@r3dlex/ai-catapult 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +139 -0
- package/bin/ai-catapult.js +229 -0
- package/dist/claude-plugin/.claude-plugin/marketplace.json +28 -0
- package/dist/claude-plugin/.claude-plugin/plugin.json +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/claude-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/claude-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/claude-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/dist/codex-plugin/.codex-plugin/plugin.json +11 -0
- package/dist/codex-plugin/skills/ai-catapult-init/REFERENCE.md +1284 -0
- package/dist/codex-plugin/skills/ai-catapult-init/SKILL.md +79 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/README.md +48 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/archgate.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/brd-prd-traceability.md +64 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/cascade.md +110 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/ci-policy.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/documentation-blueprint.md +185 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/evals.md +93 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/foundation.md +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/host-policy-automation.md +151 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/language-packs.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/mcp-a2a.md +63 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/memory.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/migration.md +107 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/01-discover-decide.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/phases/README.md +33 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/readme-documentation.md +120 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/release-versioning.md +188 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/skill-modernization.md +72 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/sync.md +111 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/topology.md +102 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/traceability.md +136 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/tracker-adapters.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/validation.md +276 -0
- package/dist/codex-plugin/skills/ai-catapult-init/modules/workflow.md +45 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/AGENTS.md +69 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/CLAUDE.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/GEMINI.md +3 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/boundary-manifest.json +247 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/backups/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/drift/last-drift.json +7 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/evals/coverage-exceptions.json +1 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/handoff/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/matrix.json +19 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/a2a-handoff.md +51 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/mcp/registry.json +27 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/audit-checklist.md +32 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/observability/conventions.md +35 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/01-discover-decide/status.json +16 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/02-govern-plan/status.json +15 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/03-configure-generate/status.json +22 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/phases/04-validate-handoff/status.json +18 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/policies/model-routing.json +29 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/reviews/ai-failure-modes.md +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/security.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/rules/technical-bounds.md +38 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/git-ops.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/skills/workspace-sync.json +6 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/architect.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/developer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/system-prompts/qa-engineer.md +31 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/traceability/.gitkeep +0 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.json +42 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-ai/workflows/repo-workflow.md +52 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-github/workflows/ci-prek.yml +21 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/dot-rules.ts +178 -0
- package/dist/codex-plugin/skills/ai-catapult-init/templates/prek.toml +13 -0
- package/package.json +51 -0
- package/scripts/build-claude-plugin.sh +179 -0
- package/scripts/build-codex-plugin.sh +104 -0
- package/scripts/snapshot-dist.sh +26 -0
- package/setup.sh +63 -0
- package/skills.lock.json +6 -0
- package/src/install.js +380 -0
- package/src/scaffold.js +220 -0
|
@@ -0,0 +1,1284 @@
|
|
|
1
|
+
# init-ai-repo — Reference
|
|
2
|
+
|
|
3
|
+
Detailed templates and operational documentation for every artifact the canonical `init-ai-repo` skill emits. The legacy `ai-sdlc-init` name remains a compatibility alias only.
|
|
4
|
+
Companion to [SKILL.md](SKILL.md) (the four-phase workflow entry point).
|
|
5
|
+
|
|
6
|
+
---
|
|
7
|
+
|
|
8
|
+
## Table of Contents
|
|
9
|
+
|
|
10
|
+
1. [Templates](#templates)
|
|
11
|
+
- [.rules.ts template](#rulets-template)
|
|
12
|
+
- [upstream.lock template](#upstreamlock-template)
|
|
13
|
+
- [ci-prek.yml template](#ci-prekyml-template)
|
|
14
|
+
- [prek.toml template](#prektoml-template)
|
|
15
|
+
- [scripts/validate-rules.sh](#scriptsvalidate-rulessh)
|
|
16
|
+
- [scripts/verify-golden-dir.sh (reference only)](#scriptsverify-golden-dirsh-reference-only)
|
|
17
|
+
- [scripts/sync-upstream.sh (design pattern)](#scriptssync-upstreamsh-design-pattern)
|
|
18
|
+
- [.gitignore AI SDLC additions](#gitignore-ai-sdlc-additions)
|
|
19
|
+
- [raw/docs/incident-template.md](#rawdocsincident-templatemd)
|
|
20
|
+
- [docs/adr/ADR-TEMPLATE.md](#docsadradr-templatemd)
|
|
21
|
+
- [docs/adr/ADR-0001-record-architecture-decisions.md](#docsadradr-0001-record-architecture-decisionsmd)
|
|
22
|
+
- [.agents/skills/karpathy-guidelines/SKILL.md](#agentsskillskarpathy-guidelinesskillmd)
|
|
23
|
+
- [.agents/skills/karpathy-guidelines/REFERENCE.md](#agentsskillskarpathy-guidelinesreferencemd)
|
|
24
|
+
- [AGENTS.md append content](#agentsmd-append-content)
|
|
25
|
+
- [CLAUDE.md append content](#claudemd-append-content)
|
|
26
|
+
- [README.md append content](#readmemd-append-content)
|
|
27
|
+
2. [Idempotency Guard Logic](#idempotency-guard-logic)
|
|
28
|
+
3. [Setup-Skills Interaction](#setup-skills-interaction)
|
|
29
|
+
4. [Agent Behaviors](#agent-behaviors)
|
|
30
|
+
5. [Invocation Strategy](#invocation-strategy)
|
|
31
|
+
6. [Prek Installation](#prek-installation)
|
|
32
|
+
7. [upstream.lock Sync Procedure](#upstreamlock-sync-procedure)
|
|
33
|
+
|
|
34
|
+
---
|
|
35
|
+
|
|
36
|
+
## Templates
|
|
37
|
+
|
|
38
|
+
### `.rules.ts` template
|
|
39
|
+
|
|
40
|
+
Archgate rules file. Five named domain exports, each a typed const array. The skill writes this
|
|
41
|
+
file verbatim; teams customize rule entries after scaffolding.
|
|
42
|
+
|
|
43
|
+
```typescript
|
|
44
|
+
// .rules.ts — Archgate domain rules
|
|
45
|
+
// Each rule: name, severity ("error" | "warn" | "info"), match pattern, and example.
|
|
46
|
+
// This file is validated by scripts/validate-rules.sh (structural check only).
|
|
47
|
+
// Semantic enforcement is an agent behavior at PR review time.
|
|
48
|
+
|
|
49
|
+
export interface Rule {
|
|
50
|
+
name: string;
|
|
51
|
+
severity: "error" | "warn" | "info";
|
|
52
|
+
match: string;
|
|
53
|
+
violation?: string;
|
|
54
|
+
correction?: string;
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
// ─── backend ────────────────────────────────────────────────────────────────
|
|
58
|
+
|
|
59
|
+
export const backend: Rule[] = [
|
|
60
|
+
{
|
|
61
|
+
name: "api-versioning",
|
|
62
|
+
severity: "error",
|
|
63
|
+
match: "All public REST endpoints must include a version prefix (/v1/, /v2/, …).",
|
|
64
|
+
violation: "POST /users/create",
|
|
65
|
+
correction: "POST /v1/users",
|
|
66
|
+
},
|
|
67
|
+
{
|
|
68
|
+
name: "error-shape",
|
|
69
|
+
severity: "error",
|
|
70
|
+
match: "Error responses must use { error: { code, message, details? } } shape.",
|
|
71
|
+
violation: 'res.status(400).json({ msg: "bad input" })',
|
|
72
|
+
correction: 'res.status(400).json({ error: { code: "INVALID_INPUT", message: "…" } })',
|
|
73
|
+
},
|
|
74
|
+
{
|
|
75
|
+
name: "no-sql-injection-patterns",
|
|
76
|
+
severity: "error",
|
|
77
|
+
match: "String interpolation must not be used to build SQL queries.",
