Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

lazygophers/csharp-web

Name: csharp-web
Author: lazygophers

plugins/languages/csharp/skills/web/SKILL.md

npx skillsauth add lazygophers/ccplugin csharp-web

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

C# Web 开发规范

主流形态: Minimal API + EF Core + Blazor SSR。

项目骨架

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddProblemDetails()
    .AddOpenApi()                  // .NET 9+ 内置 (替代 Swashbuckle)
    .AddOutputCache()
    .AddHybridCache()              // .NET 10 GA, 替代 IDistributedCache
    .AddExceptionHandler<GlobalExceptionHandler>()
    .AddRateLimiter(o => o.AddFixedWindowLimiter("api", w =>
    {
        w.PermitLimit = 100;
        w.Window = TimeSpan.FromMinutes(1);
    }))
    .AddAuthentication().AddJwtBearer();

builder.Services.AddDbContextPool<AppDb>(o =>
    o.UseNpgsql(builder.Configuration.GetConnectionString("Db")));

var app = builder.Build();

app.UseExceptionHandler();      // 早期捕获
app.UseStatusCodePages();
app.UseHttpsRedirection();
app.UseRateLimiter();
app.UseAuthentication();
app.UseAuthorization();
app.UseOutputCache();
app.MapOpenApi();
app.MapHealthChecks("/health");
app.MapOrders();                // 扩展方法分组 endpoint
app.Run();

public partial class Program;   // 让集成测试可见

Minimal API 组织

每个资源一个静态类, 扩展方法 + MapGroup:

public static class OrderEndpoints
{
    public static IEndpointRouteBuilder MapOrders(this IEndpointRouteBuilder app)
    {
        var g = app.MapGroup("/api/orders")
                   .RequireAuthorization()
                   .RequireRateLimiting("api")
                   .WithTags("orders");

        g.MapGet("/{id:long}", GetById).WithName("GetOrder").CacheOutput();
        g.MapPost("/", Create).AddEndpointFilter<ValidationFilter>();
        return app;
    }

    static async Task<Results<Ok<OrderDto>, NotFound>> GetById(
        long id, IOrderService svc, CancellationToken ct) =>
        await svc.FindAsync(id, ct) is { } o ? TypedResults.Ok(o) : TypedResults.NotFound();
}

返回 Results<T1, T2> / TypedResults.* 让 OpenAPI 推断准确
不用 Results.Ok (非类型化), 用 TypedResults.Ok
参数绑定通过 [FromBody] / [FromQuery] / [FromServices] / [AsParameters]

异常处理: IExceptionHandler

public class GlobalExceptionHandler(ILogger<GlobalExceptionHandler> logger) : IExceptionHandler
{
    public async ValueTask<bool> TryHandleAsync(
        HttpContext ctx, Exception ex, CancellationToken ct)
    {
        logger.LogError(ex, "Unhandled: {Message}", ex.Message);
        await Results.Problem(
            title: "Internal Server Error",
            statusCode: StatusCodes.Status500InternalServerError,
            extensions: new Dictionary<string, object?> { ["traceId"] = ctx.TraceIdentifier })
            .ExecuteAsync(ctx);
        return true;
    }
}

业务错误: endpoint 直接返回 TypedResults.Problem(...) / ValidationProblem。

模型验证

DTO 用 record + required + 数据注解; 复杂规则用 Microsoft.AspNetCore.Http.Validation (.NET 10 内置) 或 FluentValidation
失败统一返回 ProblemDetails (AddProblemDetails)

Native AOT (Minimal API)

<PublishAot>true</PublishAot>

要求:

不要 Newtonsoft.Json; 用 System.Text.Json source generator
移除反射 IOC; 优先 keyed services + source-generated registration
dotnet publish -c Release 检查 IL2026 / IL3050 警告

[JsonSerializable(typeof(OrderDto))]
[JsonSerializable(typeof(CreateOrderDto))]
internal partial class AppJsonContext : JsonSerializerContext;

builder.Services.ConfigureHttpJsonOptions(o =>
    o.SerializerOptions.TypeInfoResolverChain.Insert(0, AppJsonContext.Default));

Blazor 渲染模式

| 模式 | 何时用 | |------|--------| | Static SSR | 列表/详情页面, 纯展示 | | SSR Streaming ([StreamRendering]) | 大段数据分块渲染 | | Interactive Server | 内网工具, 状态在服务端 | | Interactive WebAssembly | 高交互、可离线 | | Auto | SSR 首屏 + WebAssembly 接管 |

组件以 @rendermode 显式声明; 不要全站默认 Interactive。

中间件顺序

固定顺序: Exception → HTTPS → Static → Routing → CORS → AuthN → AuthZ → RateLimiter → OutputCache → Endpoints。自定义中间件继承 IMiddleware (DI 友好) 而不是约定方法。

鉴权与授权

JWT 优先 AddJwtBearer; Authority + Audience 必填
资源级授权用 IAuthorizationHandler + OperationAuthorizationRequirement
不要在 endpoint 手动 User.HasClaim, 用 policy
AddIdentityApiEndpoints<T>() 提供注册/登录/MFA 全套 endpoint

