Skip to content
UXClaim
Design Systems

Architecture Governance Skills

Four composable Claude Code skills for system architecture: arc42, secure design, C4 diagrams, and system design frameworks.

View source More in Design Systems

What it does

A single Claude Code plugin bundling four specialized architecture skills that work together or independently:

  • iSAQB/arc42: Structured architecture documentation with vision, building-block views, quality scenarios, and architecture decision records (ADRs)
  • Secure Architecture: Threat modeling (STRIDE+CIA), secure ADRs with compliance evidence (NIST, OWASP, ISO 27001), and Zero Trust patterns
  • C4 Model: Context, Container, Component, Dynamic, and Deployment diagrams in Mermaid syntax
  • System Design: HelloInterview framework for working through requirements, entities, APIs, data flow, and trade-offs

How it works

Each skill activates independently based on your work type. When used together, they compose without conflicts: system-design feeds into arc42 views, C4 diagrams embed within architecture documents, and security-driven decisions route to separate folders with distinct ID conventions (ADR vs S-ADR). Output locations are preset but customizable.

Use cases

  • Document production systems with audit-ready format discipline
  • Map trust boundaries and security implications alongside functional architecture
  • Generate diagrams that stay in sync with written views
  • Work through design trade-offs without filing overhead
  • Maintain multi-framework compliance evidence (NIST SSDF, OWASP ASVS, EU CRA)

Who benefits

Architecture reviewers, security practitioners, and teams needing consistent documentation shape across reviewers and time.

Frequently asked questions

How do I install architecture-governance-skills?
One command installs all four skills: `/plugin marketplace add Kotivskyi/architecture-governance-skills` then `/plugin install architecture@architecture-governance-skills`. Each skill activates independently based on your work type.
When should I use iSAQB vs secure-architecture governance?
Use iSAQB for general system architecture documentation. Use secure-architecture *in addition* when decisions are security-driven (threat models, trust boundaries, auth changes, compliance gaps). They route to separate folders (`docs/architecture/` vs `docs/security/`) to prevent conflicts. Dual-impact decisions that touch security but aren't security-driven stay in iSAQB.
What's the difference between ADR and S-ADR routing?
Load-bearing reason is security (threat finding, trust boundary, auth model, compliance gap) → S-ADR in `docs/security/adr/`. Everything else, including decisions where security is touched but isn't the driver → general ADR in `docs/architecture/adr/`. Capture security implications inline; cross-reference threat models. Don't split unless security analysis dominates.
Can I use system-design without documenting decisions?
Yes. System-design is a thinking tool—walk the Requirements→Core Entities→API→Data Flow→Design→Deep Dives framework without filing. It's ideal for ad-hoc design work. The bundled 49-page reference covers frameworks, patterns, and technology trade-offs.
How do C4 diagrams compose with arc42 documentation?
C4 diagrams embed directly inside arc42 view files as Mermaid blocks—no parallel folder structure. Context and Container diagrams go in the Context View; Component diagrams in Building Block View; Deployment diagrams in Deployment View. Single source, no duplication.
What compliance frameworks does secure-architecture cover?
NIST SSDF, OWASP ASVS, NIST SP 800-207 Zero Trust, EU CRA, ISO 27001, plus SBOM/VEX/SLSA supply-chain patterns. Templates route findings to S-ADRs with structured evidence fields for audit trails.
Do all four skills need to work together?
No. Each activates independently. Use just system-design for thinking, just iSAQB for docs, just c4-architecture for diagrams. When used together, composition rules prevent duplication and routing conflicts—see each skill's 'Composition' section in SKILL.md.
How are these skills tested and benchmarked?
Iteration-2 evaluation shows +45pp to +50pp improvement over baseline (e.g., iSAQB and secure-architecture 100% vs 55% baseline). Evaluation prompts, assertion grading, and output samples are in `evals/` for reproducibility across model versions. Use EVALS.md to run your own benchmarks.

Glossary

arc42
A template and naming convention for documenting software architecture in 12 sections (context, building blocks, runtime, deployment, concepts, design decisions, quality scenarios, risks, glossary, references, appendices, decisions). Forms the backbone of iSAQB documentation.
ADR (Architecture Decision Record)
A lightweight document capturing *why* an architectural choice was made, its context, alternatives considered, and consequences. Routed to `docs/architecture/adr/` unless security is the load-bearing reason (then S-ADR in `docs/security/adr/`).
C4 Model
A hierarchical set of four diagram types for visualizing system architecture: Context (system scope), Container (major tech boundaries), Component (abstractions inside containers), and Dynamic/Deployment (behavior and infrastructure). Rendered as Mermaid syntax.
STRIDE+CIA
Threat modeling framework combining STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege) with CIA triad (Confidentiality, Integrity, Availability). Secure-architecture templates structure findings by threat and impact.
Composition
How multiple skills route outputs and avoid conflicts when run together. E.g., C4 diagrams embed in arc42 views; system-design outputs feed iSAQB; security-driven ADRs route to separate folders with distinct ID schemes (ADR-NNNN vs S-ADR-NNN).

More in Design Systems

All →
Design Systems

Arcade Prototyper

Build interactive HTML prototypes using DevRev's production design system and Arcade components in Claude Code.

asundiev-devrev
Design Systems

Awesome Design Skill

Access 54+ brand design systems (Linear, Apple, Stripe, Vercel) for Claude Code UI development with complete design specifications.

zhouchang1988