luismpenholato/dotnet-backend-clean-architecture
skills/dotnet-backend-clean-architecture/SKILL.md
Clean Architecture + CQRS (MediatR) for .NET 10 backend APIs. Builds and maintains APIs with vertical slice (Features), Commands/Queries, handlers, validators, repositories, FluentMigrator, Refit integrations. Use when creating or refactoring .NET APIs, adding endpoints, commands, queries, entities, or when the user mentions Clean Architecture, CQRS, or MediatR.
development
Updated Jun 21, 2026
$ install --global
skillsauthnpx skillsauth add luismpenholato/maurao-skills dotnet-backend-clean-architectureInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 21, 2026, 6:40 AM25.4s2 files scanned
SKILL.md
- name:
- dotnet-backend-clean-architecture
- description:
- Clean Architecture + CQRS (MediatR) for .NET 10 backend APIs. Builds and maintains APIs with vertical slice (Features), Commands/Queries, handlers, validators, repositories, FluentMigrator, Refit integrations. Use when creating or refactoring .NET APIs, adding endpoints, commands, queries, entities, or when the user mentions Clean Architecture, CQRS, or MediatR.
Backend .NET – Clean Architecture + CQRS
Guide for creating and maintaining .NET 10 backends with Clean Architecture, CQRS (MediatR), and Features organization (vertical slice).
When to use this skill
- Add a new feature (new entity + CRUD or operations).
- Add a Command or Query to an existing feature.
- Create Controller, Handler, Validator, Repository, or UnitOfWork.
- Configure HTTP integration (Refit + Http.Resilience).
- Review or refactor code to follow this skill's pattern.
Target stack
| Technology | Usage |
|---|---|
| .NET 10 | Runtime and SDK (net10.0, SDK 10.0.301+) |
| MediatR 14 | CQRS |
| FluentValidation 12 | Validation in handler |
| EF Core 10 | ORM (InMemory / SQL Server) |
| FluentMigrator 8 | SQL schema (not EF Migrations) |
| Refit 11 + Http.Resilience 10 | HTTP integrations |
| xUnit + NSubstitute + FluentAssertions | Unit tests |
Solution at backend root: {Solution}.sln and .editorconfig (adjust names to your project).
Solution structure
{solution-root}/
├── {Solution}.sln
├── .editorconfig
├── CleanStack.Interface/ # API (Controllers, Program, Middlewares)
├── CleanStack.Application/ # Features/ → Commands and Queries
├── CleanStack.Domain/ # Entities, Interfaces, Services
├── CleanStack.Infrastructure/ # EF Core, Repositories, UnitOfWork
├── CleanStack.CrossCutting/ # DTOs, Options, Helpers
├── CleanStack.CrossCutting.IOC/ # ConfigureBindings* (DI)
├── CleanStack.Migration/ # FluentMigrator (console)
└── CleanStack.Tests/ # Features/ mirroring Application
Dependency rule: Interface → Application, CrossCutting, CrossCutting.IOC. Application and Infrastructure reference Domain. Application does not reference Infrastructure.
Checklist – New feature (e.g., Orders)
Domain
- [ ]
Entities/Order.csimplementingIEntity<TKey>(e.g.,long). - [ ]
Interfaces/Repositories/IOrderRepository.csextendingICrudRepository<Order, long>. - [ ]
Interfaces/UnitOfWork/IOrderUnitOfWork.cswith repository +SaveChangesAsync.
CrossCutting
- [ ]
Dto/Orders/OrderDto.cs(and other API DTOs if needed).
Infrastructure
- [ ]
Persistence/Map/OrderEntityConfig.cs(EF Fluent API). - [ ]
DbSet<Order>inAppDbContext. - [ ]
Repositories/OrderRepository.csextendingRepositoryBase<Order, long>. - [ ]
UnitOfWork/OrderUnitOfWork.csimplementingIOrderUnitOfWork. - [ ] CrossCutting.IOC: register in
ConfigureBindingsRepositoryandConfigureBindingsUnitOfWork.
Application – Commands
- [ ] Folder
Features/Orders/Commands/CreateOrder/. - [ ]
CreateOrderCommand.cs:recordwith: IRequest<OrderDto>. - [ ]
CreateOrderHandler.cs: injectIOrderUnitOfWorkandIValidator<T>;ValidateAndThrowAsyncat the start; return DTO. - [ ]
CreateOrderValidator.cs:AbstractValidator<CreateOrderCommand>when validation is needed.
Application – Queries
- [ ] Folder
Features/Orders/Queries/ListOrders/. - [ ]
ListOrdersQuery.cs+ListOrdersHandler.cs.
Interface
- [ ]
Controllers/OrdersController.cs:[ApiController],IMediator, HTTP returns (Ok, CreatedAtAction, NotFound, NoContent).
Tests
- [ ] In
CleanStack.Tests/Features/Orders/mirroring Application:{Command}HandlerTests.cs/{Query}HandlerTests.cs— NSubstitute; mockIValidator<T>in handlers.{Command}ValidatorTests.cs— real validator +Validate().
- [ ]
[Trait("Category", "Orders")].
Migration
- [ ] New FluentMigrator class in
CleanStack.Migration/Migrations/(e.g.,Mig_YYYYMMDDHHMMSS_CreateOrders.cs). - [ ] Keep aligned with EF
Persistence/Map/.
External HTTP integration (Products pattern)
When a feature consumes an external API:
- CrossCutting: integration DTOs (e.g.,
ExternalProductDto),Options/ExternalProductApiOptions.cs. - Domain:
Interfaces/Integration/IExternalProductIntegration.cs(Refit) andInterfaces/Services/IExternalProductService.cs. - Domain/Services: implementation that translates Refit exceptions (e.g., 404 → null).
- CrossCutting.IOC:
ConfigureBindingsIntegration—AddRefitClient<T>()+AddStandardResilienceHandler(). - Application: query or command using
IExternalProductService.
Config: ExternalProductApi:BaseUrl in appsettings.
Code patterns
Command (record)
public sealed record CreateProductCommand(
string? Name,
string? Description,
decimal? Price,
bool IsActive = true,
int? ImportFromExternalId = null) : IRequest<ProductDto>;
Handler (explicit validation — no global ValidationBehavior)
public async Task<ProductDto> Handle(CreateProductCommand request, CancellationToken cancellationToken)
{
await _validator.ValidateAndThrowAsync(request, cancellationToken);
// logic + repository via UoW
}
Validator registration (IOC)
services.AddValidatorsFromAssemblyContaining<CreateProductValidator>();
Controller
- One controller per resource; async methods with
CancellationToken; onlyMediator.Send.
Error handling
- FluentValidation →
ValidationException→ global middleware → 400 ProblemDetails. - Business rules →
InvalidOperationException→ 400. - Other exceptions → 500 (generic message in production).
- Middleware:
GlobalExceptionMiddlewarein Interface.
Conventions
- Namespaces:
CleanStack.Application.Features.{Feature}.Commands.{CommandName}and...Queries.{QueryName}. - One command/query per folder in Commands/ or Queries/.
- API DTOs in CrossCutting.Dto; entities in Domain.
- New bindings in CrossCutting.IOC (
ConfigureBindings*.cs). - Do not use
Application/Common/Behaviors/ValidationBehaviorin this pattern — validation stays in the handler. - Formatting:
dotnet format {Solution}.sln(.editorconfig).
Additional resources
- Detailed structure, endpoints, and flows: reference.md.
Related Skills
luismpenholato/react-nextjs-antd-clean-architecture
development
VerifiedTrustedCommunity
React 19 + Next.js 16 App Router, TypeScript, Ant Design, TanStack Query, Axios, React Hook Form, Zod — Clean Architecture frontend with vertical slice by feature. Use when creating or refactoring Next.js apps, admin panels, SaaS frontends, CRUDs, forms, layouts and frontend architecture.
SKILL.mdUpdated Jun 21, 2026
luismpenholato/angular-frontend-clean-architecture
development
VerifiedTrustedCommunity
Angular 21 standalone frontend with Clean Architecture, vertical slice (pages by feature), signals, OnPush, and ng-zorro. Use when creating or refactoring Angular apps, adding pages, components, services, directives, pipes, or when the user mentions Angular frontend, standalone components, or signals.
SKILL.mdUpdated Jun 21, 2026
openclaw/openclaw-secret-scanning-maintainer
development
VerifiedTrustedCommunity
Maintainer-only workflow for handling GitHub Secret Scanning alerts on OpenClaw. Use when Codex needs to triage, redact, clean up, and resolve secret leakage found in issue comments, issue bodies, PR comments, or other GitHub content.
357,764SKILL.mdUpdated Apr 15, 2026
openclaw/openclaw-release-maintainer
development
VerifiedTrustedCommunity
Maintainer workflow for OpenClaw releases, prereleases, changelog release notes, and publish validation. Use when Codex needs to prepare or verify stable or beta release steps, align version naming, assemble release notes, check release auth requirements, or validate publish-time commands and artifacts.
357,764SKILL.mdUpdated Apr 10, 2026