Vendor-neutral AI tooling engine

AI coding standards,
shipped like a dependency.

Author rules, agents, and skills once. Bluetemberg compiles them into native config for six AI tools — routed by each engineer's role and the stack's exact version, then verified like a real dependency.

npm version MIT license Node 20+ SHA-512 verified

Get started

$npx bluetemberg init

?Team profile:

Frontend — UI, design systems, accessibility
Backend — APIs, databases, auth, services
Full-stack — Frontend + backend combined
DevOps / Platform — CI/CD, containers, infrastructure-as-code
Pure Infrastructure — Ansible, Kubernetes, Terraform — no application code
AI / Agentic Workflow — Context engineering, agent memory, sub-agent design for LLM-heavy projects
Design Engineer — Anti-stock UI craft, design-to-code, visual direction & critique
Custom — Pick everything individually

Requires Node.js 20+.  Headless: --non-interactive --profile backend.  All commands & flags →

How it works

One source of truth. No copy-paste between tools.

01 / AUTHOR Write once Rules, agents, and skills as plain Markdown in llm/. Vendor-neutral — no tool-specific frontmatter.
02 / SYNC Compile everywhere bluetemberg sync emits native config for every tool — correct frontmatter, correct paths, per platform.
03 / SHIP Onboard instantly Publish packs to npm with semver, SHA-512, and registry signatures. Teammates install — verified on arrival — or get them zero-setup via a Claude Code plugin.

Version-aware routing

Two axes, not one. Role decides who gets a rule. Stack decides which version of it.

  • By role Profiles match content to an engineer's work — frontend, backend, infra, design. Each teammate gets the standards that apply to them, and none that don't.
  • By stack & version Tag a rule with a version range; sync delivers it only where it's correct — resolving each stack's version from your config, lockfile, and dependencies. A Payload 2 rule never reaches a Payload 3 repo.
  • Queryable bluetemberg detect reports the stacks and versions it found; coverage checks whether version-correct guidance exists. Both have --json twins — and bluetemberg mcp serve exposes them to any agent over MCP. Read-only — it answers, it never writes.

Humans + agents

Your team writes the standards. So can their agents.

  • Humans author Rules, agents, and skills are plain Markdown in llm/owned by the team, reviewed in PRs, versioned with your code. Run the wizard, pick a profile, done.
  • Agents operate Every command has a headless twin. init --non-interactive skips the wizard, sync --check fails CI on drift, and --help --json exposes the whole catalog. No keyboard required.
  • Agents author too Skills like create-rule, create-skill, and create-pack teach your AI to write new standards in the exact format — then sync ships them to every tool. AI config, authored by AI.

Tool coverage

Six tools, native formats.

Rules Agents Skills
Cursor
Claude Code
Copilot
Gemini CLI
Windsurf
OpenAI Codex

Supply chain

Packs are dependencies. So they're verified like dependencies.

  • Registry signatures Packs from the npm registry have their ECDSA registry signature verified on every install — and re-checked any time with bluetemberg verify. Tampered or unsigned packages are refused — the same cryptographic provenance check npm itself runs.
  • SHA-512 integrity Every pack is hashed and checked against npm registry metadata. Install is refused if the hash is missing or doesn't match.
  • Registry host pinning Tarballs must download from the same host as the registry. A compromised registry response can't redirect a download to an attacker's host.
  • Size caps 50 MB compressed, 100 MB uncompressed. A malicious pack can't fill your disk or bomb the extractor.
  • Path-traversal & symlinks Every tarball entry is filtered — .. segments, symlinks, and hardlinks. Nothing can write outside the pack's own directory.
  • Lockfile Exact versions, resolved URLs, and integrity hashes pinned in llm/packages-lock.json. Every install resolves to the same bytes — the same model npm uses for package-lock.json.

Standards with receipts

Most AI rules are a model's best guess. Ours are checked against the source.

  • Primary sources Every claim past plain convention is verified against official docs, IETF RFCs, and vendor advisories — PostgreSQL, RFC 9110, OWASP, CISA. Sourced from the spec, not forum folklore.
  • Default-refute An independent agent tries to disprove each claim; only the ones that survive a majority of checks ship. Overstated guidance gets downgraded, not waved through.
  • Public receipts Every verdict and source is on the Research page — confirmed, or flagged "nuanced" and reworded. Including the claims we walked back.

bluetemberg vs. a shared AGENTS.md

A file in a repo isn't infrastructure.

  Shared AGENTS.md Bluetemberg
Versioning git history semver ranges + lockfile
Integrity none SHA-512, ECDSA-signed, host-pinned
Provenance whatever the model knows verified vs. primary sources
Per-role config manual copy-paste profiles, role-matched defaults
Stack targeting one file, every version version-gated at sync
Multi-tool one file, one format 6 tools, native formats
Onboarding clone & copy files install, or zero-setup plugin
Versioning git history semver ranges + lockfile
Integrity none SHA-512, ECDSA-signed, host-pinned
Provenance whatever the model knows verified vs. primary sources
Per-role config manual copy-paste profiles, role-matched defaults
Stack targeting one file, every version version-gated at sync
Multi-tool one file, one format 6 tools, native formats
Onboarding clone & copy files install, or zero-setup plugin

Explore

Browse packs

Every published rule, agent, skill, and guardrail — searchable and filterable by role.

Read the docs

Installation, commands, configuration, the security model, and writing your own packs.

View on GitHub

Source, issues, and contribution guide. MIT licensed, Node 20+.