Skip to content

Add .fips-template.yaml manifests for agent-loop and workflow#162

Merged
rdwj merged 1 commit into
mainfrom
feat/fips-template-manifests
May 7, 2026
Merged

Add .fips-template.yaml manifests for agent-loop and workflow#162
rdwj merged 1 commit into
mainfrom
feat/fips-template-manifests

Conversation

@rdwj
Copy link
Copy Markdown
Contributor

@rdwj rdwj commented May 6, 2026

Companion PR to fips-agents/fips-agents-cli#48 (the CLI loader). After both merge, drift in this template's files surfaces in `fips-agents patch check` without needing a CLI release — the manifest is the source of truth.

What

Adds `.fips-template.yaml` at:

  • `templates/agent-loop/.fips-template.yaml`
  • `templates/workflow/.fips-template.yaml`

Both manifests declare `schema_version: 1` and a `patch:` block with five categories — `chart`, `docs`, `build`, `claude`, `evals` — plus a 16-entry `never_patch` list separating template-managed files from user-authored ones.

What changes vs. the CLI's hardcoded fallback

The categories largely mirror the CLI's `AGENT_FILE_CATEGORIES` constants, with two intentional additions to `build`:

  • `.containerignore` — both templates ship this; previously unpatchable.
  • `.gitignore` — same.

Everything else matches the constants 1-to-1 (after fips-agents/fips-agents-cli#43 + #46 land).

Compatibility

Older CLI installs that don't know about `.fips-template.yaml` will simply ignore the file — nothing breaks. The CLI loader (fips-agents/fips-agents-cli#48) falls back to its hardcoded categories when the manifest is absent, malformed, or uses an unknown `schema_version`. So this PR is safe to land before, after, or independently of the CLI PR stack.

Test plan

  • Both manifests parse cleanly through `fips_agents_cli.tools.patching._load_template_manifest` and `_categories_from_manifest` (validated locally against the loader from PR Markdown memory backend (#44 Phase A) #48).
  • No secrets detected by gitleaks.
  • After CLI Markdown memory backend (#44 Phase A) #48 merges and a release ships, scaffold a fresh agent project and confirm `patch check` reports `.containerignore` / `.gitignore` drift in `build` (which the constants miss).

@rdwj
Add .fips-template.yaml manifests for agent-loop and workflow
13aaada 
Declares which paths in each template are template-managed (offered as
patches by `fips-agents patch`) and which belong to the user. The CLI
reads this file from the comparison root after cloning, before
computing drift in `fips-agents patch check`.

Both manifests carry the same categories the CLI currently has
hardcoded for agent / workflow project types (chart, docs, build,
claude, evals) plus the never_patch list, with two adjustments the
CLI fallback misses:

- `build` includes `.containerignore` and `.gitignore`. Both ship in
  the templates and are template-managed; without the manifest,
  changes to them never surface in `patch check`.

Loader behavior is described in
fips-agents/fips-agents-cli#45 — when a
manifest is absent, malformed, or declares an unsupported
schema_version, the CLI falls back to its built-in category set,
so this change is non-breaking for older CLI installs.

Assisted-by: Claude Code (Opus 4.7)
@rdwj rdwj merged commit dfa1307 into main May 7, 2026
@rdwj rdwj deleted the feat/fips-template-manifests branch May 7, 2026 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rdwj