setup-gxp-r-project

Set up an R project structure compliant with GxP regulations (21 CFR Part 11, EU Annex 11). Covers validated environments, qualification documentation, change control, and electronic records requirements. Use when starting an R analysis project in a regulated environment (pharma, biotech, medical devices), setting up R for clinical trial analysis, creating a validated computing environment for regulatory submissions, or implementing 21 CFR Part 11 or EU Annex 11 requirements.

9 stars

Best use case

setup-gxp-r-project is best used when you need a repeatable AI agent workflow instead of a one-off prompt.

Set up an R project structure compliant with GxP regulations (21 CFR Part 11, EU Annex 11). Covers validated environments, qualification documentation, change control, and electronic records requirements. Use when starting an R analysis project in a regulated environment (pharma, biotech, medical devices), setting up R for clinical trial analysis, creating a validated computing environment for regulatory submissions, or implementing 21 CFR Part 11 or EU Annex 11 requirements.

Teams using setup-gxp-r-project should expect a more consistent output, faster repeated execution, less prompt rewriting.

When to use this skill

  • You want a reusable workflow that can be run more than once with consistent structure.

When not to use this skill

  • You only need a quick one-off answer and do not need a reusable workflow.
  • You cannot install or maintain the underlying files, dependencies, or repository context.

Installation

Claude Code / Cursor / Codex

$curl -o ~/.claude/skills/setup-gxp-r-project/SKILL.md --create-dirs "https://raw.githubusercontent.com/pjt222/agent-almanac/main/i18n/caveman-lite/skills/setup-gxp-r-project/SKILL.md"

Manual Installation

  1. Download SKILL.md from GitHub
  2. Place it in .claude/skills/setup-gxp-r-project/SKILL.md inside your project
  3. Restart your AI agent — it will auto-discover the skill

How setup-gxp-r-project Compares

Feature / Agentsetup-gxp-r-projectStandard Approach
Platform SupportNot specifiedLimited / Varies
Context Awareness High Baseline
Installation ComplexityUnknownN/A

Frequently Asked Questions

What does this skill do?

Set up an R project structure compliant with GxP regulations (21 CFR Part 11, EU Annex 11). Covers validated environments, qualification documentation, change control, and electronic records requirements. Use when starting an R analysis project in a regulated environment (pharma, biotech, medical devices), setting up R for clinical trial analysis, creating a validated computing environment for regulatory submissions, or implementing 21 CFR Part 11 or EU Annex 11 requirements.

Where can I find the source code?

You can find the source code on GitHub using the link provided at the top of the page.

SKILL.md Source

# Set Up GxP R Project

Create an R project structure that meets GxP regulatory requirements for validated computing.

## When to Use

- Starting an R analysis project in a regulated environment (pharma, biotech, medical devices)
- Setting up R for clinical trial analysis
- Creating a validated computing environment for regulatory submissions
- Implementing 21 CFR Part 11 or EU Annex 11 requirements

## Inputs

- **Required**: Project scope and regulatory framework (FDA, EMA, or both)
- **Required**: R version and package versions to validate
- **Required**: Validation strategy (risk-based approach)
- **Optional**: Existing SOPs for computerized systems
- **Optional**: Quality management system integration requirements

## Procedure

### Step 1: Create Validated Project Structure

```
gxp-project/
├── R/                          # Analysis scripts
│   ├── 01_data_import.R
│   ├── 02_data_processing.R
│   └── 03_analysis.R
├── validation/                 # Validation documentation
│   ├── validation_plan.md      # VP: scope, strategy, roles
│   ├── risk_assessment.md      # Risk categorization
│   ├── iq/                     # Installation Qualification
│   │   ├── iq_protocol.md
│   │   └── iq_report.md
│   ├── oq/                     # Operational Qualification
│   │   ├── oq_protocol.md
│   │   └── oq_report.md
│   ├── pq/                     # Performance Qualification
│   │   ├── pq_protocol.md
│   │   └── pq_report.md
│   └── traceability_matrix.md  # Requirements to tests mapping
├── tests/                      # Automated test suite
│   ├── testthat.R
│   └── testthat/
│       ├── test-data_import.R
│       └── test-analysis.R
├── data/                       # Input data (controlled)
│   ├── raw/                    # Immutable raw data
│   └── derived/                # Processed datasets
├── output/                     # Analysis outputs
├── docs/                       # Supporting documentation
│   ├── sop_references.md       # Links to relevant SOPs
│   └── change_log.md           # Manual change documentation
├── renv.lock                   # Locked dependencies
├── DESCRIPTION                 # Project metadata
├── .Rprofile                   # Session configuration
└── CLAUDE.md                   # AI assistant instructions
```

