@deftai/directive-content 0.55.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (250) hide show
  1. package/.agents/skills/deft/SKILL.md +6 -0
  2. package/.agents/skills/deft-directive-article-review/SKILL.md +11 -0
  3. package/.agents/skills/deft-directive-build/SKILL.md +10 -0
  4. package/.agents/skills/deft-directive-cost/SKILL.md +12 -0
  5. package/.agents/skills/deft-directive-debug/SKILL.md +13 -0
  6. package/.agents/skills/deft-directive-gh-arch/SKILL.md +11 -0
  7. package/.agents/skills/deft-directive-gh-slice/SKILL.md +10 -0
  8. package/.agents/skills/deft-directive-glossary/SKILL.md +10 -0
  9. package/.agents/skills/deft-directive-interview/SKILL.md +9 -0
  10. package/.agents/skills/deft-directive-pre-pr/SKILL.md +9 -0
  11. package/.agents/skills/deft-directive-refinement/SKILL.md +10 -0
  12. package/.agents/skills/deft-directive-release/SKILL.md +12 -0
  13. package/.agents/skills/deft-directive-review-cycle/SKILL.md +10 -0
  14. package/.agents/skills/deft-directive-setup/SKILL.md +10 -0
  15. package/.agents/skills/deft-directive-swarm/SKILL.md +10 -0
  16. package/.agents/skills/deft-directive-sync/SKILL.md +9 -0
  17. package/.agents/skills/deft-directive-triage/SKILL.md +9 -0
  18. package/.agents/skills/deft-directive-write-skill/SKILL.md +9 -0
  19. package/LICENSE.md +22 -0
  20. package/QUICK-START.md +167 -0
  21. package/UPGRADING.md +517 -0
  22. package/coding/build-output.md +28 -0
  23. package/coding/coding.md +235 -0
  24. package/coding/debugging.md +110 -0
  25. package/coding/holzmann.md +96 -0
  26. package/coding/hygiene.md +127 -0
  27. package/coding/security.md +158 -0
  28. package/coding/testing.md +162 -0
  29. package/coding/toolchain.md +44 -0
  30. package/commands.md +300 -0
  31. package/context/context.md +57 -0
  32. package/context/deterministic-split.md +67 -0
  33. package/context/examples.md +26 -0
  34. package/context/fractal-summaries.md +69 -0
  35. package/context/long-horizon.md +46 -0
  36. package/context/spec-deltas.md +177 -0
  37. package/context/tool-design.md +34 -0
  38. package/context/working-memory.md +62 -0
  39. package/contracts/boundary-maps.md +65 -0
  40. package/contracts/deterministic-questions.md +59 -0
  41. package/contracts/hierarchy.md +77 -0
  42. package/conventions/content-manifest.json +399 -0
  43. package/conventions/machine-generated-banner.md +130 -0
  44. package/conventions/references.md +120 -0
  45. package/conventions/rule-ownership.json +382 -0
  46. package/conventions/task-caching.md +43 -0
  47. package/conventions/vbrief-filenames.md +70 -0
  48. package/deployments/README.md +37 -0
  49. package/deployments/agentuity/README.md +138 -0
  50. package/deployments/agentuity/via-cli.md +380 -0
  51. package/deployments/agentuity/via-cloud.md +425 -0
  52. package/deployments/agentuity/via-github-actions.md +664 -0
  53. package/deployments/agentuity/via-gravity-network.md +606 -0
  54. package/deployments/agentuity/via-vpc.md +607 -0
  55. package/deployments/aws/README.md +38 -0
  56. package/deployments/aws/via-app-runner.md +612 -0
  57. package/deployments/aws/via-ecs-fargate.md +561 -0
  58. package/deployments/aws/via-elastic-beanstalk.md +628 -0
  59. package/deployments/aws/via-lambda.md +649 -0
  60. package/deployments/azure/README.md +37 -0
  61. package/deployments/azure/via-aks.md +390 -0
  62. package/deployments/azure/via-app-service.md +564 -0
  63. package/deployments/azure/via-container-apps.md +599 -0
  64. package/deployments/azure/via-functions.md +552 -0
  65. package/deployments/cloud-gov/README.md +63 -0
  66. package/deployments/cloud-gov/agents/compliance-docs.md +154 -0
  67. package/deployments/cloud-gov/agents.md +39 -0
  68. package/deployments/cloud-gov/cicd.md +64 -0
  69. package/deployments/cloud-gov/deployment.md +150 -0
  70. package/deployments/cloud-gov/logging.md +43 -0
  71. package/deployments/cloud-gov/manifest.md +121 -0
  72. package/deployments/cloud-gov/overview.md +58 -0
  73. package/deployments/cloud-gov/security.md +46 -0
  74. package/deployments/cloud-gov/services.md +72 -0
  75. package/deployments/cloud-gov/upstream/README.md +18 -0
  76. package/deployments/cloudflare/README.md +33 -0
  77. package/deployments/cloudflare/via-dashboard.md +83 -0
  78. package/deployments/cloudflare/via-git.md +90 -0
  79. package/deployments/cloudflare/via-github-actions.md +185 -0
  80. package/deployments/cloudflare/via-terraform.md +157 -0
  81. package/deployments/cloudflare/via-wrangler.md +165 -0
