navraj007in/coding-rules-enforcement
skills/coding-rules-enforcement/SKILL.md
Generate hard enforcement tooling (ESLint, Ruff, golangci-lint, dependency-cruiser, pre-commit, arch tests, CI) from SDL
$ install --global
skillsauthnpx skillsauth add navraj007in/architecture-cowork-plugin coding-rules-enforcementInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 23, 2026, 7:06 PM53.7s1 file scanned
SKILL.md
- name:
- coding-rules-enforcement
- description:
- Generate hard enforcement tooling (ESLint, Ruff, golangci-lint, dependency-cruiser, pre-commit, arch tests, CI) from SDL
Coding Rules Enforcement Generator
Turns advisory coding rules into hard gates — linters, module boundary checks, architecture tests, pre-commit hooks, and CI workflows. All configs are derived deterministically from the SDL document.
Input: SDL document (via artifacts.generate including coding-rules-enforcement)
Output: Language-specific linter configs, dependency-cruiser rules, pre-commit hooks, architecture tests, CI workflow
API: POST /api/sdl/generate with artifactType: "coding-rules-enforcement" (no dedicated route)
What It Generates
Language Detection
The generator inspects architecture.projects.backend[] and frontend[] frameworks to determine which configs to produce:
| Framework | Language | Configs Generated |
|-----------|----------|-------------------|
| nodejs | TypeScript | ESLint, dependency-cruiser, arch tests |
| nextjs, react, vue, angular, svelte | TypeScript | ESLint (with React hooks/a11y if applicable) |
| python-fastapi | Python | Ruff + Mypy config |
| go | Go | golangci-lint config |
| java-spring | Java | ArchUnit tests |
| dotnet-8 | C# | NetArchTest tests |
Files Produced
| File | Language | Purpose |
|------|----------|---------|
| .eslintrc.sdl.js | TypeScript/JS | Custom ESLint rules from SDL architecture |
| pyproject.sdl.toml | Python | Ruff lint + Mypy strict + pytest coverage config |
| .golangci.sdl.yml | Go | 16+ linters with complexity limits |
| .dependency-cruiser.sdl.cjs | TypeScript/JS | Module boundary enforcement (modular-monolith/microservices) |
| .lintstagedrc.sdl.json | All | Pre-commit hook command mapping |
| .husky/pre-commit | All | Git pre-commit hook script |
| __tests__/architecture.sdl.test.ts | TypeScript | Architecture conformance tests |
| src/test/java/architecture/ArchitectureTest.java | Java | ArchUnit architecture tests |
| tests/Architecture.Tests/ArchitectureTests.cs | .NET | NetArchTest architecture tests |
| .github/workflows/enforce-architecture.yml | All | CI gate workflow |
ESLint Rules (TypeScript/JS)
20+ rules enforced:
@typescript-eslint/no-explicit-any: error— noanytypemax-params: 3— max function parametersno-console: error(allow warn) — no console.log in productionno-var, prefer-const— modern variable declarationsno-magic-numbers: warn— avoid unlabeled constantsmax-depth: 3— max nesting depthmax-lines: 500— max file sizemax-lines-per-function: 50— max function length@typescript-eslint/consistent-type-imports— type-only importsimport/no-cycle— no circular importsimport/order— enforced import ordering@typescript-eslint/naming-convention— camelCase functions, PascalCase types, UPPER_CASE enums@typescript-eslint/no-floating-promises— no unhandled promisesno-await-in-loop: warn— avoid sequential async in loops@typescript-eslint/no-unused-vars— no dead code
React-specific (when frontend uses React/Next.js):
react-hooks/rules-of-hooks— hook call rulesreact-hooks/exhaustive-deps— dependency arraysjsx-a11y/*— accessibility rules (alt-text, valid anchors, key events, labels)
Dependency Cruiser Rules (Module Boundaries)
Generated when architecture.style is modular-monolith or microservices:
| Rule | Severity | What It Prevents |
|------|----------|-----------------|
| no-circular | error | Circular dependencies |
| no-cross-module-internals | error | Importing another module's internal files (only .interface.ts and .types.ts allowed) |
| no-db-in-routes | error | Routes importing database directly |
| no-repository-in-routes | error | Routes bypassing services to access repositories |
| shared-no-module-imports | error | Shared utilities depending on business modules |
| orm-only-in-repositories-{name} | error | ORM package imported outside repository files |
Architecture Tests
TypeScript (__tests__/architecture.sdl.test.ts)
- Module Boundaries: No module imports another module's repository or internal files
- Data Access Patterns: Service files don't use database client directly; route files don't import repositories
- Security: No hardcoded secrets (Stripe keys, Anthropic keys, base64 keys)
- Dependency Graph: Runs dependency-cruiser validation (modular-monolith/microservices)
