Skip to main content

Browse the directory

Showing 30 of 90 resources in rules
Saved
Active

Reviewed filter active — add entries to compare trust side by side.

Trust snapshot

Trust signals across 40 of 90 results

Claimed
0%(0/40)

1 trust signal differs in this sample: Submitter

Signals differ on Submitter — add entries to compare before you install.

Rollout signal scan

1 rollout risk signal in current results

Biggest gaps: package integrity. 0 entries have 2+ required gaps.

12 scanned

Install payload

Install payload is broadly covered in current results.

good

100% (12/12)

Adoption queue

Browse adoption queue · balanced

0/90 visible results are ready for staged adoption under this preset.

ready 0caution 8hold 0

AI Assistant Secret Handling Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-assistant-secret-handling-rules · trust review · confidence 83%

AI Prompt Engineering Expert for Claude

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-prompt-engineering-expert · trust review · confidence 83%

AI-Generated CSRF Protection Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-csrf-protection-review-rules · trust review · confidence 83%

AI-Generated Frontend Accessibility Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-frontend-accessibility-review-rules · trust review · confidence 83%

AI-Generated Mass Assignment Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-mass-assignment-review-rules · trust review · confidence 83%

AI-Generated Open Redirect Review Rules

No required blockers for this preset.

caution

64/100

Collect package checksum or signed artifact information.

rules/ai-generated-open-redirect-review-rules · trust review · confidence 83%

Decision confidence

Decision confidence scan · balanced

0/90 results are high-confidence for the selected preset.

high 0medium 8low 0

AI Assistant Secret Handling Rules

Address Package integrity before broader rollout.

medium

68/100

Missing: Package integrity

rules/ai-assistant-secret-handling-rules · trust review

Freshness distribution

Current results are broadly fresh

Median age 4 days; all 12 scanned entries are within 90 days.

median 4d

Aging

91–180 days

0%

0 entries

Stale

> 180 days

0%

0 entries

Theme distribution

Results center on code-review

75% of this view shares the top theme. Leading themes: code-review, ai-generated-code, web-security.

Focused

92 distinct themes across 24 scanned

Rules. Editor rules and CLAUDE.md / AGENTS.md presets

Source-backed rules for reviewing AI-generated endpoints and data-access code before merge for insecure direct object reference risk, covering per-request object-level authorization checks, scoped database lookups, identifier exposure, and consistent enforcement across read, write, and admin operations.

Source-backed rules for reviewing AI-generated code that deserializes data before merge for insecure deserialization risk, covering native serialization formats (pickle, PyYAML, Java Serializable) that can execute arbitrary code on untrusted input, safe data-interchange alternatives, and class allowlisting/integrity checks when native formats can't be avoided.

Source-backed rules for reviewing AI-generated code that binds request parameters to model/entity objects before merge for mass assignment risk, covering allowlist field binding, DTOs that exclude sensitive fields, and the framework-specific autobinding features that make this easy to introduce by default.

Source-backed rules for reviewing AI-generated redirect and forward logic before merge for open redirect risk, covering allowlist-based destination validation, relative-path/indexed-mapping alternatives to raw URLs, and the privilege-escalation and phishing impact of an unvalidated redirect target.

Source-backed rules for reviewing AI-generated code that builds or runs operating-system commands, shell invocations, or subprocesses before merge for command injection and argument injection risk, covering library alternatives to shelling out, array-form process APIs, allowlist input validation, and least-privilege execution.

Source-backed rules for reviewing AI-generated JavaScript/TypeScript code before merge for prototype pollution risk, covering unsafe recursive merge/clone/assign helpers on untrusted input, proto and constructor-prototype key handling, and safer alternatives like Map, Set, and Object.create(null).

Source-backed rules for reviewing AI-generated code that renders untrusted data into HTML, JavaScript, URLs, or CSS before merge for cross-site scripting risk, covering context-correct output encoding, dangerous DOM sinks, HTML sanitization, and Content-Security-Policy as defense in depth.

Source-backed rules for reviewing AI-generated request handlers and forms before merge for cross-site request forgery risk, covering state-changing method discipline, anti-CSRF token correctness, SameSite cookie posture, origin and referer checks, and safe handling of cookie-based sessions.

Source-backed rules for reviewing AI-generated file-handling code for path traversal before merge, covering canonical path validation, safe root confinement, upload filename sanitization, archive extraction limits, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated regular expressions before merge, covering catastrophic backtracking and ReDoS risk, input bounds, anchor and escaping correctness, validation versus parsing, safe engines, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated database access code for SQL injection before merge, covering parameterized queries, identifier handling, ORM safety, dynamic query construction, least-privilege access, and privacy-safe test evidence.

Source-backed rules for reviewing AI-generated code that makes server-side URL or network requests for server-side request forgery before merge, covering URL allow-lists, block-lists for internal networks, redirect handling, response isolation, and privacy-safe test evidence.

Source-backed rules for reviewing event-sourcing implementation changes, covering immutable event design, event schema evolution without breaking projections, idempotent event handlers, snapshot and replay correctness, and consistent event-store access patterns.

Source-backed rules for reviewing feature flag changes across their full lifecycle, covering flag creation, naming, default values, kill switches, targeting, rollout safety, cleanup of stale flags, and privacy-safe configuration evidence.

Source-backed rules for reviewing application logging changes, covering structured machine-readable events, consistent levels, correlation and trace context, actionable messages, log volume and cost, and keeping secrets and personal data out of logs.

Source-backed rules for reviewing test code for test-double misuse, covering over-mocking that decouples tests from real behavior, under-mocking that creates slow or flaky tests, mock-return-value drift, missing contract tests for faked dependencies, and keeping test data free of personal information.

Source-backed rules for reviewing code that calls third-party or remote APIs, covering timeouts, bounded retries with backoff and jitter, idempotency, circuit breaking, rate-limit handling, graceful degradation, and privacy-safe failure logging.

Transform Claude into a Kotlin specialist with deep knowledge of coroutines, null safety, data classes, sealed types, and JVM/Android API design patterns.

Transform Claude into a Laravel specialist with deep knowledge of routing, Eloquent ORM, form requests, policies, queues, and production deployment patterns.

Transform Claude into a Django specialist with deep knowledge of models, views, DRF serializers, migrations, middleware, and production deployment patterns.

Source-backed rules for reviewing remote MCP server authorization boundaries: protected resource metadata, OAuth resource indicators, token audience checks, least-privilege scopes, and cross-server token isolation.

Source-backed rules for AI coding assistants that must avoid exposing, copying, logging, committing, or normalizing secrets while editing code, configs, tests, prompts, documentation, and CI workflows.

Source-backed rules for reviewing AI-generated frontend UI changes for accessibility before merge, with semantic HTML, keyboard paths, focus management, labels, automated scan limits, manual checks, and privacy-safe evidence.

Source-backed rules for requiring coding agents to provide fresh, scoped, and reviewer-visible test evidence before a pull request can be approved or merged.

Source-backed rules for AI workflow directories that need to classify commercial, sponsored, affiliate, vendor-authored, and thin promotional submissions before they enter the ordinary editorial content queue.

Source-backed rules for preparing direct content-only pull requests with one raw MDX file, reachable provenance URLs, issue closure, duplicate history, validation evidence, and no generated artifact churn.

Source-backed rules for contributor pull requests that need clear commit messages, release-note-ready changelog entries, issue links, breaking-change markers, and privacy-safe history.

Source-backed rules for reviewing dependency update pull requests with supply-chain context, lockfile discipline, advisory checks, compatibility evidence, and privacy-safe metadata handling.

Source-backed rules for public AI workflow registries that need to keep directory entries, source links, version claims, examples, install guidance, compatibility notes, and last-reviewed metadata fresh enough to trust.

Source-backed rules for registry repositories that must keep contributor PRs focused on source files while generated indexes, feeds, downloads, search data, README output, and previews are rebuilt by trusted automation.