**Got:** The complete directory structure exists with `R/`, `validation/` (including `iq/`, `oq/`, `pq/` subdirectories), `tests/testthat/`, `data/raw/`, `data/derived/`, `output/`, and `docs/` directories.

**If fail:** With missing directories, create them with `mkdir -p`. Verify you are in the correct project root. For existing projects, create only the missing directories rather than overwriting existing structure.

### Step 2: Create Validation Plan

Create `validation/validation_plan.md`:

```markdown
# Validation Plan

## 1. Purpose
This plan defines the validation strategy for [Project Name] using R [version].

## 2. Scope
- R version: 4.5.0
- Packages: [list with versions]
- Analysis: [description]
- Regulatory framework: 21 CFR Part 11 / EU Annex 11

## 3. Risk Assessment Approach
Using GAMP 5 risk-based categories:
- Category 3: Non-configured products (R base)
- Category 4: Configured products (R packages with default settings)
- Category 5: Custom applications (custom R scripts)

## 4. Validation Activities
| Activity | Category 3 | Category 4 | Category 5 |
|----------|-----------|-----------|-----------|
| IQ | Required | Required | Required |
| OQ | Reduced | Standard | Enhanced |
| PQ | N/A | Standard | Enhanced |

## 5. Roles and Responsibilities
- Validation Lead: [Name]
- Developer: [Name]
- QA Reviewer: [Name]
- Approver: [Name]

## 6. Acceptance Criteria
All tests must pass with documented evidence.
```

**Got:** `validation/validation_plan.md` is complete with scope, GAMP 5 risk categories, validation activities matrix, roles and responsibilities, and acceptance criteria. The plan references the specific R version and regulatory framework.

**If fail:** With unclear regulatory framework, consult the organization's QA department for applicable SOPs. Do not proceed with validation activities until the plan is reviewed and approved.

### Step 3: Lock Dependencies with renv

```r
# Initialize renv with exact versions
renv::init()

# Install specific validated versions
renv::install("dplyr@1.1.4")
renv::install("ggplot2@3.5.0")

# Snapshot
renv::snapshot()
```

The `renv.lock` file serves as the controlled package inventory.

**Got:** `renv.lock` exists with exact version numbers for all required packages. `renv::status()` reports no issues. Every package version is pinned (e.g., `dplyr@1.1.4`), not floating.

**If fail:** If `renv::install()` fails for a specific version, check that the version exists on CRAN archives. Use `renv::install("package@version", repos = "https://packagemanager.posit.co/cran/latest")` for archived versions.

### Step 4: Implement Version Control

```bash
git init
git add .
git commit -m "Initial validated project structure"

# Use signed commits for traceability
git config user.signingkey YOUR_GPG_KEY
git config commit.gpgsign true
```

**Got:** The project is under git version control with signed commits enabled. The initial commit contains the validated project structure and `renv.lock`.

**If fail:** With GPG signing failing, verify the GPG key is configured with `gpg --list-secret-keys`. For environments without GPG, document the deviation and use unsigned commits with manual audit trail entries in `docs/change_log.md`.

### Step 5: Create IQ Protocol

`validation/iq/iq_protocol.md`:

```markdown
# Installation Qualification Protocol

## Objective
Verify that R and required packages are correctly installed.

## Test Cases

### IQ-001: R Version Verification
- **Requirement**: R 4.5.0 installed
- **Procedure**: Execute `R.version.string`
- **Expected:** "R version 4.5.0 (date)"
- **Result**: [ PASS / FAIL ]

### IQ-002: Package Installation Verification
- **Requirement**: All packages in renv.lock installed
- **Procedure**: Execute `renv::status()`
- **Expected:** "No issues found"
- **Result**: [ PASS / FAIL ]

### IQ-003: Package Version Verification
- **Procedure**: Execute `installed.packages()[, c("Package", "Version")]`
- **Expected:** Versions match renv.lock exactly
- **Result**: [ PASS / FAIL ]
```

**Got:** `validation/iq/iq_protocol.md` contains test cases for R version verification, package installation verification, and package version verification, each with clear expected results and pass/fail fields.

