Rodin
4b96231b32
PR Ready Gate / clear-labels (pull_request) Successful in 2s
CI / test (pull_request) Successful in 15s
CI / review (anthropic--claude-4.6-sonnet, sonnet, SONNET_REVIEW_TOKEN) (pull_request) Successful in 28s
CI / review (gpt-5, security, SECURITY_REVIEW.md, SECURITY_REVIEW_TOKEN) (pull_request) Successful in 1m40s
CI / review (gpt-5, gpt, GPT_REVIEW_TOKEN) (pull_request) Successful in 1m48s
STRICT ALLOWLIST policy: Only packages explicitly listed in CONVENTIONS.md may be imported. No exceptions. ## Changes - Updates CONVENTIONS.md with strict allowlist language - Adds scripts/check-deps.sh to enforce the allowlist - Adds 'make check-deps' and 'make precommit' targets - CI will fail if any unapproved dependency is detected ## Approved packages - gopkg.in/yaml.v3 — YAML parsing - github.com/google/go-cmp — test comparisons ## Process for new dependencies 1. Open a PR that ONLY updates CONVENTIONS.md 2. Requires explicit approval from Aaron 3. After merge, a separate PR may use the package
47 lines
1.3 KiB
Markdown
47 lines
1.3 KiB
Markdown
# Conventions
|
|
|
|
## Language & Dependencies
|
|
|
|
- Target the latest stable Go release.
|
|
- **STRICT ALLOWLIST:** Only packages listed below may be imported. No exceptions.
|
|
|
|
### Approved Third-Party Packages
|
|
|
|
| Package | Use Case |
|
|
|---------|----------|
|
|
| `gopkg.in/yaml.v3` | YAML parsing (persona files, config) |
|
|
| `github.com/google/go-cmp` | Test comparisons (`cmp.Diff`) |
|
|
|
|
**Any import not in this table or the Go standard library is forbidden.**
|
|
|
|
To request a new dependency:
|
|
1. Open a PR that ONLY updates this table with justification
|
|
2. Requires explicit approval from Aaron
|
|
3. After merge, a separate PR may use the package
|
|
|
|
## Error Handling
|
|
|
|
- Return errors; never panic.
|
|
- Wrap errors with context using `fmt.Errorf("context: %w", err)`.
|
|
- Check all error returns.
|
|
|
|
## Testing
|
|
|
|
- Test every exported function.
|
|
- Use `net/http/httptest` for HTTP mocking.
|
|
- Table-driven tests where multiple inputs share the same assertion logic.
|
|
- Integration tests use build tags (`//go:build integration`).
|
|
|
|
## Style
|
|
|
|
- Keep functions short and focused.
|
|
- Prefer early returns over deep nesting.
|
|
- Meaningful variable names — no single-letter names outside loop indices.
|
|
- Comments explain *why*, not *what*.
|
|
|
|
## Process
|
|
|
|
- `go test ./...` must pass before commit.
|
|
- `go vet ./...` must pass before commit.
|
|
- Keep commits atomic and well-described.
|