AI Governance
VUP treats AI delivery as an engineering system, not a black box.
Core Principles
- Standardized input: repository rules and skills define boundaries first.
- Standardized process: phase-based flow with checkpoints and explicit confirmations.
- Standardized output: consistent structure, naming, and reviewable changes.
Rules and Skills
AI collaboration is driven by the .agent directory:
rules/: always-on constraints for workflow, code quality, structure, and Git.skills/: scenario-based playbooks loaded on demand.
Skills are layered:
- Flow: end-to-end process
- Capability: reusable abilities such as HTTP/auth/RBAC
- Stack: framework/platform-specific implementation
- Pattern: business-level patterns such as CRUD/login/admin
Hard Gates
For high-impact steps, AI must stop and ask for confirmation before continuing. Typical gates include:
- moving to the next phase in a multi-step workflow
- choosing between ambiguous implementation options
- introducing new dependencies or structural refactors
- commit/publish operations
This makes decisions visible and auditable instead of implicit.
How Skills Are Selected
- Parse task intent and map it to skill descriptions.
- Load only the required skills and keep rules always active.
- Execute by phase and checkpoint, then request confirmation at gates.
Why This Is More Reliable
| Dimension | Generic AI Generation | VUP Governance |
|---|---|---|
| Input | Prompt-only, easy to drift | Rules + skills + repo conventions |
| Process | Opaque intermediate steps | Checkpointed phases with explicit confirmation |
| Output | Style depends on each run | Stable structure and conventions |
| Team Collaboration | Hard to align and reuse | Shared playbooks and team-level consistency |
In Practice
- Add app templates with
vup add. - Run AI tasks under rules and matched skills.
- Add incremental capabilities with
vup use. - Use
vup examplefor isolated capability references when needed. - Keep decisions and outputs auditable through the same conventions.