Lattice Core - User Guide

What Does Lattice Core Do?

Think of Lattice Core as a quality checker that runs in the background. It:

• Checks your code - Runs linting, type checking, tests, and builds
• Guides AI assistants - Creates rules so AI uses the right package versions
• Finds security issues - Scans for exposed secrets and API keys
• Tracks changes - Monitors if your code drifts from standards
• Sets up CI/CD - Generates GitHub Actions workflows
• Shows project health - Displays compliance scores and status

Quick Start

First Time Setup

Just run this in your project directory:

This will:

1. Ask a few questions about your project
2. Set up Lattice configuration
3. Generate quality rules for AI assistants
4. Add verification scripts to your project

That's it! You're ready to go.

Commands Overview

Getting Started

lattice - Interactive Setup

The easiest way to get started. Just run:

It will guide you through setup with questions.

lattice setup - Quick Setup

If you know what you want, use flags:

Options:

• --projectType - Choose nextjs or expo-eas
• --preset - Choose startup, pro, or enterprise (see Presets below)
• --preview - See what will change before applying
• --billing - Payment integration: stripe, paddle, or none
• --analytics - Analytics: posthog, mixpanel, or none
• --observability - Monitoring: sentry, datadog, or none
• --testing - Testing framework: jest, vitest, or none

Using a Bundle:

Available bundles: nextjs-saas, nextjs-landing, nextjs-trpc, expo-mobile, expo-supabase

lattice init - Initialize Configuration Only

Create Lattice configuration without generating the pack:

Flags:

• --projectType <nextjs|expo-eas> - Framework type
• --preset <startup|pro|enterprise> - Strictness preset
• --detect - Auto-detect from package.json
• --force - Overwrite existing config
• --billing, --analytics, --observability, --testing - Integration options

lattice generate - Generate Pack

Generate the Lattice pack (rules, configs, workflows) without applying:

What it creates:

• .cursor/rules.md - AI assistant instructions
• prompts/ - Reusable prompt templates
• .github/workflows/ - CI/CD workflows
• .vscode/tasks.json - Editor integration
• package.json scripts - Verification commands

Flags:

• --output <dir> - Output directory (default: ./lattice-pack)
• --config <path> - Custom config file (default: .lattice/config.json)

lattice apply - Apply Pack to Project

Apply a generated pack to your project:

What it does:

• Merges rules into existing .cursor/rules.md (preserves your custom sections)
• Adds/updates package.json scripts
• Creates CI workflows
• Updates editor configs

Flags:

• --pack <dir> - Pack directory (default: ./lattice-pack)
• --target <dir> - Target directory (default: .)
• --preview - Show what would change without applying
• --confirm - Show preview and ask for confirmation
• --force - Reset to baseline (overwrites your changes)

Checking Your Code

lattice verify - Run Quality Checks

This is the command you'll use most often. It runs your linting, type checking, tests, and builds.

What gets checked:

• startup preset: lint, typecheck
• pro preset: lint, typecheck, test
• enterprise preset: lint, typecheck, test, build

Useful flags:

• --only <checks> - Run only specific checks (comma-separated)
• --full - Run all checks regardless of preset
• --quality - Run quality checks (Lighthouse, axe accessibility) - Next.js only
• --watch - Keep running and check on file changes
• --install - Install dependencies if needed
• --json - Get results as JSON (for scripts)

lattice verify-rules - Check Rules File

Makes sure your AI assistant rules are up to date:

Flags:

• --rules <path> - Custom rules file path (default: .cursor/rules.md)
• --stack <stack> - Expected stack (nextjs, expo, etc.)

lattice release-check - Pre-Launch Checklist

Before releasing, run this to make sure everything is ready:

Checks for:

• Documentation (README, CHANGELOG)
• Environment variables documented
• No exposed secrets
• All tests passing
• Version numbers updated

Security

lattice security-scan / lattice scan - Find Exposed Secrets

Scans your code for accidentally committed API keys, passwords, and other secrets:

What it finds:

• API keys (OpenAI, Anthropic, AWS, Stripe, etc.)
• Database passwords and connection strings
• JWT secrets and tokens
• Private keys (PEM format)
• OAuth tokens and client secrets
• Cloud service credentials (Vercel, Netlify, Heroku, etc.)
• Payment service keys (Stripe, PayPal, Square)
• Email service keys (SendGrid, Mailgun, Resend)
• Monitoring keys (Sentry, Datadog, New Relic)
• And 50+ other secret patterns

Severity levels:

• Critical: API keys, passwords, private keys, database connections
• High: Tokens, webhook URLs, service credentials
• Medium: Email addresses in config, potential keys

Auto-fix (--fix):

• Moves secrets to .env.local
• Updates code to use process.env variables
• Updates .gitignore to exclude .env files
• Validates secret formats before fixing

Export formats:

• --json - JSON output for programmatic use
• --sarif - SARIF format for CI/CD integration (GitHub Security, etc.)
• --export <path> - Save report to file (JSON or SARIF)

Additional features:

• Validates .env files are properly gitignored
• Scans git history for secrets that were committed in the past
• Pre-commit hook prevents committing secrets
• Secret format validation (checks if keys match expected patterns)

Project Status

lattice status - See How You're Doing

Get a quick overview of your project's health:

Shows:

• Compliance score (0-100%)
• Configuration status
• Rules file status
• Last verification results
• Drift percentage

lattice drift - See What Changed

Check if your Lattice-managed files have been modified:

Shows:

• Files you've modified
• Files that were deleted
• New files added

To reset to baseline:

lattice progress - Track Project Phases

If you have a PROJECT_GUIDE.md with checkboxes, see your progress:

Requires PROJECT_GUIDE.md with checkboxes like:

- [x] Phase 1: Setup
- [ ] Phase 2: Build features
- [ ] Phase 3: Launch

lattice diff - See Changes

See what's changed since Lattice last generated files:

Configuration

lattice config show - View Settings

See your current Lattice configuration:

lattice rules explain - Understand Rules File

Get an explanation of what your .cursor/rules.md file does:

Updates

lattice check - Check for Updates

See if a new version of Lattice is available:

lattice update - Update Lattice

Update your Lattice rules to the latest version:

This preserves your custom changes while updating Lattice-generated content.

Bundle Management

lattice bundle update - Check Bundle Version

See if your Lattice bundle is up to date:

lattice bundle diff - Preview Bundle Changes

See what would change if you regenerated:

lattice bundle rollback - Undo Changes

Revert to a previous bundle version (if backup exists):

CI/CD

lattice ci - Generate CI Workflow

Create a GitHub Actions or GitLab CI workflow:

Creates workflows that run lint, typecheck, test, and build on every push.

Advanced Commands

These commands are used internally by setup, but you can use them directly if needed:

See lattice generate and lattice apply above in the "Getting Started" section.

Utilities

lattice doctor - Fix Common Issues

Check your environment and fix common problems:

Checks:

• Node.js and npm versions
• Git setup
• Missing scripts in package.json
• Missing .gitignore
• TypeScript configuration

lattice completions - Shell Autocomplete

Get tab completion for Lattice commands:

Presets Explained

Lattice has three strictness levels:

What Gets Created

After running lattice setup, you'll have:

your-project/
├── .lattice/
│   ├── config.json          # Your Lattice settings
│   ├── manifest.json        # What Lattice generated
│   └── compliance.json      # Verification history
├── .cursor/
│   └── rules.md            # Rules for AI assistants
├── prompts/                # Reusable prompt templates
│   ├── 01-feature-implementation.md
│   ├── 02-bug-fix.md
│   ├── 03-safe-refactor.md
│   ├── 04-test-first.md
│   ├── 05-ui-polish.md
│   └── 06-security-review.md
├── .github/
│   └── workflows/
│       └── ci.yml          # CI workflow
├── .vscode/
│   └── tasks.json          # Editor tasks
└── package.json            # Updated with verify scripts

Common Workflows

Daily Development

Before Releasing

Updating Lattice

Setting Up CI/CD

How It Works with AI Assistants

Cursor

Lattice creates .cursor/rules.md that tells Cursor:

• What package versions to use
• Your project structure
• How to verify code quality
• Framework-specific patterns

Cursor automatically reads and follows these rules.

Claude Code

Lattice also creates CLAUDE.md for Claude Code compatibility.

Troubleshooting

Tips & Tricks

Custom Rules

You can add your own rules to .cursor/rules.md. Lattice won't overwrite anything outside the <!-- LATTICE:START --> and <!-- LATTICE:END --> markers:

<!-- LATTICE:START ... -->
... Lattice-generated content ...
<!-- LATTICE:END -->

## My Custom Rules

Add your own rules here - they'll be preserved!

Customizing Bundles

1. Run lattice generate to create a pack
2. Modify files in lattice-pack/
3. Apply with lattice apply

Viewing Compliance History

Check .lattice/compliance.json or run lattice status to see your verification history and compliance scores.

Getting Help

• Run lattice help for command overview
• Run lattice <command> --help for specific command help
• Check the docs/ directory for more documentation