Validates Drupal PHP, CSS, and JS against coding standards, SOLID/DRY principles, security practices before commits. Enforces Gate 1 quality gates using checklists and git diff.
From drupal-dev-frameworknpx claudepluginhub camoa/claude-skills --plugin drupal-dev-frameworkThis skill uses the workspace's default tool permissions.
Searches, retrieves, and installs Agent Skills from prompts.chat registry using MCP tools like search_skills and get_skill. Activates for finding skills, browsing catalogs, or extending Claude.
Searches prompts.chat for AI prompt templates by keyword or category, retrieves by ID with variable handling, and improves prompts via AI. Use for discovering or enhancing prompts.
Enables AI agents to execute x402 payments with per-task budgets, spending controls, and non-custodial wallets via MCP tools. Use when agents pay for APIs, services, or other agents.
Validate code against Drupal standards and best practices.
Load these before checking code:
| Reference | Checks |
|---|---|
references/solid-drupal.md | SOLID principles |
references/dry-patterns.md | DRY patterns |
dev-guides: drupal/security/ | Security practices (online) |
dev-guides: drupal/sdc/ + drupal/js-development/ | CSS/JS/SDC standards (online) |
references/quality-gates.md | Gate 1 requirements |
For security and frontend checks, WebFetch from
https://camoa.github.io/dev-guides/instead of reading bundled files.
Activate when you detect:
/drupal-dev-framework:validate commandtask-completer skillThis skill enforces Gate 1: Code Standards from references/quality-gates.md.
Code CANNOT be committed until Gate 1 passes.
Ask if not clear:
Which files should I check?
1. All changed files (git diff)
2. Specific file(s)
3. All files in a component
Your choice:
Use Bash with git diff --name-only to get changed files if option 1.
Use Read on each file. For each, check:
PHP Files:
SOLID Principles (references/solid-drupal.md):
\Drupal::service() in new code (BLOCKING)DRY Check (references/dry-patterns.md):
Security (dev-guides drupal/security/):
CSS/SCSS (dev-guides drupal/sdc/ + drupal/js-development/):
!important (BLOCKING)@extend (BLOCKING)Suggest running (user executes):
# PHP CodeSniffer
ddev exec vendor/bin/phpcs --standard=Drupal,DrupalPractice {path}
# PHPStan (if configured)
ddev exec vendor/bin/phpstan analyze {path}
# SCSS Lint (if applicable)
npm run lint:scss
Format output as:
## Code Check: {file or component}
### Status: PASS / ISSUES FOUND
### Standards Check
| Check | Status | Notes |
|-------|--------|-------|
| PSR-12 | PASS | - |
| Docblocks | ISSUE | Missing on processData() |
| Type hints | PASS | - |
### SOLID Principles
| Principle | Status |
|-----------|--------|
| Single Responsibility | PASS |
| Dependency Inversion | PASS |
### Security
| Check | Status | Notes |
|-------|--------|-------|
| SQL Injection | PASS | Uses query builder |
| XSS | PASS | Output escaped |
| Access Control | ISSUE | Missing on /admin/custom route |
### DRY Check
| Issue | Location |
|-------|----------|
| Duplicate logic | lines 45-52 and 78-85 |
### Issues to Fix (Priority Order)
1. **Security**: Add access check to admin route
2. **Standards**: Add docblock to processData()
3. **DRY**: Extract duplicate logic to private method
### Recommendation
- [ ] Fix security issue before merge
- [ ] Other issues: fix now or create follow-up task
Approved for commit: NO (fix security first) / YES
For each issue, offer to help:
Issue: Missing docblock on processData()
Suggested fix:
/**
* Process the input data and return results.
*
* @param array $data
* The input data array.
*
* @return array
* The processed results.
*/
Apply this fix? (yes/no/skip)
STOP and wait for user: