From 13aaada2adb2df56e3e3120f4014c7bbaf212754 Mon Sep 17 00:00:00 2001
From: rdwj <wjackson@redhat.com>
Date: Wed, 6 May 2026 16:38:45 -0500
Subject: [PATCH] Add .fips-template.yaml manifests for agent-loop and workflow
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Declares which paths in each template are template-managed (offered as
patches by `fips-agents patch`) and which belong to the user. The CLI
reads this file from the comparison root after cloning, before
computing drift in `fips-agents patch check`.

Both manifests carry the same categories the CLI currently has
hardcoded for agent / workflow project types (chart, docs, build,
claude, evals) plus the never_patch list, with two adjustments the
CLI fallback misses:

- `build` includes `.containerignore` and `.gitignore`. Both ship in
  the templates and are template-managed; without the manifest,
  changes to them never surface in `patch check`.

Loader behavior is described in
https://github.com/fips-agents/fips-agents-cli/issues/45 — when a
manifest is absent, malformed, or declares an unsupported
schema_version, the CLI falls back to its built-in category set,
so this change is non-breaking for older CLI installs.

Assisted-by: Claude Code (Opus 4.7)
---
 templates/agent-loop/.fips-template.yaml | 91 ++++++++++++++++++++++++
 templates/workflow/.fips-template.yaml   | 91 ++++++++++++++++++++++++
 2 files changed, 182 insertions(+)
 create mode 100644 templates/agent-loop/.fips-template.yaml
 create mode 100644 templates/workflow/.fips-template.yaml

diff --git a/templates/agent-loop/.fips-template.yaml b/templates/agent-loop/.fips-template.yaml
new file mode 100644
index 0000000..b51039f
--- /dev/null
+++ b/templates/agent-loop/.fips-template.yaml
@@ -0,0 +1,91 @@
+# fips-agents-cli template manifest.
+#
+# This file declares which paths in the agent-loop template are managed
+# by the template (and so should be offered as patches by `fips-agents
+# patch`) and which belong to the user. The CLI reads this file from
+# the comparison root after cloning, before computing drift in
+# `fips-agents patch check`.
+#
+# When this file is absent, malformed, or declares an unsupported
+# schema_version, the CLI falls back to its hardcoded category set
+# keyed by template.type. See:
+#   https://github.com/fips-agents/fips-agents-cli/issues/45
+
+schema_version: 1
+
+patch:
+  categories:
+
+    chart:
+      description: Helm chart templates
+      patterns:
+        - chart/templates/**/*
+        - chart/Chart.yaml
+      ask_before_patch: true
+
+    docs:
+      description: Documentation files
+      patterns:
+        - CLAUDE.md
+        - AGENTS.md
+        - docs/**/*
+      ask_before_patch: false
+
+    build:
+      description: Build and deployment files
+      patterns:
+        - Makefile
+        - Containerfile
+        - deploy.sh
+        - redeploy.sh
+        - .containerignore
+        - .gitignore
+      ask_before_patch: true
+
+    claude:
+      description: Claude Code slash commands and rules shipped with the template
+      patterns:
+        - .claude/commands/**/*
+        - .claude/rules/**/*
+      ask_before_patch: false
+
+    evals:
+      description: Evaluation harness (discovery, assertions, runner)
+      patterns:
+        - evals/__init__.py
+        - evals/assertions.py
+        - evals/discovery.py
+        - evals/mock_factory.py
+        - evals/run_evals.py
+        - evals/README.md
+      ask_before_patch: true
+
+  never_patch:
+    # User's agent implementation
+    - src/agent.py
+    # User's agent config (model, prompts, server settings)
+    - agent.yaml
+    # User's deploy values
+    - chart/values.yaml
+    # Vendored runtime — managed by `fips-agents vendor --update`
+    - src/fipsagents/**
+    # User-authored tools (target of `fips-agents add code-executor`)
+    - tools/**
+    # User-authored examples (target of `fips-agents add vision`)
+    - examples/**
+    # User-customized prompts / rules / skills
+    - prompts/**
+    - rules/**
+    - skills/**
+    # User-authored eval inputs
+    - evals/evals.yaml
+    - evals/fixtures/**
+    # Tests are user code
+    - tests/**/*.py
+    # Environment files
+    - .env*
+    # User-customized memory hub config
+    - .memoryhub.yaml
+    # User's README and pyproject
+    - README.md
+    - pyproject.toml
diff --git a/templates/workflow/.fips-template.yaml b/templates/workflow/.fips-template.yaml
new file mode 100644
index 0000000..61206e5
--- /dev/null
+++ b/templates/workflow/.fips-template.yaml
@@ -0,0 +1,91 @@
+# fips-agents-cli template manifest.
+#
+# This file declares which paths in the workflow template are managed
+# by the template (and so should be offered as patches by `fips-agents
+# patch`) and which belong to the user. The CLI reads this file from
+# the comparison root after cloning, before computing drift in
+# `fips-agents patch check`.
+#
+# When this file is absent, malformed, or declares an unsupported
+# schema_version, the CLI falls back to its hardcoded category set
+# keyed by template.type. See:
+#   https://github.com/fips-agents/fips-agents-cli/issues/45
+
+schema_version: 1
+
+patch:
+  categories:
+
+    chart:
+      description: Helm chart templates
+      patterns:
+        - chart/templates/**/*
+        - chart/Chart.yaml
+      ask_before_patch: true
+
+    docs:
+      description: Documentation files
+      patterns:
+        - CLAUDE.md
+        - AGENTS.md
+        - docs/**/*
+      ask_before_patch: false
+
+    build:
+      description: Build and deployment files
+      patterns:
+        - Makefile
+        - Containerfile
+        - deploy.sh
+        - redeploy.sh
+        - .containerignore
+        - .gitignore
+      ask_before_patch: true
+
+    claude:
+      description: Claude Code slash commands and rules shipped with the template
+      patterns:
+        - .claude/commands/**/*
+        - .claude/rules/**/*
+      ask_before_patch: false
+
+    evals:
+      description: Evaluation harness (discovery, assertions, runner)
+      patterns:
+        - evals/__init__.py
+        - evals/assertions.py
+        - evals/discovery.py
+        - evals/mock_factory.py
+        - evals/run_evals.py
+        - evals/README.md
+      ask_before_patch: true
+
+  never_patch:
+    # User's workflow implementation
+    - src/agent.py
+    # User's workflow config
+    - agent.yaml
+    # User's deploy values
+    - chart/values.yaml
+    # Vendored runtime — managed by `fips-agents vendor --update`
+    - src/fipsagents/**
+    # User-authored tools (target of `fips-agents add code-executor`)
+    - tools/**
+    # User-authored examples (target of `fips-agents add vision`)
+    - examples/**
+    # User-customized prompts / rules / skills
+    - prompts/**
+    - rules/**
+    - skills/**
+    # User-authored eval inputs
+    - evals/evals.yaml
+    - evals/fixtures/**
+    # Tests are user code
+    - tests/**/*.py
+    # Environment files
+    - .env*
+    # User-customized memory hub config
+    - .memoryhub.yaml
+    # User's README and pyproject
+    - README.md
+    - pyproject.toml