Skip to content

Add .fips-template.yaml to opt into fips-agents patch flow#39

Merged
rdwj merged 1 commit into
mainfrom
feat/fips-template-manifest
May 7, 2026
Merged

Add .fips-template.yaml to opt into fips-agents patch flow#39
rdwj merged 1 commit into
mainfrom
feat/fips-template-manifest

Conversation

@rdwj
Copy link
Copy Markdown
Contributor

@rdwj rdwj commented May 6, 2026

Companion PR to fips-agents/fips-agents-cli#48 (the manifest loader). After both merge, `fips-agents patch` will work for projects scaffolded from this template — it doesn't today, because the CLI's hardcoded fallback raises `ValueError` for the `gateway` project type.

What

Adds `.fips-template.yaml` at the repo root with `schema_version: 1`. Three categories declared:

  • `chart` — `chart/templates/**/*`, `chart/Chart.yaml` (ask before patch).
  • `docs` — `CLAUDE.md`, `llms.txt`, `docs/**/*`.
  • `build` — `Makefile`, `Containerfile`, `.containerignore`, `.gitignore` (ask before patch).

Plus a 13-entry `never_patch` list:

  • `cmd/`, `internal/` — user's Go code.
  • `go.mod`, `go.sum` — user's deps.
  • `chart/values.yaml` — user's deploy config.
  • `planning/`, `scripts/` — user-authored.
  • `bin/`, `build/` — build artifacts.
  • `**/*_test.go` — tests are user code.
  • `.env*`, `README.md`, `LICENSE`.

What this enables

After the CLI loader (fips-agents/fips-agents-cli#48) ships:

```bash
$ fips-agents patch check
Available Updates
┏━━━━━━━━━━┳━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Category ┃ Files Changed ┃ Description ┃
┡━━━━━━━━━━╇━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ build │ 1 │ Build and deployment files │
└──────────┴───────────────┴────────────────────────────┘
```

Today this same command crashes with `ValueError: Patching is not supported for project type 'gateway'`.

Compatibility

Older CLI installs that don't know about `.fips-template.yaml` continue to refuse `patch` for gateway projects exactly as before. The file is invisible to them, so this PR is non-breaking.

Test plan

  • Manifest parses cleanly through `fips_agents_cli.tools.patching._load_template_manifest` and `_categories_from_manifest` (validated locally against PR #48's loader).
  • `_resolve_categories` correctly returns the manifest's categories instead of raising.
  • No secrets detected by gitleaks.
  • After CLI #48 merges and ships in a release, scaffold a gateway project and run `patch check` against this template — should report drift only in chart/docs/build categories, never in cmd/ or internal/.

@rdwj
Add .fips-template.yaml to opt into fips-agents patch flow
5fefd26 
Without this manifest, the fips-agents-cli refuses to run
`fips-agents patch` against gateway projects — its
`get_categories_for_type` raises for gateway / ui / sandbox project
types because no hardcoded category set exists for them. The
presence of this file is what makes the patch flow work for
projects scaffolded from this template.

Schema: schema_version: 1, with three categories (chart, docs,
build) and a 13-entry never_patch list separating
template-managed scaffolding from the user's Go source, deploy
values, and helper scripts.

Categories deliberately match the names of CLI subcommands the user
already has (`fips-agents patch chart`, `patch docs`, `patch build`)
so a future agent / mcp / gateway user has the same muscle memory
across project types.

Companion to fips-agents/fips-agents-cli#48 (the loader). Older CLI
installs that don't know about .fips-template.yaml will simply
ignore the file — nothing breaks.

Assisted-by: Claude Code (Opus 4.7)
@rdwj rdwj merged commit 88dfc17 into main May 7, 2026
@rdwj rdwj deleted the feat/fips-template-manifest branch May 7, 2026 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rdwj