chore: add 17 operational rules and rule index
- Create .claude/rules/ with all 17 standard rule files (01-security through 17-document-imports) - Add Operational Rules section with Rule Index to .claude/CLAUDE.md
This commit is contained in:
Hibryda
parent
afc5a7f895
commit
b659a6a6bd
18 changed files with 373 additions and 0 deletions
17
.claude/rules/09-dependency-discipline.md
Normal file
17
.claude/rules/09-dependency-discipline.md
Normal file
|
|
@ -0,0 +1,17 @@
|
|||
# Dependency Discipline
|
||||
|
||||
Add dependencies only with explicit user consent.
|
||||
|
||||
## Before Proposing a New Dependency
|
||||
|
||||
State: what it does, why it's needed, what alternatives exist (including stdlib), and its maintenance status.
|
||||
|
||||
## Rules
|
||||
|
||||
- Prefer stdlib and existing project dependencies over new ones.
|
||||
- When a dependency is approved, document why in the commit message.
|
||||
- Pin versions explicitly. Avoid floating ranges (`^`, `~`, `*`) in production dependencies.
|
||||
- Commit lock files (package-lock.json, poetry.lock, Cargo.lock, go.sum). They enforce reproducible installs and pin transitive dependencies.
|
||||
- Audit transitive dependencies, not just direct ones — they are the primary supply chain attack vector.
|
||||
- Run vulnerability scanning in CI on every PR, not just periodically.
|
||||
- Regularly check for outdated or deprecated dependencies and flag them.
|
||||
Loading…
Add table
Add a link
Reference in a new issue