{ "version": 1, "templates": [ { "id": "never-force-push-main", "name": "Never force-push to main", "category": "Git Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "git\\s+push\\s+(--force|-f)", "problem": "Stops destructive history rewrites on protected branches before they land.", "roi": "Protects every shared repo from the fastest irreversible mistake.", "rollout": "Enable on every team repo on day one." }, { "id": "never-skip-tests-before-commit", "name": "Never skip tests before commit", "category": "Verification", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "git\\s+commit", "problem": "Requires proof before code leaves the laptop, reducing broken commits and noisy CI.", "roi": "Cuts review churn and CI rollback time across the team.", "rollout": "Pair with repository-specific test commands." }, { "id": "evidence-before-done", "name": "Require evidence before saying done", "category": "Agent Honesty", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "completion_claim_without_verification", "problem": "Prevents agents from claiming success without test, deploy, or runtime evidence.", "roi": "Raises trust in autonomous runs and reduces manual re-checking.", "rollout": "Use for every workflow where proof matters more than speed." }, { "id": "protect-production-sql", "name": "Protect production SQL", "category": "Database Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(drop|truncate|delete)\\s+.*production", "problem": "Blocks destructive SQL operations against production-like targets.", "roi": "One saved incident pays for the whole rollout.", "rollout": "Turn on for any team touching live data." }, { "id": "back-up-env-before-edit", "name": "Back up .env before editing", "category": "Secrets Hygiene", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "\\.env", "problem": "Flags risky config edits before tokens or local credentials are lost.", "roi": "Reduces secret churn and local breakage during setup work.", "rollout": "Good default for every machine and shared repo." }, { "id": "promote-known-good-workflows", "name": "Promote known-good workflows", "category": "Positive Reinforcement", "signal": "👍", "defaultAction": "allow", "severity": "medium", "pattern": "verified_workflow_pattern", "problem": "Turns repeated thumbs-up patterns into recommended workflow defaults and starter rules.", "roi": "Helps new agents and new teammates start from what already works.", "rollout": "Use with shared lessons to accelerate onboarding." }, { "id": "require-diff-impact-before-central-edit", "name": "Require diff impact before central edits", "category": "Knowledge Graph Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "centrality:(high|critical).*tool:(edit|write|patch)", "problem": "Blocks edits to high-centrality files unless the agent has inspected the dependency impact first.", "roi": "Turns code-graph context into a concrete guardrail for the changes most likely to break many downstream paths.", "rollout": "Enable after generating a code knowledge graph and tagging critical files or modules." }, { "id": "checkpoint-cross-layer-refactor", "name": "Checkpoint cross-layer refactors", "category": "Knowledge Graph Safety", "signal": "👎", "defaultAction": "warn", "severity": "high", "pattern": "layers_touched:(api|service|data|ui).*(api|service|data|ui)", "problem": "Requires an explicit checkpoint before an agent changes multiple architectural layers in one run.", "roi": "Prevents broad refactors from becoming invisible blast-radius expansion.", "rollout": "Use with graph layer labels from tools such as Understand Anything, code-graph MCPs, or internal architecture maps." }, { "id": "protect-graph-generated-artifacts", "name": "Protect generated graph artifacts", "category": "Knowledge Graph Safety", "signal": "👎", "defaultAction": "block", "severity": "medium", "pattern": "\\.(understand-anything|codegraph|knowledge-graph)\\/.*", "problem": "Stops agents from editing generated knowledge-graph artifacts as if they were source of truth.", "roi": "Keeps graph context reproducible and avoids corrupting the evidence layer agents rely on for impact analysis.", "rollout": "Enable for repos that commit or cache graph outputs locally." }, { "id": "block-package-lifecycle-secret-harvest", "name": "Block package lifecycle secret harvest", "category": "Supply Chain Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(preinstall|install|postinstall|prepare).