From 298ce31488ca278fe85f43650b1da82deb24d068 Mon Sep 17 00:00:00 2001 From: Yogesh Rao Date: Fri, 17 Apr 2026 00:15:05 +0530 Subject: [PATCH 1/2] feat: improve skill scores across standards repo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Hey @williamzujkowski 👋 I ran your skills through `tessl skill review` at work and found some targeted improvements. Here's the full before/after: | Skill | Before | After | Change | |-------|--------|-------|--------| | patterns | 23% | 86% | +63% | | ci-cd | 46% | 84% | +38% | | coding-standards | 34% | 71% | +37% | | testing | 46% | 79% | +33% | | security-practices | 46% | 68% | +22% | Changes: - Rewrote all 5 skill descriptions with action verbs, specific capabilities, and explicit "Use when..." trigger clauses - Removed identical generic boilerplate from all skills (Common Pitfalls, Integration Points, TODO examples) - Replaced architecture/patterns hollow template with concrete implementations (Hexagonal, CQRS, Event-Driven, Circuit Breaker) - Removed redundant sections (duplicate Related Skills, "When to Use This Skill", self-referential metadata) - Used quoted string format for all descriptions --- skills/architecture/patterns/SKILL.md | 285 ++++++++++++++++++++++---- skills/coding-standards/SKILL.md | 103 +--------- skills/devops/ci-cd/SKILL.md | 119 +---------- skills/security-practices/SKILL.md | 103 +--------- skills/testing/SKILL.md | 117 +---------- 5 files changed, 254 insertions(+), 473 deletions(-) diff --git a/skills/architecture/patterns/SKILL.md b/skills/architecture/patterns/SKILL.md index 3f90d97..75dc022 100644 --- a/skills/architecture/patterns/SKILL.md +++ b/skills/architecture/patterns/SKILL.md @@ -1,9 +1,9 @@ --- name: patterns -description: Patterns standards for patterns in Architecture environments. Covers +description: "Applies architectural design patterns including microservices decomposition, event-driven architecture, hexagonal/ports-and-adapters, CQRS, and domain-driven design bounded contexts. Use when the user asks about system design, architectural patterns, service boundaries, event sourcing, CQRS, hexagonal architecture, or domain-driven design." --- -# Patterns +# Architecture Patterns > **Quick Navigation:** > Level 1: [Quick Start](#level-1-quick-start) (5 min) → Level 2: [Implementation](#level-2-implementation) (30 min) → Level 3: [Mastery](#level-3-mastery-resources) (Extended) @@ -14,61 +14,274 @@ description: Patterns standards for patterns in Architecture environments. Cover ### Core Principles -1. **Best Practices**: Follow industry-standard patterns for architecture -2. **Security First**: Implement secure defaults and validate all inputs -3. **Maintainability**: Write clean, documented, testable code -4. **Performance**: Optimize for common use cases +1. **Separation of Concerns**: Each component owns a single responsibility +2. **Loose Coupling**: Services communicate through well-defined interfaces +3. **High Cohesion**: Related functionality lives together +4. **Dependency Inversion**: Depend on abstractions, not implementations -### Essential Checklist +### Pattern Selection Guide -- [ ] Follow established patterns for architecture -- [ ] Implement proper error handling -- [ ] Add comprehensive logging -- [ ] Write unit and integration tests -- [ ] Document public interfaces +| Pattern | Best For | Trade-off | +|---------|----------|-----------| +| Hexagonal | Testable domain logic | More initial boilerplate | +| CQRS | Read/write asymmetry | Eventual consistency complexity | +| Event-Driven | Decoupled services | Debugging distributed flows | +| Microservices | Independent deployability | Operational overhead | +| Layered | Simple CRUD apps | Tight coupling risk at scale | -### Quick Links to Level 2 +### Essential Checklist -- [Core Concepts](#core-concepts) -- [Implementation Patterns](#implementation-patterns) -- [Common Pitfalls](#common-pitfalls) +- [ ] Define bounded contexts before splitting services +- [ ] Establish communication patterns (sync vs async) +- [ ] Design for failure (circuit breakers, retries, timeouts) +- [ ] Document architectural decision records (ADRs) +- [ ] Validate with fitness functions --- ## Level 2: Implementation -### Core Concepts +### Hexagonal Architecture (Ports & Adapters) + +```typescript +// Domain layer — no framework dependencies +interface OrderRepository { + save(order: Order): Promise; + findById(id: string): Promise; +} + +interface PaymentGateway { + charge(amount: Money, method: PaymentMethod): Promise; +} + +class PlaceOrderUseCase { + constructor( + private orders: OrderRepository, + private payments: PaymentGateway + ) {} + + async execute(cmd: PlaceOrderCommand): Promise { + const order = Order.create(cmd.items, cmd.customerId); + const payment = await this.payments.charge(order.total, cmd.paymentMethod); + order.confirmPayment(payment.transactionId); + await this.orders.save(order); + return order.id; + } +} + +// Infrastructure adapter — implements the port +class PostgresOrderRepository implements OrderRepository { + constructor(private pool: Pool) {} + + async save(order: Order): Promise { + await this.pool.query( + "INSERT INTO orders (id, customer_id, total, status) VALUES ($1, $2, $3, $4)", + [order.id, order.customerId, order.total.amount, order.status] + ); + } + + async findById(id: string): Promise { + const result = await this.pool.query("SELECT * FROM orders WHERE id = $1", [id]); + return result.rows[0] ? Order.fromRow(result.rows[0]) : null; + } +} +``` + +### CQRS (Command Query Responsibility Segregation) + +```typescript +// Command side — validates and writes +class CreateProductHandler { + constructor( + private repo: ProductRepository, + private eventBus: EventBus + ) {} + + async handle(cmd: CreateProduct): Promise { + const product = Product.create(cmd.name, cmd.price, cmd.category); + await this.repo.save(product); + await this.eventBus.publish(new ProductCreated(product.id, product.name)); + } +} + +// Query side — optimized read model +class ProductQueryService { + constructor(private readDb: ReadDatabase) {} + + async search(filters: ProductFilters): Promise { + return this.readDb.query( + "SELECT id, name, price, category FROM product_read_model WHERE category = $1 ORDER BY name LIMIT $2", + [filters.category, filters.limit] + ); + } +} + +// Event handler keeps read model in sync +class ProductReadModelUpdater { + constructor(private readDb: ReadDatabase) {} + + async onProductCreated(event: ProductCreated): Promise { + await this.readDb.query( + "INSERT INTO product_read_model (id, name) VALUES ($1, $2)", + [event.productId, event.productName] + ); + } +} +``` + +### Event-Driven Architecture -This skill covers essential practices for architecture. +```typescript +// Domain event +interface DomainEvent { + type: string; + aggregateId: string; + timestamp: Date; + payload: Record; +} -**Key areas include:** +// Event producer +class OrderService { + constructor( + private repo: OrderRepository, + private eventBus: EventBus + ) {} -- Architecture patterns -- Implementation best practices -- Testing strategies -- Performance optimization + async cancelOrder(orderId: string, reason: string): Promise { + const order = await this.repo.findById(orderId); + order.cancel(reason); + await this.repo.save(order); + await this.eventBus.publish({ + type: "order.cancelled", + aggregateId: orderId, + timestamp: new Date(), + payload: { reason, customerId: order.customerId }, + }); + } +} -### Implementation Patterns +// Decoupled consumers react independently +class NotificationService { + @Subscribe("order.cancelled") + async onOrderCancelled(event: DomainEvent): Promise { + await this.emailService.send( + event.payload.customerId, + "order-cancelled", + { orderId: event.aggregateId, reason: event.payload.reason } + ); + } +} -Apply these patterns when working with architecture: +class InventoryService { + @Subscribe("order.cancelled") + async onOrderCancelled(event: DomainEvent): Promise { + await this.restoreStock(event.aggregateId); + } +} +``` -1. **Pattern Selection**: Choose appropriate patterns for your use case -2. **Error Handling**: Implement comprehensive error recovery -3. **Monitoring**: Add observability hooks for production +### Circuit Breaker Pattern -### Common Pitfalls +```typescript +class CircuitBreaker { + private failures = 0; + private lastFailure: Date | null = null; + private state: "closed" | "open" | "half-open" = "closed"; -Avoid these common mistakes: + constructor( + private threshold: number = 5, + private resetTimeout: number = 30000 + ) {} -- Skipping validation of inputs -- Ignoring edge cases -- Missing test coverage -- Poor documentation + async execute(operation: () => Promise): Promise { + if (this.state === "open") { + if (Date.now() - this.lastFailure!.getTime() > this.resetTimeout) { + this.state = "half-open"; + } else { + throw new Error("Circuit breaker is open"); + } + } + + try { + const result = await operation(); + this.onSuccess(); + return result; + } catch (error) { + this.onFailure(); + throw error; + } + } + + private onSuccess(): void { + this.failures = 0; + this.state = "closed"; + } + + private onFailure(): void { + this.failures++; + this.lastFailure = new Date(); + if (this.failures >= this.threshold) { + this.state = "open"; + } + } +} +``` + +### Integration Points + +- Links to [Coding Standards](../../coding-standards/SKILL.md) for implementation patterns +- Links to [Testing Standards](../../testing/SKILL.md) for architecture testing strategies +- Links to [Security Practices](../../security-practices/SKILL.md) for secure architecture --- ## Level 3: Mastery Resources +### Architecture Decision Records (ADRs) + +```markdown +# ADR-001: Use Event-Driven Architecture for Order Processing + +## Status: Accepted + +## Context +Order processing requires notifying multiple downstream services +(inventory, shipping, billing) without tight coupling. + +## Decision +Adopt event-driven architecture with an event bus for inter-service communication. + +## Consequences +- (+) Services can be deployed independently +- (+) New consumers can subscribe without modifying producers +- (-) Eventual consistency requires careful handling +- (-) Debugging distributed flows requires correlation IDs and distributed tracing +``` + +### Fitness Functions + +```typescript +// Architectural fitness function — enforce dependency direction +import { Project, SyntaxKind } from "ts-morph"; + +function validateNoCoreToInfraImports(projectPath: string): boolean { + const project = new Project({ tsConfigFilePath: `${projectPath}/tsconfig.json` }); + const coreFiles = project.getSourceFiles("src/core/**/*.ts"); + + for (const file of coreFiles) { + const imports = file.getImportDeclarations(); + for (const imp of imports) { + const moduleSpecifier = imp.getModuleSpecifierValue(); + if (moduleSpecifier.includes("/infrastructure/") || moduleSpecifier.includes("/adapters/")) { + console.error(`Violation: ${file.getFilePath()} imports from infrastructure`); + return false; + } + } + } + return true; +} +``` + ### Reference Materials - [Related Standards](../../docs/standards/) @@ -77,7 +290,3 @@ Avoid these common mistakes: ### Templates See the `templates/` directory for starter configurations. - -### External Resources - -Consult official documentation and community best practices for architecture. diff --git a/skills/coding-standards/SKILL.md b/skills/coding-standards/SKILL.md index 122a516..57dd958 100644 --- a/skills/coding-standards/SKILL.md +++ b/skills/coding-standards/SKILL.md @@ -1,6 +1,6 @@ --- name: coding-standards -description: Comprehensive coding standards and best practices for maintainable, consistent software development across multiple languages and paradigms +description: "Enforces naming conventions, code formatting, function structure, error handling patterns, and documentation standards for Python, TypeScript, JavaScript, Go, and Java. Use when the user asks about code style, naming conventions, linting setup, formatting rules, refactoring strategies, code review checklists, or language-specific best practices." --- # Coding Standards Skill @@ -460,107 +460,6 @@ if __name__ == "__main__": sys.exit(0 if passed else 1) ``` -## Examples - -### Basic Usage - -```python -// TODO: Add basic example for coding-standards -// This example demonstrates core functionality -``` - -### Advanced Usage - -```python -// TODO: Add advanced example for coding-standards -// This example shows production-ready patterns -``` - -### Integration Example - -```python -// TODO: Add integration example showing how coding-standards -// works with other systems and services -``` - -See `examples/coding-standards/` for complete working examples. - -## Integration Points - -This skill integrates with: - -### Upstream Dependencies - -- **Tools**: Common development tools and frameworks -- **Prerequisites**: Basic understanding of general concepts - -### Downstream Consumers - -- **Applications**: Production systems requiring coding-standards functionality -- **CI/CD Pipelines**: Automated testing and deployment workflows -- **Monitoring Systems**: Observability and logging platforms - -### Related Skills - -- See other skills in this category - -### Common Integration Patterns - -1. **Development