@blackms/aistack 1.2.0 → 1.3.1

package/README.md

@@ -4,6 +4,7 @@
 
 ### Multi-Agent Orchestration for Claude Code
 
+[![GitHub stars](https://img.shields.io/github/stars/blackms/aistack?style=flat-square)](https://github.com/blackms/aistack/stargazers)
 [![CI](https://github.com/blackms/aistack/actions/workflows/ci.yml/badge.svg)](https://github.com/blackms/aistack/actions/workflows/ci.yml)
 [![codecov](https://codecov.io/gh/blackms/aistack/branch/main/graph/badge.svg)](https://codecov.io/gh/blackms/aistack)
 [![npm version](https://img.shields.io/npm/v/@blackms/aistack?style=flat-square&color=CB3837&logo=npm)](https://www.npmjs.com/package/@blackms/aistack)
@@ -12,11 +13,11 @@
 
 <br/>
 
-**Production-ready agent orchestration with persistent memory and MCP integration.**
+**Production-ready agent orchestration with persistent memory, MCP integration, and real-time web dashboard.**
 
 <br/>
 
-[Get Started](#-quick-start) · [Architecture](#-architecture) · [API Reference](#-mcp-tools) · [Documentation](./docs)
+[Get Started](#-quick-start) · [Architecture](#-architecture) · [Web Dashboard](#-web-dashboard) · [API Reference](#-mcp-tools) · [Documentation](./docs)
 
 <br/>
 
@@ -29,7 +30,7 @@
 Coordinate specialized AI agents through Claude Code with persistent context, hierarchical task management, and seamless extensibility.
 
 ```
-7 agents · 30 MCP tools · 3 LLM providers · SQLite + FTS5 · Plugin system
+7 agents · 30 MCP tools · 6 LLM providers · SQLite + FTS5 · Web dashboard · Plugin system
 ```
 
 ---
@@ -48,9 +49,15 @@ Coordinate specialized AI agents through Claude Code with persistent context, hi
 </td>
 <td align="center" width="96">
 <img src="https://cdn.simpleicons.org/sqlite/003B57" width="48" height="48" alt="SQLite" />
-<br/>SQLite
+<br/>SQLite + FTS5
 </td>
 <td align="center" width="96">
+<img src="https://cdn.simpleicons.org/react/61DAFB" width="48" height="48" alt="React" />
+<br/>React 18
+</td>
+</tr>
+<tr>
+<td align="center" width="96">
 <img src="https://cdn.simpleicons.org/anthropic/191919" width="48" height="48" alt="Anthropic" />
 <br/>Anthropic
 </td>
@@ -62,6 +69,10 @@ Coordinate specialized AI agents through Claude Code with persistent context, hi
 <img src="https://cdn.simpleicons.org/ollama/000000" width="48" height="48" alt="Ollama" />
 <br/>Ollama
 </td>
+<td align="center" width="96">
+<img src="https://cdn.simpleicons.org/vite/646CFF" width="48" height="48" alt="Vite" />
+<br/>Vite
+</td>
 </tr>
 </table>
 
@@ -74,8 +85,10 @@ Coordinate specialized AI agents through Claude Code with persistent context, hi
 | **Specialized Agents** | 7 built-in agent types: coder, researcher, tester, reviewer, architect, coordinator, analyst |
 | **Persistent Memory** | SQLite with FTS5 full-text search and optional vector embeddings |
 | **MCP Integration** | 30 tools exposed via Model Context Protocol for Claude Code |
+| **Web Dashboard** | Real-time dashboard with 9 pages for visual management and monitoring |
+| **REST API + WebSocket** | 50+ HTTP endpoints with live WebSocket event streaming |
 | **Hierarchical Coordination** | Task queue, message bus, and coordinator pattern |
-| **Multi-Provider Support** | Anthropic, OpenAI, and Ollama with unified interface |
+| **Multi-Provider Support** | 3 API providers (Anthropic, OpenAI, Ollama) + 3 CLI providers (Claude, Gemini, Codex) |
 | **Plugin System** | Runtime extensibility for agents, tools, hooks, and providers |
 | **Workflow Engine** | Multi-phase workflows with adversarial validation |
 
