ReddRadar
Agent skill
dapr-validator
Install this agent skill to your Project
npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/data/dapr-validator
SKILL.md
Overview
This skill validates Dapr configurations for security, correctness, and best practices. It ensures all Dapr components and sidecar annotations follow standards before deployment.
Quick Start
Validate Existing Components
# Validate a Dapr component file
python scripts/validate_component.py <component-file.yaml>
# Validate deployment Dapr annotations
python scripts/validate_deployment.py <deployment-file.yaml>
Generate New Components
# Generate from templates
python scripts/generate_component.py --type statestore-postgres --name mystore --namespace todo-app
# Available templates in assets/:
# - statestore-postgres, statestore-redis
# - pubsub-kafka, pubsub-redis
# - configuration (mTLS)
Validation Rule Codes
| Code | Category | Description |
|---|---|---|
| DAPR-001 | Component | Missing namespace |
| DAPR-002 | Component | Using 'default' namespace |
| DAPR-003 | Security | Inline credentials (not using secretKeyRef) |
| DAPR-004 | Component | Missing or empty scopes |
| DAPR-005 | Configuration | mTLS not enabled |
| DAPR-006 | Deployment | Missing dapr.io/app-id annotation |
| DAPR-007 | Deployment | Missing sidecar resource limits |
| DAPR-008 | Component | Invalid component type |
| DAPR-009 | Deployment | app-id doesn't match component scopes |
| DAPR-010 | Deployment | Missing dapr.io/app-port annotation |
Component Structure
Every Dapr component MUST have:
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: <lowercase-hyphenated>
namespace: <explicit-namespace> # Never "default"
spec:
type: <component-type>
version: v1
metadata:
- name: <key>
secretKeyRef: # For sensitive values
name: <secret-name>
key: <secret-key>
scopes: # REQUIRED
- <app-id-1>
Validation Rules
Secrets Management
# ✅ CORRECT
metadata:
- name: connectionString
secretKeyRef:
name: postgres-secrets
key: connection-string
# ❌ WRONG - Never inline secrets
metadata:
- name: connectionString
value: "postgresql://user:password@host/db"
Scopes (Required)
# ✅ CORRECT - Scoped to specific apps
scopes:
- todo-backend
- todo-mcp-server
# ❌ WRONG - Empty or missing scopes
mTLS Configuration
apiVersion: dapr.io/v1alpha1
kind: Configuration
metadata:
name: dapr-config
spec:
mtls:
enabled: true # MANDATORY
Deployment Annotations
Every Dapr-enabled deployment MUST have:
annotations:
dapr.io/enabled: "true"
dapr.io/app-id: "<unique-app-id>"
dapr.io/app-port: "<container-port>"
dapr.io/app-protocol: "http"
dapr.io/sidecar-cpu-request: "100m"
dapr.io/sidecar-memory-request: "128Mi"
dapr.io/sidecar-cpu-limit: "300m"
dapr.io/sidecar-memory-limit: "256Mi"
Component Examples
PostgreSQL State Store
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
namespace: todo
spec:
type: state.postgresql
version: v1
metadata:
- name: connectionString
secretKeyRef:
name: postgres-secrets
key: connection-string
scopes:
- todo-backend
Kafka Pub/Sub
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: pubsub
namespace: todo
spec:
type: pubsub.kafka
version: v1
metadata:
- name: brokers
value: "kafka:9092"
- name: authType
value: "password"
- name: saslUsername
secretKeyRef:
name: kafka-secrets
key: username
- name: saslPassword
secretKeyRef:
name: kafka-secrets
key: password
scopes:
- todo-backend
Validation Output
## Dapr Validation Report
### Component: statestore
✅ Structure valid
✅ Namespace explicit
✅ Secrets use secretKeyRef
✅ Scopes defined
❌ ERROR: Empty scopes
### Deployment: todo-backend
✅ Dapr enabled
✅ App-id matches scopes
⚠️ WARNING: No sidecar limits
### Status: PASSED / BLOCKED
Common Mistakes
| Mistake | Fix |
|---|---|
| Inline secrets | Use secretKeyRef |
| Missing scopes | Add explicit app-ids |
| Wrong app-id | Match annotation to scopes |
| No sidecar limits | Add resource annotations |
| Missing namespace | Use explicit namespace |
Checklist
Components:
[ ] apiVersion: dapr.io/v1alpha1
[ ] Explicit namespace
[ ] secretKeyRef for credentials
[ ] Scopes defined
Deployments:
[ ] dapr.io/enabled: "true"
[ ] dapr.io/app-id set
[ ] dapr.io/app-port correct
[ ] Sidecar resource limits
Configuration:
[ ] mTLS enabled
CLI Commands
dapr status -k
dapr components -k -n todo
kubectl describe component statestore -n todo
Recommended Agent Skills
Expand your agent's capabilities with these related and highly-rated skills.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
majiayu000/claude-skill-registry
agent-ops-spec
Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-testing
Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.
majiayu000/claude-skill-registry
agent-ops-state
Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.
Didn't find tool you were looking for?