# Code Factory

> Agents write code. The repo enforces safety.

Review gates and evidence checks before agents merge code. One contract file defines what passes and what does not.

## Details

- **Audience**: Engineering teams running AI code generation and getting nervous about what is merging
- **Tone**: technical-lead
- **Price**: $249 USD
- **URL**: https://claw-packs.com/packs/code-factory
- **Buy**: https://buy.stripe.com/aFa28s9CMcl07Tk2p89oc0a

## Outcomes

- That PR that merged on a 3-commit-old review? That stops.
- Bad PRs get caught before CI spins up and you pay for it
- Works with whatever review tool you already use — CodeRabbit, Greptile, CodeQL, or your own

## Memory Files

- `repo_contract.md`
- `risk_tiers.md`
- `required_checks.md`
- `evidence_manifest.md`
- `review_agent_rules.md`
- `remediation_loop.md`
- `harness_gap_log.md`
- `decisions.md`

## Tools Guidance

- git and PR discipline, branches, head SHA, reruns
- CI workflows, preflight gate then fanout
- code review bots and check-run APIs
- browser testing and evidence artifacts via Playwright or Cypress

## Deliverables

### Repo safety design

- Single contract file structure and versioning rules
- Risk tiers by path and required checks mapping
- Docs-drift rules for workflow and policy changes

### Gates and proof requirements

- Preflight policy gate workflow pattern
- Current-head SHA enforcement rules
- Evidence manifests for UI and critical flows

### Step-by-step workflows

- Rerun requester dedupe by sha marker
- Auto-resolve bot-only threads after a clean rerun
- Harness-gap loop: when something breaks that checks should have caught, write a test so it cannot happen again

## Agent Role

Sets up repo safety rules so AI code doesn't break things. One contract file, clear gates, no stale merges.

### Context Questions

- Which repos are in scope and what are your risk areas (payments/auth/data migrations/UI)?
- What CI providers and test frameworks do you use today (GitHub Actions, Playwright, etc.)?
- Which review agents/tools do you want to integrate (CodeRabbit, Greptile, CodeQL, custom)?
- What evidence do you want to require for UI/critical changes (tests, traces, manifests)?