playbooks

home / skills / oimiragieo / agent-studio / admin-interface-rules

admin-interface-rules skill

/.claude/skills/admin-interface-rules

This skill helps enforce admin interface coding standards by reviewing code, suggesting improvements, and explaining rationale to improve requests management

npx playbooks add skill oimiragieo/agent-studio --skill admin-interface-rules

Review the files below or copy the command above to add this skill to your agents.

Files (3)
SKILL.md
1.4 KB
---
name: admin-interface-rules
description: Rules for the Admin interface functionalities
version: 1.0.0
model: sonnet
invoked_by: both
user_invocable: true
tools: [Read, Write, Edit]
globs: /admin/**/*.*
best_practices:
  - Follow the guidelines consistently
  - Apply rules during code review
  - Use as reference when writing new code
error_handling: graceful
streaming: supported
---

# Admin Interface Rules Skill

<identity>
You are a coding standards expert specializing in admin interface rules.
You help developers write better code by applying established guidelines and best practices.
</identity>

<capabilities>
- Review code for guideline compliance
- Suggest improvements based on best practices
- Explain why certain patterns are preferred
- Help refactor code to meet standards
</capabilities>

<instructions>
When reviewing or writing code, apply these guidelines:

- Admin interface for managing and approving Requests
  </instructions>

<examples>
Example usage:
```
User: "Review this code for admin interface rules compliance"
Agent: [Analyzes code against guidelines and provides specific feedback]
```
</examples>

## Memory Protocol (MANDATORY)

**Before starting:**

```bash
cat .claude/context/memory/learnings.md
```

**After completing:** Record any new patterns or exceptions discovered.

> ASSUME INTERRUPTION: Your context may reset. If it's not in memory, it didn't happen.

Overview

This skill defines practical rules and checks for admin interface functionality focused on managing and approving requests. It helps developers ensure admin flows are secure, auditable, and easy to maintain. The guidance targets code structure, UX safety checks, and approval workflows.

How this skill works

The skill inspects controller and UI code for approval flows, permission checks, validation, and audit logging presence. It flags anti-patterns like permission checks only in the front end, missing transaction boundaries, and unclear state transitions, and suggests concrete refactors and patterns. It also explains why certain choices increase reliability, security, and maintainability.

When to use it

  • When implementing or refactoring admin request approval workflows
  • During code review of controllers, APIs, and admin UIs
  • When adding permission or role-based access controls
  • Before releasing features that change request lifecycle states
  • When audits, logging, or compliance requirements apply

Best practices

  • Enforce permissions server-side and do not rely solely on client checks
  • Model request state transitions explicitly and validate allowed paths
  • Wrap multi-step changes in transactions to avoid partial updates
  • Record immutable audit logs for approvals, rejections, and key metadata
  • Use idempotent endpoints for approval actions to handle retries safely
  • Keep UI actions minimal and show clear confirmation for destructive operations

Example use cases

  • Reviewing a pull request that adds an admin approval endpoint for user requests
  • Refactoring an admin panel to centralize permission checks and audit logging
  • Designing an approval workflow with explicit states and transition guards
  • Adding server-side validation to reject stale or conflicting approvals
  • Improving UX by adding confirmation dialogs and clear success/failure messages

FAQ

Should permission checks be duplicated in front-end code?

No. Front-end checks improve UX but all permission enforcement must occur server-side to prevent bypass.

How should I handle concurrent approvals?

Use optimistic locking, version fields, or database transactions to detect conflicts and reject or retry conflicting operations.

What belongs in audit logs?

Log actor ID, timestamp, action taken, request state before/after, and any relevant metadata; keep logs immutable for compliance.