- 01
Plan-before-apply enforcedA hook, not a prompt. Prompts get ignored under context pressure.
- 02
prevent_destroy on every stateful resourceState storage, databases, DNS zones. The only thing that fails the plan instead of scheduling a silent destroy.
- 03
Secrets in a vault; no agent read pathThe agent reads the variable name. The runtime reads the value.
- 04
Variable substitution verified by linterThe highest-impact silent failure found in practice. Invisible to syntax-only review.
- 05
Idempotency asserted, not declaredchanged_when on every system-touching task. "Probably won't change on re-run" is expensive.
- 06
Undefined-variable fallbacks fail closedDefault Jinja renders undefined to empty string. Set it to error instead.
- 07
Variable prefixes match role ownershipTwo roles with the same unprefixed name silently overwrite each other.
- 08
File modes validated against the runtime0701 looks safe. It blocks the container from writing. Silent failure the deploy calls success.
- 09
Template format-sensitivity respectedSome parsers reject valid templates if a comment header lands in the wrong position.
- 10
Exit codes propagate through wrappersOne un-propagated exit code makes the entire CI gate fraudulent.
- 11
Hooks fail closed, not openA hook that exits 0 on error costs you the assumption the gate ran.
- 12
The agent proposes; it does not applyThis rule subsumes the other eleven. Enforce at the credential boundary.