From 8ee2bfd07369628c004a15765b0333ce2547948b Mon Sep 17 00:00:00 2001 From: Ben Schellenberger Date: Sun, 19 Apr 2026 02:32:53 -0400 Subject: [PATCH] docs: add shared agent and Bugbot guardrails - AGENTS.md: agentic guardrails (fresh tip, no force-push, verify before review) - .cursor/BUGBOT.md: global Bugbot expectations (latest head, behavior-first, CI) --- .cursor/BUGBOT.md | 10 ++++++++++ AGENTS.md | 15 +++++++++++++++ 2 files changed, 25 insertions(+) create mode 100644 .cursor/BUGBOT.md diff --git a/.cursor/BUGBOT.md b/.cursor/BUGBOT.md new file mode 100644 index 0000000..bba5d60 --- /dev/null +++ b/.cursor/BUGBOT.md @@ -0,0 +1,10 @@ +# Bugbot review guidance + +## Global expectations + +- **Latest head:** Assume the PR branch reflects the latest pushed commits; if review context looks stale relative to GitHub, refresh before commenting. +- **No force-push:** Do not suggest force-pushing shared branches as the default fix. +- **Prioritize behavior:** Flag correctness, security, compatibility, and API or contract risks ahead of style-only feedback unless style obscures a defect. +- **Trust CI:** When CI already enforces formatting or static analysis, avoid duplicating that noise in comments unless the check is wrong or misleading. + + diff --git a/AGENTS.md b/AGENTS.md index d2a6bf5..e23f616 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,5 +1,20 @@ # AGENTS.md +## Agentic guardrails + +These apply to human and automated contributors (including Cloud Agents). + +1. **Work from the latest branch tip** + Before you start work on a branch: `git fetch origin`, check it out, then `git merge --ff-only origin/` (or `git pull --ff-only` when upstream is configured). If you cannot fast-forward, stop and align with the repository's normal merge or rebase workflow. Do not silently work on a stale checkout. + +2. **Never force-push shared history** + Do not `git push --force`, `git push --force-with-lease`, or rewrite published branch history unless a maintainer explicitly authorizes that operation for the exact repository and branch. + +3. **Focused changes and verification** + Keep pull requests scoped; run this repository's standard build, test, and lint commands (see README, Makefile, or CLAUDE.md) before requesting review. + +--- + ## Cursor Cloud specific instructions This is a **pure Go test-utility library** with zero external dependencies beyond the Go toolchain and `git` CLI. There are no services, databases, or containers to start.