Our services always sit behind a TLS-terminating reverse proxy and
listen on plain HTTP. Updated the TLS subsection to state this as
policy rather than presenting it as one of two options.
New repos aren't HTTP services at creation time — these items only
make sense in EXISTING_REPO_CHECKLIST.md (for 1.0 prep) and in the
policy itself (REPO_POLICIES.md).
Add comprehensive security hardening requirements to REPO_POLICIES.md
that HTTP/web services must satisfy before tagging 1.0. Covers security
headers (HSTS, CSP, XFO, X-Content-Type-Options, Referrer-Policy,
Permissions-Policy), request/response limits, slowloris timeouts, rate
limiting on password auth, CSRF, session cookie security, reverse proxy
IP detection, CORS restrictions, and error handling.
Also add corresponding checklist sections to EXISTING_REPO_CHECKLIST.md
and NEW_REPO_CHECKLIST.md for verification during repo setup.
Add policy rule: build artifacts and code-derived data must not be committed to repos if they can be generated during the build process.
Notable exception: Go protobuf-generated files (`.pb.go`) may be committed because `go get` downloads source but does not execute build steps.
This addresses feedback from sneak/chat PR [#61](sneak/chat#61).
Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de>
Reviewed-on: #15
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
Updates LLM_PROSE_TELLS.md with three new patterns (two-clause compound sentence, almost-hedge, unnecessary contrast), the lol section with conversation excerpts, fixes for instances of these patterns throughout, and a bracket escaping fix for prettier idempotency. Checklist is now 24 items.
Co-authored-by: user <user@Mac.lan guest wan>
Reviewed-on: #8
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
Types should live alongside their implementations, not in separate
'types', 'domain', or 'models' packages. Type-only packages cause
alias imports and indicate poor package design.
Prompted by review feedback on upaas PR #126.
Split quickstart into separate repo-policy and code-style passes, clone
prompts repo once instead of per-command, and make each prompt
self-contained so agents don't need memory of prior runs.
- Add test requirement item to both checklists (must not be a no-op)
- Add .dockerignore template URL to Dockerfile items in both checklists
- Add REPO_POLICIES.md symlink in repo root pointing to prompts/
- Add comment to Makefile explaining why prettier flags are repeated
- Move title and last_modified to YAML front matter (all policy docs)
- Make all document sections H1, subsections H2
- Update version rule to reference front matter format
- Fix "our" → "your" typo in Go styleguide
- Fix Python styleguide numbering (2. → 1.)
- Fix README: "flat collection" → accurate description, remove stale TODO
- Remove Makefile items from code styleguides (repo stuff, not code),
add note linking to Repository Policies
- Change zerolog → slog in Go styleguide
- Fix JS styleguide npm reference: both work, but use make targets
- Drop .json from healthcheck path, add JSON content-type requirement
- Add Author/License to Go HTTP Server Conventions
- Convert hyperlinks to backtick URLs in checklists for consistency
- Add version/front matter to both checklists
- Add .golangci.yml from upaas as authoritative copy in this repo
- Update REPO_POLICIES.md to reference .golangci.yml by URL
- Add fetch URLs for all template files in both checklists:
.gitignore, .editorconfig, Makefile, .prettierrc, .prettierignore,
REPO_POLICIES.md, .golangci.yml, check.yml
- Rename REPO_POLICIES.md heading from "Development Policies" to
"Repository Policies" to distinguish from code styleguides
- Move version line above heading per convention
- Add scope statement and links to code styleguide documents
- Add missing Makefile and LICENSE to minimum files list
- Add version lines to all cross-project docs (CODE_STYLEGUIDE*.md,
GO_HTTP_SERVER_CONVENTIONS.md)
- Clean up CODE_STYLEGUIDE.md heading (was old repo name)
- Update EXISTING_REPO_CHECKLIST.md link text to match new heading
- All Dockerfiles must run make check as a build step
- Every repo needs a Gitea Actions workflow running docker build on push
- Greatly strengthen the hash-pinning rule: explicitly list all reference
types, ban curl|bash installs, mark as most important rule in document
- Add model .gitea/workflows/check.yml pinned by commit hash
