@oddessentials/repo-standards
This package defines a single, authoritative JSON specification for repository quality standards across multiple stacks (TypeScript/JS, C#/.NET, Python, Rust, and Go), plus deterministic tooling to generate stack- and CI-specific views.
It is designed to be:
- Machine-readable (for autonomous agents and CI systems)
- Human-navigable (for onboarding and audits)
- Migration-friendly (soft-fail legacy, hard-fail new violations)
Think of this as a policy catalog, not an enforcement engine.
-
Master spec (source of truth)
config/standards.json -
Generated stack views (artifacts)
config/standards.<stack>[.<ciSystem>].json -
Generator scripts Deterministically derive filtered views from the master spec.
The master spec includes a meta block that defines system-wide expectations:
defaultCoverageThreshold = 0.8- Target ~80% coverage on new or changed code
- Prefer diff-based coverage where supported
qualityGatePolicy.preferSoftFailOnLegacy = true- New checks should:
- Warn on existing violations
- Fail CI only for new violations introduced by the change
complexityChecks.enabledByDefault = true- Complexity rules start as warnings
- Intended to tighten gradually as codebases mature
meta.migrationGuide defines a stepwise adoption path:
- Local safety nets (formatting, linting, pre-commit)
- Mirror in CI with soft-fail legacy
- Add type safety, coverage, dependency security
- Add docs, governance, integration/perf/accessibility (plus ML-specific practices for Python data teams)
-
version— schema version (currently5) -
meta— global rules and migration policy -
ciSystems— supported CI platforms (currentlygithub-actions,azure-devops) -
stacks— supported stacks:typescript-jscsharp-dotnetpythonrustgo
-
checklistcore— must-have requirementsrecommended— high-value additionsoptionalEnhancements— advanced / nice-to-have
Each checklist item includes:
id,label,descriptionappliesTo.stacks,appliesTo.ciSystemsciHints— suggested pipeline stagesstackHints[stack]- example tools
- example config files
- notes and trade-offs (including ML variants for Python)
anyOfFiles— either-or file compliance hints (v2+)pinningNotes— version pinning guidance (v2+)
The version field indicates schema compatibility:
1— Original schema2— AddsbazelHints,meta.executorHints.bazelfor Bazel support,anyOfFiles,pinningNotes, enforcement/severity levels, ratio-based coverage thresholds, Rust/Go stacks. Enforces strict validation withadditionalProperties: false.3— Expands release, build determinism, and provenance/CI automation requirements; adds unified release workflow and template automation guidance.4— Stable API contract withgetStandards(),getSchema(),STANDARDS_VERSIONexports; Node 22 LTS alignment.5— Adds automated version-guard guidance for repositories using semantic-release; schema aligned to package major version 5.
To keep config/standards.json in sync with semantic-release major bumps, use
scripts/sync-standards-version.cjs during the semantic-release prepare step
and commit the updated files. This updates the schema version and README
references in one place.
Consumers should ignore unknown fields for forward compatibility.
Two recommended checklist items support supply-chain governance:
| Item | Scope | Primary Tools |
|---|---|---|
dependency-update-automation |
Automated PR bots | Renovate (cross-CI), Dependabot (GitHub) |
dependency-architecture-rules |
Import boundaries | Varies by stack |
Note:
dependency-security(core) covers vulnerability scanning and lockfiles. These recommended items are complementary, not overlapping.
| Factor | Renovate | Dependabot |
|---|---|---|
| CI Support | GHA + AzDO + GitLab | GitHub only |
| Config Flexibility | High | Medium |
| Grouping | Advanced | Basic |
| Automerge | Configurable | Limited |
Recommendation: Use Renovate for cross-CI portability.
For Azure DevOps, Renovate requires one of:
- Mend Renovate Hosted Service — Install from Azure Marketplace
- Self-Hosted Runner — Scheduled pipeline with
renovate/renovateDocker image - Container Job — Run Renovate in a container step
Required secrets:
AZURE_DEVOPS_TOKEN(PAT with Code Read/Write, PR Contribute)
This framework supports Bazel as an optional build executor for quality checks.
