ColdBox Skills
A collection of AI agent skills for ColdBox and the Ortus ecosystem, enhancing application development.
ColdBox Skills
AI agent skills for ColdBox and the surrounding Ortus ecosystem, including TestBox, WireBox, CacheBox, LogBox, ORM tooling, security, DocBox, and 40+ Ortus/ColdBox modules.
This repository is a Claude Code plugin marketplace that provides reusable skills for ColdBox and related tooling.
Install via Claude Code
Add the marketplace and install the plugin:
/plugin marketplace add ortus-boxlang/coldbox-skills
/plugin install coldbox-agent-skills@coldbox-skills
Or using the CLI:
claude plugin marketplace add ortus-boxlang/coldbox-skills
claude plugin install coldbox-agent-skills@coldbox-skills
Manifest Coverage
The .claude-plugin/plugin.json registers these skill categories:
coldbox— Core ColdBox framework skillstestbox— Comprehensive TestBox skillssecurity— Authentication, authorization, CSRF, SSO, passkeyswirebox— WireBox dependency injectioncachebox— CacheBox standalone cachinglogbox— LogBox loggingmodules— 40+ Ortus/ColdBox module skillsdocbox— DocBox documentation generation
Categories
coldbox — Core Framework Skills
| Skill | What It Covers |
|---|---|
handler-development | Handlers, CRUD actions, REST handlers, dependency injection |
routing-development | Router configuration, named routes, constraints, route groups |
event-model | Event lifecycle, event, rc, prc, rendering and redirects |
rest-api-development | RestHandler patterns, API validation, versioning, error handling |
interceptor-development | Interceptors, framework interception points, custom events |
configuration | ColdBox.cfc, settings, conventions, environment configuration |
app-layouts | Flat, BoxLang, and Modern app layout selection, directory structures, engine compatibility, and migration guidance |
view-rendering | Views, layouts, partials, helpers, data rendering |
layout-development | Layout patterns, nested layouts, conditional layouts |
module-development | Module structure, ModuleConfig.cfc, routes, settings |
request-context | Request context, flash scope, collections, metadata |
flash-messaging | Flash RAM, message persistence, success/error/info/warning patterns |
cache-integration | Event and view caching, cache keys, cache invalidation |
database-migrations | Schema migrations with cfmigrations and CommandBox CLI: create, run, rollback, and seed |
async-programming | Async pipelines, ColdBox Futures, allApply()/anyOf(), thread-pool executors, AsyncManager |
scheduled-tasks | Scheduler.cfc, task frequencies, lifecycle hooks, module schedulers, clustered fixation |
decorators | ControllerDecorator, RequestContextDecorator, extending framework internals |
coldbox-proxy | ColdBox Proxy objects for web services, Flex/AIR, event gateways, CFC data binding |
logging | LogBox in ColdBox, per-environment levels, WireBox logbox DSL, proxy logging |
ai-integration | bx-ai module, chat, streaming, pipelines, agents, RAG/vector memory, tool calling |
coldbox-cli | coldbox create workflows, app skeletons, language flags, scaffolding |
coldbox-documenter | Documentation standards for handlers, models, modules, config files |
coldbox-reviewer | Code review heuristics for ColdBox applications and modules |
Testing Skills (under coldbox/)
| Skill | What It Covers |
|---|---|
testing-base-classes | Testing class hierarchy, annotations (appMapping, configMapping, unloadColdBox), test harness setup, when to use each base class |
testing-handler | Handler testing with execute(), rc/prc assertions, view selection, renderData, relocations, mock injection, BaseHandlerTest isolation |
testing-integration | Full virtual-app integration tests, lifecycle management, route testing, database rollback, custom matchers |
testing-http-methods | get(), post(), put(), patch(), delete(), request() simulation, headers, JSON bodies, toHaveStatus(), toHaveInvalidData() |
testing-model | BaseModelTest, the model variable, mockLogger/mockLogBox/mockCacheBox/mockWireBox, mocking collaborators, init() patterns |
testing-interceptor | BaseInterceptorTest, the interceptor variable, mockController/mockRequestService/mockFlash, configProperties, announce point testing |
testbox — Comprehensive TestBox Skills
| Skill | What It Covers |
|---|---|
bdd | BDD suites with describe/it, Gherkin-style given/when/then, lifecycle hooks, focused/skipped specs, nested suites, labels |
unit | xUnit-style tests (testXxx), setup/teardown, $assert object, Arrange-Act-Assert pattern |
assertions | $assert object, isTrue/isEqual/includes/isEmpty/throws/between/match, custom assertion functions, BoxLang dynamic assertion methods |
expectations | Fluent expect(), all matchers (toBe/toBeTrue/toHaveKey/toThrow/toMatch), not operator, expectAll() over collections, custom matchers |
mockbox | MockBox mocks/stubs/spies, $() stubbing, $args/$results/$throws, call-count verification, $callLog, querySim, $spy |
cbmockdata | Generating fake data (age, email, name, uuid, lorem, etc.), arrays of objects, nested objects, custom supplier closures |
runners | CommandBox CLI runner, BoxLang CLI, HTML runner, programmatic TestBox, watcher mode, streaming runner, all CLI flags |
reporters | ANTJunit/Console/Doc/JSON/JUnit/Min/Simple/Text/XML reporters, reporter options, custom IReporter implementations |
listeners | Run listeners (onBundleStart/End, onSuiteStart/End, onSpecStart/End), progress indicators, custom loggers, live dashboards |
testing-fixtures | Fixture factories, test data builders, shared fixture files, cbMockData integration, setup/teardown strategies |
testing-coverage | Code coverage setup, coverage reporting, CI integration, TestBox coverage options, improving coverage of untested paths |
security — Security and Authentication Skills
| Skill | What It Covers |
|---|---|
authentication | CBAuth login/logout, session management, remember-me patterns |
authorization | CBSecurity roles, permissions, firewall rules |
jwt-development | JWT flows, refresh tokens, API auth |
security-implementation | End-to-end CBSecurity setup and configuration |
csrf-protection | CSRF tokens, forms, AJAX protection |
rbac-patterns | Role and permission hierarchy patterns |
api-authentication | API keys, bearer auth, OAuth2 integration |
sso-integration | SAML, OIDC, OAuth2, social login patterns |
passkeys-integration | Passkeys, WebAuthn, FIDO2, module integration |
wirebox — Dependency Injection Skills
| Skill | What It Covers |
|---|---|
wirebox-di | Bootstrapping the injector, binder configuration, injection DSL, scopes, providers, lazy properties, property observers, child injectors, object populator |
cachebox — Caching Skills
| Skill | What It Covers |
|---|---|
cachebox-standalone | Standalone CacheFactory, DSL configuration, object stores, eviction policies, cache providers, stampede protection, monitoring |
logbox — Logging Skills
| Skill | What It Covers |
|---|---|
logbox | LogBox standalone and ColdBox integration, appenders, root logger, category inheritance, structured logging, performance patterns |
modules — Ortus/ColdBox Module Skills
| Skill | What It Covers |
|---|---|
bcrypt | BCrypt password hashing, work-factor config, hashing/verifying credentials, salts, registration, auth, password reset |
cbantisamy | HTML/XML XSS sanitization via OWASP AntiSamy, policy selection, custom policy files, validation integration |
cbauth | cbauth authentication, IUserService/IAuthUser, session login/logout, CBStorages integration, Flash messaging |
cbcsrf | CSRF token generation, form helpers, AJAX/meta-tag patterns, route exemptions, SPA integration, token rotation |
cbdebugger | CBDebugger panel, performance profiling, SQL query tracking, cache monitoring, request inspection |
cbelasticsearch | Elasticsearch indexing, full-text search, query DSL, aggregations, highlighting, scroll/pagination, index aliases |
cbfeeds | RSS/Atom feed reading (FeedReader) and generation (FeedGenerator), caching feeds |
cbfs | File system abstraction, disk config (local/S3/RAM/FTP), CRUD operations, streaming, URL generation, uploads |
cbi18n | Internationalization, resource bundles (.properties/JSON), locale management, $r/getResource, named substitutions |