*(env|token|secret|credential|npmrc|pypirc|docker\\/config|ssh)", "problem": "Stops package lifecycle scripts from reading local credentials during npm, PyPI, Docker, or CLI compromise scenarios.", "roi": "Turns developer-machine supply-chain awareness into a runtime stop before secrets are harvested at scale.", "rollout": "Enable on every repo where agents can install packages, run package scripts, or edit dependency automation." }, { "id": "review-untrusted-cli-before-execution", "name": "Review untrusted CLI before execution", "category": "Supply Chain Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(curl|wget).*(bash|sh)|npx\\s+[^@\\s]+|uvx\\s+|pipx\\s+run", "problem": "Blocks one-shot CLI execution paths that can turn a copied command into developer-machine compromise.", "roi": "Prevents AI assistants from amplifying malicious copy-paste install flows across repos and machines.", "rollout": "Allowlist trusted internal CLIs and require source review for every new external executable." }, { "id": "checkpoint-dependency-bot-autofix", "name": "Checkpoint dependency bot autofix", "category": "Supply Chain Safety", "signal": "👎", "defaultAction": "warn", "severity": "high", "pattern": "(dependabot|renovate|npm audit fix|pnpm audit|pip install -U|docker pull|cargo update)", "problem": "Requires a human-readable checkpoint before automated dependency updates expand the trusted code surface.", "roi": "Keeps dependency bots and package managers from silently widening blast radius during a supply-chain incident.", "rollout": "Start as warn mode for dependency PRs; promote to block for production services or privileged developer machines." }, { "id": "require-credential-exposure-assessment", "name": "Require credential exposure assessment", "category": "Supply Chain Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(secret|token|credential|api[_-]?key|ssh|npmrc|pypirc|docker\\/config).*(rotate|exposed|leak|incident|compromise)", "problem": "Forces an exposure assessment before an agent claims a supply-chain incident is resolved.", "roi": "Connects prevention with remediation: what credential lived where, who touched it, and whether rotation is required.", "rollout": "Use with incident-response runbooks and secrets scanner output from GitGuardian or internal tooling." }, { "id": "require-section-tree-before-multimodal-answer", "name": "Require section tree before multimodal answers", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(multimodal|image|chart|figure|table).*answer.*(missing|no).*section[_ -]?tree", "problem": "Blocks visual document answers when the agent has not preserved document hierarchy, section IDs, and source paths.", "roi": "Prevents multimodal RAG demos from becoming ungrounded image guessing while keeping costs lower than full multimodal embeddings.", "rollout": "Enable for PDF, report, support-doc, research-paper, and compliance workflows before agents answer with images." }, { "id": "require-image-pointer-grounding", "name": "Require image pointer grounding", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(image|figure|chart|diagram).*answer.*(missing|no).*pointer", "problem": "Requires every cited visual to carry a source document, parent section, and file path pointer.", "roi": "Turns proxy-pointer RAG structure into an auditable answer boundary instead of trusting visual similarity.", "rollout": "Start on any workflow that returns charts, figures, screenshots, or PDF images to users." }, { "id": "block-cross-document-image-leakage", "name": "Block cross-document image leakage", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "image_doc_id\\s*!=\\s*answer_doc_id|cross[_ -]?document.*image", "problem": "Stops agents from attaching a plausible visual from the wrong source document.", "roi": "Protects trust in buyer-facing document answers where one wrong chart or figure can invalidate the whole system.", "rollout": "Promote to block as soon as the ingestion pipeline records document IDs for image pointers." }, { "id": "checkpoint-vision-filter-for-visual-claims", "name": "Checkpoint vision filter for visual claims", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(visual|image|chart|figure).*claim.*(without|no).*vision[_ -]?filter", "problem": "Requires an optional vision-model sanity check before high-impact answers rely on visual content.", "roi": "Keeps the cheap text-pointer path fast while adding review only when the answer makes visual claims.", "rollout": "Use warn mode for low-risk docs and block mode for legal, financial, medical, or customer-facing visual answers." }, { "id": "require-rag-baseline-before-precision-tuning", "name": "Require RAG baseline before precision tuning", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(rag|retrieval|embedding).