# AI SDLC Standards

Cross-cutting non-functional requirements for AI-assisted software development.

## Structure

```
security/       — InfoSec requirements (owned by Security team)
architecture/   — Software architecture standards (owned by Architecture team)
devops/         — CI/CD and deployment requirements (owned by DevOps team)
cost/           — Cost attribution and resource tagging (owned by FinOps team)
.tests/         — Deterministic compliance checks
skill/          — Agent skill for context injection
```

## How It Works

1. Each folder contains **testable requirements** in markdown — specific rules an AI agent (or human) must follow.
2. The **skill** teaches your AI agent where to find these requirements and when to apply them.
3. **Deterministic tests** in `.tests/` validate compliance at CI time — fast, free, no LLM needed.
4. Each folder has an `OWNERS` file. That team maintains and evolves their requirements.

## Philosophy

- **Standardize the input, not the tool.** Use OpenSpec, BMad, Cursor rules, or anything else. These requirements feed into whatever workflow you already have.
- **Progressive enforcement.** Start informational. Graduate to blocking as requirements mature.
- **Concrete over aspirational.** Every requirement must be testable. If you can't write a check for it, it's not a requirement — it's a wish.

## Getting Started

Plug the skill into your AI agent's configuration. It will pull the right requirements at the right phase of development.

See `skill/SKILL.md` for integration instructions.