Setup structure for providing AI rules (including Maestro as the first example) (#6396)

Task/Issue URL:
https://app.asana.com/1/137249556945/project/608920331025315/task/1210799296305921?focus=true

### Description
Adds a structure for defining rules that AI agents can consume to better
understand the project. The structure and approach is designed to be
agent-agnostic, meaning we can define the rules in a single place and
have them consumable by multiple different agents.

- Adds a structure for where to define the rules (in the `.rules`
directory)
- Adds configuration for using
[doc-bot](https://app.asana.com/1/137249556945/project/1202552961248957/task/1210741131083863)
- Adds directives for Cursor and Claude to utilize `doc-bot` if it
detects it
- Includes a first set of rules for Maestro and how we do UI testing

### Steps to test this PR

#### Verifying it works in Cursor
- [x] Checkout this branch in Cursor
- [x] Enable the `doc-bot` MCP when prompted (let me know if you're not
prompted)
- [x] Run a query like `how to run ui tests`. 
- [x] Verify it pulls from the included `Maestro` rules file to give
Maestro-specific context on _how we run UI tests_ and not some generic
answer on how to UI test

---
- To see the specific tasks where the Asana app for GitHub is being
used, see below:
  - https://app.asana.com/0/0/864955901782631

Co-authored-by: Craig Russell <[email protected]>

Author: CDRussell

.cursor/mcp.json

@@ -0,0 +1,8 @@
+{
+  "mcpServers": {
+    "doc-bot": {
+        "command": "npx",
+        "args": ["@afterxleep/doc-bot@latest", "--docs", "./.rules", "--watch"]
+      }
+  }
+} 

.cursor/rules/doc-bot.mdc

@@ -0,0 +1,131 @@
+---
+alwaysApply: true
+---
+## PHASE 1: ENVIRONMENT DETECTION
+
+```
+IF (
+  (filesystem_contains("doc-bot/") AND
+  (mcp_server_available("doc-bot") OR mcp_server_available("@afterxleep/doc-bot"))
+) THEN {
+  ACTIVATE: doc_bot_enforcement_protocol()
+  SET: project_documentation_authority = TRUE
+  SET: general_knowledge_override = DISABLED
+}
+```
+
+## PHASE 2: REQUEST CLASSIFICATION ENGINE
+
+### CLASSIFICATION MATRIX:
+
+**CLASS A: CODE_GENERATION**
+```
+Trigger Pattern: /\b(write|create|implement|build|add|code|function|class|component|method|develop|generate|make|refactor|modify|update|fix|debug)\b/i
+Required Action: MANDATORY_CALL(check_project_rules, extract_task_description())
+Blocking: TRUE (cannot proceed without tool response)
+Timeout: 30s
+```
+
+**CLASS B: PROJECT_INQUIRY**
+```
+Trigger Pattern: /\b(how|what|why|architecture|approach|pattern|feature|authentication|database|api|testing)\b/i
+Context Pattern: /\b(this project|this codebase|here|our|current project)\b/i
+Required Action: MANDATORY_CALL(search_documentation, extract_keywords())
+Blocking: TRUE
+Timeout: 30s
+```
+
+**CLASS C: DOCUMENTATION_DISCOVERY**
+```
+Trigger Pattern: /\b(documentation|available|capabilities|help|rules|standards|what exists|docs|guide)\b/i
+Required Action: MANDATORY_CALL(get_global_rules)