*(fine[- ]?tune|threshold|precision).*(missing|no).*(baseline|recall)", "problem": "Blocks embedding, threshold, or precision tuning when the agent has not preserved a retrieval baseline and recall check.", "roi": "Prevents a local precision improvement from silently degrading general retrieval quality across the agentic pipeline.", "rollout": "Require baseline recall@k, precision@k, and answer-with-evidence metrics before changing retrieval thresholds or embedding models." }, { "id": "require-two-stage-rag-verifier-for-structural-near-misses", "name": "Require two-stage RAG verifier for structural near misses", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(negation|role reversal|structural near[- ]?miss|compositional).*(without|no).*(verifier|rerank|second stage)", "problem": "Requires a token-level verifier, reranker, or second-stage check when retrieval must distinguish structurally similar but meaningfully different evidence.", "roi": "Catches the role-reversal and negation failures that vector similarity and keyword search can miss before downstream agents act.", "rollout": "Enable for legal, finance, compliance, support, and autonomous-agent workflows where wrong retrieval can trigger real actions." }, { "id": "checkpoint-rag-latency-precision-tradeoff", "name": "Checkpoint RAG latency and precision tradeoff", "category": "Document RAG Safety", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(rerank|verifier|cross[- ]?encoder|two[- ]?stage).*(latency|sla|budget)", "problem": "Requires an explicit latency budget before adding verifier or reranker stages to precision-sensitive retrieval.", "roi": "Keeps high-risk RAG workflows accurate without accidentally making production agents too slow or expensive to run.", "rollout": "Start in warn mode; promote to block when latency regressions exceed the workflow SLA." }, { "id": "require-director-journal-for-long-running-agent", "name": "Require director journal for long-running agent", "category": "Long-Running Agent Context", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(long[- ]?running|multi[- ]?agent|background agent).*(missing|no).*(director journal|working memory|structured memory)", "problem": "Blocks long-running agent work when the system relies on raw chat history instead of a structured working-memory journal.", "roi": "Prevents context-window bloat, compaction drift, and incoherent handoffs across hundreds of agent requests.", "rollout": "Enable for background agents, multi-agent investigations, revenue loops, and any workflow expected to span more than one session." }, { "id": "require-critic-review-for-agent-findings", "name": "Require critic review for agent findings", "category": "Long-Running Agent Context", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(finding|claim|expert report|agent summary).*(missing|no).*(critic|review|credibility|evidence score)", "problem": "Requires a critic pass with evidence inspection and credibility scoring before agent findings become shared truth.", "roi": "Stops invented or misinterpreted findings from becoming the memory that future agents build on.", "rollout": "Start with warn mode for summaries; promote to block for security, revenue, incident, and customer-facing findings." }, { "id": "checkpoint-critic-timeline-conflict-resolution", "name": "Checkpoint critic timeline conflict resolution", "category": "Long-Running Agent Context", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(timeline|memory|journal).*(conflict|duplicate|contradict|stale).*(without|no).*(resolution|credibility)", "problem": "Requires duplicate removal and source-strength conflict resolution before a long-running agent updates its timeline.", "roi": "Keeps long-lived agent memory coherent while preserving only the strongest evidence across rounds.", "rollout": "Use in warn mode for internal loops and block mode when the timeline feeds irreversible actions or external replies." }, { "id": "require-verifier-before-reasoning-compression", "name": "Require verifier before reasoning compression", "category": "Reasoning Efficiency Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(reasoning|chain|trace).*(compress|shorten|prune).*(without|no).