Srikanth-AD
diff --git a/‎examples/README.md‎
Lines changed: 80 additions & 0 deletions b/‎examples/README.md‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎examples/policy.example.md‎
Lines changed: 80 additions & 0 deletions b/‎examples/policy.example.md‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎examples/policy.forge-go.example.md‎
Lines changed: 183 additions & 0 deletions b/‎examples/policy.forge-go.example.md‎
Lines changed: 183 additions & 0 deletions
@@ -0,0 +1,80 @@
+# Example policies
+
+These are fictional engineering policy documents you can use as a
+starting point for your own. They're written to be **specific enough
+that stackguard can actually flag prompts against them** — vague
+guidelines produce vague checks.
+
+Pick the one closest to your stack, copy it into your repo as
+`ENGINEERING_GUIDELINES.md` (or whatever you call it), and edit. Each
+file is short enough that adapting it to your real stack is a 30-minute
+exercise, not a multi-week project.
+
+| File | Industry | Stack | Distinctive section |
+|---|---|---|---|
+| [`policy.example.md`](./policy.example.md) | Generic SaaS | Node.js + TypeScript + Postgres + Next.js | Standard structure (good default) |
+| [`policy.helio-python.example.md`](./policy.helio-python.example.md) | Data / ML | Python 3.12 + Polars + DuckDB + FastAPI + PyTorch | Reproducibility & Notebook Governance |
+| [`policy.forge-go.example.md`](./policy.forge-go.example.md) | Microservices | Go 1.22 + chi + sqlc + slog + OTel | Concurrency & Error Discipline |
+| [`policy.ledger-fintech.example.md`](./policy.ledger-fintech.example.md) | Fintech (regulated) | Java 21 + Spring Boot + audit-logged Postgres + Vault | Regulatory Constraints + PII Handling |
+| [`policy.minimal.example.md`](./policy.minimal.example.md) | Two-person product team | Whatever's small | Deliberately tiny — no formal sections |
+
+## Picking one
+
+- **You work at a Node.js shop and want a structured template.** Start with `policy.example.md`. It's the most generic and the easiest to adapt.
+- **You're a data team.** Start with `policy.helio-python.example.md`. The reproducibility section is the part that matters most and isn't in the others.
+- **You're a Go shop.** Start with `policy.forge-go.example.md`. The concurrency rules are Go-specific and worth keeping.
+- **You handle money, PII, or anything with a regulatory footprint.** Start with `policy.ledger-fintech.example.md`. The compliance framing and PII section don't appear in the other examples.
+- **You're 1–3 people and don't want to read or write a long doc.** Start with `policy.minimal.example.md`. Two paragraphs of "we use X, we don't use Y" is enough for stackguard to enforce.
+
+## Trying one without committing
+
+Every example file is self-contained, so you can point stackguard at it
+directly without `init`-ing a project:
+
+```bash
+# From the stackguard repo root
+stackguard check "add a MongoDB connection" \
+  --policy ./examples/policy.example.md
+
+stackguard check "load this CSV with pandas" \
+  --policy ./examples/policy.helio-python.example.md
+
+stackguard check "use gin for the HTTP server" \
+  --policy ./examples/policy.forge-go.example.md
+
+stackguard check "log the user's email when login fails" \
+  --policy ./examples/policy.ledger-fintech.example.md \
+  --mode block
+
+stackguard check "use lodash.debounce on the search input" \
+  --policy ./examples/policy.minimal.example.md
+```
+
+Each example file has a `## Sample stackguard interactions` section at
+the bottom showing what the response looks like for prompts the policy
+flags and prompts it doesn't.
+
+## What makes these realistic
+
+- **Specific package names.** "Use `@acme/db`, never use `prisma` or
+  `drizzle`" is something stackguard can match. "Prefer simple
+  abstractions" is not.
+- **Explicit reasons in the prose.** When a rule has a sentence
+  explaining *why*, the model can quote it back to the developer in
+  the violation message. That's much more persuasive than "rule 4.2.1."