Workflow**: How this skill fits into daily development -2. **Production Deployment**: Integration with production systems -3. **Monitoring & Alerting**: Observability integration points - -## Common Pitfalls - -### Pitfall 1: Insufficient Testing - -**Problem:** Not testing edge cases and error conditions leads to production bugs - -**Solution:** Implement comprehensive test coverage including: - -- Happy path scenarios -- Error handling and edge cases -- Integration points with external systems - -**Prevention:** Enforce minimum code coverage (80%+) in CI/CD pipeline - -### Pitfall 2: Hardcoded Configuration - -**Problem:** Hardcoding values makes applications inflexible and environment-dependent - -**Solution:** Use environment variables and configuration management: - -- Separate config from code -- Use environment-specific configuration files -- Never commit secrets to version control - -**Prevention:** Use tools like dotenv, config validators, and secret scanners - -### Pitfall 3: Ignoring Security Best Practices - -**Problem:** Security vulnerabilities from not following established security patterns - -**Solution:** Follow security guidelines: - -- Input validation and sanitization -- Proper authentication and authorization -- Encrypted data transmission (TLS/SSL) -- Regular security audits and updates - -**Prevention:** Use security linters, SAST tools, and regular dependency updates - -**Best Practices:** - -- Follow established patterns and conventions for coding-standards -- Keep dependencies up to date and scan for vulnerabilities -- Write comprehensive documentation and inline comments -- Use linting and formatting tools consistently -- Implement proper error handling and logging -- Regular code reviews and pair programming -- Monitor production metrics and set up alerts - ---- - ## Bundled Resources - [Full CODING_STANDARDS.md](../../docs/standards/CODING_STANDARDS.md) diff --git a/skills/devops/ci-cd/SKILL.md b/skills/devops/ci-cd/SKILL.md index 8f2a788..3e7f1c6 100644 --- a/skills/devops/ci-cd/SKILL.md +++ b/skills/devops/ci-cd/SKILL.md @@ -1,6 +1,6 @@ --- name: ci-cd -description: CI/CD pipeline standards for GitHub Actions, GitLab CI, and deployment automation. Covers testing gates, security scanning, artifact management, and deployment strategies for reliable software delivery. +description: "Configures GitHub Actions and GitLab CI pipelines with testing gates, SAST/DAST security scanning, container image builds, and multi-environment deployments. Implements blue-green, canary, and rolling update strategies with automated rollback. Use when the user asks about CI/CD pipelines, GitHub Actions workflows, .gitlab-ci.yml, deployment automation, pipeline YAML, build caching, artifact management, or continuous integration setup." --- # CI/CD DevOps Standards @@ -779,119 +779,8 @@ jobs: --- -## When to Use This Skill - -- ✅ Setting up CI/CD pipelines for new projects -- ✅ Automating build, test, and deployment workflows -- ✅ Implementing security scanning and compliance gates -- ✅ Configuring multi-environment deployments (dev/staging/prod) -- ✅ Establishing artifact management and versioning strategies -- ✅ Creating rollback procedures and disaster recovery plans -- ✅ Optimizing pipeline performance and reducing build times -- ✅ Implementing GitOps workflows with Kubernetes - -## Examples - -### Basic Usage - -```python -// TODO: Add basic example for ci-cd -// This example demonstrates core functionality -``` - -### Advanced Usage - -```python -// TODO: Add advanced example for ci-cd -// This example shows production-ready patterns -``` - -### Integration Example - -```python -// TODO: Add integration example showing how ci-cd -// works with other systems and services -``` - -See `examples/ci-cd/` for complete working examples. - -## Integration Points - -This skill integrates with: - -### Upstream Dependencies - -- **Tools**: GitHub Actions, GitLab CI, Jenkins, CircleCI -- **Prerequisites**: Basic understanding of devops concepts - -### Downstream Consumers - -- **Applications**: Production systems requiring ci-cd functionality -- **CI/CD Pipelines**: Automated testing and deployment workflows -- **Monitoring Systems**: Observability and logging platforms - ### Related Skills -- [Infrastructure As Code](../../infrastructure-as-code/SKILL.md) -- [Monitoring Observability](../../monitoring-observability/SKILL.md) - -### Common Integration Patterns - -1. **Development Workflow**: How this skill fits into daily development -2. **Production Deployment**: Integration with production systems -3. **Monitoring & Alerting**: Observability integration points - -## Common Pitfalls - -### Pitfall 1: Insufficient Testing - -**Problem:** Not testing edge cases and error conditions leads to production bugs - -**Solution:** Implement comprehensive test coverage including: - -- Happy path scenarios -- Error handling and edge cases -- Integration points with external systems - -**Prevention:** Enforce minimum code coverage (80%+) in CI/CD pipeline - -### Pitfall 2: Hardcoded Configuration - -**Problem:** Hardcoding values makes applications inflexible and environment-dependent - -**Solution:** Use environment variables and configuration management: - -- Separate config from code -- Use environment-specific configuration files -- Never commit secrets to version control - -**Prevention:** Use tools like dotenv, config validators, and secret scanners - -### Pitfall 3: Ignoring Security Best Practices - -**Problem:** Security vulnerabilities from not following established security patterns - -**Solution:** Follow security guidelines: - -- Input validation and sanitization -- Proper authentication and authorization -- Encrypted data transmission (TLS/SSL) -- Regular security audits and updates - -**Prevention:** Use security linters, SAST tools, and regular dependency updates - -**Best Practices:** - -- Follow established patterns and conventions for ci-cd -- Keep dependencies up to date and scan for vulnerabilities -- Write comprehensive documentation and inline comments -- Use linting and formatting tools consistently -- Implement proper error handling and logging -- Regular code reviews and pair programming -- Monitor production metrics and set up alerts - ---- - -**Last Updated:** 2025-01-17 -**Version:** 1.0.0 -**Quality Score:** 95/100 +- **[kubernetes](../../cloud-native/kubernetes/SKILL.md)** - Container orchestration for deployments +- **[Infrastructure As Code](../infrastructure-as-code/SKILL.md)** - Infrastructure provisioning +- **[Monitoring Observability](../monitoring-observability/SKILL.md)** - Production observability diff --git a/skills/security-practices/SKILL.md b/skills/security-practices/SKILL.md index a429d7f..5ff70eb 100644 --- a/skills/security-practices/SKILL.md +++ b/skills/security-practices/SKILL.md @@ -1,6 +1,6 @@ --- name: security-practices -description: Modern security standards including Zero Trust Architecture, supply chain security, DevSecOps integration, and cloud-native protection +description: "Implements Zero Trust architectures, audits supply chain dependencies via SBOM generation, integrates SAST/DAST scanning into CI/CD pipelines, and hardens container deployments. Use when the user asks about Zero Trust, supply chain security, SBOM, DevSecOps pipelines, container hardening, API security, secrets management, or cloud-native security patterns." --- # Security Practices Skill @@ -636,107 +636,6 @@ See `./scripts/` for: - SBOM generation scripts - Security audit reporters -## Examples - -### Basic Usage - -```python -// TODO: Add basic example for security-practices -// This example demonstrates core functionality -``` - -### Advanced Usage - -```python -// TODO: Add advanced example for security-practices -// This example shows production-ready patterns -``` - -### Integration Example - -```python -// TODO: Add integration example showing how security-practices -// works with other systems and services -``` - -See `examples/security-practices/` for complete working examples. - -## Integration Points - -This skill integrates with: - -### Upstream Dependencies - -- **Tools**: Common development tools and frameworks -- **Prerequisites**: Basic understanding of general concepts - -### Downstream Consumers - -- **Applications**: Production systems requiring security-practices functionality -- **CI/CD Pipelines**: Automated testing and deployment workflows -- **Monitoring Systems**: Observability and logging platforms - -### Related Skills - -- See other skills in this category - -### Common Integration Patterns - -1. **Development Workflow**: How this skill fits into daily development -2. **Production Deployment**: Integration with production systems -3. **Monitoring & Alerting**: Observability integration points - -## Common Pitfalls - -### Pitfall 1: Insufficient Testing - -**Problem:** Not