  82. package/deployments/fly-io/README.md +37 -0
  83. package/deployments/fly-io/via-dockerfile.md +648 -0
  84. package/deployments/fly-io/via-flyctl.md +653 -0
  85. package/deployments/fly-io/via-github-actions.md +695 -0
  86. package/deployments/fly-io/via-multi-region.md +598 -0
  87. package/deployments/google/README.md +34 -0
  88. package/deployments/google/via-app-engine.md +42 -0
  89. package/deployments/google/via-cloud-functions.md +23 -0
  90. package/deployments/google/via-cloud-run.md +330 -0
  91. package/deployments/google/via-gke.md +23 -0
  92. package/deployments/netlify/README.md +99 -0
  93. package/deployments/netlify/via-cli.md +17 -0
  94. package/deployments/netlify/via-functions.md +19 -0
  95. package/deployments/netlify/via-git.md +25 -0
  96. package/deployments/vercel/README.md +90 -0
  97. package/deployments/vercel/via-api.md +16 -0
  98. package/deployments/vercel/via-cli.md +17 -0
  99. package/deployments/vercel/via-git.md +24 -0
  100. package/docs/BROWNFIELD.md +179 -0
  101. package/docs/getting-started.md +137 -0
  102. package/docs/good-agents-md.md +137 -0
  103. package/events/README.md +89 -0
  104. package/events/event-record.schema.json +26 -0
  105. package/events/registry.json +166 -0
  106. package/events/registry.schema.json +71 -0
  107. package/glossary.md +145 -0
  108. package/incidents/README.md +81 -0
  109. package/incidents/_template.md +38 -0
  110. package/interfaces/cli.md +104 -0
  111. package/interfaces/rest.md +212 -0
  112. package/interfaces/tui.md +242 -0
  113. package/interfaces/web.md +123 -0
  114. package/languages/6502-DASM.md +132 -0
  115. package/languages/c.md +235 -0
  116. package/languages/commands.md +23 -0
  117. package/languages/cpp.md +132 -0
  118. package/languages/csharp.md +259 -0
  119. package/languages/dart.md +183 -0
  120. package/languages/delphi.md +218 -0
  121. package/languages/elixir.md +208 -0
  122. package/languages/go.md +78 -0
  123. package/languages/java.md +278 -0
  124. package/languages/javascript.md +163 -0
  125. package/languages/julia.md +175 -0
  126. package/languages/kotlin.md +193 -0
  127. package/languages/markdown.md +168 -0
  128. package/languages/mermaid.md +146 -0
  129. package/languages/officejs.md +392 -0
  130. package/languages/python.md +209 -0
  131. package/languages/r.md +163 -0
  132. package/languages/rust.md +216 -0
  133. package/languages/sql.md +216 -0
  134. package/languages/swift.md +153 -0
  135. package/languages/typescript.md +132 -0
  136. package/languages/vba.md +279 -0
  137. package/languages/vhdl.md +180 -0
  138. package/languages/visual-basic.md +151 -0
  139. package/languages/zig.md +196 -0
  140. package/meta/SOUL.md +27 -0
  141. package/meta/code-field.md +44 -0
  142. package/meta/morals.md +40 -0
  143. package/meta/philosophy.md +39 -0
  144. package/meta/project.md +49 -0
  145. package/meta/ralph.md +223 -0
  146. package/meta/security.md +80 -0
  147. package/meta/versioning.md +326 -0
  148. package/package.json +22 -0
  149. package/packs/lessons/lessons-pack-0.1.json +553 -0
  150. package/packs/patterns/patterns-pack-0.1.json +57 -0
  151. package/packs/rules/rules-pack-0.1.json +4767 -0
  152. package/packs/skills/skills-pack-0.1.json +262 -0
  153. package/packs/strategies/strategies-pack-0.1.json +167 -0
  154. package/packs/swarm-spec/swarm-spec-pack-0.1.json +17 -0
  155. package/patterns/executor-layer-credentials.md +227 -0
  156. package/patterns/llm-app.md +156 -0
  157. package/patterns/multi-agent.md +278 -0
  158. package/patterns/prompt-assembly-layer-ordering.md +154 -0
  159. package/patterns/role-as-overlay.md +179 -0
  160. package/platforms/2600.md +137 -0
  161. package/platforms/unity.md +329 -0
  162. package/references/composer-skill-porting.md +152 -0
  163. package/references/cost-models.md +163 -0
  164. package/references/ip-risk.md +246 -0
  165. package/references/plain-english-ux.md +275 -0
  166. package/resilience/context-pruning.md +67 -0
  167. package/resilience/continue-here.md +62 -0
  168. package/scm/changelog.md +276 -0
  169. package/scm/git.md +139 -0
  170. package/scm/github.md +265 -0
  171. package/secrets/.gitkeep +0 -0
  172. package/skills/deft-build/SKILL.md +20 -0
  173. package/skills/deft-directive-article-review/SKILL.md +156 -0
  174. package/skills/deft-directive-build/SKILL.md +302 -0
  175. package/skills/deft-directive-cost/SKILL.md +201 -0
  176. package/skills/deft-directive-debug/SKILL.md +140 -0
