form-strategy
The form-strategy skill provides guidance on designing high-converting forms, implementing validation and spam prevention, and integrating forms with downstream systems. Use it when designing or redesigning forms, troubleshooting low completion rates or high spam volume, planning validation logic, auditing existing forms, or integrating with CRMs and other backend systems.
git clone --depth 1 https://github.com/rampstackco/claude-skills /tmp/form-strategy && cp -r /tmp/form-strategy/dist/pi/.agents/skills/form-strategy ~/.claude/skills/form-strategySKILL.md
# Form Strategy Forms are where intent becomes action. Design them well or lose conversions, frustrate users, and drown in spam. Stack-agnostic. --- ## When to use - Designing or redesigning a form - Conversion is dropping on a key form - Spam volume is overwhelming the inbox or database - Auditing forms across a site - Planning validation logic - Choosing form tooling (form service, custom build, no-code) - Integrating forms with CRM, email, or other downstream systems - Multi-step form decisions ## When NOT to use - Generic conversion optimization (use `cro-optimization`) - The copy on the form (use `landing-page-copy`) - Backend handling beyond form-specific concerns (use `frontend-component-build`, `code-review-web`) - General accessibility (use `accessibility-audit`) --- ## Required inputs - The form's purpose (what action, what outcome) - Current form (URL, screenshot, or fields) - Current performance (completion rate, spam rate, conversion to next step) - Downstream system (where submissions go: CRM, email, database, support tool) - Business context (volume, urgency of leads, cost of false vs missed signups) --- ## The framework: 5 dimensions Every form decision falls into one of these dimensions. ### Dimension 1: Field strategy The biggest lever. Every additional field reduces conversion. **Questions to ask for each field:** - Is this required to deliver value to the user? - Is this required to deliver value to the business? - Can it be inferred from another source (email domain, behavior, context)? - Can it be asked later (after first contact, on second visit, on settings page)? **Default rule:** ask for the minimum to make the next step happen. Everything else later. For a B2B contact form: name and email get you started. Phone, company size, role are nice-to-haves that often hurt conversion more than they help qualification. For a checkout: country, postal code, address, name, payment. Anything else (referral source, marketing opt-in, account creation) is optional or moved to post-purchase. ### Dimension 2: Field design How each field looks and behaves. - **Labels above inputs** beat placeholders. Placeholder labels disappear when typing. - **Inline labels** (floating labels) work for very compact forms. - **Single column** for almost every form. Eyes flow vertically. - **Logical grouping** with visible spacing. Don't put unrelated fields next to each other. - **Right input type:** `email` for emails, `tel` for phone, `number` for numbers, `date` for dates. Mobile keyboards adapt. - **Autocomplete attributes:** `autocomplete="email"`, `autocomplete="given-name"`, etc. Browsers and password managers fill them in. - **Sensible defaults** for fields where one applies (country pre-selected by IP, etc.). Don't default to anything that would mislead if wrong. ### Dimension 3: Validation Tell users what's wrong, when, and how to fix it. - **Validate on blur, not on every keystroke.** Inline errors that appear as someone types are jarring. - **Re-validate on submit** (catch fields the user skipped). - **Specific messages:** "Email must include @" beats "Invalid email." - **Position errors next to the field** they refer to. - **Don't submit a form when there are errors.** Highlight the first errored field. Scroll to it. - **Validate server-side too.** Client validation is UX. Server validation is correctness. For format-flexible fields (phone numbers, postal codes), validate liberally. Reject only what's clearly wrong, not what's "non-standard." Many phone formats exist. ### Dimension 4: Spam defense Public forms attract spam. Plan for it from day one. **Layered defense:** 1. **Honeypot field.** A hidden field that humans don't fill in but bots do. If it's filled, reject silently. Free, low-friction, surprisingly effective for low-effort spam. 2. **Time-based detection.** Reject submissions completed in under 2-3 seconds (bots) or after very long delays (suspicious sessions). 3. **Rate limiting.** Reject if the same IP submits too many times. 4. **CAPTCHA as a last resort.** Modern invisible CAPTCHAs (hCaptcha, reCAPTCHA v3, Turnstile) are low-friction. Old image CAPTCHAs are conversion-killers. 5. **Behavioral signals.** Did the cursor move? Was there scroll? Modern services track this. 6. **Content filtering.** Reject obvious spam content (links, foreign-language content if your audience is local, common spam words). 7. **Server-side review.** A queue rather than direct delivery to inboxes for high-spam-target forms. For most contact forms: honeypot + time check + Turnstile (or similar) is sufficient. ### Dimension 5: Submission flow What happens after submit. - **Inline success message** for short forms. Don't redirect just to confirm. - **Confirmation page** for high-value submissions (to provide next steps, set expectations). - **Email confirmation** for signups, purchases, RSVPs. Always. - **Save data on errors** so the user doesn't re-enter everything. - **Optimistic UI** (show success before the server confirms) for low-stakes forms; risky for high-stakes. For multi-step forms: - Show progress (3 of 5) - Save state between steps (in case of refresh or navigation) - Allow back navigation without losing data - Validate per step, not just at the end --- ## Workflow ### Step 1: Audit current state For each form on the site: - What's its purpose? - Number of fields, required vs optional - Current completion rate - Current spam rate - Validation rules - What happens after submit - Where the data goes downstream ### Step 2: Define success per form Different forms have different success metrics: - Lead form: qualified leads (defined by sales) - Newsletter: confirmed subscriptions (after double opt-in) - Contact: substantive replies (not just submissions) - Checkout: successful payments Track the metric that matters, not just submissions. ### Step 3: Cut fields ruthlessly Apply the field strategy filter. For each field, answer: - Required to d
Run a comprehensive WCAG accessibility audit covering perceivable, operable, understandable, and robust principles. Use this skill whenever the user wants to audit accessibility, review WCAG compliance, fix accessibility issues, prepare for accessibility certification, address an accessibility lawsuit risk, or systematically improve a site's accessibility. Triggers on accessibility audit, WCAG audit, a11y audit, accessibility compliance, ADA compliance, screen reader test, keyboard navigation, accessibility report, fix accessibility, axe scan. Also triggers when accessibility issues have been reported and need systematic remediation.
