From 462b23cfc7a34dfca56c027d297674d5be1cc2f9 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Sun, 29 Mar 2026 10:16:00 +0000 Subject: [PATCH 01/14] choices --- AGENTS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/AGENTS.md b/AGENTS.md index 115db424..da075529 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -31,6 +31,7 @@ This project is a Copier template used to generate other copier templates. It is - When a test needs a fixture only for its side effects (not its return value), use `@pytest.mark.usefixtures(fixture_name.__name__)` instead of adding an unused parameter with a noqa comment - Use `__name__` instead of string literals when referencing functions/methods (e.g., `mocker.patch.object(MyClass, MyClass.method.__name__)`, `pytest.mark.usefixtures(my_fixture.__name__)`). This enables IDE refactoring tools to catch renames. - When using the faker library, prefer the pytest fixture (provided by the faker library) over instantiating instances of Faker. +- **Choosing between cassettes and mocks:** At the layer that directly wraps an external API or service, strongly prefer VCR cassette-recorded interactions (via pytest-recording/vcrpy) — they capture real HTTP traffic and verify the wire format, catching integration issues that mocks would miss. At layers above that (e.g. business logic, route handlers), mock the wrapper layer instead (e.g. `mocker.patch.object(ThresholdsRepository, ...)`) — there is no value in re-testing the HTTP interaction from higher up. - **Never hand-write VCR cassette YAML files.** Cassettes must be recorded from real HTTP interactions by running the test once with `--record-mode=once` against a live external service: `uv run pytest --record-mode=once --no-cov`. The default mode is `none` — a missing cassette will cause an error, which is expected until recorded. - **Never hand-edit syrupy snapshot files.** Snapshots are auto-generated — to create or update them, run `uv run pytest --snapshot-update --no-cov`. A missing snapshot causes the test to fail, which is expected until you run with `--snapshot-update`. When a snapshot mismatch occurs, fix the code if the change was unintentional; run `--snapshot-update` if it was intentional. - **Never hand-write or hand-edit pytest-reserial `.jsonl` recording files.** Recordings must be captured from real serial port traffic by running the test with `--record` while the device is connected: `uv run pytest --record --no-cov`. The default mode replays recordings — a missing recording causes an error, which is expected until recorded against a live device. From 2045356fbb562e3f3771213c3258930323b32379 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Sun, 29 Mar 2026 14:48:50 +0000 Subject: [PATCH 02/14] ghperms --- .claude/settings/permissions/bash.jsonc | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/.claude/settings/permissions/bash.jsonc b/.claude/settings/permissions/bash.jsonc index 92caa8a2..8fb4d7ce 100644 --- a/.claude/settings/permissions/bash.jsonc +++ b/.claude/settings/permissions/bash.jsonc @@ -74,9 +74,15 @@ "Bash(tail *)", // Search "Bash(rg *)", + // Research + "Bash(gh issue list *)", ], "ask": [ - "Bash(gh *)", // let's hold off before we let it use the github CLI in any free running allow mode...I don't want it somehow approving PRs with the user's credentials + // let's hold off before we let it use the github CLI in any free running allow mode...I don't want it somehow approving PRs with the user's credentials + "Bash(gh repo *)", + "Bash(gh release *)", + "Bash(gh secret *)", + "Bash(gh ruleset *)", "Bash(aws *)", // let's hold off before we let it use AWS CLI in any free running allow mode. We need to be very sure we don't have any access to staging or production credentials in our dev environment (...which we shouldn't...but we need to double check that or consider any other safeguards first) "Bash(curl *)", "Bash(ln *)", @@ -85,6 +91,9 @@ "deny": [ // Exceptions to generally allowed AI tooling "Bash(bd init*)", // we need to control the init process, don't let AI do that in the background + // Github + "Bash(gh pr *)", // Claude should not ever interfere with the PR process, that is how we gate AI's work + // Destructive File Operations "Bash(chmod -R *)", "Bash(chown -R *)", From 2ae229c64c213d73c3cf7b63c68f93b776015140 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Sun, 29 Mar 2026 15:49:15 +0000 Subject: [PATCH 03/14] traget --- AGENTS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index da075529..a24a7ef7 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -17,7 +17,8 @@ This project is a Copier template used to generate other copier templates. It is ## Testing -- Always run tests with an explicit path (e.g. uv run pytest tests/unit) — test runners discover all types by default. +- Always run tests with an explicit path (e.g. uv run pytest tests/unit) — test runners discover all types (unit, integration, E2E...) by default. +- When iterating on a single test, run that test in