coding-standards
$
npx mdskill add cloudflare/sandbox-sdk/coding-standardsEnforce TypeScript rules and style for code quality.
- Prevents unsafe type usage and enforces naming conventions.
- Depends on project type definitions and style guides.
- Identifies violations of type safety and acronym rules.
- Reports specific rule breaches with actionable corrections.
SKILL.md
.github/skills/coding-standardsView on GitHub ↗
---
name: coding-standards
description: Use when writing or reviewing TypeScript in this repo. Covers the no-`any` rule and where to put new types, the uppercase-acronym style guide, and the rules for code comments (no historical context). (project)
---
# Coding Standards
## TypeScript: No `any`
**Never use `any`** unless absolutely necessary — and that should be a final resort.
Process when you reach for `any`:
1. Look for an existing type that fits. Most domains already have one.
2. If no suitable type exists, define a proper one in the right location:
- **Shared types** → `packages/shared/src/types.ts` or relevant subdirectory
- **SDK-specific types** → `packages/sandbox/src/clients/types.ts` or the appropriate client file
- **Container-specific types** → under `packages/sandbox-container/src/` with appropriate naming
3. Use the new type everywhere it applies — don't leave one-off shapes scattered around.
This catches errors at compile time instead of runtime and keeps the codebase consistent.
## Style: Uppercase Acronyms
When an acronym appears inside a camelCase or PascalCase identifier, keep it **fully uppercase**:
| ✅ Do | ❌ Don't |
| ----------------- | ----------------- |
| `SandboxRPCAPI` | `SandboxRpcApi` |
| `containerURL` | `containerUrl` |
| `parseHTTPHeader` | `parseHttpHeader` |
| `getAPIKey` | `getApiKey` |
Applies to all acronyms: API, URL, HTTP, RPC, SSE, SSH, DNS, ID, etc.
**Exception:** library-provided names keep their original casing (e.g. capnweb's `RpcTarget` stays `RpcTarget`).
## Code Comments
**Write comments for future readers, not for the current conversation.**
Comments should describe the current state of the code. A developer reading the code months later won't have context about bugs that were fixed, conversations that happened, or earlier implementations.
### Don't reference historical context
```typescript
// ❌ Bad: references a bug the reader knows nothing about
// Uses character tracking to avoid the bug where indexOf('') returns wrong position
// ❌ Bad: implies something was wrong before
// Start the server with proper WebSocket typing
// ❌ Bad: "prevent" implies there was a problem to prevent
// Assign synchronously to prevent race conditions
```
### Do describe current behavior and design intent
```typescript
// ✅ Good: describes what the code does now
// Returns parsed events and any remaining unparsed content
// ✅ Good: explains design rationale without historical context
// Assigned synchronously so concurrent callers share the same connection attempt
// ✅ Good: explains a non-obvious implementation choice
// Uses IIFE to ensure promise exists before any await points
```
### Smell test
If your comment contains "to avoid", "to fix", "to prevent", "instead of", or "properly" — reconsider whether you're describing current behavior or quietly referencing something that no longer exists. Rewrite to describe what the code does now and why this design was chosen.
## API Design
When adding or modifying SDK methods:
- Use clear, descriptive names that indicate what the method does
- Validate inputs before passing to container APIs
- Provide helpful error messages with context (use the custom error classes in `packages/shared/src/errors/`)
More from cloudflare/sandbox-sdk
- architectureUse when navigating the codebase for the first time, adding a new client method, adding a new container handler/service, or understanding how a request flows from Worker through the Sandbox DO into the container. Covers the three-layer architecture, client pattern, container runtime structure, and monorepo layout. (project)
- changesetsUse when creating a changeset, preparing a release, or bumping versions. Covers which packages to reference, how to write user-facing changeset descriptions, the release automation flow, and the npm/Docker version sync requirement. (project)
- examplesUse when working in the examples/ directory, running an example with wrangler dev, adding a new example, or answering questions about EXPOSE directives and the local Docker dev loop. (project)
- git-commitUse when creating git commits to ensure commit messages follow project standards. Applies the 7 rules for great commit messages with focus on conciseness and imperative mood.
- loggingUse when adding logs, debugging, or working with the Logger across the SDK and container runtime. Covers the constructor-injection pattern, child loggers, env-var configuration, and test mocking. (project)
- sandbox-bridgeUse when you need to exercise a real, running Sandbox deployment via HTTP — for example to validate SDK changes against a live container, reproduce a user-reported issue, or experiment with the API (including FUSE bucket mounts) without spinning up `wrangler dev`. Documents the Sandbox bridge worker reachable via `SANDBOX_WORKER_URL` + `SANDBOX_API_KEY` when the host injects them.
- session-executionUse when working on or reviewing session execution, command handling, shell state, FIFO-based streaming, or stdout/stderr separation. Relevant for session.ts, command handlers, exec/execStream, or anything involving shell process management. (project)
- testingUse when writing or running tests for this project. Covers unit vs E2E test decisions, test file locations, mock patterns, and project-specific testing conventions. (project)