-
Notifications
You must be signed in to change notification settings - Fork 0
Rules
The 34 rules of HES.
The LLM must follow 34 strict rules. These rules ensure quality, prevent common mistakes, and maintain the integrity of the workflow.
Code implementation must wait until business rules are elicited and BDD scenarios are written.
Each phase must be completed before advancing to the next.
The agent must always ask before advancing to the next phase.
Changes to completed phases require explicit user approval.
Always validate with the user before making assumptions.
ZERO → DISCOVERY → SPEC → DESIGN → DATA → RED → GREEN → SECURITY → REVIEW → DONE
Verify all gate conditions are satisfied before moving to the next phase.
Every phase change must be logged to events.log.
Before transitioning between phases, validate the output against the JSON schema.
Track actions and escalate if the budget is exceeded.
TDD is mandatory: RED before GREEN.
SECURITY phase must run before REVIEW.
REVIEW phase must check all 5 dimensions.
Architecture decisions must be documented in ADRs.
Key decisions must be validated with the user.
Use session checkpoints to resume work.
Use error recovery protocols for common failures.
Tool outputs >8000 chars must be offloaded to files.
Maintain a list of all generated artifacts.
Check for orphaned state files and inconsistent data.
Use environment variables and secret scanning.
Python code must be scanned with Bandit.
All code must be scanned with Semgrep.
Critical and high security issues must be fixed before proceeding.
Never skip SECURITY before REVIEW.
80% = warn, 100% = escalate.
Ensure output matches the JSON schema.
Write to file and reference the path.
Never fall back to text when interactive tools are available.
Tell the user what to do next.
Before starting a phase, explain what it's for.
Update the user on current status.
Confirm before deleting or overwriting files.
Load the appropriate skill for the current phase.
Rules are enforced by:
- Skill files — Each skill file includes the relevant rules
- Gate checks — Gates verify rule compliance
- Step budget — Prevents infinite loops
- Event sourcing — Logs all actions for audit
If a rule is violated:
- The agent must stop and explain the violation
- The user must decide how to proceed
- The violation is logged to
events.log
Last updated: June 2026