What is safety-critical-patterns?

A NASA-inspired set of coding patterns designed to produce robust, verifiable software in both safety-critical and non-safety-critical contexts.

How do I decide the level of rigor to apply?

Match rigor to consequence: use full rigor for safety-critical or high-stakes data, selective for core logic, and light for scripts and prototypes.

Are these rules universal for all languages?

Not rigid; adapt the guidance to language features, tooling, and project context while maintaining the core intent of verifiability and robustness.

safety-critical-patterns

Scanned

code-quality

npx machina-cli add skill athola/claude-night-market/safety-critical-patterns --openclaw

Files (1)

SKILL.md

4.3 KB

Safety-Critical Coding Patterns

Guidelines adapted from NASA's Power of 10 rules for safety-critical software.

When to Apply

Full rigor: Safety-critical systems, financial transactions, data integrity code Selective application: Business logic, API handlers, core algorithms Light touch: Scripts, prototypes, non-critical utilities

"Match rigor to consequence" - The real engineering principle

The 10 Rules (Adapted)

1. Restrict Control Flow

Avoid goto, setjmp/longjmp, and limit recursion.

Why: Ensures acyclic call graphs that tools can verify. Adaptation: Recursion acceptable with provable termination (tail recursion, bounded depth).

2. Fixed Loop Bounds

All loops should have verifiable upper bounds.

# Good - bound is clear
for i in range(min(len(items), MAX_ITEMS)):
    process(item)

# Risky - unbounded
while not_done:  # When does this end?
    process_next()

Adaptation: Document expected bounds; add safety limits on potentially unbounded loops.

3. No Dynamic Memory After Initialization

Avoid heap allocation in critical paths after startup.

Why: Prevents allocation failures at runtime. Adaptation: Pre-allocate pools; use object reuse patterns in hot paths.

4. Function Length ~60 Lines

Functions should fit on one screen/page.

Why: Cognitive limits on comprehension remain valid. Adaptation: Flexible for declarative code; strict for complex logic.

5. Assertion Density

Include defensive assertions documenting expectations.

def transfer_funds(from_acct, to_acct, amount):
    assert from_acct != to_acct, "Cannot transfer to same account"
    assert amount > 0, "Transfer amount must be positive"
    assert from_acct.balance >= amount, "Insufficient funds"
    # ... implementation

Adaptation: Focus on boundary conditions and invariants, not arbitrary quotas.

6. Minimal Variable Scope

Declare variables at narrowest possible scope.

# Good - scoped tightly
for item in items:
    total = calculate(item)  # Only exists in loop
    results.append(total)

# Avoid - unnecessarily broad
total = 0  # Why is this outside?
for item in items:
    total = calculate(item)
    results.append(total)

7. Check Return Values and Parameters

Validate inputs; never ignore return values.

# Good
result = parse_config(path)
if result is None:
    raise ConfigError(f"Failed to parse {path}")

# Bad
parse_config(path)  # Ignored return

8. Limited Preprocessor/Metaprogramming

Restrict macros, decorators, and code generation.

Why: Makes static analysis possible. Adaptation: Document metaprogramming thoroughly; prefer explicit over magic.

9. Pointer/Reference Discipline

Limit indirection levels; be explicit about ownership.

Adaptation: Use type hints, avoid deep nesting of optionals, prefer immutable data.

10. Enable All Warnings

Compile/lint with strictest settings from day one.

# Python
ruff check --select=ALL
mypy --strict

# TypeScript
tsc --strict --noImplicitAny

Rules That May Not Apply

Rule	When to Relax
No recursion	Tree traversal, parser combinators with bounded depth
No dynamic memory	GC languages, short-lived processes
60-line functions	Declarative configs, state machines
No function pointers	Callbacks, event handlers, strategies

Integration

Reference this skill from:

pensive:code-refinement - Clean code dimension
pensive:code-refinement - Quality checks
sanctum:pr-review - Code quality phase

Sources

NASA JPL Power of 10 Rules (Gerard Holzmann, 2006)
MISRA C Guidelines
HN discussion insights on practical application

Source

git clone https://github.com/athola/claude-night-market/blob/master/plugins/pensive/skills/safety-critical-patterns/SKILL.md

View on GitHub

Overview

Safety-Critical Coding Patterns adapt NASA's Power of 10 to general software. They guide you to apply strict, verifiable patterns in critical paths while keeping rigor appropriate to consequence. The rules cover control flow, loops, memory, assertions, scope, and more to boost robustness and verifiability.

How This Skill Works

The skill enumerates 10 rules with practical adaptations and examples. Developers apply these through context-aware rigor—full, selective, or light—depending on consequence. Key rules include restricting control flow, enforcing fixed loop bounds, avoiding dynamic memory after initialization, keeping functions concise, and using assertions and strict warnings to enable static analysis.

When to Use It

Full rigor in safety-critical systems, financial transactions, and data integrity code
Selective application to business logic, API handlers, and core algorithms
Light touch for scripts, prototypes, and non-critical utilities
when integrating with critical components or handling high-risk data paths
During code reviews where verifiability and auditability are required

Quick Start

Step 1: Assess risk and map the project areas to the three rigor levels (full/selective/light)
Step 2: Apply top rules to critical paths (restrict control flow, fixed loop bounds, assertion density)
Step 3: Run static analysis with strict settings and review results for boundary conditions

Best Practices

Document expected loop bounds and safety limits; prefer bounded loops with clear termination conditions
Pre-allocate memory or use object pools; avoid dynamic memory in hot/critical paths
Keep functions short and modular (aim for one screen ~60 lines) to aid comprehension
Use defensive assertions to document invariants and boundary conditions
Validate all inputs and check return values; never ignore important results

Example Use Cases

Bounded loop shown: for i in range(min(len(items), MAX_ITEMS)): process(item)
Assertions in transfer_funds to enforce non-identical accounts, positive amount, and sufficient funds
Minimal variable scope: declare loop-local totals inside the loop to avoid leakage
Check return values when parsing config: raise ConfigError if parsing fails
Enable strict static analysis: ruff check --select=ALL and mypy --strict; tsc with strict options

Frequently Asked Questions

Add this skill to your agents

Related Skills

RubyCritic Code Quality Analysis

esparkman/claude-rubycritic-skill

Analyze Ruby and Rails code quality with RubyCritic. Identifies code smells, complexity issues, and refactoring opportunities. Provides detailed metrics, scores files A-F, compares branches, and prioritizes high-churn problem areas. Use when analyzing Ruby code quality, reviewing PRs, or identifying technical debt.

code-refinement

athola/claude-night-market

'Analyze and improve living code quality: duplication, algorithmic efficiency,