|
|
78
|
+
violation: '`SELECT * FROM users WHERE id = ${req.params.id}`',
|
|
79
|
+
correction: "db.query('SELECT * FROM users WHERE id = $1', [req.params.id])",
|
|
80
|
+
},
|
|
81
|
+
{
|
|
82
|
+
name: "middleware-order",
|
|
83
|
+
severity: "warn",
|
|
84
|
+
match: "Auth middleware must be registered before route handlers.",
|
|
85
|
+
violation: "router.get('/admin', handler, authMiddleware)",
|
|
86
|
+
correction: "router.get('/admin', authMiddleware, handler)",
|
|
87
|
+
},
|
|
88
|
+
];
|
|
89
|
+
|
|
90
|
+
// ─── frontend ────────────────────────────────────────────────────────────────
|
|
91
|
+
|
|
92
|
+
export const frontend: Rule[] = [
|
|
93
|
+
{
|
|
94
|
+
name: "component-naming",
|
|
95
|
+
severity: "error",
|
|
96
|
+
match: "React components must use PascalCase filenames and exports.",
|
|
97
|
+
violation: "export function userCard() { … } // file: userCard.tsx",
|
|
98
|
+
correction: "export function UserCard() { … } // file: UserCard.tsx",
|
|
99
|
+
},
|
|
100
|
+
{
|
|
101
|
+
name: "props-interface",
|
|
102
|
+
severity: "error",
|
|
103
|
+
match: "Component props must be defined as a named TypeScript interface, not inline.",
|
|
104
|
+
violation: "function Button({ label }: { label: string }) { … }",
|
|
105
|
+
correction: "interface ButtonProps { label: string }\nfunction Button({ label }: ButtonProps) { … }",
|
|
106
|
+
},
|
|
107
|
+
{
|
|
108
|
+
name: "hook-patterns",
|
|
109
|
+
severity: "warn",
|
|
110
|
+
match: "Custom hooks must start with 'use' and return a typed object, not a tuple.",
|
|
111
|
+
violation: "function getUser() { … } // not a hook",
|
|
112
|
+
correction: "function useUser(): { user: User; loading: boolean } { … }",
|
|
113
|
+
},
|
|
114
|
+
{
|
|
115
|
+
name: "css-methodology",
|
|
116
|
+
severity: "info",
|
|
117
|
+
match: "Style declarations must use the project's CSS methodology (Tailwind/CSS Modules/…). Inline styles are prohibited except for dynamic values.",
|
|
118
|
+
violation: '<div style={{ color: "red" }}>',
|
|
119
|
+
correction: '<div className="text-red-500"> // or CSS module equivalent',
|
|
120
|
+
},
|
|
121
|
+
];
|
|
122
|
+
|
|
123
|
+
// ─── data ────────────────────────────────────────────────────────────────────
|
|
124
|
+
|
|
125
|
+
export const data: Rule[] = [
|
|
126
|
+
{
|
|
127
|
+
name: "migration-naming",
|
|
128
|
+
severity: "error",
|
|
129
|
+
match: "Database migration files must follow the pattern YYYYMMDDHHMMSS_<slug>.sql.",
|
|
130
|
+
violation: "add_users_table.sql",
|
|
131
|
+
correction: "20260101120000_add_users_table.sql",
|
|
132
|
+
},
|
|
133
|
+
{
|
|
134
|
+
name: "query-batching",
|
|
135
|
+
severity: "warn",
|
|
136
|
+
match: "ORM queries inside loops are prohibited. Use batch/bulk methods or DataLoader.",
|
|
137
|
+
violation: "for (const id of ids) { await User.findOne(id); }",
|
|
138
|
+
correction: "await User.findAll({ where: { id: ids } });",
|
|
139
|
+
},
|
|
140
|
+
{
|
|
141
|
+
name: "cache-invalidation",
|
|
142
|
+
severity: "warn",
|
|
143
|
+
match: "Cache entries must be invalidated in the same transaction/service that mutates the source data.",
|
|
144
|
+
violation: "updateUser(id, data); // cache cleared in a separate cron",
|
|
145
|
+
correction: "await Promise.all([updateUser(id, data), cache.del(`user:${id}`)])",
|
|
146
|
+
},
|
|
147
|
+
];
|
|
148
|
+
|
|
149
|
+
// ─── architecture ────────────────────────────────────────────────────────────
|
|
150
|
+
|
|
151
|
+
export const architecture: Rule[] = [
|
|
152
|
+
{
|
|
153
|
+
name: "layer-boundaries",
|
|
154
|
+
severity: "error",
|
|
155
|
+
match: "Route handlers must not import from the data layer directly. All data access goes through a service layer.",
|
|
156
|
+
violation: "import { db } from '../db' // inside routes/users.ts",
|
|
157
|
+
correction: "import { UserService } from '../services/UserService'",
|
|
158
|
+
},
|
|
159
|
+
{
|
|
160
|
+
name: "dependency-direction",
|
|
161
|
+
severity: "error",
|
|
162
|
+
match: "Dependencies must only flow inward (domain ← application ← infrastructure). Infrastructure must not import from the domain layer.",
|
|
163
|
+
violation: "import { User } from '../../domain/User' // inside infrastructure/",
|
|
164
|
+
correction: "Depend on the port interface, not the domain entity directly.",
|
|
165
|
+
},
|
|
166
|
+
{
|
|
167
|
+
name: "module-exports",
|
|
168
|
+
severity: "warn",
|
|
169
|
+
match: "Each module directory must have an index.ts that re-exports only its public surface.",
|
|
170
|
+
violation: "import { helper } from '../auth/internal/helper'",
|
|
171
|
+
correction: "import { helper } from '../auth' // via index.ts barrel",
|
|
172
|
+
},
|
|
173
|
+
{
|
|
174
|
+
name: "no-circular-dependencies",
|
|
175
|
+
severity: "error",
|
|
176
|
+
match: "Circular imports between modules are prohibited.",
|
|
177
|
+
violation: "// moduleA imports moduleB, moduleB imports moduleA",
|
|
178
|
+
correction: "Extract shared logic into a third module that neither A nor B imports.",
|
|
179
|
+
},
|
|
180
|
+
];
|
|
181
|
+
|
|
182
|
+
// ─── general ─────────────────────────────────────────────────────────────────
|
|
183
|
+
|
|
184
|
+
export const general: Rule[] = [
|
|
185
|
+
{
|
|
186
|
+
name: "file-naming",
|
|
187
|
+
severity: "warn",
|
|
188
|
+
match: "Source files must use kebab-case. Test files must end in .test.ts or .spec.ts.",
|
|
189
|
+
violation: "UserService.ts, userservice.spec.ts",
|
|
190
|
+
correction: "user-service.ts, user-service.spec.ts",
|
|
191
|
+
},
|
|
192
|
+
{
|
|
193
|
+
name: "function-length",
|
|
194
|
+
severity: "warn",
|
|
195
|
+
match: "Functions must not exceed 40 lines. Extract logical sections into named helpers.",
|
|
196
|
+
violation: "// 80-line parseAndValidateAndSaveUser function",
|
|
197
|
+
correction: "parseUser(), validateUser(), saveUser() — each ≤ 40 lines",
|
|
198
|
+
},
|
|
199
|
+
{
|
|
200
|
+
name: "test-structure",
|
|
201
|
+
severity: "error",
|
|
202
|
+
match: "Tests must follow the Arrange-Act-Assert pattern with one assertion group per test.",
|
|
203
|
+
violation: "it('works', () => { /* 20 lines of mixed setup and assertions */ })",
|
|
204
|
+
correction: "it('returns 404 when user not found', () => { /* Arrange / Act / Assert */ })",
|
|
205
|
+
},
|
|
206
|
+
{
|
|
207
|
+
name: "import-ordering",
|
|
208
|
+
severity: "info",
|
|
209
|
+
match: "Imports must be ordered: Node built-ins → external packages → internal modules. Groups separated by a blank line.",
|
|
210
|
+
violation: "import { UserService } from './services'\nimport path from 'path'\nimport express from 'express'",
|
|
211
|
+
correction: "import path from 'path'\n\nimport express from 'express'\n\nimport { UserService } from './services'",
|
|
212
|
+
},
|
|
213
|
+
{
|
|
214
|
+
name: "comment-policy",
|
|
215
|
+
severity: "info",
|
|
216
|
+
match: "Comments must explain WHY, not WHAT. Do not comment code that is self-explanatory.",
|
|
217
|
+
violation: "// increment counter\ncounter++;",
|
|
218
|
+
correction: "// Retry budget: max 3 attempts before circuit-breaker trips\ncounter++;",
|
|
219
|
+
},
|
|
220
|
+
];
|
|
221
|
+
```
|
|
222
|
+
|
|
223
|
+
---
|
|
224
|
+
|
|
225
|
+
### `upstream.lock` template
|
|
226
|
+
|
|
227
|
+
Written by Step 3. The skill resolves `<SHA>` at scaffold time via
|
|
228
|
+
`git ls-remote https://github.com/mattpocock/skills.git HEAD`.
|
|
229
|
+
|
|
230
|
+
```yaml
|
|
231
|
+
source: mattpocock/skills
|
|
232
|
+
via: r3dlex/skills
|
|
233
|
+
pinned_sha: <SHA from git ls-remote https://github.com/mattpocock/skills.git HEAD>
|
|
234
|
+
updated: <YYYY-MM-DD>
|
|
235
|
+
sync_script: scripts/sync-upstream.sh
|
|
236
|
+
```
|
|
237
|
+
|
|
238
|
+
---
|
|
239
|
+
|
|
240
|
+
### `.github/workflows/ci-prek.yml` template
|
|
241
|
+
|
|
242
|
+
A **separate** workflow file. Never merged into an existing `ci.yml`.
|
|
243
|
+
Uses `j178/prek-action@v2`. The `extra-args: '--all-files'` key is required — there is no
|
|
244
|
+
bare `args:` key in this action.
|
|
245
|
+
|
|
246
|
+
```yaml
|
|
247
|
+
name: AI SDLC Pre-commit Checks
|
|
248
|
+
|
|
249
|
+
on:
|
|
250
|
+
push:
|
|
251
|
+
branches: [main]
|
|
252
|
+
pull_request:
|
|
253
|
+
branches: [main]
|
|
254
|
+
|
|
255
|
+
jobs:
|
|
256
|
+
prek-check:
|
|
257
|
+
name: Pre-commit Hooks
|
|
258
|
+
runs-on: ubuntu-latest
|
|
259
|
+
|
|
260
|
+
steps:
|
|
261
|
+
- name: Checkout
|
|
262
|
+
uses: actions/checkout@v4
|
|
263
|
+
|
|
264
|
+
- name: Run prek
|
|
265
|
+
uses: j178/prek-action@v2
|
|
266
|
+
with:
|
|
267
|
+
extra-args: '--all-files'
|
|
268
|
+
```
|
|
269
|
+
|
|
270
|
+
---
|
|
271
|
+
|
|
272
|
+
### `prek.toml` template
|
|
273
|
+
|
|
274
|
+
Hook configuration consumed by prek. prek expects the same schema as `.pre-commit-config.yaml`
|
|
275
|
+
(top-level `repos` array). Each repo entry has its own hooks. For Archgate, use a `local` repo
|
|
276
|
+
with the `validate-rules` hook — prek delegates `.rules.ts` validation to the shell script.