- Coverage: Validates coverage target from SDL
testing.coverage.target
Java (ArchitectureTest.java with ArchUnit)
- Controllers don't access repositories
- Services don't depend on controllers
- Repositories don't depend on services
- No cyclic package dependencies
- Per-module internal access restrictions
.NET (ArchitectureTests.cs with NetArchTest)
- Controllers don't reference repositories
- Services don't depend on controllers
- Repositories don't depend on services
CI Workflow (.github/workflows/enforce-architecture.yml)
Runs on PR to main/develop and push to main. Jobs by language:
| Job | Steps |
|-----|-------|
| lint-typescript | npm ci → ESLint → dependency-cruiser → architecture tests |
| lint-python | pip install → ruff check → ruff format → mypy → pytest with coverage |
| lint-go | golangci-lint → go test with coverage threshold |
| lint-java | mvnw verify (includes ArchUnit) |
| lint-dotnet | dotnet restore → dotnet test Architecture.Tests |
| commit-lint | commitlint (conventional commits) |
SDL Sections Used
| SDL Section | What It Controls |
|-------------|-----------------|
| architecture.projects.backend[].framework | Which language configs to generate |
| architecture.projects.frontend[].framework | React hooks/a11y rules, TypeScript linting |
| architecture.style | Enables dependency-cruiser module boundary rules |
| architecture.services[] | Module names for cross-module import restrictions |
| architecture.projects.backend[].orm | ORM-specific import restrictions |
| testing.coverage.target | Coverage enforcement threshold in CI |
Relationship to Coding Rules (Advisory)
| Aspect | coding-rules | coding-rules-enforcement |
|--------|----------------|---------------------------|
| Output | CLAUDE.md, .cursorrules, copilot-instructions.md | ESLint, Ruff, golangci-lint, tests, CI |
| Enforcement | Advisory (AI tool reads them) | Hard gates (CI blocks violations) |
| Scope | 27+ categories of architecture rules | Linting, boundaries, secrets, coverage |
| When | Always useful | When team needs CI-level enforcement |
Both are triggered via artifacts.generate in SDL. Use coding-rules alone for AI-guided development, add coding-rules-enforcement for automated CI gates.
Related Skills
navraj007in/skills/tradeoff-analysis
development
VerifiedTrustedCommunity
# Trade-Off Analysis Skill Quantifies exact trade-offs when switching between architecture options. Shows users precisely what they gain and lose when choosing Option A over Option B. ## When to Use Use this skill to help users decide between options by showing: 1. **Cost difference** — how much more/less per month? 2. **Performance difference** — how much faster/slower? 3. **Complexity difference** — how much harder to build/maintain? 4. **Scalability difference** — when does this option hit
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stage-detection
testing
VerifiedTrustedCommunity
# Stage Detection Skill Detects the current project stage (concept → mvp → growth → enterprise) based on `_state.json` field presence and completeness. Used by `/architect:next-steps`, `/architect:check-state`, and roadmap commands. ## When to Use Invoke this skill when you need to determine what stage a project is at based on its state file. Stage detection drives: - Command recommendations (what to run next) - Required fields validation (what should exist at this stage) - Risk assessment (w
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-swap-simulator
development
VerifiedTrustedCommunity
# Stack Swap Simulator Skill Estimates cost and effort to switch from one tech stack to another. Helps answer: "Can we migrate later if needed?" ## When to Use Use this skill to understand: 1. **Cost of switching stacks** — engineer weeks + downtime risk 2. **Timeline to switch** — how long is the project? 3. **Risk of switching** — what can go wrong? 4. **ROI of switching** — does it save money long-term? 5. **Backwards compatibility** — can we do a gradual migration? ## Input Provide sour
2SKILL.mdUpdated Apr 27, 2026
navraj007in/skills/stack-compatibility
tools
VerifiedTrustedCommunity
# Stack Compatibility Skill Verifies that chosen technologies integrate well together. Prevents "I picked these tools and they don't work well together" regrets. ## When to Use Use this skill to verify: 1. **Chosen tools work together** — React + Node + MongoDB = good? 2. **No hidden incompatibilities** — will I hit issues in production? 3. **Team can support it** — do we have expertise for this combo? 4. **Licenses compatible** — can we use these together commercially? 5. **Performance assum
2SKILL.mdUpdated Apr 27, 2026