- Bazel is optional — Stack-native commands (npm, cargo, etc.) remain the default
- Hints are advisory —
bazelHintsare suggestions, not required execution paths - Commands are illustrative — Actual Bazel commands are repo-defined; examples show patterns only
- Detection is root-level — Only
MODULE.bazel/WORKSPACE*at repo root triggers Bazel mode
Repos are detected as Bazel-managed if the repository root contains:
MODULE.bazel(bzlmod, preferred)WORKSPACE.bazelorWORKSPACE(legacy)
Optional markers: .bazelrc, .bazelversion
Nested
BUILD.bazelfiles (e.g., from vendored deps) do NOT trigger Bazel detection.
The bazelHints.commands field contains actual commands to run:
| Check | Stack-native | Bazel Command |
|---|---|---|
| Lint | npm run lint |
bazel test //... --aspects=... |
| Format Check | npm run format:check |
bazel run //tools/format:check |
| Type Check | npm run typecheck |
bazel build //... |
| Test | npm test |
bazel test //... |
| Coverage | npm run coverage |
bazel coverage //... |
Note: Bazel commands shown are illustrative patterns. Actual targets (e.g.,
//tools/lint:lint,//...:format_test) are repo-defined and may not exist without explicit Bazel setup.bazelHintsare advisory—consumers should prefer stack-native commands unless explicitly adopting Bazel.
# .bazelrc
build:ci --nokeep_going
build:ci --test_output=errors
- uses: bazel-contrib/setup-bazel@0.14.0
with:
bazelisk-cache: true
- run: bazel test //... --config=ci- script: |
curl -Lo bazelisk https://github.com/bazelbuild/bazelisk/releases/latest/download/bazelisk-linux-amd64
chmod +x bazelisk && mv bazelisk /usr/local/bin/bazel
displayName: "Install Bazelisk"
- script: bazel test //... --config=ci
displayName: "Run Bazel Tests"Remote cache is optional and not required for basic CI.
To disable Bazel hints for a repo that contains Bazel files but uses npm for quality checks:
{ "meta": { "executorHints": { "bazel": { "enabled": false } } } }The generator reads the master spec and produces filtered, deterministic outputs.
# TypeScript / JavaScript
npm run generate:ci -- typescript-js
# Python
npm run generate:ci -- python
# C# / .NET
npm run generate:ci -- csharp-dotnet
# Python + Azure DevOps
npm run generate:ci -- python azure-devops
# TypeScript + GitHub Actions
npm run generate:ci -- typescript-js github-actionsAll CI systems:
config/standards.typescript-js.json
config/standards.csharp-dotnet.json
config/standards.python.json
Filtered by CI system (example):
config/standards.python.azure-devops.json
config/standards.typescript-js.github-actions.json
These generated files are artifacts. Do not edit them manually — always modify
config/standards.json.
Install:
npm install @oddessentials/repo-standardsTypical usage:
- Load the master spec for tooling or audits
- Load a stack-specific view as:
- a CI contract
- an onboarding checklist
- input to autonomous agents
This package is intentionally read-only and side-effect free.
- Identify the stack (
typescript-js,csharp-dotnet,python) - Generate the filtered checklist
- Use it as:
- a baseline for CI
- a migration checklist for legacy repos
- a governance artifact for reviews
For existing repositories, follow meta.migrationGuide to adopt standards incrementally without breaking teams.
Human-readable “agent instructions” can also be generated:
# Default (TypeScript + GitHub Actions)
npm run generate:instructions
# Python
npm run generate:instructions -- standards.python.json
# C# / .NET + Azure DevOps
npm run generate:instructions -- standards.csharp-dotnet.azure-devops.json🐝 Small rules. Shared language. Predictable outcomes.
This repo deliberately separates:
- Policy definition (what good looks like)
- Enforcement (handled elsewhere)
- Execution (CI, agents, humans)
That separation is what makes it composable, automatable, and safe.