@@ -102,6 +115,15 @@ claude mcp add aistack -- npx @blackms/aistack mcp start
 npx @blackms/aistack status
 ```
 
+### Start Web Dashboard
+
+```bash
+# Start backend + web dashboard
+npx @blackms/aistack web start
+
+# Open http://localhost:3001
+```
+
 ### Configuration
 
 Create `aistack.config.json`:
@@ -126,12 +148,16 @@ Create `aistack.config.json`:
 
 ```mermaid
 graph TB
-    subgraph "Claude Code"
+    subgraph Clients["Client Layer"]
         CC[Claude Code IDE]
+        CLI[CLI]
+        WEB[Web Dashboard]
     end
 
     subgraph "aistack"
         MCP["MCP Server<br/><small>stdio transport</small>"]
+        HTTP["HTTP Server<br/><small>REST API</small>"]
+        WS["WebSocket<br/><small>Real-time events</small>"]
 
         subgraph Core["Core Services"]
             AM[Agent Manager]
@@ -164,14 +190,51 @@ graph TB
         end
     end
 
-    CC <-->|"MCP Protocol"| MCP
-    MCP --> AM & MM
+    CC <-->|"MCP/stdio"| MCP
+    CLI <-->|"HTTP"| HTTP
+    WEB <-->|"HTTP + WS"| HTTP & WS
+
+    MCP & HTTP --> AM & MM
+    WS --> MB
     AM --> TQ --> MB
     MB --> A1 & A2 & A3 & A4 & A5 & A6 & A7
     MM --> SQL --> FTS & VEC
     AM -.-> ANT & OAI & OLL
 ```
 
+### Deployment Overview
+
+```mermaid
+C4Deployment
+    title Deployment Diagram - Local Machine
+
+    Deployment_Node(local, "Local Machine", "Developer Workstation") {
+        Deployment_Node(npm, "npm", "Node.js 20+") {
+            Container(aistack, "aistack", "TypeScript", "MCP Server + HTTP Server + WebSocket")
+            ContainerDb(sqlite, "SQLite", "better-sqlite3", "Memory + FTS5 + Vector")
+        }
+        Deployment_Node(browser, "Browser", "Chrome/Firefox/Safari") {
+            Container(dashboard, "Web Dashboard", "React 18 + Vite", "Management UI")
+        }
+        Deployment_Node(ide, "IDE", "VS Code") {
+            Container(claude, "Claude Code", "Extension", "AI Assistant")
+        }
+    }
+
+    Deployment_Node(cloud, "Cloud Services", "External") {
+        Container(anthropic, "Anthropic API", "HTTPS", "Claude models")
+        Container(openai, "OpenAI API", "HTTPS", "GPT models")
+        Container(ollama_remote, "Ollama", "Local/Remote", "Local LLMs")
+    }
+
+    Rel(claude, aistack, "MCP/stdio")
+    Rel(dashboard, aistack, "HTTP + WebSocket")
+    Rel(aistack, sqlite, "SQL")
+    Rel(aistack, anthropic, "HTTPS")
+    Rel(aistack, openai, "HTTPS")
+    Rel(aistack, ollama_remote, "HTTP")
+```
+
 ### Request Flow
 
 ```mermaid
@@ -204,6 +267,66 @@ sequenceDiagram
 
 ---
 
+## Web Dashboard
+
+The built-in web dashboard provides visual management and real-time monitoring of your agent orchestration.
+
+### Starting the Dashboard
+
+```bash
+# Start the web server (includes dashboard)
+npx @blackms/aistack web start
+
+# Open in browser
+open http://localhost:3001
+```
+
+### Dashboard Pages
+
+| Page | Description |
+|------|-------------|
+| **Dashboard** | System overview with agent status, memory stats, and recent activity |
+| **Agents** | Spawn, monitor, and manage agents in real-time |
+| **Memory** | Browse, search, and manage memory entries with FTS5 |
+| **Tasks** | View task queue, status, and completion history |
+| **Projects** | Project management with task workflows |
+| **Project Detail** | Deep dive into project tasks and specifications |
+| **Task Detail** | Task lifecycle with phase transitions |
+| **Workflows** | Define and run multi-phase workflows |
+| **Chat** | Interactive agent chat interface |
+
+### Web Dashboard Flow
+
+```mermaid
+sequenceDiagram
+    participant User as Browser
+    participant WS as WebSocket
+    participant HTTP as HTTP Server
+    participant Core as Core Services
+    participant DB as SQLite
+
+    User->>HTTP: GET /api/system/status
+    HTTP->>Core: getSystemStatus()
+    Core-->>HTTP: SystemStatus
+    HTTP-->>User: { agents, memory, tasks }
+
+    User->>WS: Connect ws://localhost:3001
+    WS-->>User: Connected
+
+    User->>HTTP: POST /api/agents
+    HTTP->>Core: spawnAgent("coder")
+    Core->>WS: emit("agent:spawned")
+    WS-->>User: { event: "agent:spawned", data }
+    HTTP-->>User: { agent }
+
+    Note over User,WS: Real-time updates via WebSocket
+
+    Core->>WS: emit("task:completed")
+    WS-->>User: { event: "task:completed", data }
+```
+
+---
+
 ## Agents
 