isolation first and confirm it is in the expected state (red or green) before widening to the full suite. Use the most targeted invocation available: a specific test function for Python (e.g. `uv run pytest path/to/test.py::test_name --no-cov`) or a file path and name filter for TypeScript (e.g. `pnpm test-unit -- path/to/test.spec.ts -t "test name" --no-coverage`). Only run the full suite once the target test behaves as expected. - Test coverage requirements are usually at 100%, so when running a subset of tests, always disable test coverage to avoid the test run failing for insufficient coverage. - Avoid magic values in comparisons in tests in all languages (like ruff rule PLR2004 specifies) - Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. For enums, pick randomly rather than hardcoding one value. From 20c36e2bfc5c52ed77f3f72d966c9793ce897243 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 10:35:22 +0000 Subject: [PATCH 04/14] deps --- .devcontainer/devcontainer.json | 2 +- .devcontainer/manual-setup-deps.py | 16 ++++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 4922e7cb..57b1efde 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -75,5 +75,5 @@ "initializeCommand": "sh .devcontainer/initialize-command.sh", "onCreateCommand": "sh .devcontainer/on-create-command.sh", "postStartCommand": "sh .devcontainer/post-start-command.sh" - // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 01a288c4 # spellchecker:disable-line + // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 30cb3570 # spellchecker:disable-line } diff --git a/.devcontainer/manual-setup-deps.py b/.devcontainer/manual-setup-deps.py index 6f6fe0d8..3035d636 100644 --- a/.devcontainer/manual-setup-deps.py +++ b/.devcontainer/manual-setup-deps.py @@ -44,6 +44,12 @@ default=False, help="Allow uv to install new versions of Python on the fly. This is typically only needed when instantiating the copier template.", ) +_ = parser.add_argument( + "--skip-installing-pulumi-cli", + action="store_true", + default=False, + help="Do not install the Pulumi CLI even if the lock file references it", +) class PackageManager(str, enum.Enum): @@ -127,6 +133,16 @@ def main(): check=True, env=uv_env, ) + if ( + not args.skip_installing_pulumi_cli + and platform.system() == "Linux" + and env.lock_file.exists() + and '"pulumi"' in env.lock_file.read_text() + ): + _ = subprocess.run( + ["sh", str(REPO_ROOT_DIR / ".devcontainer" / "install-pulumi-cli.sh"), str(env.lock_file)], + check=True, + ) elif env.package_manager == PackageManager.PNPM: pnpm_command = ["pnpm", "install", "--dir", str(env.path)] if env_check_lock: From c38d15fa96732dd042349dd53bc65e1bb31399a6 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 10:40:04 +0000 Subject: [PATCH 05/14] action --- .../.github/actions/install_deps/action.yml.jinja-base | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/template/.github/actions/install_deps/action.yml.jinja-base b/template/.github/actions/install_deps/action.yml.jinja-base index 5068c331..c21e92b7 100644 --- a/template/.github/actions/install_deps/action.yml.jinja-base +++ b/template/.github/actions/install_deps/action.yml.jinja-base @@ -44,6 +44,11 @@ inputs: description: Whether to skip updating the hash when running manual-setup-deps.py default: true required: false + skip-installing-pulumi-cli: + type: boolean + description: Whether to skip installing the Pulumi CLI even if the lock file references it + default: true + required: false runs: @@ -83,5 +88,5 @@ runs: - name: Install dependencies # the funky syntax is github action ternary if: ${{ inputs.install-deps }} - run: python .devcontainer/manual-setup-deps.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }} ${{ inputs.skip-updating-devcontainer-hash && '--skip-updating-devcontainer-hash' || '' }} + run: python .devcontainer/manual-setup-deps.py ${{ inputs.python-version == 'notUsing' && '--no-python' || '' }} ${{ inputs.node-version == 'notUsing' && '--no-node' || '' }} ${{ inputs.skip-updating-devcontainer-hash && '--skip-updating-devcontainer-hash' || '' }} ${{ inputs.skip-installing-pulumi-cli && '--skip-installing-pulumi-cli' || '' }} shell: pwsh{% endraw %} From 4da21c79c401b3865213e172ff03dfd8b2a77526 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 10:41:03 +0000 Subject: [PATCH 06/14] precommit --- template/.github/workflows/pre-commit.yaml.jinja-base | 1 + 1 file changed, 1 insertion(+) diff --git a/template/.github/workflows/pre-commit.yaml.jinja-base b/template/.github/workflows/pre-commit.yaml.jinja-base index 1a9c838b..7f590bb6 100644 --- a/template/.github/workflows/pre-commit.yaml.jinja-base +++ b/template/.github/workflows/pre-commit.yaml.jinja-base @@ -50,6 +50,7 @@ jobs: python-version: ${{ inputs.python-version }} node-version: ${{ inputs.node-version }} skip-installing-ssm-plugin-manager: true + skip-installing-pulumi-cli: true - name: Set up mutex # Github concurrency management is horrible, things get arbitrarily cancelled if queued up. So