feat: add C# language support

[necipsunmaz]

• Add 5 C# rule files (coding-style, hooks, patterns, security, testing)
• Add 3 C# skill files (csharp-patterns, csharp-testing, csharp-security)
• Update README.md and rules/README.md with C# references
• Fix missing await on ThrowAsync in csharp-testing skill

What Changed

Full C# / .NET 8+ language support following existing patterns (Perl as template):

Rules (rules/csharp/) — 5 files with **/*.cs, **/*.csproj, **/*.sln, **/*.razor path globs:

• coding-style.md — PascalCase naming, records, nullability, dotnet format
• hooks.md — PostToolUse for dotnet format/dotnet build, Console.WriteLine warning
• patterns.md — Repository pattern with EF Core, DI, async/await, LINQ
• security.md — User Secrets, EF Core params, Razor encoding, Roslyn analyzers
• testing.md — xUnit, Coverlet, NSubstitute, FluentAssertions

Skills — 3 comprehensive SKILL.md files:

• csharp-patterns/ (691 lines) — Records, nullable types, pattern matching, DI, async, LINQ, error
  handling, project organization, Minimal API vs Controllers, configuration
• csharp-testing/ (902 lines) — TDD workflow, xUnit, FluentAssertions, NSubstitute,
  WebApplicationFactory, TestContainers, Coverlet
• csharp-security/ (640 lines) — Auth, validation, SQLi, XSS, CSRF, secrets, headers, rate limiting,
  OWASP mapping

Documentation updates:

• Added C# badge to README
• Updated directory trees, install examples, rule counts (34→39)
• Removed C# from roadmap (now implemented)
• Updated rules/README.md with csharp directory and install commands

Why This Change

C# was listed in the README roadmap as a planned addition. This brings full rule + skill coverage following
the established patterns, consistent with other supported languages (TypeScript, Python, Go, Swift, Perl,
PHP).

Testing Done

• Manual testing completed
• Automated tests pass locally (node tests/run-all.js) — 1390/1402 pass, 12 failures are pre-existing
  upstream issues (sql.js, package-manager, formatter, hooks, validators) unrelated to this change
• Edge cases considered and tested
• Verified ./install.sh lists csharp in available languages
• Verified all 8 new files have correct YAML frontmatter
• Verified ../common/ relative links resolve correctly
• Code review pass caught and fixed missing await on ThrowAsync and inconsistent dash style

Type of Change

• fix: Bug fix
• feat: New feature
• refactor: Code refactoring
• docs: Documentation
• test: Tests
• chore: Maintenance/tooling
• ci: CI/CD changes

Security & Quality Checklist

• No secrets or API keys committed (ghp_, sk-, AKIA, xoxb, xoxp patterns checked)
• JSON files validate cleanly
• Shell scripts pass shellcheck (if applicable)
• Pre-commit hooks pass locally (if configured)
• No sensitive data exposed in logs or output
• Follows conventional commits format

Documentation

• Updated relevant documentation
• Added comments for complex logic
• README updated (if needed)

---

Summary by cubic

Adds full C# (.NET 8+) language support with 5 rule files and 4 skills (patterns, testing, security, data-access), plus installer and README updates. Increases rules 34→39 and skills 108→112, and wires dotnet format/build hooks.

• New Features

  • Rules (rules/csharp/): coding-style.md, hooks.md, patterns.md, security.md, testing.md with globs for **/*.cs, **/*.csproj, **/*.sln, **/*.razor; PostToolUse for dotnet format/dotnet build; warn on Console.WriteLine outside Program.cs.
  • Skills: csharp-patterns, csharp-testing, csharp-security, csharp-data-access (EF Core/Dapper patterns).
  • Docs/install: Added C# badge and directories to README; installers list csharp; updated counts and tables (rules 39, skills 112); rules/README.md includes csharp.

• Bug Fixes

  • Hardened guidance and examples: use IHttpClientFactory instead of HttpClient; fail-fast for missing Jwt:Key; stricter CSP (removed unsafe-inline); clarified JWT/CSRF note (Authorization header); corrected record struct allocation note.
  • Testing: unique in-memory DB names for isolation; fixed inconsistent test stub; added missing await on ThrowAsync.

