@guilz-dev/sdlc-gh 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (176) hide show
  1. package/.github/CODEOWNERS +5 -0
  2. package/.github/ISSUE_TEMPLATE/bug_report.yml +68 -0
  3. package/.github/ISSUE_TEMPLATE/config.yml +1 -0
  4. package/.github/ISSUE_TEMPLATE/feature_request.yml +39 -0
  5. package/.github/ISSUE_TEMPLATE/support.yml +56 -0
  6. package/.github/ISSUE_TEMPLATE/task.yml +89 -0
  7. package/.github/agents/implementer.agent.md +17 -0
  8. package/.github/agents/reviewer.agent.md +18 -0
  9. package/.github/agents/triager.agent.md +13 -0
  10. package/.github/aw/actions-lock.json +9 -0
  11. package/.github/copilot-instructions.md +35 -0
  12. package/.github/hooks/hooks.json +12 -0
  13. package/.github/instructions/core.instructions.md +11 -0
  14. package/.github/instructions/profiles/go.instructions.md +10 -0
  15. package/.github/instructions/profiles/php.instructions.md +11 -0
  16. package/.github/instructions/profiles/python.instructions.md +11 -0
  17. package/.github/instructions/profiles/ruby.instructions.md +11 -0
  18. package/.github/instructions/profiles/typescript.instructions.md +11 -0
  19. package/.github/labels.yml +55 -0
  20. package/.github/pull_request_template.md +33 -0
  21. package/.github/ruleset.example.json +33 -0
  22. package/.github/ruleset.harness-eval.example.json +29 -0
  23. package/.github/skills/quality-loop/SKILL.md +23 -0
  24. package/.github/workflows/agent-retry-orchestrator.yml +161 -0
  25. package/.github/workflows/copilot-setup-steps.yml +64 -0
  26. package/.github/workflows/eval-ci.yml +169 -0
  27. package/.github/workflows/eval-drift.yml +75 -0
  28. package/.github/workflows/gh-aw-dogfood-ci.yml +73 -0
  29. package/.github/workflows/harness-ci.yml +244 -0
  30. package/.github/workflows/harness-sync.yml +28 -0
  31. package/.github/workflows/l1-readiness-check.yml +45 -0
  32. package/.github/workflows/labels-sync.yml +24 -0
  33. package/.github/workflows/nightly-harness-review.lock.yml +1643 -0
  34. package/.github/workflows/nightly-harness-review.md +87 -0
  35. package/.github/workflows/nightly-harness-review.yml +63 -0
  36. package/.github/workflows/npm-publish.yml +49 -0
  37. package/.github/workflows/pr-context-comment.yml +138 -0
  38. package/.github/workflows/product-ci-go.yml +33 -0
  39. package/.github/workflows/product-ci-php.yml +39 -0
  40. package/.github/workflows/product-ci-python.yml +34 -0
  41. package/.github/workflows/product-ci-ruby.yml +35 -0
  42. package/.github/workflows/product-ci-ts.yml +37 -0
  43. package/.github/workflows/task-issue-label-sync.yml +50 -0
  44. package/.github/workflows/weekly-redteam.lock.yml +1571 -0
  45. package/.github/workflows/weekly-redteam.md +76 -0
  46. package/.github/zizmor.yml +11 -0
  47. package/AGENTS.md +54 -0
  48. package/LICENSE +21 -0
  49. package/README.md +366 -0
  50. package/config/stacks.json +55 -0
  51. package/docs/adoption.md +126 -0
  52. package/docs/arch.md +535 -0
  53. package/docs/auth-boundaries.md +16 -0
  54. package/docs/coding-agent-l1.md +152 -0
  55. package/docs/exceptions/README.md +25 -0
  56. package/docs/exceptions/TEMPLATE.md +8 -0
  57. package/docs/failure-taxonomy.md +23 -0
  58. package/docs/gh-aw-dogfood.md +109 -0
  59. package/docs/kpi-baseline.md +9 -0
  60. package/docs/nightly-harness-review.md +94 -0
  61. package/docs/operations.md +108 -0
  62. package/docs/publishing.md +79 -0
  63. package/docs/revert-playbook.md +44 -0
  64. package/docs/shared-config.md +30 -0
  65. package/docs/telemetry-artifacts.md +78 -0
  66. package/docs/telemetry-schema.md +60 -0
  67. package/evals/.score-baseline.json +6 -0
  68. package/evals/e2e-bench/README.md +28 -0
  69. package/evals/e2e-bench/manifest.json +16 -0
  70. package/evals/e2e-bench/tasks/e2e-001.yml +10 -0
  71. package/evals/e2e-bench/tasks/e2e-002.yml +11 -0
  72. package/evals/e2e-bench/tasks/e2e-003.yml +10 -0
  73. package/evals/e2e-bench/tasks/e2e-004.yml +14 -0
  74. package/evals/e2e-bench/tasks/e2e-005.yml +11 -0
  75. package/evals/e2e-bench/tasks/e2e-006.yml +10 -0
  76. package/evals/e2e-bench/tasks/e2e-007.yml +10 -0
  77. package/evals/e2e-bench/tasks/e2e-008.yml +10 -0
  78. package/evals/e2e-bench/tasks/e2e-009.yml +10 -0
  79. package/evals/trajectories/rubric.md +12 -0
  80. package/evals/trajectories/test_harness_conventions.py +271 -0
  81. package/infra/README.md +49 -0
  82. package/infra/langfuse/docker-compose.yml +25 -0
  83. package/infra/otel/collector-config.yml +24 -0
  84. package/infra/samples/gh-aw-dogfood-report.json +44 -0
  85. package/infra/samples/harness-review-routing-plan.json +19 -0
  86. package/infra/samples/harness-review-summary.json +61 -0
  87. package/infra/samples/telemetry-artifact.json +29 -0
  88. package/infra/samples/telemetry-payload.json +19 -0
  89. package/package.json +85 -0
  90. package/prompts/triager-classify.prompt.yml +10 -0
  91. package/sample/go/add.go +5 -0
  92. package/sample/go/add_test.go +9 -0
  93. package/sample/go/go.mod +3 -0
  94. package/sample/php/composer.json +26 -0
  95. package/sample/php/composer.lock +1881 -0
  96. package/sample/php/phpunit.xml +8 -0
  97. package/sample/php/src/Add.php +13 -0
  98. package/sample/php/tests/AddTest.php +16 -0
  99. package/sample/python/requirements-dev.txt +2 -0
  100. package/sample/python/src/__init__.py +0 -0
  101. package/sample/python/src/greet.py +3 -0
  102. package/sample/python/tests/conftest.py +4 -0
  103. package/sample/python/tests/test_greet.py +5 -0
  104. package/sample/ruby/.rubocop.yml +10 -0
  105. package/sample/ruby/Gemfile +6 -0
  106. package/sample/ruby/Gemfile.lock +58 -0
  107. package/sample/ruby/lib/add.rb +9 -0
  108. package/sample/ruby/spec/add_spec.rb +11 -0
  109. package/sample/ts/biome.json +6 -0
  110. package/sample/ts/package-lock.json +1763 -0
  111. package/sample/ts/package.json +15 -0
  112. package/sample/ts/src/add.ts +3 -0
  113. package/sample/ts/tests/add.test.ts +8 -0
  114. package/sample/ts/tsconfig.json +12 -0
  115. package/scripts/aggregate-harness-review.mjs +48 -0
  116. package/scripts/bootstrap-harness.sh +411 -0
  117. package/scripts/check-diff-size.mjs +46 -0
  118. package/scripts/check-e2e-manifest.mjs +35 -0
  119. package/scripts/check-eval-score-drift.mjs +31 -0
  120. package/scripts/check-gh-aw-dogfood-scope.mjs +51 -0
  121. package/scripts/check-issue-spec.mjs +215 -0
  122. package/scripts/check-l1-readiness.mjs +82 -0
  123. package/scripts/check-open-pr-limit.mjs +34 -0
  124. package/scripts/doctor.mjs +177 -0
  125. package/scripts/emit-gh-aw-dogfood-report.mjs +112 -0
  126. package/scripts/emit-telemetry-artifact.mjs +99 -0
  127. package/scripts/fetch-telemetry-artifacts.mjs +176 -0
  128. package/scripts/harness-drift-report.mjs +99 -0
  129. package/scripts/lib/bootstrap-copy.mjs +123 -0
  130. package/scripts/lib/ccsd-contract.mjs +212 -0
  131. package/scripts/lib/diff-size.mjs +103 -0
  132. package/scripts/lib/doctor-local.mjs +179 -0
  133. package/scripts/lib/e2e-manifest.mjs +76 -0
  134. package/scripts/lib/gh-aw-dogfood.mjs +293 -0
  135. package/scripts/lib/github-config.mjs +94 -0
  136. package/scripts/lib/harness-ci-fragments.mjs +98 -0
  137. package/scripts/lib/harness-review-routing.mjs +244 -0
  138. package/scripts/lib/harness-review.mjs +388 -0
  139. package/scripts/lib/issue-form-label-sync.mjs +56 -0
  140. package/scripts/lib/l1-readiness.mjs +258 -0
  141. package/scripts/lib/merge-harness-package.mjs +36 -0
  142. package/scripts/lib/npm-package.mjs +129 -0
  143. package/scripts/lib/setup-wizard.mjs +224 -0
  144. package/scripts/lib/stacks.mjs +138 -0
  145. package/scripts/lib/telemetry-artifact.mjs +253 -0
  146. package/scripts/lib/template-root.mjs +39 -0
  147. package/scripts/merge-harness-package.mjs +14 -0
  148. package/scripts/route-harness-review.mjs +168 -0
  149. package/scripts/run-e2e-bench.mjs +216 -0
  150. package/scripts/sdlc-gh-cli.mjs +91 -0
  151. package/scripts/select-eval-jobs.mjs +41 -0
  152. package/scripts/setup-github.mjs +242 -0
  153. package/scripts/setup-github.sh +4 -0
  154. package/scripts/setup-wizard.mjs +426 -0
  155. package/scripts/test-bootstrap-guidance-scenarios.mjs +94 -0
  156. package/scripts/test-diff-size-scenarios.mjs +88 -0
  157. package/scripts/test-doctor-scenarios.mjs +70 -0
  158. package/scripts/test-e2e-manifest-scenarios.mjs +65 -0
  159. package/scripts/test-gh-aw-dogfood-scenarios.mjs +74 -0
  160. package/scripts/test-harness-review-routing-scenarios.mjs +130 -0
  161. package/scripts/test-harness-review-scenarios.mjs +92 -0
  162. package/scripts/test-hooks-scenarios.mjs +44 -0
  163. package/scripts/test-issue-form-label-sync-scenarios.mjs +48 -0
  164. package/scripts/test-issue-spec-scenarios.mjs +258 -0
  165. package/scripts/test-l1-readiness-scenarios.mjs +204 -0
  166. package/scripts/test-merge-harness-package-scenarios.mjs +53 -0
  167. package/scripts/test-npm-package-scenarios.mjs +31 -0
  168. package/scripts/test-sdlc-gh-cli-scenarios.mjs +54 -0
  169. package/scripts/test-setup-github-scenarios.mjs +103 -0
  170. package/scripts/test-setup-wizard-scenarios.mjs +114 -0
  171. package/scripts/test-telemetry-artifact-scenarios.mjs +69 -0
  172. package/scripts/trim-harness-ci.mjs +18 -0
  173. package/scripts/validate-gh-aw-compile.mjs +64 -0
  174. package/scripts/validate-harness.mjs +199 -0
  175. package/scripts/validate-telemetry.mjs +21 -0
  176. package/scripts/verify-bootstrap-stacks.sh +192 -0
@@ -0,0 +1,5 @@
1
+ # Harness assets — require harness engineer review
2
+ /.github/ @your-org/harness-engineers
3
+ /evals/ @your-org/harness-engineers
4
+ /docs/telemetry-schema.md @your-org/harness-engineers
5
+ /docs/operations.md @your-org/harness-engineers
@@ -0,0 +1,68 @@
1
+ name: Bug report
2
+ description: Report a defect in the harness, bootstrap flow, workflows, or documentation
3
+ title: "[bug]: "
4
+ labels:
5
+ - task:infra
6
+ - autonomy:L0
7
+ body:
8
+ - type: textarea
9
+ id: summary
10
+ attributes:
11
+ label: Summary
12
+ description: Short description of the problem.
13
+ placeholder: What is broken?
14
+ validations:
15
+ required: true
16
+
17
+ - type: textarea
18
+ id: reproduction
19
+ attributes:
20
+ label: Reproduction steps
21
+ description: Steps, commands, repository context, or workflow path needed to reproduce.
22
+ placeholder: |
23
+ 1. ...
24
+ 2. ...
25
+ 3. ...
26
+ validations:
27
+ required: true
28
+
29
+ - type: textarea
30
+ id: expected
31
+ attributes:
32
+ label: Expected behavior
33
+ placeholder: What should have happened?
34
+ validations:
35
+ required: true
36
+
37
+ - type: textarea
38
+ id: actual
39
+ attributes:
40
+ label: Actual behavior
41
+ placeholder: What happened instead?
42
+ validations:
43
+ required: true
44
+
45
+ - type: input
46
+ id: stack
47
+ attributes:
48
+ label: Stack
49
+ description: One of `ts`, `python`, `go`, `ruby`, `php`, or `n/a`.
50
+ placeholder: ts
51
+ validations:
52
+ required: true
53
+
54
+ - type: input
55
+ id: node
56
+ attributes:
57
+ label: Node.js version
58
+ placeholder: 22.x
59
+ validations:
60
+ required: false
61
+
62
+ - type: textarea
63
+ id: logs
64
+ attributes:
65
+ label: Logs or screenshots
66
+ description: Paste relevant output with secrets removed.
67
+ validations:
68
+ required: false
@@ -0,0 +1 @@
1
+ blank_issues_enabled: true
@@ -0,0 +1,39 @@
1
+ name: Feature request
2
+ description: Propose an improvement to the harness, workflows, or adoption model
3
+ title: "[feature]: "
4
+ labels:
5
+ - task:infra
6
+ - autonomy:L0
7
+ body:
8
+ - type: textarea
9
+ id: problem
10
+ attributes:
11
+ label: Problem statement
12
+ description: What pain point or gap are you trying to address?
13
+ placeholder: What is missing or too hard today?
14
+ validations:
15
+ required: true
16
+
17
+ - type: textarea
18
+ id: proposal
19
+ attributes:
20
+ label: Proposed change
21
+ placeholder: Describe the behavior or capability you want.
22
+ validations:
23
+ required: true
24
+
25
+ - type: textarea
26
+ id: alternatives
27
+ attributes:
28
+ label: Alternatives considered
29
+ placeholder: What did you try instead?
30
+ validations:
31
+ required: false
32
+
33
+ - type: textarea
34
+ id: impact
35
+ attributes:
36
+ label: Expected impact
37
+ description: Note affected stacks, workflows, or policy surfaces.
38
+ validations:
39
+ required: false
@@ -0,0 +1,56 @@
1
+ name: Usage question
2
+ description: Ask for help adopting or operating the harness
3
+ title: "[support]: "
4
+ body:
5
+ - type: dropdown
6
+ id: setup_type
7
+ attributes:
8
+ label: Setup type
9
+ options:
10
+ - Template repository
11
+ - Existing repository bootstrap
12
+ - Evaluating only
13
+ validations:
14
+ required: true
15
+
16
+ - type: dropdown
17
+ id: stack
18
+ attributes:
19
+ label: Stack
20
+ options:
21
+ - ts
22
+ - python
23
+ - go
24
+ - ruby
25
+ - php
26
+ - n/a
27
+ validations:
28
+ required: true
29
+
30
+ - type: textarea
31
+ id: question
32
+ attributes:
33
+ label: Question or blocker
34
+ description: Describe where adoption or operation is blocked.
35
+ placeholder: What are you trying to do, and where are you stuck?
36
+ validations:
37
+ required: true
38
+
39
+ - type: textarea
40
+ id: checks
41
+ attributes:
42
+ label: Checks already tried
43
+ description: Local commands or Actions jobs you already ran.
44
+ placeholder: |
45
+ - npm run validate
46
+ - harness-ci
47
+ validations:
48
+ required: false
49
+
50
+ - type: textarea
51
+ id: context
52
+ attributes:
53
+ label: Additional context
54
+ description: Include logs, screenshots, or links with secrets removed.
55
+ validations:
56
+ required: false
@@ -0,0 +1,89 @@
1
+ name: Task
2
+ description: Agent-delegated work item with CC-SD contract and acceptance criteria
3
+ title: "[task]: "
4
+ body:
5
+ - type: textarea
6
+ id: goal
7
+ attributes:
8
+ label: Goal
9
+ description: One short paragraph describing what this task achieves.
10
+ placeholder: One short paragraph describing what this task achieves.
11
+ validations:
12
+ required: true
13
+
14
+ - type: textarea
15
+ id: non_goals
16
+ attributes:
17
+ label: Non-goals
18
+ description: Bullet list of what this task must not do or change.
19
+ placeholder: |
20
+ - Item the task must not do or change
21
+ validations:
22
+ required: true
23
+
24
+ - type: textarea
25
+ id: constraints
26
+ attributes:
27
+ label: Constraints
28
+ description: Bullet list of technical or policy limits.
29
+ placeholder: |
30
+ - Technical or policy limits (stack, paths, time)
31
+ validations:
32
+ required: true
33
+
34
+ - type: textarea
35
+ id: acceptance_criteria
36
+ attributes:
37
+ label: Acceptance criteria
38
+ description: Checkbox or bullet list with testable outcomes. Copied into the PR review gate.
39
+ placeholder: |
40
+ - [ ] Criterion 1
41
+ - [ ] Criterion 2
42
+ validations:
43
+ required: true
44
+
45
+ - type: textarea
46
+ id: rollback_hints
47
+ attributes:
48
+ label: Rollback hints
49
+ description: Short revert or undo guidance if the change must be rolled back.
50
+ placeholder: How to revert this change immediately if needed.
51
+ validations:
52
+ required: true
53
+
54
+ - type: dropdown
55
+ id: task_class
56
+ attributes:
57
+ label: Task class
58
+ description: The matching `task:*` label is synced automatically from this choice.
59
+ options:
60
+ - docs
61
+ - test-fix
62
+ - refactor
63
+ - feature-small
64
+ - dependency-bump
65
+ - infra
66
+ - security-sensitive
67
+ validations:
68
+ required: true
69
+
70
+ - type: dropdown
71
+ id: autonomy
72
+ attributes:
73
+ label: Max autonomy level
74
+ description: The matching `autonomy:*` label is synced automatically from this choice.
75
+ options:
76
+ - L0
77
+ - L1
78
+ - L2
79
+ - L3
80
+ validations:
81
+ required: true
82
+
83
+ - type: textarea
84
+ id: context
85
+ attributes:
86
+ label: Additional context
87
+ description: Optional background, links, or prior art.
88
+ validations:
89
+ required: false
@@ -0,0 +1,17 @@
1
+ ---
2
+ name: implementer
3
+ description: Implement tasks with read, edit, and test tools. Default L1 agent.
4
+ tools: ["read", "edit", "search", "execute"]
5
+ handoffs:
6
+ - agent: triager
7
+ when: Task classification unclear
8
+ ---
9
+
10
+ # Implementer
11
+
12
+ 1. Read the Issue CC-SD contract: `Goal`, `Non-goals`, `Constraints`, `Acceptance criteria`, `Rollback hints`.
13
+ 2. Treat `Goal`, `Non-goals`, `Constraints`, and `Acceptance criteria` as the implementation boundary.
14
+ 3. Implement minimal change within autonomy size limits.
15
+ 4. Run stack-appropriate tests locally or in CI.
16
+ 5. Open draft PR summarizing contract-relevant points (`Goal implemented`, `Non-goals preserved`, `Constraints handled`, `Acceptance criteria`, `Rollback`).
17
+ 6. Never approve your own PR.
@@ -0,0 +1,18 @@
1
+ ---
2
+ name: reviewer
3
+ description: Review PRs against acceptance criteria. Read-only, no edits.
4
+ tools: ["read", "search"]
5
+ ---
6
+
7
+ # Reviewer
8
+
9
+ Evaluate PRs using docs/arch.md §5.5 and the linked Issue CC-SD contract:
10
+
11
+ 1. **Requirement fit** — `Goal` and `Acceptance criteria` met?
12
+ 2. **Non-goal preservation** — out-of-scope items from `Non-goals` untouched?
13
+ 3. **Boundary compliance** — `Constraints` respected?
14
+ 4. Test adequacy — tests constrain the change?
15
+ 5. Accountability — eval scores, cost, trace links present?
16
+ 6. **Rollback ease** — `Rollback hints` / PR `Rollback` section plausible?
17
+
18
+ Compare **Issue → PR summary → diff** in one pass. Post review comments only; do not push commits.
@@ -0,0 +1,13 @@
1
+ ---
2
+ name: triager
3
+ description: Classify issues with task_class and autonomy labels. Read-only.
4
+ tools: ["read"]
5
+ ---
6
+
7
+ # Triager
8
+
9
+ 1. Read the Issue CC-SD contract: `Goal`, `Non-goals`, `Constraints`, `Acceptance criteria`, `Rollback hints`.
10
+ 2. Assign exactly one `task:*` label and one `autonomy:*` label per docs/operations.md.
11
+ 3. For `task:docs` or `task:test-fix` with `autonomy:L1`: verify all five CC-SD fields are present and usable (not blank or placeholder-only). **No usable CC-SD contract, no L1 delegation** — request author fixes or assign lower autonomy.
12
+ 4. Hand off to implementer for L1+ tasks with a complete contract.
13
+ 5. Do not edit code or create PRs.
@@ -0,0 +1,9 @@
1
+ {
2
+ "entries": {
3
+ "github/gh-aw-actions/setup@v0.81.6": {
4
+ "repo": "github/gh-aw-actions/setup",
5
+ "version": "v0.81.6",
6
+ "sha": "ba6380cc6e5be5d21677bebe04d52fb48e3abec7"
7
+ }
8
+ }
9
+ }
@@ -0,0 +1,35 @@
1
+ # Copilot instructions — global harness policy
2
+
3
+ ## Principles
4
+
5
+ 1. Walls are deterministic — never rely on prompt politeness alone.
6
+ 2. No destructive commands (`git push --force`, `rm -rf /`, production DB).
7
+ 3. Respect change size limits per autonomy level (see docs/operations.md).
8
+ 4. Out of scope: production secrets, billing, legal, PII without human approval.
9
+
10
+ ## CC-SD contract (L1 docs / test-fix)
11
+
12
+ When implementing `task:docs` or `task:test-fix` at `autonomy:L1`, treat the Issue as the spec:
13
+
14
+ - `Goal`, `Non-goals`, `Constraints`, `Acceptance criteria`, `Rollback hints` (required)
15
+ - `Additional context` (optional)
16
+
17
+ Implementer boundary: `Goal`, `Non-goals`, `Constraints`, `Acceptance criteria`.
18
+ Reviewer checks requirement fit and non-goal preservation.
19
+ v1 does not enforce CC-SD on `feature-small`, `infra`, or `security-sensitive`.
20
+
21
+ ## Change size
22
+
23
+ - L1: max 300 LOC, 8 files
24
+ - L2: max 120 LOC, 4 files
25
+ - L3: max 60 LOC, 2 files
26
+
27
+ Split large changes instead of exceeding limits.
28
+
29
+ ## Task classes
30
+
31
+ Use Issue labels `task:*` and `autonomy:*`. Default to L1 for implementation tasks.
32
+
33
+ ## Review
34
+
35
+ Human gate is PR review only. Mirror the Issue contract in the PR summary and include harness context when available.
@@ -0,0 +1,12 @@
1
+ {
2
+ "version": 1,
3
+ "hooks": [
4
+ {
5
+ "event": "preToolUse",
6
+ "matcher": "shell",
7
+ "pattern": "git push --force|git push -f|rm -rf /|drop database|DROP TABLE",
8
+ "action": "block",
9
+ "message": "Destructive operation blocked by harness policy"
10
+ }
11
+ ]
12
+ }
@@ -0,0 +1,11 @@
1
+ ---
2
+ description: Core harness conventions for all paths
3
+ applyTo: "**/*"
4
+ ---
5
+
6
+ # Core instructions
7
+
8
+ - Match existing code style in the target stack profile.
9
+ - Add or update tests for behavior changes.
10
+ - Keep PRs within autonomy size limits.
11
+ - Do not modify `.github/workflows/` without `task:infra` label and human review.
@@ -0,0 +1,10 @@
1
+ ---
2
+ description: Go conventions
3
+ applyTo: "**/*.go"
4
+ ---
5
+
6
+ # Go profile
7
+
8
+ - Run `go vet` and `go test ./...` before finishing.
9
+ - Follow standard Go project layout.
10
+ - Keep functions focused; document exported symbols.
@@ -0,0 +1,11 @@
1
+ ---
2
+ description: PHP conventions
3
+ applyTo: "**/*.{php,composer.json,composer.lock}"
4
+ ---
5
+
6
+ # PHP profile
7
+
8
+ - Follow PSR-12; use PHP_CodeSniffer or project linter.
9
+ - Tests with PHPUnit in `tests/`.
10
+ - Use Composer; commit `composer.lock` when the project locks dependencies.
11
+ - Type-hint public methods where supported by the project's PHP version.
@@ -0,0 +1,11 @@
1
+ ---
2
+ description: Python conventions
3
+ applyTo: "**/*.py"
4
+ ---
5
+
6
+ # Python profile
7
+
8
+ - Follow PEP 8; use ruff for lint.
9
+ - Type hints on public functions.
10
+ - Tests with pytest in `tests/`.
11
+ - Use virtualenv or project-standard dependency management.
@@ -0,0 +1,11 @@
1
+ ---
2
+ description: Ruby conventions
3
+ applyTo: "**/*.{rb,rake,Gemfile,Gemfile.lock}"
4
+ ---
5
+
6
+ # Ruby profile
7
+
8
+ - Follow project style; use RuboCop for lint.
9
+ - Tests with RSpec in `spec/`.
10
+ - Use Bundler; commit `Gemfile.lock` when the project locks dependencies.
11
+ - Prefer explicit requires or Zeitwerk-style autoloading per project layout.
@@ -0,0 +1,11 @@
1
+ ---
2
+ description: TypeScript and JavaScript conventions
3
+ applyTo: "**/*.{ts,tsx,js,mjs,cjs}"
4
+ ---
5
+
6
+ # TypeScript profile
7
+
8
+ - Use strict TypeScript; run `tsc --noEmit` before finishing.
9
+ - Prefer Biome or project linter for formatting and lint.
10
+ - Tests with Vitest or project test runner.
11
+ - No `any` without justification in PR notes.
@@ -0,0 +1,55 @@
1
+ - name: task:docs
2
+ color: "0E8A16"
3
+ description: Documentation changes
4
+
5
+ - name: task:test-fix
6
+ color: "1D76DB"
7
+ description: Test repair or addition
8
+
9
+ - name: task:refactor
10
+ color: "FBCA04"
11
+ description: Behavior-preserving refactor
12
+
13
+ - name: task:feature-small
14
+ color: "5319E7"
15
+ description: Small feature addition
16
+
17
+ - name: task:dependency-bump
18
+ color: "BFD4F2"
19
+ description: Dependency update
20
+
21
+ - name: task:infra
22
+ color: "D93F0B"
23
+ description: CI, IaC, permissions
24
+
25
+ - name: task:gh-aw-dogfood
26
+ color: "C5DEF5"
27
+ description: Bounded gh-aw validation on sdlc-gh (see docs/gh-aw-dogfood.md)
28
+
29
+ - name: outer-loop:harness-revision
30
+ color: "FEF2C0"
31
+ description: Nightly review routed harness revision work item (#4)
32
+
33
+ - name: outer-loop:wall-addition
34
+ color: "FBCA04"
35
+ description: Nightly review routed wall addition work item (#4)
36
+
37
+ - name: task:security-sensitive
38
+ color: "B60205"
39
+ description: Auth, billing, secrets
40
+
41
+ - name: autonomy:L0
42
+ color: "EDEDED"
43
+ description: Proposal only
44
+
45
+ - name: autonomy:L1
46
+ color: "C2E0C6"
47
+ description: Draft PR, human review required
48
+
49
+ - name: autonomy:L2
50
+ color: "FEF2C0"
51
+ description: Auto-merge candidate after walls
52
+
53
+ - name: autonomy:L3
54
+ color: "E99695"
55
+ description: Limited auto-merge (docs etc.)
@@ -0,0 +1,33 @@
1
+ ## Summary
2
+
3
+ <!-- What changed and why (one paragraph) -->
4
+
5
+ ## Goal implemented
6
+
7
+ <!-- How the PR fulfills the Issue Goal -->
8
+
9
+ ## Non-goals preserved
10
+
11
+ <!-- Confirm out-of-scope items from the Issue were not touched -->
12
+
13
+ ## Constraints handled
14
+
15
+ <!-- How technical/policy limits from the Issue were respected -->
16
+
17
+ ## Acceptance criteria
18
+
19
+ - [ ]
20
+
21
+ ## Rollback
22
+
23
+ <!-- How to revert this change immediately if needed -->
24
+
25
+ ## Harness context (auto-filled when available)
26
+
27
+ | Field | Value |
28
+ |-------|-------|
29
+ | Eval score | |
30
+ | AI credits | |
31
+ | Trace link | |
32
+ | Instructions SHA | |
33
+ | Retry count | |
@@ -0,0 +1,33 @@
1
+ {
2
+ "name": "main-protection",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": {
7
+ "include": ["refs/heads/main"],
8
+ "exclude": []
9
+ }
10
+ },
11
+ "rules": [
12
+ {
13
+ "type": "pull_request",
14
+ "parameters": {
15
+ "required_approving_review_count": 1,
16
+ "dismiss_stale_reviews_on_push": true,
17
+ "require_code_owner_review": true
18
+ }
19
+ },
20
+ {
21
+ "type": "required_status_checks",
22
+ "parameters": {
23
+ "strict_required_status_checks_policy": true,
24
+ "required_status_checks": [
25
+ { "context": "harness-static" },
26
+ { "context": "diff-size" },
27
+ { "context": "issue-spec-check" }
28
+ ]
29
+ }
30
+ }
31
+ ],
32
+ "_comment": "Canonical template for scripts/setup-github.sh. The setup script injects product-ci-{stack} from .harness-stack and keeps issue-spec-check required for all repos."
33
+ }
@@ -0,0 +1,29 @@
1
+ {
2
+ "name": "harness-pr-eval-required",
3
+ "target": "branch",
4
+ "enforcement": "active",
5
+ "conditions": {
6
+ "ref_name": { "include": ["refs/heads/main"] }
7
+ },
8
+ "rules": [
9
+ {
10
+ "type": "pull_request",
11
+ "parameters": {
12
+ "required_approving_review_count": 1,
13
+ "require_code_owner_review": true
14
+ }
15
+ },
16
+ {
17
+ "type": "required_status_checks",
18
+ "parameters": {
19
+ "strict_required_status_checks_policy": true,
20
+ "required_status_checks": [
21
+ { "context": "harness-static" },
22
+ { "context": "select" },
23
+ { "context": "trajectory-conventions" }
24
+ ]
25
+ }
26
+ }
27
+ ],
28
+ "_comment": "Add prompt-eval when GitHub Models is enabled. Apply to harness-asset PRs after eval-ci is green."
29
+ }
@@ -0,0 +1,23 @@
1
+ ---
2
+ name: quality-loop
3
+ description: Verify changes against acceptance criteria before marking complete. Use when implementing or reviewing tasks.
4
+ ---
5
+
6
+ # Quality loop
7
+
8
+ 1. Read Issue CC-SD contract: `Goal`, `Non-goals`, `Constraints`, `Acceptance criteria`, `Rollback hints`.
9
+ 2. Implement minimal change within autonomy limits and non-goals.
10
+ 3. Run stack tests and harness CI locally if possible.
11
+ 4. If checks fail, fix and retry (max per docs/operations.md).
12
+ 5. Update PR with contract summary fields and harness context table.
13
+ 6. Before marking complete, re-check:
14
+ - all `Acceptance criteria` satisfied
15
+ - `Non-goals` were not violated
16
+ - `Constraints` were respected
17
+ - `Rollback hints` remain plausible
18
+ 7. Stop when all criteria are met or escalate on repeated failure.
19
+
20
+ ## References
21
+
22
+ - docs/operations.md — thresholds and retry policy
23
+ - docs/failure-taxonomy.md — classify failures