Adoption

Agent Skills are supported by leading AI development tools.

VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory VS Code Gemini CLI GitHub Goose Amp Cursor Claude Code Letta OpenCode Claude OpenAI Codex Factory

lidge-jun/azure-verified-modules

Name: azure-verified-modules
Author: lidge-jun

terraform/code-generation/skills/azure-verified-modules/SKILL.md

npx skillsauth add lidge-jun/cli-jaw-skills azure-verified-modules

Clean

TrivyContainer and dependency vulnerability scanner

Clean

SemgrepStatic code analysis for vulnerabilities

Clean

mcp-scan (Snyk)Model Context Protocol security validation

Skipped

Snyk (dep)Open source security scanning

Skipped

Socket.devSupply chain security analysis

Skipped

VirusTotalMulti-engine malware detection

Skipped

CrowdStrikeAdvanced threat intelligence

Skipped

OSV-ScannerOpen Source Vulnerability database check

Skipped

OWASP Dep-Check

Azure Verified Modules (AVM) Requirements

References: AVM Docs | Terraform Specs

Module Cross-Referencing (TFFR1)

Reference other AVM modules via HashiCorp registry with pinned version: source = "Azure/xxx/azurerm" + version = "1.2.3"
Use only AVM modules — no git references (git::, github.com/)

Azure Provider Requirements (TFFR3)

| Provider | Min Version | Max Version | |----------|-------------|-------------| | azapi | >= 2.0 | < 3.0 | | azurerm | >= 4.0 | < 5.0 |

Use required_providers block to enforce versions
Prefer pessimistic version constraint (~>)

See references/code-examples.md for provider configuration example.

Code Style Standards

Naming (TFNFR4)

Use lower_snake_case for all locals, variables, outputs, resource symbolic names, and module symbolic names.

Resource Ordering (TFNFR6)

Place depended-on resources first. Keep resources with dependencies close to each other.

Count & for_each (TFNFR7)

Use count for conditional resource creation
Use map(xxx) or set(xxx) as for_each collection with static literal keys

Resource Block Internal Ordering (TFNFR8)

Top meta-arguments: provider, count, for_each
Arguments/blocks (alphabetical): required arguments → optional arguments → required nested blocks → optional nested blocks
Bottom meta-arguments: depends_on, lifecycle (sub-order: create_before_destroy, ignore_changes, prevent_destroy)

Separate sections with blank lines.

Module Block Ordering (TFNFR9)

Top: source, version, count, for_each
Arguments (alphabetical): required → optional
Bottom: depends_on, providers

Lifecycle ignore_changes (TFNFR10)

Use unquoted attributes: ignore_changes = [tags] (not ["tags"]). Quoted strings cause silent failures.

Conditional Creation (TFNFR11)

Wrap parameters requiring conditional creation with object type to avoid "known after apply" issues during plan.

Dynamic Blocks (TFNFR12)

Use for_each = <condition> ? [<item>] : [] pattern for optional nested blocks.

Default Values (TFNFR13)

Prefer coalesce() or try() over ternary expressions for default values — shorter and more readable.

Provider Declarations (TFNFR27)

Declare provider blocks in modules only for configuration_aliases
Provider configurations should be passed in by module users, because modules should remain provider-agnostic

Variable Requirements

Prohibited Variables (TFNFR14)

Avoid enabled or module_depends_on variables that control entire module operation. Feature toggles for specific resources are acceptable.

Definition Order (TFNFR15)

Required fields (alphabetical)
Optional fields (alphabetical)

Naming (TFNFR16)

Follow HashiCorp naming rules. Use positive statements for feature switches: xxx_enabled instead of xxx_disabled.

Descriptions (TFNFR17)

Write descriptions targeting module users (not developers). For object types, use HEREDOC format.

Types (TFNFR18)

Define type for every variable, as precise as possible
Use bool for true/false values (not string/number)
Use concrete object instead of map(any)
Reserve any for adequately justified cases only

Sensitive Data (TFNFR19)

For object variables with sensitive fields: either set sensitive = true on the entire variable, or extract sensitive fields into separate variables.