testing edge cases and error conditions leads to production bugs - -**Solution:** Implement comprehensive test coverage including: - -- Happy path scenarios -- Error handling and edge cases -- Integration points with external systems - -**Prevention:** Enforce minimum code coverage (80%+) in CI/CD pipeline - -### Pitfall 2: Hardcoded Configuration - -**Problem:** Hardcoding values makes applications inflexible and environment-dependent - -**Solution:** Use environment variables and configuration management: - -- Separate config from code -- Use environment-specific configuration files -- Never commit secrets to version control - -**Prevention:** Use tools like dotenv, config validators, and secret scanners - -### Pitfall 3: Ignoring Security Best Practices - -**Problem:** Security vulnerabilities from not following established security patterns - -**Solution:** Follow security guidelines: - -- Input validation and sanitization -- Proper authentication and authorization -- Encrypted data transmission (TLS/SSL) -- Regular security audits and updates - -**Prevention:** Use security linters, SAST tools, and regular dependency updates - -**Best Practices:** - -- Follow established patterns and conventions for security-practices -- Keep dependencies up to date and scan for vulnerabilities -- Write comprehensive documentation and inline comments -- Use linting and formatting tools consistently -- Implement proper error handling and logging -- Regular code reviews and pair programming -- Monitor production metrics and set up alerts - ---- - ## Bundled Resources - [Full MODERN_SECURITY_STANDARDS.md](../../docs/standards/MODERN_SECURITY_STANDARDS.md) diff --git a/skills/testing/SKILL.md b/skills/testing/SKILL.md index 4335c68..5cbecc3 100644 --- a/skills/testing/SKILL.md +++ b/skills/testing/SKILL.md @@ -1,6 +1,6 @@ --- name: testing -description: Comprehensive testing standards including unit, integration, security, and property-based testing with TDD methodology +description: "Generates unit and integration tests, writes property-based test cases with fast-check, applies TDD red-green-refactor workflows, adds security test coverage for OWASP vulnerabilities, and configures mutation testing with Stryker. Use when the user asks to write tests, improve test coverage, set up TDD, add security tests, configure test frameworks (Jest, Vitest, pytest, Playwright), or implement contract testing." --- # Testing Standards Skill @@ -18,20 +18,6 @@ Implement effective testing strategies to ensure code quality, catch bugs early, - **Isolation**: Tests should be independent and repeatable - **Speed**: Keep unit tests fast (<100ms each) -### Testing Pyramid - -``` - /\ - / \ E2E Tests (Few) - /----\ - / Inte \ - / gration \ (Some) - / Tests \ -/------------\ -/ Unit Tests \ (Many) -/--------------\ -``` - ### Quick Start Example ```typescript @@ -625,107 +611,6 @@ See `./scripts/` for: - Performance benchmark tools - Test data generators -## Examples - -### Basic Usage - -```python -// TODO: Add basic example for testing -// This example demonstrates core functionality -``` - -### Advanced Usage - -```python -// TODO: Add advanced example for testing -// This example shows production-ready patterns -``` - -### Integration Example - -```python -// TODO: Add integration example showing how testing -// works with other systems and services -``` - -See `examples/testing/` for complete working examples. - -## Integration Points - -This skill integrates with: - -### Upstream Dependencies - -- **Tools**: Common development tools and frameworks -- **Prerequisites**: Basic understanding of general concepts - -### Downstream Consumers - -- **Applications**: Production systems requiring testing functionality -- **CI/CD Pipelines**: Automated testing and deployment workflows -- **Monitoring Systems**: Observability and logging platforms - -### Related Skills - -- See other skills in this category - -### Common Integration Patterns - -1. **Development Workflow**: How this skill fits into daily development -2. **Production Deployment**: Integration with production systems -3. **Monitoring & Alerting**: Observability integration points - -## Common Pitfalls - -### Pitfall 1: Insufficient Testing - -**Problem:** Not testing edge cases and error conditions leads to production bugs - -**Solution:** Implement comprehensive test coverage including: - -- Happy path scenarios -- Error handling and edge