**If fail:** If the IQ protocol template does not match organizational SOP requirements, adapt the format while retaining the required fields (requirement, procedure, expected result, actual result, pass/fail). Consult QA for approved templates.

### Step 6: Write Automated OQ/PQ Tests

```r
# tests/testthat/test-analysis.R
test_that("primary analysis produces validated results", {
  # Known input -> known output (double programming validation)
  test_data <- read.csv(test_path("fixtures", "validation_dataset.csv"))

  result <- primary_analysis(test_data)

  # Compare against independently calculated expected values
  expect_equal(result$estimate, 2.345, tolerance = 1e-3)
  expect_equal(result$p_value, 0.012, tolerance = 1e-3)
  expect_equal(result$ci_lower, 1.234, tolerance = 1e-3)
})
```

**Got:** Automated test files exist in `tests/testthat/` covering OQ (operational verification of each function) and PQ (end-to-end validation against independently calculated reference values). Tests use explicit numeric tolerances.

**If fail:** With reference values not yet available from independent calculation (e.g., SAS), create placeholder tests with `skip("Awaiting independent reference values")` and document in the traceability matrix.

### Step 7: Create Traceability Matrix

```markdown
# Traceability Matrix

| Req ID | Requirement | Test ID | Test Description | Status |
|--------|-------------|---------|------------------|--------|
| REQ-001 | Import CSV data correctly | OQ-001 | Verify data dimensions and types | PASS |
| REQ-002 | Calculate primary endpoint | PQ-001 | Compare against reference results | PASS |
| REQ-003 | Generate report output | PQ-002 | Verify report contains all sections | PASS |
```

**Got:** `validation/traceability_matrix.md` links every requirement to at least one test case, and every test case is linked to a requirement. No orphaned requirements or tests.

**If fail:** With untested requirements, create test cases for them or document a risk-based justification for exclusion. With tests lacking a linked requirement, either link them to an existing requirement or remove them as out-of-scope.

## Validation

- [ ] Project structure follows documented template
- [ ] renv.lock contains all dependencies with exact versions
- [ ] Validation plan is complete and approved
- [ ] IQ protocol executes successfully
- [ ] OQ test cases cover all configured functionality
- [ ] PQ tests validate against independently computed results
- [ ] Traceability matrix links requirements to tests
- [ ] Change control process is documented

## Pitfalls

- **Using `install.packages()` without version pinning**: Always use renv with locked versions
- **Missing audit trail**: Every change must be documented. Use git signed commits.
- **Over-validating**: Apply risk-based approach. Not every CRAN package needs Category 5 validation.
- **Forgetting system-level qualification**: The OS and R installation need IQ too
- **No independent verification**: PQ should compare against results computed independently (SAS, manual calculation)

## Related Skills

- `write-validation-documentation` - detailed validation document creation
- `implement-audit-trail` - electronic records and audit trails
- `validate-statistical-output` - double programming and output validation
- `manage-renv-dependencies` - dependency locking for validated environments

Related Skills

tidy-project-structure

9
from pjt222/agent-almanac

Organize project files into conventional directories, update stale READMEs, clean configuration drift, and archive deprecated items without changing code logic. Use when files are scattered without clear organization, READMEs are outdated or contain broken examples, configuration files have multiplied across dev/staging/prod, deprecated files remain in the project root, or naming conventions are inconsistent across directories.

setup-wsl-dev-environment

9
from pjt222/agent-almanac

Set up a WSL2 development environment on Windows including shell configuration, essential tools, Git, SSH keys, Node.js, Python, and cross-platform path management. Use when setting up a new Windows machine for development, configuring WSL2 for the first time, adding development tools to an existing WSL installation, or setting up cross-platform workflows that combine WSL and Windows tools.