using mutex until github fixes itself. When multiple jobs are modifying cache at once, weird things can happen. possible issue is https://github.com/actions/toolkit/issues/658 if: ${{ runner.os != 'Windows' }} # we're just gonna have to YOLO on Windows, because this action doesn't support it yet https://github.com/ben-z/gh-action-mutex/issues/14 From 6819bcf82859b10789adbc052e3fd54b3f6806f6 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 10:48:04 +0000 Subject: [PATCH 07/14] comment --- ...f template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base | 1 + 1 file changed, 1 insertion(+) diff --git a/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base b/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base index b924c600..5230218e 100644 --- a/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base +++ b/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base @@ -122,6 +122,7 @@ jobs: uses: ./.github/actions/install_deps with: python-version: ${{ inputs.PYTHON_VERSION }} + skip-installing-pulumi-cli: true # at the moment, we're more specifically installing the Pulumi CLI just in the target direction inside the pulumi_ephemeral_deploy action - name: Download Artifact uses: actions/download-artifact@{% endraw %}{{ gha_download_artifact }}{% raw %} From eea3fe8ccca9be31c36fe7c410ad95f1855d6445 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 11:03:03 +0000 Subject: [PATCH 08/14] lock --- .claude/settings/permissions/bash.jsonc | 10 +++++++++- .devcontainer/devcontainer.json | 2 +- .devcontainer/manual-setup-deps.py | 3 ++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.claude/settings/permissions/bash.jsonc b/.claude/settings/permissions/bash.jsonc index 8fb4d7ce..a6dca2ce 100644 --- a/.claude/settings/permissions/bash.jsonc +++ b/.claude/settings/permissions/bash.jsonc @@ -76,6 +76,8 @@ "Bash(rg *)", // Research "Bash(gh issue list *)", + "Bash(gh pr view *)", + "Bash(gh pr diff *)" ], "ask": [ // let's hold off before we let it use the github CLI in any free running allow mode...I don't want it somehow approving PRs with the user's credentials @@ -92,7 +94,13 @@ // Exceptions to generally allowed AI tooling "Bash(bd init*)", // we need to control the init process, don't let AI do that in the background // Github - "Bash(gh pr *)", // Claude should not ever interfere with the PR process, that is how we gate AI's work + // Claude should not ever interfere with the PR process, that is how we gate AI's work + "Bash(gh pr create *)", + "Bash(gh pr edit *)", + "Bash(gh pr ready *)", + "Bash(gh pr review *)", + "Bash(gh pr merge *)", + "Bash(gh pr close *)", // Destructive File Operations "Bash(chmod -R *)", diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 57b1efde..78f871bc 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -75,5 +75,5 @@ "initializeCommand": "sh .devcontainer/initialize-command.sh", "onCreateCommand": "sh .devcontainer/on-create-command.sh", "postStartCommand": "sh .devcontainer/post-start-command.sh" - // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 30cb3570 # spellchecker:disable-line + // Devcontainer context hash (do not manually edit this, it's managed by a pre-commit hook): 5ecc43b1 # spellchecker:disable-line } diff --git a/.devcontainer/manual-setup-deps.py b/.devcontainer/manual-setup-deps.py index 3035d636..53e59e1b 100644 --- a/.devcontainer/manual-setup-deps.py +++ b/.devcontainer/manual-setup-deps.py @@ -134,7 +134,8 @@ def main(): env=uv_env, ) if ( - not args.skip_installing_pulumi_cli + not generate_lock_file_only + and not args.skip_installing_pulumi_cli and platform.system() == "Linux" and env.lock_file.exists() and '"pulumi"' in env.lock_file.read_text() From 7dc142b606708049db7e7527480c0cf0065a1b45 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 11:06:29 +0000 Subject: [PATCH 09/14] chained --- AGENTS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/AGENTS.md b/AGENTS.md index a24a7ef7..713b9c93 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -52,6 +52,7 @@ This project is a Copier template used to generate other copier templates. It is - For linting and type-checking, prefer `pre-commit run ` over invoking tools directly — this matches the permission allow-list and mirrors what CI runs. Key hook IDs: `typescript-check`, `eslint`, `pyright`, `ruff`, `ruff-format`. - Never rely on IDE diagnostics for ruff warnings — the IDE may not respect the project's ruff.toml config. Run `pre-commit run ruff -a` to get accurate results. - When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use absolute paths instead of `cd` to avoid needing to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts +- Never use `pnpm --prefix ` or `uv --directory ` to target a different directory — these flags break the permission allow-list matcher the same way chained `cd &&` commands do. Instead, rely on the working directory already being correct (the cwd persists between Bash tool calls), or issue a plain `cd ` as a separate prior tool call to reposition before running the command. - Never use backslash line continuations in shell commands — always write the full command on a single line. Backslashes break the permission allow-list matcher. - **Never manually edit files in any `generated/` folder.