| name | app-modeling |
| description | Analyze a source code repository and generate a Radius application definition (.radius/app.bicep). Use when asked to create an application definition, model an application for Radius, or generate a Radius Bicep file. Resolves resource types from radius-project/resource-types-contrib and follows deterministic rules for validated output.
|
Radius Application Modeling
Use this skill to generate a Radius application definition (app.bicep) from a source code repository.
Output Format
Your entire visible response must follow this exact sequence. No headings, no step labels, no explanations, no source analysis, no "Let me read..." preamble.
- Say: I will create an application definition for
<app-name>.
- Say: First, let me review the platform constitution.
- Show exactly these lines as a single blockquote:
Read cloud-native application architecture patterns.
Read available resource types.
Read resource types composition rules.
Read resource types dependencies.
Read naming conventions.
Read secret handling requirements.
- Say: I see this repository has a single application called
<app-name>.
- Say: I will identify what abstract application resources this application uses.
- Say: It has these application resources:
- List resources as a numbered list (e.g. "1. Container: todo-list-frontend")
- Say: An application definition has been created for
<app-name>.
- Output the
.radius/app.bicep code block.
- Say: Would you like me to create a pull request with this file?
That is the COMPLETE chat response. Nothing before step 1, nothing after step 10. Do NOT automatically create a pull request. Wait for the user to confirm.
If the user confirms, create a pull request adding .radius/app.bicep to the repository. The PR title should be Add Radius application definition. The PR body should say Add .radius/app.bicep for <app-name>. — nothing else.
Internal Workflow (do NOT show these steps to the user)
Internally, before producing the output above:
- Analyze the source repository (package manifest, Dockerfile/compose, entry point, persistence layer, env vars).
- Classify into exactly one architecture pattern. Read architecture-patterns.md.
- Resolve resource types from
radius-project/resource-types-contrib — MUST match existing schemas. Read only the relevant YAML schema files.
- Read bicep-structure-rules.md for correct Bicep structure.
- Read naming-conventions.md and apply the Deterministic Naming Rules below.
- Read secrets-handling.md.
- Generate the Bicep and validate against the checklist.
Then produce the output in the exact format above. Do NOT output anything while performing these steps.
Deterministic Naming Rules
These rules eliminate ambiguity. Apply them exactly.
Symbolic names (left side of = in Bicep)
| Resource | Symbolic name |
|---|
| Application | <shortName>App where <shortName> is the app name without hyphens, camelCase (e.g., todo-list-app → todoApp) |
| Container | <shortName>Container (e.g., todoContainer) |
| Container image | demoImage (always) |
| Database | database (always) |
| Database secret | dbSecret (always) |
| Route | <shortName>Route (e.g., todoRoute) |
Resource name properties (string values in Bicep)
| Resource | Name value |
|---|
| Application | Repository name in kebab-case (e.g., 'todo-list-app') |
| Container | '<app-name>-frontend' for single-container apps (e.g., 'todo-list-frontend') |
| Container image | 'demo-image' (always) |
| Database | Short name of the database engine: 'mysql', 'postgres', 'neo4j' |
| Database secret | 'dbsecret' (always) |
Connection keys
| Connection | Key |
|---|
| Database | mysqldb, postgresdb, neo4jdb (engine name + db) |
| Container image | demoContainerImage (always) |
Other fixed values
| Field | Value |
|---|
| Database secret USERNAME | 'todo_list_app_user' (always) |
Container key in containers map | Short name derived from app (e.g., todo for todo-list-app) |
Port key in ports map | web (always, for HTTP) |
build.context for containerImages | '/app/demo' (always) |
Extension order
Always declare extensions in this exact order:
extension radiusextension radiusComputeextension radiusSecurityextension radiusData
Resource Type Resolution
Built-in types (from radius-project/radius)
| Need | Resource Type | API Version |
|---|
| Application grouping | Applications.Core/applications | 2023-10-01-preview |
Applications.Core/applications is built into Radius. It uses extension radius — no additional extension needed. Its API version is 2023-10-01-preview. Do NOT use Radius.Core/applications — it does not exist.
Extensible types (from radius-project/resource-types-contrib)
Read the resource type YAML schema files from the radius-project/resource-types-contrib repository. Each resource type has a YAML file at <Category>/<typeName>/<typeName>.yaml.
| Need | Resource Type | Schema file in resource-types-contrib |
|---|
| Container images (build from Dockerfile) | Radius.Compute/containerImages | Compute/containerImages/containerImages.yaml (PR #126 — read from willdavsmith:containerimages-v2 branch until merged) |
| Containers | Radius.Compute/containers | Compute/containers/containers.yaml |
| MySQL | Radius.Data/mySqlDatabases | Data/mySqlDatabases/mySqlDatabases.yaml |
| PostgreSQL | Radius.Data/postgreSqlDatabases | Data/postgreSqlDatabases/postgreSqlDatabases.yaml |
| Neo4j | Radius.Data/neo4jDatabases | Data/neo4jDatabases/neo4jDatabases.yaml |
| Persistent storage | Radius.Compute/persistentVolumes | Compute/persistentVolumes/persistentVolumes.yaml |
| External ingress | Radius.Compute/routes | Compute/routes/routes.yaml |
| Secrets | Radius.Security/secrets | Security/secrets/secrets.yaml |
This is the COMPLETE list. Do NOT use any type not listed above. Do NOT invent properties. All extensible types use API version 2025-08-01-preview.
Extension naming
Bicep extensions are named by namespace, NOT by individual type:
| Namespace | Extension name |
|---|
Applications.Core | radius |
Radius.Compute | radiusCompute |
Radius.Data | radiusData |
Radius.Security | radiusSecurity |
Use extension radiusCompute — NOT extension containerImages or extension containers.
app.bicep Structure (mandatory order)
Declare resources in this order (do NOT output this as code — it is only for your reference):
- Extensions:
radius, then radiusCompute, radiusSecurity, radiusData (only those needed)
- Params:
environment, then @secure() password if needed, then @description(...) image if needed
- Application resource (
Applications.Core/applications@2023-10-01-preview) — always exactly one
- Data / infrastructure resources (databases, caches)
- Secret resources (database credentials, API keys)
- Container image resources (if building from Dockerfile)
- Container resources (with connections to images and infra)
- Routes (only if external ingress needed)
Rules:
- Always start with
extension radius then namespace-level extensions in the fixed order, then params.
- Always declare exactly ONE
Applications.Core/applications@2023-10-01-preview resource.
- If the app has a Dockerfile but no published image, add a
Radius.Compute/containerImages resource. Use a param image string for the image reference. The container must reference the image via demoImage.properties.image and have a connection to demoImage.id.
- For database credentials, create a
Radius.Security/secrets resource and reference it via secretName on the database resource.
- Use
@secure() param for passwords — NEVER hardcode them.
- For each container service, emit exactly one
Radius.Compute/containers resource.
- For each backing data store, emit the matching
Radius.Data/* resource.
- Only add
Radius.Compute/routes if the app needs external ingress.
Connections
Wire containers to infrastructure via connections. Read connection-conventions.md for the correct env var format.
Rules:
- NEVER duplicate auto-injected env vars with manual
env entries.
- Only add explicit
env entries for app-specific variables NOT covered by connection auto-injection.
Secrets
Read secrets-handling.md.
Database resources reference secrets via secretName: dbSecret.name. Username is always 'todo_list_app_user'. Use @secure() param for the password.
Bicep Structure Rules
Read bicep-structure-rules.md for all structural rules.
Validation Checklist
Before outputting, verify ALL:
Guardrails
- Use
Applications.Core/applications@2023-10-01-preview — NOT Radius.Core/applications.
- Do NOT set readOnly properties.
- Do NOT reference readOnly properties of other resources in Bicep.
- Do NOT use array syntax where the schema specifies object maps.
- Do NOT place
connections inside containers.
- Do NOT include comments in generated Bicep.
- Do NOT use a bare runtime base image when the app has a Dockerfile.
- Do NOT use
extension containerImages or extension containers — use extension radiusCompute.
- Do NOT generate or output bicepconfig.json.
- ALWAYS create
Radius.Security/secrets for database credentials.
- ALWAYS use
@secure() param for passwords.
- ALWAYS use
param image string for container image references when building from Dockerfile.
Example
Read todo-list-app-example.md for a complete worked example. The generated Bicep in that example is the expected correct output for dockersamples/todo-list-app.
