Ensure your LLM coding agent uses the latest Passlock docs
Passlock now provides an AI agent skill for Codex, Claude Code, and other LLM coding agents.
The skill is a small SKILL.md file that tells an agent how to discover the current Passlock documentation, search the agent-friendly runbooks, and fetch only the pages that are relevant to the task.
If you use AI coding tools to add passkeys, one-time codes, or Passlock server flows, install the skill before asking the agent to write code. It gives the agent a reliable path to the latest docs instead of leaving it to guess from stale model knowledge.
See the full setup reference at passlock.dev/agents/agent-skill/.
Why we added an agent skill
Section titled “Why we added an agent skill”Passlock’s public API is intentionally small, but passkey integration still has details that matter:
- browser and server packages have different responsibilities
- safe and unsafe entry points return errors differently
- passkey registration and authentication require separate browser and server steps
- REST API endpoints use tenancy-scoped URLs
- API symbols and result types can change as the libraries evolve
Those details are exactly where an LLM can make plausible but incorrect assumptions.
The agent skill narrows that risk. It instructs the agent to start from Passlock’s public documentation, use the generated LLM indexes for search, and treat the hosted API reference as the source of truth for exact package symbols.
What the skill does
Section titled “What the skill does”The skill teaches an agent a retrieval workflow:
- start with
https://passlock.dev/llms.txtfor broad documentation discovery - search the generated LLM documentation index for topic-specific pages
- use
https://apidocs.passlock.dev/llms/for symbol-level package reference - prefer runbook pages for integration flow and API docs for exact signatures
- fetch only the relevant markdown pages after the search has narrowed the topic
- cite public Passlock URLs when explaining the implementation
It does not give the agent private implementation details. It points the agent at the same public documentation you can read on the website.
Where to install it
Section titled “Where to install it”Download the skill from the reference page and place it where your coding agent expects skills or project instructions.
For Codex project-level use:
.agents/skills/passlock-agent-docs/SKILL.mdFor Codex user-level use:
~/.agents/skills/passlock-agent-docs/SKILL.mdFor Claude Code project-level use:
.claude/skills/passlock-agent-docs/SKILL.mdFor Claude Code user-level use:
~/.claude/skills/passlock-agent-docs/SKILL.mdUse a project-level install when the repository actively integrates Passlock. Use a user-level install when you want the skill available across many projects.
How to use it
Section titled “How to use it”After installing the skill, ask your agent to use it when working on Passlock code:
Use the Passlock agent docs skill to add passkey registration to this app.Or make the retrieval target explicit:
Use the Passlock agent docs skill. Verify the current @passlock/browser API before changing this registration flow.For server-side work, point the agent at the package boundary:
Use the Passlock agent docs skill and update this API route to exchange a Passlock code with @passlock/server.Good prompts tell the agent which Passlock flow is being changed and require it to verify the current docs before editing code.
When it helps most
Section titled “When it helps most”The skill is most useful when the agent needs to choose between similar Passlock concepts:
| Task | Why the skill helps |
|---|---|
| Adding passkey registration | Finds the browser registration flow and the server code exchange flow |
| Handling expected errors | Confirms whether the safe or unsafe entry point matches the app style |
| Updating an existing integration | Checks current symbols before editing older code |
| Calling the REST API directly | Finds endpoint-specific request and response details |
| Explaining Passlock behavior | Uses public citations instead of unsupported guesses |
The default recommendation is to use the safe Passlock APIs unless your application already standardizes on thrown errors. The skill should guide the agent toward those safe examples for runbook-style implementation work.
Keep the agent honest
Section titled “Keep the agent honest”The skill improves retrieval, but it is still worth making your prompt specific. Ask the agent to:
- verify the relevant Passlock docs before editing
- prefer public runbooks for flow guidance
- use the API reference for exact imports and type names
- avoid inventing package APIs
- run your project’s normal typecheck or build after changes
That combination gives the agent enough context to move quickly without treating generated code as authoritative.