diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5882275 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,13 @@ +version: 2 +target-branch: develop +updates: + - package-ecosystem: "bundler" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 + - package-ecosystem: "npm" + directory: "/" + schedule: + interval: "weekly" + open-pull-requests-limit: 10 diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index b6ce566..738f85e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,6 +16,8 @@ on: - "lib/radvent/version.rb" - "CLAUDE.md" - "README.md" +permissions: + contents: read env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml index 403303e..bea76af 100644 --- a/.github/workflows/container.yml +++ b/.github/workflows/container.yml @@ -5,6 +5,8 @@ on: - '**' tags: - '**' +permissions: + contents: read env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} jobs: diff --git a/AGENTS.md b/AGENTS.md index 3bfc049..6704656 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,5 +1,47 @@ # AGENTS.md - Guidelines for Agentic Coding in Radvent +## ABSOLUTE RULES (CRITICAL) + +**NEVER commit or push changes without explicit user permission** +- Do NOT run `git commit` under any circumstances +- Do NOT run `git push` under any circumstances +- Do NOT create pull requests under any circumstances +- Only show changes with `git diff` after user approves +- Wait for explicit user confirmation before ANY git operations + +**NEVER decide commit message without user approval** +- Let user write the commit message +- Do not automatically generate or suggest commit messages +- Ask user for commit message before running `git commit` + +## Git Flow (Branching Model) + +This project uses **Git Flow** branching model (also known as A successful git branching model). + +### Branch Structure +- `main`: Production-ready code. Never commit directly to main. +- `develop`: Integration branch. Never commit directly to develop. +- `bugfix/*`: Feature branches for bug fixes. +- `feature/*`: Feature branches for new features. + +### Development Workflow +1. Create a `bugfix/` or `feature/` branch from `develop` +2. Make changes, test, and commit to your branch +3. Push branch to remote: `git push -u origin branch-name` +4. Create pull request from your branch to `develop` +5. Merge PR into `develop` after review +6. Never commit or push directly to `main` or `develop` + +### Example Commands +```bash +git checkout develop +git pull origin develop +git checkout -b bugfix/your-fix +# Make changes, test, commit +git push -u origin bugfix/your-fix +# Create PR from bugfix/your-fix to develop +``` + ## Build, Lint, and Test Commands ### Setup diff --git a/app/controllers/attachments_controller.rb b/app/controllers/attachments_controller.rb index 99cf21f..9ee117b 100644 --- a/app/controllers/attachments_controller.rb +++ b/app/controllers/attachments_controller.rb @@ -1,5 +1,4 @@ class AttachmentsController < ApplicationController - protect_from_forgery with: :null_session before_action :authenticate_user!, only: [:create] def create diff --git a/lib/radvent/version.rb b/lib/radvent/version.rb index 71863aa..bf11636 100644 --- a/lib/radvent/version.rb +++ b/lib/radvent/version.rb @@ -1,6 +1,6 @@ module Radvent module Version - VERSION = '3.0.0beta'.freeze + VERSION = '3.0.0beta2'.freeze def self.version VERSION end diff --git a/opencode.jsonc b/opencode.jsonc index 4c66d4f..a0bab7f 100644 --- a/opencode.jsonc +++ b/opencode.jsonc @@ -39,5 +39,27 @@ "enabled": true, "environment": {} } + }, + "permission": { + "bash": { + "*": "ask", + "ls *": "allow", + "cat *": "allow", + "git status": "allow", + "git diff *": "allow", + "git log *": "allow", + "git commit *": "ask", + "git push *": "deny", + "npm run *": "allow", + "npm test": "allow", + "cargo check": "allow" + }, + "edit": { + "*": "ask" + }, + "read": "allow", + "glob": "allow", + "grep": "allow", + "list": "allow" } } \ No newline at end of file