AGIBuild/local-tools
.cursor/skills/local-tools/SKILL.md
Best practices for working with .NET local tools, including manifest management, tool installation, and versioning. Use when setting up dotnet-tools.json for a project, installing or updating local tools, or managing tool versions across team members.
$ install --global
skillsauthnpx skillsauth add AGIBuild/Fulora local-toolsInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 24, 2026, 8:59 PM1.8s1 file scanned
SKILL.md
- name:
- local-tools
- description:
- Best practices for working with .NET local tools, including manifest management, tool installation, and versioning. Use when setting up dotnet-tools.json for a project, installing or updating local tools, or managing tool versions across team members.
.NET Local Tools
When to Use This Skill
Use this skill when:
- Setting up consistent tooling across a development team
- Ensuring CI/CD pipelines use the same tool versions as local development
- Managing project-specific CLI tools (docfx, incrementalist, dotnet-ef, etc.)
- Avoiding global tool version conflicts between projects
What Are Local Tools?
Local tools are .NET CLI tools that are installed and versioned per-repository rather than globally. They're defined in .config/dotnet-tools.json and restored with dotnet tool restore.
Local vs Global Tools
| Aspect | Global Tools | Local Tools |
|--------|--------------|-------------|
| Installation | dotnet tool install -g | dotnet tool restore |
| Scope | Machine-wide | Per-repository |
| Version control | Manual | In .config/dotnet-tools.json |
| CI/CD | Must install each tool | Single restore command |
| Conflicts | Can have version conflicts | Isolated per project |
Setting Up Local Tools
Initialize the Manifest
# Create .config/dotnet-tools.json
dotnet new tool-manifest
This creates:
.config/
└── dotnet-tools.json
Install Tools Locally
# Install a tool locally
dotnet tool install docfx
# Install specific version
dotnet tool install docfx --version 2.78.3
# Install from a specific source
dotnet tool install MyTool --add-source https://mycompany.pkgs.visualstudio.com/_packaging/feed/nuget/v3/index.json
Restore Tools
# Restore all tools from manifest
dotnet tool restore
dotnet-tools.json Format
{
"version": 1,
"isRoot": true,
"tools": {
"docfx": {
"version": "2.78.3",
"commands": [
"docfx"
],
"rollForward": false
},
"dotnet-ef": {
"version": "9.0.0",
"commands": [
"dotnet-ef"
],
"rollForward": false
},
"incrementalist.cmd": {
"version": "1.2.0",
"commands": [
"incrementalist"
],
"rollForward": false
},
"dotnet-reportgenerator-globaltool": {
"version": "5.4.1",
"commands": [
"reportgenerator"
],
"rollForward": false
}
}
}
Fields
| Field | Description |
|-------|-------------|
| version | Manifest schema version (always 1) |
| isRoot | Marks this as the root manifest (prevents searching parent directories) |
| tools | Dictionary of tool configurations |
| tools.<name>.version | Exact version to install |
| tools.<name>.commands | CLI commands the tool provides |
| tools.<name>.rollForward | Allow newer versions (usually false for reproducibility) |
Common Tools
Documentation
# DocFX - API documentation generator
dotnet tool install docfx
"docfx": {
"version": "2.78.3",
"commands": ["docfx"],
"rollForward": false
}
Usage:
dotnet docfx docfx.json
dotnet docfx serve _site
Entity Framework Core
# EF Core CLI for migrations
dotnet tool install dotnet-ef
"dotnet-ef": {
"version": "9.0.0",
"commands": ["dotnet-ef"],
"rollForward": false
}
Usage:
dotnet ef migrations add InitialCreate
dotnet ef database update
Code Coverage
# ReportGenerator for coverage reports
dotnet tool install dotnet-reportgenerator-globaltool
"dotnet-reportgenerator-globaltool": {
"version": "5.4.1",
"commands": ["reportgenerator"],
"rollForward": false
}
Usage:
dotnet reportgenerator -reports:coverage.cobertura.xml -targetdir:coveragereport -reporttypes:Html
Incremental Builds
# Incrementalist - build only changed projects
dotnet tool install incrementalist.cmd
"incrementalist.cmd": {
"version": "1.2.0",
"commands": ["incrementalist"],
"rollForward": false
}
Usage:
# Get projects affected by changes since main branch
incrementalist --branch main
Code Formatting
# CSharpier - opinionated C# formatter
dotnet tool install csharpier
"csharpier": {
"version": "0.30.3",
"commands": ["dotnet-csharpier"],
"rollForward": false
}
Usage:
dotnet csharpier .
