Agent Skills
Lauren ships 60+ SKILL.md context packs that give any AI coding agent full, pre-loaded expertise on every part of the framework — from scaffolding a new project to wiring OAuth2, SQLAlchemy, Redis, Prometheus, and more.
What are skills?
A skill is a directory containing a SKILL.md file with YAML frontmatter
(name, description) and Markdown body. Coding agents (Claude Code, Cursor,
GitHub Copilot, Continue, Codex CLI, and others) discover and load skills
automatically from ~/.claude/skills/ or your project's .claude/skills/
directory.
When an agent works on a Lauren project, the relevant skill's instructions are injected into its context — so it knows the correct imports, patterns, common errors, and where to look first.
One-command install
The easiest way to install all Lauren skills into every agent you have:
bash
npx skills add lauren-framework/lauren-frameworkThis uses the Vercel Labs skills CLI,
which:
- Fetches the
skills/directory from the GitHub repo - Auto-detects which agents are installed (
~/.claude/,~/.cursor/, etc.) - Copies each skill into the appropriate global skills directory
Install for a specific agent
Claude Code:
bash
claude skills add https://github.com/lauren-framework/lauren-framework
# or manually:
git clone https://github.com/lauren-framework/lauren-framework /tmp/lf
cp -r /tmp/lf/skills/* ~/.claude/skills/Cursor:
bash
cp -r /path/to/lauren-framework/skills/* ~/.cursor/skills/Project-scoped (applies only to the current project, any agent):
bash
npx skills add lauren-framework/lauren-framework --local
# installs to ./.agent/skills/ or ./.claude/skills/ depending on agentSkills index
Core framework
| Skill | What it covers |
|---|---|
building-lauren-apps | LaurenFactory.create(), @module, project layout, bootstrap |
building-lauren-controllers | @controller, HTTP decorators, extractors, pipes, serialization |
building-lauren-services | @injectable, DI scopes, lifecycle hooks, custom providers |
building-lauren-guards | Guards, interceptors, middleware, @use_guards |
building-lauren-streaming | SSE, WebSocket gateways, StreamingResponse[T] |
building-lauren-background-tasks | BackgroundTasks, TaskHandle, fire-and-forget |
testing-lauren-apps | TestClient, WsTestClient, async tests, mock providers |
common-patterns | CRUD, health check, background job, typed SSE stream |
Authentication & authorization
| Skill | What it covers |
|---|---|
oauth2-integration | OAuth2 authorization-code flow, provider integration |
jwt-tokens | JWT creation, JWTBearerGuard, 401 handling |
jwt-refresh-rotation | Refresh token rotation, JTI blacklisting |
rbac-engine | Role-based access control, permission guards |
abac-evaluation | Attribute-based access control policy engine |
session-store | In-memory & Redis session stores, cookie middleware |
mfa-totp | TOTP-based MFA with pyotp |
api-key-auth | SHA-256 hashed API keys, scoped permissions |
Database & search
| Skill | What it covers |
|---|---|
sqlalchemy-models | SQLAlchemy ORM, @post_construct lifecycle |
sqlalchemy-async | Async engine, AsyncSession, request-scoped sessions |
alembic-migrations | Alembic upgrade / downgrade patterns |
multi-database-routing | Primary/replica read-write routing |
redis-caching | TTL-based caching, prefix invalidation |
postgres-fts | Full-text search, tsvector / to_tsquery |
search-engine-integration | Elasticsearch / Meilisearch abstract interface |
Configuration & secrets
| Skill | What it covers |
|---|---|
pydantic-settings-config | BaseSettings, env var loading, injectable config |
feature-flags | Feature flags with rollout percentages |
secrets-management | Vault / AWS Secrets Manager abstract provider |
environment-profiles | dev / staging / prod profile merging |
config-hot-reload | Dynamic config update API with async locking |
API patterns & messaging
| Skill | What it covers |
|---|---|
rest-crud-endpoints | Full CRUD with correct 201 / 204 / 404 status codes |
graphql-integration | GraphQL endpoint mounting (Strawberry / Ariadne) |
websocket-rooms | WebSocket room management with BroadcastGroup |
api-rate-limiting | Token-bucket rate limiting, RateLimitGuard |
api-versioning | URL prefix, Accept-Version header, content negotiation |
message-queue | RabbitMQ / Kafka abstract producer & consumer |
event-sourcing | Append-only event store, aggregate rebuild, projections |
transactional-email | SMTP / SendGrid / SES abstract email backend |
push-notifications | FCM / APNs / Web Push abstract backend |
webhook-dispatcher | HMAC-signed outbound webhooks with retry |
Storage & media
| Skill | What it covers |
|---|---|
object-storage | S3 / GCS / MinIO abstract object store |
presigned-url-uploads | Time-limited signed upload URLs |
file-upload-validation | MIME detection, size limits, virus scan hook |
image-processing | Resize, crop, thumbnail, grayscale with Pillow |
bulk-import-export | CSV / Excel / JSON import-export pipeline |
Background tasks & scheduling
| Skill | What it covers |
|---|---|
background-task-scheduler | Lauren BackgroundTasks + Celery / ARQ patterns |
cron-interval-jobs | Interval job registration, @post_construct start |
retry-dead-letter-queue | Retry queue with exponential backoff, DLQ |
Observability
| Skill | What it covers |
|---|---|
structured-json-logging | JSON log output, correlation ID middleware |
prometheus-metrics | Counter, Histogram, /metrics endpoint |
opentelemetry-tracing | Distributed tracing, in-memory span exporter |
health-check-probes | /health/live, /health/ready, dependency checks |
audit-log-trail | Append-only audit log, query by user / resource |
Security & compliance
| Skill | What it covers |
|---|---|
field-level-encryption | Fernet encryption, key rotation with MultiFernet |
input-sanitization | SQL injection detection, XSS stripping, CSRF tokens |
gdpr-data-requests | Data subject export and deletion handler |
security-headers-cors | CSP, HSTS, CORS middleware |
multi-tenant-isolation | Per-row tenant isolation, ContextVar middleware |
Migration & architecture
| Skill | What it covers |
|---|---|
migrating-from-fastapi | FastAPI → Lauren: routing, DI, middleware side-by-side |
using-companion-packages | CORS, auth guards, structured logging together |
graceful-shutdown | Connection draining, @pre_destruct shutdown hooks |
docker-compose-setup | Multi-stage Dockerfile, docker-compose stack |
LLM context files
For agents that ingest raw context rather than SKILL.md files:
| File | Purpose |
|---|---|
llms.txt | 2 KB overview — start here |
llms-full.txt | 25 KB complete API reference |
AGENTS.md | By-task lookup, common errors, definition of done |
CLAUDE.md | Architecture invariants, pattern selection |