^{Written for commit 7a01e6f. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added full C#/.NET language support across the project, including coding, patterns, security, data-access, and testing guidance.
  • Skillset expanded (overall skills count increased).

• Documentation

  • Updated install/setup docs to include C# targets and manual install steps.
  • Added numerous C#-specific guides: coding style, hooks, patterns, security, testing, data-access, and related skill references.

[ecc-tools]

Analyzing 5000 commits...

[ecc-tools]

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting

Cause	Resolution
Large repository	Analysis may timeout on repos with extensive history
API rate limits	Wait 15 minutes before retrying
Network issues	Queue timeout is 15 minutes; retry may succeed
Permissions	Verify app has Contents: Read access

Retry: /ecc-tools analyze

---

_{Report Issue | ECC Tools}

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 95b7c90d-6523-4030-b97b-ea5c15d934ee

📥 Commits

Reviewing files that changed from the base of the PR and between 7b55a3b and 7a01e6f.

📒 Files selected for processing (6)

• AGENTS.md
• README.md
• skills/csharp-data-access/SKILL.md
• skills/csharp-patterns/SKILL.md
• skills/csharp-security/SKILL.md
• skills/csharp-testing/SKILL.md

✅ Files skipped from review due to trivial changes (6)

• README.md
• AGENTS.md
• skills/csharp-data-access/SKILL.md
• skills/csharp-security/SKILL.md
• skills/csharp-testing/SKILL.md
• skills/csharp-patterns/SKILL.md

---

📝 Walkthrough

Walkthrough

This PR adds C#/.NET language support across documentation: updates README/install examples and rule counts, adds a rules/csharp/ subtree with five rule docs, and introduces three C# skill guides for patterns, security, and testing.

Changes

Cohort / File(s)	Summary
Project README & install docs README.md	Added C# badge, expanded install examples (install.sh/install.ps1) to include csharp, and updated rule/skill counts (rules 34→39, skills 108→112).
Rules index rules/README.md	Documented new rules/csharp/ directory, updated install instructions (./install.sh csharp) and rule-priority note to include rules/csharp/.
C# Rule Files rules/csharp/coding-style.md, rules/csharp/hooks.md, rules/csharp/patterns.md, rules/csharp/security.md, rules/csharp/testing.md	Added five language-specific rule documents covering coding standards, editor/tool hooks (dotnet format, build warnings), common patterns (DI, repos, async, LINQ), security practices (secrets, validation, SQL/XSS guidance), and testing conventions (xUnit, mocks, coverage).
C# Skill Guides skills/csharp-patterns/SKILL.md, skills/csharp-security/SKILL.md, skills/csharp-testing/SKILL.md, skills/csharp-data-access/SKILL.md	Added comprehensive C# skill pages: patterns (records, nullable, DI, async, LINQ), security playbook (auth, SQL/XSS/CSRF, secrets, headers, rate limiting), testing (TDD, xUnit, Testcontainers, coverage), and data access (EF Core/Dapper, transactions, repo/unit-of-work).
Agents / metadata AGENTS.md	Updated skill count from 108→112 while keeping agent/command counts unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~15 minutes

Possibly related PRs

• docs: Add hooks.md to documentation index #40: Related hooks documentation additions; both PRs add rules/*/hooks.md-style docs.
• refactor(rules): restructure into common + language-specific directories #146: Introduced the common+language rules layout; this PR adds the csharp/ language set under that structure.
• Refer in README to install.sh for installing rules instead of instruc… #196: Related README/install instruction updates and install script examples for language targets.

Suggested reviewers

• affaan-m

Poem

🐰 I hopped into C# lands so bright,

With records, tests, and security light.
Dotnet dances, patterns hum,
Hooks and rules now welcome some.
Hooray — new docs make devs delight! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add C# language support' clearly and concisely summarizes the main change: adding C#/.NET support to the repository. It accurately reflects the primary feature introduction across rules, skills, documentation, and installers.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

Tip

CodeRabbit can use TruffleHog to scan for secrets in your code with verification capabilities.

Add a TruffleHog config file (e.g. trufflehog-config.yml, trufflehog.yml) to your project to customize detectors and scanning behavior. The tool runs only when a config file is present.

[greptile-apps]

Greptile Summary

This PR adds full C# / .NET 8+ language support to the plugin, introducing 5 rule files (rules/csharp/), 4 skill files (csharp-patterns, csharp-testing, csharp-security, csharp-data-access), and corresponding README/installer updates — following the same structure used for existing languages (TypeScript, Python, Go, Swift, PHP, Perl).

The content is generally high quality and technically accurate. Issues flagged in a prior review (HttpClient anti-pattern, null-forgiving operator on the JWT signing key) have both been addressed in this revision.

• The WebApplicationFactory integration-test example in csharp-testing uses UseInMemoryDatabase, which doesn't exercise real database behavior (no transactions, no foreign-key enforcement). The section heading calls it "Integration Testing," which may give developers false confidence. TestContainers (shown later in the same file) is the more appropriate recommendation for true integration tests; at minimum the example should be clearly labeled as an HTTP/API layer test.
• The NSubstitute async setup uses Returns(Task.FromResult(true)) — modern NSubstitute (v4+) accepts Returns(true) directly for Task<T> methods, which is more idiomatic.
• The PR description states "Add 3 C# skill files" but the changeset includes 4 (csharp-data-access is also new, and AGENTS.md correctly reflects 108 → 112 skills). The description should be updated to mention csharp-data-access.

Confidence Score: 4/5

• Safe to merge; all changes are documentation and guidance content with no runtime code. Minor clarification improvements recommended.
• The PR is purely additive documentation content — no executable code is introduced. The two issues found (misleading integration-test label and minor NSubstitute verbosity) affect developer guidance quality, not runtime behavior. Prior review concerns about HttpClient and the JWT null-forgiving operator have been resolved.
• skills/csharp-testing/SKILL.md — the WebApplicationFactory integration test example using UseInMemoryDatabase deserves a clearer label or comment to prevent misconceptions about test coverage.

Important Files Changed

Filename	Overview
skills/csharp-patterns/SKILL.md	Comprehensive 691-line patterns guide; covers records, nullable types, pattern matching, DI, async/await, LINQ, error handling, project organization, Minimal API, and configuration. The HttpClient anti-pattern raised in the prior review has been resolved — IHttpClientFactory is now used correctly throughout.
skills/csharp-testing/SKILL.md	902-line testing guide covering TDD, xUnit, FluentAssertions, NSubstitute, WebApplicationFactory, TestContainers, and Coverlet. The WebApplicationFactory integration test example uses UseInMemoryDatabase, which doesn't verify real database behavior; the section label could mislead developers. Minor: Task.FromResult(true) is slightly verbose for NSubstitute async setups.
skills/csharp-security/SKILL.md	640-line security guide covering auth, validation, SQLi, XSS, CSRF, secrets, headers, rate limiting, and OWASP mapping. The JWT key null-forgiving operator concern from the prior review was addressed: the config value now uses ?? throw new InvalidOperationException(...) for a clear startup failure.
skills/csharp-data-access/SKILL.md	New EF Core and Dapper data-access skill covering DbContext lifecycle, entity configuration, N+1 prevention, projections, pagination, migrations, transactions, and the repository pattern with Unit of Work. Content is accurate and well-structured. Note: this file is not mentioned in the PR description ("3 C# skill files") but is included in the changeset — it is the fourth new skill.
rules/csharp/hooks.md	Minimal hooks rule file; describes dotnet format and dotnet build PostToolUse hooks and warns about Console.WriteLine outside Program.cs. Consistent with other language hook files in the repo.
rules/csharp/coding-style.md	Concise coding-style rule covering .NET 8+ target, naming conventions (PascalCase/camelCase/_camelCase/I-prefix/Async-suffix), immutability guidelines, dotnet format usage, and error handling principles. Well-aligned with standard C# conventions.
rules/csharp/patterns.md	Repository pattern, DTOs with records, DI service lifetimes, async/await best practices, and LINQ guidelines. Accurate and follows the established pattern of referencing the skill for deeper coverage.
rules/csharp/security.md	Security rule file covering User Secrets, input validation, SQL injection prevention, XSS, and Roslyn analyzers. Accurate with good bad/good examples for SQL injection.
rules/csharp/testing.md	Testing rule file covering xUnit, Coverlet, NSubstitute, and FluentAssertions. Correct and concise with the pitfall note about using CancellationToken.None explicitly in tests.
AGENTS.md	Updated skill count from 108 to 112, correctly reflecting the addition of four new C# skills (csharp-patterns, csharp-testing, csharp-security, csharp-data-access).
README.md	Added C# badge, updated install examples for macOS/Linux and Windows PowerShell, updated skill count to 112, removed C# from the roadmap, and added csharp to the directory tree and copy examples. The "5 languages supported" tagline was noted in a prior review thread.
rules/README.md	Updated to include the new rules/csharp/ directory in the directory tree and install command examples. Consistent with changes to the main README.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[C# Language Support] --> B[rules/csharp/]
    A --> C[skills/]

    B --> B1[coding-style.md\nPascalCase, nullability, dotnet format]
    B --> B2[hooks.md\ndotnet format + build PostToolUse]
    B --> B3[patterns.md\nRepository, DI, async, LINQ]
    B --> B4[security.md\nSecrets, validation, SQLi, XSS]
    B --> B5[testing.md\nxUnit, Coverlet, NSubstitute]

    C --> C1[csharp-patterns/SKILL.md\nRecords, nullable, pattern matching,\nDI, async, LINQ, error handling,\nMinimal API, configuration]
    C --> C2[csharp-testing/SKILL.md\nTDD workflow, xUnit, FluentAssertions,\nNSubstitute, WebApplicationFactory,\nTestContainers, Coverlet]
    C --> C3[csharp-security/SKILL.md\nJWT auth, input validation, SQLi,\nXSS, CSRF, secrets, headers,\nrate limiting, OWASP Top 10]
    C --> C4[csharp-data-access/SKILL.md\nEF Core, Dapper, DbContext lifecycle,\nmigrations, transactions,\nrepository + Unit of Work]

    B1 -.->|references| C1
    B3 -.->|references| C1
    B4 -.->|references| C3
    B5 -.->|references| C2

Loading

_{Last reviewed commit: "fix: address PR revi..."}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

skills/csharp-testing/SKILL.md (1)

734-741: Make the coverage-report open command cross-platform.

Line 740 uses open, which is macOS-specific. Add Linux/Windows alternatives (or a short OS note) to avoid broken copy-paste flows.

Suggested docs tweak

-open coveragereport/index.html
+# macOS
+open coveragereport/index.html
+# Linux
+xdg-open coveragereport/index.html
+# Windows (PowerShell)
+start coveragereport/index.html

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/csharp-testing/SKILL.md` around lines 734 - 741, The README uses a
macOS-only command ("open coveragereport/index.html"); make this cross-platform
by replacing that single-line instruction with platform alternatives or a short
note: list "open coveragereport/index.html" for macOS, "xdg-open
coveragereport/index.html" for Linux, and "start coveragereport\\index.html" (or
PowerShell "Invoke-Item coveragereport\\index.html") for Windows, and mention
the user can run the appropriate command for their OS so copy-pasting won't
break; update the line containing "open coveragereport/index.html" accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@skills/csharp-security/SKILL.md`:
- Around line 286-293: The CSP example in the Program.cs middleware (the app.Use
block that calls context.Response.Headers.Append for "Content-Security-Policy")
should not include 'unsafe-inline' for style-src; update the header to remove
'unsafe-inline' and instead recommend using a nonce or hash-based approach for
inline styles (or add a comment/documentation line explaining 'unsafe-inline' is
only a temporary compatibility fallback). Modify the middleware that sets the
header so it emits a policy that uses nonce/hash-based style-src directives and
ensure the header string generation is updated consistently where
context.Response.Headers.Append("Content-Security-Policy", ...) is set.
- Around line 11-19: Rename the top-level heading "When to Activate" to the
required "When to Use", move the current bullet list under that new "When to
Use" heading, and add two new top-level headings "How It Works" and "Examples"
(each with at least one descriptive sentence or short paragraph) so the skill
Markdown follows the repository format; update any internal references if they
rely on the old "When to Activate" heading and ensure the three headings appear
as clear top-level sections in the document.

