Core Philosophy ​
Carotene was built to fundamentally change how humans and AI interact during the software development lifecycle. Rather than trying to make AI smarter at architecture, Carotene makes the architecture immune to AI mistakes.
Our design decisions are driven by five core pillars:
1. Specification Over Prompting ​
Natural language is inherently ambiguous. You cannot reliably build secure, enterprise-grade software by writing a 10,000-word prompt and hoping the LLM interprets your architectural intent correctly every time.
Carotene replaces prompt engineering with deterministic specification. The .carrot contract file is the absolute source of truth. It defines the exact boundaries, data structures, and permissions of your system using strict syntax. By removing ambiguity, we eliminate the AI's tendency to hallucinate design patterns.
2. AI as the Engine, Not the Architect ​
Language models are incredible logic engines but terrible structural architects. They excel at writing a specific algorithmic function, but they struggle to maintain complex dependency graphs across a sprawling codebase.
Carotene restricts the AI to the role it is best at: implementation. You act as the Architect, defining the topology and guardrails. The framework generates the overarching infrastructure, and the AI is treated purely as a compute engine that fills in isolated, single-responsibility functions.
3. No AI Self-Policing ​
Most AI development tools rely on "system prompts" to enforce security rules (e.g., "You are an expert developer. Do not make unauthorized network calls"). This is fundamentally flawed. AI models suffer from prompt drift and can easily be tricked or confused into bypassing these soft rules.
Carotene operates on a Zero-Trust model for AI generation. We do not ask the AI to police itself. Instead, Carotene enforces rules mathematically via the compiler and runtime environments.
- If a function is not explicitly granted the
updates store.Databaseverb in the contract, the injected dependencies simply will not have write access. - If the AI tries to write unauthorized side-effects, the build fails.
4. Human-AI Interchangeability (Zero Lock-In) ​
Carotene does not force you into an AI-only workflow. The compiler generates standard, idiomatic projects in your target languages (TypeScript, Go, Rust, etc.)—there is no proprietary vendor lock-in or messy "AI-only" code artifacts.
Because the contract file strictly defines the inputs, outputs, and boundaries for every single function, human engineers and AI agents are completely interchangeable. * You can use Carotene purely to layout the architecture and hand the generated stubs to a team of human developers.
You can split the load: assign your senior engineers to write the mission-critical security and payment implementations, while deploying AI agents to rapidly churn out the UI components and standard CRUD logic.
To the Carotene compiler, an implementation is an implementation, regardless of who (or what) wrote it.
5. Convention over Configuration (Progressive Disclosure) ​
A framework should give you an excavator, but it shouldn't require you to build the engine from scratch every time you turn it on.
Carotene is designed with an intelligent Inference Engine. For 90% of use cases, you don't need to specify HTTP protocols, ORM choices, or API gateway handshakes—the compiler infers the most sensible, industry-standard defaults based on context. However, for the remaining 10% where absolute control is required, Carotene provides strict configblocks, allowing you to explicitly override defaults down to the transport layer (e.g., swapping HTTP for UDP).