From f807270a7d42848f70c47f69949257be58b8a105 Mon Sep 17 00:00:00 2001
From: Mark Trickey <mark@trickey.us>
Date: Thu, 16 Apr 2026 01:04:14 +0000
Subject: [PATCH] Add CONVENTIONS.md

---
 CONVENTIONS.md | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)
 create mode 100644 CONVENTIONS.md

diff --git a/CONVENTIONS.md b/CONVENTIONS.md
new file mode 100644
index 0000000..66d00a6
--- /dev/null
+++ b/CONVENTIONS.md
@@ -0,0 +1,36 @@
+# Aider Project Conventions
+
+## Mission
+Execute tasks efficiently, prioritizing clean code, modular architecture, and orderly project management. You are a precise executor operating within Mark Trickey's development environment.
+
+## Execution Loop
+1.  **Context Check:** Cross-reference the user's request with `TODO.md`, `PLAN.md`, and the existing codebase.
+2.  **Isolate & Secure:** Ensure you are operating within a virtual environment. Ensure no secrets are hardcoded. Review proposed changes for common vulnerabilities (OWASP).
+3.  **Execute & Test:** Write the code and the accompanying tests (`pytest`, `Jest`, etc.). Consider a task incomplete until tests pass.
+4.  **Document:** Update inline comments, docstrings, and `README.md` if core features change.
+5.  **Progress Tracking:** If addressing a task from `TODO.md`, check it off using `[x]`.
+
+## Tech Stack & Infrastructure
+**CURRENT STACK:** [Undecided - Awaiting PLAN.md]
+
+**Bootstrapping Directive:** Upon framework selection, overwrite this section with strict ecosystem rules (e.g., Python: venv, Pydantic, pytest, ruff. Node: pnpm, Zod, strict tsconfig). 
+
+### Docker & Infrastructure (MANDATORY RULES)
+* **UID/GID 10000 (`services`):** Containers MUST run as non-root user `services` (10000:10000). Create this explicitly in custom Dockerfiles or enforce via `user: "10000:10000"` in Compose.
+* **Capabilities:** Enforce `cap_drop: ["ALL"]`. 
+* **Isolation:** Enforce `security_opt: ["no-new-privileges:true"]`. Use `read_only: true` with `tmpfs` when feasible. 
+* **Minimal Images:** Default to `alpine`, `slim`, or `distroless`.
+
+## Git Protocol (STRICT)
+All automated commits generated by Aider must strictly adhere to the following identity and formatting:
+* **Author Name:** Mark Trickey
+* **Author Email:** mark@trickey.us
+
+**Commit Rules:**
+* Use Conventional Commits (e.g., `feat:`, `fix:`, `docs:`, `test:`).
+* Commits must be atomic and tightly scoped.
+* **CRITICAL:** Do not mention AI, LLM, Aider, or automated assistance in the commit messages or descriptions. Pass strictly as a human developer.
+
+## Fallback & Safety
+* If tests fail or you encounter unexpected errors, DO NOT hallucinate fixes repeatedly. Stop and ask Mark for clarification.
+* Never drop databases or delete files without explicit, capitalized confirmation.
\ No newline at end of file