Merge pull request #6 from kaaloo/feat/notebook-support

docs: add Jupyter Notebook governance to constitution v1.8.0

Author: kaaloo

.specify/memory/constitution.md

@@ -1,26 +1,35 @@
 <!--
 SYNC IMPACT REPORT
 ==================
-Version Change: 1.7.0 → 1.7.1
-Rationale: PATCH version bump - Reorganized principle ordering by moving Specification-Driven Development (formerly XIII) to position XI, renumbering subsequent principles for better logical flow
+Version Change: 1.7.1 → 1.8.0
+Rationale: MINOR version bump - Added new Principle XIII: Jupyter Notebook Discipline to govern exploratory data science workflows in government AI projects, and swapped positions of Streamlit-to-Production Bridge (now XIV) and Jupyter Notebook Discipline (now XIII)
 
-Modified Principles:
-- Principle XI: Now "Specification-Driven Development with SpecKit" (formerly Principle XIII)
-- Principle XII: Now "French Government AI Stack Integration" (formerly Principle XI)
-- Principle XIII: Now "Streamlit-to-Production Bridge" (formerly Principle XII)
+Added Sections:
+- Principle XIII: Jupyter Notebook Discipline - Establishes governance for notebooks in top-level notebooks/ folder
+  * Notebook categorization (exploratory, documentation, production-adjacent)
+  * Security requirements (credential sanitization, .gitignore enforcement)
+  * Quality standards (reproducibility, documentation, version control)
+  * Integration with SpecKit workflow and EU AI Act compliance
+  * Tooling standards (nbstripout, nbconvert, papermill)
 
-Rationale for Reordering:
-- Specification-Driven Development (new XI) logically follows Python-First Development (X) as both are foundational development practices
-- French Government AI Stack Integration (new XII) and Streamlit-to-Production Bridge (new XIII) are more specific implementation concerns that build on the foundational principles
+Modified Principles:
+- Principle XIII: Now "Jupyter Notebook Discipline" (new principle)
+- Principle XIV: Now "Streamlit-to-Production Bridge" (formerly Principle XIII)
 
 Removed Sections: N/A
 
 Templates Requiring Updates:
-- ✅ plan-template.md: Updated principle numbers in Constitution Check
+- ✅ plan-template.md: Updated - Added Principle XIV checkbox to Constitution Check section
 - ✅ spec-template.md: Already aligned (no principle-specific references)
 - ✅ tasks-template.md: Already aligned (no principle-specific references)
 
 Follow-up TODOs:
+- Create feature spec for notebooks/ folder infrastructure (002-jupyter-notebook-support)
+- Add nbstripout to pre-commit hooks
+- Add notebooks/ to .gitignore patterns for output files
+- Create notebook templates (exploratory, documentation, production-adjacent)
+- Add notebook linting configuration for ruff
+- Document notebook-to-production migration patterns
 - Update feature spec 001-setup-developer-experience to reflect pnpm standardization
 - Consider adding security homologation dossier template
 - Consider adding risk assessment template aligned with ANSSI requirements
@@ -384,7 +393,97 @@ ai-kit MUST provide first-class integrations with the emerging French Government
 
 **Rationale**: Standardizing on government-approved AI infrastructure ensures compliance, reduces duplication, and enables teams to focus on domain-specific value rather than infrastructure.
 
-### XIII. Streamlit-to-Production Bridge
+### XIII. Jupyter Notebook Discipline
+
+ai-kit projects MUST maintain Jupyter notebooks in a top-level `notebooks/` directory with clear governance to balance exploratory data science workflows with security, reproducibility, and compliance requirements.
+
+**Notebook Categories**:
+
+Notebooks MUST be organized by purpose to clarify their role in the development lifecycle:
+
+- **Exploratory** (`notebooks/exploratory/`): Rapid experimentation, hypothesis testing, data exploration
+  - Not subject to SpecKit workflow requirements
+  - May contain incomplete or experimental code
+  - MUST NOT contain production credentials or sensitive data
+  - Should be cleaned up or archived when insights are productionized
+
+- **Documentation** (`notebooks/documentation/`): Tutorials, examples, architectural explanations
+  - Subject to documentation quality standards
+  - MUST be reproducible and well-documented
+  - Should be reviewed as part of feature specifications
+  - Serve as living documentation for complex AI workflows
+
+- **Production-Adjacent** (`notebooks/production-adjacent/`): Notebooks that inform production decisions
+  - Model evaluation, performance benchmarking, compliance reporting
+  - MUST be reproducible and version-controlled
+  - MUST document data sources, model versions, and evaluation criteria
+  - Subject to EU AI Act documentation requirements for high-risk AI systems
+
+**Security Requirements (NON-NEGOTIABLE)**:
+
+- Notebooks MUST NOT contain hardcoded credentials, API keys, or sensitive data
+- Use environment variables or secure configuration management for secrets
+- Implement `nbstripout` or equivalent to remove notebook outputs before commit
+- Add `notebooks/**/*.ipynb` output patterns to `.gitignore` (keep source, ignore execution artifacts)
+- Conduct security review before publishing notebooks to public repositories
+- Document data sources and ensure compliance with GDPR and data protection regulations
+
+**Quality Standards**:
+
+- **Reproducibility**: Notebooks MUST include dependency specifications (requirements.txt, environment.yml, or uv workspace)
+- **Documentation**: Each notebook MUST include:
+  - Purpose and context (what question does this answer?)
+  - Author and date
+  - Data sources and versions
+  - Expected runtime and resource requirements
+  - Known limitations or assumptions
+- **Version Control**: Notebooks MUST be committed with outputs stripped (use `nbstripout` pre-commit hook)
+- **Code Quality**: Notebook code SHOULD follow Python standards (ruff linting where practical)
+- **Cell Organization**: Use markdown cells to structure narrative, avoid monolithic code cells
+
+**Integration with SpecKit Workflow**:
+
+- **Exploratory notebooks**: Not required to follow SpecKit workflow, but insights MUST be captured in specifications when productionized
+- **Documentation notebooks**: Should be referenced in feature specifications (spec.md) and quickstart guides
+- **Production-adjacent notebooks**: MUST be documented in `plan.md` research section and referenced in compliance documentation
+
+**EU AI Act Compliance**:
+
+For high-risk AI systems, production-adjacent notebooks MUST:
+
+- Document model training data characteristics (representativeness, quality, completeness)
+- Record model evaluation metrics and validation results
+- Capture risk assessment findings and mitigation strategies
+- Provide audit trail for model selection and hyperparameter tuning decisions
+- Support technical documentation requirements for homologation dossier
+
+**Tooling Standards**:
+
+- **nbstripout**: Pre-commit hook to remove outputs before commit
+- **nbconvert**: Convert notebooks to scripts or documentation formats
+- **papermill**: Parameterize and execute notebooks programmatically for reproducible reporting
+- **ruff**: Lint notebook code cells (via `nbqa` or similar)
+- **uv**: Manage notebook dependencies within monorepo workspace
+
+**Migration to Production**:
+
+When notebook insights become production features:
+
+1. Extract reusable code into `packages/` or `apps/` with proper testing
+2. Document the notebook-to-production migration in feature specification
+3. Archive or move exploratory notebooks to `notebooks/archive/` to reduce clutter
+4. Retain production-adjacent notebooks for compliance and audit purposes
+5. Follow Principle XI (Specification-Driven Development) for production implementation
+
+**Rationale**: Jupyter notebooks are essential for AI/ML experimentation and data science workflows, but without governance they become security risks, compliance liabilities, and sources of technical debt. This principle acknowledges the exploratory nature of notebooks while establishing guardrails that prevent common pitfalls: credential leakage, irreproducible results, and undocumented model decisions. By categorizing notebooks and integrating them with SpecKit workflow, we enable rapid innovation while maintaining traceability for compliance and production migration.
+
+**References**:
+- [Jupyter Project](https://jupyter.org/)
+- [nbstripout](https://github.com/kynan/nbstripout)
+- [Papermill](https://papermill.readthedocs.io/)
+- [nbqa](https://github.com/nbQA-dev/nbQA)
+
+### XIV. Streamlit-to-Production Bridge
 
 ai-kit MUST provide a clear migration path from Streamlit prototypes to production-ready applications. This principle addresses the common pattern where:
 
@@ -575,7 +674,8 @@ All feature specifications and implementation plans MUST include a Constitution
 - Python-first development (Principle X)
 - Specification-driven development with SpecKit workflows (Principle XI)
 - Government AI stack integration requirements (Principle XII)
-- Streamlit-to-production support if applicable (Principle XIII)
+- Jupyter notebook discipline and governance if applicable (Principle XIII)
+- Streamlit-to-production support if applicable (Principle XIV)
 
 ### Complexity Justification
 
@@ -586,4 +686,4 @@ Any deviation from these principles MUST be documented with:
 - Plan to return to compliance if possible
 - Approval from project stakeholders
 
-**Version**: 1.7.1 | **Ratified**: 2025-10-11 | **Last Amended**: 2025-10-13
+**Version**: 1.8.0 | **Ratified**: 2025-10-11 | **Last Amended**: 2025-10-13

.specify/templates/plan-template.md

@@ -45,7 +45,8 @@ Verify compliance with ai-kit constitution principles:
 - [ ] **Python-First Development (Principle X)**: Is Python the primary language? Are non-Python components justified?
 - [ ] **Specification-Driven Development (Principle XI)**: Does this feature follow the SpecKit workflow (specify → plan → tasks → implement)? Are all design artifacts present in specs/[###-feature-name]/? Is traceability maintained from spec to implementation?
 - [ ] **French Government AI Stack Integration (Principle XII)**: Does the feature integrate with OpenGateLLM, EvalAP, or other government AI services where applicable?
-- [ ] **Streamlit-to-Production Bridge (Principle XIII)**: If using Streamlit, is there a migration path to Reflex? Are ProConnect and DSFR integrations planned?
+- [ ] **Jupyter Notebook Discipline (Principle XIII)**: If using notebooks, are they organized in notebooks/ with proper categorization (exploratory/documentation/production-adjacent)? Are security requirements met (no credentials, nbstripout configured)? Are quality standards followed (reproducibility, documentation)?
+- [ ] **Streamlit-to-Production Bridge (Principle XIV)**: If using Streamlit, is there a migration path to Reflex? Are ProConnect and DSFR integrations planned?
 
 **Violations Requiring Justification**: [List any principle violations with rationale, or state "None"]
 

NOTEBOOK_CONSTITUTION_SUMMARY.md

@@ -0,0 +1,161 @@
+# Jupyter Notebook Constitution Amendment Summary
+
+**Date**: 2025-10-13  
+**Version Change**: 1.7.1 → 1.8.0 (MINOR)  
+**Amendment**: Added Principle XIII: Jupyter Notebook Discipline (swapped with Streamlit-to-Production Bridge, now XIV)
+
+## What Was Added
+
+### New Principle XIII: Jupyter Notebook Discipline
+
+A comprehensive governance framework for Jupyter notebooks in the top-level `notebooks/` directory that balances:
+- **Exploratory freedom** for data science experimentation
+- **Security requirements** to prevent credential leakage
+- **Compliance obligations** for EU AI Act and security homologation
+- **Quality standards** for reproducibility and documentation
+
+## Key Components
+
+### 1. Notebook Categorization
+
+Three distinct categories with different governance levels:
+
+- **`notebooks/exploratory/`**: Rapid experimentation, not subject to SpecKit workflow
+- **`notebooks/documentation/`**: Tutorials and examples, subject to documentation standards
+- **`notebooks/production-adjacent/`**: Model evaluation and compliance reporting, subject to EU AI Act requirements
+
+### 2. Security Requirements (NON-NEGOTIABLE)
+
+- No hardcoded credentials or sensitive data
+- `nbstripout` pre-commit hook to remove outputs
+- `.gitignore` patterns for notebook execution artifacts
+- Security review before public publication
+- GDPR compliance for data sources
+
+### 3. Quality Standards
+
+- Reproducibility: dependency specifications required
+- Documentation: purpose, author, data sources, runtime requirements
+- Version control: outputs stripped before commit
+- Code quality: ruff linting where practical
+- Cell organization: structured narrative with markdown
+
+### 4. Integration with SpecKit Workflow
+
+- **Exploratory**: Not required to follow SpecKit, but insights must be captured when productionized
+- **Documentation**: Referenced in spec.md and quickstart guides
+- **Production-adjacent**: Documented in plan.md research section
+
+### 5. EU AI Act Compliance
+
+Production-adjacent notebooks for high-risk AI systems must document:
+- Model training data characteristics
+- Evaluation metrics and validation results
+- Risk assessment findings
+- Model selection audit trail
+- Technical documentation for homologation dossier
+
+### 6. Tooling Standards
+
+- **nbstripout**: Remove outputs before commit
+- **nbconvert**: Convert to scripts/docs
+- **papermill**: Parameterize and execute programmatically
+- **ruff**: Lint notebook code (via nbqa)
+- **uv**: Manage dependencies in monorepo
+
+### 7. Migration to Production
+
+Clear 5-step process:
+1. Extract code to `packages/` or `apps/`
+2. Document migration in feature spec
+3. Archive exploratory notebooks
+4. Retain production-adjacent for compliance
+5. Follow Principle XI for production implementation
+
+## Why This Matters
+
+### Problems Solved
+
+1. **Security Risk**: Prevents accidental credential commits in notebooks
+2. **Compliance Liability**: Ensures notebooks support EU AI Act documentation requirements
+3. **Technical Debt**: Provides clear migration path from exploration to production
+4. **Irreproducibility**: Mandates dependency management and documentation
+5. **Audit Trail**: Establishes governance for model decisions and evaluations
+
+### Alignment with Existing Principles
+
+- **Principle I (EU AI Act)**: Production-adjacent notebooks support compliance documentation
+- **Principle III (Security Homologation)**: Security requirements prevent credential leakage
+- **Principle IV (Open Source)**: Guidance on what can be published publicly
+- **Principle X (Python-First)**: Notebooks align with Python-first culture
+- **Principle XI (SpecKit)**: Integration with specification-driven workflow
+
+## Template Updates
+
+### ✅ Completed
+
+- **constitution.md**: Added Principle XIII (Jupyter Notebook Discipline) with full governance framework, swapped with Streamlit-to-Production Bridge (now XIV)
+- **plan-template.md**: Updated Constitution Check section with correct principle ordering (XIII: Notebooks, XIV: Streamlit)
+
+### No Changes Required
+
+- **spec-template.md**: No principle-specific references
+- **tasks-template.md**: No principle-specific references
+
+## Next Steps (Follow-up TODOs)
+
+When you create the notebooks support feature, you should:
+
+1. **Create feature spec**: `specs/002-jupyter-notebook-support/`
+2. **Pre-commit hooks**: Add nbstripout configuration
+3. **Gitignore patterns**: Add `notebooks/**/*.ipynb` output patterns
+4. **Notebook templates**: Create templates for each category
+5. **Ruff configuration**: Add notebook linting via nbqa
+6. **Migration guide**: Document notebook-to-production patterns
+7. **Directory structure**: Create `notebooks/{exploratory,documentation,production-adjacent,archive}/`
+
+## Rationale for MINOR Version Bump
+
+This is a **MINOR** (1.8.0) rather than PATCH because:
+- **New principle added**: Expands governance scope to notebooks
+- **New mandatory requirements**: Security and quality standards for notebooks
+- **New tooling standards**: nbstripout, papermill, nbqa
+- **Material guidance expansion**: Comprehensive framework, not just clarification
+
+Not MAJOR because:
+- **No breaking changes**: Existing projects without notebooks are unaffected
+- **Backward compatible**: Adds requirements only for new notebook usage
+- **No principle removals**: All existing principles remain intact
+
+## Suggested Commit Message
+
+```
+docs: amend constitution to v1.8.0 (add Principle XIV: Jupyter Notebook Discipline)
+
+- Add comprehensive governance framework for notebooks/ directory
+- Establish security requirements (nbstripout, no credentials)
+- Define notebook categories (exploratory, documentation, production-adjacent)
+- Integrate with SpecKit workflow and EU AI Act compliance
+- Update plan-template.md Constitution Check with Principle XIV
+- Provide clear migration path from notebooks to production code
+
+Rationale: Jupyter notebooks are essential for AI/ML experimentation but
+require governance to prevent security risks, compliance liabilities, and
+technical debt accumulation.
+```
+
+## Questions for Clarification
+
+Before creating the feature spec, consider:
+
+1. **Notebook execution environment**: Should notebooks run in the shared `.venv` or isolated environments?
+2. **CI/CD integration**: Should notebooks be executed in CI for validation?
+3. **Notebook templates**: What starter templates would be most valuable (data exploration, model evaluation, compliance reporting)?
+4. **Integration with existing tools**: How should notebooks interact with `apps/` and `packages/`?
+5. **Compliance tooling**: Do you need automated compliance checks for production-adjacent notebooks?
+
+---
+
+**Constitution Version**: 1.8.0  
+**Amendment Status**: ✅ Complete  
+**Ready for Feature Spec**: Yes