|
|
277
|
+
|
|
278
|
+
```toml
|
|
279
|
+
# prek configuration — pre-commit hook manager (Rust-based, github.com/j178/prek)
|
|
280
|
+
# Schema mirrors `.pre-commit-config.yaml` (top-level `repos` field).
|
|
281
|
+
|
|
282
|
+
[[repos]]
|
|
283
|
+
repo = "local"
|
|
284
|
+
|
|
285
|
+
[[repos.hooks]]
|
|
286
|
+
id = "validate-rules"
|
|
287
|
+
name = "Validate Archgate rules structure"
|
|
288
|
+
entry = "bash scripts/validate-rules.sh"
|
|
289
|
+
language = "system"
|
|
290
|
+
files = '\.rules\.ts$'
|
|
291
|
+
exclude = '^reference/golden-(skills|root)/'
|
|
292
|
+
pass_filenames = false
|
|
293
|
+
```
|
|
294
|
+
|
|
295
|
+
> **Why `pass_filenames = false`:** the script validates the canonical
|
|
296
|
+
> repo-root `.rules.ts`, not whatever files prek happened to match. With
|
|
297
|
+
> `pass_filenames = true`, prek would pass the matched files as positional
|
|
298
|
+
> args; the script would then only check `$1` and miss broken siblings.
|
|
299
|
+
> The `exclude` pattern prevents prek from running the hook against golden-dir
|
|
300
|
+
> baseline copies of `.rules.ts`.
|
|
301
|
+
|
|
302
|
+
> **Note:** Add more `[[repos]]` blocks for hosted hook collections (e.g.
|
|
303
|
+
> `https://github.com/pre-commit/pre-commit-hooks` for `trailing-whitespace`, `end-of-file-fixer`).
|
|
304
|
+
> Each hook within a `[[repos]]` block is added as a `[[repos.hooks]]` entry. The minimal local-only
|
|
305
|
+
> config above is what the init-ai-repo scaffold emits — extend it per project.
|
|
306
|
+
|
|
307
|
+
---
|
|
308
|
+
|
|
309
|
+
### `scripts/validate-rules.sh`
|
|
310
|
+
|
|
311
|
+
This is the script that `prek.toml`'s `validate-rules` hook executes. It checks structural
|
|
312
|
+
integrity of `.rules.ts`: five required domain exports present and optional TypeScript syntax
|
|
313
|
+
verification via `tsx`.
|
|
314
|
+
|
|
315
|
+
```bash
|
|
316
|
+
#!/usr/bin/env bash
|
|
317
|
+
# validate-rules.sh — Structural validation of .rules.ts
|
|
318
|
+
# Checks that .rules.ts: (a) is valid TypeScript syntax, (b) exports
|
|
319
|
+
# all 5 required Archgate domains as const arrays with name+severity+match fields.
|
|
320
|
+
# This is NOT a full semantic check — it validates the rule STRUCTURE,
|
|
321
|
+
# not whether the rules are correct for the codebase.
|
|
322
|
+
|
|
323
|
+
set -euo pipefail
|
|
324
|
+
|
|
325
|
+
RULES_FILE="${1:-.rules.ts}"
|
|
326
|
+
errors=0
|
|
327
|
+
|
|
328
|
+
echo "=== Archgate Rules Validation ==="
|
|
329
|
+
|
|
330
|
+
# Check file exists
|
|
331
|
+
if [ ! -f "$RULES_FILE" ]; then
|
|
332
|
+
echo "FAIL: $RULES_FILE not found"
|
|
333
|
+
exit 1
|
|
334
|
+
fi
|
|
335
|
+
|
|
336
|
+
# Check 5 required domain exports (backend, frontend, data, architecture, general)
|
|
337
|
+
for domain in backend frontend data architecture general; do
|
|
338
|
+
if ! grep -q "export const $domain" "$RULES_FILE" 2>/dev/null; then
|
|
339
|
+
echo "FAIL: Missing required domain export: $domain"
|
|
340
|
+
errors=$((errors + 1))
|
|
341
|
+
else
|
|
342
|
+
echo "OK: $domain domain present"
|
|
343
|
+
fi
|
|
344
|
+
done
|
|
345
|
+
|
|
346
|
+
# Check TypeScript syntax with node --check (requires Node.js)
|
|
347
|
+
if command -v node &>/dev/null; then
|
|
348
|
+
# Transpile check: can npx tsx parse it?
|
|
349
|
+
if npx --yes tsx --eval "import('./.rules.ts').then(m => { const domains = ['backend','frontend','data','architecture','general']; domains.forEach(d => { if(!m[d]) throw new Error('Missing: '+d) }); console.log('TypeScript syntax OK'); process.exit(0); }).catch(e => { console.error(e.message); process.exit(1); })" 2>/dev/null; then
|
|
350
|
+
:
|
|
351
|
+
else
|
|
352
|
+
echo "WARNING: TypeScript syntax check failed (tsx not available or parse error)"
|
|
353
|
+
fi
|
|
354
|
+
else
|
|
355
|
+
echo "SKIP: Node.js not available for syntax check"
|
|
356
|
+
fi
|
|
357
|
+
|
|
358
|
+
echo "=== Result ==="
|
|
359
|
+
if [ "$errors" -eq 0 ]; then
|
|
360
|
+
echo "PASS: All 5 Archgate domains present."
|
|
361
|
+
exit 0
|
|
362
|
+
else
|
|
363
|
+
echo "FAIL: $errors domain(s) missing from .rules.ts"
|
|
364
|
+
exit 1
|
|
365
|
+
fi
|
|
366
|
+
```
|
|
367
|
+
|
|
368
|
+
---
|
|
369
|
+
|
|
370
|
+
### `scripts/verify-golden-dir.sh` (reference only)
|
|
371
|
+
|
|
372
|
+
The `verify-golden-dir.sh` script lives at `scripts/verify-golden-dir.sh` in the skills repo.
|
|
373
|
+
It is a **pure diff-and-report tool** — it does not invoke the skill, it compares a real repo
|
|
374
|
+
against a golden directory that the developer has already scaffolded.
|
|
375
|
+
|
|
376
|
+
Key behaviours:
|
|
377
|
+
- Excludes `upstream.lock` from content diff (SHA drifts when upstream pushes). Instead it
|
|
378
|
+
validates only structural fields (`source:`, `via:`, `pinned_sha:`, `sync_script:`).
|
|
379
|
+
- Validates `.rules.ts` by calling `scripts/validate-rules.sh` — not via `prek --rules`
|
|
380
|
+
(no such flag exists).
|
|
381
|
+
- Checks for `<!-- ai-sdlc-init:start -->` marker presence in `AGENTS.md`, `CLAUDE.md`,
|
|
382
|
+
`README.md`, and `.gitignore`.
|
|
383
|
+
- Checks that `.github/workflows/ci-prek.yml` exists.
|
|
384
|
+
- Exits `0` on full pass, `1` on any failure.
|
|
385
|
+
|
|
386
|
+
Run after scaffolding a target repo:
|
|
387
|
+
|
|
388
|
+
```bash
|
|
389
|
+
bash scripts/verify-golden-dir.sh /path/to/target-repo skills/reference/golden-skills
|
|
390
|
+
```
|
|
391
|
+
|
|
392
|
+
---
|
|
393
|
+
|
|
394
|
+
### `scripts/sync-upstream.sh` (design pattern)
|
|
395
|
+
|
|
396
|
+
This is a **documented design pattern**, not a working script. The file is created with a
|
|
397
|
+
`# NOT IMPLEMENTED` header so future contributors can see the intended logic.
|
|
398
|
+
|
|
399
|
+
```bash
|
|
400
|
+
#!/usr/bin/env bash
|
|
401
|
+
# sync-upstream.sh — DESIGN PATTERN (not a working script)
|
|
402
|
+
# Future implementation guide for syncing with mattpocock/skills upstream.
|
|
403
|
+
#
|
|
404
|
+
# Pseudocode:
|
|
405
|
+
# 1. Fetch the current HEAD SHA from upstream:
|
|
406
|
+
# UPSTREAM_SHA=$(git ls-remote https://github.com/mattpocock/skills.git HEAD | cut -f1)
|
|
407
|
+
# 2. Read the pinned_sha from upstream.lock:
|
|
408
|
+
# PINNED_SHA=$(grep 'pinned_sha:' upstream.lock | awk '{print $2}')
|
|
409
|
+
# 3. If UPSTREAM_SHA == PINNED_SHA: echo "Already up to date." && exit 0
|
|
410
|
+
# 4. Run git diff between pinned_sha and upstream HEAD on the remote (sparse clone or API diff):
|
|
411
|
+
# Generate list of changed files since PINNED_SHA
|
|
412
|
+
# 5. For each changed file in .agents/skills/:
|
|
413
|
+
# - Show the diff to the developer
|
|
414
|
+
# - Ask: "Apply this change? [y/N]"
|
|
415
|
+
# - If yes: copy the updated file into the local .agents/skills/ tree
|
|
416
|
+
# 6. Update upstream.lock with the new SHA and today's date.
|
|
417
|
+
# 7. Stage the changes for review: git add -p
|
|
418
|
+
#
|
|
419
|
+
# This script is intentionally incomplete. Upstream sync should be a deliberate
|
|
420
|
+
# human-reviewed process, not an automated overwrite.
|
|
421
|
+
|
|
422
|
+
echo "sync-upstream.sh is not yet implemented."