** These files are produced by codegen tooling (typically Kiota) and any manual changes will be overwritten. If a generated file needs to change, update the source (e.g. the OpenAPI schema) and re-run the generator. From 469f0ce42ee2007cdd97725020a3c04be2307d94 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 12:28:13 +0000 Subject: [PATCH 10/14] whitespcae --- AGENTS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index 713b9c93..bee931ca 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -18,7 +18,7 @@ This project is a Copier template used to generate other copier templates. It is ## Testing - Always run tests with an explicit path (e.g. uv run pytest tests/unit) — test runners discover all types (unit, integration, E2E...) by default. -- When iterating on a single test, run that test in isolation first and confirm it is in the expected state (red or green) before widening to the full suite. Use the most targeted invocation available: a specific test function for Python (e.g. `uv run pytest path/to/test.py::test_name --no-cov`) or a file path and name filter for TypeScript (e.g. `pnpm test-unit -- path/to/test.spec.ts -t "test name" --no-coverage`). Only run the full suite once the target test behaves as expected. +- When iterating on a single test, run that test in isolation first and confirm it is in the expected state (red or green) before widening to the full suite. Use the most targeted invocation available: a specific test function for Python (e.g. `uv run pytest path/to/test.py::test_name --no-cov`) or a file path and name filter for TypeScript (e.g. `pnpm test-unit -- path/to/test.spec.ts -t "test name" --no-coverage`). Only run the full suite once the target test behaves as expected. - Test coverage requirements are usually at 100%, so when running a subset of tests, always disable test coverage to avoid the test run failing for insufficient coverage. - Avoid magic values in comparisons in tests in all languages (like ruff rule PLR2004 specifies) - Prefer using random values in tests rather than arbitrary ones (e.g. the faker library, uuids, random.randint) when possible. For enums, pick randomly rather than hardcoding one value. @@ -27,7 +27,7 @@ This project is a Copier template used to generate other copier templates. It is ### Python Testing -- When using `mocker.spy` on a class-level method (including inherited ones), the spy records the unbound call, so assertions need `ANY` as the first argument to match self: `spy.assert_called_once_with(ANY, expected_arg)` +- When using `mocker.spy` on a class-level method (including inherited ones), the spy records the unbound call, so assertions need `ANY` as the first argument to match self: `spy.assert_called_once_with(ANY, expected_arg)` - Before writing new mock/spy helpers, check the `tests/unit/` folder for pre-built helpers in files like `fixtures.py` or `*mocks.py` - When a test needs a fixture only for its side effects (not its return value), use `@pytest.mark.usefixtures(fixture_name.__name__)` instead of adding an unused parameter with a noqa comment - Use `__name__` instead of string literals when referencing functions/methods (e.g., `mocker.patch.object(MyClass, MyClass.method.__name__)`, `pytest.mark.usefixtures(my_fixture.__name__)`). This enables IDE refactoring tools to catch renames. From 23e880f25bdd8b8817f27a8d0547123efcd9c633 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 12:35:53 +0000 Subject: [PATCH 11/14] reconcile --- AGENTS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index bee931ca..bf9870ef 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -51,7 +51,7 @@ This project is a Copier template used to generate other copier templates. It is - For frontend tests, run commands via `pnpm` scripts from `frontend/package.json` — never invoke tools directly (not pnpm exec , npx , etc.). ✅ pnpm test-unit ❌ pnpm vitest ... or npx vitest ... - For linting and type-checking, prefer `pre-commit run ` over invoking tools directly — this matches the permission allow-list and mirrors what CI runs. Key hook IDs: `typescript-check`, `eslint`, `pyright`, `ruff`, `ruff-format`. - Never rely on IDE diagnostics for ruff warnings — the IDE may not respect the project's ruff.toml config. Run `pre-commit run ruff -a` to get accurate results. -- When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use absolute paths instead of `cd` to avoid needing to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts +- When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use `cd` to change to the directory you want before running the command, avaiding the need to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts - Never use `pnpm --prefix ` or `uv --directory ` to target a different directory — these flags break the permission allow-list matcher the same way chained `cd &&` commands do. Instead, rely on the working directory already being correct (the cwd persists between Bash tool calls), or issue a plain `cd ` as a separate prior tool call to reposition before running the command. - Never use backslash line continuations in shell commands — always write the full command on a single line. Backslashes break the permission allow-list matcher. - **Never manually edit files in any `generated/` folder.