缓存

短期响应缓存: Output Caching + CacheOutput(...)
应用级数据: HybridCache (.NET 10 GA) 同时利用 L1 内存 + L2 Redis, 替代 IDistributedCache

var u = await cache.GetOrCreateAsync($"user:{id}",
    async ct => await db.Users.FindAsync([id], ct),
    tags: ["users"]);

可观测性

OpenTelemetry: AddOpenTelemetry().WithTracing().WithMetrics().WithLogs()
ASP.NET Core 内置 metrics: Microsoft.AspNetCore.Hosting、Microsoft.AspNetCore.Server.Kestrel
健康检查: liveness vs readiness 分开端点

测试

集成测试用 WebApplicationFactory<Program>; Program 加 public partial class Program;
替换外部依赖: WithWebHostBuilder + ConfigureTestServices
数据库用 TestContainers + Respawn 重置 (详见 csharp-data)

参考

ASP.NET Core 10 公告
Minimal APIs
Native AOT publishing
Blazor render modes
HybridCache
Rate limiting middleware

lazygophers/csharp-web

plugins/languages/csharp/skills/web/SKILL.md

ASP.NET Core 10 Web 开发规范。覆盖 Minimal API、native AOT 发布、Blazor SSR / Streaming / Auto / Interactive 渲染模式、rate limiting、output caching、HybridCache、 middleware 顺序、IExceptionHandler + ProblemDetails、OpenAPI 3.1、健康检查、 JWT / Identity API、WebApplicationFactory 集成测试。当开发 Web API、REST 服务、Blazor 应用、配置中间件管道、调优 ASP.NET Core, 或说 "ASP.NET Core"、"Minimal API"、"Blazor"、"middleware"、"WebApplication"、 "AOT publish"、"HybridCache" 时加载。

3 stars

development

Updated May 17, 2026

$ install --global

skillsauth

npx skillsauth add lazygophers/ccplugin csharp-web

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 17, 2026, 6:38 AM241.2s1 file scanned

SKILL.md

name:: csharp-web
description:: |
allowed-tools:: Read, Grep, Glob, Bash

C# Web 开发规范

主流形态: Minimal API + EF Core + Blazor SSR。

项目骨架

var builder = WebApplication.CreateBuilder(args);

builder.Services
    .AddProblemDetails()
    .AddOpenApi()                  // .NET 9+ 内置 (替代 Swashbuckle)
    .AddOutputCache()
    .AddHybridCache()              // .NET 10 GA, 替代 IDistributedCache
    .AddExceptionHandler<GlobalExceptionHandler>()
    .AddRateLimiter(o => o.AddFixedWindowLimiter("api", w =>
    {
        w.PermitLimit = 100;
        w.Window = TimeSpan.FromMinutes(1);
    }))
    .AddAuthentication().AddJwtBearer();

builder.Services.AddDbContextPool<AppDb>(o =>
    o.UseNpgsql(builder.Configuration.GetConnectionString("Db")));

var app = builder.Build();

app.UseExceptionHandler();      // 早期捕获
app.UseStatusCodePages();
app.UseHttpsRedirection();
app.UseRateLimiter();
app.UseAuthentication();
app.UseAuthorization();
app.UseOutputCache();
app.MapOpenApi();
app.MapHealthChecks("/health");
app.MapOrders();                // 扩展方法分组 endpoint
app.Run();

public partial class Program;   // 让集成测试可见

Minimal API 组织

每个资源一个静态类, 扩展方法 + MapGroup:

public static class OrderEndpoints
{
    public static IEndpointRouteBuilder MapOrders(this IEndpointRouteBuilder app)
    {
        var g = app.MapGroup("/api/orders")
                   .RequireAuthorization()
                   .RequireRateLimiting("api")
                   .WithTags("orders");

        g.MapGet("/{id:long}", GetById).WithName("GetOrder").CacheOutput();
        g.MapPost("/", Create).AddEndpointFilter<ValidationFilter>();
        return app;
    }

    static async Task<Results<Ok<OrderDto>, NotFound>> GetById(
        long id, IOrderService svc, CancellationToken ct) =>
        await svc.FindAsync(id, ct) is { } o ? TypedResults.Ok(o) : TypedResults.NotFound();
}

返回 Results<T1, T2> / TypedResults.* 让 OpenAPI 推断准确
不用 Results.Ok (非类型化), 用 TypedResults.Ok
参数绑定通过 [FromBody] / [FromQuery] / [FromServices] / [AsParameters]

异常处理: IExceptionHandler

public class GlobalExceptionHandler(ILogger<GlobalExceptionHandler> logger) : IExceptionHandler
{
    public async ValueTask<bool> TryHandleAsync(
        HttpContext ctx, Exception ex, CancellationToken ct)
    {
        logger.LogError(ex, "Unhandled: {Message}", ex.Message);
        await Results.Problem(
            title: "Internal Server Error",
            statusCode: StatusCodes.Status500InternalServerError,
            extensions: new Dictionary<string, object?> { ["traceId"] = ctx.TraceIdentifier })
            .ExecuteAsync(ctx);
        return true;
    }
}

