-
Notifications
You must be signed in to change notification settings - Fork 0
Profiles
github-actions[bot] edited this page May 2, 2026
·
5 revisions
The first question the init wizard asks is Team profile. Your answer sets smart defaults for which rules, agents, and skills are pre-checked — you can still add or remove anything before confirming.
Each preset (rule, agent, skill) has a tags array listing which profiles consider it a default. When you pick a profile, every preset tagged with that profile is pre-checked in the wizard. Presets not tagged for your profile are still available — just unchecked.
Universal rules bypass this system entirely. They are always included and cannot be deselected, regardless of which profile you pick.
These rules are included in every project. They appear checked and marked (required) in the wizard.
| Rule | What it enforces |
|---|---|
coding-standards |
Function complexity, readability, naming conventions |
early-returns |
Guard clauses over nested conditionals |
git-move |
Use git mv for tracked files to preserve history |
never-read-env |
Never read .env files directly in code |
post-edit-diagnostics |
Run diagnostics and formatter after every edit |
pre-commit-checks |
Formatter, linter, and build pass before every commit |
docs-parity |
Doc updates ship in the same commit as behavior changes |
UI, design systems, accessibility
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
APIs, databases, auth, services
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
Frontend + backend combined
This profile is the union of Frontend and Backend defaults.
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
CI/CD, containers, infrastructure-as-code
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Ansible, Kubernetes, Terraform — no application code
Use this profile for repos that contain only infrastructure: Ansible roles, Kubernetes manifests, Helm charts, Docker Compose stacks, Terraform modules. There is no application code (no JS/TS, no Python services, no CI-built binaries).
This profile shares most rules with DevOps / Platform but does not force-include the app-code-specific universals (coding-standards, early-returns, post-edit-diagnostics), which are not meaningful in infrastructure-only repos.
| Rule | What it enforces |
|---|---|
git-move |
Use git mv for tracked files to preserve history |
never-read-env |
Never read .env files directly in code |
pre-commit-checks |
Formatter, linter, and build pass before every commit |
docs-parity |
Doc updates ship in the same commit as behavior changes |
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Pick everything individually. No presets are pre-checked (except universal guardrails, which are always included). Use this when your project doesn't fit a standard profile or when you want full control.