fix: add hard gates for manual docker build bypass and intake skipping
Post-mortem from website agent session that manually built/pushed Docker images instead of using existing Woodpecker CI pipelines. Root cause: agent skipped E2E intake because the task "felt simple." AGENTS.md hard gates 10-12: - Manual docker build/push FORBIDDEN when CI pipelines exist - MUST check for pipeline config before any build/deploy action - Load order and intake are NOT conditional on task complexity E2E-DELIVERY.md: - Complexity trap warning on intake section - Mandatory deployment surface check (step 3) with pipeline discovery - Expanded forbidden anti-patterns with Build/Deploy section Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -34,6 +34,9 @@ If any required file is missing, you MUST stop and report the missing file.
|
||||
7. For issue/PR/milestone operations, you MUST use Mosaic wrappers first (`~/.config/mosaic/tools/git/*.sh`).
|
||||
8. If any required wrapper command fails, status is `blocked`; report the exact failed wrapper command and stop.
|
||||
9. Do NOT stop at "PR created". Do NOT ask "should I merge?" Do NOT ask "should I close the issue?".
|
||||
10. Manual `docker build` / `docker push` for deployment is FORBIDDEN when CI/CD pipelines exist in the repository. CI is the ONLY canonical build path for container images.
|
||||
11. Before ANY build or deployment action, you MUST check for existing CI/CD pipeline configuration (`.woodpecker/`, `.woodpecker.yml`, `.github/workflows/`, etc.). If pipelines exist, use them — do not build locally.
|
||||
12. The mandatory load order and intake procedure are NOT conditional on perceived task complexity. A "simple" commit-push-deploy task has the same procedural requirements as a multi-file feature. Skipping intake because a task "seems simple" is the most common framework violation.
|
||||
|
||||
## Non-Negotiable Operating Rules
|
||||
|
||||
|
||||
@@ -34,16 +34,19 @@ First response MUST declare mode before tool calls or implementation steps:
|
||||
|
||||
## 2. Intake and Scope
|
||||
|
||||
> **COMPLEXITY TRAP WARNING:** Intake applies to ALL tasks regardless of perceived complexity. "Simple" tasks (commit, push, deploy) have caused the most severe framework violations because agents skip intake when they pattern-match a task as mechanical. The procedure is unconditional.
|
||||
|
||||
1. Define scope, constraints, and acceptance criteria.
|
||||
2. Identify affected surfaces (API, DB, UI, infra, auth, CI/CD, docs).
|
||||
3. Identify required guides and load them before implementation.
|
||||
4. For code/API/auth/infra changes, load `~/.config/mosaic/guides/DOCUMENTATION.md`.
|
||||
5. Determine budget constraints:
|
||||
3. **Deployment surface check (MANDATORY if task involves deploy, images, or containers):** Before ANY build or deploy action, check for CI/CD pipeline config (`.woodpecker/`, `.woodpecker.yml`, `.github/workflows/`). If pipelines exist, CI is the canonical build path — manual `docker build`/`docker push` is forbidden. Load `~/.config/mosaic/guides/ci-cd-pipelines.md` immediately.
|
||||
4. Identify required guides and load them before implementation.
|
||||
5. For code/API/auth/infra changes, load `~/.config/mosaic/guides/DOCUMENTATION.md`.
|
||||
6. Determine budget constraints:
|
||||
- if the user provided a plan limit or token budget, treat it as a HARD cap,
|
||||
- if budget is unknown, derive a working budget from estimates and runtime limits, then continue autonomously.
|
||||
6. Record budget assumptions and caps in the scratchpad before implementation starts.
|
||||
7. Track estimated vs used tokens per logical unit and adapt strategy to remain inside budget.
|
||||
8. If projected usage exceeds budget, auto-reduce scope/parallelism first; escalate only if cap still cannot be met.
|
||||
7. Record budget assumptions and caps in the scratchpad before implementation starts.
|
||||
8. Track estimated vs used tokens per logical unit and adapt strategy to remain inside budget.
|
||||
9. If projected usage exceeds budget, auto-reduce scope/parallelism first; escalate only if cap still cannot be met.
|
||||
|
||||
## 2a. Steered Autonomy (Lights-Out)
|
||||
|
||||
@@ -95,10 +98,17 @@ For implementation work, you MUST run this cycle in order:
|
||||
|
||||
### Forbidden Anti-Patterns
|
||||
|
||||
**PR/Merge:**
|
||||
1. Do NOT stop at "PR created" or "PR updated".
|
||||
2. Do NOT ask "should I merge?" for routine delivery PRs.
|
||||
3. Do NOT ask "should I close the issue?" after merge + green CI.
|
||||
|
||||
**Build/Deploy:**
|
||||
4. Do NOT run `docker build` or `docker push` locally to deploy images when CI/CD pipelines exist in the repository. CI is the ONLY canonical build path.
|
||||
5. Do NOT skip intake and surface identification because a task "seems simple." This is the #1 cause of framework violations.
|
||||
6. Do NOT deploy without first verifying whether CI/CD pipelines exist (`.woodpecker/`, `.woodpecker.yml`, `.github/workflows/`). If they exist, use them.
|
||||
7. If you are about to run `docker build` and have NOT loaded `ci-cd-pipelines.md`, STOP — you are violating the framework.
|
||||
|
||||
If any step fails, you MUST remediate and re-run from the relevant step before proceeding.
|
||||
If push-queue/merge-queue/PR merge/CI/issue closure fails, status is `blocked` (not complete) and you MUST report the exact failed wrapper command.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user