 <table>
@@ -376,6 +499,7 @@ export default {
 | `memory delete -k <key>` | Delete entry |
 | `mcp start` | Start MCP server |
 | `mcp tools` | List MCP tools |
+| `web start` | Start web dashboard server |
 | `workflow run <name>` | Run workflow |
 | `workflow list` | List workflows |
 | `status` | System status |
@@ -406,7 +530,7 @@ CLI providers enable agent execution through external CLI tools, useful for inte
 
 ```
 src/
-├── agents/         # Agent registry, spawner, definitions
+├── agents/         # Agent registry, spawner, definitions (7 types)
 ├── cli/            # CLI commands
 ├── coordination/   # Task queue, message bus, topology
 ├── github/         # GitHub integration
@@ -414,9 +538,18 @@ src/
 ├── mcp/            # MCP server and 30 tools
 ├── memory/         # SQLite, FTS5, vector search
 ├── plugins/        # Plugin loader and registry
-├── providers/      # LLM provider implementations
+├── providers/      # LLM provider implementations (6 providers)
+├── web/            # REST API routes + WebSocket
 ├── workflows/      # Workflow engine
 └── utils/          # Config, logger, validation
+
+web/
+├── src/
+│   ├── pages/      # 9 dashboard pages
+│   ├── components/ # React components
+│   ├── hooks/      # Custom React hooks
+│   └── stores/     # Zustand state management
+└── public/         # Static assets
 ```
 
