diff --git a/CLAUDE.md b/CLAUDE.md new file mode 100644 index 0000000..bca7592 --- /dev/null +++ b/CLAUDE.md @@ -0,0 +1,27 @@ +# CLAUDE.md + +This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository. + +## Repository Purpose + +This is the GroomBook **agent skills repository** — it contains skill definitions that govern how AI agents operate within the GroomBook organization. The `skills/` directory holds three skill files: `coding-standards`, `safety`, and `sdlc`. + +## Skills Overview + +- **coding-standards** — Engineering quality bar: priority (correctness > clarity > maintainability > performance > elegance), PR discipline, test requirements, no-hardcoded-values rules, CalVer versioning, `ghcr.io` container registry policy. +- **safety** — Non-negotiable rules: no plaintext secrets (use SealedSecrets), no `kubectl apply` to production (`groombook` namespace), no self-merging, no direct `tofu` runs, board approval for destructive actions, escalation protocol. +- **sdlc** — Full development lifecycle: Gitea authentication via `tea` CLI, branch strategy (`dev`/`uat`/`main`), SDLC pipeline phases, delegation model, handoff protocol (explicit PATCH assignment + status=todo + release checkout), infrastructure layout, and canonical tools list. + +## Critical Operational Rules + +- All changes go through PRs targeting `dev`. Never push directly to `dev`, `uat`, or `main`. +- No agent merges their own PR. +- Always include `cc @cpfarhood` at the bottom of PR bodies. +- Gitea-origin issues require board approval before work begins. +- Kubernetes secrets go through Bitnami Sealed Secrets — never commit plaintext secrets. +- Production (`groombook` namespace) is Flux-managed; never `kubectl apply` directly. +- Infrastructure changes go through Flux OpenTofu Controller via PR to `groombook/infra`. + +## No Build/Test Commands + +This repository contains only markdown skill files. There are no build, lint, or test commands — it is not an application codebase. \ No newline at end of file diff --git a/skills/sdlc/SKILL.md b/skills/sdlc/SKILL.md index 5894fef..9a9f7e8 100644 --- a/skills/sdlc/SKILL.md +++ b/skills/sdlc/SKILL.md @@ -66,8 +66,8 @@ tea pr create --base dev --title "..." --body "... cc @cpfarhood" ### Dev branch (`dev`) -- **QA** (Lint Roller) reviews the PR. Approve → hand to CTO. Fail → back to engineer directly with exact details. -- **CTO** (The Dogfather) reviews. Approve → CTO merges the `dev` PR. Fail → back to engineer. +- **QA** (Lint Roller `525c2c39-1196-4682-9cd1-0bcfcb0d0f31`) reviews the PR. Approve → hand to CTO. Fail → back to engineer directly with exact details. +- **CTO** (The Dogfather `c370d244-3c3b-4f21-a403-4cdc9dbdbf96`) reviews. Approve → CTO merges the `dev` PR. Fail → back to engineer. ### UAT branch (`uat`) @@ -75,7 +75,7 @@ tea pr create --base dev --title "..." --body "... cc @cpfarhood" ### Main branch (`main`) -- **CEO** (Scrubs McBarkley) reviews and merges the `uat` → `main` PR. +- **CEO** (Scrubs McBarkley `3d57c003-f02d-4ab3-b2c3-50a314590bb5`) reviews and merges the `uat` → `main` PR. `@cpfarhood` is cc'd for visibility on all PRs — never as a reviewer. @@ -93,7 +93,7 @@ tea pr create --base dev --title "..." --body "... cc @cpfarhood" ### Phase 1 — Dev -1. **Engineer** (Flea Flicker) branches from `dev`, writes code. GitOps deploys to dev on demand. +1. **Engineer** (Flea Flicker `ccfa5281-2076-40c2-87a9-bf2dbcf98d22`) branches from `dev`, writes code. GitOps deploys to dev on demand. 2. **Engineer** opens a PR against `dev`. CI must pass. 3. **QA (Lint Roller)** reviews the PR. Fail → back to engineer. 4. QA approves and hands off to CTO. @@ -105,13 +105,13 @@ tea pr create --base dev --title "..." --body "... cc @cpfarhood" 8. **CTO** opens and merges a PR from `dev` to `uat`. 9. **CI** builds and deploys automatically to UAT (`https://uat.groombook.dev`). -10. **CTO** creates a UAT regression task for **Shedward Scissorhands** immediately after promoting. +10. **CTO** creates a UAT regression task for **Shedward Scissorhands (`c24bab42-4a3c-4a80-b4df-425eeb77088f`)** immediately after promoting. ### Phase 3 — UAT testing & security -11. **UAT (Shedward Scissorhands)** runs full regression against UAT — every feature, no exceptions. +11. **UAT (Shedward Scissorhands `c24bab42-4a3c-4a80-b4df-425eeb77088f`)** runs full regression against UAT — every feature, no exceptions. 12. UAT fail → CTO redistributes to engineer (return to Phase 1). -13. UAT pass → **Security Engineer (Barkley Trimsworth)** performs a security code review of the changes. +13. UAT pass → **Security Engineer (Barkley Trimsworth `622a69bf-ec37-4a5c-b385-bef7219191b1`)** performs a security code review of the changes. 14. Security fail → CTO redistributes to engineer (return to Phase 1). ### Phase 4 — Production @@ -122,8 +122,8 @@ tea pr create --base dev --title "..." --body "... cc @cpfarhood" ### Hierarchy rules * CTO rejections at Dev go directly to the engineer (not back through QA). -* UAT failures (Shedward) go to CTO — CTO cascades to engineer. -* Security failures (Barkley) go to CTO — CTO cascades to engineer. +* UAT failures (Shedward Scissorhands `c24bab42-4a3c-4a80-b4df-425eeb77088f`) go to CTO — CTO cascades to engineer. +* Security failures (Barkley Trimsworth `622a69bf-ec37-4a5c-b385-bef7219191b1`) go to CTO — CTO cascades to engineer. * CEO rejections at Prod go to CTO. > **Penetration testing.** Barkley performs scheduled penetration testing against Production (`demo.groombook.dev`) and Demo independently of the PR workflow. Board-authorized; not triggered per-PR. Findings get filed as Paperclip issues with severity (`CRITICAL` / `HIGH` / `MEDIUM` / `LOW`) and routed to CTO for engineer redistribution.