Skip to content

AI Governance

VUP treats AI delivery as an engineering system, not a black box.

Core Principles

  • Standardized input: repository rules and skills define boundaries first.
  • Standardized process: phase-based flow with checkpoints and explicit confirmations.
  • Standardized output: consistent structure, naming, and reviewable changes.

Core Instructions and Extensions

AI collaboration is driven by the .agents directory:

  • _core/rules/: always-on constraints for workflow, files, modules, and quality.
  • _core/tasks/: task playbooks such as adding apps, pages, APIs, auth, and releases.
  • _core/stacks/: stack-specific notes loaded by tasks only when needed.
  • External skills: installed by their own tools and kept outside .agents.

Add AI instructions when a project needs AI collaboration:

bash
vup skill init
vup skill add

vup skill init copies the project instruction assets such as _core/ and project.md. vup skill add uses the template-only ai.md and .aiignore to generate client entry files such as AGENTS.md, CLAUDE.md, and .cursorignore.

Core instructions are layered:

  • Rules define non-negotiable boundaries.
  • Tasks describe how AI should perform engineering actions.
  • Stacks explain platform differences without becoming framework tutorials.
  • External skills add team-specific domain knowledge without changing .agents.

Packages and Skills

Packages are runtime capabilities installed with vup package add. Skills and tasks do not replace packages; they teach AI when to choose a package, where to wire it into an app, and which package README or API surface to follow.

For example, a task may decide that a Vue app needs HTTP integration, then load the relevant stack notes and use @vup/http from packages/http instead of inventing a new request layer.

Hard Gates

For high-impact steps, AI must stop and ask for confirmation before continuing. Typical gates include:

  • moving to the next phase in a multi-step workflow
  • choosing between ambiguous implementation options
  • introducing new dependencies or structural refactors
  • commit/publish operations

This makes decisions visible and auditable instead of implicit.

How Skills Are Selected

  1. Parse task intent and map it to _core/tasks/*.
  2. Load only the required task and stack notes while keeping rules always active.
  3. Execute by phase and checkpoint, then request confirmation at gates.

Why This Is More Reliable

DimensionGeneric AI GenerationVUP Governance
InputPrompt-only, easy to driftRules + skills + repo conventions
ProcessOpaque intermediate stepsCheckpointed phases with explicit confirmation
OutputStyle depends on each runStable structure and conventions
Team CollaborationHard to align and reuseShared playbooks and team-level consistency

In Practice

  1. Add app templates with vup app add.
  2. Run AI tasks under rules and matched skills.
  3. Add incremental capabilities with vup package add.
  4. Use vup example add for isolated capability references when needed.
  5. Keep decisions and outputs auditable through the same conventions.