Production-ready AI workflows for enterprise Drupal teams
I design systems where AI is not a toy —
it becomes part of the engineering workflow.
Inconsistent delivery
Slower velocity
Hidden technical debt
Each skill is a focused, versionable knowledge file. The AI loads only what it needs — no bloated context, no hallucinated patterns.
DI patterns for controllers, forms, and plugins via ContainerFactoryPluginInterface.
Route permissions, CSRF, XSS prevention, SQL injection prevention, secure file uploads.
Load, create, update, delete entities using entity_type.manager. Node, User, Term, Media.
Drupal 11 OOP and procedural hooks — #[Hook] attribute, hook_form_alter, event subscribers.
Cache tags, contexts, max-age, cache bins, invalidation, render array metadata.
Select/Insert/Update/Delete via abstraction layer. Never concatenate SQL.
routing.yml, admin routes, controllers, route parameters, title callbacks, upcasting.
Block, Field, Condition, Filter plugins with PHP attributes and ContainerFactoryPluginInterface.
D7-to-D11 upgrades, CSV/JSON imports, custom source/process/destination plugins.
Best practices, auto-escaping, translation, library attaching, debugging, SDC components.
Devel, Drush watchdog, Twig debug, XDebug, error logging, troubleshooting patterns.
UnitTestCase — isolated PHP logic with no Drupal bootstrap, mocking dependencies.
DDEV containers, configuration, troubleshooting local development environments.
permissions.yml, access callbacks, AccessResult, custom access checkers, entity access.
drupal-form-api, drupal-form-alter, drupal-paragraphs, drupal-search-api, drupal-state, drupal-taxonomy, drupal-render, drupal-events, drupal-fields, drupal-javascript, drupal-kernel, drupal-menus, drupal-form-ajax, drupal-form-validation, drupal-contrib-mgmt, drupal-composer View all on GitHub →
Agents are task-specific executors. Each one knows exactly what tools to use, which skills to load, and what quality bar to hit before returning results.
Modules, hooks, services, routing, and Drush commands. Loads 14 skills on spawn.
Expert Drupal code reviewer. Enforces quality, security, and best practices on every change.
General code review — bugs, security vulnerabilities, quality problems. Runs proactively.
Twig templates, PostCSS/CSS, and JavaScript in the Drupal theme.
ExistingSite tests that reproduce bugs and verify fixes. Runs PHPUnit regression suites.
Static code review — security, performance, quality. Read-only. Runs before done-gate.
Runtime validator — builds, tests, drush cr. Checks deliverable completeness.
Deep codebase researcher — architecture, execution paths, patterns. Use before making changes.
Write patches, create issues, contribute code upstream to drupal.org.
Rules are always-on constraints. Not suggestions. They apply to every agent, every task, every output — automatically.
Hooks run shell scripts automatically on Claude Code events — session start, session resume. No manual setup required per-session.
Initializes the environment — loads project context, validates DDEV state, sets up references for the session.
Restores session context — picks up where the last session ended, reloads relevant state.
Hooks are configured in .claude/settings.json and execute outside the AI context — deterministic, not probabilistic.
Skills are modular and versionable. References externalized for scalability. No dependency on long prompts.
Agents execute predictable steps. Reduced randomness in AI outputs. Reproducible results across teams.
Skills → knowledge. Agents → execution. Rules → constraints. Hooks → automation.
Native integration with the tools Drupal teams already use.
These are actual files from the repository — not pseudocode. Drop them into your project and they work.
# Drupal Services & Dependency Injection
## Core Principle
**Never use `\Drupal::service()` in classes — inject via constructor.**
## Dependency Injection Patterns
### Controllers & Forms (ContainerInjectionInterface)
use Drupal\Core\DependencyInjection\ContainerInjectionInterface;
use Symfony\Component\DependencyInjection\ContainerInterface;
final class MyController implements ContainerInjectionInterface {
public function __construct(
private readonly AccountProxyInterface $currentUser,
private readonly EntityTypeManagerInterface $entityTypeManager,
) {}
public static function create(ContainerInterface $container): static {
return new static(
$container->get('current_user'),
$container->get('entity_type.manager'),
);
}
}
You are a Drupal 11 specialist working on a Drupal site.
Key conventions for this project:
- Custom modules live in `docroot/modules/custom/`
- Use DDEV for local development (`ddev drush`, `ddev composer`)
- Follow Drupal coding standards
- Services are defined in `*.services.yml` files
When implementing Drupal features:
1. Check existing patterns in the codebase first
2. Use the preloaded skills for patterns
3. Invoke additional skills on demand for specialized tasks
## Before Reporting Done
1. Run `ddev drush cr` — does the site rebuild without fatal errors?
2. No SQL injection (always use placeholders)
3. Output is escaped (`t()`, `Xss::filter()`, `#markup` with caution)
4. No N+1 queries (no DB calls inside loops)
5. Caching: render arrays cacheable? Cache tags/contexts set?# .claude/rules/drupal.md
- Prefer DI; avoid `\Drupal::service()` in classes.
- Follow existing module/namespace conventions.
- Prefer placing code in an existing relevant module
over creating a new one.
- Use appropriate Drupal patterns and reference material.
# .claude/rules/phpcs.md
- `phpcs.xml` is the source of truth
(Drupal + DrupalPractice standards).
- Don't enforce rules excluded in `phpcs.xml`.
- Prefer patterns already in the codebase over new conventions.
- Flag potential PHPCS violations during code review.
# .claude/rules/workflow.md
- Always run PHPCS before submitting a PR.
- Use Drush for cache clearing, not manual file deletion.
- Document hook implementations with @see references.
- Prefer config over hardcoded values.In enterprise environments — 10+ developers, 100+ features, multiple environments:
Senior Drupal Backend Specialist and international speaker focused on architecture, performance, and scalable systems.
This is the direction. Use it. Fork it. Adapt it. Or use it as a reference to design your own system.