From 3487050bbd9126251a2fce98363858e1ee55ea23 Mon Sep 17 00:00:00 2001 From: m3tm3re Date: Mon, 27 Apr 2026 12:50:27 +0200 Subject: [PATCH] feat(rules): add git-identity rule and update agent prompts --- AGENTS.md | 32 +++++++++ agents/chiron-forge/system-prompt.md | 13 ++++ agents/chiron/system-prompt.md | 13 ++++ rules/USAGE.md | 11 ++++ rules/concerns/git-identity.md | 97 ++++++++++++++++++++++++++++ 5 files changed, 166 insertions(+) create mode 100644 rules/concerns/git-identity.md diff --git a/AGENTS.md b/AGENTS.md index fdc06ea..4620ff3 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -444,6 +444,38 @@ m3taLib.coding-rules.mkCodingRules { See `rules/USAGE.md` for full documentation. +## Agent Git Identity + +All agent commits use a dedicated bot identity for clear audit trails. + +### Configuration + +```nix +coding.agents.gitIdentity = { + enable = true; + name = "m3ta-chiron"; + email = "m3ta-chiron@agentmail.to"; + sshKey = "/run/agenix/m3ta-chiron-ssh-key"; +}; +``` + +### Environment Variables + +When enabled, these are automatically set: +- `GIT_AUTHOR_NAME`, `GIT_AUTHOR_EMAIL` +- `GIT_COMMITTER_NAME`, `GIT_COMMITTER_EMAIL` +- `GIT_SSH_COMMAND` (for authenticated push) + +### Rules + +See `rules/concerns/git-identity.md` for detailed instructions. + +### Setup + +1. Generate SSH key: `ssh-keygen -t ed25519 -C "m3ta-chiron@agentmail.to" -f ~/.ssh/m3ta-chiron` +2. Add public key to https://code.m3ta.dev/user/settings/keys +3. Configure in NixOS: `coding.agents.gitIdentity.enable = true` + ## Notes for AI Agents 1. **Config-only repo** — no compilation step; `./scripts/test-skill.sh --validate` is the build diff --git a/agents/chiron-forge/system-prompt.md b/agents/chiron-forge/system-prompt.md index 16fbb62..f0096c4 100644 --- a/agents/chiron-forge/system-prompt.md +++ b/agents/chiron-forge/system-prompt.md @@ -48,3 +48,16 @@ You are Chiron-Forge, the Greek centaur smith of Hephaestus, specializing in exe - DO NOT manage private knowledge (Apollo's domain) - DO NOT handle work communications (Hermes's domain) - DO NOT execute destructive operations without confirmation + +## Git Identity + +All your commits use the agent identity: +- Author: m3ta-chiron +- SSH key configured for code.m3ta.dev + +Before committing, verify identity: +``` +git var GIT_AUTHOR_IDENT +``` + +Use conventional commits. Push with `git push`. diff --git a/agents/chiron/system-prompt.md b/agents/chiron/system-prompt.md index 16130e9..f883708 100644 --- a/agents/chiron/system-prompt.md +++ b/agents/chiron/system-prompt.md @@ -57,3 +57,16 @@ Include next steps or decision points when appropriate - Do NOT access private vaults or personal notes (Apollo's domain) - Do NOT write long-form content (Calliope's domain) - Do NOT execute build or deployment tasks (Chiron-Forge's domain) + +## Git Identity + +All your commits use the agent identity: +- Author: m3ta-chiron +- SSH key configured for code.m3ta.dev + +Before committing, verify identity: +``` +git var GIT_AUTHOR_IDENT +``` + +Use conventional commits. Push with `git push`. diff --git a/rules/USAGE.md b/rules/USAGE.md index 6ae994d..f021c4b 100644 --- a/rules/USAGE.md +++ b/rules/USAGE.md @@ -42,6 +42,17 @@ Add AI coding rules to your project via `mkOpencodeRules`. - `frameworks` (optional): List of framework names (e.g., `["n8n" "django"]`) - `extraInstructions` (optional): Additional instruction file paths +## Default Concerns + +When `concerns` is not specified, these are included: +- coding-style +- naming +- documentation +- testing +- git-workflow +- git-identity +- project-structure + ## .gitignore Add to your project's `.gitignore`: diff --git a/rules/concerns/git-identity.md b/rules/concerns/git-identity.md new file mode 100644 index 0000000..6699875 --- /dev/null +++ b/rules/concerns/git-identity.md @@ -0,0 +1,97 @@ +--- +name: git-identity +description: "Use when: (1) committing code to git repositories, (2) pushing changes, (3) verifying git identity. Triggers: git commit, git push, git identity, author." +compatibility: opencode, pi, claude-code +--- + +# Agent Git Identity + +This rule ensures all AI agent commits use a dedicated bot identity instead of personal user credentials. + +## How It Works + +**Environment variables** are set automatically by Home Manager via `coding.agents.gitIdentity`: +- `GIT_AUTHOR_NAME` = m3ta-chiron +- `GIT_AUTHOR_EMAIL` = m3ta-chiron@agentmail.to +- `GIT_COMMITTER_*` = same +- `GIT_SSH_COMMAND` = ssh with agent SSH key + +**Your job as the agent** is to: +1. Verify the identity before committing +2. Use conventional commit format +3. Push with SSH authentication + +## Before Committing + +Always verify the git identity is correct: + +```bash +git var GIT_AUTHOR_IDENT +# Should show: m3ta-chiron +``` + +If the identity is wrong, the environment variables are not set correctly. Report this to the user. + +## Commit Format + +Use conventional commits for all agent commits: + +```bash +git commit -m "feat(scope): add feature" +git commit -m "fix(bug): resolve issue" +git commit -m "refactor(utils): improve code" +git commit -m "docs(readme): update docs" +git commit -m "chore(deps): update dependencies" +git commit -m "test(api): add tests" +``` + +**Rules**: +- Subject max 72 chars +- Imperative mood ("add", not "added") +- No period at end +- Reference issues: `Closes #123` + +## Before Pushing + +SSH authentication is configured via `GIT_SSH_COMMAND`. Simply run: + +```bash +git push +``` + +The SSH key configured in `coding.agents.gitIdentity.sshKey` will be used automatically. + +## Verification Commands + +```bash +# Check author identity +git var GIT_AUTHOR_IDENT + +# Check committer identity +git var GIT_COMMITTER_IDENT + +# Check SSH command +echo $GIT_SSH_COMMAND + +# List all commits by agent +git log --author="m3ta-chiron" --oneline + +# Test SSH connectivity +ssh -T git@code.m3ta.dev +``` + +## Troubleshooting + +**Commits show wrong author?** +- Environment variables may not be set +- Check: `echo $GIT_AUTHOR_NAME` should print "m3ta-chiron" +- Report to user if variables are not set + +**Push authentication fails?** +- SSH key may not be added to the git hosting +- Check: `ssh -T git@code.m3ta.dev` +- Verify `GIT_SSH_COMMAND` contains correct key path + +**Wrong SSH key used?** +- Verify `GIT_SSH_COMMAND` contains the m3ta-chiron key +- Personal SSH keys in `~/.ssh/` should not interfere