  177. package/skills/deft-directive-decompose/SKILL.md +96 -0
  178. package/skills/deft-directive-gh-arch/SKILL.md +160 -0
  179. package/skills/deft-directive-gh-slice/SKILL.md +199 -0
  180. package/skills/deft-directive-glossary/SKILL.md +118 -0
  181. package/skills/deft-directive-interview/SKILL.md +528 -0
  182. package/skills/deft-directive-pre-pr/SKILL.md +131 -0
  183. package/skills/deft-directive-probe/SKILL.md +127 -0
  184. package/skills/deft-directive-refinement/SKILL.md +403 -0
  185. package/skills/deft-directive-release/SKILL.md +266 -0
  186. package/skills/deft-directive-review-cycle/SKILL.md +401 -0
  187. package/skills/deft-directive-setup/SKILL.md +717 -0
  188. package/skills/deft-directive-swarm/SKILL.md +989 -0
  189. package/skills/deft-directive-sync/SKILL.md +288 -0
  190. package/skills/deft-directive-triage/SKILL.md +137 -0
  191. package/skills/deft-directive-write-skill/SKILL.md +169 -0
  192. package/skills/deft-interview/SKILL.md +16 -0
  193. package/skills/deft-pre-pr/SKILL.md +16 -0
  194. package/skills/deft-review-cycle/SKILL.md +16 -0
  195. package/skills/deft-roadmap-refresh/SKILL.md +16 -0
  196. package/skills/deft-setup/SKILL.md +20 -0
  197. package/skills/deft-swarm/SKILL.md +16 -0
  198. package/skills/deft-sync/SKILL.md +16 -0
  199. package/strategies/README.md +83 -0
  200. package/strategies/artifact-guards.md +85 -0
  201. package/strategies/bdd.md +115 -0
  202. package/strategies/brownfield.md +7 -0
  203. package/strategies/discuss.md +129 -0
  204. package/strategies/emit-hints.md +69 -0
  205. package/strategies/enterprise.md +193 -0
  206. package/strategies/interview.md +551 -0
  207. package/strategies/map.md +179 -0
  208. package/strategies/probe.md +151 -0
  209. package/strategies/rapid.md +155 -0
  210. package/strategies/research.md +155 -0
  211. package/strategies/roadmap.md +9 -0
  212. package/strategies/speckit.md +437 -0
  213. package/strategies/v0-20-contract.md +134 -0
  214. package/strategies/yolo.md +169 -0
  215. package/swarm/swarm.md +300 -0
  216. package/templates/COST-ESTIMATE.md +114 -0
  217. package/templates/PULL_REQUEST_TEMPLATE.md +35 -0
  218. package/templates/agent-prompt-preamble.md +409 -0
  219. package/templates/agents-entry.md +211 -0
  220. package/templates/agents-entry.placeholders.md +75 -0
  221. package/templates/embed.go +20 -0
  222. package/templates/embed_test.go +36 -0
  223. package/templates/make-spec-example.md +9 -0
  224. package/templates/make-spec.md +246 -0
  225. package/templates/project.md.template +52 -0
  226. package/templates/specification.md +1 -0
  227. package/templates/swarm-greptile-poller-prompt.md +556 -0
  228. package/templates/user.md.template +31 -0
  229. package/tools/RWLDL.md +80 -0
  230. package/tools/greptile.md +141 -0
  231. package/tools/installer.md +23 -0
  232. package/tools/taskfile-migration.md +32 -0
  233. package/tools/taskfile.md +185 -0
  234. package/tools/telemetry.md +285 -0
  235. package/vbrief/schemas/cache-meta.schema.json +137 -0
  236. package/vbrief/schemas/candidates.schema.json +130 -0
  237. package/vbrief/schemas/codebase-map.schema.json +213 -0
  238. package/vbrief/schemas/lessons-pack.schema.json +134 -0
  239. package/vbrief/schemas/patterns-pack.schema.json +84 -0
  240. package/vbrief/schemas/rules-pack.schema.json +105 -0
  241. package/vbrief/schemas/skills-pack.schema.json +94 -0
  242. package/vbrief/schemas/slices.schema.json +87 -0
  243. package/vbrief/schemas/strategies-pack.schema.json +89 -0
  244. package/vbrief/schemas/swarm-spec-pack.schema.json +84 -0
  245. package/vbrief/schemas/vbrief-core.schema.json +1022 -0
  246. package/vbrief/vbrief.md +684 -0
  247. package/verification/integration.md +76 -0
  248. package/verification/plan-checking.md +85 -0
  249. package/verification/uat.md +60 -0
  250. package/verification/verification.md +117 -0
@@ -0,0 +1,158 @@
1
+ <!-- AUTO-GENERATED by task packs:render -- DO NOT EDIT MANUALLY -->
2
+ <!-- Purpose: rendered coding rules -->
3
+ <!-- Source of truth: packs/rules/rules-pack-0.1.json -->
4
+ <!-- Regenerate with: task packs:render -->
5
+ <!-- Edit the source, not this file. Slice instead of loading every coding doc: task packs:slice rules by-tier --tier <TIER> (or by-domain, list) -->
6
+
7
+ # Security Standards
8
+
9
+ Baseline security requirements that apply to every project Deft creates or maintains. This is a baseline standards file, not a comprehensive security audit guide — see project-specific threat models for deeper coverage.