|
|
423
|
+
echo "See REFERENCE.md → upstream.lock Sync Procedure for the design intent."
|
|
424
|
+
exit 1
|
|
425
|
+
```
|
|
426
|
+
|
|
427
|
+
---
|
|
428
|
+
|
|
429
|
+
### `.gitignore` AI SDLC additions
|
|
430
|
+
|
|
431
|
+
Append the following block to the repo's `.gitignore`. The marker comments use `#` syntax
|
|
432
|
+
(gitignore format) wrapping the HTML-comment namespace token so the idempotency guard can
|
|
433
|
+
still detect them via grep.
|
|
434
|
+
|
|
435
|
+
```gitignore
|
|
436
|
+
# <!-- ai-sdlc-init:start -->
|
|
437
|
+
# AI SDLC artifacts
|
|
438
|
+
upstream-pocock/
|
|
439
|
+
.prek-cache/
|
|
440
|
+
# <!-- ai-sdlc-init:end -->
|
|
441
|
+
```
|
|
442
|
+
|
|
443
|
+
---
|
|
444
|
+
|
|
445
|
+
### `raw/docs/incident-template.md`
|
|
446
|
+
|
|
447
|
+
Copy to `raw/docs/INC-YYYY-MM-DD-slug.md` and fill in each section.
|
|
448
|
+
Naming convention: `INC-2026-05-22-api-outage.md`.
|
|
449
|
+
|
|
450
|
+
```markdown
|
|
451
|
+
# INC-YYYY-MM-DD — <short title>
|
|
452
|
+
|
|
453
|
+
**Status:** Open | Investigating | Resolved
|
|
454
|
+
**Severity:** P0 | P1 | P2 | P3
|
|
455
|
+
**Incident commander:** @handle
|
|
456
|
+
**Date opened:** YYYY-MM-DD HH:MM UTC
|
|
457
|
+
**Date resolved:** YYYY-MM-DD HH:MM UTC (leave blank if open)
|
|
458
|
+
|
|
459
|
+
---
|
|
460
|
+
|
|
461
|
+
## Summary
|
|
462
|
+
|
|
463
|
+
One paragraph. What happened, what was affected, and the outcome.
|
|
464
|
+
|
|
465
|
+
## Timeline
|
|
466
|
+
|
|
467
|
+
| Time (UTC) | Event |
|
|
468
|
+
|-----------|-------|
|
|
469
|
+
| HH:MM | First alert fired |
|
|
470
|
+
| HH:MM | On-call engineer paged |
|
|
471
|
+
| HH:MM | Root cause identified |
|
|
472
|
+
| HH:MM | Mitigation applied |
|
|
473
|
+
| HH:MM | Service restored |
|
|
474
|
+
|
|
475
|
+
## Root Cause
|
|
476
|
+
|
|
477
|
+
Describe the technical root cause. Use the 5-Whys if helpful:
|
|
478
|
+
|
|
479
|
+
1. Why did X fail? → Because Y
|
|
480
|
+
2. Why did Y happen? → Because Z
|
|
481
|
+
3. …
|
|
482
|
+
|
|
483
|
+
## Impact
|
|
484
|
+
|
|
485
|
+
- **Users affected:** N (estimated)
|
|
486
|
+
- **Duration:** HH hours MM minutes
|
|
487
|
+
- **Services affected:** list services, endpoints, or features
|
|
488
|
+
- **Data loss:** Yes / No / Under investigation
|
|
489
|
+
|
|
490
|
+
## Action Items
|
|
491
|
+
|
|
492
|
+
| # | Action | Owner | Due date | Status |
|
|
493
|
+
|---|--------|-------|----------|--------|
|
|
494
|
+
| 1 | Add circuit breaker to payment service | @handle | YYYY-MM-DD | Open |
|
|
495
|
+
| 2 | Add alerting for DB connection pool exhaustion | @handle | YYYY-MM-DD | Open |
|
|
496
|
+
|
|
497
|
+
## Blameless Statement
|
|
498
|
+
|
|
499
|
+
This incident review is conducted in the spirit of blameless post-mortems.
|
|
500
|
+
Systems fail; our goal is to understand failure modes and improve resilience —
|
|
501
|
+
not to assign individual blame. All contributors are encouraged to share
|
|
502
|
+
observations candidly.
|
|
503
|
+
```
|
|
504
|
+
|
|
505
|
+
---
|
|
506
|
+
|
|
507
|
+
### `docs/adr/ADR-TEMPLATE.md`
|
|
508
|
+
|
|
509
|
+
MADR (Markdown Architectural Decision Records) format.
|
|
510
|
+
|
|
511
|
+
```markdown
|
|
512
|
+
# ADR-NNNN — <title>
|
|
513
|
+
|
|
514
|
+
**Status:** Proposed | Accepted | Deprecated | Superseded by ADR-MMMM
|
|
515
|
+
**Date:** YYYY-MM-DD
|
|
516
|
+
**Deciders:** @handle1, @handle2
|
|
517
|
+
|
|
518
|
+
---
|
|
519
|
+
|
|
520
|
+
## Context
|
|
521
|
+
|
|
522
|
+
What is the issue that motivates this decision? What forces are at play
|
|
523
|
+
(technical, organisational, constraints)? Be specific about the problem space.
|
|
524
|
+
|
|
525
|
+
## Decision
|
|
526
|
+
|
|
527
|
+
State the decision in one sentence. Then explain the reasoning.
|
|
528
|
+
|
|
529
|
+
> We will [do X] because [reason Y].
|
|
530
|
+
|
|
531
|
+
## Consequences
|
|
532
|
+
|
|
533
|
+
### Positive
|
|
534
|
+
- …
|
|
535
|
+
|
|
536
|
+
### Negative
|
|
537
|
+
- …
|
|
538
|
+
|
|
539
|
+
### Neutral / Trade-offs
|
|
540
|
+
- …
|
|
541
|
+
|
|
542
|
+
## Compliance
|
|
543
|
+
|
|
544
|
+
How will adherence to this decision be verified? Options:
|
|
545
|
+
- Agent behavior (drift-check at PR review time)
|
|
546
|
+
- Automated lint rule in `.rules.ts`
|
|
547
|
+
- Manual review checklist in pull request template
|
|
548
|
+
- N/A — decision is structural, enforced by directory layout
|
|
549
|
+
```
|
|
550
|
+
|
|
551
|
+
---
|
|
552
|
+
|
|
553
|
+
### `docs/adr/ADR-0001-record-architecture-decisions.md`
|
|
554
|
+
|
|
555
|
+
Bootstrap ADR. Records the meta-decision to use ADRs.
|
|
556
|
+
|
|
557
|
+
```markdown
|
|
558
|
+
# ADR-0001 — Record Architecture Decisions
|
|
559
|
+
|
|
560
|
+
**Status:** Accepted
|
|
561
|
+
**Date:** <scaffold date>
|
|
562
|
+
**Deciders:** project maintainers
|
|
563
|
+
|
|
564
|
+
---
|
|
565
|
+
|
|
566
|
+
## Context
|
|
567
|
+
|
|
568
|
+
Architectural decisions accumulate silently in codebases. When a contributor asks
|
|
569
|
+
"why is this structured this way?", the answer lives in someone's memory or an
|
|
570
|
+
old Slack thread — not in the repository. New contributors repeat the same
|
|
571
|
+
trade-off analysis and sometimes reverse decisions whose rationale was sound but
|
|
572
|
+
undocumented.
|
|
573
|
+
|
|
574
|
+
We need a lightweight, version-controlled way to capture significant architectural
|
|
575
|
+
decisions alongside the code they describe.
|
|
576
|
+
|
|
577
|
+
## Decision
|
|
578
|
+
|
|
579
|
+
We will record architecturally significant decisions in `docs/adr/` using MADR
|
|
580
|
+
(Markdown Architectural Decision Records) format. Each ADR is a numbered file:
|
|
581
|
+
`ADR-NNNN-slug.md`. ADRs are immutable once accepted; superseded ADRs are marked
|
|
582
|
+
"Superseded by ADR-MMMM" rather than deleted.
|
|
583
|
+
|
|
584
|
+
An ADR is warranted when a decision:
|
|
585
|
+
- Is hard to reverse without significant rework
|
|
586
|
+
- Involves non-obvious trade-offs
|
|
587
|
+
- Affects multiple modules or teams
|
|
588
|
+
- Contradicts a common default or industry practice
|
|
589
|
+
|
|
590
|
+
## Consequences
|
|
591
|
+
|
|
592
|
+
### Positive
|
|
593
|
+
- Decisions are traceable to the commit that introduced them.
|
|
594
|
+
- New contributors can understand constraints without asking senior engineers.
|
|
595
|
+
- Drift detection at PR review time has an authoritative source to compare against.
|
|
596
|
+
|
|
597
|
+
### Negative
|
|
598
|
+
- Writing ADRs takes time. Teams may skip them under deadline pressure.
|
|
599
|
+
- Stale ADRs that are never marked "Deprecated" can mislead readers.
|
|
600
|
+
|
|
601
|
+
### Neutral / Trade-offs
|
|
602
|
+
- ADRs capture intent, not enforcement. Compliance verification is an agent
|
|
603
|
+
behavior (see AGENTS.md — Drift Verification Protocol), not a CI gate in this
|
|
604
|
+
iteration.
|
|
605
|
+
|
|
606
|
+
## Compliance
|
|
607
|
+
|
|
608
|
+
Agent behavior: at PR review time, the drift-verification agent loads the PR diff
|
|
609
|
+
and relevant ADRs, then flags conflicts. See AGENTS.md for the documented protocol.
