PrimebrickPrimebrick
  • Docs
  • Contact
  • MIT License
  • Documentation
  • MCP Server
  • API Catalog
  • Services
  • Libraries
PrimebrickPrimebrick

© 2026 Primebrick. MIT License.

github
Backend
Frontend
Microservices
    Agent Skills & Execution PermissionsAI Agent GovernanceBrevo Email ProviderCode Guardrails & File Operation RulesData Layer & Database ToolingDeployment & DockerEmail Services & Business LogicEmailSender MicroserviceEntity Model & DecoratorsGetting Started & Local DevelopmentGitFlow Branching StrategyGlossaryHTTP Server & Webhook EndpointNATS Messaging LayerOverviewRelease Lifecycle & Pre-commit HooksRepository Structure & Tech StackSchema Snapshot & Migration PipelineVersion Control & Release ProcessWorkflow & Planning Rules (Tic-Toc)
powered by Zudoku
Microservices

Code Guardrails & File Operation Rules

Code Guardrails & File Operation Rules

Relevant source files

The following files were used as context for generating this wiki page:

  • .devin/rules/code-guardrails.md
  • .devin/rules/file-operations.md
  • .devin/rules/temp-files.md

This page documents the technical constraints and operational protocols governing AI agent behavior within the primebrick-v3-microservices repository. These rules ensure system stability, maintain architectural integrity, and prevent repository pollution through strict execution limits and file management policies.

1. Code Execution Guardrails

The repository enforces a "fail-fast" policy for all automated code modifications. These guardrails prevent the AI agent from entering recursive error-correction loops or introducing large-scale regressions.

1.1 Self-Correction & Retry Logic

AI agents are permitted a maximum of 2 self-correction attempts to resolve terminal command failures, linter errors, or test regressions .devin/rules/code-guardrails.md:6-7. If the error persists after the second attempt, the agent must immediately halt all operations .devin/rules/code-guardrails.md:8.

1.2 BLOCKED State & Escalation

Upon reaching the retry limit, the system transitions to a BLOCKED state .devin/rules/code-guardrails.md:9. The agent is required to:

  1. Update the Kanban board/Command Center status to BLOCKED.
  2. Report the full error logs in the communication channel.
  3. Wait for manual user intervention before proceeding .devin/rules/code-guardrails.md:10.

1.3 Scope Locking & Atomicity

To maintain architectural consistency, agents operate under "Scope Locking" constraints:

  • Signature Protection: Existing function signatures, API endpoints, and shared state structures cannot be modified unless specifically authorized in a pre-approved Markdown plan .devin/rules/code-guardrails.md:13.
  • Iterative Application: Changes must be atomic. Agents must run linters or tests after modifying single modules rather than batching edits across multiple files .devin/rules/code-guardrails.md:14.

Sources: .devin/rules/code-guardrails.md:1-15


2. File Operation Rules

File operations prioritize empirical verification over IDE state. This prevents errors caused by out-of-sync editor buffers or memory-resident file copies.

2.1 Empirical Verification Workflow

Agents must never assume a file's state based on the editor's context .devin/rules/file-operations.md:20-22. Every operation follows a strict verification cycle using system-level tools.

File Verification Process Flow

Code
graph TD "START"["Start File Operation"] --> "VERIFY_EXIST"["Verify Existence via Test-Path/ls"] "VERIFY_EXIST" --> "VERIFY_CONTENT"["Verify Content via read/grep"] "VERIFY_CONTENT" --> "EXECUTE"["Execute File Operation"] "EXECUTE" --> "POST_VERIFY"["Post-Operation Empirical Check"] "POST_VERIFY" --> "END"["Operation Complete"]

Sources: .devin/rules/file-operations.md:15-31

2.2 Tool-Based Verification

The following tools are mandated for file state confirmation:

  • Existence: Test-Path (PowerShell) or ls (Unix) .devin/rules/file-operations.md:16.
  • Content: read tool .devin/rules/file-operations.md:17.
  • Search: grep tool for pattern matching .devin/rules/file-operations.md:18.
  • Discovery: find_file_by_name for location mapping .devin/rules/file-operations.md:19.

2.3 Path Conventions

  • Relative Paths: Agents must use relative paths from the workspace root (e.g., primebrick-fe-v3/src/...) .devin/rules/file-operations.md:34.
  • Pathing Restrictions: Absolute paths and leading slashes are prohibited unless explicitly required by a specific tool .devin/rules/file-operations.md:35-36.

Sources: .devin/rules/file-operations.md:1-42


3. Temporary File Management

To maintain a clean repository state, the creation of temporary files (scripts, patches, or intermediate logs) within the project directories is strictly forbidden .devin/rules/temp-files.md:11-15.

3.1 Designated Temp Locations

If temporary files are necessary, they must be stored in external system directories:

  • Windows: d:\git\primebrick\temp\ .devin/rules/temp-files.md:18.
  • Linux/Mac: /tmp/ or /var/tmp/ .devin/rules/temp-files.md:19.

3.2 Cleanup Policy

All temporary files must be removed immediately after use using Remove-Item -Force or rm -f .devin/rules/temp-files.md:22. Cleanup must be empirically verified with Test-Path before the agent concludes the session .devin/rules/temp-files.md:24,35.

3.3 In-Memory Preference

Agents are instructed to prefer in-memory operations over disk writes whenever possible, utilizing string manipulation or subagents for complex tasks .devin/rules/temp-files.md:26-30.

Temp File Life Cycle

Code
sequenceDiagram participant "Agent" as Agent Logic participant "Temp" as d:\git\primebrick\temp\ participant "Repo" as primebrick-us-v3/ "Agent"->>"Temp": Create temporary script/patch Note over "Agent", "Repo": Prohibited: Writing temp to Repo/ "Agent"->>"Agent": Execute logic using Temp file "Agent"->>"Temp": Remove-Item -Force "Agent"->>"Temp": Test-Path (Verify deletion)

Sources: .devin/rules/temp-files.md:1-37


4. Summary of Constraints

CategoryRuleEnforcement Mechanism
ExecutionMax 2 RetriesHard stop and transition to BLOCKED state .devin/rules/code-guardrails.md:7-9
ModificationScope LockingProhibition of unauthorized signature changes .devin/rules/code-guardrails.md:13
VerificationEmpirical ToolsMandatory use of ls, grep, and read over IDE context .devin/rules/file-operations.md:15-20
PollutionTemp IsolationNo .js, .py, or .patch files in project repos .devin/rules/temp-files.md:11-15
IDE InteractionNo Auto-OpenPlans and internal scripts must not be opened in the editor .devin/rules/file-operations.md:11-13

Sources: .devin/rules/code-guardrails.md:1-15, .devin/rules/file-operations.md:1-42, .devin/rules/temp-files.md:1-37


Last modified on July 15, 2026
Brevo Email ProviderData Layer & Database Tooling
On this page
  • 1. Code Execution Guardrails
    • 1.1 Self-Correction & Retry Logic
    • 1.2 BLOCKED State & Escalation
    • 1.3 Scope Locking & Atomicity
  • 2. File Operation Rules
    • 2.1 Empirical Verification Workflow
    • 2.2 Tool-Based Verification
    • 2.3 Path Conventions
  • 3. Temporary File Management
    • 3.1 Designated Temp Locations
    • 3.2 Cleanup Policy
    • 3.3 In-Memory Preference
  • 4. Summary of Constraints