10
+
11
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
12
+
13
+ ## Universal Requirements
14
+
15
+ - ! Validate all inputs at trust boundaries; reject malformed input, do not silently sanitize
16
+ - ! Treat all data from outside the trust boundary (users, network, files, agents, tools) as adversarial until validated
17
+ - ! Run dependency vulnerability scans on introduction AND on a recurring cadence (weekly minimum)
18
+ - ! Keep secrets out of source, logs, error messages, and build artifacts (see [coding.md `Secrets`](coding.md#code-organization))
19
+ - ⊗ Roll custom cryptography, authentication, or session handling — use vetted libraries
20
+ - ⊗ Disable security checks "temporarily" without an issue tracking re-enablement
21
+
22
+ ## Input Validation & Injection Prevention
23
+
24
+ - ! Validate type, length, range, and format at every API boundary
25
+ - ! Use parameterized queries / prepared statements for ALL database access
26
+ - ! Apply context-appropriate output encoding (HTML, URL, JSON, shell, SQL) at the point of use, not at storage
27
+ - ! Reject untrusted input outright when it fails validation; do not coerce or "fix" it
28
+ - ! Use safe deserialization (JSON over pickle/yaml-load; allow-lists for polymorphic types)
29
+ - ⊗ String interpolation in SQL, shell, or command construction
30
+ - ⊗ `eval`, `exec`, `subprocess(shell=True)`, or equivalent on untrusted input
31
+ - ⊗ Trust client-side validation as the sole defence — re-validate server-side
32
+
33
+ ## Authentication & Authorization
34
+
35
+ - ! Use established auth libraries / identity providers (OAuth2/OIDC, Passport, Authlib, etc.)
36
+ - ! Enforce authorization at the API / service layer, never only in the UI
37
+ - ! Use short-lived access tokens; rotate refresh tokens; revoke server-side on logout / compromise
38
+ - ! Hash passwords with a memory-hard algorithm (argon2id, bcrypt, scrypt) — never plain SHA / MD5
39
+ - ! Enforce MFA for administrative / production access paths
40
+ - ⊗ Roll custom session, password, or token handling
41
+ - ⊗ Hard-code credentials, API keys, or tokens in source — see Secrets Management below
42
+ - ⊗ Log credentials, full tokens, or session cookies
43
+
44
+ ## Secrets Management
45
+
46
+ Extends and reinforces [coding.md Secrets rule](coding.md#code-organization). Projects that include any AI agent process MUST also apply the tightened `## No-Read-Secret Rule for Agent Systems (#587)` section below -- the `.env`-files-as-default pattern that is compliant for traditional services is NOT compliant when an agent can read the filesystem.
47
+
48
+ - ! Store ALL secrets in `secrets/` as `.env` files (or a dedicated secret manager), gitignored
49
+ - ! Read secrets via environment variables / vault clients at runtime
50
+ - ! Rotate secrets on a documented cadence and on any suspected compromise
51
+ - ! Redact tokens, passwords, and PII before logging or surfacing in error messages
52
+ - ⊗ Secrets in code, config committed to VCS, CI logs, or chat transcripts
53
+ - ⊗ Print, `echo`, or interpolate secrets into shell strings; pass via env or `--*-file` flags instead
54
+ - ⊗ Log full credentials, refresh tokens, or PII
55
+
56
+ ## Dependency Security
57
+
58
+ - ! Pin direct dependency versions in lock files (`uv.lock`, `package-lock.json`, `go.sum`, `Cargo.lock`)
59
+ - ! Audit dependencies on introduction with the language-native scanner:
60
+ - Python: `pip-audit` (or `uv pip audit`)
61
+ - Node: `npm audit` / `pnpm audit`
62
+ - Go: `govulncheck`
63
+ - Rust: `cargo audit`
64
+ - ! Enable Dependabot (or equivalent) for weekly version + security PRs
65
+ - ! Resolve CRITICAL / HIGH advisories before merge; document deferral with a tracked issue
66
+ - ~ Run `osv-scanner scan source --recursive .` periodically across mixed-language repos
67
+ - ⊗ Disable lockfile checks to "speed up" CI
68
+ - ⊗ Pin to floating refs (`main`, `latest`, `@v1`) for third-party GitHub Actions — pin to a full SHA
69
+
70
+ ## Agent-Specific Threats
71
+
72
+ Directive builds AI agent frameworks; agents introduce a distinct threat surface beyond classic web security.
73
+
74
+ - ! Treat ALL user-provided content (chat, files, tool outputs, web fetches) as potentially adversarial — assume prompt injection
75
+ - ! Isolate tool outputs from the trust boundary: never expose raw internal file contents, environment variables, or system prompts to untrusted input channels
76
+ - ! Gate destructive tool calls (file deletion, repo deletion, force-push, admin merge, billing changes) behind explicit user consent OR a deterministic preflight check
77
+ - ! Bound agent autonomy: declare per-tool allow / deny lists; do not grant blanket shell or network access by default
78
+ - ! Log every tool invocation with arguments redacted for secrets so post-incident review is possible
79
+ - ⊗ Reflect retrieved web content, repo issue bodies, or third-party comments directly back into a privileged tool-call argument without sanitization
80
+ - ⊗ Expose internal system prompts, hidden tool definitions, or other agents' messages to an untrusted input surface
81
+ - ⊗ Run model-suggested shell commands without a deterministic safety classifier (see `scripts/preflight_gh.py` for the canonical pattern)
82
+
83
+ ## Tooling
84
+
85
+ - ~ Static analysis: language-native linter with security rules enabled (ruff S-rules, golangci-lint gosec, eslint security plugin)
86
+ - ~ Secret scanners: `gitleaks` on pre-commit and CI
87
+ - ~ SAST: CodeQL default setup for hosted repos
88
+ - ~ Container scanning: `trivy fs` or `trivy image` for any Dockerfile / OCI artifact
89
+ - ~ Dependency review: GitHub Dependency Review action on PRs
90
+
91
+ ## Reporting Vulnerabilities
92
+
93
+ - ! Every project MUST document a vulnerability reporting path (GitHub Security Advisories, `SECURITY.md`, or equivalent)
94
+ - ! Acknowledge reports within a documented SLA; never silently close
95
+ - ⊗ Discuss unfixed vulnerabilities in public issues / PRs
96
+
97
+ ## No-Read-Secret Rule for Agent Systems (#587)
98
+
99
+ When AI agents are part of the system, every filesystem-accessible secret is one a prompt-injection attack could exfiltrate to an external inference server. The `.env`-on-disk pattern that is fine for traditional services becomes a structural security hole the moment a non-deterministic reader is in the loop -- the standard `dotenv` flow makes secrets part of the agent's context by construction.
100
+
101
+ - ! When the project includes any AI agent process, store secrets in a dedicated secret manager (cloud KMS / Vault / 1Password / Infisical Agent Vault) -- not in `.env` files on disk
102
+ - ! Inject secrets at process start into the agent's environment (or, preferred, deliver them via a credential proxy so the agent never reads the underlying value); fetch from the secret store at runtime, do not bake into images
103
+ - ! Scope each credential to the agent identity that uses it -- one scoped credential per agent or per deployment, auditable separately
104
+ - ~ For production agent systems, prefer the agent credential proxy pattern: a TLS-intercepting forward proxy (or sidecar) attaches credentials to outbound requests so the agent completes its work without ever reading the plaintext secret
105
+ - ⊗ Commit `.env` files in projects where any agent process can read the filesystem -- the agent's context (and any external inference server it calls) inherits everything the agent can read
106
+ - ⊗ Share one API key across multiple agents -- per-identity scoping is what makes the audit log usable when a key is compromised
107
+
108
+ Cross-references: [coding.md `Secrets`](coding.md#code-organization) (this rule extends the existing Secrets rule for agent contexts) | `Secrets Management` section above | the in-flight `patterns/executor-layer-credentials.md` credential-proxy pattern (Wave 2, tracked at [#806](https://github.com/deftai/directive/issues/806); not yet on master) | Infisical Agent Vault <https://github.com/Infisical/agent-vault> (reference implementation).
109
+
110
+ ## Tool-Call Safety Is Independent of Text-Level Safety (#686)
111
+
112
+ Text-level safety alignment does not transfer to the tool-call boundary. An agent whose text outputs satisfy safety constraints can still execute harmful tool calls -- empirically demonstrated in the Agent Behavioral Contracts literature (Cartagena & Teixeira 2026). A safety-aligned model is NOT safe at the tool boundary unless the tool boundary enforces it separately.
113
+
114
+ - ! Enforce hard constraints on high-impact tools at the call site -- middleware, gateway, or contract layer -- separate from the model's text-level safety training
115
+ - ! Declare an explicit constraint tier for every tool in the tool registry: `read-only`, `reversible`, `irreversible`, or `destructive`. Tools without a declared tier MUST be treated as `destructive` by default
116
+ - ! Audit-log every tool invocation at the tool-call layer (tool name, arguments redacted for secrets, caller identity, outcome). Text-level logs of the model's reasoning are insufficient for post-incident review
117
+ - ! For `irreversible` / `destructive` tools, gate execution with a deterministic preflight (allow-list, environment check, ack token) outside the model -- never let the model decide on its own that an operation is safe
118
+ - ⊗ Rely on model-level safety training as the only barrier between an agent and a destructive tool call -- text alignment provides no guarantee at the tool boundary
119
+ - ⊗ Ship a tool registry where any tool is missing a constraint-tier declaration -- the default-to-`destructive` fallback exists for staging, not production
120
+
121
+ Cross-references: `Agent-Specific Threats` section above | the in-flight `patterns/executor-layer-credentials.md` tool-call gateway pattern (Wave 2, tracked at [#806](https://github.com/deftai/directive/issues/806); not yet on master) | [`scripts/preflight_gh.py`](../../scripts/preflight_gh.py) (#1019 reference implementation of a per-tool deterministic safety classifier) | Cartagena & Teixeira 2026 <https://arxiv.org/abs/2602.22302>.
122
+
123
+ ## Destructive-Op Guardrails -- Environment Isolation + Irreversibility (#708)
124
+
125
+ The April 2026 PocketOS / Railway incident -- a Cursor/Claude agent deleted a production database AND its backups in roughly nine seconds after being told to "clean up the staging DB" -- is the canonical recurrence record for two distinct gaps: acting on a prompt-claimed environment instead of a verified one, and treating "destructive" as excluding backups. The two gates below close those gaps; the incident is documented at [`incidents/2026-04-pocketos-railway-prod-db-wipe.md`](../../incidents/2026-04-pocketos-railway-prod-db-wipe.md).