cbjavaloader | Dynamic JAR loading at runtime, classpath config, creating Java objects, reloading in development |
cbmailservices | Sending email, SMTP/Postmark/SendGrid config, fluent mail builder, templates, attachments, async sending |
cbmarkdown | Markdown-to-HTML conversion, Processor injection, GFM/tables/code blocks, security for user-generated content |
cbmessagebox | Flash-scope messages (info/success/warning/error), setting in handlers, rendering in views, Bootstrap output |
cbmockdata | Generating realistic fake/seed data, mock() API, entity population, bulk generation |
cborm | CBORM/Hibernate ORM, BaseORMService, VirtualEntityService, Criteria Builder, transactions, event interceptions |
cbpaginator | Server-side pagination, Paginator service, metadata for APIs/views, QB integration, Bootstrap pagination controls |
cbplaywright | End-to-end browser tests with Playwright, browser/page lifecycle, selectors, assertions, Page Object pattern, CI |
cbproxies | Dynamic Java-compatible proxies, ProxyFactory, Java interface implementation, JDBC/Hibernate/threading integration |
cbq | Async background job processing, job classes, queue config (database/Redis/SQS), dispatch, retry, worker pools |
cbsecurity | Firewall rule config, annotation-based security, JWT auth, role/permission checks, custom validators |
cbsecurity-passkeys | WebAuthn/Passkeys, credential repository, registration/authentication ceremony, JavaScript integration |
cbsso | SSO with SAML2/OAuth2/OIDC, SSOService API, redirect-to-provider, callback processing, user provisioning |
cbstorages | Session/Cookie/Cache/Request/Application storage adapters, get/set/exists/delete, encryption, TTLs |
cbswagger | OpenAPI 3.x (Swagger) doc generation, JSDoc annotations, request/response schemas, security definitions |
cbvalidation | Input validation, constraint definitions, validate()/validateOrFail(), built-in/custom validators, REST error handling |
cbwire | Reactive UI components without JavaScript, wire:model/wire:click, lifecycle hooks, actions, computed properties |
cfmigrations | Database schema changes, Schema Builder API, migration files, seed files, CommandBox CLI |
commandbox-boxlang | CommandBox BoxLang server instances, REPL, task runners, module installation, server.json BoxLang config |
commandbox-migrations | Migration CLI commands (up/down/reset/refresh), migration files, seeders, migration status, CI/CD usage |
cors | CORS configuration, allowed origins/methods/headers, credentials, preflight OPTIONS, dynamic origin functions |
hyper | HTTP client, HyperBuilder, fluent GET/POST/PUT/DELETE, headers, auth, timeouts, response/error handling |
mementifier | ORM entity/model serialization to structs/JSON, this.memento, includes/excludes, computed properties, named profiles |
qb | QB query builder, fluent clauses, aggregates, inserts/updates/deletes, raw expressions, sub-queries, grammar config |
quick | Quick Active Record entities, CRUD, relationships, query scopes, eager loading, accessors/mutators, global scopes |
relax | REST API modeling with Relax DSL, route definitions, response schemas, JSON/XML spec generation |
route-visualizer | Route inspection UI, route table output, development-only access restriction |
rulebox | Business rules engine, when/then/otherwise closures, named rule sets, chaining rules, policy evaluation |
s3sdk | Amazon S3 / S3-compatible storage, bucket ops, upload/download/delete, presigned URLs, multipart uploads |
socketbox | Real-time WebSocket apps, onConnect/onDisconnect/onMessage hooks, broadcasting to rooms, JavaScript integration |
unleashsdk | Feature flags, isEnabled(), getVariant() for A/B testing, custom context, gradual rollout strategies |
docbox — Documentation Skills
| Skill | What It Covers |
|---|---|
docbox-generation | DocBox generation workflows, strategies, output formats |
docbox-annotations | DocBox annotations and documentation comment patterns |
MCP Servers
The bundled .mcp.json includes Ortus documentation MCP endpoints for ColdBox, CommandBox, TestBox, WireBox, CacheBox, LogBox, QB, Quick ORM, CBORM, CBSecurity, CBAuth, CBValidation, ContentBox, Relax, and more.
