You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
.claude/rules/01-security.md — secrets/credentials/PII handling, dangerous commands (no curl | bash, no --no-verify, no force-push to main/master), never commit .env/credentials; notes the AAASM-3926 hard-enforcement scope boundary.
.claude/rules/02-git-workflow.md — branch naming, one worktree per ticket (stacked on a dependency's branch when one exists), atomic gitmoji commits, PR-only merges, PR title/body conventions.
.claude/rules/03-coding-standards.md — cross-repo standards; references (does not restate) CLAUDE.md's existing "document the WHY, not the WHAT" section; minimal/scoped changes, no unrequested refactors.
.claude/rules/04-agent-escalation.md — when an AI agent must stop and ask instead of guessing (uncertainty, blockers, hard-to-reverse actions), and how to phrase the escalation.
.claude/rules/05-context-boundary.md — secrets/credentials out of prompt/commit context; no leaking private-repo contents into public-repo artifacts.
.claude/rules/06-audit-trail.md — the existing lightweight traceability pattern (branch↔ticket, PR↔Jira link, start/PR-opened Jira comments) already used on AAASM-3938/3939/3940, documented rather than replaced with something heavier.
CLAUDE.md — one-line update so the "AI tooling" section no longer says .claude/rules/ is empty, now that AAASM-3941 populates it (.claude/skills/ remains pending AAASM-3942).
Validation
Content reviewed for accuracy
Links verified
No unintended scope changes
Checklist
PR title follows: [<ticket ID>] <GitEmoji> (<change scope category>): <key point as summary>
CI: Red, same org-wide Actions billing-block (see #25) — not caused by this change.
Scope vs ticket: Matches AAASM-3941's AC — all 6 rule files present (01-security … 06-audit-trail), framed as advisory guidance, with 01-security.md explicitly deferring hard-enforcement (settings.json allow/deny) to sibling Epic AAASM-3926 so the two Epics don't produce conflicting rule ownership. Verified via diff: zero files under .claude/skills/ touched (no overlap with #28, which ran in parallel).
Side effects: The one CLAUDE.md edit in this PR only rewords the sentence AAASM-3940 itself just added ("rules populated, skills still empty") — verified no pre-existing (pre-Epic) content touched.
Note for whoever merges this stack:#27 and #28 both edit that same CLAUDE.md sentence independently (diamond branches off #26, never merged into each other). Whichever of #27/#28 merges to master second will still show "skills still empty" or an equivalent stale claim once both have landed. Recommend a 1-line follow-up fixup commit on master right after both merge — trivial, not worth blocking either PR over.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jira Ticket
Summary
.claude/rules/with 6 advisory guidance files for AI-assisted development, per the org-level AI onboarding POC (Epic AAASM-3938). Depends on [AAASM-3939] 📝 (workspace): Add org-level AI workspace layout doc #25 and [AAASM-3940] ✨ (docs): Add org-level CLAUDE.md and AGENTS.md baseline #26 (stacked, not yet merged).Changes
.claude/rules/01-security.md— secrets/credentials/PII handling, dangerous commands (nocurl | bash, no--no-verify, no force-push to main/master), never commit.env/credentials; notes the AAASM-3926 hard-enforcement scope boundary..claude/rules/02-git-workflow.md— branch naming, one worktree per ticket (stacked on a dependency's branch when one exists), atomic gitmoji commits, PR-only merges, PR title/body conventions..claude/rules/03-coding-standards.md— cross-repo standards; references (does not restate)CLAUDE.md's existing "document the WHY, not the WHAT" section; minimal/scoped changes, no unrequested refactors..claude/rules/04-agent-escalation.md— when an AI agent must stop and ask instead of guessing (uncertainty, blockers, hard-to-reverse actions), and how to phrase the escalation..claude/rules/05-context-boundary.md— secrets/credentials out of prompt/commit context; no leaking private-repo contents into public-repo artifacts..claude/rules/06-audit-trail.md— the existing lightweight traceability pattern (branch↔ticket, PR↔Jira link, start/PR-opened Jira comments) already used on AAASM-3938/3939/3940, documented rather than replaced with something heavier.CLAUDE.md— one-line update so the "AI tooling" section no longer says.claude/rules/is empty, now that AAASM-3941 populates it (.claude/skills/remains pending AAASM-3942).Validation
Checklist
[<ticket ID>] <GitEmoji> (<change scope category>): <key point as summary>