ai-rag-patterns
Use when building features that answer questions from private data, documents, policies, or time-sensitive information — RAG architecture, chunking strategies, hybrid search, re-ranking, vector databases, evaluation, agentic RAG, multimodal RAG...
Best use case
ai-rag-patterns is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Use when building features that answer questions from private data, documents, policies, or time-sensitive information — RAG architecture, chunking strategies, hybrid search, re-ranking, vector databases, evaluation, agentic RAG, multimodal RAG...
Teams using ai-rag-patterns should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/ai-rag-patterns/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How ai-rag-patterns Compares
| Feature / Agent | ai-rag-patterns | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Use when building features that answer questions from private data, documents, policies, or time-sensitive information — RAG architecture, chunking strategies, hybrid search, re-ranking, vector databases, evaluation, agentic RAG, multimodal RAG...
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# RAG Patterns — Retrieval-Augmented Generation Acknowledgement: Shared by Peter Bamuhigire, techguypeter.com, +256 784 464178. <!-- dual-compat-start --> ## Use When - Use when building features that answer questions from private data, documents, policies, or time-sensitive information — RAG architecture, chunking strategies, hybrid search, re-ranking, vector databases, evaluation, agentic RAG, multimodal RAG... - The task needs reusable judgment, domain constraints, or a proven workflow rather than ad hoc advice. ## Do Not Use When - The task is unrelated to `ai-rag-patterns` or would be better handled by a more specific companion skill. - The request only needs a trivial answer and none of this skill's constraints or references materially help. ## Required Inputs - Gather relevant project context, constraints, and the concrete problem to solve; load `references` only as needed. - Confirm the desired deliverable: design, code, review, migration plan, audit, or documentation. ## Workflow - Read this `SKILL.md` first, then load only the referenced deep-dive files that are necessary for the task. - Apply the ordered guidance, checklists, and decision rules in this skill instead of cherry-picking isolated snippets. - Produce the deliverable with assumptions, risks, and follow-up work made explicit when they matter. ## Quality Standards - Keep outputs execution-oriented, concise, and aligned with the repository's baseline engineering standards. - Preserve compatibility with existing project conventions unless the skill explicitly requires a stronger standard. - Prefer deterministic, reviewable steps over vague advice or tool-specific magic. ## Anti-Patterns - Treating examples as copy-paste truth without checking fit, constraints, or failure modes. - Loading every reference file by default instead of using progressive disclosure. ## Outputs - A concrete result that fits the task: implementation guidance, review findings, architecture decisions, templates, or generated artifacts. - Clear assumptions, tradeoffs, or unresolved gaps when the task cannot be completed from available context alone. - References used, companion skills, or follow-up actions when they materially improve execution. ## Evidence Produced | Category | Artifact | Format | Example | |----------|----------|--------|---------| | Correctness | RAG retrieval evaluation report | Markdown doc covering recall / precision / answer-quality on a fixed eval set | `docs/ai/rag-eval-2026-04-16.md` | | Data safety | Index ingestion + tenancy isolation note | Markdown doc covering chunking, source filtering, and per-tenant index segregation | `docs/ai/rag-tenancy-note.md` | ## References - Use the `references/` directory for deep detail after reading the core workflow below. <!-- dual-compat-end --> ## Overview RAG solves the core LLM limitation: they only know what they were trained on. Use RAG to inject private data (invoices, menus, policies, reports) into every AI response. **Core principle:** RAG = look up a database + LLM synthesises the results. The LLM never needs to "know" your data. --- ## When to Use RAG | Condition | Action | |---|---| | Knowledge base < 200K tokens (~500 pages) | Include everything in context — no RAG needed | | Knowledge base > 200K tokens | Use RAG | | Data changes frequently (menus, prices, stock) | RAG (update documents, not model) | | Data is private/confidential | RAG (keeps data out of training pipelines) | | Need source citations | RAG (chunks are traceable to source) | | Model needs brand voice / domain jargon | Fine-tune instead | --- ## RAG vs Fine-Tuning | Factor | RAG | Fine-Tuning | |---|---|---| | Up-to-date content | ✅ Yes (add docs anytime) | ❌ Stale until retrained | | Hallucinations | ✅ Lower (document-grounded) | ❌ Higher | | Source citations | ✅ Yes | ❌ No | | Brand voice control | ❌ Weak | ✅ Strong | | Domain jargon | ❌ Weak | ✅ Strong | | Up-front cost | ✅ Lower | ❌ High | **Default: start with RAG.