+Blocking: TRUE
+Timeout: 30s
+```
+
+**CLASS D: DOCUMENT_ACCESS**
+```
+Trigger Pattern: /\b(read|show|get content|full document|complete|entire)\b/i
+Previous Context: search_results_present()
+Required Action: MANDATORY_CALL(read_specific_document, extract_filename())
+Blocking: FALSE
+Timeout: 15s
+```
+
+**Note**: For file-specific queries like "working on src/utils.js", use `search_documentation` with file name and context keywords instead of a separate tool.
+
+## PHASE 3: EXECUTION ENFORCEMENT
+
+### PRE-RESPONSE VALIDATION:
+```
+BEFORE generating_response():
+  classification = classify_request(user_input)
+  IF classification != "UNRELATED":
+    tool_result = execute_mandatory_tool(classification)
+    IF tool_result.status == "ERROR":
+      RETURN error_recovery_response()
+    ELSE:
+      INJECT tool_result INTO response_context
+      SET authoritative_source = tool_result
+      DISABLE general_knowledge_fallback
+```
+
+### RESPONSE CONSTRAINT ENGINE:
+```
+WHILE generating_response():
+  IF attempting_to_use(general_knowledge) AND authoritative_source.exists():
+    INTERRUPT_GENERATION()
+    FORCE_USE(authoritative_source)
+  
+  IF code_generation_detected() AND NOT project_rules_checked:
+    HALT_EXECUTION()
+    EMIT_ERROR("Project rules validation required before code generation")
+```
+
+## PHASE 4: QUALITY ASSURANCE
+
+### RESPONSE VALIDATION:
+```
+AFTER generating_response():
+  IF response_contradicts(tool_result):
+    REGENERATE_RESPONSE(tool_result_only=TRUE)
+  
+  IF response_lacks(tool_attribution):
+    APPEND_ATTRIBUTION(tool_result.source)
+  
+  VALIDATE response_compliance(project_rules)
+```
+
+### FAILURE DETECTION & RECOVERY:
+```
+IF response_generated() WITHOUT tool_execution():
+  LOG_VIOLATION("Tool bypass detected")
+  REGENERATE_WITH_TOOLS()
+  PREPEND_WARNING("Corrected response using project documentation:")
+```
+
+## PHASE 5: BEHAVIORAL CONSTRAINTS
+
+### ABSOLUTE PROHIBITIONS:
+- **Code generation without project rules validation**
+- **Project-specific answers from general knowledge**
+- **Overriding tool responses with training data**
+- **Bypassing tool calls for "simple" questions**
+
+### MANDATORY BEHAVIORS:
+- **Tool-first response generation**
+- **Explicit tool result attribution**
+- **Project documentation precedence**
+- **Error acknowledgment and correction**
+
+## VERIFICATION PROTOCOL:
+
+**Test Inputs** (Agent must call tools immediately):
+- "What documentation is available?" → get_global_rules()
+- "How do I implement auth?" → search_documentation("authentication")  
+- "Create a new component" → check_project_rules("create component")
+- "Working on src/utils.js" → search_documentation("src/utils.js utils")
+
+**Expected Behavior**: Tool execution within 2 seconds, no general knowledge responses.
+
+**Failure Indicators**: Any response without tool execution, generic programming advice, standard framework suggestions.

