Add agent support templates and profiles

2026-05-03 21:46:59 +02:00
parent 947cc3a9ab
commit a218e338bd
16 changed files with 530 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -66,6 +66,10 @@ Use only the files that fit the project. For a tiny script repo, `AGENTS.md`, `R
 | `files/blueprint.json` | `blueprint.json` |
 | `files/SECURITY.md` | `SECURITY.md` |
 | `files/CHANGELOG.md` | `CHANGELOG.md` |
 | `files/CONTRIBUTING.md` | `CONTRIBUTING.md` |
 | `files/gitignore.template` | `.gitignore` |
 | `files/agent-handoff.md` | `docs/agent-handoff.md` |
 | `files/release-notes.md` | `docs/release-notes.md` |
 Start with `agent-quickstart.md` when using this kit through Codex.
@@ -73,6 +77,8 @@ Start with `agent-quickstart.md` when using this kit through Codex.
 Agents should read `manifest.json` before copying files. It is the source of truth for target paths, required files, optional files, and placeholder names.
 `manifest.schema.json` documents the manifest shape. Stack-specific profile notes live in `profiles/`.
 <p align="center"><img src="https://raw.githubusercontent.com/andreasbm/readme/master/assets/lines/rainbow.png" alt="-----------------------------------------------------" width="100%"></p>
 ## Placeholders
@@ -108,6 +114,7 @@ When applying this kit, an agent should:
 - read `manifest.json` first,
 - choose `new-repository.md` or `existing-project.md`,
 - read matching `profiles/*.md` guidance after detecting the stack,
 - check `git status --short` before editing,
 - preserve unrelated user changes,
 - use the manifest copy map for target paths,
@@ -116,6 +123,7 @@ When applying this kit, an agent should:
 - keep `AGENTS.md` and `.codex/project.md` aligned,
 - update `README.md` whenever README blueprint files change,
 - update security and release docs when release behavior changes,
 - update `docs/agent-handoff.md` when work is interrupted, risky, or multi-session,
 - run `git diff --check` before finishing,
 - run the cheapest reliable verification command,
 - poll pushed Gitea workflow runs until success or a concrete blocker.
--- a/agent-quickstart.md
+++ b/agent-quickstart.md
@@ -8,6 +8,7 @@ Use this file when you want Codex to apply the repository kit with minimal instr
 Read manifest.json first.
 Use its copyMap for file destinations.
 Use new-repository.md or existing-project.md as the task workflow.
 Use matching profiles/*.md guidance after detecting the stack.
 Check git status before editing.
 Preserve unrelated user changes.
 Replace all applicable placeholders and remove non-applicable placeholder sections.
@@ -57,6 +58,10 @@ Did you read manifest.json?
  yes -> use copyMap and placeholders from it
  no  -> read it before editing
 Does a stack profile match?
  yes -> read the matching profiles/*.md file and adapt commands carefully
  no  -> continue with universal rules only
 Does the project already have README structure?
  yes -> preserve it; only add blueprint files if useful
  no  -> add blueprint.md and blueprint.json with the rainbow section-line divider
@@ -81,6 +86,10 @@ Did release behavior, artifacts, or downloads change?
  yes -> update docs/release-checklist.md and README downloads/artifacts
  no  -> do not invent release details
 Is the work interrupted, risky, or multi-session?
  yes -> update docs/agent-handoff.md
  no  -> no handoff file is required
 Is this a private Gitea repo with Actions?
  yes -> if GITEA_TOKEN is set locally, use it for read-only API checks of repository and workflow-run status
  no  -> use public web/API checks when available
@@ -112,6 +121,7 @@ SECURITY.md
 CHANGELOG.md
 docs/release-checklist.md
 docs/security-review.md
 docs/agent-handoff.md
 .gitea/workflows/build.yml
 ```
@@ -123,3 +133,13 @@ blueprint.json
 README.md
 ```
 For stack-specific guidance:
 ```text
 profiles/node.md
 profiles/electron.md
 profiles/python.md
 profiles/docker.md
 profiles/static-site.md
 ```
--- a/existing-project.md
+++ b/existing-project.md
@@ -48,6 +48,8 @@ Identify:
 - existing release notes or changelog,
 - security-sensitive behavior.
 If a matching stack profile exists in `profiles/`, read it before changing commands, CI, or ignore rules.
 ### 2. Add Agent Context
 Add `AGENTS.md` first. Keep it short and factual.
