Skip to content
/ meddev-agent-skills Public

Modular “skill” files for AI coding agents working on medical device software

License

MIT license
6 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AminAlam/meddev-agent-skills

BranchesTags

Repository files navigation

Medical Device Agent Skills

Medical Device Skills Meme

Skills License IEC 62304

Modular "skill" files for AI coding agents working on medical device software. Each skill captures scoped, actionable guidance (requirements, patterns, anti-patterns, verification) to help agents produce safer, more compliant code without replacing human regulatory review.

What This Repo Is

  • Curated guidance aligned to medical device standards (IEC 62304, ISO 14971, FDA, EU MDR)
  • Machine-readable and agent-friendly (consistent schema, metadata, prerequisites)
  • Code-focused with patterns, anti-patterns, and verification checklists

Target Audience

  • Device Engineers — Embedded, connectivity, cloud developers building medical software
  • QA/RA Engineers — Quality and regulatory pros collaborating with AI-assisted development
  • Tool Builders — Integrating domain skills into Copilot, Claude, Cursor, or custom agents

Quick Start

  1. Pick relevant skills by domain and jurisdiction (e.g., regulatory/iec-62304, security/secure-boot)
  2. Load skills into your agent context — start with SKILL_SCHEMA.md, then add specific skills
  3. Follow the verification checklist when writing/reviewing code
  4. Maintain traceability: Requirements -> Design -> Code -> Tests
  5. Reference examples/ for real patterns with annotations

Using with AI Assistants

Claude / Cursor / Copilot: Load relevant SKILL.md files into context; include the schema first.

Retrieval (RAG): Index by metadata (skill_id, jurisdiction, applies_to) for similarity search.

Custom Agents: Implement prerequisite chaining from YAML frontmatter; filter by class/jurisdiction.

Skill Index

Regulatory

Skill Description
IEC 62304 Software lifecycle process controls by class (A/B/C)
ISO 14971 Risk management integration, hazard controls, traceability
FDA Premarket Submission software documentation, SBOM, cybersecurity
EU MDR MDR-specific software expectations and Rule 11
IEC 62443 Industrial cybersecurity for connected devices
21 CFR Part 11 Electronic records/signatures, audit trails

Architecture

Skill Description
Safety Classification Applying class to architecture, segregation, testing
Separation of Concerns Partitioning safety-critical boundaries
State Machines Safe states, transitions, testing patterns
Fault Tolerance Detection, degradation, watchdog, recovery
Defensive Design Input/output validation, assertions, error handling

Firmware

Skill Description
Embedded C MISRA-C aligned embedded guidance and examples
Embedded C++ Controlled C++ feature set for devices
RTOS Patterns Tasks, priorities, IPC, timing, inversion avoidance
Memory Management Static allocation, pools, MPU usage
Power Management Sleep/wake, battery monitoring, graceful shutdown
Interrupt Handling ISR structure, critical sections, testing
Hardware Abstraction HAL layering and testability

Connectivity

Skill Description
BLE Medical Secure BLE services for PHI-bearing devices
WiFi Medical WPA3/enterprise, cert management, coexistence
USB Medical Class selection, enumeration, safety
Interoperability HL7 FHIR/IHE, terminology, API design

Security

Skill Description
Authentication User/device auth, sessions, RBAC
Encryption Algorithms, KDFs, data at rest/in transit
Secure Boot Boot chain, signatures, rollback protection
Secure OTA Signed updates, atomicity, rollback, server hardening
Key Management Generation, storage, rotation, revocation
Threat Modeling STRIDE, attack surface, control mapping

Testing

Skill Description
Unit Testing Frameworks, coverage by class, embedded mocks
Integration Testing HW/SW integration, interfaces, environments
Static Analysis Tools, MISRA configs, triage workflow
Dynamic Analysis Runtime checks, thread safety, profiling
Fuzz Testing Inputs/protocol fuzzing, crashes, security focus
Code Coverage Metrics (stmt/branch/MC/DC), CI integration
Hardware-in-Loop Fixtures, automation, timing, parallelism

Documentation

Skill Description
Code Comments Traceability annotations, risk/test tags
Design Docs SAD/SDD, interfaces, SOUP docs
Test Docs Plans/protocols/reports, submission formatting
Traceability Matrices, bidirectional links, tool integration
Inline Docs Intentful inline comments, trace tags, API notes
Change Control Change requests, impact, regression, config mgmt

Data

Skill Description
PHI Handling PHI identification, de-ID, encryption, retention
Data Integrity CRC/ECC, validation, storage/transit integrity
Audit Logging What/how to log, protection, retention

CI/CD

Skill Description
Pipeline Design Regulated pipeline stages, artifacts, audit trail
Automated Testing Strategy, hardware integration, flake handling
Release Management Versioning, branches, verification, monitoring

Disclaimer

These skills supplement, not replace, reading the actual standards and guidance. Interpretations are noted; always verify with official documents and your QA/RA function. Jurisdictional differences (FDA vs EU MDR) are called out where relevant.

Contributing

See CONTRIBUTING.md for how to propose or update skills. Quality requires citations to standards, runnable code examples, and verification criteria. Regulatory/domain expert review is required for merges.

License

MIT License — see LICENSE.

About

Modular “skill” files for AI coding agents working on medical device software

Resources

Readme

License

MIT license

Contributing

Contributing
Activity

Stars

6 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published