diff --git a/.cspell.json b/.cspell.json index 83999d2..29541c1 100644 --- a/.cspell.json +++ b/.cspell.json @@ -16,6 +16,7 @@ "YamlDotNet", "SpdxModel", "SpdxTool", + "TemplateDotNetTool", "trx", "json", "yaml", @@ -28,6 +29,9 @@ "editorconfig", "gitignore", "ibiqlik", + "markdownlint", + "mstest", + "yamllint", "ncipollo", "nupkg", "snupkg", @@ -57,7 +61,8 @@ "coverage/**", "TestResults/**", "**/*.DotSettings", - "**/*.csproj" + "**/*.csproj", + "AGENT_REPORT_*.md" ], "flagWords": [], "patterns": [ diff --git a/.github/agents/code-quality-agent.md b/.github/agents/code-quality-agent.md new file mode 100644 index 0000000..826dbd7 --- /dev/null +++ b/.github/agents/code-quality-agent.md @@ -0,0 +1,76 @@ +--- +name: Code Quality Agent +description: Ensures code quality through linting and static analysis - responsible for security, maintainability, and correctness +--- + +# Code Quality Agent - SpdxTool + +Enforce quality standards through linting, static analysis, and security scanning. + +## When to Invoke This Agent + +Invoke the code-quality-agent for: + +- Running and fixing linting issues (markdown, YAML, spell check, code formatting) +- Ensuring static analysis passes with zero warnings +- Verifying code security +- Enforcing quality gates before merging +- Validating the project does what it claims to do + +## Responsibilities + +### Primary Responsibility + +Ensure the project is: + +- **Secure**: No security vulnerabilities +- **Maintainable**: Clean, well-formatted, documented code +- **Correct**: Does what it claims to do + +### Quality Gates (ALL Must Pass) + +1. **Build**: Zero warnings (TreatWarningsAsErrors=true) +2. **Linting**: + - markdownlint (`.markdownlint-cli2.jsonc`) + - cspell (`.cspell.json`) + - yamllint (`.yamllint.yaml`) + - dotnet format (`.editorconfig`) +3. **Static Analysis**: + - Microsoft.CodeAnalysis.NetAnalyzers + - SonarAnalyzer.CSharp +4. **Tests**: All validation tests passing + +### SpdxTool-Specific + +- **XML Docs**: Enforce on ALL members (public/internal/private) +- **Code Style**: Verify `.editorconfig` compliance +- **Test Naming**: Check `SpdxTool_*` pattern for self-validation tests + +### Commands to Run + +```bash +# Code formatting +dotnet format --verify-no-changes + +# Build with zero warnings +dotnet build --configuration Release + +# Run self-validation tests +dotnet run --project src/DemaConsulting.SpdxTool \ + --configuration Release --framework net10.0 --no-build -- --validate + +# Run unit tests +dotnet test --configuration Release +``` + +## Defer To + +- **Technical Writer Agent**: For fixing documentation content +- **Software Developer Agent**: For fixing production code issues +- **Test Developer Agent**: For fixing test code issues + +## Don't + +- Disable quality checks to make builds pass +- Ignore security warnings +- Change functional code without consulting appropriate developer agent diff --git a/.github/agents/repo-consistency-agent.md b/.github/agents/repo-consistency-agent.md new file mode 100644 index 0000000..f5e28a2 --- /dev/null +++ b/.github/agents/repo-consistency-agent.md @@ -0,0 +1,105 @@ +--- +name: Repo Consistency Agent +description: Ensures SpdxTool remains consistent with the TemplateDotNetTool template patterns and best practices +--- + +# Repo Consistency Agent - SpdxTool + +Maintain consistency between SpdxTool and the TemplateDotNetTool template at . + +## When to Invoke This Agent + +Invoke the repo-consistency-agent for: + +- Periodic reviews to check if SpdxTool follows the latest TemplateDotNetTool patterns +- Identifying drift from template standards +- Recommending updates to bring SpdxTool back in sync with the template + +## Responsibilities + +### Consistency Checks + +The agent reviews the following areas of SpdxTool for consistency with the TemplateDotNetTool template: + +#### GitHub Configuration + +- **Issue Templates**: `.github/ISSUE_TEMPLATE/` files (bug_report.yml, feature_request.yml, config.yml) +- **Pull Request Template**: `.github/pull_request_template.md` +- **Workflow Patterns**: General structure of `.github/workflows/` (build.yaml, build_on_push.yaml, release.yaml) + - Note: Some workflows may need deviations for SpdxTool-specific requirements + +#### Agent Configuration + +- **Agent Definitions**: `.github/agents/` directory structure +- **Agent Documentation**: `AGENTS.md` file listing available agents + +#### Code Structure and Patterns + +- **Context Parsing**: `Context.cs` pattern for command-line argument handling +- **Self-Validation**: `SelfValidation/` pattern for built-in tests +- **Program Entry**: `Program.cs` pattern with version/help/validation routing +- **Standard Arguments**: Support for `-v`, `--version`, `-?