60 non-negotiable code quality rules. Any code that enters this codebase must satisfy these. Derived from: Linus Torvalds, Guido van Rossum, Richard Stallman, an angry OSS standards developer, an AI slop detector, and a Reddit basher.
These six rules sit above everything else in this document. They are the
operator-stated baseline (.claude/CLAUDE.md) and override style preferences,
convenience, and any of the numbered rules below if a conflict arises.
Delete old code when it is replaced. Do not add fallbacks, compatibility fields, alias fields, or shims that exist only to soften the cutover. Two paths to the same outcome doubles the maintenance surface and hides the real contract.
No string-mirroring constants. No forwarding wrappers that add nothing.
No "manager" / "coordinator" / "handler" classes that only delegate.
No reflection for a fixed, knowable set. No *Agent naming for plain
dispatch. The honesty audit (docs/HONESTY_AUDIT.md) enforces a subset of
this; the rest is enforced at code review.
3. No hidden smartness
No deceptive routing. No fake personalization. No confidence numbers the code did not compute. No silent deterministic parsing inserted to bypass the model behind a "model-driven" facade. If the behavior is rule-based, the code reads as rule-based.
Multi-step behavior is declared as a state machine with named stages, a
STAGE_ORDER, and a HANDLER_REGISTRY. Nested if/elif chains that
encode the same shape are rejected. See docs/MODULE_STANDARD.md
(workflow handler contract) for the canonical pattern.
- Platform owns: routing, runtime, services, contracts, tools, task queue.
- Modules own: domain logic, module-specific contracts/tools/services, reports, workflow.
- Platform never imports from
aila.modules.*. - Modules never import from each other (Python OR frontend; pnpm strict mode fails the install if a module imports a package it did not declare).
Audit rules import_boundary and api_imports_module_internals enforce the
Python side at CI time.
- Every bare import in a module's frontend MUST be declared in that
module's
package.json(dependencies,peerDependencies, ordevDependencies). - Shared versions go through pnpm catalogs in
pnpm-workspace.yaml, never as literal versions in a module package. - The shell never imports from a module-specific dep that no other shell
code uses (e.g.
@dnd-kit/*is owned by@aila/vulnerability-frontend, not the shell). Seedocs/FRONTEND_MODULE_STANDARD.md.
"Talk is cheap. Show me the code."
- No abstraction without justification. If a class wraps one function call, delete the class.
- No inheritance chains deeper than 2. If you need a third level, your design is wrong. (Dismissed: framework inheritance is structural.)
- Functions do ONE thing. If it has "and" in the description, split it.
- No god objects. A class with 10+ methods is a design failure.
- Error paths are first-class citizens. Silent swallows are bugs you chose to keep.
- No clever code. If a reviewer needs 30 seconds to understand a line, rewrite it.
- Comments explain WHY, never WHAT. If the code needs a WHAT comment, the code is bad.
- Dead code is a lie. If it's not called, it doesn't exist. Delete it.
- No TODO in committed code. A TODO is a promise you already broke.
- Configuration belongs in ONE place. Two sources of truth is zero sources of truth.
"There should be one -- and preferably only one -- obvious way to do it."
- Follow PEP 8 without exception. Not "mostly" -- entirely.
- Type annotations on every public function.
-> dictis not a type, it's an abdication. - No bare
except Exception. Catch what you expect, let the rest propagate. - Flat is better than nested. If indentation exceeds 4 levels, refactor.
- Explicit is better than implicit.
**kwargspassthrough hides the contract. - Namespaces are honking great.
__all__on every module, no exceptions. - Simple is better than complex. A 5-parameter function is suspicious. 10 is guilty.
- Readability counts. Variable names under 3 characters are banned outside loops.
- Don't repeat yourself. Same pattern in 3+ places = extract it.
assertis for tests, not production. Production asserts are time bombs.
"Free software is a matter of liberty, not price."
- No vendor lock-in. Hardcoded third-party URLs are dependency chains.
- No telemetry, no phone-home. Every outbound call must be documented and user-consented.
- Documentation is not optional. Every public API must be documented for the community.
- Privacy by design. Credentials, keys, and secrets must never appear in code or logs.
- No proprietary dependencies without alternatives. Every import must be replaceable.
- Users must control their data. DB schemas must be documented for data portability.
- README must explain what, why, and how to build. If a newcomer can't build in 5 minutes, you failed.
- Contributor guidelines must exist. OSS without contribution docs is a closed project pretending to be open.
- CHANGELOG exists and is maintained. Users deserve to know what changed.