*(verifier|accuracy|pass@1)", "problem": "Blocks reasoning-length compression when the workflow has not preserved verifier, accuracy, and rollback evidence.", "roi": "Saves tokens only when compressed reasoning still passes quality checks instead of trading correctness for shorter traces.", "rollout": "Enable for model-routing, benchmark, prompt-eval, and expensive agent workflows before shortening reasoning traces." }, { "id": "checkpoint-low-confidence-reasoning-steps", "name": "Checkpoint low-confidence reasoning steps", "category": "Reasoning Efficiency Safety", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(low[- ]?confidence|uncertain).*(step|reasoning).*(correct rollout|accepted answer)", "problem": "Requires inspection before low-confidence steps in otherwise successful reasoning become reinforced training or routing signal.", "roi": "Reduces brittle step-level learning where a correct final answer hides unstable intermediate reasoning.", "rollout": "Start as warn mode for prompt and model evals; promote to block when those traces update routing or fine-tuning data." }, { "id": "checkpoint-high-confidence-failed-rollout", "name": "Checkpoint high-confidence failed rollout", "category": "Reasoning Efficiency Safety", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(high[- ]?confidence|confident).*(failed|verifier failed|truncated).*(rollout|trace)", "problem": "Requires a verifier-error or truncation check before penalizing confident reasoning from failed rollouts.", "roi": "Prevents training or routing updates from punishing correct reasoning when the failure came from truncation or verifier noise.", "rollout": "Use for reasoning-compression experiments, evaluation harnesses, and DPO/RLHF export review." }, { "id": "require-hybrid-prefix-cache-coherence-eval", "name": "Require hybrid prefix cache coherence eval", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(deepseek|sparse attention|hybrid attention|prefix cache).*(missing|no).*(coherence|rollback|cache eval)", "problem": "Blocks hybrid sparse-attention serving changes when prefix cache lifetime, compressed KV reuse, and rollback behavior have not been verified.", "roi": "Prevents expensive long-context inference rollouts from reusing stale cache state or corrupting speculative decode paths.", "rollout": "Enable before raising context windows, switching cache implementations, or deploying ShadowRadix-style prefix caching." }, { "id": "checkpoint-speculative-decoding-acceptance", "name": "Checkpoint speculative decoding acceptance", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "warn", "severity": "high", "pattern": "(speculative|mtp|eagle).*(accept|rollback|draft).*(low|missing|unstable)", "problem": "Requires acceptance-rate, rollback, and correctness evidence before speculative decoding is treated as a production speedup.", "roi": "Avoids routing traffic to a faster-looking path that collapses acceptance length or hides draft-token correctness failures.", "rollout": "Start in warn mode for lab benchmarks; promote to block when speculation is enabled for customer traffic." }, { "id": "require-long-context-kv-offload-capacity-plan", "name": "Require long-context KV offload capacity plan", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(long context|1m token|kv cache|hisparse|cpu offload).*(missing|no).*(capacity|offload|memory budget)", "problem": "Blocks long-context serving rollouts when KV cache capacity, CPU offload, or memory budgets are not documented and benchmarked.", "roi": "Prevents GPU memory cliffs and surprise throughput regressions when agents send very large traces or document contexts.", "rollout": "Require for 128k+ context targets and any hosted inference path where batch size or context length can grow automatically." }, { "id": "require-rollout-routing-and-indexer-replay", "name": "Require rollout routing and indexer replay", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(rl|training|fine[- ]?tune|reward).*(missing|no).*(routing replay|indexer replay|train[- ]?inference drift)", "problem": "Blocks RL or fine-tuning updates when rollout routing, sparse indexer choices, and train-inference drift are not captured and replayed.", "roi": "Stops verified-RL experiments from optimizing against a different execution path than the one served during rollout.", "rollout": "Enable for any self-hosted model training, reward optimization, DPO export review, or policy update based on sparse-attention rollouts." }, { "id": "checkpoint-mixed-precision-determinism", "name": "Checkpoint mixed-precision determinism", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "warn", "severity": "high", "pattern": "(fp4|fp8|mixed precision|quant).