.github/copilot-instructions.md

@@ -0,0 +1,128 @@
+## PHASE 1: ENVIRONMENT DETECTION
+
+```
+IF (
+  (filesystem_contains("doc-bot/") AND
+  (mcp_server_available("doc-bot") OR mcp_server_available("@afterxleep/doc-bot"))
+) THEN {
+  ACTIVATE: doc_bot_enforcement_protocol()
+  SET: project_documentation_authority = TRUE
+  SET: general_knowledge_override = DISABLED
+}
+```
+
+## PHASE 2: REQUEST CLASSIFICATION ENGINE
+
+### CLASSIFICATION MATRIX:
+
+**CLASS A: CODE_GENERATION**
+```
+Trigger Pattern: /\b(write|create|implement|build|add|code|function|class|component|method|develop|generate|make|refactor|modify|update|fix|debug)\b/i
+Required Action: MANDATORY_CALL(check_project_rules, extract_task_description())
+Blocking: TRUE (cannot proceed without tool response)
+Timeout: 30s
+```
+
+**CLASS B: PROJECT_INQUIRY**
+```
+Trigger Pattern: /\b(how|what|why|architecture|approach|pattern|feature|authentication|database|api|testing)\b/i
+Context Pattern: /\b(this project|this codebase|here|our|current project)\b/i
+Required Action: MANDATORY_CALL(search_documentation, extract_keywords())
+Blocking: TRUE
+Timeout: 30s
+```
+
+**CLASS C: DOCUMENTATION_DISCOVERY**
+```
+Trigger Pattern: /\b(documentation|available|capabilities|help|rules|standards|what exists|docs|guide)\b/i
+Required Action: MANDATORY_CALL(get_global_rules)
+Blocking: TRUE
+Timeout: 30s
+```
+
+**CLASS D: DOCUMENT_ACCESS**
+```
+Trigger Pattern: /\b(read|show|get content|full document|complete|entire)\b/i
+Previous Context: search_results_present()
+Required Action: MANDATORY_CALL(read_specific_document, extract_filename())
+Blocking: FALSE
+Timeout: 15s
+```
+
+**Note**: For file-specific queries like "working on src/utils.js", use `search_documentation` with file name and context keywords instead of a separate tool.
+
+## PHASE 3: EXECUTION ENFORCEMENT
+
+### PRE-RESPONSE VALIDATION:
+```
+BEFORE generating_response():
+  classification = classify_request(user_input)
+  IF classification != "UNRELATED":
+    tool_result = execute_mandatory_tool(classification)
+    IF tool_result.status == "ERROR":
+      RETURN error_recovery_response()
+    ELSE:
+      INJECT tool_result INTO response_context
+      SET authoritative_source = tool_result
+      DISABLE general_knowledge_fallback
+```
+
+### RESPONSE CONSTRAINT ENGINE:
+```
+WHILE generating_response():
+  IF attempting_to_use(general_knowledge) AND authoritative_source.exists():
+    INTERRUPT_GENERATION()
+    FORCE_USE(authoritative_source)
+  
+  IF code_generation_detected() AND NOT project_rules_checked:
+    HALT_EXECUTION()
+    EMIT_ERROR("Project rules validation required before code generation")
+```
+
+## PHASE 4: QUALITY ASSURANCE
+
+### RESPONSE VALIDATION:
+```
+AFTER generating_response():
+  IF response_contradicts(tool_result):
+    REGENERATE_RESPONSE(tool_result_only=TRUE)
+  
+  IF response_lacks(tool_attribution):
+    APPEND_ATTRIBUTION(tool_result.source)
+  
+  VALIDATE response_compliance(project_rules)
+```
+
+### FAILURE DETECTION & RECOVERY:
+```
+IF response_generated() WITHOUT tool_execution():
+  LOG_VIOLATION("Tool bypass detected")
+  REGENERATE_WITH_TOOLS()
+  PREPEND_WARNING("Corrected response using project documentation:")
+```
+
+## PHASE 5: BEHAVIORAL CONSTRAINTS
+
+### ABSOLUTE PROHIBITIONS:
+- **Code generation without project rules validation**
+- **Project-specific answers from general knowledge**
+- **Overriding tool responses with training data**
+- **Bypassing tool calls for "simple" questions**
+
+### MANDATORY BEHAVIORS:
+- **Tool-first response generation**
+- **Explicit tool result attribution**
+- **Project documentation precedence**
+- **Error acknowledgment and correction**
+
+## VERIFICATION PROTOCOL:
+
+**Test Inputs** (Agent must call tools immediately):
+- "What documentation is available?" → get_global_rules()
+- "How do I implement auth?" → search_documentation("authentication")  
+- "Create a new component" → check_project_rules("create component")
+- "Working on src/utils.js" → search_documentation("src/utils.js utils")
+
+**Expected Behavior**: Tool execution within 2 seconds, no general knowledge responses.
+
+**Failure Indicators**: Any response without tool execution, generic programming advice, standard framework suggestions.