|
|
610
|
+
```
|
|
611
|
+
|
|
612
|
+
---
|
|
613
|
+
|
|
614
|
+
### `.agents/skills/karpathy-guidelines/SKILL.md`
|
|
615
|
+
|
|
616
|
+
Write this file into the **target repo** (not the skills repo) at
|
|
617
|
+
`.agents/skills/karpathy-guidelines/SKILL.md`. It encodes four Andrej Karpathy
|
|
618
|
+
software engineering heuristics as agent-facing rules.
|
|
619
|
+
|
|
620
|
+
```markdown
|
|
621
|
+
---
|
|
622
|
+
name: karpathy-guidelines
|
|
623
|
+
description: >
|
|
624
|
+
Enforce Karpathy software engineering principles: think before coding,
|
|
625
|
+
prefer simplicity, make surgical changes, stay goal-driven. Use when
|
|
626
|
+
reviewing code quality, planning implementation approach, or auditing
|
|
627
|
+
for over-engineering.
|
|
628
|
+
---
|
|
629
|
+
|
|
630
|
+
# Karpathy Guidelines
|
|
631
|
+
|
|
632
|
+
Four principles that prevent the most common AI-assisted coding failure modes.
|
|
633
|
+
Load this skill when reviewing implementation plans or code output.
|
|
634
|
+
|
|
635
|
+
## Rules
|
|
636
|
+
|
|
637
|
+
### Rule 1 — Think Before Coding
|
|
638
|
+
|
|
639
|
+
Spend time understanding the problem before writing a single line.
|
|
640
|
+
Re-read the issue, the acceptance criteria, and any relevant ADRs.
|
|
641
|
+
|
|
642
|
+
**Bad:**
|
|
643
|
+
```
|
|
644
|
+
// Immediately add a retry wrapper because the API call might fail
|
|
645
|
+
async function fetchWithRetry(url) { … }
|
|
646
|
+
```
|
|
647
|
+
|
|
648
|
+
**Good:**
|
|
649
|
+
```
|
|
650
|
+
// 1. Read the issue: the API is internal, on the same VPC. Retries not needed.
|
|
651
|
+
// 2. Check ADR-0005: we use circuit-breakers at the gateway, not per-caller.
|
|
652
|
+
// Conclusion: a plain fetch() is correct here.
|
|
653
|
+
async function fetchConfig(url) { return fetch(url).then(r => r.json()); }
|
|
654
|
+
```
|
|
655
|
+
|
|
656
|
+
---
|
|
657
|
+
|
|
658
|
+
### Rule 2 — Simplicity First
|
|
659
|
+
|
|
660
|
+
Do not add abstraction until you have two concrete use cases that share it.
|
|
661
|
+
The cost of wrong abstraction is higher than the cost of duplication.
|
|
662
|
+
|
|
663
|
+
**Bad:**
|
|
664
|
+
```typescript
|
|
665
|
+
// Premature factory for a single use case
|
|
666
|
+
class DataFetcherFactory {
|
|
667
|
+
static create(type: 'user' | 'post'): DataFetcher { … }
|
|
668
|
+
}
|
|
669
|
+
```
|
|
670
|
+
|
|
671
|
+
**Good:**
|
|
672
|
+
```typescript
|
|
673
|
+
// Concrete function for the one case that exists today
|
|
674
|
+
async function fetchUser(id: string): Promise<User> { … }
|
|
675
|
+
// If fetchPost() is needed later and shares logic → extract then, not now.
|
|
676
|
+
```
|
|
677
|
+
|
|
678
|
+
---
|
|
679
|
+
|
|
680
|
+
### Rule 3 — Surgical Changes
|
|
681
|
+
|
|
682
|
+
Change only what the task requires. Do not refactor adjacent code, rename
|
|
683
|
+
variables "while you're here", or fix unrelated linting warnings in the same
|
|
684
|
+
commit.
|
|
685
|
+
|
|
686
|
+
**Bad:**
|
|
687
|
+
> Task: "Add timeout to fetchData()."
|
|
688
|
+
> Agent refactors all callers, introduces RetryConfig class, renames three
|
|
689
|
+
> variables for clarity, fixes unrelated import order.
|
|
690
|
+
|
|
691
|
+
**Good:**
|
|
692
|
+
> Task: "Add timeout to fetchData()."
|
|
693
|
+
> Agent adds one parameter with a default, threads it to the fetch call,
|
|
694
|
+
> updates the one test that exercises fetchData. Diff: 4 lines.
|
|
695
|
+
|
|
696
|
+
---
|
|
697
|
+
|
|
698
|
+
### Rule 4 — Goal-Driven Execution
|
|
699
|
+
|
|
700
|
+
Keep the original task visible. Before each action, ask: "Does this directly
|
|
701
|
+
advance the stated goal?" Stop when the goal is met — do not add polish,
|
|
702
|
+
documentation, or "nice to have" features beyond scope.
|
|
703
|
+
|
|
704
|
+
**Bad:**
|
|
705
|
+
```
|
|
706
|
+
// Task complete, but agent adds:
|
|
707
|
+
// - JSDoc on every function (not requested)
|
|
708
|
+
// - A README section for the new parameter (not requested)
|
|
709
|
+
// - A CHANGELOG entry (not requested)
|
|
710
|
+
```
|
|
711
|
+
|
|
712
|
+
**Good:**
|
|
713
|
+
```
|
|
714
|
+
// Task complete. Verification run. No out-of-scope additions.
|
|
715
|
+
// Noted potential improvement → opened separate issue #47.
|
|
716
|
+
```
|
|
717
|
+
|
|
718
|
+
---
|
|
719
|
+
|
|
720
|
+
## When to Apply These Rules
|
|
721
|
+
|
|
722
|
+
- Before starting any implementation: apply Rule 1 and Rule 4 (understand goal,
|
|
723
|
+
confirm scope).
|
|
724
|
+
- During implementation: apply Rule 3 (surgical).
|
|
725
|
+
- During review of your own output: apply Rule 2 (simplicity check).
|
|
726
|
+
|
|
727
|
+
See [REFERENCE.md](REFERENCE.md) for anti-pattern catalog and concrete scenarios.
|
|
728
|
+
```
|
|
729
|
+
|
|
730
|
+
---
|
|
731
|
+
|
|
732
|
+
### `.agents/skills/karpathy-guidelines/REFERENCE.md`
|
|
733
|
+
|
|
734
|
+
Write into the target repo at `.agents/skills/karpathy-guidelines/REFERENCE.md`.
|
|
735
|
+
|
|
736
|
+
```markdown
|
|
737
|
+
# Karpathy Guidelines — Reference
|
|
738
|
+
|
|
739
|
+
Anti-pattern catalog, integration guidance, and concrete scenarios for the four
|
|
740
|
+
rules in [SKILL.md](SKILL.md).
|
|
741
|
+
|
|
742
|
+
---
|
|
743
|
+
|
|
744
|
+
## Anti-Pattern Catalog
|
|
745
|
+
|
|
746
|
+
### AP-1: The Helpful Refactor
|
|
747
|
+
|
|
748
|
+
**Pattern:** Agent fixes nearby code "while it's there" — renaming variables,
|
|
749
|
+
improving error messages, extracting helpers. None of it was requested.
|
|
750
|
+
|
|
751
|
+
**Why it's harmful:** Unreviewed scope expansion. The refactored code may have
|
|
752
|
+
had intentional quirks. The diff becomes harder to review and revert.
|
|
753
|
+
|
|
754
|
+
**Detection signal:** Diff touches files not named in the task description.
|
|
755
|
+
|
|
756
|
+
**Correction:** Open a separate issue for the cleanup. Link from the PR description.
|
|
757
|
+
|
|
758
|
+
---
|
|
759
|
+
|
|
760
|
+
### AP-2: The Premature Abstraction
|
|
761
|
+
|
|
762
|
+
**Pattern:** Agent introduces a class, interface, or utility function for a
|
|
763
|
+
pattern that exists exactly once.
|
|
764
|
+
|
|
765
|
+
**Why it's harmful:** Abstractions create coupling and maintenance surface. A
|
|
766
|
+
wrong abstraction is harder to remove than the duplication it replaced.
|
|
767
|
+
|
|
768
|
+
**Detection signal:** New class or function has exactly one call site.
|
|
769
|
+
|
|
770
|
+
**Correction:** Inline the logic. If a second use case appears, abstract then.
|
|
771
|
+
|
|
772
|
+
---
|
|
773
|
+
|
|
774
|
+
### AP-3: The Exhaustive Documentation Pass
|
|
775
|
+
|
|
776
|
+
**Pattern:** After completing a task, agent writes JSDoc on every function, adds
|
|
777
|
+
a README section, updates a CHANGELOG, and annotates every type.
|
|
778
|
+
|
|
779
|
+
**Why it's harmful:** Documentation written without user need adds noise and
|
|
780
|
+
drifts out of sync with the code.
|
|
781
|
+
|
|
782
|
+
**Detection signal:** Documentation changes exceed code changes in line count.
|
|
783
|
+
|
|
784
|
+
**Correction:** Document only what the task explicitly requests, or what is
|
|
785
|
+
genuinely non-obvious to a future reader.
|
|
786
|
+
|
|
787
|
+
---
|
|
788
|
+
|
|
789
|
+
### AP-4: The Safety Net Spiral
|
|
790
|
+
|
|
791
|
+
**Pattern:** Agent adds retries, circuit breakers, fallback paths, and error
|
|
792
|
+
logging "just in case" for a code path that calls an internal, highly-available
|
|
793
|
+
service.