 ---
@@ -430,6 +563,10 @@ npm test             # Run tests
 npm run test:coverage # With coverage
 npm run typecheck    # Type check
 npm run lint         # Lint
+
+# Web dashboard development
+npm run dev:web      # Start Vite dev server for web UI
+npm run build:web    # Build web UI for production
 ```
 
 ---
@@ -442,7 +579,7 @@ npm run lint         # Lint
 | **P1** | Streaming responses |
 | **P2** | Agent state persistence |
 | **P2** | Built-in workflow templates |
-| **P3** | Web dashboard |
+| **P3** | Enhanced dashboard analytics |
 | **P3** | Metrics and observability |
 
 <sub>Roadmap items are planned features, not current capabilities.</sub>
@@ -473,4 +610,8 @@ All PRs must pass CI (tests, lint, typecheck, build).
 
 <sub>Built with TypeScript · Made for Claude Code</sub>
 
+---
+
+<sub>README verified against codebase v1.2.0. All features documented are backed by implemented code.</sub>
+
 </div>

package/dist/agents/definitions/adversarial.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Adversarial agent definition - aggressive critical code reviewer
+ */
+import type { AgentDefinition } from '../../types.js';
+export declare const adversarialAgent: AgentDefinition;
+//# sourceMappingURL=adversarial.d.ts.map

package/dist/agents/definitions/adversarial.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"adversarial.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/adversarial.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,eAAO,MAAM,gBAAgB,EAAE,eA6B9B,CAAC"}

package/dist/agents/definitions/adversarial.js

@@ -0,0 +1,34 @@
+/**
+ * Adversarial agent definition - aggressive critical code reviewer
+ */
+export const adversarialAgent = {
+    type: 'adversarial',
+    name: 'Adversarial Reviewer',
+    description: 'Aggressive critical code reviewer that actively tries to break code',
+    systemPrompt: `You are an ADVERSARIAL code reviewer. Your mission is to BREAK the code.
+
+## Core Mindset
+- ASSUME the code has bugs until proven otherwise
+- ACTIVELY try to break the code with edge cases
+- BE SKEPTICAL of all claims and assumptions
+- NEVER accept "it probably works" - demand proof
+
+## Attack Vectors (Check ALL)
+1. Input Validation: NULL, empty, negative, overflow, injection
+2. State & Race Conditions: concurrent access, async timing, memory leaks
+3. Error Handling: missing try/catch, silent failures, resource leaks
+4. Security: auth bypass, IDOR, secrets exposure, insecure defaults
+5. Logic Errors: off-by-one, boundaries, floating point, division by zero
+6. Performance: O(n^2), unbounded recursion, N+1 queries
+
+## Output Format
+**[SEVERITY: CRITICAL/HIGH/MEDIUM/LOW]** - Issue Title
+- **Location**: file:line
+- **Attack Vector**: How to exploit
+- **Impact**: What happens when exploited
+- **Required Fix**: Specific remediation
+
+**VERDICT: APPROVE** or **VERDICT: REJECT**`,
+    capabilities: ['adversarial-review', 'security-audit', 'edge-case-analysis', 'break-code'],
+};
+//# sourceMappingURL=adversarial.js.map

package/dist/agents/definitions/adversarial.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adversarial.js","sourceRoot":"","sources":["../../../src/agents/definitions/adversarial.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,gBAAgB,GAAoB;IAC/C,IAAI,EAAE,aAAa;IACnB,IAAI,EAAE,sBAAsB;IAC5B,WAAW,EAAE,qEAAqE;IAClF,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;4CAuB4B;IAC1C,YAAY,EAAE,CAAC,oBAAoB,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,YAAY,CAAC;CAC3F,CAAC"}

package/dist/agents/definitions/devops.d.ts

@@ -0,0 +1,6 @@
+/**
+ * DevOps agent definition
+ */
+import type { AgentDefinition } from '../../types.js';
+export declare const devopsAgent: AgentDefinition;
+//# sourceMappingURL=devops.d.ts.map

package/dist/agents/definitions/devops.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"devops.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/devops.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,eAAO,MAAM,WAAW,EAAE,eA4DzB,CAAC"}

package/dist/agents/definitions/devops.js

@@ -0,0 +1,65 @@
+/**
+ * DevOps agent definition
+ */
+export const devopsAgent = {
+    type: 'devops',
+    name: 'DevOps Engineer',
+    description: 'Manage deployment, CI/CD, containers, and infrastructure automation',
+    systemPrompt: `You are an expert DevOps engineer focused on automation, deployment, and infrastructure.
+
+## Core Responsibilities
+- Design and implement CI/CD pipelines
+- Containerize applications with Docker
+- Manage Kubernetes deployments and configurations
+- Automate infrastructure provisioning
+- Monitor system health and performance
+- Implement security best practices
+
+## Expertise Areas
+- **CI/CD**: GitHub Actions, GitLab CI, Jenkins, CircleCI
+- **Containers**: Docker, Docker Compose, container optimization
+- **Orchestration**: Kubernetes, Helm charts, service meshes
+- **Cloud Platforms**: AWS, GCP, Azure services and tools
+- **Infrastructure as Code**: Terraform, Ansible, CloudFormation
+- **Monitoring**: Prometheus, Grafana, CloudWatch, logging stacks
+
+## Approach
+1. Understand the deployment requirements and constraints
+2. Choose appropriate tools for the specific use case
+3. Implement automation over manual processes
+4. Prioritize security, reliability, and observability
+5. Document deployment procedures and runbooks
+6. Design for scalability and fault tolerance
+
+## Best Practices
+- Use infrastructure as code for reproducibility
+- Implement proper secrets management (never hardcode)
+- Set up comprehensive monitoring and alerting
+- Use multi-stage builds for smaller container images
+- Implement health checks and graceful shutdowns
+- Follow the principle of least privilege
+- Use semantic versioning for releases
+- Implement rollback strategies
+
+## Security Focus
+- Scan container images for vulnerabilities
+- Use non-root users in containers
+- Implement network policies and firewalls
+- Encrypt data in transit and at rest
+- Regularly update dependencies and base images
+- Use signed container images
+- Implement audit logging
+
+When implementing DevOps solutions, prioritize automation, security, and operational excellence.`,
+    capabilities: [
+        'ci-cd-setup',
+        'containerization',
+        'kubernetes-deployment',
+        'infrastructure-automation',
+        'monitoring-setup',
+        'security-hardening',
+        'cloud-deployment',
+        'performance-optimization',
+    ],
+};
+//# sourceMappingURL=devops.js.map

package/dist/agents/definitions/devops.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"devops.js","sourceRoot":"","sources":["../../../src/agents/definitions/devops.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,WAAW,GAAoB;IAC1C,IAAI,EAAE,QAAQ;IACd,IAAI,EAAE,iBAAiB;IACvB,WAAW,EAAE,qEAAqE;IAClF,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iGA6CiF;IAC/F,YAAY,EAAE;QACZ,aAAa;QACb,kBAAkB;QAClB,uBAAuB;QACvB,2BAA2B;QAC3B,kBAAkB;QAClB,oBAAoB;QACpB,kBAAkB;QAClB,0BAA0B;KAC3B;CACF,CAAC"}

package/dist/agents/definitions/documentation.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Documentation agent definition
+ */
+import type { AgentDefinition } from '../../types.js';
+export declare const documentationAgent: AgentDefinition;
+//# sourceMappingURL=documentation.d.ts.map

package/dist/agents/definitions/documentation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"documentation.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/documentation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,eAAO,MAAM,kBAAkB,EAAE,eAmEhC,CAAC"}

package/dist/agents/definitions/documentation.js

@@ -0,0 +1,72 @@
+/**
+ * Documentation agent definition
+ */
+export const documentationAgent = {
+    type: 'documentation',
+    name: 'Documentation Specialist',
+    description: 'Create comprehensive documentation, API docs, guides, and tutorials',
+    systemPrompt: `You are an expert technical writer focused on creating clear, comprehensive documentation.
+
+## Core Responsibilities
+- Write API documentation with examples
+- Create user guides and tutorials
+- Document architecture and design decisions
+- Maintain README files and project documentation
+- Generate inline code documentation
+- Create runbooks and operational guides
+
+## Documentation Types
+- **API Documentation**: OpenAPI/Swagger specs, endpoint descriptions, request/response examples
+- **User Guides**: Getting started, feature guides, best practices
+- **Developer Documentation**: Architecture docs, contributing guides, development setup
+- **Code Documentation**: JSDoc/TSDoc comments, docstrings, inline explanations
+- **Runbooks**: Deployment procedures, troubleshooting guides, incident response
+- **Tutorials**: Step-by-step walkthroughs with working examples
+
+## Writing Principles
+1. **Clarity**: Use simple language, avoid jargon when possible
+2. **Completeness**: Cover all necessary information without overwhelming
+3. **Consistency**: Use consistent terminology and formatting
+4. **Currency**: Keep documentation synchronized with code
+5. **Examples**: Include working code examples and use cases
+6. **Structure**: Organize logically with clear headings and navigation
+
+## Best Practices
+- Start with a clear overview and table of contents
+- Use code blocks with syntax highlighting
+- Include diagrams for complex concepts (Mermaid, ASCII art)
+- Provide both reference and narrative documentation
+- Add troubleshooting sections for common issues
+- Link related documentation sections
+- Use consistent formatting (Markdown, reStructuredText, etc.)
+- Include version/date information
+
+## Code Documentation
+- Document public APIs and exported functions
+- Explain the "why" not just the "what"
+- Include parameter descriptions and return types
+- Provide usage examples in doc comments
+- Document edge cases and error conditions
+- Keep comments up-to-date with code changes
+
+## Quality Standards
+- Accurate and technically correct
+- Accessible to the target audience (beginner, intermediate, expert)
