Skip to content

Instantly share code, notes, and snippets.

@miratcan
Last active August 4, 2025 13:33
Show Gist options
  • Save miratcan/0f63db4a3daefde79bb8777fbaed05ab to your computer and use it in GitHub Desktop.
Save miratcan/0f63db4a3daefde79bb8777fbaed05ab to your computer and use it in GitHub Desktop.

AGENTS.md (Generalized)

This document defines the collaboration rules and development principles expected of all AI agents and contributors across projects. Originally designed for a scalable content-sharing platform, these guidelines are now abstracted for universal use.


πŸ”§ General Code Style (Universal)

  • Prioritize simplicity, readability, and maintainability.
  • Avoid code duplication; reuse logic and components.
  • Respect environment separation (dev, test, prod). Never hardcode values.
  • Keep commits and changes scoped β€” avoid mixing concerns.
  • Eliminate all build-time warnings.
  • Exclude throwaway/debug scripts from version control.
  • Break large files or functions into smaller, coherent parts.
  • Use descriptive names (no cryptic abbreviations).
  • Favor early returns (guard clauses) over nested logic.
  • Never swallow exceptions silently; document decisions.
  • Do not overwrite shared configuration files like .env without consent.

πŸ“ Codebase Management

πŸ“Š CI/CD & Repo Standards

  • Use branch naming conventions (feature/*, bugfix/*, hotfix/*).
  • Block PRs unless lint, test, and build steps pass.

πŸ› οΈ Backend Guidelines (General)

πŸ“Š CI/CD & Repo Standards

  • Use branch naming conventions (feature/*, bugfix/*, hotfix/*).
  • Block PRs unless lint, test, and build steps pass.

πŸ› οΈ Backend Guidelines (Django)

See shared standards under β€œBackend Guidelines (General)” for common practices like API design, logging, secrets, and performance.

πŸ”‘ Authentication & Authorization

  • Use token-based or session-based auth depending on context; prefer JWT for APIs.
  • Avoid reinventing auth flows β€” reuse Django’s built-in features when possible.
  • Never expose sensitive fields in serializers.
  • Use permission classes for all views β€” avoid AllowAny in production.

πŸ§ͺ Testing Best Practices

  • Use pytest with factory_boy for test data.
  • Target minimum 80% test coverage; CI should fail below that.
  • Prefer factories over fixtures.
  • Use pytest-django’s transactional_db fixtures for reliable isolation.

🧡 Asynchronous Task Safety

  • Ensure Celery tasks are idempotent (running multiple times doesn’t break logic).
  • Configure retry behavior explicitly (max_retries, retry_backoff, etc).
  • Use acks_late=True and task_acks_on_failure_or_timeout=False for reliability.

πŸ“₯ Upload Security Enhancements

  • Check file size, MIME type, and content.
  • Sanitize SVG, PDF, and other scriptable formats.
  • Enforce extension+type matching.

πŸ›‘οΈ Admin Panel Security

  • All ForeignKey fields must use raw_id_fields to avoid dropdown performance issues.
  • Never expose sensitive fields (e.g., passwords, tokens)
  • Use readonly_fields or exclude for security-critical data.
  • Remove unused admin classes β€” keep it clean.

πŸ” Deployment Standards (Cross-functional)

  • Production deploys should come only from main or release/* branches.
  • Ensure deployment steps (migrations, static collection, service reload) are automated.
  • Rollbacks should be possible via tagged versions or container history.

General

  • Business logic belongs in services/ or usecases/, not in views or serializers.
  • Use explicit exception handling; never use bare except: blocks.
  • Define choices enums at the top of model files.

πŸ“¦ Python Package Management

  • Use uv exclusively (or project-defined alternative). Avoid pip, poetry, pip-tools unless specified.
uv add <package>
uv remove <package>
uv sync
uv run <script.py>

🧱 API View Conventions

  • Prefer ModelViewSet or equivalent CRUD abstractions.
  • Use separate serializers for input/output when needed.
  • Use strict permission classes.
  • Annotate views for auto-documentation (e.g. drf-spectacular).

πŸ”” Background Tasks

  • Use Celery or an async queue.
  • Offload heavy work to tasks.py or background workers.
  • Log and track all errors.

πŸ“‘ WebSockets (Optional)

  • Use Channels or socket servers under /ws/....
  • Require token-based auth.

🎨 Frontend Guidelines

  • Use TypeScript.
  • Do not use Tailwind CSS.
  • Use semantic HTML and well-structured, scoped CSS.
  • Prefer CSS Modules or SCSS with logical separation.
  • Avoid inline styles and overuse of utility classes.
  • Ensure class names are meaningful and reusable.
  • Use functional components and Hooks.
  • Each component folder must contain:
    • index.tsx
    • types.ts
    • styles.module.css or .scss
  • Use a central API client (api.ts).
  • Use SWR, React Query, or equivalent.
  • Global state should be managed with Zustand, Jotai, or Redux Toolkit.
  • Avoid prop drilling.
  • Stick to a consistent design system, but not utility-based class libraries like Tailwind.
  • No inline styles or magic numbers.
  • Ensure accessibility in all components.

βœ… Testing Guidelines

  • Backend: use pytest or appropriate framework.
  • Frontend: use jest and @testing-library/react.
  • Remove debugging code before commit (console.log, print, etc).
  • Mocks should exist only inside test files.

πŸ” Code Review

  • All PRs require review.
  • Separate features, bugfixes, and refactors into different commits/PRs.
  • Use squashed commits to maintain clean history.

🧠 Philosophy

  • Read before you write.
  • Isolate refactors.
  • Be boring β€” predictable, testable, understandable code wins.
  • Think of your future teammates. Or your future self at 2am.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment