-
Notifications
You must be signed in to change notification settings - Fork 0
Profiles
The first question the init wizard asks is Team profile. Your answer sets smart defaults for which rules, agents, and skills are pre-checked — you can still add or remove anything before confirming.
Each preset (rule, agent, skill) has a tags array listing which profiles consider it a default. When you pick a profile, every preset tagged with that profile is pre-checked in the wizard. Presets not tagged for your profile are still available — just unchecked.
When you pick a profile, every collection tagged for that profile is pre-checked in the wizard. You can add or remove any collection before confirming.
| Collection | Frontend | Backend | Full-stack | DevOps | Pure Infra | Custom |
|---|---|---|---|---|---|---|
| TypeScript | ✓ | ✓ | ✓ | — | — | — |
| Git | ✓ | ✓ | ✓ | ✓ | ✓ | — |
| Security | ✓ | ✓ | ✓ | ✓ | ✓ | — |
| Docs | ✓ | ✓ | ✓ | ✓ | ✓ | — |
| DevOps | — | — | — | ✓ | ✓ | — |
| Next.js | ✓ | — | ✓ | — | — | — |
UI, design systems, accessibility
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
APIs, databases, auth, services
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
Frontend + backend combined
This profile is the union of Frontend and Backend defaults.
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
CI/CD, containers, infrastructure-as-code
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Ansible, Kubernetes, Terraform — no application code
Use this profile for repos that contain only infrastructure: Ansible roles, Kubernetes manifests, Helm charts, Docker Compose stacks, Terraform modules. There is no application code (no JS/TS, no Python services, no CI-built binaries).
This profile is scoped to infrastructure-only repos. It defaults to git, security, docs, and devops collections — the TypeScript collection is not included since there is no application code.
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Pick everything individually. No collections are pre-checked. Use this when your project doesn't fit a standard profile or when you want full control.
After init, switch the active profile at any time:
bluetemberg switch-profile backendThis adds any agent and skill packages belonging to the new profile's defaults that are not yet in llm/packages.json. It never removes packages automatically — instead it reports which official agent/skill packages in the manifest are not part of the new profile's defaults so you can decide whether to keep or remove them manually.
Stale detection is scoped to the official agent/skill preset catalog. Rule collections (e.g. bluetemberg-rules-typescript) and any third-party packs are never flagged — the switch cannot know which kind they are and should not touch them.
After switching, run bluetemberg sync to regenerate platform files.