In `@skills/csharp-testing/SKILL.md`:
- Around line 11-18: Replace the non-standard "When to Activate" heading in
SKILL.md with the exact required section headings "When to Use", "How It Works",
and "Examples"; move the existing bullet list under "When to Use", add a brief
descriptive paragraph under "How It Works" explaining the skill's behavior in C#
testing workflows, and include at least one concrete usage snippet or scenario
under "Examples". Also apply the same section-heading restructuring to the other
referenced skill (19-902) to match the skills/**/*.md schema.

---

Nitpick comments:
In `@skills/csharp-testing/SKILL.md`:
- Around line 734-741: The README uses a macOS-only command ("open
coveragereport/index.html"); make this cross-platform by replacing that
single-line instruction with platform alternatives or a short note: list "open
coveragereport/index.html" for macOS, "xdg-open coveragereport/index.html" for
Linux, and "start coveragereport\\index.html" (or PowerShell "Invoke-Item
coveragereport\\index.html") for Windows, and mention the user can run the
appropriate command for their OS so copy-pasting won't break; update the line
containing "open coveragereport/index.html" accordingly.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 324a54b6-267c-4ad0-a09d-dd85a768a212

📥 Commits

Reviewing files that changed from the base of the PR and between 4bdbf57 and 7b55a3b.

📒 Files selected for processing (10)

• README.md
• rules/README.md
• rules/csharp/coding-style.md
• rules/csharp/hooks.md
• rules/csharp/patterns.md
• rules/csharp/security.md
• rules/csharp/testing.md
• skills/csharp-patterns/SKILL.md
• skills/csharp-security/SKILL.md
• skills/csharp-testing/SKILL.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Add explicit required skill sections (When to Use, How It Works, Examples).

Line 11 currently uses When to Activate, and there are no explicit top-level How It Works / Examples sections. Please add those headings and reorganize existing content under them to match repository skill format requirements.

As per coding guidelines "skills/**/*.md: Skills should be formatted as Markdown with clear sections for When to Use, How It Works, and Examples".

Also applies to: 90-640

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/csharp-security/SKILL.md` around lines 11 - 19, Rename the top-level
heading "When to Activate" to the required "When to Use", move the current
bullet list under that new "When to Use" heading, and add two new top-level
headings "How It Works" and "Examples" (each with at least one descriptive
sentence or short paragraph) so the skill Markdown follows the repository
format; update any internal references if they rely on the old "When to
Activate" heading and ensure the three headings appear as clear top-level
sections in the document.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Restructure to include explicit When to Use, How It Works, and Examples sections.

Line 11 uses When to Activate, but the required skill-section schema is not explicitly present. Please add the exact section headings and nest current content under them.

As per coding guidelines "skills/**/*.md: Skills should be formatted as Markdown with clear sections for When to Use, How It Works, and Examples".

Also applies to: 19-902

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@skills/csharp-testing/SKILL.md` around lines 11 - 18, Replace the
non-standard "When to Activate" heading in SKILL.md with the exact required
section headings "When to Use", "How It Works", and "Examples"; move the
existing bullet list under "When to Use", add a brief descriptive paragraph
under "How It Works" explaining the skill's behavior in C# testing workflows,
and include at least one concrete usage snippet or scenario under "Examples".
Also apply the same section-heading restructuring to the other referenced skill
(19-902) to match the skills/**/*.md schema.

[cubic-dev-ai]

6 issues found across 10 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/csharp-patterns/SKILL.md">

<violation number="1" location="skills/csharp-patterns/SKILL.md:29">
P2: The comment claims record structs have “no heap allocation,” but value types can still allocate on the heap when boxed (e.g., cast to object or interface). This absolute statement can mislead performance guidance.</violation>

<violation number="2" location="skills/csharp-patterns/SKILL.md:284">
P2: The “Good” async example creates and disposes a new HttpClient per call. Microsoft’s guidelines warn this can exhaust sockets/ports under load; best practice is to reuse a long‑lived HttpClient or use IHttpClientFactory. As written, this doc promotes a known anti‑pattern.</violation>
</file>

<file name="skills/csharp-testing/SKILL.md">

<violation number="1" location="skills/csharp-testing/SKILL.md:231">
P2: Example test is guaranteed to fail because QueryUsers returns an empty list while the test asserts NotBeEmpty, making the sample internally inconsistent.</violation>

<violation number="2" location="skills/csharp-testing/SKILL.md:492">
P2: The sample uses a fixed in-memory database name. EF Core’s in-memory provider reuses databases by name, so a shared WebApplicationFactory/IClassFixture can leak state between tests and cause flaky, order-dependent failures. Use a unique name per test (or an InMemoryDatabaseRoot scoped per test) to preserve isolation.</violation>
</file>

<file name="skills/csharp-security/SKILL.md">

<violation number="1" location="skills/csharp-security/SKILL.md:336">
P2: JWT CSRF guidance is too broad. Disabling antiforgery is only safe when JWTs are sent via Authorization headers; if JWTs are stored in cookies, browsers auto-send them and CSRF protections are still needed.</violation>
</file>

<file name="rules/csharp/coding-style.md">

<violation number="1" location="rules/csharp/coding-style.md:14">
P2: Recommending `<LangVersion>latest</LangVersion>` makes language version selection SDK-dependent, which can change across machines/CI and break reproducible builds. Prefer an explicit version (e.g., `12.0` for .NET 8) or `latestMajor` if you want stable major targeting.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[ecc-tools]

Analyzing 5000 commits...

[ecc-tools]

Analysis Failed

Not Found - https://docs.github.com/rest/git/refs#get-a-reference

Troubleshooting

Cause	Resolution
Large repository	Analysis may timeout on repos with extensive history
API rate limits	Wait 15 minutes before retrying
Network issues	Queue timeout is 15 minutes; retry may succeed
Permissions	Verify app has Contents: Read access

Retry: /ecc-tools analyze

---

_{Report Issue | ECC Tools}

[cubic-dev-ai]

6 issues found across 6 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="skills/csharp-data-access/SKILL.md">

<violation number="1" location="skills/csharp-data-access/SKILL.md:306">
P2: The example is labeled “Bulk insert” but Dapper’s ExecuteAsync with an IEnumerable executes one insert per item, not a true bulk protocol. This can mislead readers into using it for high-volume writes and hit performance issues.</violation>
</file>

<file name="skills/csharp-patterns/SKILL.md">

<violation number="1" location="skills/csharp-patterns/SKILL.md:193">
P2: The DI example now references `SmtpSettings.SectionName` without defining `SmtpSettings` anywhere in the skill file, leaving the snippet incomplete for copy/paste guidance.</violation>
</file>

<file name="AGENTS.md">

<violation number="1" location="AGENTS.md:3">
P2: AGENTS.md has conflicting hardcoded skill counts (112 vs 102), creating inconsistent project metadata.</violation>
</file>

<file name="skills/csharp-security/SKILL.md">

<violation number="1" location="skills/csharp-security/SKILL.md:275">
P2: The snippet labels HSTS as “production only” but applies `app.UseHsts()` unconditionally, contradicting the guidance and potentially causing cached HSTS issues in development. Gate HSTS with an environment check to match the comment and best practices.</violation>

<violation number="2" location="skills/csharp-security/SKILL.md:275">
P1: Custom security headers middleware is documented but not registered, so the advertised headers will not be applied.</violation>
</file>

<file name="README.md">

<violation number="1" location="README.md:195">
P3: README now reports 112 skills in updated sections but still lists 102 skills in the Cross-Tool Feature Parity table, creating contradictory counts in the same document.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[affaan-m]

Thanks for the comprehensive C# language support! The skills and rules follow existing conventions well.

This PR now has merge conflicts (likely from recent merges updating AGENTS.md/README.md counts). Could you rebase on the latest main and resolve the conflicts? Once clean, this is ready to merge.

[affaan-m]

Superseded by rebased PR