--- name: mcaf-dotnet-quality-ci description: "Set up or refine open-source .NET code-quality gates for CI: formatting, `.editorconfig`, SDK analyzers, third-party analyzers, coverage, mutation testing, architecture tests, and security scanning. Use when a .NET repo needs an explicit quality stack in `AGENTS.md`, docs, or pipeline YAML." compatibility: "Requires a .NET solution or project; may update `AGENTS.md`, CI workflows, a repo-root `.editorconfig`, `Directory.Build.props`, or analyzer package references." --- # MCAF: .NET Quality CI ## Trigger On - adding or tightening .NET code-quality gates in CI - choosing analyzers, coverage, mutation, or architecture-test tooling for a .NET repo - standardizing `.editorconfig`, `dotnet format`, and warning policy ## Value - produce a concrete project delta: code, docs, config, tests, CI, or review artifact - reduce ambiguity through explicit planning, verification, and final validation skills - leave reusable project context so future tasks are faster and safer ## Do Not Use For - non-.NET repositories - generic CI/CD guidance with no .NET quality stack decisions - framework-specific test authoring with no quality-gate change ## Inputs - the nearest `AGENTS.md` - the current repo-root `.editorconfig` and MSBuild props - the current CI workflow and package references - the active test runner model: VSTest or Microsoft.Testing.Platform ## Quick Start 1. Read the nearest `AGENTS.md` and confirm scope and constraints. 2. Run this skill's `Workflow` through the `Ralph Loop` until outcomes are acceptable. 3. Return the `Required Result Format` with concrete artifacts and verification evidence. ## Workflow 1. Start with the repo-native baseline: - repo-root `.editorconfig` - `dotnet format --verify-no-changes` - SDK analyzers with explicit `EnableNETAnalyzers`, `AnalysisLevel`, and warning policy 2. Add third-party analyzers only where they close a real gap: - `StyleCopAnalyzers` - `Roslynator` - `Meziantou.Analyzer` - framework analyzers such as xUnit, MSTest, or TUnit analyzers 3. Separate quality gates by purpose: - formatting and style - correctness and static analysis - coverage and reports - architecture rules - security scanning - mutation testing 4. For complexity, use a composite approach: - CA1502 thresholding - maintainability limits in `AGENTS.md` - architecture tests - coverage and mutation where risk justifies it 5. Make ownership explicit in `AGENTS.md` and CI: - which command formats - which command analyzes - which command measures coverage - which runner model the tests use 6. After any .NET code change, the repo's quality pass must be runnable by agents: - format - build - analyze - focused tests - broader tests - coverage and report generation when configured - extra configured gates only when the repo actually enabled them 7. Route tool-specific setup through dedicated skills where possible: - `mcaf-dotnet-format` - `mcaf-dotnet-code-analysis` - `mcaf-dotnet-analyzer-config` - analyzer-pack skills such as `mcaf-dotnet-stylecop-analyzers`, `mcaf-dotnet-roslynator`, and `mcaf-dotnet-meziantou-analyzer` - coverage/reporting skills such as `mcaf-dotnet-coverlet` and `mcaf-dotnet-reportgenerator` - architecture/security skills such as `mcaf-dotnet-netarchtest`, `mcaf-dotnet-archunitnet`, and `mcaf-dotnet-codeql` 8. Avoid overlapping tools with conflicting ownership. If you add an opinionated formatter, define whether it replaces or complements `dotnet format`. ## Bootstrap When Missing If a quality gate is requested but not configured, use this activation path: 1. Detect current state in `.csproj`, `Directory.Build.*`, `.editorconfig`, tool manifests, and CI workflow files. 2. Choose exactly one owner command per gate category (format, analyze, test, coverage, architecture, security, mutation). 3. Install the minimal required package or tool and commit checked-in config files. 4. Wire the gate into both `AGENTS.md` and CI with explicit commands. 5. Run a first verify pass, fix actionable failures, and rerun. 6. Return `status: configured` if newly enabled and passing, or `status: improved` if issues remain but baseline improved. 7. Return `status: not_applicable` only when the gate is explicitly out of scope for this repo. ## Deliver - a documented .NET quality baseline - CI commands that are explicit and reproducible - analyzer and coverage choices that match the repo's runner model - a documented post-change quality pass for agents and CI - tool selection that stays open-source and free by default, with caveats called out explicitly ## Validate - repo-root `.editorconfig` is the default source of truth for per-rule severity - formatting, analyzer, and coverage commands are runner-compatible - added tools cover distinct gaps instead of duplicating each other - complexity and architecture policy are explicit, not implied - .NET code changes are expected to pass more than tests alone when quality gates are configured - any licensing or hosting caveat is documented before the tool becomes a default gate ## Ralph Loop Use the Ralph Loop for every task, including docs, architecture, testing, and tooling work. 1. Plan first (mandatory): - analyze current state - define target outcome, constraints, and risks - write a detailed execution plan - list final validation skills to run at the end, with order and reason 2. Execute one planned step and produce a concrete delta. 3. Review the result and capture findings with actionable next fixes. 4. Apply fixes in small batches and rerun the relevant checks or review steps. 5. Update the plan after each iteration. 6. Repeat until outcomes are acceptable or only explicit exceptions remain. 7. If a dependency is missing, bootstrap it or return `status: not_applicable` with explicit reason and fallback path. ### Required Result Format - `status`: `complete` | `clean` | `improved` | `configured` | `not_applicable` | `blocked` - `plan`: concise plan and current iteration step - `actions_taken`: concrete changes made - `validation_skills`: final skills run, or skipped with reasons - `verification`: commands, checks, or review evidence summary - `remaining`: top unresolved items or `none` For setup-only requests with no execution, return `status: configured` and exact next commands. ## Load References - read `references/editorconfig-and-ci.md` first - open `references/quality-toolchain.md` for the curated OSS tool list - use the dedicated tool skill when you are installing, configuring, or debugging one specific tool ## Example Requests - "Define the best OSS CI stack for this .NET repo." - "Add .NET analyzers, coverage, and mutation testing guidance." - "Make `.editorconfig` and CI agree in our .NET solution."