|
| 1 | +# AGENTS.md |
| 2 | + |
| 3 | +Problem definition → small, safe change → change review → refactor — repeat the loop. |
| 4 | + |
| 5 | +## Mandatory Rules |
| 6 | + |
| 7 | +- Before changing anything, read the relevant files end to end, including all call/reference paths. |
| 8 | +- Keep tasks, commits, and PRs small. |
| 9 | +- If you make assumptions, record them in the Issue/PR/ADR. |
| 10 | +- Never commit or log secrets; validate all inputs and encode/normalize outputs. |
| 11 | +- Avoid premature abstraction and use intention-revealing names. |
| 12 | +- Compare at least two options before deciding. |
| 13 | + |
| 14 | +## Mindset |
| 15 | + |
| 16 | +- Think like a senior engineer. |
| 17 | +- Don’t jump in on guesses or rush to conclusions. |
| 18 | +- Always evaluate multiple approaches; write one line each for pros/cons/risks, then choose the simplest solution. |
| 19 | + |
| 20 | +## Code & File Reference Rules |
| 21 | + |
| 22 | +- Read files thoroughly from start to finish (no partial reads). |
| 23 | +- Before changing code, locate and read definitions, references, call sites, related tests, docs/config/flags. |
| 24 | +- Do not change code without having read the entire file. |
| 25 | +- Before modifying a symbol, run a global search to understand pre/postconditions and leave a 1–3 line impact note. |
| 26 | + |
| 27 | +## Required Coding Rules |
| 28 | + |
| 29 | +- Before coding, write a Problem 1-Pager: Context / Problem / Goal / Non-Goals / Constraints. |
| 30 | +- Enforce limits: file ≤ 300 LOC, function ≤ 50 LOC, parameters ≤ 5, cyclomatic complexity ≤ 10. If exceeded, split/refactor. |
| 31 | +- Prefer explicit code; no hidden “magic.” |
| 32 | +- Follow DRY, but avoid premature abstraction. |
| 33 | +- Isolate side effects (I/O, network, global state) at the boundary layer. |
| 34 | +- Catch only specific exceptions and present clear user-facing messages. |
| 35 | +- Use structured logging and do not log sensitive data (propagate request/correlation IDs when possible). |
| 36 | +- Account for time zones and DST. |
| 37 | + |
| 38 | +## Testing Rules |
| 39 | + |
| 40 | +- New code requires new tests; bug fixes must include a regression test (write it to fail first). |
| 41 | +- Tests must be deterministic and independent; replace external systems with fakes/contract tests. |
| 42 | +- Include ≥1 happy path and ≥1 failure path in e2e tests. |
| 43 | +- Proactively assess risks from concurrency/locks/retries (duplication, deadlocks, etc.). |
| 44 | + |
| 45 | +## Security Rules |
| 46 | + |
| 47 | +- Never leave secrets in code/logs/tickets. |
| 48 | +- Validate, normalize, and encode inputs; use parameterized operations. |
| 49 | +- Apply the Principle of Least Privilege. |
| 50 | + |
| 51 | +## Clean Code Rules |
| 52 | + |
| 53 | +- Use intention-revealing names. |
| 54 | +- Each function should do one thing. |
| 55 | +- Keep side effects at the boundary. |
| 56 | +- Prefer guard clauses first. |
| 57 | +- Symbolize constants (no hardcoding). |
| 58 | +- Structure code as Input → Process → Return. |
| 59 | +- Report failures with specific errors/messages. |
| 60 | +- Make tests serve as usage examples; include boundary and failure cases. |
| 61 | + |
| 62 | +## Anti-Pattern Rules |
| 63 | + |
| 64 | +- Don’t modify code without reading the whole context. |
| 65 | +- Don’t expose secrets. |
| 66 | +- Don’t ignore failures or warnings. |
| 67 | +- Don’t introduce unjustified optimization or abstraction. |
| 68 | +- Don’t overuse broad exceptions. |
0 commit comments