cases -- Integration points with external systems - -**Prevention:** Enforce minimum code coverage (80%+) in CI/CD pipeline - -### Pitfall 2: Hardcoded Configuration - -**Problem:** Hardcoding values makes applications inflexible and environment-dependent - -**Solution:** Use environment variables and configuration management: - -- Separate config from code -- Use environment-specific configuration files -- Never commit secrets to version control - -**Prevention:** Use tools like dotenv, config validators, and secret scanners - -### Pitfall 3: Ignoring Security Best Practices - -**Problem:** Security vulnerabilities from not following established security patterns - -**Solution:** Follow security guidelines: - -- Input validation and sanitization -- Proper authentication and authorization -- Encrypted data transmission (TLS/SSL) -- Regular security audits and updates - -**Prevention:** Use security linters, SAST tools, and regular dependency updates - -**Best Practices:** - -- Follow established patterns and conventions for testing -- Keep dependencies up to date and scan for vulnerabilities -- Write comprehensive documentation and inline comments -- Use linting and formatting tools consistently -- Implement proper error handling and logging -- Regular code reviews and pair programming -- Monitor production metrics and set up alerts - ---- - ## Bundled Resources - [Full TESTING_STANDARDS.md](../../docs/standards/TESTING_STANDARDS.md) From ecf421070e7d37bf9f66f8ad8bbfb35917d99b57 Mon Sep 17 00:00:00 2001 From: William Zujkowski Date: Fri, 17 Apr 2026 22:51:17 -0400 Subject: [PATCH 2/2] fix(skills): pre-commit + MkDocs fixes to pass CI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Maintainer polish to get PR #82 through CI checks: - skills/devops/ci-cd/SKILL.md: removed duplicate "Related Skills" heading (MD024 violation); consolidated both sections into one deduplicated list - reports/generated/structure-audit.json: reformat to 2-space indent (pretty-format-json pre-commit hook) - CODE_OF_CONDUCT.md: add blank line after "behavior" heading (markdownlint) No changes to the 5 SKILL.md rewrites — contributor's work preserved. Co-Authored-By: Claude Opus 4.6 (1M context) --- CODE_OF_CONDUCT.md | 1 + reports/generated/structure-audit.json | 8 ++++---- skills/devops/ci-cd/SKILL.md | 9 ++------- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md index ee7cebd..c67ae8d 100644 --- a/CODE_OF_CONDUCT.md +++ b/CODE_OF_CONDUCT.md @@ -8,6 +8,7 @@ community a harassment-free experience for everyone. ## Our Standards Examples of behavior that contributes to a positive environment: + - Using welcoming and inclusive language - Being respectful of differing viewpoints - Gracefully accepting constructive criticism diff --git a/reports/generated/structure-audit.json b/reports/generated/structure-audit.json index 9382abd..32f0eaf 100644 --- a/reports/generated/structure-audit.json +++ b/reports/generated/structure-audit.json @@ -1,6 +1,6 @@ { - "broken_links": 0, - "orphans": 0, - "hub_violations": 0, - "timestamp": "2026-01-01T03:29:23.909136" + "broken_links": 0, + "hub_violations": 0, + "orphans": 0, + "timestamp": "2026-01-01T03:29:23.909136" } diff --git a/skills/devops/ci-cd/SKILL.md b/skills/devops/ci-cd/SKILL.md index 3e7f1c6..fa14044 100644 --- a/skills/devops/ci-cd/SKILL.md +++ b/skills/devops/ci-cd/SKILL.md @@ -746,13 +746,6 @@ jobs: - run: ./deploy.sh ${{ inputs.environment }} ``` -### Related Skills - -- **[kubernetes](../../cloud-native/kubernetes/SKILL.md)** - Container orchestration for deployments -- **[docker-standards](../docker/SKILL.md)** - Container image best practices -- **[security-scanning](../../security/scanning/SKILL.md)** - Security vulnerability detection -- **[monitoring](../monitoring/SKILL.md)** - Production observability - ### Security Best Practices 1. **Secrets Management**: Use GitHub Secrets, AWS Secrets Manager, or HashiCorp Vault @@ -782,5 +775,7 @@ jobs: ### Related Skills - **[kubernetes](../../cloud-native/kubernetes/SKILL.md)** - Container orchestration for deployments +- **[docker-standards](../docker/SKILL.md)** - Container image best practices +- **[security-scanning](../../security/scanning/SKILL.md)** - Security vulnerability detection - **[Infrastructure As Code](../infrastructure-as-code/SKILL.md)** - Infrastructure provisioning - **[Monitoring Observability](../monitoring-observability/SKILL.md)** - Production observability