Starter kits¶
Last verified: 2026-05-06 · Drift risk: low–medium
The repository ships nine starter kits under starter-kits/ on GitHub. Each kit is a copy-pastable project that gives you a working starting point for one platform or pattern.
What every kit contains¶
| File | Purpose |
|---|---|
README.md |
What the kit is, who it's for, how to use it. |
AGENT_SPEC.md |
A filled-in agent spec following the Agent spec template. |
PROMPT.md |
The system / instructions prompt used by the agent. |
TOOL_ALLOWLIST.md |
The least-privilege list of tools/connectors the agent may use. |
EVALS.jsonl |
Golden eval cases the agent must pass. |
RED_TEAM_CASES.jsonl |
Adversarial cases the agent must refuse or handle safely. |
LAUNCH_CHECKLIST.md |
Pre-launch checklist tailored to this kit's risk profile. |
INCIDENT_RESPONSE.md |
What to do when something goes wrong. |
| Optional inert example script | Gated behind RIZWAN_APPROVED_TO_RUN=1 so it never runs by accident. |
Kits¶
| Kit | Best for |
|---|---|
universal-agent-spec/ |
A vendor-neutral baseline. Copy this when starting any new agent. |
claude-code-agent/ |
A repo-aware coding/refactor agent run in Claude Code. |
codex-agent/ |
A repo-aware coding agent run in OpenAI Codex CLI. |
gemini-antigravity-agent/ |
A project-scoped agent for Google Antigravity. |
openai-agents-sdk-python/ |
A Python service that uses the OpenAI Agents SDK with one tool. |
openai-agents-sdk-typescript/ |
The same shape, in TypeScript. |
mcp-server-python/ |
A minimal MCP server using the official Python SDK. |
mcp-server-typescript/ |
A minimal MCP server using the official TypeScript SDK. |
local-script-agent/ |
A local Python script agent with manual-only scheduler examples. |
How to use a kit¶
- Browse the kit folder on GitHub.
- Copy the files you need into your own repo (or fork this one).
- Read
AGENT_SPEC.mdand edit it to fit your job statement. - Trim
TOOL_ALLOWLIST.mdto least-privilege. - Run the agent manually at least 3 times before considering any automation.
- Walk through
LAUNCH_CHECKLIST.mdbefore exposing the agent to anyone else.
Why scripts are inert by default¶
Per ADR 0003, every example script in a kit:
- requires
RIZWAN_APPROVED_TO_RUN=1(or an equivalent explicit env var) to do anything, - prints what it would do before doing it,
- and writes a manual-only example for any cron / launchd / Task Scheduler entry — never an enabled one.
This keeps "I copy-pasted a tutorial" from turning into "I have a recurring agent quietly running against my accounts."