dotnet csharpier --check . # CI mode - fails if changes needed
Code Analysis
# JB dotnet-inspect (requires license)
dotnet tool install jb
"jb": {
"version": "2024.3.4",
"commands": ["jb"],
"rollForward": false
}
CI/CD Integration
GitHub Actions
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
global-json-file: global.json
- name: Restore tools
run: dotnet tool restore
- name: Build
run: dotnet build
- name: Test with coverage
run: dotnet test --collect:"XPlat Code Coverage"
- name: Generate coverage report
run: dotnet reportgenerator -reports:**/coverage.cobertura.xml -targetdir:coveragereport
- name: Build documentation
run: dotnet docfx docs/docfx.json
Azure Pipelines
steps:
- task: UseDotNet@2
inputs:
useGlobalJson: true
- script: dotnet tool restore
displayName: 'Restore .NET tools'
- script: dotnet build -c Release
displayName: 'Build'
- script: dotnet test -c Release --collect:"XPlat Code Coverage"
displayName: 'Test'
- script: dotnet reportgenerator -reports:**/coverage.cobertura.xml -targetdir:$(Build.ArtifactStagingDirectory)/coverage
displayName: 'Generate coverage report'
Managing Tool Versions
Update a Tool
# Update to latest version
dotnet tool update docfx
# Update to specific version
dotnet tool update docfx --version 2.79.0
List Installed Tools
# List local tools
dotnet tool list
# List with outdated check
dotnet tool list --outdated
Remove a Tool
dotnet tool uninstall docfx
Best Practices
1. Always Set isRoot: true
Prevents MSBuild from searching parent directories for tool manifests:
{
"version": 1,
"isRoot": true,
...
}
2. Pin Exact Versions
Use "rollForward": false for reproducible builds:
"docfx": {
"version": "2.78.3",
"rollForward": false
}
3. Restore in CI Before Use
Always run dotnet tool restore before using any local tool:
- run: dotnet tool restore
- run: dotnet docfx docs/docfx.json
4. Document Tool Requirements
Add a comment or section in README:
## Development Setup
1. Restore tools: `dotnet tool restore`
2. Build: `dotnet build`
3. Test: `dotnet test`
5. Use Dependabot for Updates
# .github/dependabot.yml
version: 2
updates:
- package-ecosystem: "nuget"
directory: "/"
schedule:
interval: "weekly"
# Includes local tools in .config/dotnet-tools.json
Troubleshooting
Tool Not Found After Restore
Ensure you're running from the repository root:
# Wrong - running from subdirectory
cd src/MyApp
dotnet docfx # Error: tool not found
# Correct - run from solution root
cd ../..
dotnet docfx docs/docfx.json
Version Conflicts
If you see version conflicts, check for:
- Global tool with different version:
dotnet tool list -g - Multiple tool manifests: Look for
.config/dotnet-tools.jsonin parent directories
Clearing Tool Cache
# Clear NuGet tool cache
dotnet nuget locals all --clear
# Re-restore tools
dotnet tool restore
Example: Complete Development Setup
{
"version": 1,
"isRoot": true,
"tools": {
"docfx": {
"version": "2.78.3",
"commands": ["docfx"],
"rollForward": false
},
"dotnet-ef": {
"version": "9.0.0",
"commands": ["dotnet-ef"],
"rollForward": false
},
"dotnet-reportgenerator-globaltool": {
"version": "5.4.1",
"commands": ["reportgenerator"],
"rollForward": false
},
"csharpier": {
"version": "0.30.3",
"commands": ["dotnet-csharpier"],
"rollForward": false
},
"incrementalist.cmd": {
"version": "1.2.0",
"commands": ["incrementalist"],
"rollForward": false
}
}
}
Development workflow:
# Initial setup
dotnet tool restore
# Format code before commit
dotnet csharpier .
# Run tests with coverage
dotnet test --collect:"XPlat Code Coverage"
dotnet reportgenerator -reports:**/coverage.cobertura.xml -targetdir:coverage
# Build documentation
dotnet docfx docs/docfx.json
# Check which projects changed (for large repos)
incrementalist --branch main
Related Skills
AGIBuild/self-improvement
tools
VerifiedTrustedCommunity
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Claude ('No, that's wrong...', 'Actually...'), (3) User requests a capability that doesn't exist, (4) An external API or tool fails, (5) Claude realizes its knowledge is outdated or incorrect, (6) A better approach is discovered for a recurring task. Also review learnings before major tasks.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-headers
testing
VerifiedTrustedCommunity
Security headers configuration and best practices for ASP.NET Core Razor Pages applications. Covers CSP, HSTS, X-Frame-Options, and comprehensive security middleware setup. Use when configuring security headers in ASP.NET Core applications, implementing Content Security Policy (CSP), or setting up HSTS and other security-related HTTP headers.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/security-design-review
development
VerifiedTrustedCommunity
Reviews designs and business goals for security vulnerabilities, data protection (in transit/at rest), authorization, and compliance alignment. Use when the user asks for a security review, threat modeling, attack surface analysis, data leakage prevention, or compliance/security assessment.
8SKILL.mdUpdated Apr 16, 2026
AGIBuild/Razor Pages Patterns
development
VerifiedTrustedCommunity
Best practices for building production-grade ASP.NET Core Razor Pages applications. Focuses on structure, lifecycle, binding, validation, security, and maintainability in web apps using Razor Pages as the primary UI framework. Use when building Razor Pages applications, designing PageModels and handlers, implementing model binding and validation, or securing Razor Pages with authentication and authorization.
8SKILL.mdUpdated Apr 16, 2026