Operating rules for agents working in this repository.
This is a greenfield Rust project now in active implementation. The working plan lives in plan.md; read it before doing anything substantive. If code and plan disagree, fix one or the other deliberately, never silently.
- Project key (for beads, agent mail, cass-memory):
plsql-intelligence - Repo name on disk:
oracle/(not the same as the project key) - Language: Rust (Cargo workspace). No JS/TS/Python in this repo.
- Status: Pre-GA implementation. Foundational crates exist; higher layers are still in progress.
- Web access: allowed. Use
WebFetch/WebSearchfor OSS docs, Oracle reference material, crate research, etc.
- C1/C2: No ML training on private data; no private code through founder-owned inference infra.
- C5/C6 + private estate: Private PL/SQL test material lives in the directory named by the
PLSQL_PRIVATE_ESTATEenvironment variable. Strictly local-only. Never publish, copy, orgit addanything from that path into this repo or any other git repository. Treat it as pattern reference only; test cases mirroring its patterns are re-synthesized from grammar + description, never copied. - C7 (operational, supersedes plan.md §3 literal text): Agents may commit and push via the git skills below. Never run destructive ops (
git reset --hard,git clean -fd,git push --force, branch deletion,git stash drop,rm -rfon tracked paths) without explicit in-session approval.
If unsure whether an action would violate one of these, stop and ask.
- R10 / R11: Every CLI ships
--robot-jsonand adoctorsubcommand. - R13: No uncertainty is silently dropped; every blind spot becomes a typed
UnknownReasonwith provenance. - R17: No telemetry by default.
- R20: Parser backend isolation is mandatory; no downstream crate depends on ANTLR-generated types.
Full R-rule list and rationale: plan.md §4. The plan governs; this file is a pointer.
You may NOT delete any file or directory unless I explicitly give the exact command in this session.
- This includes files you just created (tests, tmp files, scripts, etc.).
- You do not get to decide that something is "safe" to remove.
- If you think something should be removed, stop and ask. You must receive clear written approval before any deletion command is even proposed.
Treat "never delete files without permission" as a hard invariant.
Absolutely forbidden unless I give the exact command and explicit approval in the same message:
git reset --hardgit clean -fdrm -rf- Any command that can delete or overwrite code/data
Rules:
- If you are not 100% sure what a command will delete, do not propose or run it. Ask first.
- Prefer safe tools:
git status,git diff,git stash, copying to backups, etc. - After approval, restate the command verbatim, list what it will affect, and wait for confirmation.
- When a destructive command is run, record in your response:
- The exact user text authorizing it
- The command run
- When you ran it
If that audit trail is missing, then you must act as if the operation never happened.
- Build system: Cargo workspace. One crate per component (plan.md §6.2.1).
- Toolchain:
rust-toolchain.tomlusesstable;Cargo.tomldeclares the workspacerust-versionfloor. Default workspace builds, tests, clippy, and release binaries must stay stable-only. Any remainingcargo +nightly-2026-05-11command is transitional retirement work for still-unremoved live/MCP/codegen surfaces, not a precedent for new engine code. - Style:
cargo fmt(default config) +cargo clippy -- -D warnings. No exceptions. - Errors:
miettefor human diagnostics,thiserrorfor library errors. Noanyhowexceptmain(). - Observability:
tracingwith structured fields. Spans on every public API call. - Async/runtime model: The offline engine is sync-first. Public
APIs for parse, IR, depgraph, lineage, SAST, docs, bindgen, CI/CD
prediction, catalog snapshot ingestion, and local analysis should be
synchronous by default. Do not introduce
asupersync,oraclemcp-db, live Oracle sockets, MCP serving, telemetry, or daemon/network runtime dependencies in this repo. Live Oracle I/O and MCP serving belong in the separateoraclemcprepository; this repo exposes stable library crates and CLIs for that consumer. - Parser codegen / Java: Normal builds use committed ANTLR Rust
sources and must not require Java. Java is needed only when
intentionally regenerating parser output with
PLSQL_ANTLR_REGEN=1or running the CI drift-check path.
Use these skills when the situation matches their trigger conditions; for routine commits and pushes, plain git via Bash is fine.
gh-cli— repos, issues, PRs, actions, releasesgit-stash-janitor— mine accumulated stashes for content worth landing before cleanupgit-worktree-branch-rationalization— collapse sprawling worktrees and branches back to a canonical linegit-repo-janitor— general repo hygiene
Standard flow: git pull --rebase, stage explicit paths, run quality gates, commit, push. Forbidden ops are listed under C7.
See plan.md §5 for the layer-based dependency graph (Layer 0 → Layer 5). Per-component design is in plan.md §6–§15. Do not re-document architecture here; update the plan when it changes.
Current high-level layout:
oracle/
├── Cargo.toml # workspace manifest
├── plan.md # authoritative specification
├── README.md # public-facing landing
├── AGENTS.md # this file
├── crates/ # implemented Rust workspace crates
├── corpus/ # corpus manifest + future fixtures
├── .beads/ # br issue tracker
├── .claude/ # Claude Code settings
└── .ntm/ # NTM swarm state
Longer-term target layout (docs/, tools/, additional crates, fuller corpus): plan.md §6.2.1.
Current state: crates/plsql-parser-antlr/src/generated/ contains
committed ANTLR outputs used by the normal antlr-codegen feature path so
engine builds do not require Java. Do not hand-edit files in that directory.
Regenerate them only with:
PLSQL_ANTLR_REGEN=1 cargo build -p plsql-parser-antlr --features antlr-codegenFor CI drift checks, regenerate to a scratch directory and compare against the committed copy:
PLSQL_ANTLR_REGEN=1 \
PLSQL_ANTLR_REGEN_DIR=/tmp/plsql-parser-antlr-generated \
cargo build -p plsql-parser-antlr --features antlr-codegen
diff -ru crates/plsql-parser-antlr/src/generated /tmp/plsql-parser-antlr-generatedIf/when you add generated artifacts:
- Rule: Never hand-edit generated outputs.
- Convention: Put generated outputs in a clearly labeled directory and document the generator command.
- Do not run scripts that bulk-modify code (codemods, invented one-off scripts, giant
sed/regex refactors). - Large mechanical changes: break into smaller, explicit edits and review diffs.
- Subtle/complex changes: edit by hand, file-by-file, with careful reasoning.
We optimize for a clean architecture now, not backwards compatibility.
- No "compat shims" or "v2" file clones.
- When changing behavior, migrate callers and remove old code.
- New files are only for genuinely new domains that don't fit existing modules.
- The bar for adding files is very high.
- Prefer structured, minimal logs (avoid spammy debug output).
- Treat user-facing UX as UI-first; logs are for operators/debugging.
Agent Mail is available as an MCP server for coordinating work across agents.
What Agent Mail gives:
- Identities, inbox/outbox, searchable threads.
- Advisory file reservations (leases) to avoid agents clobbering each other.
- Persistent artifacts in git (human-auditable).
Core patterns:
-
Same repo
- Register identity:
ensure_projectthenregister_agentwith the repo's absolute path asproject_key.
- Reserve files before editing:
file_reservation_paths(project_key, agent_name, ["src/**"], ttl_seconds=3600, exclusive=true).
- Communicate:
send_message(..., thread_id="FEAT-123").fetch_inbox, thenacknowledge_message.
- Fast reads:
resource://inbox/{Agent}?project=<abs-path>&limit=20.resource://thread/{id}?project=<abs-path>&include_bodies=true.
- Register identity:
-
Macros vs granular:
- Prefer macros when speed is more important than fine-grained control:
macro_start_session,macro_prepare_thread,macro_file_reservation_cycle,macro_contact_handshake.
- Use granular tools when you need explicit behavior.
- Prefer macros when speed is more important than fine-grained control:
Common pitfalls:
- "from_agent not registered" → call
register_agentwith correctproject_key. FILE_RESERVATION_CONFLICT→ adjust patterns, wait for expiry, or use non-exclusive reservation.
When ending a work session:
- Pull-rebase first:
git pull --rebase. - Stage relevant paths (
git add <paths>, nevergit add -A, which risks pulling in private estate material if anything was symlinked). - Run quality gates if code changed:
cargo check,cargo clippy -- -D warnings,cargo test,ubs <changed files>. - Update beads: close finished work, mark in-progress items, file new beads for follow-ups.
- Flush beads to JSONL with
br sync --flush-only, then stage.beads/alongside the code. - Commit with a concise message; push to the appropriate branch (never force-push to
mainormaster). - Summarize for the founder: what changed, why, what was pushed, what's blocked.
