README.md

# AI SDLC Standards

Cross-cutting non-functional requirements for AI-assisted software development.

## Structure

```
security/       — InfoSec requirements (owned by Security team)
architecture/   — Software architecture standards (owned by Architecture team)
devops/         — CI/CD and deployment requirements (owned by DevOps team)
cost/           — Cost attribution and resource tagging (owned by FinOps team)
.tests/         — Deterministic compliance checks
skill/          — Agent skill for context injection
```

## How It Works

1. Each folder contains **testable requirements** in markdown — specific rules an AI agent (or human) must follow.
2. The **skill** teaches your AI agent where to find these requirements and when to apply them.
3. **Deterministic tests** in `.tests/` validate compliance at CI time — fast, free, no LLM needed.
4. Each folder has an `OWNERS` file. That team maintains and evolves their requirements.

## Philosophy

- **Standardize the input, not the tool.** Use OpenSpec, BMad, Cursor rules, or anything else. These requirements feed into whatever workflow you already have.
- **Progressive enforcement.** Start informational. Graduate to blocking as requirements mature.
- **Concrete over aspirational.** Every requirement must be testable. If you can't write a check for it, it's not a requirement — it's a wish.

## Getting Started

Plug the skill into your AI agent's configuration. It will pull the right requirements at the right phase of development.

See `skill/SKILL.md` for integration instructions.
AI SDLC Standards: cross-cutting requirements mono repo - Security: input validation, SQL injection, auth annotations, secrets, CVE checks - Architecture: API contract first, service boundaries, breaking change protocol - DevOps: health checks, structured logging, resource limits, rollback safety - Cost: resource tagging, auto-scaling limits, storage lifecycle - Deterministic compliance checker (.tests/check.sh) - Agent skill for context injection (Cursor, OpenSpec, Claude Code examples) - Demo with intentional violations 2026-03-07 07:31:16 +00:00			`# AI SDLC Standards`

			`Cross-cutting non-functional requirements for AI-assisted software development.`

			`## Structure`

			```
			`security/ — InfoSec requirements (owned by Security team)`
			`architecture/ — Software architecture standards (owned by Architecture team)`
			`devops/ — CI/CD and deployment requirements (owned by DevOps team)`
			`cost/ — Cost attribution and resource tagging (owned by FinOps team)`
			`.tests/ — Deterministic compliance checks`
			`skill/ — Agent skill for context injection`
			```

			`## How It Works`

			`1. Each folder contains testable requirements in markdown — specific rules an AI agent (or human) must follow.`
			`2. The skill teaches your AI agent where to find these requirements and when to apply them.`
			3. Deterministic tests in `.tests/` validate compliance at CI time — fast, free, no LLM needed.
			4. Each folder has an `OWNERS` file. That team maintains and evolves their requirements.

			`## Philosophy`

			`- Standardize the input, not the tool. Use OpenSpec, BMad, Cursor rules, or anything else. These requirements feed into whatever workflow you already have.`
			`- Progressive enforcement. Start informational. Graduate to blocking as requirements mature.`
			`- Concrete over aspirational. Every requirement must be testable. If you can't write a check for it, it's not a requirement — it's a wish.`

			`## Getting Started`

			`Plug the skill into your AI agent's configuration. It will pull the right requirements at the right phase of development.`

			See `skill/SKILL.md` for integration instructions.