业务错误: endpoint 直接返回 TypedResults.Problem(...) / ValidationProblem。

模型验证

DTO 用 record + required + 数据注解; 复杂规则用 Microsoft.AspNetCore.Http.Validation (.NET 10 内置) 或 FluentValidation
失败统一返回 ProblemDetails (AddProblemDetails)

Native AOT (Minimal API)

<PublishAot>true</PublishAot>

要求:

不要 Newtonsoft.Json; 用 System.Text.Json source generator
移除反射 IOC; 优先 keyed services + source-generated registration
dotnet publish -c Release 检查 IL2026 / IL3050 警告

[JsonSerializable(typeof(OrderDto))]
[JsonSerializable(typeof(CreateOrderDto))]
internal partial class AppJsonContext : JsonSerializerContext;

builder.Services.ConfigureHttpJsonOptions(o =>
    o.SerializerOptions.TypeInfoResolverChain.Insert(0, AppJsonContext.Default));

Blazor 渲染模式

组件以 @rendermode 显式声明; 不要全站默认 Interactive。

中间件顺序

鉴权与授权

JWT 优先 AddJwtBearer; Authority + Audience 必填
资源级授权用 IAuthorizationHandler + OperationAuthorizationRequirement
不要在 endpoint 手动 User.HasClaim, 用 policy
AddIdentityApiEndpoints<T>() 提供注册/登录/MFA 全套 endpoint

缓存

短期响应缓存: Output Caching + CacheOutput(...)
应用级数据: HybridCache (.NET 10 GA) 同时利用 L1 内存 + L2 Redis, 替代 IDistributedCache

var u = await cache.GetOrCreateAsync($"user:{id}",
    async ct => await db.Users.FindAsync([id], ct),
    tags: ["users"]);

可观测性

OpenTelemetry: AddOpenTelemetry().WithTracing().WithMetrics().WithLogs()
ASP.NET Core 内置 metrics: Microsoft.AspNetCore.Hosting、Microsoft.AspNetCore.Server.Kestrel
健康检查: liveness vs readiness 分开端点

测试

集成测试用 WebApplicationFactory<Program>; Program 加 public partial class Program;
替换外部依赖: WithWebHostBuilder + ConfigureTestServices
数据库用 TestContainers + Respawn 重置 (详见 csharp-data)

参考

ASP.NET Core 10 公告
Minimal APIs
Native AOT publishing
Blazor render modes
HybridCache
Rate limiting middleware

Related Skills

lazygophers/golang-db

development

VerifiedTrustedCommunity

Go 数据库规范——GORM Model 命名 ModelXxx、表名单数、枚举 uint8 + 常量、索引 idx_ 前缀 + deleted_at leading column、禁 time.Time 统一 int64 unix、禁指针/nullable 字段、TEXT/BLOB/JSON 禁 default、AutoMigrate 禁改主键。设计 DB model、写 GORM tag、建索引、做 migration 审查时触发。

4SKILL.mdUpdated Jun 5, 2026

lazygophers/golang-db

lazygophers/golang-api

development

VerifiedTrustedCommunity

Go HTTP API 规范——响应始终 200 + body code 字段、路由 /api/* 全 POST 单段 <Action><Model>、中间件逐路由注册禁 Group(prefix,mw...)、handler 仅返回 (rsp,error)、认证走 header。设计 HTTP API、写路由/handler/中间件时触发。

4SKILL.mdUpdated Jun 5, 2026

lazygophers/golang-api

lazygophers/golang-structure

development

VerifiedTrustedCommunity

Go 项目结构规范——三层架构（API → Impl → State）、全局状态模式、internal/ 私有包、cmd/ 仅 main.go、go.work 多模块、禁止 Repository 接口和 DI 容器、struct 公共字段开头全 omitempty、handler var rsp 顶声明、禁 legacy migration。设计项目骨架、新建目录、组织包、做架构评审时触发。

4SKILL.mdUpdated Apr 24, 2026

lazygophers/golang-structure

lazygophers/golang-naming

development

VerifiedTrustedCommunity

Go 命名规范——Id/Uid 字段（非 ID）、IsActive/HasMFA 布尔前缀、CreatedAt 时间字段、接收者统一用 p、包名全小写无下划线、泛型类型参数描述性命名、集合字段 xxx_list 禁 xxxs 复数、Enum 0 值 XxxNil 禁 Unknown、禁 Status 统一 State、Set/Update 语义区分。定义结构体字段、函数、变量、包、接收者名、泛型、枚举时触发。

4SKILL.mdUpdated Apr 24, 2026

lazygophers/golang-naming

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/lazygophers/ccplugin.git

# Copy into Claude Code skills folder (global)
cp -r ccplugin/plugins/languages/csharp/skills/web ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

lazygophers/ccplugin

3 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT