From a54390f789f11c140fd4602ff69251ff4b92ea73 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste THERY Date: Thu, 2 Jul 2026 18:15:37 +0700 Subject: [PATCH] docs(agents): require confirmation before branches and enforce Git Flow Add an "AI Coding Agent Guardrails" section to AGENTS.md and a Claude-specific pointer in CLAUDE.md: never create/switch/delete branches, open/merge PRs, or trigger a release without explicit confirmation, always follow the protected Git Flow (feature/* off develop, PR into develop, release PR develop -> main), reuse approved branches, and respect other agents' uncommitted work. --- AGENTS.md | 22 ++++++++++++++++++++++ CLAUDE.md | 9 +++++++++ 2 files changed, 31 insertions(+) diff --git a/AGENTS.md b/AGENTS.md index e9c3911..5ea8ac2 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -196,6 +196,28 @@ - Use Git Flow locally: `main` is production, `develop` is integration, feature work starts from `develop` under `feature/*`. Do not deploy or publish from feature branches. +## AI Coding Agent Guardrails + +These rules are binding for every AI coding agent working in this repository (Claude Code, Codex, and +any other), because several agents may run against this repo in parallel. + +- **Never create, rename, delete, switch, or reset Git branches on your own.** Ask the user for + explicit confirmation first, and state the exact branch name and base you intend to use. A + high-level task is not blanket permission to spawn branches — confirm the branch itself. +- **Always follow the repository Git Flow.** `main` is production and `develop` is integration; both + are protected and only change through a pull request with green required checks (Quality gate, + Commitlint, Analyze TypeScript). Start work from `develop` under `feature/*` (fixes `fix/*`, chores + `chore/*`), open a PR into `develop`, and promote `develop` to `main` with a release PR. Never + commit or push directly to `main` or `develop`, and never force-push either branch. +- **Do not open or merge pull requests, or trigger a release / npm publish, without explicit + confirmation.** The protected `Release npm` workflow and its `npm-publish` environment approval are + the only publish path. +- **Reuse the branch or PR the user already approved instead of creating new ones.** Do not + proliferate short-lived branches; when a temporary branch is genuinely required (for example a + protected-branch back-merge), name it clearly and delete it once merged. +- **Respect other agents' work.** Before editing, run `git status` and check for other running agents + or processes; never stage, commit, or discard uncommitted changes you did not make. + ## Coding Conventions General principles (KISS, DRY, YAGNI, SOLID) as applied in this codebase. Match the surrounding style. diff --git a/CLAUDE.md b/CLAUDE.md index 450f1fa..326bab8 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -6,6 +6,15 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co high-level architecture. Read it first. This file adds only the Claude Code operational details and non-obvious traps that matter when editing here, without duplicating `AGENTS.md`. +## Branches, PRs, and releases — confirm first + +Never create, rename, switch, or reset a branch, open or merge a PR, or trigger a release / npm +publish on your own. Ask for explicit confirmation (naming the exact branch and base), and follow the +Git Flow in `AGENTS.md`: `feature/*` off `develop`, PR into `develop`, release PR `develop` → `main`. +`main` and `develop` are protected (PR + green Quality gate, Commitlint, Analyze TypeScript). Reuse a +branch the user already approved instead of spawning new ones. Full rules: "AI Coding Agent +Guardrails" in `AGENTS.md`. + ## Commands ```bash