Date: 2025-10-13
Version Change: 1.7.1 → 1.8.0 (MINOR)
Amendment: Added Principle XIII: Jupyter Notebook Discipline (swapped with Streamlit-to-Production Bridge, now XIV)
A comprehensive governance framework for Jupyter notebooks in the top-level notebooks/ directory that balances:
- Exploratory freedom for data science experimentation
- Security requirements to prevent credential leakage
- Compliance obligations for EU AI Act and security homologation
- Quality standards for reproducibility and documentation
Three distinct categories with different governance levels:
notebooks/exploratory/: Rapid experimentation, not subject to SpecKit workflownotebooks/documentation/: Tutorials and examples, subject to documentation standardsnotebooks/production-adjacent/: Model evaluation and compliance reporting, subject to EU AI Act requirements
- No hardcoded credentials or sensitive data
nbstripoutpre-commit hook to remove outputs.gitignorepatterns for notebook execution artifacts- Security review before public publication
- GDPR compliance for data sources
- Reproducibility: dependency specifications required
- Documentation: purpose, author, data sources, runtime requirements
- Version control: outputs stripped before commit
- Code quality: ruff linting where practical
- Cell organization: structured narrative with markdown
- Exploratory: Not required to follow SpecKit, but insights must be captured when productionized
- Documentation: Referenced in spec.md and quickstart guides
- Production-adjacent: Documented in plan.md research section
Production-adjacent notebooks for high-risk AI systems must document:
- Model training data characteristics
- Evaluation metrics and validation results
- Risk assessment findings
- Model selection audit trail
- Technical documentation for homologation dossier
- nbstripout: Remove outputs before commit
- nbconvert: Convert to scripts/docs
- papermill: Parameterize and execute programmatically
- ruff: Lint notebook code (via nbqa)
- uv: Manage dependencies in monorepo
Clear 5-step process:
- Extract code to
packages/orapps/ - Document migration in feature spec
- Archive exploratory notebooks
- Retain production-adjacent for compliance
- Follow Principle XI for production implementation
- Security Risk: Prevents accidental credential commits in notebooks
- Compliance Liability: Ensures notebooks support EU AI Act documentation requirements
- Technical Debt: Provides clear migration path from exploration to production
- Irreproducibility: Mandates dependency management and documentation
- Audit Trail: Establishes governance for model decisions and evaluations
- Principle I (EU AI Act): Production-adjacent notebooks support compliance documentation
- Principle III (Security Homologation): Security requirements prevent credential leakage
- Principle IV (Open Source): Guidance on what can be published publicly
- Principle X (Python-First): Notebooks align with Python-first culture
- Principle XI (SpecKit): Integration with specification-driven workflow
- constitution.md: Added Principle XIII (Jupyter Notebook Discipline) with full governance framework, swapped with Streamlit-to-Production Bridge (now XIV)
- plan-template.md: Updated Constitution Check section with correct principle ordering (XIII: Notebooks, XIV: Streamlit)
- spec-template.md: No principle-specific references
- tasks-template.md: No principle-specific references
When you create the notebooks support feature, you should:
- Create feature spec:
specs/002-jupyter-notebook-support/ - Pre-commit hooks: Add nbstripout configuration
- Gitignore patterns: Add
notebooks/**/*.ipynboutput patterns - Notebook templates: Create templates for each category
- Ruff configuration: Add notebook linting via nbqa
- Migration guide: Document notebook-to-production patterns
- Directory structure: Create
notebooks/{exploratory,documentation,production-adjacent,archive}/
This is a MINOR (1.8.0) rather than PATCH because:
- New principle added: Expands governance scope to notebooks
- New mandatory requirements: Security and quality standards for notebooks
- New tooling standards: nbstripout, papermill, nbqa
- Material guidance expansion: Comprehensive framework, not just clarification
Not MAJOR because:
- No breaking changes: Existing projects without notebooks are unaffected
- Backward compatible: Adds requirements only for new notebook usage
- No principle removals: All existing principles remain intact
docs: amend constitution to v1.8.0 (add Principle XIV: Jupyter Notebook Discipline)
- Add comprehensive governance framework for notebooks/ directory
- Establish security requirements (nbstripout, no credentials)
- Define notebook categories (exploratory, documentation, production-adjacent)
- Integrate with SpecKit workflow and EU AI Act compliance
- Update plan-template.md Constitution Check with Principle XIV
- Provide clear migration path from notebooks to production code
Rationale: Jupyter notebooks are essential for AI/ML experimentation but
require governance to prevent security risks, compliance liabilities, and
technical debt accumulation.
Before creating the feature spec, consider:
- Notebook execution environment: Should notebooks run in the shared
.venvor isolated environments? - CI/CD integration: Should notebooks be executed in CI for validation?
- Notebook templates: What starter templates would be most valuable (data exploration, model evaluation, compliance reporting)?
- Integration with existing tools: How should notebooks interact with
apps/andpackages/? - Compliance tooling: Do you need automated compliance checks for production-adjacent notebooks?
Constitution Version: 1.8.0
Amendment Status: ✅ Complete
Ready for Feature Spec: Yes