*(nondeterministic|spike|drift|missing deterministic)", "problem": "Requires deterministic settings and sensitive FP32 path checks before mixed-precision inference or training results become routing evidence.", "roi": "Keeps FP4/FP8 savings from producing silent numerical drift, noisy KL spikes, or false benchmark confidence.", "rollout": "Start in warn mode for benchmarking and promote to block when mixed-precision results update routing, training, or customer-facing model choices." }, { "id": "checkpoint-long-context-throughput-regression", "name": "Checkpoint long-context throughput regression", "category": "Sparse Attention Runtime Safety", "signal": "👎", "defaultAction": "warn", "severity": "medium", "pattern": "(long context|decode throughput|tpot|latency).*(regression|drop|slowdown)", "problem": "Requires a measured throughput comparison before long-context runtime changes are treated as performance improvements.", "roi": "Prevents teams from adopting impressive-looking runtime changes that only work on narrow prompts or short contexts.", "rollout": "Use in CI benchmark jobs and model-routing reviews whenever context length, cache policy, or speculation settings change." }, { "id": "require-ai-gateway-control-plane", "name": "Require AI gateway control plane", "category": "AI Engineering Stack Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(model|llm|provider).*(direct key|api key|no gateway|bypass gateway)", "problem": "Blocks model-provider rollout when requests bypass a central gateway or proxy with cost, identity, provider, and retention controls.", "roi": "Prevents leaked keys, fragmented spend, and invisible model usage before agent adoption scales across the company.", "rollout": "Enable before adding new AI coding clients, model providers, or bring-your-own-key routes." }, { "id": "require-progressive-mcp-tool-discovery", "name": "Require progressive MCP tool discovery", "category": "AI Engineering Stack Safety", "signal": "👎", "defaultAction": "warn", "severity": "high", "pattern": "(mcp|tool schema|tool count).*(too many|context bloat|no code mode|no progressive discovery)", "problem": "Requires large MCP surfaces to expose a small search/execute or progressive-discovery interface instead of loading every tool schema into every prompt.", "roi": "Cuts token burn and context-window clutter while letting teams keep adding useful tools behind the portal.", "rollout": "Start warning above 20 tools; promote to block for high-volume clients or expensive frontier-model workflows." }, { "id": "require-agent-context-freshness", "name": "Require AGENTS.md and LLM wiki freshness", "category": "AI Engineering Stack Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(AGENTS\\.md|llm wiki|agent context).*(stale|missing|outdated|no owner|no test command)", "problem": "Blocks agent work when repository instructions, ownership, dependencies, test commands, or LLM wiki pages are missing or stale.", "roi": "Turns knowledge-base enthusiasm into reliable agent context instead of letting stale docs make plausible wrong changes.", "rollout": "Regenerate on repo topology changes and require review from the owning team before the context becomes canonical." }, { "id": "require-risk-tiered-ai-review", "name": "Require risk-tiered AI review", "category": "AI Engineering Stack Safety", "signal": "👎", "defaultAction": "block", "severity": "high", "pattern": "(merge|pull request|review).*(no ai reviewer|no severity|no rule id|no standards)", "problem": "Requires automated review to classify risk, cite standards-as-skills, and separate security, code quality, performance, docs, and release-impact findings.", "roi": "Makes AI review actionable and auditable, reducing merge churn while converting standards into reusable agent feedback.", "rollout": "Use lite review for trivial changes and full review for money, production, security, data, or customer-facing work." }, { "id": "require-sandboxed-background-agent-runtime", "name": "Require sandboxed background agent runtime", "category": "AI Engineering Stack Safety", "signal": "👎", "defaultAction": "block", "severity": "critical", "pattern": "(background agent|long running agent|autonomous agent).*(no sandbox|host machine|no durable session|no build log)", "problem": "Blocks background agents from cloning, building, testing, or publishing unless they run in an isolated durable environment with logs.", "roi": "Lets the team pursue unattended revenue and engineering workflows without turning local developer machines into the execution boundary.", "rollout": "Enable for every agent that can run tests, push branches, deploy, publish content, change billing, or touch customer data." } ] }