"Your code violates 14 RFCs and I'm filing issues for each one."
- Every module has
__init__.pywith__all__. No implicit namespace packages. - Imports are absolute, never relative across package boundaries. Relative within a package is fine.
- No circular imports. Not even "lazy" ones. Restructure.
- Test coverage floor is enforced and realistic. A gate that always passes is decoration.
- Fixtures, not inline setup. Test helpers that call
session.commit()without cleanup are leaks. - Semantic versioning. If there's no version, there's no release discipline.
- CI/CD or it didn't happen. If tests only run when a dev remembers, they don't run. (Deferred: post-MVP.)
- Dependency pinning. Unpinned deps are reproducibility roulette.
- No stale artifacts in the repo.
.pyc,.coverage, cache dirs = sloppy hygiene. - Docstrings follow ONE format. Google, NumPy, or Sphinx -- pick one, enforce it.
"This smells like it was generated at 3 AM by a model that doesn't understand the codebase."
- No boilerplate docstrings that restate the function signature.
"Args: x: The x value"is noise. - No over-engineered abstractions for one-time operations. A factory for one class is AI slop.
- No defensive coding against impossible states.
if x is not Nonewhen x is always set is paranoia, not engineering. - No excessive type narrowing.
isinstancechecks on values you just constructed are waste. - No symmetry for symmetry's sake. Not every CRUD needs all four operations.
- Naming must carry meaning.
process_data,handle_request,do_thingare non-names. - No copy-paste with slight variations. If two functions differ by one line, parameterize.
- No premature configurability. A config option used by zero users is dead weight.
- No aspirational comments. "Phase 43 will handle this" -- no, either do it now or delete the comment.
- No wrapper functions that add nothing. If
def foo(x): return bar(x), just usebar.
"I opened the repo and immediately closed my laptop."
- If your
__init__.pyis 50+ imports, your package structure is wrong. - If a test file imports from a deleted module, you have no CI.
- If the same URL appears in two files, you have a constants problem.
- If your ORM model has 15+ fields and no docstring, you wrote a CSV parser not a model.
- If your "service" class is a bag of static methods, it's not a service, it's a namespace.
Added after 50-phase deep architecture review and quality assurance.
- No sync DB calls inside async def.
session_scope()in anasync defwithoutasyncio.to_thread()blocks the event loop. Always wrap sync DB access inasyncio.to_thread(). Enforced by honesty audit rulesync_in_async. - Module endpoints must enforce platform auth through the platform mount/auth path. Routes mounted from modules must rely on the platform-owned auth dependency injected at mount time (
spec.auth_required→ platform dependency) or an equivalent platform auth contract. Unprotected routes are security holes, not features. - Runtime constants come from ConfigRegistry. If a constant has a corresponding
PlatformConfigSchemafield, read it viaget_task_tuning()with the constant as fallback. Do not reados.getenv()directly for values that have a ConfigRegistry counterpart. - Platform/API/storage must not import module internals directly. If platform-owned code needs module-specific behavior, the module injects a callable, contract model, route spec, or adapter. Direct imports from
aila.modules.<id>into platform-, api-, or storage-owned infrastructure are boundary violations. - Platform owns reusable reasoning runtime; modules own domain reasoning adapters. Shared reasoning machinery -- turn protocol, graph persistence, operator steering, strategy plumbing -- belongs in platform. Domain semantics -- evidence interpretation, prompt supplements, domain-specific validation, and tool execution meaning -- stay inside the module adapter. Do not hardcode module-specific cyber semantics into platform services.
17 of these 60 rules have direct programmatic enforcement by the honesty audit (which contains 33 structural checks total -- see docs/HONESTY_AUDIT.md for the full rule set):
python -m aila.tools.honesty_audit src/aila --whitelist honesty_whitelist.py
| Audit Rule | Golden Rule # |
|---|---|
| unused_parameter | 3, 15 |
| misleading_name | 46 |
| docstring_mismatch | 41 |
| import_boundary | 32, 33 |
| dead_isinstance | 44 |
| redundant_conversion | 43 |
| private_in_all | 16 |
| bare_exception_wrap | 5, 13 |
| always_true_default | 48 |
| god_object_dispatch | 4 |
| todo_in_code | 9, 49 |
| silent_exception | 5, 13 |
| production_assert | 20 |
| do_nothing_wrapper | 50 |
| dead_config_field | 48 |
| sync_in_async | 56 |
| api_imports_module_internals | 59 |
The remaining rules are enforced by code review.