{
  "instruction": "Split settings into base/dev/prod and maintain correct middleware ordering",
  "relevant_when": "Agent configures Django settings or middleware",
  "context": "Django settings should be split into base.py, dev.py, and prod.py. Middleware order matters: SecurityMiddleware first, sessions before auth, CSRF before auth. Production settings should have DEBUG=False and security headers enabled.",
  "sources": [
    {
      "type": "file",
      "filename": "skills/django-best-practices/SKILL.md",
      "tile": "tessl-labs/django-best-practices@0.2.0"
    }
  ],
  "checklist": [
    {
      "name": "middleware-ordering",
      "rule": "Agent places SecurityMiddleware first, SessionMiddleware before AuthenticationMiddleware, and CsrfViewMiddleware before AuthenticationMiddleware in MIDDLEWARE",
      "relevant_when": "Agent configures Django MIDDLEWARE setting"
    },
    {
      "name": "debug-false-in-prod",
      "rule": "Agent sets DEBUG=False in production settings",
      "relevant_when": "Agent configures production Django settings"
    },
    {
      "name": "secret-key-from-env",
      "rule": "Agent reads SECRET_KEY from environment variables, not hardcoded in settings",
      "relevant_when": "Agent configures Django SECRET_KEY"
    }
  ]
}