Initial commit

profiles/docker.md

@@ -0,0 +1,36 @@
+# Docker Profile
+
+Use when the repository has `Dockerfile`, `compose.yml`, or deployment container artifacts.
+
+## Checks
+
+Look for:
+
+- secrets copied into images,
+- `.env` files committed,
+- broad build contexts,
+- unpinned base images,
+- root-only runtime when avoidable,
+- exposed ports documented in README.
+
+## Commands
+
+Common placeholders:
+
+```text
+BUILD_COMMAND = docker build -t PROJECT_NAME .
+TEST_COMMAND = docker compose config
+AUDIT_COMMAND = docker scout cves PROJECT_NAME
+```
+
+Use only commands that are available in the target environment.
+
+## Ignore Additions
+
+```text
+.env
+.env.*
+!.env.example
+docker-compose.override.yml
+```
+

profiles/electron.md

@@ -0,0 +1,43 @@
+# Electron Profile
+
+Use when the repository builds an Electron desktop app.
+
+## Security Expectations
+
+Check for:
+
+```text
+contextIsolation: true
+nodeIntegration: false
+sandbox: true when compatible
+webSecurity: true
+allowRunningInsecureContent: false
+```
+
+Avoid:
+
+```text
+eval
+shell.openExternal without allowlist
+unsafe navigation
+unvalidated IPC writes
+```
+
+## Release Notes
+
+Document:
+
+- installer artifact,
+- portable artifact if available,
+- signing status,
+- SmartScreen/Defender limitations,
+- whether secrets or user files stay local.
+
+## Common Artifacts
+
+```text
+release/*.exe
+release/*.blockmap
+release/*.yml
+```
+

profiles/node.md

@@ -0,0 +1,42 @@
+# Node Profile
+
+Use when the repository has `package.json`.
+
+## Detection
+
+Common files:
+
+```text
+package.json
+package-lock.json
+pnpm-lock.yaml
+yarn.lock
+tsconfig.json
+vite.config.*
+```
+
+## Commands
+
+Prefer existing scripts. Common defaults:
+
+```text
+INSTALL_COMMAND = npm install
+LINT_COMMAND = npm run lint
+TEST_COMMAND = npm test
+BUILD_COMMAND = npm run build
+AUDIT_COMMAND = npm audit --omit=dev --audit-level=high
+README_COMMAND = npm run readme
+```
+
+If scripts are missing, document `PENDING` instead of inventing commands.
+
+## Ignore Additions
+
+```text
+node_modules/
+dist/
+build/
+coverage/
+*.log
+```
+

profiles/python.md

@@ -0,0 +1,36 @@
+# Python Profile
+
+Use when the repository has `pyproject.toml`, `requirements.txt`, or Python source files.
+
+## Commands
+
+Prefer existing tooling. Common examples:
+
+```text
+INSTALL_COMMAND = python -m pip install -r requirements.txt
+LINT_COMMAND = ruff check .
+TEST_COMMAND = pytest
+BUILD_COMMAND = python -m build
+AUDIT_COMMAND = pip-audit
+```
+
+If the project uses `uv`, prefer:
+
+```text
+INSTALL_COMMAND = uv sync
+TEST_COMMAND = uv run pytest
+AUDIT_COMMAND = uv pip audit
+```
+
+## Ignore Additions
+
+```text
+.venv/
+venv/
+__pycache__/
+.pytest_cache/
+dist/
+build/
+*.egg-info/
+```
+

profiles/static-site.md

@@ -0,0 +1,36 @@
+# Static Site Profile
+
+Use when the repository produces static HTML/CSS/JS output.
+
+## Checks
+
+Look for:
+
+- broken asset paths,
+- missing responsive viewport,
+- inaccessible contrast,
+- large unoptimized images,
+- external scripts without a clear reason,
+- generated output directory.
+
+## Commands
+
+Common examples:
+
+```text
+INSTALL_COMMAND = npm install
+DEV_COMMAND = npm run dev
+LINT_COMMAND = npm run lint
+BUILD_COMMAND = npm run build
+```
+
+## Artifacts
+
+Common output directories:
+
+```text
+dist/
+build/
+public/
+```
+