# Adding AI Coding Rules {% hint style="success" %} **TL;DR:** Arnica automatically adds security-focused AI coding rules to your repository as part of a security policy configured by your security team. These are safe configuration files that help AI assistants write more secure code. Any change to any file can trigger this - it's not something you did wrong. Safe to merge! {% endhint %} ## Why am I seeing this? **You're seeing this because of a security policy configured by your security team - not something you did wrong!** Here's what's happening: * **Any change to any file** can trigger this workflow - whether you're updating CSS, backend logic, documentation, or any other file type * Your security team has enabled this feature for your repository (and possibly others) to ensure consistent security standards compliance by AI coding assistants and agents. * **This is completely normal** and happens to ensure all AI tools have access to the latest security guidelines * You happened to be the first developer to open a Pull Request after this policy was enabled for your repository * Even frontend developers changing CSS files or backend developers updating APIs benefit from having AI assistants that understand your organization's security requirements **The bottom line:** This is a proactive security measure that benefits everyone, regardless of what type of changes you're making. ## Is it safe to merge? **Yes, absolutely!** Here's why you can merge with confidence: ✅ **Only configuration files** - These are just text files with guidelines. No executable code. ✅ **Zero impact on your app** - Won't affect builds, deployments, or how your code runs. ✅ **No impact if you don't use AI tools yet** - These files sit quietly until your team adopts AI assistants. ✅ **Future-ready** - When your team does start using AI tools, they'll automatically follow security best practices. ✅ **Actually improves performance** - AI assistants work better and faster with clear guidelines. ✅ **Makes your life easier** - Less time fixing security issues, more time building features. **What you might see:** In some cases, AI-generated code may include comments referencing these security rules. These comments show the AI is following your organization's guidelines and can help reduce time spent on security-focused code reviews. ## What gets added to my repo? You'll see some new configuration files that tell AI assistants about your organization's security practices: * **`.cursor/rules/`** - Security guidelines for Cursor * **`.github/instructions/`** - Instructions for GitHub Copilot * **`GEMINI.md`** - Guidelines for Google's AI tools * **`CLAUDE.md`** - Instructions for Claude * **`AGENTS.md`** - Rules for various coding agents and automation tools {% hint style="info" %} The AGENTS.md format works with tons of tools: Aider CLI, GitHub Copilot Workspace, GitLab Duo, and many other coding assistants and automation scripts. {% endhint %} ## Why does this help me? **Short term:** Your AI assistant will write more secure code that follows your org's standards from day one. **Long term:** Less time spent in code reviews fixing security issues, fewer vulnerabilities making it to production, and AI that "knows" your team's coding patterns. **Real impact:** Instead of constantly re-prompting your AI to "make this more secure" or "follow our coding standards," it just does it automatically. ## Need help or have questions? **First, check with your internal team:** * **Security team** members who manage security policies * **DevOps/Platform team** responsible for development tooling **Still need help?** For technical support or urgent matters, contact ****. ## FAQ **Q: Why this repository and not others?**\ A: Your security team configured this policy for your repository. They might have enabled it organization-wide or for specific repositories - it depends on your organization's security requirements. **Q: We don't use AI coding assistants - why are we getting these files?**\ A: No worries! These files have zero impact if you're not using AI tools yet. Your security team is future-proofing your repo so that when you do adopt AI assistants (like Cursor, GitHub Copilot, etc.), they'll automatically follow your organization's security standards from day one. **Q: We already have our own AI coding rules - won't this conflict?**\ A: Arnica's rules focus on security and complement your existing setup. Most AI tools handle multiple rule files just fine. If you run into issues, reach out to your security team. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.arnica.io/arnica-documentation/developers/ai-coding-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.