Skip to content

Discussion: standard section for generated-code safety checks #189

Description

@dgenio

Context

AGENTS.md gives repositories a place to tell coding agents how to work safely and effectively in a codebase.

As coding agents become more autonomous, many repositories will need to specify not only style and workflow rules, but also the checks that generated code must pass before a human reviews it.

Problem

Agent-authored changes can fail in predictable ways:

  • tests not run;
  • generated files committed accidentally;
  • secrets or local paths leaked;
  • package artifacts include unintended files;
  • dependency changes are made without justification;
  • security scanners are skipped;
  • docs/examples drift from code;
  • risky commands are run without permission.

Different repositories can describe these expectations manually, but a common recommended section would make AGENTS.md more useful across tools and projects.

Proposal

Would it make sense to document an optional section for generated-code safety checks?

For example:

## Generated-code safety checks

Before submitting changes, agents should:

- run the project test command: `<command>`;
- run lint/type checks: `<command>`;
- inspect generated/package artifacts: `<command>`;
- check for secrets or local-only paths: `<command>`;
- avoid committing files matching: `<patterns>`;
- summarize dependency changes and why they are needed;
- state which checks could not be run.

The section would remain optional and project-specific. The value would be giving maintainers a predictable place to encode safety expectations.

Use cases

  • More reliable agent-generated PRs.
  • Easier human review.
  • Better behavior across multiple coding agents.
  • Standard place to document project-specific safety gates.
  • Reduced accidental commits of generated artifacts, local files, or secrets.

Non-goals

  • Defining one universal safety policy.
  • Requiring every repository to use the section.
  • Replacing CI.
  • Preventing maintainers from using their own structure.

Open questions

  • Is this too prescriptive for the current scope of AGENTS.md?
  • Should this live in the main example, advanced guidance, or a recipe?
  • Should there be separate sections for "must run", "should run", and "state if unable to run"?
  • Are there existing conventions this should align with?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type
    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions