bitwisecook/irule-xc
ai/claude/skills/irule-xc/SKILL.md
Translate an F5 BIG-IP iRule to F5 Distributed Cloud (XC) configuration. Produces Terraform HCL and JSON API output with coverage analysis. Highlights untranslatable constructs and suggests XC alternatives. Use when migrating iRules to F5 XC, converting BIG-IP iRules to Distributed Cloud, translating iRule logic to Terraform, or planning F5 XC migration.
$ install --global
skillsauthnpx skillsauth add bitwisecook/tcl-lsp irule-xcInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 3, 2026, 8:31 PM52.3s1 file scanned
SKILL.md
- name:
- irule-xc
- description:
- Translate an F5 BIG-IP iRule to F5 Distributed Cloud (XC) configuration. Produces Terraform HCL and JSON API output with coverage analysis. Highlights untranslatable constructs and suggests XC alternatives. Use when migrating iRules to F5 XC, converting BIG-IP iRules to Distributed Cloud, translating iRule logic to Terraform, or planning F5 XC migration.
- allowed-tools:
- Bash, Read, Write
iRule to F5 XC Translation
Translate an iRule to F5 XC routes, service policies, origin pools, WAF exclusion rules, and header processing.
Steps
- Read domain knowledge from
ai/prompts/irules_system.md - Read the iRule source file
- Run the static translator:
uv run --no-dev python -c " import json from core.commands.registry.runtime import configure_signatures configure_signatures(dialect='f5-irules') from core.xc.translator import translate_irule from core.xc.terraform import render_terraform from core.xc.json_api import render_json source = open('$FILE').read() result = translate_irule(source) print('=== TERRAFORM ===') print(render_terraform(result)) print('=== JSON API ===') print(json.dumps(render_json(result), indent=2)) print('=== COVERAGE ===') print(f'{result.coverage_pct:.1f}%') if result.untranslatable_count > 0: print('=== UNTRANSLATABLE ===') for item in result.items: if item.status.name == 'UNTRANSLATABLE': note = f' ({item.note})' if item.note else '' print(f'- {item.irule_command}: {item.xc_description}{note}') if result.advisory_count > 0: print('=== ADVISORY ===') for item in result.items: if item.status.name == 'ADVISORY': print(f'- {item.irule_command}: {item.xc_description}') " - If the tool fails (e.g. file not found or import error), report the error clearly and suggest fixes
- Review the output:
- If coverage >= 80%, the static translation is sufficient
- If coverage < 80%, review untranslatable constructs and suggest alternatives:
- For complex routing: suggest XC custom route objects
- For L4 logic: suggest App Stack containers
- For state management (table, session): suggest XC-native rate limiting or API discovery
- For SSL/TLS events: suggest XC TLS configuration on the load balancer
- For WAF/ASM events: suggest XC App Firewall or WAF exclusion rules
- For bot defence: suggest XC Bot Defence
- For rate limiting patterns: suggest XC Rate Limiting
- Write Terraform output to
$FILE.tf - Write JSON API output to
$FILE.xc.json - Validate the generated Terraform is syntactically valid
- Add comments explaining each mapping from the original iRule to XC constructs
XC Mapping Reference
| iRule Construct | XC Equivalent |
|---|---|
| pool <name> | volterra_origin_pool + route |
| switch [HTTP::path] | L7 routes with path matching (prefix, suffix, exact, regex) |
| switch [HTTP::host] | L7 routes with domain matching |
| if [HTTP::path] starts_with/ends_with/contains/matches_regex | Route path matching |
| if [HTTP::header value "X"] eq "Y" | Route or policy header matching |
| if [HTTP::header exists "X"] | Route or policy header presence matching |
| if [HTTP::cookie "X"] eq "Y" | Route or policy cookie matching |
| if [HTTP::cookie exists "X"] | Route or policy cookie presence matching |
| if [HTTP::query] contains "X" | Route or policy query parameter matching |
| if [IP::client_addr] eq "X" | Service policy client source IP matching |
| if [class match [IP::client_addr] equals DG] | Service policy IP prefix set matching |
| ! [condition] or [condition] ne "X" | Inverted match (invert_matcher = true) |
| cond1 \|\| cond2 | Multiple rules (one per OR branch) |
| HTTP::redirect | redirect_route |
| HTTP::respond 403/401 | volterra_service_policy deny rule |
| HTTP::respond 200 | direct_response_route |
| HTTP::header insert/replace/remove | Load balancer header processing |
| ASM::disable | WAF exclusion rule with app_firewall_detection_control |
| ASM::enable | No action (WAF enabled by default) |
| class match | Service policy rules (data-group entries) |
| RULE_INIT | No equivalent -- use static XC config |
| CLIENT_ACCEPTED | No equivalent -- L4 event |
| CLIENTSSL_HANDSHAKE | XC TLS settings |
| ASM_* events | XC App Firewall |
| eval, uplevel | No equivalent -- consider App Stack |
| TCP::*, UDP::* | No equivalent -- L4 commands |
WAF Exclusion Rule Actions
When ASM::disable is translated to a WAF exclusion rule, these actions can be configured
in the app_firewall_detection_control block:
| Action | Description |
|---|---|
| exclude_all_attack_types | Disable all WAF detection (current default) |
| exclude_attack_type_contexts | Exclude specific attack types with context |
| exclude_signature_contexts | Exclude specific WAF signature IDs |
| exclude_bot_name_contexts | Exclude specific bot names from detection |
| exclude_violation_contexts | Exclude specific violation types |
$ARGUMENTS
Related Skills
bitwisecook/tcl-optimise
development
VerifiedTrustedCommunity
Apply LSP optimiser suggestions to a Tcl file and explain why each optimisation is safe and beneficial. Covers constant folding, propagation, dead code elimination, strength reduction, and expression canonicalisation. Use when optimising Tcl code, improving .tcl file performance, refactoring Tcl scripts for efficiency, or applying language server optimisation suggestions.
34SKILL.mdUpdated Apr 3, 2026
bitwisecook/irule-optimise
development
VerifiedTrustedCommunity
Apply LSP optimiser suggestions to an F5 iRule and explain why each optimisation is safe and beneficial. Covers constant folding, propagation, dead code elimination, strength reduction, and expression canonicalisation. Use when optimising iRule code, improving iRule performance, applying F5 iRule optimisations, or refactoring iRules for efficiency.
34SKILL.mdUpdated Apr 3, 2026
bitwisecook/tk-create
development
VerifiedTrustedCommunity
Create Tk GUI code from a description with proper widget hierarchy. Generates the code, validates with the LSP analyser (including TK-specific checks), and iterates until clean. Use when creating Tk GUIs, generating Tcl/Tk code from descriptions, building Tk widget layouts, or scaffolding Tk applications.
29SKILL.mdUpdated Apr 3, 2026
bitwisecook/tcl-validate
development
VerifiedTrustedCommunity
Run full LSP validation on a Tcl file and produce a categorised report of all issues: errors, security, style, and optimiser suggestions. Use when validating Tcl code, linting .tcl files, checking Tcl script quality, or running static analysis on Tcl scripts.
29SKILL.mdUpdated Apr 3, 2026