AI Rules

Write clean .csproj files — use SDK-style format, organize package references, set proper metadata for libraries, and leverage Directory.Build.props for shared settings.

Comprehensive .gitignore rules to prevent committing secrets, build artifacts, OS files, IDE configurations, and other files that don't belong in version control.

Enforce standards for Snyk ignore entries — every ignored vulnerability must have a documented reason, expiration date, and compensating controls in the .snyk policy file.

Configure SOPS with a .sops.yaml file for automatic encryption rules — define creation rules per file pattern, specify KMS keys per environment, and enforce encrypted_regex for partial encryption.

Enforce a structured, modular .zshrc configuration with logical sections, sourced files, startup performance targets, and consistent formatting.

Define what files and information to include in AI coding tool context — priority ordering, exclusion patterns, and token budget allocation for optimal code generation results.

Standardize how AI coding tools format their output — file path headers, code block language tags, import ordering, and response structure for predictable, copy-paste-ready results.

Enforce consistent prompt structure across AI coding tools — role definitions, constraint formatting, output specifications, and example inclusion for reliable AI-assisted development.

Enforce standards for Grafana alert rules — naming conventions, severity labels, for-duration requirements, runbook annotations, and notification routing rules.

Every Bash script must begin with strict mode flags — set -euo pipefail — to catch errors early, prevent undefined variable usage, and propagate pipeline failures.

Every Pulumi deployment must be preceded by a preview. CI/CD pipelines must run 'pulumi preview' on pull requests and require approval before 'pulumi up' on production stacks.

Every variable expansion and command substitution in Bash must be double-quoted to prevent word splitting, glob expansion, and catastrophic bugs with filenames containing spaces.

Enforce non-root user execution in all Docker containers — create dedicated users, set proper file ownership, and configure runtime security to prevent privilege escalation.

Every container in a Kubernetes pod specification must define CPU and memory requests and limits to ensure predictable scheduling, prevent resource starvation, and enable cluster autoscaling.

Standards for integrating Ollama's REST API into applications — health checks, error handling, timeout configuration, streaming patterns, and request parameter validation.

Security rules for HuggingFace API tokens — storage, rotation, permission scoping, environment variable usage, and preventing token exposure in code and logs.

Standardize Playwright assertion patterns — use web-first assertions with auto-retry, avoid manual waits, and prefer user-visible state checks over DOM property inspection.

Configure Vault authentication methods properly — prefer machine identity (AppRole, Kubernetes, AWS IAM) over static tokens, set appropriate TTLs, and enforce MFA for human operators.

Standards for managing authorized_keys files — key restrictions, command forcing, environment options, source IP limits, and regular audit requirements.

Standardize Azure resource group naming, location selection, and resource organization — group by lifecycle, tag consistently, and enforce naming patterns across subscriptions.

Never use 'any' in TypeScript code — use unknown for truly unknown types, generics for flexible functions, union types for multiple options, and proper type narrowing instead.

Define approved base images for container builds — prefer minimal images (Alpine, Distroless), pin versions by digest, and require regular updates to reduce vulnerability surface.

Define standards for Checkov baseline usage — when baselines are required, how to manage baseline files, and the process for reducing baseline findings over time.

Standardize Git branch naming patterns with type prefixes, kebab-case formatting, and issue references for consistent, scannable repository navigation.