Non-Nullable Collections (TFNFR20)

Set nullable = false for collection values (sets, maps, lists) used in loops, because null collections cause runtime errors in for_each.

Nullability (TFNFR21)

Avoid nullable = true unless null carries specific semantic meaning.

Sensitive Defaults (TFNFR22, TFNFR23)

Omit sensitive = false (it is the default)
Do not set default values for sensitive inputs (e.g., passwords)

Deprecated Variables (TFNFR24)

Move to deprecated_variables.tf
Prefix description with DEPRECATED and declare the replacement name
Clean up during major version releases

Output Requirements

Computed Outputs (TFFR2)

Output discrete computed attributes (anti-corruption layer pattern) rather than entire resource objects, because resource schemas change across provider versions.

Avoid outputting values that are already inputs (except name)
Use sensitive = true for sensitive attributes
For for_each resources, output computed attributes in a map structure

Sensitive Outputs (TFNFR29)

Mark outputs containing confidential data with sensitive = true.

Deprecated Outputs (TFNFR30)

Move deprecated outputs to deprecated_outputs.tf. Define new outputs in outputs.tf. Clean up during major version releases.

Local Values (TFNFR31–33)

Keep locals blocks in locals.tf (advanced: declare next to related resources)
Arrange expressions alphabetically
Use precise types (e.g., number for age, not string)

Terraform Configuration

Version Requirements (TFNFR25)

terraform.tf requirements:

Single terraform block, required_version on first line
Include min and max major version constraints
Prefer ~> #.# or >= #.#.#, < #.#.# format

Providers in required_providers (TFNFR26)

Each provider specifies source (format: namespace/name) and version
Providers sorted alphabetically
Include only directly required providers
Version includes min and max major version constraints

Testing Requirements (TFNFR5, TFNFR36)

Required tools: terraform validate/fmt/test, terrafmt, Checkov, tflint (with azurerm ruleset), Go (optional).

Set prevent_deletion_if_contains_resources = false in test provider configs for clean teardown.

Documentation (TFNFR2)

Generate docs via terraform-docs. A .terraform-docs.yml file is required in the module root.

Feature Toggles (TFNFR34)

New resources in minor/patch versions require a toggle variable defaulting to false to avoid unexpected resource creation.

Breaking Changes (TFNFR35)

See references/breaking-changes.md for the full list of patterns that constitute breaking changes in resource, variable, and output blocks.

Contribution Standards (TFNFR3)

Set branch protection on the default branch: require PRs, approval, linear history, CODEOWNERS review. Prevent force pushes and branch deletion. No bypass for administrators.

References

Code examples — HCL patterns for all requirements
Compliance checklist — module review checklist
Breaking changes — detailed breaking change patterns

lidge-jun/azure-verified-modules

terraform/code-generation/skills/azure-verified-modules/SKILL.md

Azure Verified Modules (AVM) requirements and best practices for developing certified Azure Terraform modules. Use when creating or reviewing Azure modules that need AVM certification.

4 stars

development

Updated May 3, 2026

$ install --global

skillsauth

npx skillsauth add lidge-jun/cli-jaw-skills azure-verified-modules

Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.

Security Scan Results

3 of 9 scanners reported clean

Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.

Scanners Passed

Scanners in report

Clean

TrivyContainer and dependency vulnerability scanner

95%

Clean

SemgrepStatic code analysis for vulnerabilities

95%

Clean

mcp-scan (Snyk)Model Context Protocol security validation

95%

Skipped

Snyk (dep)Open source security scanning

50%

Skipped

Socket.devSupply chain security analysis

50%

Skipped

VirusTotalMulti-engine malware detection

50%

Skipped

CrowdStrikeAdvanced threat intelligence

50%

Skipped

OSV-ScannerOpen Source Vulnerability database check

50%

Skipped

OWASP Dep-Check

50%

Last scanned: May 3, 2026, 5:53 AM93.4s4 files scanned

SKILL.md

name:: azure-verified-modules
description:: Azure Verified Modules (AVM) requirements and best practices for developing certified Azure Terraform modules. Use when creating or reviewing Azure modules that need AVM certification.