|
|
794
|
+
|
|
795
|
+
**Why it's harmful:** Over-engineering failure paths adds complexity, masks real
|
|
796
|
+
errors, and creates false confidence in resilience.
|
|
797
|
+
|
|
798
|
+
**Detection signal:** The new code has more error-handling lines than happy-path
|
|
799
|
+
lines, without a documented failure scenario that justifies it.
|
|
800
|
+
|
|
801
|
+
**Correction:** Check the relevant ADR or architecture docs. Add only what the
|
|
802
|
+
architecture explicitly requires.
|
|
803
|
+
|
|
804
|
+
---
|
|
805
|
+
|
|
806
|
+
### AP-5: The Understanding Skip
|
|
807
|
+
|
|
808
|
+
**Pattern:** Agent starts writing code immediately after reading the first
|
|
809
|
+
sentence of the issue, without reading acceptance criteria, linked ADRs, or
|
|
810
|
+
existing implementations of the same interface.
|
|
811
|
+
|
|
812
|
+
**Why it's harmful:** Produces code that passes unit tests but violates
|
|
813
|
+
architectural constraints or contradicts existing conventions.
|
|
814
|
+
|
|
815
|
+
**Detection signal:** First code edit appears in the transcript before any file
|
|
816
|
+
reads.
|
|
817
|
+
|
|
818
|
+
**Correction:** Read the issue fully, read relevant ADRs, grep for existing
|
|
819
|
+
usages of the interface being extended. Then write.
|
|
820
|
+
|
|
821
|
+
---
|
|
822
|
+
|
|
823
|
+
### AP-6: The Completion Theater
|
|
824
|
+
|
|
825
|
+
**Pattern:** Agent declares "done" before running verification (build, tests,
|
|
826
|
+
lsp diagnostics). Or runs verification but ignores failures.
|
|
827
|
+
|
|
828
|
+
**Why it's harmful:** Breaks the contract between agent and reviewer. Reviewer
|
|
829
|
+
must re-run verification, find failures, and re-engage the agent.
|
|
830
|
+
|
|
831
|
+
**Detection signal:** No verification output in the transcript before "done."
|
|
832
|
+
|
|
833
|
+
**Correction:** Show fresh build/test output. If something fails, fix it before
|
|
834
|
+
claiming completion.
|
|
835
|
+
|
|
836
|
+
---
|
|
837
|
+
|
|
838
|
+
## Integration Guidance
|
|
839
|
+
|
|
840
|
+
These guidelines are most effective when:
|
|
841
|
+
|
|
842
|
+
1. **Loaded at task start.** The agent reads SKILL.md before writing any code.
|
|
843
|
+
2. **Referenced during self-review.** After drafting a change, the agent checks
|
|
844
|
+
the anti-pattern list before submitting.
|
|
845
|
+
3. **Cited in PR review comments.** "AP-2 applies here — this helper has one
|
|
846
|
+
call site" gives precise, actionable feedback.
|
|
847
|
+
|
|
848
|
+
The guidelines do NOT replace acceptance criteria. They operate alongside task
|
|
849
|
+
requirements, not instead of them.
|
|
850
|
+
|
|
851
|
+
---
|
|
852
|
+
|
|
853
|
+
## Concrete Scenarios
|
|
854
|
+
|
|
855
|
+
### Scenario 1: Add a field to an API response
|
|
856
|
+
|
|
857
|
+
**Task:** "Add `createdAt` field to the `/v1/users/:id` response."
|
|
858
|
+
|
|
859
|
+
**Karpathy-compliant approach:**
|
|
860
|
+
1. (Rule 1) Read the issue. Find the UserResponse type. Check ADR-0003 (error
|
|
861
|
+
shape) to confirm field naming conventions.
|
|
862
|
+
2. (Rule 3) Add `createdAt: string` to `UserResponse`. Add it to the serializer.
|
|
863
|
+
Update the one test that asserts response shape. Diff: ~8 lines.
|
|
864
|
+
3. (Rule 4) Stop. Do not add `updatedAt` speculatively. Do not refactor the
|
|
865
|
+
serializer to a builder pattern.
|
|
866
|
+
|
|
867
|
+
---
|
|
868
|
+
|
|
869
|
+
### Scenario 2: Fix a flaky test
|
|
870
|
+
|
|
871
|
+
**Task:** "Test `auth.spec.ts:42` fails intermittently. Fix it."
|
|
872
|
+
|
|
873
|
+
**Karpathy-compliant approach:**
|
|
874
|
+
1. (Rule 1) Read the test. Read the code under test. Reproduce the failure.
|
|
875
|
+
Identify the race condition (timer not mocked).
|
|
876
|
+
2. (Rule 3) Mock the timer in the test setup. Confirm the test is now stable.
|
|
877
|
+
Do not refactor the auth module while you're there.
|
|
878
|
+
3. (Rule 2) If the timer-mock pattern is needed in three other tests, extract a
|
|
879
|
+
helper. If it's needed only here, leave it inline.
|
|
880
|
+
|
|
881
|
+
---
|
|
882
|
+
|
|
883
|
+
### Scenario 3: Scaffold a new module
|
|
884
|
+
|
|
885
|
+
**Task:** "Create a notifications module following the existing user module pattern."
|
|
886
|
+
|
|
887
|
+
**Karpathy-compliant approach:**
|
|
888
|
+
1. (Rule 1) Read `src/users/` fully before writing anything. Note file structure,
|
|
889
|
+
naming, error handling, and test patterns.
|
|
890
|
+
2. (Rule 3) Create files that mirror the pattern exactly. No improvements to the
|
|
891
|
+
pattern unless explicitly requested.
|
|
892
|
+
3. (Rule 2) Do not create a generic `createModule()` factory because two modules
|
|
893
|
+
now share a pattern. Duplication is fine at two instances.
|
|
894
|
+
4. (Rule 4) Stop when the module is created and tests pass. Do not add
|
|
895
|
+
notification preferences, delivery receipts, or retry logic that aren't in
|
|
896
|
+
the acceptance criteria.
|
|
897
|
+
```
|
|
898
|
+
|
|
899
|
+
---
|
|
900
|
+
|
|
901
|
+
### AGENTS.md append content
|
|
902
|
+
|
|
903
|
+
Insert between `<!-- ai-sdlc-init:start -->` and `<!-- ai-sdlc-init:end -->` markers.
|
|
904
|
+
|
|
905
|
+
```markdown
|
|
906
|
+
<!-- ai-sdlc-init:start -->
|
|
907
|
+
|
|
908
|
+
## AI SDLC Methodology
|
|
909
|
+
|
|
910
|
+
This repository uses the AI SDLC methodology scaffolded by `init-ai-repo` (legacy alias/path: `ai-sdlc-init`).
|
|
911
|
+
|
|
912
|
+
### Architecture Decision Records
|
|
913
|
+
|
|
914
|
+
Significant architectural decisions are recorded in [`docs/adr/`](docs/adr/).
|
|
915
|
+
Before making a change that affects module boundaries, API contracts, data
|
|
916
|
+
schemas, or dependency direction, check whether a relevant ADR exists.
|
|
917
|
+
If your change contradicts an existing ADR, either update the ADR or open a
|
|
918
|
+
discussion before proceeding.
|
|
919
|
+
|
|
920
|
+
### Archgate Rules
|
|
921
|
+
|
|
922
|
+
Code quality rules are defined in [`.rules.ts`](.rules.ts) across five domains:
|
|
923
|
+
`backend`, `frontend`, `data`, `architecture`, `general`. Rules carry a severity
|
|
924
|
+
(`error`, `warn`, `info`). Structural validation of `.rules.ts` runs in CI via
|
|
925
|
+
the `validate-rules` prek hook. Semantic enforcement (did the PR violate a rule?)
|
|
926
|
+
is an agent behavior at PR review time.
|
|
927
|
+
|
|
928
|
+
### Karpathy Baseline
|
|
929
|
+
|
|
930
|
+
All agents operating in this repository load
|
|
931
|
+
[`.agents/skills/karpathy-guidelines/SKILL.md`](.agents/skills/karpathy-guidelines/SKILL.md)
|
|
932
|
+
as a baseline. Four rules apply to every task: Think Before Coding, Simplicity
|
|
933
|
+
First, Surgical Changes, Goal-Driven Execution. See the SKILL.md for violation
|
|
934
|
+
and correction examples.
|
|
935
|
+
|
|
936
|
+
### Drift Verification Protocol
|
|
937
|
+
|
|
938
|
+
At PR review time, the reviewing agent:
|
|
939
|
+
1. Loads the PR diff alongside the BRD, PRD, acceptance criteria, and any ADRs
|
|
940
|
+
whose scope overlaps with the changed files.
|
|
941
|
+
2. Produces a drift report identifying whether changes match ACs, conflict with
|
|
942
|
+
ADRs, or violate architectural constraints from `.rules.ts`.
|
|
943
|
+
3. Leaves the drift report as a PR comment or review summary.
|
|
944
|
+
|
|
945
|
+
This is a documented agent behavior. It is not enforced as a CI gate in this
|
|
946
|
+
iteration.
|
|
947
|
+
|
|
948
|
+
### Circuit Breaker Protocol
|
|
949
|
+
|
|
950
|
+
Before starting work on an issue:
|
|
951
|
+
1. Check whether ≥ 3 prior attempts exist without resolution (look for
|
|
952
|
+
`attempts:N` labels or a comment history showing repeated failures).
|
|
953
|
+
2. If the circuit is tripped (≥ 3 attempts, no resolution), escalate to a
|
|
954
|
+
human with a written summary of what was tried and what blocked each attempt.
|
|
955
|
+
3. Do not make a fourth attempt without human acknowledgement.
|
|
956
|
+
|
|
957
|
+
<!-- ai-sdlc-init:end -->
|
|
958
|
+
```
|
|
959
|
+
|
|
960
|
+
---
|
|
961
|
+
|
|
962
|
+
### CLAUDE.md append content
|
|
963
|
+
|
|
964
|
+
Shorter than AGENTS.md — just enough for Claude Code to orient itself.
|
|
965
|
+
|
|
966
|
+
```markdown
|
|
967
|
+
<!-- ai-sdlc-init:start -->
|
|
968
|
+
|
|
969
|
+
## AI SDLC
|
|
970
|
+
|
|
971
|
+
This repository uses the AI SDLC methodology. Before starting work:
|
|
972
|
+
|
|
973
|
+
- Read [AGENTS.md](AGENTS.md) for the full methodology (ADRs, Archgate rules,
|
|
974
|
+
Karpathy baseline, drift verification, circuit breaker protocol).
|
|
975
|
+
- Check [`docs/adr/`](docs/adr/) for architectural constraints relevant to your task.
|
|
976
|
+
- Load `.agents/skills/karpathy-guidelines/SKILL.md` as a baseline for all tasks.
|
|
977
|
+
|
|
978
|
+
<!-- ai-sdlc-init:end -->
|
|
979
|
+
```
|
|
980
|
+
|
|
981
|
+
---
|
|
982
|
+
|
|
983
|
+
### README.md append content
|
|
984
|
+
|
|
985
|
+
Public-facing. Brief and links out rather than duplicating.
|
|
986
|
+
|
|
987
|
+
```markdown
|
|
988
|
+
<!-- ai-sdlc-init:start -->
|
|
989
|
+
|
|
990
|
+
## AI SDLC Methodology
|
|
991
|
+
|
|
992
|
+
This project uses the [init-ai-repo AI SDLC methodology](https://github.com/r3dlex/skills/tree/main/init-ai-repo)
|
|
993
|
+
to maintain architectural governance alongside AI-assisted development.
|
|
994
|
+
|
|
995
|
+
Key practices:
|
|
996
|
+
- **Architecture Decision Records** in [`docs/adr/`](docs/adr/) — significant
|
|
997
|
+
decisions are version-controlled with context and rationale.
|
|
998
|
+
- **Archgate rules** in [`.rules.ts`](.rules.ts) — code quality constraints
|
|
999
|
+
across five domains, validated in CI.
|
|
1000
|
+
- **Karpathy baseline** — four engineering heuristics loaded by all agents
|
|
1001
|
+
operating in this repo (think, simplify, be surgical, stay on goal).
|
|
1002
|
+
|
|
1003
|
+
Contributing? Read [`AGENTS.md`](AGENTS.md) for agent-facing methodology details.
|
|
1004
|
+
|
|
1005
|
+
<!-- ai-sdlc-init:end -->
|
|
1006
|
+
```
|
|
1007
|
+
|
|
1008
|
+
---
|
|
1009
|
+
|
|
1010
|
+
## Idempotency Guard Logic
|
|
1011
|
+
|
|
1012
|
+
All three append operations (AGENTS.md, CLAUDE.md, README.md) and the `.gitignore`
|
|
1013
|
+
append use a secondary-content-scan pattern to prevent duplicate insertions.
|
|
1014
|
+
|
|
1015
|
+
### Decision Matrix
|
|
1016
|
+
|
|
1017
|
+
Before inserting any `<!-- ai-sdlc-init:start -->` block, the skill checks two
|
|
1018
|
+
independent signals:
|
|
1019
|
+
|
|
1020
|
+
| Marker present? | Content present? | Action |
|
|
1021
|
+
|-----------------|-----------------|--------|
|
|
1022
|
+
| Yes | Yes | Skip silently (already done) |
|
|
1023
|
+
| No | No | Insert (normal case) |
|
|
1024
|
+
| No | Yes | Log warning and skip — content exists without a marker; manual intervention may be needed |
|
|
1025
|
+
| Yes | No | Log warning and skip — marker exists but content is missing; this is a corrupt state |
|
|
1026
|
+
|
|
1027
|
+
### Implementation
|
|
1028
|
+
|
|
1029
|
+
For AGENTS.md, CLAUDE.md, README.md:
|
|
1030
|
+
|
|
1031
|
+
```
|
|
1032
|
+
marker_check = grep -q "<!-- ai-sdlc-init:start -->" <file>
|
|
1033
|
+
content_check = grep -q "AI SDLC" <file> # header text from the append block
|
|
1034
|
+
```
|
|
1035
|
+
|
|
1036
|
+
For `.gitignore`:
|
|
1037
|
+
|
|
1038
|
+
```
|
|
1039
|
+
marker_check = grep -q "# <!-- ai-sdlc-init:start -->" .gitignore
|
|
1040
|
+
content_check = grep -q "upstream-pocock/" .gitignore
|
|
1041
|
+
```
|
|
1042
|
+
|
|
1043
|
+
### Rationale
|
|
1044
|
+
|
|
1045
|
+
Checking both marker and content independently protects against:
|
|
1046
|
+
- Re-running the skill after a partial failure that wrote content but not the
|
|
1047
|
+
closing marker.
|
|
1048
|
+
- Manual edits that added the header text without markers.
|
|
1049
|
+
- Future skill runs after the markers were stripped by a formatter.
|
|
1050
|
+
|
|
1051
|
+
---
|
|
1052
|
+
|
|
1053
|
+
## Setup-Skills Interaction
|
|
1054
|
+
|
|
1055
|
+
The `init-ai-repo` compatibility path detects whether the `setup-skills` skill has already run
|
|
1056
|
+
in the target repo.
|
|
1057
|
+
|
|
1058
|
+
### Detection
|
|
1059
|
+
|
|
1060
|
+
Scan for `<!-- setup-skills:start -->` in `AGENTS.md` or `CLAUDE.md`:
|
|
1061
|
+
|
|
1062
|
+
```bash
|
|
1063
|
+
grep -q "<!-- setup-skills:start -->" AGENTS.md 2>/dev/null || \
|
|
1064
|
+
grep -q "<!-- setup-skills:start -->" CLAUDE.md 2>/dev/null
|
|
1065
|
+
```
|
|
1066
|
+
|
|
1067
|
+
### If setup-skills output is found
|
|
1068
|
+
|
|
1069
|
+
- Read `docs/agents/issue-tracker-github.md` (or `-gitlab.md` / `-local.md`)
|
|
1070
|
+
to detect the issue tracker. The filename suffix identifies the tracker type.
|
|
1071
|
+
- Read `docs/agents/triage-labels.md` for the five canonical label names.
|
|
1072
|
+
- **Skip** the tooling questions in Step 1 (issue tracker, CI platform).
|
|
1073
|
+
- Use detected values as scaffold defaults throughout the remaining steps.
|
|
1074
|
+
|
|
1075
|
+
### If setup-skills was NOT run
|
|
1076
|
+
|
|
1077
|
+
Ask the two tooling questions:
|
|
1078
|
+
|
|
1079
|
+
1. "What issue tracker does this repo use?" (GitHub Issues / GitLab Issues /
|
|
1080
|
+
Jira / Azure DevOps / local Markdown)
|
|
1081
|
+
2. "What CI platform does this repo use?" (GitHub Actions / GitLab CI /
|
|
1082
|
+
Azure DevOps Pipelines / other)
|
|
1083
|
+
|
|
1084
|
+
### Marker Namespace Separation
|
|
1085
|
+
|
|
1086
|
+
| Skill | Marker namespace | Files modified |
|
|
1087
|
+
|-------|-----------------|----------------|
|
|
1088
|
+
| setup-skills | `<!-- setup-skills:* -->` | AGENTS.md, CLAUDE.md |
|
|
1089
|
+
| init-ai-repo (legacy marker namespace) | `<!-- ai-sdlc-init:* -->` | AGENTS.md, CLAUDE.md, README.md, .gitignore |
|
|
1090
|
+
|
|
1091
|
+
No overlap. Both marker blocks can coexist in the same file. Each skill's
|
|
1092
|
+
idempotency guard checks only its own namespace.
|
|
1093
|
+
|
|
1094
|
+
### Execution Order
|
|
1095
|
+
|
|
1096
|
+
If both skills will be run in a fresh repo:
|
|
1097
|
+
|
|
1098
|
+
1. Run `setup-skills` first — it configures issue tracker and triage labels.
|
|
1099
|
+
2. Run `init-ai-repo` second — it detects setup-skills output and skips
|
|
1100
|
+
redundant tooling questions.
|
|
1101
|
+
|
|
1102
|
+
---
|
|
1103
|
+
|
|
1104
|
+
## Agent Behaviors
|
|
1105
|
+
|
|
1106
|
+
These behaviors are documented here per Principle 3 (documentation-first governance).
|
|
1107
|
+
They are NOT CI gates in this iteration.
|
|
1108
|
+
|
|
1109
|
+
### Drift Verification Protocol
|
|
1110
|
+
|
|
1111
|
+
Triggered at PR review time by a separate-context agent (not the implementation agent).
|
|
1112
|
+
|
|
1113
|
+
Steps:
|
|
1114
|
+
1. Load: PR diff, BRD, PRD, acceptance criteria, all ADRs whose path or domain
|
|
1115
|
+
overlaps with the changed files.
