  # All 16 tests pass
grep -q "stratt://" tests/dom-purity.spec.ts  # Token check present
grep -q "1200 tests/redirects.spec.ts  # Redirect tests present
Human Gate: Review test coverage. Approve if ≥95% of user flows covered. Request additions if gaps exist.

Phase 6: Polish & Launch (TS6)

Agent Role: Generate OG image, privacy page, analytics integration Prompt: 
Final polish:
1. public/og.png: SVG-based 1200x630 image with brand colors, "stratt.run" text, decorative elements
2. src/pages/privacy.astro: full privacy policy naming Buttondown, Vercel, Turnstile as data processors
3. Update package.json: add @vercel/analytics
4. Update BaseLayout.astro: inject Vercel Web Analytics script

Verify:
- No cookies set (Vercel Analytics is cookieless by design)
- Privacy page references GDPR rights (access, delete, correct)
- OG image renders in opengraph.dev validator
Validation Gate: 
bun run build  # Succeeds, sitemap.xml auto-generated
grep -q "@vercel/analytics" package.json  # Analytics dependency present
bun run test:e2e  # All tests still pass (no regressions)
file public/og.png | grep -q "SVG"  # OG is valid SVG
Human Gate:
  • Check OG preview in Slack/Twitter validator (renders correctly)
  • Review privacy policy for legal accuracy (privacy@company email present?)
  • Verify no hardcoded secrets in codebase

A2A Workflow Pattern

Input Specification

Each phase starts with a specification document describing:
  • Deliverables (files, components, tests)
  • Constraints (no external deps, dark theme, etc.)
  • Success criteria (tests pass, types check, accessibility passes)

Agent Execution

Agent generates code, commits to branch, runs validation gates.

Validation Layer (Automated)

# Three categories of checks:
1. Type safety: bun run typecheck
2. Build success: bun run build
3. Behavioral tests: bun run test:e2e
All checks must pass before proceeding to the next phase.

Human Gate (Async)

Engineer reviews:
  • Code quality (patterns, conventions)
  • Security (no secrets, headers correct)
  • UX (accessibility, performance, mobile)
  • Business requirements (messaging, CTAs)
Engineer approves or requests changes. Agent iterates.

Commit & Merge

Once all gates pass, code is merged to main. CI (GitHub Actions) re-runs all checks.

Prompt Templates for Reuse

Template: “Marketing Site Scaffold v1”

You are an expert Astro + Vercel developer. Generate a production-ready marketing site scaffold.

**Constraints**:
- Framework: Astro [VERSION] (static output)
- Adapter: Vercel
- Theme: [THEME_NAME] (provide CSS token values)
- Pages: [LIST PAGES]
- Redirects: [LIST REDIRECTS]
- Integrations: [E.g., email capture, analytics, etc.]
- Test: Must pass `bun run build` + `bun run typecheck`

**Deliverables**:
- package.json (Astro 5.7, Vercel adapter, minimal deps)
- astro.config.mjs
- vercel.json (redirects + headers)
- src/layouts/, src/pages/, src/components/ (stub implementations)
- playwright.config.ts

**Output structure**:
1. Directory tree
2. Each file with full contents
3. Validation command (bun run build)

Template: “Playwright Invariant Tests”

Generate Playwright E2E tests enforcing [INVARIANT_NAME].

**Invariant**: [DESCRIPTION]

**Routes to test**: [LIST ROUTES]

**Test logic**:
[PSEUDOCODE OR SPECIFIC CHECKS]

**Edge cases**:
[LIST EDGE CASES, E.g., "404 page returns 404 status"]

**Deliverables**:
- tests/[invariant-name].spec.ts (complete, runnable test suite)
- Test count: [MIN] tests

**Validation**:
bun run test:e2e  # All tests pass

Benefits of This A2A Approach

BenefitEvidence
Speedstratt-run went from 0 → production in 4 hours (TS1–TS6) vs. manual 2–3 days
Quality16 passing tests provide immediate feedback; regressions caught in seconds, not hours
AuditabilityEvery commit has verified gate status; rollback is safe and reversible
ReproducibilityFuture marketing sites can reuse prompt templates; 30-min copy + reskin
Knowledge capturePrompts serve as executable documentation; new team members learn from generated code

Extending This Pattern

Add a New Invariant

  1. Write the invariant spec (e.g., “All external links must have target="_blank" + rel="noopener"”)
  2. Generate Playwright test (Template: "Playwright Invariant Tests")
  3. Add to .github/workflows/stratt-run.yml
  4. Re-run all phases with new gate in place

Add a New Integration (e.g., Slack)

  1. Spec the integration (e.g., “Slack button, posts to #announcements on submit”)
  2. Update EmailCaptureForm.astro + src/lib/events.ts
  3. Add CSP connect-src https://hooks.slack.com to vercel.json
  4. Run TS3 regeneration with updated spec
  5. All tests still pass

Lessons Learned

  1. Invariants must be precise: Regex-based token matching avoids false positives better than string matching
  2. Fallback paths matter: Prebuild scripts need GitHub API fallback; analytics should degrade gracefully
  3. Playwright runs fast: 16 tests execute in ~6 seconds; local runs catch issues before CI
  4. A2A works best with specs: Ambiguous prompts produce unpredictable output; detailed spec → consistent results
  5. Human gates are essential: Automated checks verify code, humans verify user experience
Recommended Reading: