Cognition's autonomous engineer. Aligned to your repo.
Devin opens its own PRs. ChooChoo writes the .devin/knowledge.md it loads on every session so the work matches your team's stack, conventions, and guardrails, without you re-explaining the project every time.
Devin treats .devin/knowledge.md as long-running project context. ChooChoo compiles it from your real repo (patterns, ADRs, hard limits) and keeps it current so Devin's PRs land in your style on the first attempt.
.devin/knowledge.md with stack, conventions, and what NOT to touch
Workflow hints so Devin opens drafts early and tags the right reviewers
Regenerated when your linting, ADRs, or boundaries change
# .devin/knowledge.md
# Generated by ChooChoo. Do not edit by hand.
# Run: choochoo context generate
## payments-api
A FastAPI service handling financial transactions.
Devin uses this file to understand what to build,
how, and what guardrails apply before opening a PR.
## Standards
- Python 3.12, strict mypy, Ruff (line-length=100)
- Pydantic models at every API boundary
- pytest, coverage ≥ 85% enforced in CI
## Boundaries
TOUCH: src/** · tests/** · docs/**
DO NOT: .github/** · migrations/** · infra/**
ASK: schema changes, secrets, billing config
## Workflow Hints
- Open a draft PR after the first green test
- Reference ADR-### in commit messages
- Tag @platform-team for any infra-adjacent change
# SKILLS.md
# Generated by ChooChoo. Do not edit by hand.
## auth
JWT token lifecycle: creation, validation, refresh.
Entry: src/auth/service.py
Tests: tests/auth/
## payments
Stripe integration: charges, subscriptions, webhooks.
Entry: src/payments/processor.py
Note: Never log STRIPE_KEY or card numbers
## database
SQLAlchemy sessions and query patterns.
Entry: src/db/session.py
Rule: Always use get_db() dependency injection
## notifications
Email (SendGrid) and SMS (Twilio) dispatch.
Entry: src/notifications/dispatch.py
# PLAN.md
# Generated by ChooChoo. Do not edit by hand.
## Goal
Refactor the authentication service to support
multi-factor authentication (MFA) via TOTP.
## Steps
1. [ ] Add TOTP secret column to users table
migration: src/db/migrations/0023_add_totp.py
2. [ ] Implement TOTP validation in auth service
src/auth/service.py → verify_totp()
3. [ ] Add /auth/mfa/setup and /auth/mfa/verify routes
src/api/auth.py
4. [ ] Write unit tests for new MFA paths
tests/auth/test_mfa.py (≥ 90% coverage)
5. [ ] Update AGENTS.md with new ADR-012
## Constraints
- Do not break existing JWT flow (ADR-001)
- TOTP secrets encrypted at rest (AES-256)
- Rate-limit /auth/mfa/verify to 5 attempts / 15 min
# ARCHITECTURE.md
# Generated by ChooChoo. Do not edit by hand.
## System Overview
payments-api is a stateless FastAPI service.
All state lives in PostgreSQL (primary data) and
Redis (sessions, rate limiting, event streams).
## Request Flow
Client → API Gateway → FastAPI → Service Layer
→ Repository Layer
→ PostgreSQL / Redis
## Key Modules
src/auth/ JWT issuance + TOTP (ADR-001, ADR-012)
src/payments/ Stripe integration (charges, webhooks)
src/db/ SQLAlchemy sessions + migration runner
src/api/ Route definitions (v1 + v2 namespaces)
## ADR Index
ADR-001 RS256 JWT for authentication
ADR-004 Redis Streams for webhook event bus
ADR-007 URL versioning (/v1/, /v2/)
ADR-012 TOTP-based MFA (in progress)
## Deployment
Docker → ECS Fargate (app)
RDS PostgreSQL 15 (primary)
ElastiCache Redis 7 (cache + streams)
# GOAL.md
# Generated by ChooChoo. Do not edit by hand.
## Current Sprint Goal
Implement MFA support without breaking existing
single-factor authentication flows.
## Success Criteria
- All existing auth tests continue to pass
- New /auth/mfa/* endpoints return correct responses
- TOTP validation rejects tokens older than 30 s
- Coverage for src/auth/ stays above 90%
## Out of Scope
- SMS-based MFA (deferred to ADR-013)
- Admin UI for MFA management (separate ticket)
- Recovery codes (phase 2)
## Definition of Done
- PR reviewed and approved
- CI green (lint + test + coverage)
- AGENTS.md updated with ADR-012 summary
- Deployed to staging and smoke-tested
flowchart TD
A([Client Request]) --> B[API Gateway]
B --> C{JWT Valid?}
C -- Yes --> D[FastAPI Router]
C -- No --> E([401 Unauthorized])
D --> F[Service Layer]
F --> G[Repository]
G --> H[(PostgreSQL)]
G --> I[(Redis)]
F --> J[Stripe API]
J --> K[Webhook Event]
K --> L[(Redis Streams)]
Why use ChooChoo with Devin?
Devin opens PRs autonomously. ChooChoo makes sure they're the PRs you wanted.
Consistent Output
Generated code follows your linting rules from the start, reducing cleanup work before code review.
Fewer Iterations
The AI understands your standards upfront, producing acceptable code faster and with less back-and-forth.
Team Alignment
Everyone's AI assistant generates code that matches your team's style guide, automatically.
Zero Configuration
Get started instantly with sensible defaults that work out of the box for most projects.
Type-Safe Code
Strict linting rules catch potential bugs and enforce type safety before they reach review.
AI-Ready Rules
Purpose-built rules that AI models understand and follow consistently, session after session.
Ready to point Devin at your codebase?
Generate the knowledge file Devin needs to deliver work that lands in your team's style.