126
+
127
+ ### Environment Isolation Gate
128
+
129
+ - ! Before any write or destructive operation, the agent MUST positively identify the target environment (prod / staging / dev) from a TRUSTED, NON-PROMPT signal -- env var (e.g. `APP_ENV`), config file, or connection-string introspection. The user's wording is NOT a trusted signal
130
+ - ! Enumerate the prod-detection heuristics explicitly in the project's runbook: hostname or connection-string contains `prod` / `production`, matches the documented prod hostname(s), or resolves into a documented prod-VPC CIDR. A trusted signal that disagrees with the prompt always wins
131
+ - ! If the environment cannot be verified from a trusted signal, the agent MUST refuse the operation and escalate to a human. "Probably staging" is a refusal, not an approval
132
+ - ⊗ Trust the user's wording (e.g. "clean up the staging DB") as environment authorisation -- the prompt is the untrusted input, the env var / connection string is the trusted signal
133
+ - ⊗ Heuristically downgrade an unverified environment to "non-prod" so the operation can proceed -- the gate fails closed
134
+
135
+ ### Irreversibility Gate
136
+
137
+ - ! Destructive operations -- DB `DROP` / `TRUNCATE` / `DELETE` without `WHERE`, `rm -rf`, force-push to a shared branch, table rename over an existing target, AND any mutation of a backup -- require BOTH a tested rollback path AND an explicit in-session human ack token before execution
138
+ - ! Backups are first-class state. Deleting, overwriting, truncating, or "rotating" a backup is itself a destructive operation and MUST go through this gate
139
+ - ! A verified non-prod environment (Environment Isolation Gate passed with `env != prod`) MAY relax the human-ack requirement but does NOT remove the rollback-path requirement -- a dev DB without a rollback is still a footgun
140
+ - ~ Declare the irreversibility-tier classification for the project's destructive verbs in the in-flight `conventions/verb-classification.json` (tracked at [#1095](https://github.com/deftai/directive/issues/1095) closed-verb scope-expansion gate; not yet on master). Inline declaration in the operation's runbook is acceptable until that file lands
141
+ - ⊗ Execute a destructive operation in a verified prod environment without an in-session human ack token -- "the user authorised the project" is not session-scoped consent
142
+ - ⊗ Treat a backup as out-of-scope for the irreversibility gate -- the PocketOS incident is the recurrence record; backups were destroyed in the same nine-second window as the live database
143
+
144
+ Cross-references: [`incidents/README.md`](../incidents/README.md) (incidents library format) | [`incidents/2026-04-pocketos-railway-prod-db-wipe.md`](../../incidents/2026-04-pocketos-railway-prod-db-wipe.md) (seed entry) | `Agent-Specific Threats` section above (this section extends it) | [`scripts/preflight_gh.py`](../../scripts/preflight_gh.py) (#1019 deterministic-classifier reference) | #1095 closed-verb scope-expansion gate (consumes the irreversibility-tier classification).
145
+
146
+ ## Anti-Patterns
147
+
148
+ - ⊗ "We'll add security later" — baseline standards apply from day one
149
+ - ⊗ Silent sanitization that masks malformed input rather than rejecting it
150
+ - ⊗ Disabling lockfile / signature / scanner checks to ship faster
151
+ - ⊗ Trusting agent / model output as if it were validated user input
152
+ - ⊗ Logging entire request bodies or environment dumps in production
153
+ - ⊗ Granting agents blanket network or shell access without per-tool allow-lists
154
+ - ⊗ Reflecting third-party content (issue bodies, web pages, tool outputs) into privileged tool calls unsanitized
155
+
156
+ ---
157
+
158
+ **See also**: [coding.md](coding.md) (general coding standards, Secrets rule) | [testing.md](testing.md) (Security Tests section) | [hygiene.md](hygiene.md) (error-hiding anti-patterns) | [../scm/github.md](../scm/github.md) (destructive `gh` verbs preflight gate #1019) | [../incidents/README.md](../incidents/README.md) (incidents library, #708)
@@ -0,0 +1,162 @@
1
+ <!-- AUTO-GENERATED by task packs:render -- DO NOT EDIT MANUALLY -->
2
+ <!-- Purpose: rendered coding rules -->
3
+ <!-- Source of truth: packs/rules/rules-pack-0.1.json -->
4
+ <!-- Regenerate with: task packs:render -->
5
+ <!-- Edit the source, not this file. Slice instead of loading every coding doc: task packs:slice rules by-tier --tier <TIER> (or by-domain, list) -->
6
+
7
+ # Testing Standards
8
+
9
+ Universal testing requirements across all languages and interfaces.
10
+
11
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
12
+
13
+ ## Universal Requirements
14
+
15
+ - ! Achieve ≥85% coverage (overall + per-module/package/file)
16
+ - ! Include ≥50 fuzzing tests per input point
17
+ - ~ Have integration tests for critical paths/workflows
18
+ - ! Exclude entry points and main functions from coverage
19
+ - ! Test all code paths: normal, edge cases, error conditions
20
+ - ! Run `task check` (or equivalent) before commit
21
+ - ⊗ say a (todo-list|plan|phase|project) is done if relevant tests have not been written, run, and PASSED.