Azure Verified Modules (AVM) Requirements

References: AVM Docs | Terraform Specs

Module Cross-Referencing (TFFR1)

Reference other AVM modules via HashiCorp registry with pinned version: source = "Azure/xxx/azurerm" + version = "1.2.3"
Use only AVM modules — no git references (git::, github.com/)

Azure Provider Requirements (TFFR3)

| Provider | Min Version | Max Version | |----------|-------------|-------------| | azapi | >= 2.0 | < 3.0 | | azurerm | >= 4.0 | < 5.0 |

Use required_providers block to enforce versions
Prefer pessimistic version constraint (~>)

See references/code-examples.md for provider configuration example.

Code Style Standards

Naming (TFNFR4)

Use lower_snake_case for all locals, variables, outputs, resource symbolic names, and module symbolic names.

Resource Ordering (TFNFR6)

Place depended-on resources first. Keep resources with dependencies close to each other.

Count & for_each (TFNFR7)

Use count for conditional resource creation
Use map(xxx) or set(xxx) as for_each collection with static literal keys

Resource Block Internal Ordering (TFNFR8)

Top meta-arguments: provider, count, for_each
Arguments/blocks (alphabetical): required arguments → optional arguments → required nested blocks → optional nested blocks
Bottom meta-arguments: depends_on, lifecycle (sub-order: create_before_destroy, ignore_changes, prevent_destroy)

Separate sections with blank lines.

Module Block Ordering (TFNFR9)

Top: source, version, count, for_each
Arguments (alphabetical): required → optional
Bottom: depends_on, providers

Lifecycle ignore_changes (TFNFR10)

Use unquoted attributes: ignore_changes = [tags] (not ["tags"]). Quoted strings cause silent failures.

Conditional Creation (TFNFR11)

Wrap parameters requiring conditional creation with object type to avoid "known after apply" issues during plan.

Dynamic Blocks (TFNFR12)

Use for_each = <condition> ? [<item>] : [] pattern for optional nested blocks.

Default Values (TFNFR13)

Prefer coalesce() or try() over ternary expressions for default values — shorter and more readable.

Provider Declarations (TFNFR27)

Declare provider blocks in modules only for configuration_aliases
Provider configurations should be passed in by module users, because modules should remain provider-agnostic

Variable Requirements

Prohibited Variables (TFNFR14)

Avoid enabled or module_depends_on variables that control entire module operation. Feature toggles for specific resources are acceptable.

Definition Order (TFNFR15)

Required fields (alphabetical)
Optional fields (alphabetical)

Naming (TFNFR16)

Follow HashiCorp naming rules. Use positive statements for feature switches: xxx_enabled instead of xxx_disabled.

Descriptions (TFNFR17)

Write descriptions targeting module users (not developers). For object types, use HEREDOC format.

Types (TFNFR18)

Define type for every variable, as precise as possible
Use bool for true/false values (not string/number)
Use concrete object instead of map(any)
Reserve any for adequately justified cases only

Sensitive Data (TFNFR19)

For object variables with sensitive fields: either set sensitive = true on the entire variable, or extract sensitive fields into separate variables.

Non-Nullable Collections (TFNFR20)

Set nullable = false for collection values (sets, maps, lists) used in loops, because null collections cause runtime errors in for_each.

Nullability (TFNFR21)

Avoid nullable = true unless null carries specific semantic meaning.

Sensitive Defaults (TFNFR22, TFNFR23)

Omit sensitive = false (it is the default)
Do not set default values for sensitive inputs (e.g., passwords)

Deprecated Variables (TFNFR24)

Move to deprecated_variables.tf
Prefix description with DEPRECATED and declare the replacement name
Clean up during major version releases

Output Requirements

Computed Outputs (TFFR2)

Output discrete computed attributes (anti-corruption layer pattern) rather than entire resource objects, because resource schemas change across provider versions.

Avoid outputting values that are already inputs (except name)
Use sensitive = true for sensitive attributes
For for_each resources, output computed attributes in a map structure

Sensitive Outputs (TFNFR29)

Mark outputs containing confidential data with sensitive = true.

Deprecated Outputs (TFNFR30)

Move deprecated outputs to deprecated_outputs.tf. Define new outputs in outputs.tf. Clean up during major version releases.

Local Values (TFNFR31–33)

Keep locals blocks in locals.tf (advanced: declare next to related resources)
Arrange expressions alphabetically
Use precise types (e.g., number for age, not string)

Terraform Configuration

Version Requirements (TFNFR25)

terraform.tf requirements:

Single terraform block, required_version on first line
Include min and max major version constraints
Prefer ~> #.# or >= #.#.#, < #.#.# format

Providers in required_providers (TFNFR26)

Each provider specifies source (format: namespace/name) and version
Providers sorted alphabetically
Include only directly required providers
Version includes min and max major version constraints

Testing Requirements (TFNFR5, TFNFR36)

Required tools: terraform validate/fmt/test, terrafmt, Checkov, tflint (with azurerm ruleset), Go (optional).

Set prevent_deletion_if_contains_resources = false in test provider configs for clean teardown.

Documentation (TFNFR2)

Generate docs via terraform-docs. A .terraform-docs.yml file is required in the module root.

Feature Toggles (TFNFR34)

New resources in minor/patch versions require a toggle variable defaulting to false to avoid unexpected resource creation.

Breaking Changes (TFNFR35)

See references/breaking-changes.md for the full list of patterns that constitute breaking changes in resource, variable, and output blocks.

Contribution Standards (TFNFR3)

Set branch protection on the default branch: require PRs, approval, linear history, CODEOWNERS review. Prevent force pushes and branch deletion. No bypass for administrators.

References

Code examples — HCL patterns for all requirements
Compliance checklist — module review checklist
Breaking changes — detailed breaking change patterns

Related Skills

lidge-jun/structured-renderers

development

VerifiedTrustedCommunity

Native Web UI structured renderer schemas for compose-block drafts, search-results cards, dataframe tables, chart-json charts, and diff output

4SKILL.mdUpdated Jun 12, 2026

lidge-jun/structured-renderers

lidge-jun/search

tools

VerifiedTrustedCommunity

Unified search hub. Route any web/real-time/X lookup through a 4-tier escalation: built-in web search → cli-jaw browser CDP → progrok Grok OAuth → web-ai (Grok Expert / GPT Pro). Use for: search, 검색, web search, latest news, real-time info, X/Twitter, fact lookup, deep research.

4SKILL.mdUpdated Jun 9, 2026

lidge-jun/dev-uiux-design

development

VerifiedTrustedCommunity

UI/UX intent discovery, design vocabulary, product personalities, UX state patterns, typography line break judgment, favicon/product logo design, and logo trust section design. Use when user design direction is vague, when building onboarding/empty/error states, when setting up favicons or product logos, or when referencing a product aesthetic.

4SKILL.mdUpdated Jun 8, 2026

lidge-jun/dev-uiux-design

lidge-jun/dev-architecture

development

VerifiedTrustedCommunity

Canonical owner of module boundary rules, circular dependency detection/prevention, implicit coupling taxonomy, barrel/re-export discipline, and boundary-only defensive programming. Referenced by dev, dev-code-reviewer, dev-backend, dev-frontend stubs.

4SKILL.mdUpdated Jun 8, 2026

lidge-jun/dev-architecture

Download

For Claude Desktop. Download once, then upload the file in the app — no terminal needed.

Need help? View full Cowork setup guide →

Install manually

Choose your platform

# Clone the repo
git clone https://github.com/lidge-jun/cli-jaw-skills.git

# Copy into Claude Code skills folder (global)
cp -r cli-jaw-skills/terraform/code-generation/skills/azure-verified-modules ~/.claude/skills/

Claude Code Skills — official skills path docs.

Repository

lidge-jun/cli-jaw-skills

4 stars

Compatible with

Claude Code

OpenAI Codex CLI

ChatGPT