nw-authoritative-sources
The nw-authoritative-sources Claude Code skill maintains curated domain-specific authority databases across software architecture, cloud platforms, security, standards bodies, programming languages, and databases. Use this skill when validating sources for technical documentation, architectural decisions, security guidance, or standards compliance, ensuring recommendations come from official documentation, standards bodies, and recognized domain experts rather than general web sources.
git clone --depth 1 https://github.com/nWave-ai/nWave /tmp/nw-authoritative-sources && cp -r /tmp/nw-authoritative-sources/nWave/skills/nw-authoritative-sources ~/.claude/skills/nw-authoritative-sourcesSKILL.md
# Authoritative Sources
## Domain Authority Database
Supplements general reputation tiers in `source-verification` with domain-specific authorities.
### Software Architecture
| Source | Authority | Notes |
|--------|-----------|-------|
| martinfowler.com | Primary | Patterns, refactoring, enterprise architecture |
| c2.com/wiki | Historical | Original wiki; pattern language origins |
| microservices.io | Domain-specific | Chris Richardson's microservices patterns |
| architecturenotes.co | Curated | ADRs and trade-off analysis |
| infoq.com | Industry reporting | Conference talks, practitioner reports |
| thoughtworks.com/radar | Trend tracking | Technology Radar adoption lifecycle |
### Cloud Platforms
| Source | Authority | Notes |
|--------|-----------|-------|
| docs.aws.amazon.com | Official | AWS, well-architected framework |
| cloud.google.com/docs | Official | GCP services and practices |
| learn.microsoft.com | Official | Azure, .NET, Microsoft ecosystem |
| kubernetes.io/docs | Official | Container orchestration |
| docs.docker.com | Official | Container runtime |
### Security
| Source | Authority | Notes |
|--------|-----------|-------|
| owasp.org | Standards body | Web app security, top-10 |
| nist.gov | Government | NIST CSF, SP 800 series |
| cve.mitre.org | Vuln database | CVE identifiers |
| nvd.nist.gov | Vuln database | NVD with scoring |
| csrc.nist.gov | Crypto standards | FIPS, module validation |
| cisa.gov | Government advisory | Security advisories |
### Standards Bodies
| Source | Authority | Notes |
|--------|-----------|-------|
| ietf.org / datatracker.ietf.org | Protocol standards | RFCs: networking, HTTP, TLS, DNS |
| w3.org | Web standards | HTML, CSS, WCAG, web APIs |
| iso.org | International | Quality, security, process frameworks |
| ecma-international.org | Language standards | ECMAScript spec |
| unicode.org | Character standards | Unicode encoding |
### Programming Languages and Frameworks
| Source | Authority | Notes |
|--------|-----------|-------|
| docs.python.org | Official | Python, stdlib, PEPs |
| go.dev/doc | Official | Go language, stdlib |
| typescriptlang.org | Official | TypeScript handbook |
| rust-lang.org/learn | Official | Rust book, reference |
| developer.mozilla.org (MDN) | Canonical web ref | JS, HTML, CSS, Web APIs |
| docs.oracle.com/javase | Official | Java spec, API docs |
### Data and Databases
| Source | Authority | Notes |
|--------|-----------|-------|
| postgresql.org/docs | Official | PostgreSQL |
| dev.mysql.com/doc | Official | MySQL |
| redis.io/docs | Official | Redis |
| mongodb.com/docs | Official | MongoDB |
| cassandra.apache.org/doc | Official | Cassandra |
### DevOps and SRE
| Source | Authority | Notes |
|--------|-----------|-------|
| sre.google | Industry | Google SRE books |
| 12factor.net | Methodology | Twelve-factor app |
| dora.dev | Research | DORA metrics |
| openpolicyagent.org | Policy-as-code | OPA docs |
## Domain-Specific Search Strategies
### Architecture Topics
1. Canonical authors: `{topic} site:martinfowler.com` or `site:microservices.io`
2. Conference talks: `{topic} QCon OR StrangeLoop OR GOTO conference`
3. Books/papers: `{topic} book OR paper architecture`
4. Adoption status: `{topic} site:thoughtworks.com/radar`
5. Local docs: Grep in `docs/research/` and `nWave/skills/`
### Security Topics
1. Vuln databases: `{topic} site:cve.mitre.org` or `site:nvd.nist.gov`
2. Advisories: `{topic} site:cisa.gov` or `site:owasp.org`
3. NIST frameworks: `{topic} site:nist.gov`
4. Vendor advisories if product-specific
5. Prioritize last 6 months
### Framework and Library Topics
1. Official docs (see database above)
2. Release notes/changelogs for version-specific info
3. Migration guides: `{framework} migration guide {version}`
4. GitHub issues/discussions for known problems
5. Stack Overflow: `{topic} site:stackoverflow.com`
### Methodology and Process Topics
1. Original author/publication
2. Case studies: `{methodology} case study OR experience report`
3. Critiques: `{methodology} criticism OR alternative OR comparison`
4. Academic: `{topic} site:arxiv.org` or Google Scholar
5. Practitioner adaptations vs original definitions
## Source Freshness Rules
| Category | Max Age | Rationale |
|----------|---------|-----------|
| Security vulnerabilities | 6 months | Rapid threat evolution |
| Framework versions | 1 year | API/practice changes |
| Cloud service docs | 1 year | Frequent deprecation/launch |
| API references | 1 year | Breaking changes common |
| Architecture patterns | Evergreen | Core patterns stable |
| Methodology references | Evergreen | Foundational works stable |
| Language specs | Evergreen per version | Per-version permanent |
| Research papers | 3 years | Check for follow-up work |
| Industry trend reports | 1 year | Cite current edition only |
### Handling Outdated Sources
1. Check if newer version exists
2. Stable concept: cite with "[Published {year}; concept remains current]"
3. Time-sensitive: find current source or document age limitation in Knowledge Gaps
4. Never cite outdated security advisories as current threat intelligenceReview dimensions for validating agent quality - template compliance, safety, testing, and priority validation
Review dimensions for validating agent quality - template compliance, safety, testing, and priority validation
Review dimensions for acceptance test quality - happy path bias, GWT compliance, business language purity, coverage completeness, walking skeleton user-centricity, priority validation, observable behavior assertions, traceability coverage, and walking skeleton boundary proof
Detailed 5-phase workflow for creating agents - from requirements analysis through validation and iterative refinement
5-layer testing approach for agent validation including adversarial testing, security validation, and prompt injection resistance
Architectural style selection decision matrices, trade-off analysis, structural enforcement rules, and combination patterns. Load when choosing or evaluating architecture styles.
Comprehensive architecture patterns, methodologies, quality frameworks, and evaluation methods for solution architects. Load when designing system architecture or selecting patterns.
Canonical AT completeness gate — research-anchored 7-category taxonomy (C1-C7) + 15-item mechanical checklist. Paradigm-neutral. Drives acceptance-designer reviewer verdict deterministically.