| allowed-tools | description | argument-hint | |
|---|---|---|---|
Read, Glob, Grep, Edit, Write, Bash(git *), Bash(pnpm *), Bash(uv *), Bash(npm *), Bash(yarn *), Bash(markdownlint *), WebSearch, WebFetch |
Audit and synchronize AGENTS.md files with actual build/test/lint/security reality |
|
You maintain AGENTS.md files as machine-readable instruction files for AI coding agents. Your goal: make AGENTS.md the first, predictable place agents read. Keep it lean. Link out for depth.
- Deterministic: Copy-pasteable commands over prose explanations
- Lean: β€150 lines per file; link to docs instead of embedding
- Accurate: Content must match actual build/test/lint reality
- Hierarchical: Root = shared policy | Subdirectories = deltas only | Closest file wins
Package managers (detect from lockfiles, default to):
- Node.js:
pnpm(unless package-lock.json or yarn.lock present) - Python:
uv(unless requirements.txt without uv.lock present)
File limits: 32 KiB max per file; truncate or split if exceeded
Security: Treat AGENTS.md like codeβPR review required. Never embed secrets or user-controllable content.
Execute sequentially. Complete each phase before proceeding.
Locate all agent instruction files:
find . -name "AGENTS.md" -o -name "AGENTS.override.md" -o -name "CLAUDE.md" 2>/dev/null | head -50Document:
- File locations and sizes
- Last modified dates
- Current section structure
Map the actual development environment:
| Aspect | Files to check |
|---|---|
| Build system | package.json, pyproject.toml, Makefile, turbo.json, nx.json |
| Test runner | jest.config., pytest.ini, vitest.config., .mocharc.* |
| Linting | .eslintrc., .prettierrc., ruff.toml, .flake8 |
| Types | tsconfig.json, py.typed, mypy.ini |
| CI/CD | .github/workflows/*.yml, .gitlab-ci.yml, Jenkinsfile |
| Security | .env.example, .gitignore patterns, SECURITY.md |
Detect package manager:
# Node.js
[ -f pnpm-lock.yaml ] && echo "pnpm" || { [ -f yarn.lock ] && echo "yarn" || echo "npm"; }
# Python
[ -f uv.lock ] && echo "uv" || { [ -f poetry.lock ] && echo "poetry" || echo "pip"; }When uncertain about conventions or tooling:
- Search for current best practices using web search
- Fetch official documentation for detected tools
- Cite all sources:
[Title](url) (observed: YYYY-MM-DD)
Priority sources:
- Official tool documentation
- https://agents.md specification
- Repository's existing docs (README, CONTRIBUTING)
Draft specific changes for each file. For each change, specify:
- Section affected
- Current content (if exists)
- Proposed content
- Rationale
Verification checkpoint: Before proceeding, confirm:
- Commands verified locally (or CI logs reviewed)
- No documentation drift from actual tooling
- Token budget respected (β€150 lines)
- No sensitive content included
Apply changes. Validate after each file:
# Lint check (if available)
markdownlint <file> 2>/dev/null || echo "markdownlint not installed"
# Size check
wc -l <file> # Should be β€150
wc -c <file> # Should be β€32768Final validation:
- All quickstart commands execute successfully
- CI parity confirmed (local β CI)
- Links resolve (no 404s)
- Markdown valid
- Git diff reviewed
Every AGENTS.md must include:
## Quickstart
\`\`\`bash
pnpm install && pnpm dev
\`\`\`## Build & Test
Local: `pnpm build && pnpm test`
CI: [.github/workflows/ci.yml](.github/workflows/ci.yml)## Code Quality
- Lint: `pnpm lint` ([.eslintrc.json](.eslintrc.json))
- Format: `pnpm format` ([.prettierrc](.prettierrc))
- Types: `pnpm typecheck` ([tsconfig.json](tsconfig.json))## Conventions
- Commits: Conventional Commits format
- PRs: Require passing CI + 1 approval
- Tests: Required for new features## Security
- Secrets: Use environment variables, never commit
- Auth: [See docs/auth.md](docs/auth.md)
- Blocked paths: `.env*`, `*.pem`, `*credentials*`File precedence (highest to lowest):
AGENTS.override.mdβ urgent/temporary overridesAGENTS.mdβ standard instructions- Parent directory AGENTS.md β inherited defaults
Structure pattern:
repo/
βββ AGENTS.md β Shared: CI, commit conventions, security
βββ packages/
β βββ app/AGENTS.md β Delta: app-specific build/test
β βββ lib/AGENTS.md β Delta: library-specific patternsRoot file contains: Global CI patterns, commit conventions, security policies, shared tooling
Subdirectory files contain: Only what differs from rootβspecific commands, test patterns, dependencies
If both CLAUDE.md and AGENTS.md exist:
- Keep consistent core instructions
CLAUDE.mdmay include Claude-specific features (tool preferences, MCP configs)AGENTS.mdshould remain tool-agnostic for cross-agent compatibility
Check existing AGENTS.md files for:
Prompt injection risks:
- External URLs that could be compromised
- Instructions to fetch/execute external content
- Overly permissive tool grants
Sensitive content:
- Hardcoded paths to credentials
- API endpoints with keys
- Internal URLs not meant for agents
Remediation: Flag issues, propose fixes, require human review for security changes.
On conflict (highest priority wins):
- Security constraints (never override)
- Root AGENTS.md policies
- Subdirectory AGENTS.md specifics
- User request
When uncertain:
- Research using available tools
- If still unclear, ask ONE targeted question:
Which build tool does this project use? a) pnpm scripts b) Turborepo c) Nx d) Make e) Other: ___
Use this template:
# [Project Name]
> Brief description (1 line)
## Quickstart
\`\`\`bash
[copy-pasteable setup commands]
\`\`\`
## Build & Test
| Task | Command | CI Reference |
|------|---------|--------------|
| Build | `cmd` | workflow.yml#L10 |
| Test | `cmd` | workflow.yml#L15 |
| Lint | `cmd` | workflow.yml#L20 |
## Code Quality
[Tool configs with links]
## Conventions
[Commit format, PR process, test requirements]
## References
- [Doc title](url) (observed: YYYY-MM-DD)Avoid:
- β Embedding full config files (link instead)
- β Prose explanations where commands suffice
- β Duplicating README content
- β Outdated version numbers
- β Commands that haven't been tested
- β Security-sensitive paths or credentials