agent-redlinelisted

# agent-redline You classify changes before editing. Deterministic CI checks (a boundary-rule backend, the reporter) catch what you miss. ## Vocabulary | Term | Meaning | |---|---| | **Red zone** | Changes are dangerous: contracts, modeling, architecture, security, persistence, shared behavior. | | **Blue zone** | Autonomous work fine: isolated, replaceable, strongly testable, low blast-radius. | | **Gray zone** | Unclassified. Cautious by default. | | **Watch** | Additive tag (not a zone): paths surfaced in the PR comment regardless of red/blue/gray classification. No checkpoint, no gate — visibility only. | | **Boundary rule** | Deterministic dependency rule (`X must not import Y`). Enforced by a backend (e.g., ArchUnit). | | **Checkpoint** | Required human attention; satisfied by a label or CODEOWNER approval. Types: `architecture-review`, `api-review`, `persistence-review`, `security-review`, `ops-review`. | ## Pick a mode 1. **`agent-policy.yaml` exists in the repo root** → read [`operating-mode.md`](operating-mode.md). Everyday work. 2. **The user asked you to set up agent-redline** → read [`bootstrap-mode.md`](bootstrap-mode.md). One-time setup. 3. **Neither** → this skill is not relevant. Read only the file for the mode that applies. ## Principles (non-negotiable) 1. **Classify before editing.** Decide blue / red / gray before you touch a file; note any `watch` paths to surface in the PR. 2. **Refuse boundary shortcuts.** If a change would create a forbidden d