-
Notifications
You must be signed in to change notification settings - Fork 0
Profiles
github-actions[bot] edited this page May 2, 2026
·
5 revisions
The first question the init wizard asks is Team profile. Your answer sets smart defaults for which rules, agents, and skills are pre-checked — you can still add or remove anything before confirming.
Each preset (rule, agent, skill) has a tags array listing which profiles consider it a default. When you pick a profile, every preset tagged with that profile is pre-checked in the wizard. Presets not tagged for your profile are still available — just unchecked.
Forced universal rules cannot be unchecked in the wizard, but pure-infra uses a smaller universal set: it skips app-code-centric rules (coding-standards, early-returns, post-edit-diagnostics). See Pure Infrastructure below.
These seven rules apply to Frontend, Backend, Full-stack, DevOps / Platform, and Custom. They appear checked and marked (required) in the wizard.
| Rule | What it enforces |
|---|---|
coding-standards |
Function complexity, readability, naming conventions |
early-returns |
Guard clauses over nested conditionals |
git-move |
Use git mv for tracked files to preserve history |
never-read-env |
Never read .env files directly in code |
post-edit-diagnostics |
Run diagnostics and formatter after every edit |
pre-commit-checks |
Formatter, linter, and build pass before every commit |
docs-parity |
Doc updates ship in the same commit as behavior changes |
UI, design systems, accessibility
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
APIs, databases, auth, services
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
Frontend + backend combined
This profile is the union of Frontend and Backend defaults.
| Rule | Default | Description |
|---|---|---|
type-safety |
yes | No any, no unguarded assertions, prefer unknown
|
no-console-log |
— | Forbid console.* in production code, use logger |
design-system-reuse |
— | Reuse shared UI components and tokens before creating new ones |
api-error-handling |
— | Structured error responses, never leak stack traces |
security-secrets |
— | Never hardcode secrets, tokens, or credentials |
| Agent | Default | Description |
|---|---|---|
frontend-specialist |
yes | UI implementation, design-system, i18n, a11y |
backend-specialist |
yes | API design, database patterns, error handling, auth |
test-specialist |
yes | Test creation, refactoring, stabilization |
docs-maintainer |
yes | Documentation synchronization with code changes |
code-reviewer |
— | PR review — patterns, naming, complexity, tests |
a11y-specialist |
— | WCAG 2.2 A/AA audit and remediation |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
| Skill | Default | Description |
|---|---|---|
patterns |
yes | Apply reusable architecture and coding patterns |
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
code-review |
— | Structured review checklist for PRs |
api-design |
— | RESTful conventions, pagination, versioning |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
migration-safety |
— | Database migration review, rollback plans |
CI/CD, containers, infrastructure-as-code
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Ansible, Kubernetes, Terraform — no application code
Use this profile for repos that contain only infrastructure: Ansible roles, Kubernetes manifests, Helm charts, Docker Compose stacks, Terraform modules. There is no application code (no JS/TS, no Python services, no CI-built binaries).
This profile shares most rules with DevOps / Platform but does not force-include the app-code-specific universals (coding-standards, early-returns, post-edit-diagnostics), which are not meaningful in infrastructure-only repos.
| Rule | What it enforces |
|---|---|
git-move |
Use git mv for tracked files to preserve history |
never-read-env |
Never read .env files directly in code |
pre-commit-checks |
Formatter, linter, and build pass before every commit |
docs-parity |
Doc updates ship in the same commit as behavior changes |
| Rule | Default | Description |
|---|---|---|
security-secrets |
yes | Never hardcode secrets, tokens, or credentials |
docker-best-practices |
yes | Multi-stage builds, non-root users, layer caching |
container-image-pinning |
yes | Pin image versions everywhere — compose, Ansible, env vars |
idempotency |
yes | Every operation must be safe to re-run |
runbook-discipline |
yes | Keep runbooks and ADRs in sync with infra changes |
ansible-conventions |
— | FQCN modules, idempotency, Jinja2 safety |
jinja2-templates |
— | Safe templates with | default() and variable scope |
terraform-conventions |
— | Module structure, naming, state management |
kubernetes-manifests |
— | Resource limits, health checks, security context |
helm-conventions |
— | Chart structure, safe defaults, secret handling |
shell-script-standards |
— |
set -euo pipefail, shellcheck, quoting |
ci-workflow-conventions |
— | Pinned actions, OIDC, minimal permissions |
| Agent | Default | Description |
|---|---|---|
docs-maintainer |
yes | Documentation synchronization with code changes |
security-specialist |
— | Vulnerability audit, dependency scanning, secrets management |
infrastructure-specialist |
— | Build, CI, container, deployment config |
devops-specialist |
— | CI/CD pipelines, container optimization, IaC review |
ansible-specialist |
— | Ansible roles, playbooks, and Jinja2 templates |
kubernetes-specialist |
— | Manifests, Helm charts, Kustomize overlays |
sre-specialist |
— | SLOs, alerting, runbooks, post-mortems |
| Skill | Default | Description |
|---|---|---|
docs-upkeep |
yes | Keep docs aligned with implementation changes |
workspace-hygiene |
yes | On-demand workspace audit before commits and PRs |
stack-change-review |
yes | High-blast-radius infrastructure change review |
security-audit |
— | Dependency audit, secrets scan, OWASP patterns |
ci-cd-best-practices |
— | Pipeline optimization, caching strategies |
infrastructure-drift-check |
— | Verify declared IaC matches deployed state before merge |
rollback-plan |
— | Require tested rollback steps for every production change |
Pick everything individually. No presets are pre-checked (except universal guardrails: the seven-rule default set, same table as Frontend). Use this when your project doesn't fit a standard profile or when you want full control.