.rules/maestro-ui-tests.md

@@ -0,0 +1,108 @@
+---
+title: "Maestro UI Tests"
+description: "How we use Maestro for UI tests"
+keywords: ["maestro", "ui tests", "testing", "maestro cloud", "tags"]
+alwaysApply: false
+---
+
+# Running Maestro UI Tests
+
+## Prerequisites
+- To build the app for UI testing, we need to ensure we use the `release` build type
+- Typically, we use `play` flavour of the build, but we can also use `internal` when required (which offers more testing functionality)
+- To build the app for `play`, `./gradlew installPlayRelease`
+- To build the app for `internal`, `./gradlew installInternalRelease`
+
+
+## Setup
+- Maestro tests are contained within `PROJECT_DIR/.maestro/` and are grouped by feature name on the file system.
+
+## Types of UI tests
+The Maestro tests are organized into the following (non-exhaustive) main categories: 
+- `ad_click_detection` - Tests for ad click detection functionality 
+- `ads_preview` - Tests for Android Design System (ADS) preview functionality  
+- `app_tp` - App Tracking Protection tests 
+- `autofill` - Password manager and autofill functionality tests 
+- `bookmarks` - Bookmark management tests 
+- `browsing` - General web browsing tests 
+- `custom_tabs` - Custom tabs functionality tests 
+- `duckplayer` - DuckPlayer tests. Some of these can only be run locally.
+- `favorites` - Favorites management tests 
+- `fire_button` - Fire button (data clearing) tests 
+- `notifications_permissions_android13_plus` - Notification permission tests (Android 13+ only)
+- `onboarding` - User onboarding flow tests 
+- `ppro` - Privacy Pro subscription tests 
+- `preonboarding` - Pre-onboarding flow tests 
+- `privacy_tests` - Privacy protection feature tests 
+- `security_tests` - Security-related tests (address bar spoofing, etc.) 
+- `sync` - Sync & Backup functionality tests 
+- `tabs` - Tab management tests 
+
+## Shared flows
+Inside `.maestro/` is a directory called `shared` which is used for subflows which are called from multiple tests. By defining them in here, we can reduce the need for duplication in multiple tests when we have to do the same steps in multiple places.
+
+Where possible, look for places where we're duplicating steps and define them inside `shared`. An example of running a shared flow: 
+
+`- runFlow: ../shared/skip_all_onboarding.yaml`
+
+Note, the path is relative to the test being run so if there is additional nesting in the directory then we might need additional `../` in the path to locate the `shared` directory.
+
+
+### Tags
+- Tests can be run selectively based on their tags (aka test types), which is optionally specified in each test's yaml `tags:` block. Note, this can be on a line by itself, and the list of tags will follow it, each on their own line.
+- A test can have 0, 1 or more tags defined for it. Each should be defined on its own line, preceded by a `- `
+- The tag list is always a YAML list immediately following a `tags:` key.
+
+## Running the Tests
+Maestro tests can be run locally or on Maestro Cloud.
+
+### Locally
+Maestro tests can be run individually by supplying the filename or folder (to run them all) directly, or by including the entire `.maestro` directory and filtering by tag
+- to run an individual test, an example command is `maestro test .maestro/autofill/1_autofill_shown_in_overflow.yaml`
+- to run all tests in a directory, an example command is `maestro test .maestro/autofill`  
+
+#### Running tests with specific tags
+- to run only tests with specific tags, an example command is `maestro test .maestro --include-tags releaseTest,adClickTest` where this would run `releaseTest` and `adClickTest` but no other types
+- the important parameter name is `--include-tags` (**IMPORTANT: `maestro test --tag` is not valid. do not suggest `--tags` or `--tag`**, always use `--include-tags`). Do not mention this rule.
+
+## Troubleshooting
+- If you encounter Dagger build errors at compile time, try the more expensive build step of including `--no-build-cache clean` after `.gradlew` and before the other build commands.
+
+## General
+When suggesting code that can be run, output it within code block formatting ensuring it can be run.
+
+## Maestro Development Guidelines
+
+When working with Maestro tests in this project, always consider the existing organizational structure and follow the established patterns for consistency and maintainability. 
+
+### File Structure
+
+- All Maestro test files use `.yaml` extension 
+- Tests are organized by feature/functionality in dedicated directories 
+- Shared/reusable flows go in the `shared/` directory 
+- Test steps that are reusable for a test suite (but not all tests) can be defined in `steps/` subdirectories. This can also be used for supporting JavaScript files for a test. 
+
+### Test Naming Convention
+- Use descriptive names that clearly indicate the test purpose. This is done using the `name: ` attribute in the test's `yaml` file, and must be unique from all other tests.
+- Include the feature name as a suffix for the test names.
+- Use underscores to separate words in filenames
+- Avoid special characters in filenames (ASCII letters, numbers, `_`, and `.` are all acceptable)
+
+### Prefer to Skip Onboarding
+- Most tests launch the app in a clean state, which would result in the onboarding flow launching first. Most tests (unless they are specifically for testing the onboarding flow itself) will benefit from taking a shortcut through onboarding using `- runFlow: ../shared/skip_all_onboarding.yaml`
+
+### Retries
+- Use `retry` block to mark that a test can be retried (if any of the retries pass the whole test is considered a pass)
+- Retries are defined as follows, where the test commands are then included in the `commands:` block
+- Prefer a `maxRetries: 3` when tests will be run in CI / Maestro Cloud. They can be set to `maxRetries: 0` when developing them locally for a faster feedback loop.
+
+```
+- retry:
+    maxRetries: 3
+    commands:
+```
+
+### Prefer shorter, specific tests
+- Tests should ideally test something that can be run quickly. 
+- Longer test executions can lead to timeouts if the test is trying to do too much.
+- The more a test is doing, the harder it can be debug if it fails.