navraj007in/coding-rules
skills/coding-rules/SKILL.md
Generate AI-consumable coding rules (CLAUDE.md, .cursorrules, copilot-instructions) and enforcement tooling from SDL
$ install --global
skillsauthnpx skillsauth add navraj007in/architecture-cowork-plugin coding-rulesInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 7:07 PM70.9s1 file scanned
SKILL.md
- name:
- coding-rules
- description:
- Generate AI-consumable coding rules (CLAUDE.md, .cursorrules, copilot-instructions) and enforcement tooling from SDL
Coding Rules Generator
Generate architecture-aware coding rules that AI coding tools (Claude Code, Cursor, GitHub Copilot) enforce automatically across every session. Optionally generates hard enforcement tooling (ESLint, dependency-cruiser, pre-commit hooks, architecture tests).
Input: SDL document
Output: CLAUDE.md, .cursorrules, .github/copilot-instructions.md, per-project CLAUDE.md, optional enforcement configs
What It Generates
Advisory Rules (CLAUDE.md / .cursorrules / copilot-instructions.md)
A single markdown file (output to 3 locations for tool coverage) containing architecture-derived coding rules organized by category:
| Category | Source SDL Section | Example Rules |
|---|---|---|
| Architecture | architecture.style | Module boundary rules, service isolation, communication patterns |
| File Structure | architecture.projects | Framework conventions, ORM patterns, folder organization |
| Data Access | data | Repository pattern, database query rules, search engine usage |
| API Patterns | architecture.projects.backend | REST/GraphQL/gRPC conventions, versioning, service base paths |
| Authentication | auth | Provider-specific rules (Clerk/Auth0/Cognito), token handling, RBAC |
| Error Handling | errorHandling | Error format, global handler, circuit breaker, retry patterns |
| Integrations | integrations | Service client isolation, webhook handling, payment/email patterns |
| Testing | testing | Framework-specific rules, coverage targets, test structure |
| Observability | observability | Logging rules, tracing, metrics collection |
| Security | nonFunctional.security | PII handling, encryption, audit logging, OWASP compliance |
| Caching | data.cache | Cache invalidation, TTL, cache-aside pattern |
| Queues | data.queues | Message handling, idempotency, dead letter queues |
| Code Quality | (always generated) | SOLID principles, naming, DRY, single responsibility |
| Design Patterns | (always generated) | Framework-appropriate patterns (repository, factory, strategy) |
| File Size & Structure | (always generated) | Max file length, function complexity, extraction rules |
| API Design Quality | (always generated) | Pagination, filtering, consistent responses, HATEOAS |
| Database Queries | (always generated) | N+1 prevention, indexing, query optimization |
| Testing Quality | (always generated) | AAA pattern, test naming, mocking boundaries |
| Performance | (always generated) | Lazy loading, pagination, connection pooling |
| Import Organization | (always generated) | Import ordering, barrel exports, circular dependency prevention |
| Tech Debt Avoidance | (always generated) | TODO tracking, deprecation patterns, refactoring triggers |
| Resilience | (always generated) | Retry policies, timeouts, fallbacks, circuit breakers |
| Input Validation | (always generated) | Schema validation, sanitization, boundary validation |
| Concurrency | (always generated) | Race conditions, locking, atomic operations |
| Configuration | (always generated) | Env var patterns, secrets management, feature flags |
| Migration Safety | (always generated) | Backward compatibility, zero-downtime deploys, rollback |
| Documentation | (always generated) | When to document, inline comments, API docs |
| Git Workflow | (always generated) | Branch naming, commit messages, PR conventions |
Conditional Categories (added when applicable)
| Category | Condition | Rules | |---|---|---| | Accessibility | Frontend projects exist | WCAG compliance, ARIA, keyboard navigation, color contrast | | State Management | Frontend projects exist | Framework-specific state rules (React Context, Redux, Zustand) | | Mobile | Mobile projects exist | Platform guidelines, navigation, permissions, offline | | Internationalization | Multiple regions defined | i18n patterns, locale handling, RTL support |
Per-Project Rules
For monorepo setups, generates {project-name}/CLAUDE.md with project-specific rules:
- Backend: framework conventions, API style, ORM patterns, port assignment
- Frontend: rendering mode, styling approach, component library, state management
Enforcement Tooling (Optional)
When coding-rules-enforcement is in artifacts.generate, produces hard gates:
| File | Purpose | Language |
|---|---|---|
| .eslintrc.sdl.js | Custom ESLint rules from architecture | TypeScript/JS |
| pyproject.sdl.toml | Ruff/flake8 config from architecture | Python |
| .golangci.sdl.yml | golangci-lint config from architecture | Go |
| .dependency-cruiser.sdl.cjs | Module boundary enforcement | TypeScript/JS |
| .lintstagedrc.sdl.json | Pre-commit hook config | All |
| tests/architecture.test.ts | Architecture conformance tests | TypeScript |
How Rules Are Generated
Rules are deterministic — same SDL input always produces identical output. The generator:
- Reads architecture style, projects, data layer, auth, integrations from SDL
- Applies framework-specific rule templates (e.g., Express error handling vs FastAPI exception handlers)
- Adds conditional categories based on project composition
- Generates per-project overlays for monorepo setups
- Renders all rules into a single markdown document
Framework-Aware Rules
The generator tailors rules to the specific tech stack:
| Framework | Tailored Rules | |---|---| | Node.js/Express | Middleware patterns, async/await error handling, route organization | | Python/FastAPI | Pydantic models, dependency injection, async endpoints | | Go | Interface-based design, error wrapping, goroutine safety | | .NET 8 | Controller patterns, DI container, middleware pipeline | | Java/Spring | Bean lifecycle, AOP patterns, Spring Security | | Next.js | App Router conventions, Server Components, RSC boundaries | | React | Hook rules, component composition, render optimization |
When to Use
- After
/architect:scaffold— generate rules that match the scaffolded project structure - After SDL changes — regenerate to keep rules in sync with architecture evolution
- When onboarding AI tools — drop
CLAUDE.mdinto any project for instant architecture awareness - When adding enforcement — use
coding-rules-enforcementartifact for CI/CD gates
Integration
The coding rules generator is available as an SDL artifact type:
artifacts:
generate:
- coding-rules # Advisory rules (CLAUDE.md, .cursorrules, copilot-instructions)
- coding-rules-enforcement # Hard gates (ESLint, dependency-cruiser, pre-commit, arch tests)
Both are generated via the generate_from_sdl agent tool or the /api/sdl/generate endpoint.
Related Skills
navraj007in/skills/tradeoff-analysis
development
VerifiedTrustedCommunity
# Trade-Off Analysis Skill Quantifies exact trade-offs when switching between architecture options. Shows users precisely what they gain and lose when choosing Option A over Option B. ## When to Use Use this skill to help users decide between options by showing: 1. **Cost difference** — how much more/less per month? 2. **Performance difference** — how much faster/slower? 3. **Complexity difference** — how much harder to build/maintain? 4. **Scalability difference** — when does this option hit
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stage-detection
testing
VerifiedTrustedCommunity
# Stage Detection Skill Detects the current project stage (concept → mvp → growth → enterprise) based on `_state.json` field presence and completeness. Used by `/architect:next-steps`, `/architect:check-state`, and roadmap commands. ## When to Use Invoke this skill when you need to determine what stage a project is at based on its state file. Stage detection drives: - Command recommendations (what to run next) - Required fields validation (what should exist at this stage) - Risk assessment (w
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-swap-simulator
development
VerifiedTrustedCommunity
# Stack Swap Simulator Skill Estimates cost and effort to switch from one tech stack to another. Helps answer: "Can we migrate later if needed?" ## When to Use Use this skill to understand: 1. **Cost of switching stacks** — engineer weeks + downtime risk 2. **Timeline to switch** — how long is the project? 3. **Risk of switching** — what can go wrong? 4. **ROI of switching** — does it save money long-term? 5. **Backwards compatibility** — can we do a gradual migration? ## Input Provide sour
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-compatibility
tools
VerifiedTrustedCommunity
# Stack Compatibility Skill Verifies that chosen technologies integrate well together. Prevents "I picked these tools and they don't work well together" regrets. ## When to Use Use this skill to verify: 1. **Chosen tools work together** — React + Node + MongoDB = good? 2. **No hidden incompatibilities** — will I hit issues in production? 3. **Team can support it** — do we have expertise for this combo? 4. **Licenses compatible** — can we use these together commercially? 5. **Performance assum
2SKILL.mdUpdated Apr 27, 2026