@@ -67,8 +69,11 @@ Add only missing files:
 ```text
 SECURITY.md
 CHANGELOG.md
 CONTRIBUTING.md
 docs/security-review.md
 docs/release-checklist.md
 docs/agent-handoff.md
 docs/release-notes.md
 ```
 If equivalent files already exist, update those instead of duplicating them.
--- a/files/AGENTS.md
+++ b/files/AGENTS.md
@@ -7,6 +7,7 @@ PROJECT_NAME: PROJECT_DESCRIPTION
 ## Repository Rules
 - Start by reading `manifest.json`, then the workflow file that matches the task: `new-repository.md` for fresh repos or `existing-project.md` for retrofit work.
 - Use the matching `profiles/*.md` file when the repository stack is detected. Profiles are guidance, not permission to ignore existing project conventions.
 - Follow the `manifest.json` copy map for source and target paths. Do not invent alternate locations unless the target repository already has an equivalent convention.
 - Prefer existing project patterns over new abstractions.
 - Keep changes scoped to the user's request.
@@ -64,5 +65,6 @@ ARTIFACT_NAME
 - `git diff --check` passes.
 - The cheapest reliable verification command has been run, or the reason it could not be run is documented.
 - README, changelog, security review, and release checklist are updated when the change touches release behavior.
 - `docs/agent-handoff.md` is updated when work is interrupted, risky, or spans multiple sessions.
 - Any pushed Gitea workflow has been polled to success or a concrete blocker has been reported.
--- a/files/CONTRIBUTING.md
+++ b/files/CONTRIBUTING.md
@@ -0,0 +1,48 @@
 # Contributing
 ## Working Rules
 - Keep changes scoped to the issue or user request.
 - Prefer existing project patterns.
 - Do not commit secrets, generated credentials, local `.env` files, or private keys.
 - Do not create releases unless explicitly requested.
 - Preserve unrelated user changes.
 ## Before Committing
 Run the cheapest reliable verification commands for this project:
 ```bash
 LINT_COMMAND
 TEST_COMMAND
 BUILD_COMMAND
 ```
 Also run:
 ```bash
 git diff --check
 ```
 If a command cannot run, document why in the final response or handoff notes.
 ## Pull Requests
 Pull requests should include:
 - summary of changes,
 - verification performed,
 - known risks or skipped checks,
 - artifact/download notes when relevant.
 ## Releases
 Before release work, update:
 ```text
 CHANGELOG.md
 docs/release-checklist.md
 docs/security-review.md
 README.md
 ```
--- a/files/agent-handoff.md
+++ b/files/agent-handoff.md
@@ -0,0 +1,35 @@
 # Agent Handoff
 Use this file when a task spans multiple sessions, has unresolved follow-up work, or changes release behavior.
 ## Current State
 ```text
 PENDING
 ```
 ## Changes Made
 - PENDING
 ## Verification
 | Check | Result |
 | --- | --- |
 | `git diff --check` | PENDING |
 | `LINT_COMMAND` | PENDING |
 | `TEST_COMMAND` | PENDING |
 | `BUILD_COMMAND` | PENDING |
 ## Open Questions
 - PENDING
 ## Next Steps
 - PENDING
 ## Risks
 - PENDING
--- a/files/gitignore.template
+++ b/files/gitignore.template
@@ -0,0 +1,46 @@
 # Dependencies
 node_modules/
 vendor/
 .venv/
 venv/
 __pycache__/
 # Build outputs
 dist/
 build/
 out/
 release/
 target/
 bin/
 obj/
 # Logs and temporary files
 *.log
 *.tmp
 *.temp
 .cache/
 .turbo/
 .vite/
 .pytest_cache/
 # Local environment and secrets
 .env
 .env.*
 !.env.example
 *.pem
 *.key
 *.pfx
 *.p12
 *.crt
 *.cer
 *.token
 secrets/
 # OS and editor files
 .DS_Store
 Thumbs.db
 .idea/
 .vscode/
 *.swp
 *.swo
--- a/files/release-notes.md
+++ b/files/release-notes.md
@@ -0,0 +1,31 @@
 # PROJECT_NAME PROJECT_VERSION
 ## Downloads
 | Variant | Download |
 | --- | --- |
 | Latest artifact | DOWNLOAD_URL |
 ## Highlights
 - PENDING
 ## Security
 - Dependency audit: PENDING
 - Secret handling: PENDING
 - External network calls: PENDING
 ## Verification
 | Check | Result |
 | --- | --- |
 | `LINT_COMMAND` | PENDING |
 | `TEST_COMMAND` | PENDING |
 | `BUILD_COMMAND` | PENDING |
 | Artifact download | PENDING |
 ## Notes
 PENDING
--- a/manifest.json
+++ b/manifest.json
@@ -26,6 +26,7 @@
    "existingProject": "existing-project.md",
    "quickstart": "agent-quickstart.md"
  },
  "schema": "manifest.schema.json",
  "copyMap": [
    {
      "source": "files/AGENTS.md",
@@ -47,6 +48,26 @@
