Diablo_ClaudeMD_Ricing_example/.github/copilot-instructions.md

Copilot Instructions — CoM Virtual Enterprise

Project Context

This is the .claude/ admin node configuration for CoM Solutions, a cybersecurity startup building Syn_OS (sovereign AI-assisted Cognitive Hyper-OS). This repo configures a 20-agent AI orchestration system across 6 pods, managed by Claude Code (Opus 4.6) as CADevO (Chief Agent Development Officer).

Owner: Ty CoM — Founder, SNHU cybersecurity student, SBIR defense track.

Architecture

• 4 AI tools orchestrated: Claude Code (architect), Kilo Code (bulk tasks), GitHub Copilot (inline completions), Gemini (knowledge curation)
• 20 agents in 6 pods: Dev-Security, Publishing, Game Design, Admin, Advisory, Command
• 52 slash-command skills spanning dev, security, publishing, ops, game design
• 13 MCP servers for external tool integration
• Constitutional governance with Busytown/Rapture alignment axis

Coding Standards

• Shell scripts: POSIX-compatible Bash. Use set -euo pipefail. Quote all variables. Use shellcheck-clean patterns.
• Python: Type hints on all functions. Use pathlib over os.path. Prefer dataclasses or Pydantic models.
• Rust (Syn_OS): Follow Rust 2021 edition. Use clippy::pedantic. No unsafe without documented justification and Aegis audit.
• JSON configs: Use 2-space indentation. Include $schema references where applicable.
• Markdown: ATX headings, one sentence per line for diffs, reference links at bottom.

Security Requirements

• Never commit secrets. All tokens, API keys, credentials go in .env files or environment variables, never in tracked files.
• Pre-commit validation: All Bash commands are pattern-matched against destructive operations (rm -rf /, format, registry deletion, pipe-to-shell).
• 4-layer defense: Permission deny list → PreToolUse hook → Haiku prompt guard → PostToolUse scan.
• Destructive operations always require confirmation. No force-push, no --no-verify, no chmod 777.
• Supply chain: All dependencies must be audited. Use cargo deny for Rust, pip audit for Python, npm audit for Node.

File Organization

.claude/
├── CLAUDE.md          # Master config (loaded every session)
├── HEARTBEAT.md       # Scheduled tasks and n8n workflows
├── settings.json      # MCP servers, permissions, hooks
├── a2a/               # Agent-to-Agent governance
├── agents/            # 20 agent personality files
├── skills/            # 52 slash-command skills
├── hooks/             # 3 execution safety hook scripts
├── rules/             # Context-sensitive governance rules
├── scripts/           # Automation templates
└── projects/          # Per-project memory and context

Commit Conventions

• Use Conventional Commits: type(scope): description
• Types: feat, fix, security, docs, refactor, test, ci, chore
• Scopes: agents, skills, hooks, rules, a2a, mcp, workflows
• Always run secret scanning before commit (part of /save skill)
• Sign commits with GPG when available

Testing

• Shell hooks: Test with mock inputs before deploying to production hooks
• Agent configs: Validate JSON schema compliance
• Skills: Each skill must have a README.md with usage examples
• Security hooks: Must pass all patterns in the deny list without false positives

PR Workflow

• All PRs require the security checklist in the PR template
• Destructive changes (hooks, rules, settings.json) require manual review
• Agent personality changes should note shadow integration implications
• Dependency updates must include audit results

Key Conventions

• Hardware constraint: node (/) — max 3 concurrent agents
• Prefer cargo check over cargo build to conserve resources
• CLI-first: Never suggest GUI steps. Use Parrot WSL for system tasks.
• Direct action over explanation. Run it, then report.
• Short responses. Outcome + next steps only.