22
+ - ⊗ assume its ok for a test to fail in any situation
23
+
24
+ ## Test-First Development
25
+
26
+ - ! Implementation is INCOMPLETE until tests written AND `task test:coverage` passes
27
+ - ! New functions/classes MUST have corresponding tests in same commit
28
+ - ! Modified functions MUST update existing tests to maintain coverage
29
+ - ! Run `task test:coverage` after ANY code change to verify ≥85% maintained
30
+ - ! If coverage drops below threshold, implementation is INCOMPLETE
31
+ - ~ Write tests for edge cases, not just happy paths
32
+ - ⊗ Skip test updates when modifying existing functions
33
+ - ⊗ Implement code without tests
34
+ - ⊗ Claim "done" before running test:coverage
35
+
36
+ ## Coverage
37
+
38
+ **What to count:**
39
+
40
+ - ! All source code in src/, internal/, pkg/, lib/
41
+
42
+ **What to exclude:**
43
+
44
+ - ! Entry points: main(), **main**, index.ts (if trivial)
45
+ - ! Generated code
46
+ - ! Third-party code
47
+ - ! Test files themselves
48
+
49
+ **Thresholds:**
50
+
51
+ - ! ≥85% lines
52
+ - ! ≥85% functions/methods
53
+ - ! ≥85% branches
54
+ - ! ≥85% statements
55
+
56
+ ## Test Types
57
+
58
+ ### Unit Tests
59
+
60
+ - ! Individual functions/methods/components
61
+ - ! Normal cases + edge cases + error conditions
62
+ - ! Fast execution (milliseconds)
63
+ - ! No external dependencies (use mocks/stubs)
64
+
65
+ ### Integration Tests
66
+
67
+ - ~ Full workflows with real dependencies
68
+ - ~ Realistic scenarios
69
+ - ~ Database, API, file system interactions
70
+ - ~ Slower execution acceptable
71
+
72
+ ### Fuzzing Tests
73
+
74
+ - ! ≥50 fuzzing tests per input point
75
+ - ! Random/malformed inputs
76
+ - ! Catch unexpected crashes, hangs, exceptions
77
+
78
+ ### Load/Performance Tests
79
+
80
+ - ~ For performance-critical code
81
+ - ~ Measure response times under load
82
+ - Tools: JMeter, Gatling, k6, Apache Bench
83
+
84
+ ### Security Tests
85
+
86
+ - ! For code handling untrusted input
87
+ - ! SQL injection, XSS, auth bypass, path traversal
88
+ - Tools: OWASP ZAP, Burp Suite, SQLMap
89
+
90
+ ### Snapshot Tests
91
+
92
+ - ~ For CLI output, rendered UI, generated files
93
+ - ~ Detect unintended output changes
94
+
95
+ ### Build Output Tests
96
+
97
+ - ~ Build scripts that produce `dist/` artifacts have a smoke test verifying expected output files exist and contain expected content
98
+ - ! Non-compiled assets (manifests, configs, extension metadata) that bundlers don't track are explicitly verified post-build
99
+ - ~ Verify file presence, non-empty size, and structural validity (e.g. required JSON keys present)
100
+ - ! A build that exits 0 but produces stale or incomplete artifacts is a silent failure — treat it as a build failure (#105)
101
+
102
+ ## Language-Specific Details
103
+
104
+ **Python**: [../languages/python.md](../languages/python.md#testing) - pytest, pytest-cov, pytest-mock
105
+ **Go**: [../languages/go.md](../languages/go.md#testing) - Testify, table-driven tests
106
+ **C++**: [../languages/cpp.md](../languages/cpp.md#testing) - Catch2/GoogleTest, GoogleMock
107
+ **TypeScript**: [../languages/typescript.md](../languages/typescript.md#testing) - Vitest/Jest, React Testing Library
108
+ **CLI**: [../interfaces/cli.md](../interfaces/cli.md#testing) - CliRunner, format validation
109
+ **REST APIs**: [../interfaces/rest.md](../interfaces/rest.md#testing) - endpoint testing, security testing
110
+
111
+ ## Test Organization
112
+
113
+ **File naming:**
114
+
115
+ - Python: `test_*.py` or `*_test.py`
116
+ - Go: `*_test.go`
117
+ - C++: `test_*.cpp` or `*_test.cpp`
118
+ - TypeScript: `*.spec.ts` or `*.test.ts`
119
+
120
+ **Directory structure:**
121
+
122
+ ```
123
+ project/
124
+ ├── src/ # Source code
125
+ ├── tests/ # Test files
126
+ │ ├── unit/ # Unit tests
127
+ │ └── integration/ # Integration tests (optional separation)
128
+ ```
129
+
130
+ ## Best Practices
131
+
132
+ - ! Write tests before or alongside code (TDD encouraged)
133
+ - ! One assertion per test (or logically grouped assertions)
134
+ - ~ Use descriptive test names: `test_user_login_with_invalid_password`
135
+ - ! Arrange-Act-Assert (AAA) pattern
136
+ - ! Test behavior, not implementation
137
+ - ≉ Rely on test execution order
138
+ - ! Clean up resources (files, DB, connections) in teardown
139
+
140
+ ## Anti-patterns
141
+
142
+ - ⊗ Skip tests to meet deadlines
143
+ - ⊗ Test only happy paths (edge cases critical)
144
+ - ⊗ Mock everything (integration tests needed too)
145
+ - ⊗ Ignore flaky tests (fix or remove them)
146
+ - ⊗ Commit failing tests