      "target": "CHANGELOG.md",
      "required": false
    },
    {
      "source": "files/CONTRIBUTING.md",
      "target": "CONTRIBUTING.md",
      "required": false
    },
    {
      "source": "files/gitignore.template",
      "target": ".gitignore",
      "required": false
    },
    {
      "source": "files/agent-handoff.md",
      "target": "docs/agent-handoff.md",
      "required": false
    },
    {
      "source": "files/release-notes.md",
      "target": "docs/release-notes.md",
      "required": false
    },
    {
      "source": "files/release-checklist.md",
      "target": "docs/release-checklist.md",
@@ -93,5 +114,27 @@
    "DEV_COMMAND",
    "PACKAGE_MANAGER",
    "PROJECT_VERSION"
  ],
  "profiles": [
    {
      "name": "node",
      "path": "profiles/node.md"
    },
    {
      "name": "electron",
      "path": "profiles/electron.md"
    },
    {
      "name": "python",
      "path": "profiles/python.md"
    },
    {
      "name": "docker",
      "path": "profiles/docker.md"
    },
    {
      "name": "static-site",
      "path": "profiles/static-site.md"
    }
  ]
 }
--- a/manifest.schema.json
+++ b/manifest.schema.json
@@ -0,0 +1,93 @@
 {
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "title": "Codex Agent Repository Kit Manifest",
  "type": "object",
  "required": ["name", "version", "description", "workflows", "copyMap", "placeholders"],
  "properties": {
    "name": {
      "type": "string"
    },
    "version": {
      "type": "string"
    },
    "description": {
      "type": "string"
    },
    "agentResponsibilities": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "readmeDivider": {
      "type": "object",
      "required": ["templateName", "source", "usage"],
      "properties": {
        "templateName": {
          "type": "string"
        },
        "source": {
          "type": "string"
        },
        "usage": {
          "type": "string"
        }
      }
    },
    "workflows": {
      "type": "object",
      "required": ["newRepository", "existingProject", "quickstart"],
      "properties": {
        "newRepository": {
          "type": "string"
        },
        "existingProject": {
          "type": "string"
        },
        "quickstart": {
          "type": "string"
        }
      }
    },
    "copyMap": {
      "type": "array",
      "items": {
        "type": "object",
        "required": ["source", "target", "required"],
        "properties": {
          "source": {
            "type": "string"
          },
          "target": {
            "type": "string"
          },
          "required": {
            "type": "boolean"
          }
        }
      }
    },
    "placeholders": {
      "type": "array",
      "items": {
        "type": "string"
      }
    },
    "profiles": {
      "type": "array",
      "items": {
        "type": "object",
        "required": ["name", "path"],
        "properties": {
          "name": {
            "type": "string"
          },
          "path": {
            "type": "string"
          }
        }
      }
    }
  }
 }
--- a/new-repository.md
+++ b/new-repository.md
@@ -30,6 +30,8 @@ Identify:
 - expected artifact type,
 - whether the repo is app, service, library, script, documentation, or infrastructure.
 If a matching stack profile exists in `profiles/`, read it before choosing commands.
 ### 2. Copy Baseline Files
 Create directories as needed and copy:
@@ -39,8 +41,12 @@ files/AGENTS.md              -> AGENTS.md
 files/project.md             -> .codex/project.md
 files/SECURITY.md            -> SECURITY.md
 files/CHANGELOG.md           -> CHANGELOG.md
 files/CONTRIBUTING.md        -> CONTRIBUTING.md
 files/gitignore.template     -> .gitignore
 files/release-checklist.md   -> docs/release-checklist.md
 files/security-review.md     -> docs/security-review.md
 files/agent-handoff.md       -> docs/agent-handoff.md
 files/release-notes.md       -> docs/release-notes.md
 files/blueprint.md           -> blueprint.md
 files/blueprint.json         -> blueprint.json
 files/build-gitea.yml        -> .gitea/workflows/build.yml
--- a/profiles/docker.md
+++ b/profiles/docker.md
@@ -0,0 +1,36 @@
 # Docker Profile
 Use when the repository has `Dockerfile`, `compose.yml`, or deployment container artifacts.
