Standalone Config Packs
git clone https://github.com/AEEF-AI/aeef-config-packs.git
Config packs are standalone configuration files that you copy into an existing project to enforce AEEF standards. Unlike the template repositories, config packs require no changes to your application code -- they add governance through IDE settings, CI pipelines, linter rules, and security policies.
This is the recommended adoption path for brownfield projects where adopting an entire template repo is impractical.
Repository
github.com/AEEF-AI/aeef-config-packs
Directory Structure
aeef-config-packs/
ai-tool-config/ # IDE and AI tool settings
.cursorrules
.github/
copilot-instructions.md
.claude/
settings.json
.windsurfrules
ci-cd/ # CI pipeline definitions
github-actions/
ci.yml
security.yml
gitlab-ci/
.gitlab-ci.yml
azure-devops/
azure-pipelines.yml
bitbucket/
bitbucket-pipelines.yml
git-workflow/ # Git conventions and templates
.github/
PULL_REQUEST_TEMPLATE.md
CODEOWNERS
.commitlintrc.json
.husky/
pre-commit
commit-msg
security/ # SAST and SCA rules
.semgrep/
ai-code-patterns.yml
typescript-security.yml
python-security.yml
go-security.yml
linters/ # Language-specific linter configs
typescript/
eslint.config.mjs
tsconfig.json
python/
ruff.toml
mypy.ini
go/
.golangci.yml
schemas/ # JSON schemas for AEEF artifacts
kpi-record.schema.json
provenance-log.schema.json
agent-contract.schema.json
agent-sdlc/ # Agent SDLC templates (Tier 2+)
ai/
agents/
contracts/
handoffs/
policies/ # Organizational policy templates
ai-acceptable-use.md
code-review-policy.md
incident-response-plan.md
How to Adopt Incrementally
Config packs are designed to be adopted one category at a time. Here is the recommended adoption timeline:
Day 1: AI Tool Configuration
Copy the AI tool configs into your repository root. These take effect immediately when developers open the project:
# From the config-packs repo
cp -r ai-tool-config/.cursorrules /path/to/your/project/
cp -r ai-tool-config/.github/ /path/to/your/project/.github/
cp -r ai-tool-config/.claude/ /path/to/your/project/.claude/
cp ai-tool-config/.windsurfrules /path/to/your/project/
Standards enforced: PRD-STD-001 (Prompt Engineering)
Impact: Zero risk. These files only affect AI tool behavior in the IDE.
Week 1: Git Workflow and CI Pipelines
Add the PR template, commit linting, and CI pipeline for your platform:
# PR template and commit hooks
cp git-workflow/.github/PULL_REQUEST_TEMPLATE.md /path/to/your/project/.github/
cp git-workflow/.commitlintrc.json /path/to/your/project/
# CI pipeline (choose your platform)
cp ci-cd/github-actions/ci.yml /path/to/your/project/.github/workflows/
Customize the CI pipeline to match your project's language, test command, and build steps.
Standards enforced: PRD-STD-002 (Code Review), PRD-STD-003 (Testing), PRD-STD-007 (Quality Gates)
Impact: Low. CI runs on PRs only; does not block existing workflows until you enable required status checks.
Week 2: Security Policies and Linter Configs
Layer in Semgrep rules and language-specific linter configurations:
# Security scanning rules
cp -r security/.semgrep/ /path/to/your/project/
# Linter config (choose your language)
cp linters/typescript/eslint.config.mjs /path/to/your/project/
# or
cp linters/python/ruff.toml /path/to/your/project/
# or
cp linters/go/.golangci.yml /path/to/your/project/
Standards enforced: PRD-STD-004 (Security Scanning), PRD-STD-006 (Technical Debt), PRD-STD-008 (Dependency Compliance)
Impact: Medium. May surface existing issues in the codebase. Run the tools locally first to assess the volume of findings before adding them to CI.
Per-Category Adoption Guide
AI Tool Config
| File | Purpose | Standard |
|---|---|---|
.cursorrules | Cursor IDE rules for AEEF prompt discipline | PRD-STD-001 |
.github/copilot-instructions.md | GitHub Copilot custom instructions | PRD-STD-001 |
.claude/settings.json | Claude Code project settings | PRD-STD-001 |
.windsurfrules | Windsurf IDE configuration | PRD-STD-001 |
CI/CD Pipelines
Pipelines are provided for four platforms. Each includes: lint, test with coverage gate, security scan (Semgrep + dependency audit), and optional deployment steps.
| Platform | File | Notes |
|---|---|---|
| GitHub Actions | ci-cd/github-actions/ci.yml | Recommended default |
| GitLab CI | ci-cd/gitlab-ci/.gitlab-ci.yml | Uses GitLab runners |
| Azure DevOps | ci-cd/azure-devops/azure-pipelines.yml | YAML pipeline format |
| Bitbucket | ci-cd/bitbucket/bitbucket-pipelines.yml | Bitbucket Pipelines format |
Security Rules
Semgrep rules are organized by concern:
| Rule File | Targets | Description |
|---|---|---|
ai-code-patterns.yml | All languages | Patterns commonly introduced by AI code generation |
typescript-security.yml | TypeScript/JavaScript | Prototype pollution, eval, unsafe assertions |
python-security.yml | Python | SQL injection, pickle, subprocess injection |
go-security.yml | Go | SQL injection, disabled TLS, insecure random |
Schemas
JSON schemas validate AEEF artifacts in CI:
| Schema | Purpose |
|---|---|
kpi-record.schema.json | Validates KPI measurement records |
provenance-log.schema.json | Validates code provenance logs |
agent-contract.schema.json | Validates agent SDLC contracts |
Keeping Config Packs Updated
Config packs are versioned alongside the AEEF standards. To update:
- Check the config-packs releases for new versions.
- Compare your local configs against the latest release using
diff. - Apply changes selectively, preserving any project-specific customizations.
Alternatively, use the provided update script:
npx aeef-config-packs update --path /path/to/your/project
Next Steps
- Ready for a full template? See the Quick Start tier for greenfield projects.
- Need agent SDLC and metrics? The
agent-sdlc/andschemas/directories preview Tier 2 capabilities. See the Transformation tier for the full implementation.