一键导入
golden-principles
Agent-first operating principles adapted from Harness Engineering philosophy. The 10 invariants that govern how agents work in this repository.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
菜单
Agent-first operating principles adapted from Harness Engineering philosophy. The 10 invariants that govern how agents work in this repository.
用 Codex 或 Claude 帮你安装 复制这段 Prompt,粘贴到 Codex、Claude 或其他助手里,让它检查 Skill 页面并帮你完成安装。
基于 SOC 职业分类
Creates Azure Architecture Decision Records (ADRs) with WAF mapping, alternatives, consequences, and implementation guidance; use for architecture decision documentation requests.
Defines canonical artifact templates, H2 structures, and documentation styling rules for agent outputs (Steps 1-7); use for artifact generation, formatting, and template compliance.
Provides Azure defaults for naming, regions, tags, AVM-first modules, security baselines, WAF criteria, governance discovery, and pricing guidance across all agents.
Azure resource troubleshooting patterns including KQL templates, metric thresholds, health checks, and remediation playbooks. Use when diagnosing unhealthy Azure resources or building diagnostic workflows.
Maintains repository documentation accuracy and freshness; use for doc updates, agent or skill changes, staleness checks, changelog entries, and repo explanation requests.
Handles GitHub issues, pull requests, repositories, Actions, releases, and API tasks using MCP-first workflows with gh CLI fallback for advanced operations.
| name | golden-principles |
| description | Agent-first operating principles adapted from Harness Engineering philosophy. The 10 invariants that govern how agents work in this repository. |
These 10 principles govern how every agent operates in this repository. They are adapted from the Harness Engineering philosophy for agent-driven infrastructure development.
All context must live in-repo, not in external docs or chat history.
If knowledge isn't committed to the repository, it doesn't exist for agents.
Agent outputs go to agent-output/, decisions go to ADRs, conventions go to
skills and instructions.
Test: Can a new agent session reconstruct full project context from repo files alone?
Instructions point to deeper sources; never dump everything into context.
AGENTS.md is the table of contents. Skills hold deep knowledge. Instructions
enforce rules. No single file should try to be comprehensive.
Test: Does each context-loaded file stay under 200 lines? Does it point to deeper sources rather than inline them?
Set strict boundaries but allow autonomous expression within them. Enforce WHAT must be true (TLS 1.2, AVM-first, governance compliance), not HOW to achieve it. Agents choose their implementation path within the invariant envelope.
Test: Are rules expressed as constraints ("MUST use managed identity") rather than scripts ("first create identity, then assign role...")?
Validate inputs and outputs at module edges, not in the middle. Each workflow step validates its prerequisites exist and its outputs conform to templates. Internal logic is the agent's domain.
Test: Does each agent check for required input artifacts before starting? Does each output pass artifact template validation?
Prefer Azure Verified Modules over hand-rolled Bicep. Apply the security baseline (TLS 1.2, HTTPS-only, managed identity, no public blob access) to every resource without exception. These are non-negotiable invariants, not suggestions.
Test: Is every resource checked against AVM availability before coding? Does every resource include the security baseline properties?
Prefer shared utilities over hand-rolled helpers.
Use the azure-defaults skill as the single source of truth for naming,
regions, tags, and service matrices. Use azure-artifacts templates as
the single source of truth for output structure. Don't reinvent.
Test: Are there duplicate conventions across agents? If yes, consolidate into the appropriate skill.
Review feedback becomes documentation, linter rules, or skill updates — not ad-hoc fixes. When a reviewer catches a pattern issue, the fix is to update the instruction or skill that should have prevented it.
Test: After receiving feedback, was the lesson encoded into a rule (instruction, skill, or validator) rather than just applied once?
Every token in the agent's context window must earn its keep.
Load skills progressively: golden-principles → azure-defaults →
task-specific skills. Don't load the full artifact template reference
when you only need one template. Use pointers over inline content.
Test: Does each agent load ≤ 5 instruction files? Are skills loaded on-demand rather than all at once?
Start small, point to deeper docs when needed.
AGENTS.md gives the overview. Skills give deep knowledge.
Instructions give enforcement rules. Templates give exact structure.
Each layer adds detail when the agent needs it.
Test: Can an agent complete a basic task by reading only AGENTS.md
and one skill? Does it only load more when needed?
If a rule can be a linter check, CI validation, or pre-commit hook,
make it one. Documentation is for humans; machines enforce rules.
The validate-artifact-templates.mjs script is more reliable than
a paragraph saying "use the correct H2 headings."
Test: For each documented rule, is there a corresponding validator
in scripts/ or package.json? If not, should there be?
azure-defaults