 ## Checks
 Look for:
 - secrets copied into images,
 - `.env` files committed,
 - broad build contexts,
 - unpinned base images,
 - root-only runtime when avoidable,
 - exposed ports documented in README.
 ## Commands
 Common placeholders:
 ```text
 BUILD_COMMAND = docker build -t PROJECT_NAME .
 TEST_COMMAND = docker compose config
 AUDIT_COMMAND = docker scout cves PROJECT_NAME
 ```
 Use only commands that are available in the target environment.
 ## Ignore Additions
 ```text
 .env
 .env.*
 !.env.example
 docker-compose.override.yml
 ```
--- a/profiles/electron.md
+++ b/profiles/electron.md
@@ -0,0 +1,43 @@
 # Electron Profile
 Use when the repository builds an Electron desktop app.
 ## Security Expectations
 Check for:
 ```text
 contextIsolation: true
 nodeIntegration: false
 sandbox: true when compatible
 webSecurity: true
 allowRunningInsecureContent: false
 ```
 Avoid:
 ```text
 eval
 shell.openExternal without allowlist
 unsafe navigation
 unvalidated IPC writes
 ```
 ## Release Notes
 Document:
 - installer artifact,
 - portable artifact if available,
 - signing status,
 - SmartScreen/Defender limitations,
 - whether secrets or user files stay local.
 ## Common Artifacts
 ```text
 release/*.exe
 release/*.blockmap
 release/*.yml
 ```
--- a/profiles/node.md
+++ b/profiles/node.md
@@ -0,0 +1,42 @@
 # Node Profile
 Use when the repository has `package.json`.
 ## Detection
 Common files:
 ```text
 package.json
 package-lock.json
 pnpm-lock.yaml
 yarn.lock
 tsconfig.json
 vite.config.*
 ```
 ## Commands
 Prefer existing scripts. Common defaults:
 ```text
 INSTALL_COMMAND = npm install
 LINT_COMMAND = npm run lint
 TEST_COMMAND = npm test
 BUILD_COMMAND = npm run build
 AUDIT_COMMAND = npm audit --omit=dev --audit-level=high
 README_COMMAND = npm run readme
 ```
 If scripts are missing, document `PENDING` instead of inventing commands.
 ## Ignore Additions
 ```text
 node_modules/
 dist/
 build/
 coverage/
 *.log
 ```
--- a/profiles/python.md
+++ b/profiles/python.md
@@ -0,0 +1,36 @@
 # Python Profile
 Use when the repository has `pyproject.toml`, `requirements.txt`, or Python source files.
 ## Commands
 Prefer existing tooling. Common examples:
 ```text
 INSTALL_COMMAND = python -m pip install -r requirements.txt
 LINT_COMMAND = ruff check .
 TEST_COMMAND = pytest
 BUILD_COMMAND = python -m build
 AUDIT_COMMAND = pip-audit
 ```
 If the project uses `uv`, prefer:
 ```text
 INSTALL_COMMAND = uv sync
 TEST_COMMAND = uv run pytest
 AUDIT_COMMAND = uv pip audit
 ```
 ## Ignore Additions
 ```text
 .venv/
 venv/
 __pycache__/
 .pytest_cache/
 dist/
 build/
 *.egg-info/
 ```
--- a/profiles/static-site.md
+++ b/profiles/static-site.md
@@ -0,0 +1,36 @@
 # Static Site Profile
 Use when the repository produces static HTML/CSS/JS output.
 ## Checks
 Look for:
 - broken asset paths,
 - missing responsive viewport,
 - inaccessible contrast,
 - large unoptimized images,
 - external scripts without a clear reason,
 - generated output directory.
 ## Commands
 Common examples:
 ```text
 INSTALL_COMMAND = npm install
 DEV_COMMAND = npm run dev
 LINT_COMMAND = npm run lint
 BUILD_COMMAND = npm run build
 ```
 ## Artifacts
 Common output directories:
 ```text
 dist/
 build/
 public/
 ```