Skip to main content

Browse the directory

Showing 30 of 90 resources in rules
Saved
Active

Select entries to compare install and trust signals side by side.

Trust snapshot

Trust signals across 40 of 90 results

Claimed
0%(0/40)

1 trust signal differs in this sample: Submitter

Signals differ on Submitter — add entries to compare before you install.

Rollout signal scan

1 rollout risk signal in current results

Biggest gaps: package integrity. 0 entries have 2+ required gaps.

12 scanned

Install payload

Install payload is broadly covered in current results.

good

100% (12/12)

Adoption queue

Browse adoption queue · balanced

0/90 visible results are ready for staged adoption under this preset.

ready 0caution 8hold 0

AI Assistant Secret Handling Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-assistant-secret-handling-rules · trust review · confidence 83%

AI Prompt Engineering Expert for Claude

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-prompt-engineering-expert · trust review · confidence 83%

AI-Generated CSRF Protection Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-csrf-protection-review-rules · trust review · confidence 83%

AI-Generated Frontend Accessibility Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-frontend-accessibility-review-rules · trust review · confidence 83%

AI-Generated Mass Assignment Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-mass-assignment-review-rules · trust review · confidence 83%

AI-Generated Open Redirect Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-open-redirect-review-rules · trust review · confidence 83%

Decision confidence

Decision confidence scan · balanced

0/90 results are high-confidence for the selected preset.

high 0medium 8low 0

AI Assistant Secret Handling Rules

Address Package integrity before broader rollout.

medium

68/100

Missing: Package integrity

rules/ai-assistant-secret-handling-rules · trust review

Freshness distribution

Current results are broadly fresh

Median age 4 days; all 12 scanned entries are within 90 days.

median 4d

Aging

91–180 days

0%

0 entries

Stale

> 180 days

0%

0 entries

Theme distribution

Results center on code-review

75% of this view shares the top theme. Leading themes: code-review, ai-generated-code, web-security.

Focused

92 distinct themes across 24 scanned

Rules. Editor rules and CLAUDE.md / AGENTS.md presets

Source-backed rules for reviewing AI-generated endpoints and data-access code before merge for insecure direct object reference risk, covering per-request object-level authorization checks, scoped database lookups, identifier exposure, and consistent enforcement across read, write, and admin operations.

Source-backed rules for reviewing AI-generated code that deserializes data before merge for insecure deserialization risk, covering native serialization formats (pickle, PyYAML, Java Serializable) that can execute arbitrary code on untrusted input, safe data-interchange alternatives, and class allowlisting/integrity checks when native formats can't be avoided.

Source-backed rules for reviewing AI-generated code that binds request parameters to model/entity objects before merge for mass assignment risk, covering allowlist field binding, DTOs that exclude sensitive fields, and the framework-specific autobinding features that make this easy to introduce by default.

Source-backed rules for reviewing AI-generated redirect and forward logic before merge for open redirect risk, covering allowlist-based destination validation, relative-path/indexed-mapping alternatives to raw URLs, and the privilege-escalation and phishing impact of an unvalidated redirect target.

Source-backed rules for reviewing AI-generated code that builds or runs operating-system commands, shell invocations, or subprocesses before merge for command injection and argument injection risk, covering library alternatives to shelling out, array-form process APIs, allowlist input validation, and least-privilege execution.

Source-backed rules for reviewing AI-generated JavaScript/TypeScript code before merge for prototype pollution risk, covering unsafe recursive merge/clone/assign helpers on untrusted input, proto and constructor-prototype key handling, and safer alternatives like Map, Set, and Object.create(null).

Source-backed rules for reviewing AI-generated code that renders untrusted data into HTML, JavaScript, URLs, or CSS before merge for cross-site scripting risk, covering context-correct output encoding, dangerous DOM sinks, HTML sanitization, and Content-Security-Policy as defense in depth.

Source-backed rules for reviewing AI-generated request handlers and forms before merge for cross-site request forgery risk, covering state-changing method discipline, anti-CSRF token correctness, SameSite cookie posture, origin and referer checks, and safe handling of cookie-based sessions.

Source-backed rules for reviewing AI-generated file-handling code for path traversal before merge, covering canonical path validation, safe root confinement, upload filename sanitization, archive extraction limits, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated regular expressions before merge, covering catastrophic backtracking and ReDoS risk, input bounds, anchor and escaping correctness, validation versus parsing, safe engines, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated database access code for SQL injection before merge, covering parameterized queries, identifier handling, ORM safety, dynamic query construction, least-privilege access, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated code that makes server-side URL or network requests for server-side request forgery before merge, covering URL allow-lists, block-lists for internal networks, redirect handling, response isolation, and privacy-safe test evidence.

Source-backed rules for reviewing event-sourcing implementation changes, covering immutable event design, event schema evolution without breaking projections, idempotent event handlers, snapshot and replay correctness, and consistent event-store access patterns.

Source-backed rules for reviewing feature flag changes across their full lifecycle, covering flag creation, naming, default values, kill switches, targeting, rollout safety, cleanup of stale flags, and privacy-safe configuration evidence.

Source-backed rules for reviewing application logging changes, covering structured machine-readable events, consistent levels, correlation and trace context, actionable messages, log volume and cost, and keeping secrets and personal data out of logs.

Source-backed rules for reviewing test code for test-double misuse, covering over-mocking that decouples tests from real behavior, under-mocking that creates slow or flaky tests, mock-return-value drift, missing contract tests for faked dependencies, and keeping test data free of personal information.

Source-backed rules for reviewing code that calls third-party or remote APIs, covering timeouts, bounded retries with backoff and jitter, idempotency, circuit breaking, rate-limit handling, graceful degradation, and privacy-safe failure logging.

Transform Claude into a Kotlin specialist with deep knowledge of coroutines, null safety, data classes, sealed types, and JVM/Android API design patterns.

Transform Claude into a Laravel specialist with deep knowledge of routing, Eloquent ORM, form requests, policies, queues, and production deployment patterns.

Transform Claude into a Django specialist with deep knowledge of models, views, DRF serializers, migrations, middleware, and production deployment patterns.

Source-backed rules for reviewing remote MCP server authorization boundaries: protected resource metadata, OAuth resource indicators, token audience checks, least-privilege scopes, and cross-server token isolation.

Source-backed rules for AI coding assistants that must avoid exposing, copying, logging, committing, or normalizing secrets while editing code, configs, tests, prompts, documentation, and CI workflows.

Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence.

Source-backed rules for requiring coding agents to provide fresh, scoped, and reviewer-visible test evidence before a pull request can be approved or merged.

Source-backed rules for AI workflow directories that need to classify commercial, sponsored, affiliate, vendor-authored, and thin promotional submissions before they enter the ordinary editorial content queue.

Source-backed rules for preparing direct content-only pull requests with one raw MDX file, reachable provenance URLs, issue closure, duplicate history, validation evidence, and no generated artifact churn.

Source-backed rules for contributor pull requests that need clear commit messages, release-note-ready changelog entries, issue links, breaking-change markers, and privacy-safe history.

Source-backed rules for reviewing dependency update pull requests with supply-chain context, lockfile discipline, advisory checks, compatibility evidence, and privacy-safe metadata handling.

Source-backed rules for public AI workflow registries that need to keep directory entries, source links, version claims, examples, install guidance, compatibility notes, and last-reviewed metadata fresh enough to trust.

Source-backed rules for registry repositories that must keep contributor PRs focused on source files while generated indexes, feeds, downloads, search data, README output, and previews are rebuilt by trusted automation.