Repository Layout
| Path | Purpose |
|---|---|
coldbox/ | Core ColdBox framework skills, testing patterns, and database migration workflows |
testbox/ | Comprehensive TestBox skills (BDD, xUnit, MockBox, runners, reporters) |
security/ | Authentication, authorization, CSRF, SSO, passkeys |
wirebox/ | WireBox dependency injection |
cachebox/ | CacheBox standalone caching |
logbox/ | LogBox logging |
modules/ | 40+ Ortus/ColdBox module skills |
docbox/ | DocBox documentation generation skills |
Resources
- ColdBox Documentation
- TestBox Documentation
- WireBox Documentation
- CacheBox Documentation
- LogBox Documentation
- BoxLang Documentation
- Ortus Solutions
Quick Install
# Install all skills registered in the plugin manifest
npx skills add ortus-boxlang/coldbox-skills
# Install a specific category
npx skills add ortus-boxlang/coldbox-skills/coldbox
# Install a specific skill
npx skills add ortus-boxlang/coldbox-skills/coldbox/handler-development
# Install the dedicated TestBox category
npx skills add ortus-boxlang/coldbox-skills/testbox
# Install a specific TestBox skill
npx skills add ortus-boxlang/coldbox-skills/testbox/bdd-tdd-foundations
Claude Plugin Install
Install this repository as a Claude plugin:
claude plugin install https://github.com/ortus-boxlang/coldbox-skills
If you use plugin marketplace commands:
/plugin marketplace add ortus-boxlang/coldbox-skills
/plugin install coldbox-agent-skills@ortus-boxlang
Manifest Coverage
The current .claude-plugin/plugin.json registers these categories for plugin install:
coldboxtestboxsecuritywireboxcacheboxlogboxmodules— 40+ Ortus/ColdBox module skillsdocbox— DocBox documentation generation
Categories
coldbox — Core Framework Skills
| Skill | What It Covers |
|---|---|
handler-development | Handlers, CRUD actions, REST handlers, dependency injection |
routing-development | Router configuration, named routes, constraints, route groups |
event-model | Event lifecycle, event, rc, prc, rendering and redirects |
rest-api-development | RestHandler patterns, API validation, versioning, error handling |
interceptor-development | Interceptors, framework interception points, custom events |
configuration | ColdBox.cfc, settings, conventions, environment configuration |
app-layouts | Flat, BoxLang, and Modern app layout selection, directory structures, engine compatibility, and migration guidance |
view-rendering | Views, layouts, partials, helpers, data rendering |
layout-development | Layout patterns, nested layouts, conditional layouts |
module-development | Module structure, ModuleConfig.cfc, routes, settings |
request-context | Request context, flash scope, collections, metadata |
flash-messaging | Flash RAM, message persistence, success/error/info/warning patterns |
cache-integration | Event and view caching, cache keys, cache invalidation |
database-migrations | Schema migrations with cfmigrations and CommandBox CLI: create, run, rollback, and seed |
coldbox-cli | coldbox create workflows, app skeletons, language flags, scaffolding |
coldbox-documenter | Documentation standards for handlers, models, modules, config files |
coldbox-reviewer | Code review heuristics for ColdBox applications and modules |
Testing Skills
| Skill | What It Covers |
|---|---|
testing-base-classes | Testing class hierarchy, annotations (appMapping, configMapping, unloadColdBox), test harness setup, when to use each base class |
