agentskills.codes
DE

development-rules

Hard-learned development rules by domain — Python, FastAPI, React, Testing. Prevents the specific mistakes that caused 70+ audit findings across v0.21.0-v0.21.3.

Install

mkdir -p .claude/skills/development-rules && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/15969" && unzip -o skill.zip -d .claude/skills/development-rules && rm skill.zip

Installs to .claude/skills/development-rules

Activation

This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.

Hard-learned development rules by domain — Python, FastAPI, React, Testing. Prevents the specific mistakes that caused 70+ audit findings across v0.21.0-v0.21.3.
161 charsno explicit “when” trigger

About this skill

Development Rules Skill

These rules were learned the hard way across v0.21.0-v0.21.3, where 70+ issues were discovered post-release. Each rule maps to a specific incident.

When to Use

  • Every agent should read their domain section before writing code
  • Reviewer must verify these rules during code review
  • New agents must read this as part of onboarding

Universal Rules (ALL Agents)

#RuleIncidentSeverity
U-1Never swallow exceptions silently — log or re-raise with contextv0.21.2: clauses.json missing → silent {}CRITICAL
U-2Never use except Exception: without specific handlingv0.21.2: traceability.py hid failuresCRITICAL
U-3All public functions must be in __all__ AND importablev0.21.2: README claimed non-existent APIHIGH
U-4Data files must be declared in pyproject.toml package-datav0.21.2: clauses.json not in wheelHIGH
U-5README code examples must be tested in CIv0.21.2: examples didn't workHIGH
U-6Version numbers must be consistent across all filesv0.21.x: version drift across docsMEDIUM
U-7Import-time side effects are forbidden (no warnings, no I/O)v0.21.3 EA-2: import warningsHIGH

Python Core Rules (Python/structural_lib/)

#RuleIncidentAgent
PY-1All parameters use explicit units: b_mm, d_mm, fck_nmm2, Mu_knmHistorical confusion@backend, @structural-math
PY-2Division by zero must be guarded: x / y if y != 0 else 0Edge case failures@structural-math
PY-3IS 456 clause reference required in docstring for every formulaAudit finding@structural-math
PY-4Every new function needs: unit test + edge test + SP:16 benchmarkv0.21.0: insufficient testing@tester
PY-5Return types must be dataclasses, not dicts (with .to_dict() method)v0.21.3 EA-4: inconsistent returns@backend
PY-6Lazy imports for non-core modules (use __getattr__ pattern)v0.21.3 EA-10: 382ms startup@backend
PY-7Never modify core/ from codes/ or services/Architecture rule@backend
PY-8Deprecation warnings gated behind actual function call, not module loadv0.21.3 EA-2@backend

FastAPI Rules (fastapi_app/)

#RuleIncidentAgent
FA-1NEVER use str(e) in error responses — use generic messages, log originalv0.21.3 EA-18: 32 CWE-209 instances@api-developer
FA-2All endpoints must have rate limiting (global middleware)v0.21.3 EA-17: only 2/59 had limits@api-developer
FA-3WebSocket inputs validated via Pydantic modelsv0.21.3 EA-19: raw dict access@api-developer
FA-4CORS origins from config/env, never hardcodedv0.21.3 EA-20@api-developer
FA-5Auth warning when disabled in productionv0.21.3 EA-16@ops
FA-6Routers import from structural_lib — never reimplement mathArchitecture rule@api-developer
FA-7Error responses must not expose internal paths or stack tracesOWASP CWE-209@api-developer, @security

React Rules (react_app/)

#RuleIncidentAgent
RE-1Forms must have cross-field validation (not just HTML5)v0.21.3 EA-15: depth > cover unchecked@frontend
RE-2All computations go through FastAPI — no local JS mathArchitecture rule@frontend
RE-3Check react_app/src/hooks/ before creating a new hookHistorical duplication@frontend
RE-4Check react_app/src/components/ before creating a componentHistorical duplication@frontend
RE-5Tailwind only — no custom CSS filesProject convention@frontend
RE-6Workflow guidance (WorkflowHint) on key pagesv0.21.3 EA-11: users lost@frontend

Testing Rules (Python/tests/)

#RuleIncidentAgent
TE-1NEVER use MagicMock for structural Result types (FlexureResult, ShearResult, etc.)v0.21.0: ShearResult field bug masked by mock@tester
TE-2Use repo_only marker for tests needing full repo (not just package)v0.21.3 EA-8: sdist tests broke@tester
TE-3E2E pipeline test required for each structural elementv0.21.3 EA-7: no chain testing@tester
TE-4API stability test: all __all__ members must be importablev0.21.3 EA-9: phantom exports@tester
TE-5Import silence test: import structural_lib emits zero warningsv0.21.3 EA-6@tester
TE-6SP:16 benchmark values must match within ±0.1%IS 456 compliance requirement@tester
TE-7Packaging test: wheel must not contain tests/, scripts/, examples/v0.21.2: leaked files@tester

Documentation Rules

#RuleIncidentAgent
DO-1WORKLOG.md: one line per code change, every time, no exceptionsHistorical gaps@doc-master
DO-2next-session-brief.md: MUST be updated at session end10+ hours rework from missing brief@doc-master
DO-3TASKS.md: mark done items, add discovered itemsTasks repeated when not tracked@doc-master
DO-4README code examples must match actual API exactlyv0.21.2: phantom function claims@doc-master
DO-5CHANGELOG: append-only, immutable past entriesData integrity@doc-master
DO-6New docs need metadata header (Type, Audience, Status, etc.)Governance requirement@doc-master

Security Rules

#RuleIncidentAgent
SE-1No internal error details in HTTP responsesv0.21.3: CWE-209@security, @api-developer
SE-2Rate limiting on all public endpointsv0.21.3: DoS risk@api-developer
SE-3Input validation at system boundaries (Pydantic)v0.21.3: WebSocket raw@api-developer
SE-4Dependencies audited before releasepip-audit recommended@security
SE-5Auth must warn in production when disabledv0.21.3 EA-16@ops

How to Enforce

  1. Code review: Reviewer checks rules for changed domains
  2. Quality gate: Level 1-3 automated checks (see /quality-gate skill)
  3. Pre-release: Full checklist (see /release-preflight skill)
  4. Agent evolution: Violations tracked by agent-evolver scoring

Search skills

Search the agent skills registry