147
+ - ⊗ Write tests that depend on external state
148
+ - ⊗ Hard-code dates, times, random values
149
+ - ⊗ Implementing code without tests
150
+ - ⊗ Claiming "done" before running test:coverage
151
+ - ⊗ Ignoring coverage drops
152
+
153
+ ## CI/CD Integration
154
+
155
+ - ! Tests run automatically on every commit/PR
156
+ - ! Block merges if tests fail
157
+ - ! Block merges if coverage drops below threshold
158
+ - ~ Test in multiple environments (OS, versions)
159
+
160
+ ---
161
+
162
+ **See also**: [main.md](../../main.md) | Language-specific testing in python.md, go.md, cpp.md, typescript.md
@@ -0,0 +1,44 @@
1
+ <!-- AUTO-GENERATED by task packs:render -- DO NOT EDIT MANUALLY -->
2
+ <!-- Purpose: rendered coding rules -->
3
+ <!-- Source of truth: packs/rules/rules-pack-0.1.json -->
4
+ <!-- Regenerate with: task packs:render -->
5
+ <!-- Edit the source, not this file. Slice instead of loading every coding doc: task packs:slice rules by-tier --tier <TIER> (or by-domain, list) -->
6
+
7
+ # Toolchain Validation
8
+
9
+ Rules for verifying that required tools are installed and functional before beginning implementation.
10
+
11
+ Legend (from RFC2119): !=MUST, ~=SHOULD, ≉=SHOULD NOT, ⊗=MUST NOT, ?=MAY.
12
+
13
+ **⚠️ See also**:
14
+ - [coding.md](coding.md) — Build Automation section
15
+ - [build-output.md](build-output.md) — post-build artifact validation
16
+
17
+ ## Pre-Implementation Gate
18
+
19
+ - ! Before beginning implementation, verify all required toolchain components are installed and functional
20
+ - ! Required components vary by project — at minimum verify: task runner, language compiler/runtime, and platform SDK if applicable
21
+ - ! If any required tool is missing or non-functional, stop and report — do not proceed with implementation
22
+ - ⊗ Assume a tool is available because it was present in a previous session or referenced in the spec
23
+ - ⊗ Proceed with implementation when the build or test toolchain is unavailable
24
+
25
+ ## What to Verify
26
+
27
+ - ! Task runner: `task --version` (required for quality gates)
28
+ - ! Language runtime/compiler: e.g. `go version`, `python --version`, `node --version`, `swift --version`
29
+ - ! Platform SDK (if applicable): e.g. `xcode-select -p` for iOS/macOS, Android SDK path for Android
30
+ - ! Project-specific tools listed in PROJECT.md or SPECIFICATION.md
31
+
32
+ ## On Missing Tools
33
+
34
+ - ! Report exactly which tools are missing and provide install guidance
35
+ - ! Do not partially implement using available tools while skipping quality gates
36
+ - ~ Offer to help install missing tools if the user consents
37
+ ## uv Project Pinning (#1011)
38
+ **Why this rule exists:** without an explicit pin, `uv run` walks upward from cwd looking for the nearest `pyproject.toml` and binds to whatever it finds first. When a deft consumer's repo root has no `pyproject.toml` of its own (the common case for non-Python projects), uv escapes the framework directory and resolves to an ancestor workspace `pyproject.toml`. That ancestor's build backend (frequently unresolvable in the consumer environment) crashes during environment resolution before any framework task body runs. The root-cause analysis lives in `vbrief/active/2026-05-11-1011-*.vbrief.json`.
39
+ The project's two-layer mitigation:
40
+ - ! **Layer 1 (env)** -- the root `Taskfile.yml` `env:` block sets `UV_PROJECT: '{{.TASKFILE_DIR}}'`. This is the safety net for any task that forgets the CLI flag in a future edit.
41
+ - ! **Layer 2 (CLI)** -- every `uv run` invocation in `tasks/*.yml` and the root `Taskfile.yml` uses the explicit `uv --project "<pin>" run ...` form. Subfiles pin against `{{.DEFT_ROOT}}` (defined via `{{joinPath .TASKFILE_DIR ".."}}`); the root `Taskfile.yml` pins against `{{.TASKFILE_DIR}}` directly. CLI beats env beats walk, so the flag is the contract; the env var is defense-in-depth.
42
+ - ⊗ Add a plain `uv run` line to any framework task -- the content guard in `tests/content/test_taskfile_uv_project_pin.py` will fail closed and the consumer-side breakage class returns immediately.
43
+ - ⊗ Rely on cwd or a caller-exported `UV_PROJECT` to pin the project root. Task's `env:` does not override an already-exported `UV_PROJECT` from the caller's shell, and propagation through included subfiles depends on inclusion semantics. The CLI flag is unconditional.
44
+ Cross-references: `Taskfile.yml` (Layer 1 env block), `tasks/*.yml` (Layer 2 call sites), `tests/content/test_taskfile_uv_project_pin.py` (deterministic content + slow behaviour regression).