testing-handler | Handler testing with execute(), rc/prc assertions, view selection, renderData, relocations, mock injection, BaseHandlerTest isolation |
testing-integration | Full virtual-app integration tests, lifecycle management, route testing, database rollback, custom matchers |
testing-http-methods | get(), post(), put(), patch(), delete(), request() simulation, headers, JSON bodies, toHaveStatus(), toHaveInvalidData() |
testing-model | BaseModelTest, the model variable, mockLogger/mockLogBox/mockCacheBox/mockWireBox, mocking collaborators, init() patterns |
testing-interceptor | BaseInterceptorTest, the interceptor variable, mockController/mockRequestService/mockFlash, configProperties, announce point testing |
testbox — Comprehensive TestBox Skills
| Skill | What It Covers |
|---|---|
bdd-tdd-foundations | Test style selection, behavior-first suite design, BDD/TDD strategy |
specs-and-lifecycle | Suite hooks, setup/teardown patterns, deterministic test isolation |
assertions-and-matchers | Expectations, matcher families, exception assertions, readable failures |
mockbox-testing-doubles | Mocks, stubs, spies, behavior setup, interaction verification |
coldbox-integration-testing | BaseTestCase, event execution, request/response assertions |
data-fixtures-and-isolation | Fixture builders, deterministic data, rollback and cleanup strategies |
runners-reporters-and-ci | Runner commands, reporters, coverage, CI integration |
cfml-boxlang-duality | BoxLang-first with CFML parity and mixed-codebase migration patterns |
security — Security and Authentication Skills
| Skill | What It Covers |
|---|---|
authentication | CBAuth login/logout, session management, remember-me patterns |
authorization | CBSecurity roles, permissions, firewall rules |
jwt-development | JWT flows, refresh tokens, API auth |
security-implementation | End-to-end CBSecurity setup and configuration |
csrf-protection | CSRF tokens, forms, AJAX protection |
rbac-patterns | Role and permission hierarchy patterns |
api-authentication | API keys, bearer auth, OAuth2 integration |
sso-integration | SAML, OIDC, OAuth2, social login patterns |
passkeys-integration | Passkeys, WebAuthn, FIDO2, module integration |
wirebox — Dependency Injection Skills
| Skill | What It Covers |
|---|---|
wirebox-di | DI patterns, scopes, DSLs, binder configuration |
wirebox-aop | AOP, method interception, before/after/around advice |
cachebox — Caching Skills
| Skill | What It Covers |
|---|---|
caching-patterns | Cache providers, invalidation, get-or-set, event caching |
logbox — Logging Skills
| Skill | What It Covers |
|---|---|
logging-patterns | LogBox config, appenders, log levels, structured logging |
docbox — Repository Extras
| Skill | What It Covers |
|---|---|
docbox-generation | DocBox generation workflows, strategies, output formats |
docbox-annotations | DocBox annotations and documentation comment patterns |
MCP Servers
The bundled .mcp.json includes Ortus documentation MCP endpoints for ColdBox, CommandBox, TestBox, WireBox, CacheBox, LogBox, QB, Quick ORM, CBORM, CBSecurity, CBAuth, CBValidation, ContentBox, Relax, and more.
Repository Layout
| Path | Purpose |
|---|---|
coldbox/ | Core ColdBox framework skills and database migrations |
testbox/ | Dedicated comprehensive TestBox skills |
security/ | Authentication, authorization, CSRF, SSO, passkeys |
wirebox/ | WireBox DI and AOP skills |
cachebox/ | CacheBox skills |
logbox/ | LogBox skills |
docbox/ | Additional DocBox-specific skills in the repo |