# AGENTS.md

This repository (`groombook/web`) is part of the GroomBook application stack. The
authoritative process, quality bar, and safety rules live in the shared
[`groombook/org`](https://git.farh.net/groombook/org) skills repository. Read
those first; this file is only a pointer.

## Authoritative skills

- **SDLC (branching, PRs, phases, handoffs):**
  [`groombook/org/skills/sdlc/SKILL.md`](https://git.farh.net/groombook/org/src/branch/main/skills/sdlc/SKILL.md)
- **Coding standards (priority ordering, PR discipline, tests, no-hardcoded-values, CalVer):**
  [`groombook/org/skills/coding-standards/SKILL.md`](https://git.farh.net/groombook/org/src/branch/main/skills/coding-standards/SKILL.md)
- **Safety (no plaintext secrets, no direct `kubectl apply` to `groombook`, no self-merge, board approval for destructive actions):**
  [`groombook/org/skills/safety/SKILL.md`](https://git.farh.net/groombook/org/src/branch/main/skills/safety/SKILL.md)

For human contributors and humans reviewing agent work, see
[`CONTRIBUTING.md`](./CONTRIBUTING.md) in this repo for the phase-by-phase PR
flow and the `uat→main` merge-gate policy summary.

## Non-negotiable operational rules

These mirror the org skills; they are restated here so any agent landing in
this repo sees them without a cross-repo fetch.

- **All changes go through a PR.** Never push directly to `dev`, `uat`, or `main`.
- **Branch strategy:** `feature/<name>` → `dev` → `uat` → `main`. Engineers
  always target `dev` first.
- **No self-merge contract.** The engineer who opened a PR clicks merge only
  after the named reviewer (CI / QA / UAT / Security / CTO per phase)
  approves. Issue-thread QA / UAT / security approvals do **not** clear the
  Gitea `required_approvals` gate on `uat→main` — only a Gitea **Approve**
  click from a member of the `approvals_whitelist_username` does. On this
  repo that whitelist is `["gb_flea", "gb_dogfather"]` (engineer team).
  Board-level accounts cannot give the Approve click by policy.
- **Always include `cc @cpfarhood`** at the bottom of every PR body for
  board visibility (not as a reviewer).
- **Secrets in code are forbidden.** Use Bitnami Sealed Secrets; never commit
  plaintext. See the `safety` skill.
- **Production (`groombook` namespace) is Flux-managed.** Never
  `kubectl apply` directly. Infrastructure changes go through PRs in
  `groombook/infra`.

## Local development

See the repo's own README, package scripts, and CI workflow. The
authoritative pipeline (Gitea Actions, image build, deploy hooks) is the
shared `groombook/infra` overlay; do not reimplement it here.

## When uncertain

If a task conflicts with the org skills, **the org skills win**. Open an
issue in `groombook/org` to propose a change rather than encoding a local
exception.