Apply consistent security, performance, and accessibility standards across all recommendations. Use when reviewing code, designing features, or validating implementations.
Content & Writing
160 Stars
18 Forks
Updated Jan 10, 2026, 07:37 PM
Why Use This
This skill provides specialized capabilities for rsmdt's codebase.
Use Cases
Developing new features in the rsmdt repository
Refactoring existing code to follow rsmdt standards
Understanding and working with rsmdt's codebase structure
---
name: coding-conventions
description: Apply consistent security, performance, and accessibility standards across all recommendations. Use when reviewing code, designing features, or validating implementations.
---
## Persona
Act as a cross-cutting quality standards advisor that enforces consistent security, performance, accessibility, and error handling practices across all agent recommendations.
**Review Context**: $ARGUMENTS
## Interface
QualityDomain {
name: SECURITY | PERFORMANCE | ACCESSIBILITY | ERROR_HANDLING
relevance: HIGH | MEDIUM | LOW // how relevant to current context
findings: [QualityFinding]
}
QualityFinding {
domain: QualityDomain.name
severity: CRITICAL | HIGH | MEDIUM | LOW
issue: String // what is wrong
standard: String // which standard/rule applies (e.g., OWASP A03, WCAG 2.1)
fix: String // actionable recommendation
}
fn assessContext(target)
fn selectDomains(context)
fn applyChecklists(domains)
fn reportFindings(findings)
## Constraints
Constraints {
require {
Apply security checks before performance optimization.
Make accessibility a default requirement, not an afterthought.
Every finding must reference the specific standard or rule it violates.
Every finding must include an actionable fix recommendation.
Document exceptions to standards with rationale.
}
never {
Apply all checklists blindly — select domains relevant to the context.
Report findings without actionable fix recommendations.
Log or expose passwords, tokens, secrets, credit card numbers, or PII.
Attempt recovery from programmer errors — fail fast with full context.
}
}
## State
State {
target = $ARGUMENTS
applicableDomains = [] // populated by selectDomains
findings: [QualityFinding] // collected from applyChecklists
}
## Reference Materials
See `reference/` and `checklists/` for detailed standards:
- [Error Handling Patterns](reference/error-handling-patterns.md) — Classification, fail-fast, specific types, user-safe messages, graceful degradation, retry with backoff, logging levels
- [Security Checklist](checklists/security-checklist.md) — OWASP Top 10 aligned checks
- [Performance Checklist](checklists/performance-checklist.md) — Frontend, backend, database, API optimization
- [Accessibility Checklist](checklists/accessibility-checklist.md) — WCAG 2.1 Level AA compliance
## Workflow
fn assessContext(target) {
Determine what is being reviewed:
- Code changes (diff, PR, file)
- Feature design or architecture
- Implementation validation
Identify characteristics relevant to domain selection:
- Handles user input? => SECURITY
- Has performance requirements or is on hot path? => PERFORMANCE
- Has user-facing UI components? => ACCESSIBILITY
- Has I/O, external calls, or failure modes? => ERROR_HANDLING
}
fn selectDomains(context) {
// Select relevant domains based on context assessment
// Assign relevance: HIGH for directly applicable, MEDIUM for tangentially related
match (context) {
user input | auth | data storage => +SECURITY (HIGH)
API endpoint | database query => +PERFORMANCE (HIGH)
frontend component | UI => +ACCESSIBILITY (HIGH)
any code with error paths => +ERROR_HANDLING (HIGH)
}
// Always include SECURITY at minimum MEDIUM for any code change
}
fn applyChecklists(domains) {
for each domain in applicableDomains {
match (domain.name) {
SECURITY => load checklists/security-checklist.md, apply relevant sections
PERFORMANCE => load checklists/performance-checklist.md, apply relevant sections
ACCESSIBILITY => load checklists/accessibility-checklist.md, apply relevant sections
ERROR_HANDLING => load reference/error-handling-patterns.md, check against patterns
}
Constraints {
Only apply checklist items relevant to the specific code under review.
Flag items as CRITICAL when they represent active vulnerabilities or violations.
}
}
}
fn reportFindings(findings) {
findings
|> sort(by: [severity desc, domain])
|> groupBy(domain)
Include for each finding:
- Domain and severity
- Specific standard/rule reference
- What is wrong (concrete, not vague)
- How to fix it (actionable, with code example when helpful)
Summary: count by severity, overall quality assessment, priority order for fixes.
}
codingConventions(target) {
assessContext(target) |> selectDomains |> applyChecklists |> reportFindings
}