How to produce ad creative that converts at performance scale. Hook patterns, format selection, video pacing, variation systems, sequential testing methodology, fatigue detection, brand-voice alignment without conversion dilution, and platform-specific creative norms. Triggers on ad creative, ad design, hook patterns, ad video pacing, creative testing, ad variations, creative refresh, creative fatigue, refresh ad creative, video ads for Meta, TikTok creative, LinkedIn ad creative, ad asset library. Also triggers when a team is producing creative at scale, planning a creative test cycle, or auditing why creative is not converting.
How to read paid media dashboards without fooling yourself. Attribution models, platform reporting quirks, multi-platform reconciliation, ROAS vs LTV horizon traps, statistical noise in performance metrics, incrementality testing, and the failure modes that produce expensive lessons. Triggers on read paid media dashboard, attribution analysis, ROAS vs LTV, multi-platform reconciliation, ad incrementality, geo holdout, conversion lift study, ghost bidding, paid media reporting, board-deck paid media metrics, blended CAC, MMM, MTA, last-click attribution. Also triggers when a marketer is about to scale, kill, or rebudget a campaign based on platform metrics, or when reconciling platform reports against warehouse revenue.
Run a structured after-action review (postmortem, retrospective) on a launch, incident, or completed project to capture timeline, root cause analysis, contributing factors, and actionable lessons. Use this skill whenever the user wants to run a postmortem, retrospective, AAR, or after-action review on any past event. Triggers on after-action report, AAR, postmortem, retrospective, retro, post-incident review, what went well what didn't, lessons learned, blameless postmortem, root cause analysis, RCA, five whys. Also triggers when the user has just shipped something or just resolved an incident and wants to capture learnings.
How humans and AI compose in content workflows. Where AI legitimately participates, where humans must own, hybrid workflow patterns, voice ownership preservation, the AI slop problem, disclosure and transparency, team calibration, and the ethics of intellectually honest AI-assisted content production. Triggers on AI content workflow, AI-assisted writing, hybrid content production, AI in editorial, AI slop, AI disclosure, AI usage policy, AI content ethics, voice preservation with AI, team AI calibration. Also triggers when content feels generic despite quality tools, when team AI usage has drifted into inconsistency, or when a regulated or trust-sensitive context requires explicit AI policy.
Design measurement frameworks including event taxonomy, KPI hierarchy, dashboard architecture, attribution models, and analytics implementation strategy. Use this skill whenever the user wants to plan analytics, design dashboards, build event taxonomies, define KPIs, set up tracking, or audit existing measurement. Triggers on analytics strategy, measurement plan, event taxonomy, tracking plan, KPI framework, dashboard design, north star metric, attribution model, conversion tracking, GA4 setup, Mixpanel setup, analytics audit. Also triggers when the user has data but no clear way to use it, or wants to make decisions but doesn't know what to track.
Direct visual and creative work for campaigns, photography, illustration, video, and branded experiences. Use this skill whenever the user wants to brief a photographer, direct illustrators, plan a creative campaign, develop visual concepts, write a creative direction document, or evaluate creative work for fit. Triggers on art direction, photo brief, photography brief, illustration brief, campaign concept, creative concept, visual direction, mood board, look and feel, visual treatment, video direction. Also triggers when the user has approved brand identity but needs to extend it into specific creative deliverables.
Plan and run backups, set recovery objectives, and run disaster recovery drills. Use this skill when defining RPO/RTO targets, designing backup architecture, deciding what to back up and how often, planning for full-region or platform outages, or running a restoration drill. Triggers on backup, restore, RPO, RTO, disaster recovery, DR, business continuity, what if the database is gone, what if our hosting goes down, recovery drill, ransomware planning. Also triggers when an incident reveals a gap in restoration capability.