policy: no build artifacts in version control

2026-03-09 17:21:41 -07:00
1 changed files with 8 additions and 9 deletions
--- a/prompts/REPO_POLICIES.md
+++ b/prompts/REPO_POLICIES.md
@@ -1,6 +1,6 @@
 ---
 title: Repository Policies
-last_modified: 2026-03-10
+last_modified: 2026-03-09
 ---

 This document covers repository structure, tooling, and workflow standards. Code
@@ -92,20 +92,19 @@ style conventions are in separate documents:
 - Never commit secrets. `.env` files, credentials, API keys, and private keys
  must be in `.gitignore`. No exceptions.

- Build artifacts and code-derived data (compiled output, bundled JS, minified
-  CSS, generated code) must NOT be committed to the repository if they can be
-  generated during the build process. The Dockerfile or build system should
-  produce these artifacts at build time. Notable exception: Go
-  protobuf-generated files (`.pb.go`) may be committed because Go module
-  consumers use `go get` which downloads source code but does not execute build
-  steps.
-
 - `.gitignore` should be comprehensive from the start: OS files (`.DS_Store`),
  editor files (`.swp`, `*~`), language build artifacts, and `node_modules/`.
  Fetch the standard `.gitignore` from
  `https://git.eeqj.de/sneak/prompts/raw/branch/main/.gitignore` when setting up
  a new repo.

+- **No build artifacts in version control.** Code-derived data (compiled
+  bundles, minified output, generated assets) must never be committed to the
+  repository if it can be avoided. The build process (e.g. Dockerfile, Makefile)
+  should generate these at build time. Notable exception: Go protobuf generated
+  files (`.pb.go`) ARE committed because repos need to work with `go get`, which
+  downloads code but does not execute code generation.
+
 - Never use `git add -A` or `git add .`. Always stage files explicitly by name.

 - Never force-push to `main`.