+- **A mix of prohibitions and approvals.** Prohibitions tell the AI
+  what to avoid; approvals tell it what to reach for instead. Both
+  matter — without the approval list, the suggested revision is just
+  "don't do that."
+- **An "AI-Specific Rules" section.** This is the section the checker
+  pays the most attention to, because it's framed as instructions to
+  an AI assistant. Putting your most-violated rules here is the
+  highest-leverage thing you can do to improve precision.
+
+## When *not* to use these as your policy
+
+These are fictional. The libraries, package names, and version
+numbers were chosen to make the examples self-contained and
+unambiguous, not because they reflect any real company's choices.
+Don't ship `@acme/auth` to your team and assume they know what it is.
+Adapt the structure, then write your own.
@@ -94,3 +94,83 @@ When prompting an AI coding assistant, do NOT ask it to:
 When in doubt, ask the AI to use the approved stack above.
 If you genuinely need an exception, file an RFC with @platform-eng
 before writing the prompt.
+
+---
+
+## Sample stackguard interactions
+
+Run them yourself with:
+
+```bash
+stackguard check "<prompt>" --policy ./policy.example.md
+```
+
+### Example 1 — explicit prohibited tech (HIGH confidence block)
+
+```
+$ stackguard check "add a MongoDB connection for user sessions"
+
+⚠  stackguard: guideline conflict detected
+──────────────────────────────────────────────────────────────────────
+
+"add a MongoDB connection for user sessions"
+Rule:   NEVER use MongoDB, DynamoDB, or any NoSQL store for primary
+        data.
+Why:    The prompt explicitly names MongoDB; Acme uses PostgreSQL
+        via @acme/db.
+Level:  HIGH confidence
+
+Suggested revision:
+┌──────────────────────────────────────────────────────────┐
+│ Add a Postgres-backed user_sessions table accessed via │
+│ @acme/db, with a parameterized query for lookups       │
+└──────────────────────────────────────────────────────────┘
+
+[P]roceed anyway  [R]evise  [S]how policy  [C]ancel
+```
+
+### Example 2 — custom security primitive (HIGH confidence block)
+
+```
+$ stackguard check "implement JWT auth from scratch with refresh tokens"
+
+⚠  stackguard: guideline conflict detected
+──────────────────────────────────────────────────────────────────────
+
+"implement JWT auth from scratch with refresh tokens"
+Rule:   NEVER implement JWT signing, verification, or refresh logic
+        from scratch. @acme/auth handles token lifecycle.
+Why:    The prompt asks for custom token logic, which the policy
+        delegates to the shared auth wrapper.
+Level:  HIGH confidence
+
+Suggested revision:
+┌──────────────────────────────────────────────────────────┐
+│ Add login and session handling using @acme/auth, which │
+│ manages token issuance and refresh                     │
+└──────────────────────────────────────────────────────────┘
+
+[P]roceed anyway  [R]evise  [S]how policy  [C]ancel
+```
+
+### Example 3 — vague prompt (PASSES)
+
+```
+$ stackguard check "build a settings page where users can change their display name"
+✓ stackguard: ok
+```
+
+The prompt doesn't name a banned library or pattern. The AI may
+use approved tools in its response — that's fine.
+
+### Example 4 — soft warning (LOW confidence, passes through)
+
+```
+$ stackguard check "add a date picker that handles timezones nicely"
+ℹ  stackguard: possible conflict (low confidence — passing through)
+"date picker that handles timezones" may conflict with "moment is prohibited…"
+```
+
+The model thinks this *might* drift toward `moment-timezone` but
+isn't sure. Per ADR-002, low-confidence violations don't interrupt
+the developer.
@@ -0,0 +1,183 @@
+# Forge Systems Engineering Guidelines
+
+**Owner:** Platform Engineering (@platform)
+**Version:** 7.2
+**Last updated:** 2026-02-14
+**Enforcement:** Pre-prompt via `stackguard`, plus `golangci-lint` + a custom `forge-lint` analyzer in CI. Hard violations require an architecture review.
+
+---
+
+## 1. Approved Tech Stack
+
+### Language and runtime
+- **Go 1.22+** (we depend on `slog`, `range over int`, and `for-range` loop variable scoping)
+- **Modules pinned to exact versions.** No `^` or wildcard ranges in go.mod.
+
+### HTTP services
+- **Standard library `net/http`** with the `chi` router for routing only
+- **NOT** gin, echo, fiber, gorilla/mux, or any other framework
+- **NOT** gRPC for new services (existing gRPC services stay; new work is REST + protobuf payloads)
+
+### Persistence
+- **Postgres 16** via **`sqlc`-generated** typed queries
+- **NEVER use** `database/sql` directly outside `sqlc` output
+- **NEVER use** an ORM. We have specifically rejected GORM, ent, bun, and xorm.
+
+### Logging, metrics, tracing
+- **`log/slog`** (stdlib) — NOT logrus, NOT zap, NOT zerolog
+- **OpenTelemetry SDK** for traces and metrics
+- **`prometheus/client_golang`** for metric exposition
+- All three are wired through `forge/observability`. Use that, not the libs directly.
+
+### Internal packages
+- `forge/auth` — request authentication and authorization
+- `forge/config` — typed config from env via `envconfig`-style struct tags
+- `forge/observability` — logger, tracer, meter
+- `forge/db` — sqlc helpers, migrations, connection pooling
+
+---
+
+## 2. Prohibited Libraries
+
+| Prohibited | Use instead |
+|---|---|
+| `gin`, `echo`, `fiber`, `gorilla/mux` | `net/http` + `chi` router |
+| `gorm`, `ent`, `bun`, `xorm`, `sqlx` | `sqlc` |
+| `logrus`, `zap`, `zerolog`, `glog` | `log/slog` |
+| `viper`, `koanf` | `forge/config` |
+| `errors/pkg` | stdlib `errors` (1.20+ has wrapping) |
+| `uuid`-the-package | `crypto/rand` (we generate ULIDs in `forge/ids`) |
+| any third-party HTTP client | stdlib `net/http.Client` with our `forge/httpclient` wrapper |
+
+---
+
+## 3. Concurrency & Error Discipline
+
+(Unique to Forge — Go gives you enough rope to hang yourself with goroutines. These rules exist because we have spent real on-call hours debugging the mistakes they prevent.)
+
+### Goroutines
+- **Every `go` statement must have an obvious lifetime owner.** Either it's tied to a `context.Context` that someone will cancel, or it's tied to a `sync.WaitGroup` someone will `Wait()` on. Fire-and-forget goroutines are banned. We have an analyzer that fails CI on bare `go func()` outside `main`.
+- **No goroutines inside HTTP handlers** unless explicitly cancelled by the request context. Background work belongs in a worker pool, not in a handler.
+- **`errgroup.Group` is the default** for fan-out; raw goroutines + channels require a justification in the PR description.
+
+### Context
+- **`context.Context` is the FIRST argument** of any function that does I/O, makes a network call, or runs longer than a microsecond. No exceptions.
+- **NEVER store a context in a struct.** Pass it explicitly.
+- **NEVER use `context.Background()` outside `main` and tests.** Use the context you were handed.
+
+### Errors
+- **Wrap with `%w`, never with `%v`** when you want the chain preserved. `forge-lint` enforces this.
+- **NEVER use `panic` in library code.** Panics are for "this state is impossible" — they belong in `main` or in test setup, not in production paths.
+- **Sentinel errors must be exported** so callers can `errors.Is` them. Don't compare error strings.
+
+### Globals and init
+- **`init()` is banned** outside generated code (sqlc, protoc). Side effects at import time are how we get unexplained 90-second test startup times.
+- **No package-level mutable state.** Configuration is injected explicitly via constructors. The compiler can't help you debug mutable globals.
+
+---
+
+## 4. AI-Specific Rules
+
+When prompting an AI coding assistant, do NOT ask it to:
+
+- Use gin, echo, fiber, or any router/framework other than chi
+- Use GORM, ent, bun, or any ORM
+- Use logrus, zap, or zerolog
+- Spawn a goroutine without a clear lifetime owner
+- Write `init()` functions
+- Use `panic` in library code
+- Add a third-party HTTP client (axios-equivalents like resty are banned)
+- Bypass `forge/observability`, `forge/config`, `forge/auth`, or `forge/db`
+- Use `context.Background()` outside `main`
+
+---
+
+## Sample stackguard interactions
+
+Run them yourself with:
+
+```bash
+stackguard check "<prompt>" --policy ./policy.forge-go.example.md
+```
+
+### Example 1 — explicit framework reference (HIGH confidence block)
+
+```
+$ stackguard check "set up a gin server with a /healthz endpoint"
+
+⚠  stackguard: guideline conflict detected
+──────────────────────────────────────────────────────────────────────
+
+"set up a gin server with a /healthz endpoint"
+Rule:   gin is prohibited; use net/http + chi router
+Why:    The prompt explicitly names gin, which is on the prohibited
+        list. Forge uses stdlib net/http with chi for routing.
+Level:  HIGH confidence
+
+Suggested revision:
+┌──────────────────────────────────────────────────────────┐
+│ Set up a net/http server with a chi router and a       │
+│ /healthz endpoint                                       │
+└──────────────────────────────────────────────────────────┘
+
+[P]roceed anyway  [R]evise  [S]how policy  [C]ancel
+```
+
+### Example 2 — concurrency discipline (MEDIUM confidence)
+
+```
+$ stackguard check "fire off a background goroutine to email the user after the response"
+
+⚠  stackguard: guideline conflict detected
+──────────────────────────────────────────────────────────────────────
+
+"fire off a background goroutine to email the user after the response"
+Rule:   No goroutines inside HTTP handlers unless explicitly cancelled
+        by the request context. Background work belongs in a worker
+        pool, not in a handler.
+Why:    The prompt asks for a fire-and-forget goroutine in a request
+        handler, which Forge bans because of past production incidents.
+Level:  MEDIUM confidence
+
+Suggested revision:
+┌──────────────────────────────────────────────────────────┐
+│ Enqueue an email job onto the worker pool after the    │
+│ response so it runs outside the request lifetime        │
+└──────────────────────────────────────────────────────────┘
+
+[P]roceed anyway  [R]evise  [S]how policy  [C]ancel
+```
+
+### Example 3 — vague prompt (PASSES)
+
+```
+$ stackguard check "add a function that parses an ISO8601 timestamp into time.Time"
+✓ stackguard: ok
+```
+
+The prompt doesn't name a banned library or pattern. The `time` package
+is stdlib and unrestricted.
+
+### Example 4 — ORM mention (HIGH confidence block)
+
+```
+$ stackguard check "add a User model with GORM and a hasMany relation to Posts"
+
+⚠  stackguard: guideline conflict detected
+──────────────────────────────────────────────────────────────────────
+
+"add a User model with GORM and a hasMany relation to Posts"
+Rule:   NEVER use an ORM. We have specifically rejected GORM, ent,
+        bun, and xorm.
+Why:    The prompt names GORM directly. Forge uses sqlc-generated
+        typed queries instead of an ORM abstraction.
+Level:  HIGH confidence
+
+Suggested revision:
+┌──────────────────────────────────────────────────────────┐
+│ Add a users table migration and write a sqlc query     │
+│ that joins users to posts                               │
+└──────────────────────────────────────────────────────────┘
+
+[P]roceed anyway  [R]evise  [S]how policy  [C]ancel
+```