** These files are produced by codegen tooling (typically Kiota) and any manual changes will be overwritten. If a generated file needs to change, update the source (e.g. the OpenAPI schema) and re-run the generator. From aa2388a2513dccea407d4520355a049e371f8b1c Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 12:38:41 +0000 Subject: [PATCH 12/14] typo --- ... template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base b/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base index 5230218e..eedb3f5f 100644 --- a/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base +++ b/template/template/.github/workflows/{% if template_uses_pulumi %}pulumi-aws.yml{% endif %}.jinja-base @@ -122,7 +122,7 @@ jobs: uses: ./.github/actions/install_deps with: python-version: ${{ inputs.PYTHON_VERSION }} - skip-installing-pulumi-cli: true # at the moment, we're more specifically installing the Pulumi CLI just in the target direction inside the pulumi_ephemeral_deploy action + skip-installing-pulumi-cli: true # at the moment, we're more specifically installing the Pulumi CLI just in the target directory inside the pulumi_ephemeral_deploy action - name: Download Artifact uses: actions/download-artifact@{% endraw %}{{ gha_download_artifact }}{% raw %} From f0905e6edca8e1c8f8fabe6678e1b37860becbce Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 12:39:38 +0000 Subject: [PATCH 13/14] more deny --- .claude/settings/permissions/bash.jsonc | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.claude/settings/permissions/bash.jsonc b/.claude/settings/permissions/bash.jsonc index a6dca2ce..bdf27717 100644 --- a/.claude/settings/permissions/bash.jsonc +++ b/.claude/settings/permissions/bash.jsonc @@ -101,6 +101,8 @@ "Bash(gh pr review *)", "Bash(gh pr merge *)", "Bash(gh pr close *)", + "Bash(gh pr comment *)", + "Bash(gh pr update-branch *)", // Destructive File Operations "Bash(chmod -R *)", From 53495f38c1e9201c91f22bc17257cc3d956cd3b7 Mon Sep 17 00:00:00 2001 From: Eli Fine Date: Mon, 30 Mar 2026 12:48:26 +0000 Subject: [PATCH 14/14] typo --- AGENTS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AGENTS.md b/AGENTS.md index bf9870ef..6c9e9f64 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -51,7 +51,7 @@ This project is a Copier template used to generate other copier templates. It is - For frontend tests, run commands via `pnpm` scripts from `frontend/package.json` — never invoke tools directly (not pnpm exec , npx , etc.). ✅ pnpm test-unit ❌ pnpm vitest ... or npx vitest ... - For linting and type-checking, prefer `pre-commit run ` over invoking tools directly — this matches the permission allow-list and mirrors what CI runs. Key hook IDs: `typescript-check`, `eslint`, `pyright`, `ruff`, `ruff-format`. - Never rely on IDE diagnostics for ruff warnings — the IDE may not respect the project's ruff.toml config. Run `pre-commit run ruff -a` to get accurate results. -- When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use `cd` to change to the directory you want before running the command, avaiding the need to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts +- When running terminal commands, execute exactly one command per tool call. Do not chain commands with &&, ||, ;, or & — this prohibition has no exceptions, even for `cd && ...` patterns. Use `cd` to change to the directory you want before running the command, avoiding the need to chain. Pipes (|) are allowed for output transformation (e.g., head, tail, grep). If two sequential commands are needed, run them in separate tool calls. Chained commands break the permission allow-list matcher and cause unnecessary permission prompts - Never use `pnpm --prefix ` or `uv --directory ` to target a different directory — these flags break the permission allow-list matcher the same way chained `cd &&` commands do. Instead, rely on the working directory already being correct (the cwd persists between Bash tool calls), or issue a plain `cd ` as a separate prior tool call to reposition before running the command. - Never use backslash line continuations in shell commands — always write the full command on a single line. Backslashes break the permission allow-list matcher. - **Never manually edit files in any `generated/` folder.** These files are produced by codegen tooling (typically Kiota) and any manual changes will be overwritten. If a generated file needs to change, update the source (e.g. the OpenAPI schema) and re-run the generator.