Browse the directory

Source-backed rules for reviewing remote MCP server authorization boundaries: protected resource metadata, OAuth resource indicators, token audience checks, least-privilege scopes, and cross-server token isolation.

Source-backed rules for AI coding assistants that must avoid exposing, copying, logging, committing, or normalizing secrets while editing code, configs, tests, prompts, documentation, and CI workflows.

Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence.

Source-backed rules for requiring coding agents to provide fresh, scoped, and reviewer-visible test evidence before a pull request can be approved or merged.

Source-backed rules for AI workflow directories that need to classify commercial, sponsored, affiliate, vendor-authored, and thin promotional submissions before they enter the ordinary editorial content queue.

Source-backed rules for preparing direct content-only pull requests with one raw MDX file, reachable provenance URLs, issue closure, duplicate history, validation evidence, and no generated artifact churn.

Source-backed rules for contributor pull requests that need clear commit messages, release-note-ready changelog entries, issue links, breaking-change markers, and privacy-safe history.

Source-backed rules for reviewing dependency update pull requests with supply-chain context, lockfile discipline, advisory checks, compatibility evidence, and privacy-safe metadata handling.

Source-backed rules for public AI workflow registries that need to keep directory entries, source links, version claims, examples, install guidance, compatibility notes, and last-reviewed metadata fresh enough to trust.

Source-backed rules for registry repositories that must keep contributor PRs focused on source files while generated indexes, feeds, downloads, search data, README output, and previews are rebuilt by trusted automation.

Source-backed rules for deciding when an AI-assisted code review must escalate high-risk changes to security, infrastructure, data, release, or domain owners before merge.

Source-backed rules for safely connecting MCP servers that expose local tools, resources, prompts, roots, transports, credentials, files, and logs to AI clients during active development sessions.

Source-backed rules for AI workflow directories that need consistent privacy metadata before accepting entries that touch prompts, files, local tools, hosted services, telemetry, generated artifacts, or personal data.

Source-backed rules for reviewing production database migrations before merge with lock-risk checks, expand-contract rollout, backfill controls, rollback limits, and privacy-safe migration evidence.

Source-backed rules for AI coding agents that propose, compose, review, or run shell commands during coding sessions where quoting, expansion, command injection, file writes, network calls, and destructive operations can cause harm.

Source-backed rules for reviewing TypeScript API client compatibility before merge, with exported type-surface diffs, inferred router inputs and outputs, runtime validator alignment, downstream compile checks, and privacy-safe evidence.

A CLAUDE.md rule that drives test-first development with Vitest: write a failing Vitest test, add the minimum code to pass, then refactor. It covers vitest.config setup, expect assertions, vi mocks and fake timers, coverage thresholds, and running specs in watch mode or once with vitest run.

A coding rule that turns Claude into a React 19 concurrent-rendering specialist. It applies the documented React hooks — useTransition, useDeferredValue, useOptimistic, and Suspense — to keep interfaces responsive during heavy updates, stream server-rendered UI, and hydrate it selectively.

A coding rule that makes Claude fluent in React Server Components — the React 19 component type that renders ahead of bundling, on a server or at build time. It guides async server components, the use client boundary, Suspense streaming, and Server Functions through the Next.js 15 App Router.

Defensive verification rule organized by the OWASP Top 10:2025 — for each category, what control to verify in code and config and how to confirm it holds, within authorized scope

Transform Claude into a .NET and C# specialist with deep knowledge of ASP.NET Core, Entity Framework Core, minimal APIs, async/await patterns, and testing with xUnit and Testcontainers.

Transform Claude into a NestJS specialist with deep knowledge of the module system, dependency injection, decorators, providers, guards, interceptors, and microservice patterns.

iOS and Apple-platform architecture reviewer covering SwiftUI state, Swift concurrency isolation, app lifecycle, and App Store review and privacy requirements — grounded in Apple's developer documentation

Next.js App Router production-architecture specialist focused on the server/client boundary, the explicit caching model, route handlers, and Node-vs-Edge runtime tradeoffs — decisions, not component tips

Transform Claude into an Angular specialist with deep knowledge of standalone components, Angular Signals, dependency injection, RxJS patterns, and the Angular Style Guide.

Transform Claude into a Java and Spring Boot specialist with deep knowledge of layered architecture, Spring Data JPA, Spring Security, configuration best practices, and testing with TestBed and Testcontainers.

Transform Claude into a Vue 3 specialist with deep knowledge of the Composition API, script setup syntax, Pinia state management, and Vue Router best practices.

API-first development expert with OpenAPI/Swagger schema design, tRPC type-safe procedures, REST best practices, GraphQL federation, and contract-driven development for scalable backend architectures.

A CLAUDE.md rule for managing JavaScript and TypeScript monorepos. It applies Turborepo task pipelines, local and remote caching, and workspace dependency protocols — across pnpm and Nx setups — to keep cross-package builds fast and dependencies coordinated as the repository scales.

Biome linting rules configuration for code quality validation. Strict enforcement, custom overrides, VCS integration, and automated fixes for TypeScript.