AGIBuild/aspire-configuration
.cursor/skills/aspire-configuration/SKILL.md
Configure Aspire AppHost to emit explicit app config via environment variables while keeping app code free of Aspire clients and service discovery. Use when wiring AppHost resources to application configuration, ensuring production configuration is transparent and portable outside of Aspire, or avoiding Aspire client packages inside application code.
$ install --global
skillsauthnpx skillsauth add AGIBuild/Fulora aspire-configurationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 16, 2026, 10:38 PM6.7s1 file scanned
SKILL.md
- name:
- aspire-configuration
- description:
- Configure Aspire AppHost to emit explicit app config via environment variables while keeping app code free of Aspire clients and service discovery. Use when wiring AppHost resources to application configuration, ensuring production configuration is transparent and portable outside of Aspire, or avoiding Aspire client packages inside application code.
Aspire Configuration
When to Use This Skill
Use this skill when:
- Wiring AppHost resources to application configuration in Aspire-based repos
- Ensuring production configuration is transparent and portable outside of Aspire
- Avoiding Aspire client/service-discovery packages inside application code
- Designing feature toggles for dev/test without changing app code paths
Core Principles
-
AppHost owns Aspire infrastructure packages
- Aspire Hosting packages belong in AppHost only.
- App projects should not reference Aspire client/service-discovery packages.
-
Explicit configuration only
- AppHost must translate resource outputs into explicit config keys (env vars).
- App code binds to
IOptions<T>orConfigurationonly.
-
Production parity and transparency
- Every value injected by AppHost must be representable in production as env vars or config files without Aspire.
- Avoid opaque service discovery and implicit configuration.
Configuration Flow
AppHost resource -> WithEnvironment(...) -> app config keys -> IOptions<T> in app
The AppHost is responsible for turning Aspire resources into explicit app settings. The application never consumes Aspire clients or service discovery directly.
AppHost Patterns (Explicit Mapping)
Example: Database + Blob Storage
// AppHost/Program.cs
var builder = DistributedApplication.CreateBuilder(args);
var postgres = builder.AddPostgres("postgres");
var db = postgres.AddDatabase("appdb");
var minio = builder.AddContainer("minio", "minio/minio")
.WithArgs("server", "/data")
.WithHttpEndpoint(targetPort: 9000, name: "http")
.WithHttpEndpoint(targetPort: 9001, name: "console")
.WithEnvironment("MINIO_ROOT_USER", "minioadmin")
.WithEnvironment("MINIO_ROOT_PASSWORD", "minioadmin");
var api = builder.AddProject<Projects.MyApp_Api>("api")
.WithReference(db, "Postgres")
.WithEnvironment("BlobStorage__Enabled", "true")
.WithEnvironment("BlobStorage__ServiceUrl", minio.GetEndpoint("http"))
.WithEnvironment("BlobStorage__AccessKey", "minioadmin")
.WithEnvironment("BlobStorage__SecretKey", "minioadmin")
.WithEnvironment("BlobStorage__Bucket", "attachments")
.WithEnvironment("BlobStorage__ForcePathStyle", "true");
builder.Build().Run();
Key points
WithReference(db, "Postgres")setsConnectionStrings__Postgresexplicitly.- Every external dependency is represented via explicit config keys.
- The API project only reads
Configurationvalues.
App Code Pattern (No Aspire Clients)
Application code binds to options and initializes SDKs directly. It never depends on Aspire client packages or service discovery.
// Api/Program.cs
builder.Services
.AddOptions<BlobStorageOptions>()
.BindConfiguration("BlobStorage")
.ValidateDataAnnotations()
.ValidateOnStart();
builder.Services.AddSingleton<IBlobStorageService>(sp =>
{
var options = sp.GetRequiredService<IOptions<BlobStorageOptions>>().Value;
return new S3BlobStorageService(options); // uses explicit options only
});
Do not add Aspire client packages (or AddServiceDiscovery) to the app.
Those are orchestration concerns and should stay in AppHost.
Feature Toggles and Test Overrides
Keep toggles in config and drive them through AppHost and test fixtures. This maintains parity between dev/test and production configuration.
// AppHost: disable persistence in tests via config overrides
var config = builder.Configuration.GetSection("App")
.Get<AppHostConfiguration>() ?? new AppHostConfiguration();
if (!config.UseVolumes)
{
postgres.WithDataVolume(false);
}
api.WithEnvironment("BlobStorage__Enabled", config.EnableBlobStorage.ToString());
See skills/aspire/integration-testing/SKILL.md for patterns on passing
configuration overrides into DistributedApplicationTestingBuilder.
Do / Don’t Checklist
Do
- Map every Aspire resource output to explicit configuration keys
- Use
IOptions<T>with validation for all infrastructure settings - Keep AppHost as the only place that references Aspire hosting packages
- Ensure any AppHost-injected value can be set in production env vars
Don’t
- Reference Aspire client/service-discovery packages in application projects
- Rely on opaque service discovery that cannot be mirrored in production
- Hide configuration behind Aspire-only abstractions
Related Skills
skills/aspire/service-defaults/SKILL.mdskills/aspire/integration-testing/SKILL.mdskills/akka/aspire-configuration/SKILL.md
Resources
- Aspire AppHost environment configuration: https://learn.microsoft.com/en-us/dotnet/aspire/fundamentals/app-host
- Configuration in .NET: https://learn.microsoft.com/en-us/dotnet/core/extensions/configuration
Related Skills
AGIBuild/self-improvement
tools
VerifiedTrustedCommunity
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-headers
testing
VerifiedTrustedCommunity
Security headers configuration and best practices for ASP.NET Core Razor Pages applications. Covers CSP, HSTS, X-Frame-Options, and comprehensive security middleware setup. Use when configuring security headers in ASP.NET Core applications, implementing Content Security Policy (CSP), or setting up HSTS and other security-related HTTP headers.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-design-review
development
VerifiedTrustedCommunity
Reviews designs and business goals for security vulnerabilities, data protection (in transit/at rest), authorization, and compliance alignment. Use when the user asks for a security review, threat modeling, attack surface analysis, data leakage prevention, or compliance/security assessment.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/Razor Pages Patterns
development
VerifiedTrustedCommunity
Best practices for building production-grade ASP.NET Core Razor Pages applications. Focuses on structure, lifecycle, binding, validation, security, and maintainability in web apps using Razor Pages as the primary UI framework. Use when building Razor Pages applications, designing PageModels and handlers, implementing model binding and validation, or securing Razor Pages with authentication and authorization.
8SKILL.mdUpdated Apr 16, 2026