|
|
1116
|
+
2. Check: Do the changes satisfy all acceptance criteria? Do they conflict with
|
|
1117
|
+
any ADR? Do they violate any `error`-severity rule in `.rules.ts`?
|
|
1118
|
+
3. Report: Produce a structured drift report with three sections:
|
|
1119
|
+
- **AC coverage** — which ACs are addressed, which are untouched.
|
|
1120
|
+
- **ADR conflicts** — any changes that contradict a recorded decision.
|
|
1121
|
+
- **Rule violations** — `error`-severity `.rules.ts` matches in the diff.
|
|
1122
|
+
4. Post: Leave the report as a PR review comment or review summary.
|
|
1123
|
+
|
|
1124
|
+
The reviewing agent must be a **separate context** from the implementation agent
|
|
1125
|
+
to avoid self-approval bias.
|
|
1126
|
+
|
|
1127
|
+
### Circuit Breaker Protocol
|
|
1128
|
+
|
|
1129
|
+
Triggered before starting work on any issue.
|
|
1130
|
+
|
|
1131
|
+
Steps:
|
|
1132
|
+
1. Check the issue for an `attempts:N` label or a comment history showing
|
|
1133
|
+
≥ 3 attempts without resolution.
|
|
1134
|
+
2. If the circuit is tripped: do not start a new attempt. Instead, post a
|
|
1135
|
+
written escalation summary:
|
|
1136
|
+
- What was tried in each prior attempt.
|
|
1137
|
+
- What blocked resolution each time.
|
|
1138
|
+
- What human decision or context is needed to unblock.
|
|
1139
|
+
3. Wait for human acknowledgement before proceeding.
|
|
1140
|
+
|
|
1141
|
+
Attempt tracking: use an `attempts:N` label in the issue tracker, incrementing N
|
|
1142
|
+
after each failed attempt. The circuit trips at `attempts:3`.
|
|
1143
|
+
|
|
1144
|
+
---
|
|
1145
|
+
|
|
1146
|
+
## Invocation Strategy
|
|
1147
|
+
|
|
1148
|
+
`init-ai-repo` is an OMC-compatible skill consumed by Claude Code. Legacy `/ai-sdlc-init` remains an alias/path only. It is not a standalone
|
|
1149
|
+
CLI tool.
|
|
1150
|
+
|
|
1151
|
+
### Method 1 — Direct invocation (recommended)
|
|
1152
|
+
|
|
1153
|
+
```bash
|
|
1154
|
+
cd /path/to/target-repo
|
|
1155
|
+
claude -p "/init-ai-repo"
|
|
1156
|
+
```
|
|
1157
|
+
|
|
1158
|
+
The `-p` flag runs the slash command in print mode. The skill loads SKILL.md,
|
|
1159
|
+
reads the four-phase workflow, and executes against the current working directory.
|
|
1160
|
+
|
|
1161
|
+
### Method 2 — Interactive session
|
|
1162
|
+
|
|
1163
|
+
In an active Claude Code session in the target repo:
|
|
1164
|
+
|
|
1165
|
+
```
|
|
1166
|
+
/init-ai-repo
|
|
1167
|
+
```
|
|
1168
|
+
|
|
1169
|
+
The skill loads and the agent follows the numbered steps interactively.
|
|
1170
|
+
|
|
1171
|
+
### Method 3 — Agent delegation
|
|
1172
|
+
|
|
1173
|
+
From a parent orchestrating agent (e.g., the AiTool root repo):
|
|
1174
|
+
|
|
1175
|
+
```
|
|
1176
|
+
Delegate to an executor agent with cwd set to the target repo.
|
|
1177
|
+
Instruct it to run /init-ai-repo.
|
|
1178
|
+
```
|
|
1179
|
+
|
|
1180
|
+
### Constraints
|
|
1181
|
+
|
|
1182
|
+
- Claude Code CLI has no `--skill`, `--cwd`, or `--repo-type` flags. The skill
|
|
1183
|
+
must be loaded via slash command.
|
|
1184
|
+
- The skill reads target repo files to determine state — it accepts no CLI
|
|
1185
|
+
arguments.
|
|
1186
|
+
- Golden-dir verification (`scripts/verify-golden-dir.sh`) is always
|
|
1187
|
+
developer-local. It cannot run in CI.
|
|
1188
|
+
|
|
1189
|
+
---
|
|
1190
|
+
|
|
1191
|
+
## Prek Installation
|
|
1192
|
+
|
|
1193
|
+
prek is a **Rust-based** pre-commit hook manager (github.com/j178/prek).
|
|
1194
|
+
It is NOT a Go tool. It has no `--rules` flag. `.rules.ts` validation happens
|
|
1195
|
+
exclusively via the `validate-rules` local hook defined in `prek.toml`.
|
|
1196
|
+
|
|
1197
|
+
### CI
|
|
1198
|
+
|
|
1199
|
+
```yaml
|
|
1200
|
+
- name: Run prek
|
|
1201
|
+
uses: j178/prek-action@v2
|
|
1202
|
+
with:
|
|
1203
|
+
extra-args: '--all-files'
|
|
1204
|
+
```
|
|
1205
|
+
|
|
1206
|
+
Use `extra-args: '--all-files'` — there is no bare `args:` key in this action.
|
|
1207
|
+
|
|
1208
|
+
### Local development
|
|
1209
|
+
|
|
1210
|
+
```bash
|
|
1211
|
+
# macOS (recommended)
|
|
1212
|
+
brew install prek
|
|
1213
|
+
|
|
1214
|
+
# Cross-platform (requires Rust toolchain)
|
|
1215
|
+
cargo install --locked prek
|
|
1216
|
+
|
|
1217
|
+
# Python environment (pip wrapper)
|
|
1218
|
+
pip install prek
|
|
1219
|
+
```
|
|
1220
|
+
|
|
1221
|
+
After installation, activate the pre-commit hook in the target repo:
|
|
1222
|
+
|
|
1223
|
+
```bash
|
|
1224
|
+
prek install
|
|
1225
|
+
```
|
|
1226
|
+
|
|
1227
|
+
This installs prek as the `pre-commit` git hook. On each commit, prek reads
|
|
1228
|
+
`prek.toml` and runs the configured hooks.
|
|
1229
|
+
|
|
1230
|
+
### End-to-end hook flow
|
|
1231
|
+
|
|
1232
|
+
1. Developer commits → `prek` runs hooks from `prek.toml`.
|
|
1233
|
+
2. `trailing-whitespace` and `end-of-file-fixer` run on all staged files.
|
|
1234
|
+
3. `validate-rules` runs `bash scripts/validate-rules.sh` when `.rules.ts` is
|
|
1235
|
+
staged.
|
|
1236
|
+
4. `validate-rules.sh` checks that all 5 domain exports are present and
|
|
1237
|
+
optionally checks TypeScript syntax via `tsx`.
|
|
1238
|
+
5. If any hook fails → commit is blocked.
|
|
1239
|
+
6. In CI, `j178/prek-action@v2` runs `prek run --all-files` — same hooks, all
|
|
1240
|
+
files.
|
|
1241
|
+
|
|
1242
|
+
---
|
|
1243
|
+
|
|
1244
|
+
## upstream.lock Sync Procedure
|
|
1245
|
+
|
|
1246
|
+
### Initial population (scaffold time)
|
|
1247
|
+
|
|
1248
|
+
Step 3 of the skill resolves the upstream SHA by running:
|
|
1249
|
+
|
|
1250
|
+
```bash
|
|
1251
|
+
git ls-remote https://github.com/mattpocock/skills.git HEAD
|
|
1252
|
+
```
|
|
1253
|
+
|
|
1254
|
+
The output is a tab-separated `<SHA>\tHEAD`. The skill writes the SHA into
|
|
1255
|
+
`pinned_sha:` in `upstream.lock` and sets `updated:` to today's date.
|
|
1256
|
+
|
|
1257
|
+
### Verification exclusion
|
|
1258
|
+
|
|
1259
|
+
`verify-golden-dir.sh` **excludes** `upstream.lock` from the content diff.
|
|
1260
|
+
The `pinned_sha` field drifts whenever the upstream repo pushes new commits;
|
|
1261
|
+
a content diff would produce perpetual false failures.
|
|
1262
|
+
|
|
1263
|
+
Instead, the script validates only the structural fields:
|
|
1264
|
+
- `source:` is present
|
|
1265
|
+
- `via:` is present
|
|
1266
|
+
- `pinned_sha:` is present
|
|
1267
|
+
- `sync_script:` is present
|
|
1268
|
+
|
|
1269
|
+
The actual SHA value is not asserted — only field presence.
|
|
1270
|
+
|
|
1271
|
+
### Sync design intent
|
|
1272
|
+
|
|
1273
|
+
The `scripts/sync-upstream.sh` file documents the intended sync workflow as
|
|
1274
|
+
pseudocode (see template above). A working implementation is out of scope for
|
|
1275
|
+
this iteration. The intended flow:
|
|
1276
|
+
|
|
1277
|
+
1. Fetch current upstream HEAD SHA.
|
|
1278
|
+
2. Compare against `pinned_sha` in `upstream.lock`.
|
|
1279
|
+
3. If different, diff the upstream changes since `pinned_sha`.
|
|
1280
|
+
4. Show the developer each changed file and ask for confirmation before applying.
|
|
1281
|
+
5. Update `upstream.lock` with the new SHA and date.
|
|
1282
|
+
|
|
1283
|
+
Upstream sync is intentionally human-reviewed. Automated overwrite of
|
|
1284
|
+
`.agents/skills/` content is not the intended design.
|