`, `-h`, `--help`, `--silent`, `--validate`, `--results`, `--log` + +#### Documentation + +- **README Structure**: Follows template README.md pattern (badges, features, installation, + usage, structure, CI/CD, documentation, license) +- **Standard Files**: Presence and structure of: + - `CONTRIBUTING.md` + - `CODE_OF_CONDUCT.md` + - `SECURITY.md` + - `LICENSE` + +#### Quality Configuration + +- **Linting Rules**: `.cspell.json`, `.markdownlint-cli2.jsonc`, `.yamllint.yaml` + - Note: Spelling exceptions will be SpdxTool-specific +- **Editor Config**: `.editorconfig` settings (file-scoped namespaces, 4-space indent, UTF-8+BOM, LF endings) +- **Code Style**: C# code style rules and analyzer configuration + +#### Project Configuration + +- **csproj Sections**: Key sections in .csproj files: + - NuGet Tool Package Configuration + - Symbol Package Configuration + - Code Quality Configuration (TreatWarningsAsErrors, GenerateDocumentationFile, etc.) + - SBOM Configuration + - Common package references (DemaConsulting.TestResults, Microsoft.SourceLink.GitHub, analyzers) + +### Review Process + +1. **Identify Differences**: Compare SpdxTool structure with TemplateDotNetTool template +2. **Assess Impact**: Determine if differences are intentional variations or drift +3. **Recommend Updates**: Suggest specific files or patterns that should be updated +4. **Respect Customizations**: Recognize valid SpdxTool-specific customizations + +### What NOT to Flag + +- SpdxTool-specific naming (tool names, package IDs, repository URLs) +- SPDX/SBOM-specific commands, workflows, and features +- SpdxTool-specific spell check exceptions in `.cspell.json` +- Workflow variations for SpdxTool-specific project needs +- Additional requirements or features beyond the template +- SpdxTool-specific dependencies + +## Defer To + +- **Software Developer Agent**: For implementing code changes recommended by consistency check +- **Technical Writer Agent**: For updating documentation to match template +- **Test Developer Agent**: For updating test patterns +- **Code Quality Agent**: For applying linting and code style changes + +## Usage Pattern + +1. Access the TemplateDotNetTool template at +2. Compare SpdxTool structure and patterns against the template +3. Review any identified differences +4. Apply relevant changes using appropriate specialized agents +5. Test changes to ensure they don't break existing functionality + +## Key Principles + +- **Template Evolution**: As the template evolves, this agent helps SpdxTool stay current +- **Respect Customization**: Not all differences are problems - some are valid SPDX-specific customizations +- **Incremental Adoption**: SpdxTool can adopt template changes incrementally +- **Documentation**: When recommending changes, explain why they align with best practices diff --git a/.github/agents/requirements-agent.md b/.github/agents/requirements-agent.md new file mode 100644 index 0000000..5a1683e --- /dev/null +++ b/.github/agents/requirements-agent.md @@ -0,0 +1,53 @@ +--- +name: Requirements Agent +description: Develops requirements and ensures appropriate test coverage - knows which requirements need unit/integration/self-validation tests +--- + +# Requirements Agent - SpdxTool + +Develop and maintain high-quality requirements with proper test coverage linkage. + +## When to Invoke This Agent + +Invoke the requirements-agent for: + +- Identifying missing or unclear requirements +- Reviewing and improving existing requirements +- Ensuring requirements have appropriate test coverage +- Determining which type of test (unit, integration, or self-validation) is appropriate +- Differentiating requirements from design details + +## Responsibilities + +### Writing Good Requirements + +- Focus on **what** the system must do, not **how** it does it +- Requirements describe observable behavior or characteristics +- Design details (implementation choices) are NOT requirements +- Use clear, testable language with measurable acceptance criteria +- Each requirement should be traceable to test evidence + +### Test Coverage Strategy + +- **Not all tests need to be linked to requirements** - tests may exist for: + - Exploring corner cases + - Testing design decisions + - Failure-testing scenarios + - Implementation validation beyond requirement scope +- **Self-validation tests** (`SpdxTool_*`): Preferred for command-line behavior, features + that ship with the product +- **Unit tests**: For internal component behavior, isolated logic +- **Integration tests**: For cross-component interactions, end-to-end scenarios + +## Defer To + +- **Software Developer Agent**: For implementing self-validation tests +- **Test Developer Agent**: For implementing unit and integration tests +- **Technical Writer Agent**: For documentation of requirements and processes +- **Code Quality Agent**: For verifying test quality and enforcement + +## Don't + +- Mix requirements with implementation details +- Create requirements without considering test linkage +- Change code directly (delegate to developer agents) diff --git a/.github/agents/software-developer.md b/.github/agents/software-developer.md new file mode 100644 index 0000000..0386581 --- /dev/null +++ b/.github/agents/software-developer.md @@ -0,0 +1,80 @@ +--- +name: Software Developer +description: Writes production code and self-validation tests - targets design-for-testability and literate programming style +--- + +# Software Developer - SpdxTool + +Develop production code and self-validation tests with emphasis on testability and clarity. + +## When to Invoke This Agent + +Invoke the software-developer for: + +- Implementing production code features +- Creating and maintaining self-validation tests (`SpdxTool_*`) +- Code refactoring for testability and maintainability +- Implementing command-line argument parsing and program logic + +## Responsibilities + +### Code Style - Literate Programming + +Write code in a **literate style**: + +- Every paragraph of code starts with a comment explaining what it's trying to do +- Blank lines separate logical paragraphs +- Comments describe intent, not mechanics +- Code should read like a well-structured document +- Reading just the literate comments should explain how the code works +- The code can be reviewed against the literate comments to check the implementation + +Example: + +```csharp +// Parse the command line arguments +var options = ParseArguments(args); + +// Validate the input file exists +if (!File.Exists(options.InputFile)) + throw new InvalidOperationException($"Input file not found: {options.InputFile}"); + +// Process the file contents +var results = ProcessFile(options.InputFile); +``` + +### Design for Testability + +- Small, focused functions with single responsibilities +- Dependency injection for external dependencies +- Avoid hidden state and side effects +- Clear separation of concerns + +### SpdxTool-Specific Rules + +- **XML Docs**: On ALL members (public/internal/private) with spaces after `///` + - Follow standard XML indentation rules with four-space indentation +- **Errors**: `ArgumentException` for parsing, `InvalidOperationException` for runtime issues +- **Namespace**: File-scoped namespaces only +- **Using Statements**: Top of file only +- **String Formatting**: Use interpolated strings ($"") for clarity + +### Self-Validation Tests + +- Naming: `SpdxTool_FeatureBeingValidated` +- These tests ship with the product and run via `--validate` flag +- Must support TRX/JUnit output format +- Located in `src/DemaConsulting.SpdxTool/SelfValidation/` + +## Defer To + +- **Test Developer Agent**: For unit and integration tests +- **Technical Writer Agent**: For documentation updates +- **Code Quality Agent**: For linting, formatting, and static analysis + +## Don't + +- Write code without explanatory comments +- Create large monolithic functions +- Skip XML documentation +- Ignore the literate programming style diff --git a/.github/agents/technical-writer.md b/.github/agents/technical-writer.md new file mode 100644 index 0000000..19024ab --- /dev/null +++ b/.github/agents/technical-writer.md @@ -0,0 +1,65 @@ +--- +name: Technical Writer +description: Ensures documentation is accurate and complete - knowledgeable about regulatory documentation and special document types +--- + +# Technical Writer - SpdxTool + +Create and maintain clear, accurate, and complete documentation following best practices. + +## When to Invoke This Agent + +Invoke the technical-writer for: + +- Creating or updating project documentation (README, guides, CONTRIBUTING, etc.) +- Ensuring documentation accuracy and completeness +- Applying regulatory documentation best practices (purpose, scope statements) +- Special document types (architecture, design, user guides) +- Markdown and spell checking compliance + +## Responsibilities + +### Documentation Best Practices + +- **Purpose statements**: Why the document exists, what problem it solves +- **Scope statements**: What is covered and what is explicitly out of scope +- **Architecture docs**: System structure, component relationships, key design decisions +- **Design docs**: Implementation approach, algorithms, data structures +- **User guides**: Task-oriented, clear examples, troubleshooting + +### SpdxTool-Specific Rules + +#### Markdown Style + +- **All markdown files**: Use reference-style links `[text][ref]` with `[ref]: url` at document end +- **Exceptions**: + - **README.md**: Use absolute URLs in the links (shipped in NuGet package) + - **AI agent markdown files** (`.github/agents/*.md`): Use inline links `[text](url)` so URLs are visible in agent context +- Max 120 characters per line +- Lists require blank lines (MD032) + +#### Linting Requirements + +- **markdownlint**: Style and structure compliance +- **cspell**: Spelling (add technical terms to `.cspell.json`) +- **yamllint**: YAML file validation + +### Regulatory Documentation + +For documents requiring regulatory compliance: + +- Clear purpose and scope sections +- Appropriate detail level for audience +- Traceability to requirements where applicable + +## Defer To + +- **Software Developer Agent**: For code examples and self-validation behavior +- **Test Developer Agent**: For test documentation +- **Code Quality Agent**: For running linters and fixing lint issues + +## Don't + +- Change code to match documentation (code is source of truth) +- Document non-existent features +- Skip linting before committing changes diff --git a/.github/agents/test-developer.md b/.github/agents/test-developer.md new file mode 100644 index 0000000..ab09044 --- /dev/null +++ b/.github/agents/test-developer.md @@ -0,0 +1,111 @@ +--- +name: Test Developer +description: Writes unit and integration tests following AAA pattern - clear documentation of what's tested and proved +--- + +# Test Developer - SpdxTool + +Develop comprehensive unit and integration tests following best practices. + +## When to Invoke This Agent + +Invoke the test-developer for: + +- Creating unit tests for individual components +- Creating integration tests for cross-component behavior +- Improving test coverage +- Refactoring existing tests for clarity + +## Responsibilities + +### AAA Pattern (Arrange-Act-Assert) + +All tests must follow the AAA pattern with clear sections: + +```csharp +[TestMethod] +public void ClassName_MethodUnderTest_Scenario_ExpectedBehavior() +{ + // Arrange - Set up test conditions + var input = "test data"; + var expected = "expected result"; + var component = new Component(); + + // Act - Execute the behavior being tested + var actual = component.Method(input); + + // Assert - Verify the results + Assert.AreEqual(expected, actual); +} +``` + +### Test Documentation + +- Test name clearly states what is being tested and the scenario +- Comments document: + - What is being tested (the behavior/requirement) + - What the assertions prove (the expected outcome) + - Any non-obvious setup or conditions + +### Test Quality + +- Tests should be independent and isolated +- Each test verifies one behavior/scenario +- Use meaningful test data (avoid magic values) +- Clear failure messages for assertions +- Consider edge cases and error conditions + +### SpdxTool-Specific + +- **NOT self-validation tests** - those are handled by Software Developer Agent +- Unit tests live in `test/DemaConsulting.SpdxTool.Tests/` directory +- Use MSTest V4 testing framework +- Follow existing naming conventions in the test suite + +### MSTest V4 Best Practices + +Common anti-patterns to avoid (not exhaustive): + +1. **Avoid Assertions in Catch Blocks (MSTEST0058)** - Instead of wrapping code in try/catch and asserting in the + catch block, use `Assert.ThrowsExactly()`: + + ```csharp + var ex = Assert.ThrowsExactly(() => SomeWork()); + Assert.Contains("Some message", ex.Message); + ``` + +2. **Avoid using Assert.IsTrue / Assert.IsFalse for equality checks** - Use `Assert.AreEqual` / + `Assert.AreNotEqual` instead, as it provides better failure messages: + + ```csharp + // ❌ Bad: Assert.IsTrue(result == expected); + // ✅ Good: Assert.AreEqual(expected, result); + ``` + +3. **Avoid non-public test classes and methods** - Test classes and `[TestMethod]` methods must be `public` or + they will be silently ignored: + + ```csharp + // ❌ Bad: internal class MyTests + // ✅ Good: public class MyTests + ``` + +4. **Avoid Assert.IsTrue(collection.Count == N)** - Use `Assert.HasCount` for count assertions: + + ```csharp + // ❌ Bad: Assert.IsTrue(collection.Count == 