Destructive ops listed in C7 stay forbidden without explicit approval.
All issue tracking goes through Beads. No other TODO systems.
Key invariants:
.beads/is authoritative state and must always be committed with code changes.- Do not edit
.beads/*.jsonldirectly; only viabr.
Check ready work:
br ready --jsonCreate issues:
br create "Issue title" -t bug|feature|task -p 0-4 --json
br create "Issue title" -p 1 --deps discovered-from:br-123 --jsonUpdate:
br update br-42 --status in_progress --json
br update br-42 --priority 1 --jsonComplete:
br close br-42 --reason "Completed" --jsonTypes: bug, feature, task, epic, chore
Priorities: 0 critical, 1 high, 2 medium (default), 3 low, 4 backlog
Agent workflow:
br readyto find unblocked work.- Claim:
br update <id> --status in_progress. - Implement + test.
- If you discover new work, create a new bead with
discovered-from:<parent-id>. - Close when done.
- Commit
.beads/in the same commit as code changes.
Before converting fresh bead seeds out of plan.md (or before merging any
plan.md change that adds or relocates bead-seed rows), run:
cargo run -p plan-lint -- --doctorResolve any new findings (or escalate to PLSQL-PLAN-003 if the drift is
already tracked) before invoking br create. CI also runs plan-lint on
every PR, but the in-the-loop check during conversion catches mistakes
before they bleed into the issue tracker (PLSQL-PLAN-002).
Before closing any catalog / parser-dialect / depgraph-edge / SAST-rule
work, run a /oracle-skill check against the matching reference in
your local Oracle reference skill (~/.claude/skills/oracle/, when
present):
- catalog work →
LOW-LEVEL-CATALOGS.md+DATABASE-REFERENCE.md - parser dialect features →
DATABASE-REFERENCE.md+SUPPORT-RELEASE-MATRIX.md - depgraph edge kinds →
LOW-LEVEL-CATALOGS.md(ALL_DEPENDENCIES) - SAST rules →
SECURITY-OPTIONS-REFERENCE.md+DATABASE-REFERENCE.md - bindings type map →
DATABASE-REFERENCE.md+OBJECT-TYPES-REFERENCE.md
Cite the source line + reference section in the closure rationale. Six substantive /oracle audits landed during the 2026-05-15 session (catalog, L2 corpus, depgraph taxonomy, parser version coverage, MCP surface, bindgen type map). That cadence is the floor, not a ceiling.
Never:
- Use markdown TODO lists.
- Use other trackers.
- Duplicate tracking.
bv is a graph-aware triage engine for Beads projects. Use robot flags for deterministic outputs.
--robot-* flags. Bare bv launches an interactive TUI that blocks your session.
bv --robot-triage # THE MEGA-COMMAND: start here
bv --robot-next # Just the single top pick + claim command
bv --robot-plan # Parallel execution tracks
bv --robot-insights # Full graph metricsUse bv instead of parsing beads.jsonl; it computes PageRank, critical paths, cycles, and parallel tracks deterministically.
cass indexes prior agent conversations so we can reuse solved problems.
Rules: Never run bare cass (TUI). Always use --robot or --json.
cass health
cass search "authentication error" --robot --limit 5
cass view /path/to/session.jsonl -n 42 --jsonTreat cass as a way to avoid re-solving problems other agents already handled.
Before starting complex tasks, retrieve relevant context:
cm context "<task description>" --jsonThis returns:
- relevantBullets: Rules that may help with your task
- antiPatterns: Pitfalls to avoid
- historySnippets: Past sessions that solved similar problems
Protocol:
- START: Run
cm context "<task>" --jsonbefore non-trivial work - WORK: Reference rule IDs when following them
- END: Just finish your work. Learning happens automatically.
Golden Rule: ubs <changed-files> before every commit. Exit 0 = safe. Exit >0 = fix & re-run.
ubs file.ts file2.py # Specific files (< 1s) — USE THIS
ubs $(git diff --name-only --cached) # Staged files — before commit
ubs . # Whole projectSpeed Critical: Scope to changed files. ubs src/file.ts (< 1s) vs ubs . (30s).
Bug Severity:
- Critical (always fix): Null safety, XSS/injection, async/await, memory leaks
- Important (production): Type narrowing, division-by-zero, resource leaks
- Contextual (judgment): TODO/FIXME, console logs