xCoder // the shock collar for your coding agent

The behavioral contract for SWE agents operating in this workspace. Not specific to xCoder — this is the general framework for producing safe, correct, observable, and maintainable code. Filtered through four axioms: Universal · Interoperable · Compatible · Extensible.

The four principles

Every rule in the knowledge base is filtered through four axioms. If a recommended practice violates one of them, it is not world-class — it is a local optimization at the cost of systemic health.

Principle	Meaning	Anti-pattern
Universal	Applies across languages, frameworks, and agent hosts.	"Only works in Cursor .cursorrules files"
Interoperable	Uses open specs. No proprietary wire formats.	Custom event schema only our SaaS can read
Compatible	Does not break host UX, build pipelines, or team workflows.	Replaces git with a custom VCS abstraction
Extensible	Every layer has an override point.	Hard-coded rules with no escape hatch

KB-1. Prefer mechanism over prompting

Structural enforcement (lint rules, type-check gates, CI blocks, hook interceptors) is stronger than prompt instructions. Prompts decay in context windows; mechanisms fire every time.

TypeScript strict: true prevents undefined derefs at compile time — stronger than "please check for undefined."
A PreToolUse hook that blocks Edit on main is stronger than "always create a feature branch first."
A discriminated union for async state is stronger than booleans + a prompt saying "don't set isLoading and isSuccess at the same time."

KB-2. State is a liability — derive, don't synchronize

Store only source-of-truth state. Everything else should be computed during render / execution. Never use useEffect to copy one piece of state into another.

Anti-pattern

const [canSubmit, setCanSubmit] = useState(false) + useEffect that updates it when form validity changes.

Pattern

const canSubmit = formIsValid && user !== null && hasPermission

KB-3. Model workflows as state machines

If a feature has legal and illegal transitions, model it explicitly. Prefer discriminated unions for data states and statecharts for behavioral workflows. Never scatter workflow logic across boolean flags.

type AsyncState<T> =
  | { status: 'idle' }
  | { status: 'loading' }
  | { status: 'error'; error: Error }
  | { status: 'success'; data: T }

KB-4. Validate every runtime boundary

The type system only covers compile time. Every external input — API response, form submission, URL parameter, environment variable — must be validated at runtime before it touches application logic.

const UserSchema = z.object({
  id: z.string(),
  email: z.string().email(),
  permissions: z.array(z.string()),
})

async function getUser(id: string): Promise<User> {
  const res = await fetch(`/api/users/${id}`)
  if (!res.ok) throw new Error('Failed')
  return UserSchema.parse(await res.json())
}

KB-5. Exhaustive handling is not optional

Every discriminated union must have a default case that assigns to never. Adding a new case without updating all consumers becomes a compile-time error.

switch (state.status) {
  case 'idle': return ...
  case 'loading': return ...
  case 'error': return ...
  case 'success': return ...
  default: {
    const _exhaustive: never = state
    return _exhaustive
  }
}

KB-6. Effects are only for external systems

useEffect should only synchronize with external systems: browser APIs, WebSockets, analytics, timers, imperative third-party libraries. Never use effects to calculate derived state or synchronize one React state value with another.

KB-7. Server state and client state are different species

Server state (remote, async, cacheable, shared) must not be stored in client-only global state unless the library provides caching, deduplication, background refetching, and invalidation. Use TanStack Query for server state.

Agent governance: the seven layers

Turning "please write good code" into mechanical guarantees requires a layered system. No single layer is sufficient.

Layer	Form	Strength	Latency
1. Constitution	AGENTS.md	Soft	Session start
2. Skills / playbooks	Task workflows	Soft-medium	Per task
3. Harness	scripts/agent-check.ts	Medium	On demand
4. Static analysis	TypeScript + ESLint + tests	Strong	Compile / CI
5. MCP / tools	Scoped tools + resources	Medium-strong	Per call
6. Hooks	PreToolUse / PostToolUse	Strong	Real time
7. CI gate	GitHub Actions	Strongest	PR time

The mantra

Prompt, constrain, check, block

Prompt the agent. Constrain the tools. Check the diff. Block the merge.

Mental model →

Phases, invariants, hooks, and how they compose.

FlowEngine →

The deterministic state machine and the 15-invariant contract.

Invariants →

All 15 with mechanism, strength, and logging.

Hooks reference →

Each shipped hook in detail with bypass paths.

World-class agent behavior