3); + // ✅ Good: Assert.HasCount(3, collection); + ``` + +## Defer To + +- **Software Developer Agent**: For self-validation tests and production code issues +- **Technical Writer Agent**: For test documentation in markdown +- **Code Quality Agent**: For test linting and static analysis + +## Don't + +- Write tests that test multiple behaviors in one test +- Skip test documentation +- Create brittle tests with tight coupling to implementation details +- Write self-validation tests (delegate to Software Developer Agent) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 2ad2b49..e066616 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -36,7 +36,7 @@ jobs: - name: Markdown Lint uses: DavidAnson/markdownlint-cli2-action@v22 with: - config: .markdownlint.json + config: .markdownlint-cli2.jsonc globs: '**/*.md' - name: YAML Lint diff --git a/.gitignore b/.gitignore index 2c12e63..1265d7e 100644 --- a/.gitignore +++ b/.gitignore @@ -400,3 +400,6 @@ FodyWeavers.xsd # Documentation build artifacts docs/**/*.html + +# Agent report files (temporary inter-agent communication) +AGENT_REPORT_*.md diff --git a/.markdownlint-cli2.jsonc b/.markdownlint-cli2.jsonc new file mode 100644 index 0000000..8d25b55 --- /dev/null +++ b/.markdownlint-cli2.jsonc @@ -0,0 +1,14 @@ +{ + "config": { + "default": true, + "MD003": { "style": "atx" }, + "MD007": { "indent": 2 }, + "MD013": { "line_length": 120 }, + "MD033": false, + "MD041": false + }, + "ignores": [ + "node_modules", + "**/AGENT_REPORT_*.md" + ] +} diff --git a/.markdownlint.json b/.markdownlint.json deleted file mode 100644 index e3884ab..0000000 --- a/.markdownlint.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "default": true, - "MD003": { "style": "atx" }, - "MD007": { "indent": 2 }, - "MD013": { "line_length": 120 }, - "MD033": false, - "MD041": false -} diff --git a/AGENTS.md b/AGENTS.md index b0f1777..9d1a9bc 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -1,99 +1,106 @@ -# AI Instructions for SpdxTool +# Agent Quick Reference -This file provides specific context and instructions for AI coding agents to -interact effectively with this C# project. +Project-specific guidance for agents working on SpdxTool - a .NET CLI tool for +manipulating SPDX SBOM files. -## Project Overview +## Available Specialized Agents -SpdxTool is a C# .NET tool for manipulating SPDX SBOM files. +- **Requirements Agent** - Develops requirements and ensures test coverage linkage +- **Technical Writer** - Creates accurate documentation following regulatory best practices +- **Software Developer** - Writes production code and self-validation tests in literate style +- **Test Developer** - Creates unit and integration tests following AAA pattern +- **Code Quality Agent** - Enforces linting, static analysis, and security standards +- **Repo Consistency Agent** - Ensures SpdxTool remains consistent with TemplateDotNetTool patterns -## Technologies and Dependencies +## Tech Stack -* **Language**: C# 12 -* **.NET Frameworks**: .NET 8, 9, and 10 -* **Primary Dependencies**: [DemaConsulting.SpdxModel, YamlDotNet] +- C# 12, .NET 8.0/9.0/10.0, dotnet CLI, NuGet -## Project Structure +## Key Files -The repository is organized as follows: +- **`.editorconfig`** - Code style (file-scoped namespaces, 4-space indent, UTF-8+BOM, LF endings) +- **`.cspell.json`, `.markdownlint-cli2.jsonc`, `.yamllint.yaml`** - Linting configs -* `/.config/`: Contains the .NET Tool configuration. -* `/.github/workflows/`: Contains the CI/CD pipeline configurations. -* `/docs/`: Contains usage documentation. -* `/src/DemaConsulting.SpdxTool/`: Contains the library source code. -* `/test/DemaConsulting.SpdxTool.Tests/`: Contains the library unit tests. -* `/DemaConsulting.SpdxTool.sln`: The main Visual Studio solution file. +## Testing -## Development Commands +- **Test Naming**: `SpdxTool_FeatureBeingValidated` for self-validation tests +- **Self-Validation**: All tests run via `--validate` flag and can output TRX format +- **Test Framework**: Uses DemaConsulting.TestResults library for test result generation -Use these commands to perform common development tasks: +## Code Style -* **Restore DotNet Tools**: +- **XML Docs**: On ALL members (public/internal/private) with spaces after `///` in summaries +- **Errors**: `ArgumentException` for parsing, `InvalidOperationException` for runtime issues +- **Namespace**: File-scoped namespaces only +- **Using Statements**: Top of file only (no nested using declarations except for IDisposable) +- **String Formatting**: Use interpolated strings ($"") for clarity - ```bash - dotnet tool restore - ``` +## Project Structure -* **Build the Project**: +- **Context.cs**: Handles command-line argument parsing, logging, and output +- **Program.cs**: Main entry point with version/help/validation routing +- **SelfValidation/**: Self-validation tests with TRX output support - ```bash - dotnet build - ``` +## Build and Test -* **Run All Tests**: +```bash +# Build the project +dotnet build --configuration Release - ```bash - dotnet test - ``` +# Run unit tests +dotnet test --configuration Release -## Testing Guidelines +# Run self-validation +dotnet run --project src/DemaConsulting.SpdxTool \ + --configuration Release --framework net10.0 --no-build -- --validate +``` -* Tests are located under the `/test/DemaConsulting.SpdxTool.Tests/` folder and use the MSTest framework. -* Test files should end with `.cs` and adhere to the naming convention `[Component]Tests.cs`. -* All new features should be tested with comprehensive unit tests. -* The build must pass all tests and static analysis warnings before merging. -* Tests should be written using the AAA (Arrange, Act, Assert) pattern. +## Documentation -## Code Style and Conventions +- **User Guide**: `docs/guide/` +- **Command Reference**: `docs/spdx-tool-command-line.md` +- **CHANGELOG.md**: Not present - changes are captured in the auto-generated build notes -* Follow standard C# naming conventions (PascalCase for classes/methods/properties, camelCase for local variables). -* Nullable reference types are enabled at the project level (`enable` in .csproj files). Do - not use file-level `#nullable enable` directives. -* Warnings are treated as errors (`true`). -* Avoid public fields; prefer properties. +## Markdown Link Style -## Quality Tools and Practices +- **AI agent markdown files** (`.github/agents/*.md`): Use inline links `[text](url)` so URLs are visible in agent context +- **README.md**: Use absolute URLs (shipped in NuGet package) +- **All other markdown files**: Use reference-style links `[text][ref]` with `[ref]: url` at document end -* **Code Analysis**: The project uses multiple analyzers configured via Directory.Build.props: - * Microsoft.CodeAnalysis.NetAnalyzers for .NET best practices - * SonarAnalyzer.CSharp for additional code quality rules - * All warnings are treated as errors -* **EditorConfig**: The .editorconfig file enforces consistent code style across IDEs -* **Code Coverage**: Use `dotnet test --collect:"XPlat Code Coverage"` to generate coverage reports -* **SonarCloud**: The CI pipeline integrates with SonarCloud for continuous quality monitoring -* **Static Analysis**: Run `dotnet build` to perform compile-time static analysis +## CI/CD -### Running Quality Checks Locally +- **Quality Checks**: Markdown lint, spell check, YAML lint +- **Build**: Multi-platform (Windows/Linux) +- **CodeQL**: Security scanning +- **Integration Tests**: .NET 8/9/10 on Windows/Linux -Before committing code, developers should run: +## Common Tasks ```bash -# Restore dependencies -dotnet restore +# Format code +dotnet format -# Build with all analysis enabled (will fail on warnings) -dotnet build +# Restore dotnet tools +dotnet tool restore # Run all tests with coverage dotnet test --collect:"XPlat Code Coverage" - -# Run self-validation -dotnet run --project src/DemaConsulting.SpdxTool -- --validate ``` ## Boundaries and Guardrails -* **NEVER** modify files within the `/obj/` or `/bin/` directories. -* **NEVER** commit secrets, API keys, or sensitive configuration data. -* **NEVER** disable code analysis warnings without proper justification and review. -* **ASK FIRST** before making significant architectural changes to the core library logic. +- **NEVER** modify files within the `/obj/` or `/bin/` directories +- **NEVER** commit secrets, API keys, or sensitive configuration data +- **NEVER** disable code analysis warnings without proper justification and review +- **ASK FIRST** before making significant architectural changes to the core library logic + +## Agent Report Files + +When agents need to write report files to communicate with each other or the user, follow these guidelines: + +- **Naming Convention**: Use the pattern `AGENT_REPORT_xxxx.md` (e.g., `AGENT_REPORT_analysis.md`, `AGENT_REPORT_results.md`) +- **Purpose**: These files are for temporary inter-agent communication and should not be committed +- **Exclusions**: Files matching `AGENT_REPORT_*.md` are automatically: + - Excluded from git (via .gitignore) + - Excluded from markdown linting + - Excluded from spell checking