← Tools
THE IDEA
A linter + checker that flags the dangerous patterns at build time (exposed keys, removed APIs, partial updates, millisecond TTLs) and decodes opaque SDK errors into the exact fix.
The problem today
- The expensive mistakes look harmless: `NEXT_PUBLIC_PRIVATE_KEY` (leaks your signing key to the browser), a partial `updateEntity` (silently drops attributes), `.orderBy()` (removed), TTL in milliseconds (instant expiry), looping single writes (nonce collisions).
- Runtime errors are opaque — the DX audit flagged a useless "Account required" message.
- An AI that read the skill won't write these — but existing code, teammates, and slips still do.
What it would do
- Static rules: exposed/public private keys, partial updateEntity, removed `.orderBy()`, millisecond TTLs, missing project namespace / createdBy scoping, raw Promise.all writes, forbidden positioning copy ("decentralized/trustless/permanent").
- `doctor` mode: pre-flight wallet balance, chain, SDK version range, RPC reachability; decode common SDK errors → exact fix + the relevant skill section.
- Runs in CI or your editor; each finding links the doc/skill that explains it.
WHY IT’S A BETTER EXPERIENCE
- Moves the worst footguns from "data-loss/leak in prod" to "red squiggle in the editor."
- Security: the exposed-key check alone is worth it — that's the exact bug in the community scaffolder.
- Deterministic: it fires every build, with or without an AI in the loop.
HOW IT COMPARES
Prisma error reference / lintnamed errors + fixes — the model for turning failures into learning.
eslint-plugin-* ecosystemsdomain linters are how every framework encodes its footguns. Arkiv has none.
Just a skillguides the AI as it writes; it can't gate a PR. Lint does.
FEASIBILITY — AND WHY THIS ISN’T HAND-WAVING
Medium to build
Static rules (AST/regex) + setup checks + an error-shape catalog. No protocol changes; could also ship as an MCP capability.
Grounded in
- Real footguns confirmed: NEXT_PUBLIC_PRIVATE_KEY in the wild, full-replace updates, orderBy removed (PR #70), nonce collisions.
- Arkiv DX audit lists unhelpful errors (e.g. "Account required") as friction.
- Wallet/balance/chain checks proven via the live accountInfo + getConfig calls.
PAIRS WITH