AI Governance
VUP treats AI delivery as an engineering system, not a black box.
Core Principles
- Standardized input: repository rules and skills define boundaries first.
- Standardized process: phase-based flow with checkpoints and explicit confirmations.
- Standardized output: consistent structure, naming, and reviewable changes.
Core Instructions and Extensions
AI collaboration is driven by the .agents directory:
_core/rules/: always-on constraints for workflow, files, modules, and quality._core/tasks/: task playbooks such as adding apps, pages, APIs, auth, and releases._core/stacks/: stack-specific notes loaded by tasks only when needed.- External skills: installed by their own tools and kept outside
.agents.
Add AI instructions when a project needs AI collaboration:
vup skill init
vup skill addvup skill init copies the project instruction assets such as _core/ and project.md. vup skill add uses the template-only ai.md and .aiignore to generate client entry files such as AGENTS.md, CLAUDE.md, and .cursorignore.
Core instructions are layered:
- Rules define non-negotiable boundaries.
- Tasks describe how AI should perform engineering actions.
- Stacks explain platform differences without becoming framework tutorials.
- External skills add team-specific domain knowledge without changing
.agents.
Packages and Skills
Packages are runtime capabilities installed with vup package add. Skills and tasks do not replace packages; they teach AI when to choose a package, where to wire it into an app, and which package README or API surface to follow.
For example, a task may decide that a Vue app needs HTTP integration, then load the relevant stack notes and use @vup/http from packages/http instead of inventing a new request layer.
Hard Gates
For high-impact steps, AI must stop and ask for confirmation before continuing. Typical gates include:
- moving to the next phase in a multi-step workflow
- choosing between ambiguous implementation options
- introducing new dependencies or structural refactors
- commit/publish operations
This makes decisions visible and auditable instead of implicit.
How Skills Are Selected
- Parse task intent and map it to
_core/tasks/*. - Load only the required task and stack notes while keeping rules always active.
- Execute by phase and checkpoint, then request confirmation at gates.
Why This Is More Reliable
| Dimension | Generic AI Generation | VUP Governance |
|---|---|---|
| Input | Prompt-only, easy to drift | Rules + skills + repo conventions |
| Process | Opaque intermediate steps | Checkpointed phases with explicit confirmation |
| Output | Style depends on each run | Stable structure and conventions |
| Team Collaboration | Hard to align and reuse | Shared playbooks and team-level consistency |
In Practice
- Add app templates with
vup app add. - Run AI tasks under rules and matched skills.
- Add incremental capabilities with
vup package add. - Use
vup example addfor isolated capability references when needed. - Keep decisions and outputs auditable through the same conventions.