** Fine-tune only when RAG + prompt engineering cannot deliver the required tone or vocabulary. --- ## Additional Guidance Guidance is split across two reference files so this entrypoint stays compact. **[references/skill-deep-dive.md](references/skill-deep-dive.md)** — architecture, chunking, retrieval, schema: - `Pipeline Architecture` - `Chunking Strategies` - `Embedding Model Selection` - `Vector Database Selection` - `Retrieval Algorithms` - `Re-Ranking` - `Full RAG Query Algorithm` - `Query Rewriting (Multi-Turn)` - `RAG Schema (Multi-Tenant)` - `Evaluation Framework` - `Production Patterns` - `Agentic RAG` - `Multimodal RAG`, `Edge Cases`, `Cost Optimisation`, `Sources` **[references/production-rag.md](references/production-rag.md)** — the progression from draft to production and the gates before shipping: - `RAG Maturity Model` — Naive → Advanced → Modular - `Query Transformation` — HyDE, Multi-Query, Step-Back - `Contextual Compression` - `Self-RAG` - `RAGAS Evaluation` — 4 metrics with production thresholds - `Embedding Pipeline` — batching, upserts, re-embed triggers, $/1M-token table - `Cost Management Decision Tree` — concrete dollar figures per branch - `Failure Mode Playbook` — empty, irrelevant, hallucinated, stale - `Gates Before Shipping` Load the production file when building a RAG system that has to pass evaluation gates, survive multi-tenant review, or hit a cost budget under load. ## Multi-Tenant Addendum This skill describes RAG patterns in general. When the RAG feature ships inside a multi-tenant SaaS, the production answer is `ai-rag-multi-tenant` — per-tenant ingestion pipelines, vector store partitioning, tier-specific chunking and embedding models, defence-in-depth retrieval security, and citation grounding tied to live sources. Cross-references: - `ai-rag-multi-tenant` — multi-tenant RAG end-to-end. - `ai-tenant-isolation-patterns` — vector-store partitioning tradeoffs and data-bleed tests. - `ai-on-saas-architecture` — KB service as a control-plane service. - `ai-hallucination-slo-and-grounding` — citation grounding + faithfulness SLO. - `ai-model-gateway` — gateway-mediated retrieval calls. - `saas-tenant-data-portability-and-erasure` — KB erasure cascade for embeddings. ## Consolidated Child References - Load [references/routing.md](references/routing.md) to map retired AI child skill slugs to their reference modules.
Related Skills
interaction-design-patterns
Use when designing interfaces, building UX flows, choosing layouts, or making navigation decisions. Covers Tidwell's 45+ proven interaction patterns for behavior, navigation, layout, actions, and data display. Load alongside webapp-gui-design...
graphql-patterns
Use when designing, building, or operating GraphQL APIs with Apollo Server + TypeScript — covers schema-first SDL design, resolver architecture, DataLoader, JWT and directive-based authz, Relay cursor pagination, typed error payloads, federation v2, graphql-codegen, and production hardening (depth/complexity limits, timeouts, persisted queries). Load references/graphql-security.md for hostile-input defence.
distributed-systems-patterns
Use when designing or reviewing multi-service, message-driven, or eventually consistent systems. Covers service boundaries, consistency tradeoffs, event workflows, outbox and inbox patterns, sagas, ordering, and idempotency.
web-app-security-audit
Use when auditing a PHP/JavaScript/HTML web application for security vulnerabilities. Covers configuration, authentication, authorization, input validation, XSS, API security, HTTP headers, and dependency scanning. Produces a severity-rated audit...
vibe-security-skill
Use when designing or reviewing security for a web application, API, or multi-tenant SaaS — produces threat model, abuse case list, auth/authz matrix, and secret handling plan; covers OWASP Top 10 2025 and the AI-code-generation blind spots. Neighbours — api-design-first owns auth model fields, deployment-release-engineering owns secret rotation choreography, ai-security and llm-security own model-specific threats.
network-security
Use when designing, hardening, or auditing network-layer security for self-managed Debian/Ubuntu SaaS infrastructure — firewalls (nftables/UFW), WAF (ModSecurity + OWASP CRS), VPN (WireGuard, OpenVPN, IPsec), TLS/PKI ops, IDS/IPS (Suricata, Fail2ban), zero-trust, SSH hardening, DDoS mitigation, DNS security. Complements web-app-security-audit (app layer) and cicd-devsecops (secrets/CI).
linux-security-hardening
Use when hardening a Debian/Ubuntu server — user/group/sudo hardening, file permission audits, PAM password policy + MFA, AppArmor mandatory access control, auditd system call logging, kernel sysctl hardening, file integrity monitoring (AIDE), rootkit detection (rkhunter/chkrootkit), unattended security patching, GRUB + UEFI + LUKS boot security, and CIS benchmark compliance.
dpia-generator
Generate a Data Protection Impact Assessment (DPIA), Uganda DPPA 2019-compliant. Use when producing or reviewing a data protection impact assessment, a privacy impact assessment, when uganda-dppa-compliance flags [DPIA-REQUIRED], or when processing large-scale or sensitive personal data for a new feature.
code-safety-scanner
Scan any codebase for 14 critical safety issues across security vulnerabilities, server stability (500 errors), and payment misconfigurations. Use when auditing code before deployment, reviewing AI-generated code for production readiness, or...
world-class-engineering
Use when designing, building, reviewing, or upgrading production software systems that must be secure, performant, maintainable, scalable, and user-centered. Apply before writing specs, code, architecture, APIs, databases, mobile apps, SaaS platforms, or ERP systems.
update-Codex-documentation
Update project documentation files (README.md, PROJECT_BRIEF.md, TECH_STACK.md, ARCHITECTURE.md, docs/API.md, docs/DATABASE.md, AGENTS.md, docs/plans/NEXT_FEATURES.md) when significant changes occur. MANDATORY at end of each work session to...
skill-writing
Use when creating or upgrading skills in this repository. Covers repository-specific frontmatter rules, progressive disclosure, reference-file strategy, validation, and the quality bar required for production-grade engineering skills.