Day 1 labs
Every lab uses synthetic, sanitised or explicitly approved inputs. Never enter secrets, credentials or unapproved personal data.
Lab 1 — Source-grounded Jira/Confluence (45 min)
Mission: retrieve one pre-vetted Oodle issue and approved sources; find missing context without inventing it.
Inputs: approved Jira issue, Confluence/source pack, Jira/Confluence MCP, source checklist.
Steps: retrieve the issue and sources; identify at least two missing pieces; draft user, problem, evidence, assumptions and unresolved questions; preserve source links. A human approves before any write.
Done when: another pair can trace every claim and name the unresolved questions.
Safety boundary: read-only until facilitator approval; approved spaces only.
Stretch: propose acceptance checks, labelling each as sourced or inferred.
Lab 2 — Role-based Cowork / Claude Code (45 min)
Mission: produce a useful artefact in the work surface that matches your role.
Inputs: source-grounded brief from Lab 1, Cowork, approved repository slice, normal test command.
Steps: product/finance/data participants use Cowork to create a requirement, test matrix, analysis plan, decision paper, stakeholder brief or risk assessment; engineers use Claude Code read-only to explain behaviour, likely files and tests. Pair across roles and challenge the output.
Done when: the participant can explain the result in their own words, identify an uncertainty and defend every source.
Safety boundary: no repository edits; no external sends; no unsupported business rule.
Stretch: perform a context relay and record what was lost between artefacts.
Lab 3 — Grill the requirement (45 min)
Mission: freeze WHO, WHAT, WHY, NOT and DONE before generation.
Inputs: templates/requirement.md, approved sources, risk traffic light.
Steps: answer one question at a time; distinguish required behaviour from implementation; add a happy path, edge case and explicit exclusion in Given/When/Then form; name the authoritative verifier.
Done when: another team can repeat the contract, proof and red line without asking a question.
Safety boundary: unresolved policy or business truth stays an open question, never an agent assumption.
Stretch: ask an adversarial reviewer to find one ambiguity, then resolve or record it.
Lab 4 — Evaluation stack (30 min)
Mission: define confidence before seeing the final output.
Inputs: frozen requirement, templates/evaluation-rubric.md, fixed examples or test set.
Steps: add each applicable layer—deterministic, source-grounded, AI-assisted and human-only. Human-only includes regulatory judgement, customer impact, security risk and production decisions where relevant.
Done when: every acceptance signal has an owner, method and evidence location.
Safety boundary: AI may assist review but cannot own regulated, customer-impacting, security or release decisions.
Stretch: add one known-failure case and its recovery path.
Lab 5 — Day 2 scope lock (30 min)
Mission: prepare a buildable, safe brief and mixed team for Day 2.
Inputs: requirement, evaluation rubric, risk traffic light, proof packet and approved systems.
Steps: choose the thinnest slice; confirm product, engineering, domain, risk and proof roles; name non-goals; test access; draft the continue/reshape/stop decision rule.
Done when: the facilitator approves the draft contract, proof, red line, roles and fallback.
Safety boundary: a red use case does not enter the hackathon; amber requires named controls and reviewer.
Stretch: identify the reusable skill, rule, test, Jira flow or playbook the team hopes to leave behind.
# Day 1 labs Every lab uses synthetic, sanitised or explicitly approved inputs. Never enter secrets, credentials or unapproved personal data. ## Lab 1 — Source-grounded Jira/Confluence (45 min) **Mission:** retrieve one pre-vetted Oodle issue and approved sources; find missing context without inventing it. **Inputs:** approved Jira issue, Confluence/source pack, Jira/Confluence MCP, source checklist. **Steps:** retrieve the issue and sources; identify at least two missing pieces; draft user, problem, evidence, assumptions and unresolved questions; preserve source links. A human approves before any write. **Done when:** another pair can trace every claim and name the unresolved questions. **Safety boundary:** read-only until facilitator approval; approved spaces only. **Stretch:** propose acceptance checks, labelling each as sourced or inferred. ## Lab 2 — Role-based Cowork / Claude Code (45 min) **Mission:** produce a useful artefact in the work surface that matches your role. **Inputs:** source-grounded brief from Lab 1, Cowork, approved repository slice, normal test command. **Steps:** product/finance/data participants use Cowork to create a requirement, test matrix, analysis plan, decision paper, stakeholder brief or risk assessment; engineers use Claude Code read-only to explain behaviour, likely files and tests. Pair across roles and challenge the output. **Done when:** the participant can explain the result in their own words, identify an uncertainty and defend every source. **Safety boundary:** no repository edits; no external sends; no unsupported business rule. **Stretch:** perform a context relay and record what was lost between artefacts. ## Lab 3 — Grill the requirement (45 min) **Mission:** freeze WHO, WHAT, WHY, NOT and DONE before generation. **Inputs:** `templates/requirement.md`, approved sources, risk traffic light. **Steps:** answer one question at a time; distinguish required behaviour from implementation; add a happy path, edge case and explicit exclusion in Given/When/Then form; name the authoritative verifier. **Done when:** another team can repeat the contract, proof and red line without asking a question. **Safety boundary:** unresolved policy or business truth stays an open question, never an agent assumption. **Stretch:** ask an adversarial reviewer to find one ambiguity, then resolve or record it. ## Lab 4 — Evaluation stack (30 min) **Mission:** define confidence before seeing the final output. **Inputs:** frozen requirement, `templates/evaluation-rubric.md`, fixed examples or test set. **Steps:** add each applicable layer—deterministic, source-grounded, AI-assisted and human-only. Human-only includes regulatory judgement, customer impact, security risk and production decisions where relevant. **Done when:** every acceptance signal has an owner, method and evidence location. **Safety boundary:** AI may assist review but cannot own regulated, customer-impacting, security or release decisions. **Stretch:** add one known-failure case and its recovery path. ## Lab 5 — Day 2 scope lock (30 min) **Mission:** prepare a buildable, safe brief and mixed team for Day 2. **Inputs:** requirement, evaluation rubric, risk traffic light, proof packet and approved systems. **Steps:** choose the thinnest slice; confirm product, engineering, domain, risk and proof roles; name non-goals; test access; draft the continue/reshape/stop decision rule. **Done when:** the facilitator approves the draft contract, proof, red line, roles and fallback. **Safety boundary:** a red use case does not enter the hackathon; amber requires named controls and reviewer. **Stretch:** identify the reusable skill, rule, test, Jira flow or playbook the team hopes to leave behind.