CtrlK
BlogDocsLog inGet started
Tessl Logo

jbaruch/coding-policy

General-purpose coding policy for Baruch's AI agents

91

1.15x
Quality

93%

Does it follow best practices?

Impact

91%

1.15x

Average score across 12 eval scenarios

SecuritybySnyk

Advisory

Suggest reviewing before use

Overview
Quality
Evals
Security
Files

dependency-management.mdrules/

alwaysApply:
Yes

Dependency Management

Stdlib First

  • Prefer the standard library over external dependencies
  • Only add a dependency when it provides significant value over a stdlib solution

Declaration

  • All dependencies declared in the project's manifest file (e.g., pyproject.toml, package.json, go.mod, Cargo.toml)
  • No undeclared dependencies — if your code imports it, the manifest lists it

Pinning

  • Pin versions or use a lock file to ensure reproducible builds
  • Lock files are committed to the repo

No Vendoring

  • Don't copy library source code into the repo
  • Use the language's package manager to install dependencies

Dependency Groups

  • Separate test/dev dependencies from production dependencies
  • Use the project's convention for grouping (e.g., [test] extras, devDependencies, build tags)

CI Compatibility

  • Every dependency must be installable in CI
  • If something exists as a package, install it properly — don't skip tests because a dependency is "hard to install"

README.md

tile.json