setup-uptime-checks

9
from pjt222/agent-almanac

Configure external uptime monitoring using Blackbox Exporter and Prometheus. Implement SSL certificate monitoring, HTTP endpoint health checks, and status pages for customer-facing visibility. Use when monitoring customer-facing endpoints such as APIs and websites, tracking SSL certificate expiration, validating service availability from multiple regions, creating public status pages, or meeting SLA requirements for uptime reporting.

setup-tailwind-typescript

9
from pjt222/agent-almanac

Configure Tailwind CSS with TypeScript in a Next.js or React project. Covers installation, configuration, custom theme extensions, component patterns, and type-safe styling utilities. Use to add Tailwind CSS to an existing TypeScript project, customize the Tailwind theme for a project's design system, set up type-safe component styling patterns, or configure Tailwind plugins and extensions.

setup-service-mesh

9
from pjt222/agent-almanac

Deploy and configure a service mesh (Istio or Linkerd) to enable secure service-to-service communication, traffic management, observability, and policy enforcement in Kubernetes clusters. Covers installation, mTLS, traffic routing, circuit breaking, and integration with monitoring tools. Use when microservices need encrypted service-to-service communication, fine-grained traffic control for canary or A/B deployments, observability across all service interactions without application changes, or consistent circuit breaking and retry policies.

setup-putior-ci

9
from pjt222/agent-almanac

Set up GitHub Actions CI/CD to automatically regenerate putior workflow diagrams on push. Covers workflow YAML creation, R script for diagram generation with sentinel markers, auto-commit of updated diagrams, and README sentinel integration for in-place diagram updates. Use when workflow diagrams should always reflect the current state of the code, when multiple contributors may change workflow-affecting code, or when replacing manual diagram regeneration with an automated CI/CD pipeline.

setup-prometheus-monitoring

9
from pjt222/agent-almanac

Configure Prometheus for time-series metrics collection, including scrape configurations, service discovery, recording rules, and federation patterns for multi-cluster deployments. Use when setting up centralized metrics collection for microservices, implementing time-series monitoring for application and infrastructure, establishing a foundation for SLO/SLI tracking and alerting, or migrating from legacy monitoring solutions to a modern observability stack.

setup-local-kubernetes

9
from pjt222/agent-almanac

Set up a local Kubernetes development environment using kind, k3d, or minikube for fast inner-loop development. Covers cluster creation, ingress configuration, local registry setup, and integration with development tools like Skaffold and Tilt for automatic rebuild and redeploy workflows. Use when needing a local Kubernetes environment for development, testing manifests or Helm charts before production deployment, wanting fast automatic rebuild-and-redeploy cycles, or learning Kubernetes without cloud costs.

setup-github-actions-ci

9
from pjt222/agent-almanac

Configure GitHub Actions CI/CD for R packages including R CMD check on multiple platforms, test coverage reporting, and pkgdown site deployment. Uses r-lib/actions for standard workflows. Use when setting up CI/CD for a new R package, adding multi-platform testing to an existing package, configuring automated pkgdown site deployment, or adding code coverage reporting to a repository.

setup-docker-compose

9
from pjt222/agent-almanac

Configure Docker Compose for multi-container R development environments. Covers service definitions, volume mounts, networking, environment variables, and dev vs production configurations. Use to run R alongside other services (databases, APIs), set up a reproducible R dev environment, orchestrate an R-based MCP server container, or manage environment variables and volume mounts for R projects.

setup-container-registry

9
from pjt222/agent-almanac

Configure container image registries including GitHub Container Registry (ghcr.io), Docker Hub, and Harbor with automated image scanning, tagging strategies, retention policies, and CI/CD integration for secure image distribution. Use when setting up a private container registry, migrating from Docker Hub to self-hosted registries, implementing vulnerability scanning in CI/CD pipelines, managing multi-architecture images, enforcing image signing, or configuring automatic cleanup and retention policies.

setup-compose-stack

9
from pjt222/agent-almanac

Configure general-purpose Docker Compose stacks for common application patterns. Covers web app + database + cache + worker services, named volumes, networks, health checks, depends_on, environment management, and profiles. Use to run a web app with a database or cache, set up a dev environment with multiple services, orchestrate background workers alongside an API, or create reproducible multi-service environments.