max/ai-sdlc-standards
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AI SDLC Standards: cross-cutting requirements mono repo

Browse Source 
- Security: input validation, SQL injection, auth annotations, secrets, CVE checks
- Architecture: API contract first, service boundaries, breaking change protocol
- DevOps: health checks, structured logging, resource limits, rollback safety
- Cost: resource tagging, auto-scaling limits, storage lifecycle
- Deterministic compliance checker (.tests/check.sh)
- Agent skill for context injection (Cursor, OpenSpec, Claude Code examples)
- Demo with intentional violations
This commit is contained in:
Max Mayfield
2026-03-07 07:31:16 +00:00
commit a7728c6266
14 changed files with 476 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
README.md Normal file
View File

@@ -0,0 +1,33 @@
# AI SDLC Standards
Cross-cutting non-functional requirements for AI-assisted software development.
## Structure
```
security/ — InfoSec requirements (owned by Security team)
architecture/ — Software architecture standards (owned by Architecture team)
devops/ — CI/CD and deployment requirements (owned by DevOps team)
cost/ — Cost attribution and resource tagging (owned by FinOps team)
.tests/ — Deterministic compliance checks
skill/ — Agent skill for context injection
```
## How It Works
1. Each folder contains **testable requirements** in markdown — specific rules an AI agent (or human) must follow.
2. The **skill** teaches your AI agent where to find these requirements and when to apply them.
3. **Deterministic tests** in `.tests/` validate compliance at CI time — fast, free, no LLM needed.
4. Each folder has an `OWNERS` file. That team maintains and evolves their requirements.
## Philosophy
- **Standardize the input, not the tool.** Use OpenSpec, BMad, Cursor rules, or anything else. These requirements feed into whatever workflow you already have.
- **Progressive enforcement.** Start informational. Graduate to blocking as requirements mature.
- **Concrete over aspirational.** Every requirement must be testable. If you can't write a check for it, it's not a requirement — it's a wish.
## Getting Started
Plug the skill into your AI agent's configuration. It will pull the right requirements at the right phase of development.
See `skill/SKILL.md` for integration instructions.