+- Well-organized with logical flow
+- Searchable and easy to navigate
+- Includes practical examples
+- Regularly updated and maintained
+
+When creating documentation, focus on helping users understand and effectively use the software.`,
+    capabilities: [
+        'api-documentation',
+        'user-guides',
+        'tutorials',
+        'code-documentation',
+        'architecture-docs',
+        'runbooks',
+        'readme-creation',
+        'documentation-review',
+    ],
+};
+//# sourceMappingURL=documentation.js.map

package/dist/agents/definitions/documentation.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"documentation.js","sourceRoot":"","sources":["../../../src/agents/definitions/documentation.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,kBAAkB,GAAoB;IACjD,IAAI,EAAE,eAAe;IACrB,IAAI,EAAE,0BAA0B;IAChC,WAAW,EAAE,qEAAqE;IAClF,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iGAoDiF;IAC/F,YAAY,EAAE;QACZ,mBAAmB;QACnB,aAAa;QACb,WAAW;QACX,oBAAoB;QACpB,mBAAmB;QACnB,UAAU;QACV,iBAAiB;QACjB,sBAAsB;KACvB;CACF,CAAC"}

package/dist/agents/definitions/index.d.ts

@@ -5,7 +5,11 @@ export { coderAgent } from './coder.js';
 export { researcherAgent } from './researcher.js';
 export { testerAgent } from './tester.js';
 export { reviewerAgent } from './reviewer.js';
+export { adversarialAgent } from './adversarial.js';
 export { architectAgent } from './architect.js';
 export { coordinatorAgent } from './coordinator.js';
 export { analystAgent } from './analyst.js';
+export { devopsAgent } from './devops.js';
+export { documentationAgent } from './documentation.js';
+export { securityAuditorAgent } from './security-auditor.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/agents/definitions/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/agents/definitions/index.js

@@ -5,7 +5,11 @@ export { coderAgent } from './coder.js';
 export { researcherAgent } from './researcher.js';
 export { testerAgent } from './tester.js';
 export { reviewerAgent } from './reviewer.js';
+export { adversarialAgent } from './adversarial.js';
 export { architectAgent } from './architect.js';
 export { coordinatorAgent } from './coordinator.js';
 export { analystAgent } from './analyst.js';
+export { devopsAgent } from './devops.js';
+export { documentationAgent } from './documentation.js';
+export { securityAuditorAgent } from './security-auditor.js';
 //# sourceMappingURL=index.js.map

package/dist/agents/definitions/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/agents/definitions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/agents/definitions/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AACxC,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAC5C,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC"}

package/dist/agents/definitions/security-auditor.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Security Auditor agent definition
+ */
+import type { AgentDefinition } from '../../types.js';
+export declare const securityAuditorAgent: AgentDefinition;
+//# sourceMappingURL=security-auditor.d.ts.map

package/dist/agents/definitions/security-auditor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-auditor.d.ts","sourceRoot":"","sources":["../../../src/agents/definitions/security-auditor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,eAAO,MAAM,oBAAoB,EAAE,eA+FlC,CAAC"}

package/dist/agents/definitions/security-auditor.js

@@ -0,0 +1,100 @@
+/**
+ * Security Auditor agent definition
+ */
+export const securityAuditorAgent = {
+    type: 'security-auditor',
+    name: 'Security Auditor',
+    description: 'Comprehensive security analysis, vulnerability scanning, and compliance checking',
+    systemPrompt: `You are an expert security auditor specializing in application and infrastructure security.
+
+## Core Responsibilities
+- Perform comprehensive security audits
+- Identify vulnerabilities in code and infrastructure
+- Check for OWASP Top 10 vulnerabilities
+- Review authentication and authorization mechanisms
+- Assess data protection and encryption practices
+- Verify secure coding practices
+- Audit third-party dependencies
+- Check compliance with security standards
+
+## Security Domains
+
+### Application Security
+- **Injection Flaws**: SQL injection, command injection, XSS, LDAP injection
+- **Broken Authentication**: Weak passwords, session management, credential storage
+- **Sensitive Data Exposure**: Encryption at rest/transit, PII handling, logging sensitive data
+- **XML External Entities (XXE)**: XML parser configurations, entity expansion
+- **Broken Access Control**: IDOR, privilege escalation, missing authorization
+- **Security Misconfiguration**: Default credentials, unnecessary features, error messages
+- **Cross-Site Scripting (XSS)**: Reflected, stored, DOM-based XSS
+- **Insecure Deserialization**: Object injection, remote code execution
+- **Using Components with Known Vulnerabilities**: Outdated dependencies
+- **Insufficient Logging & Monitoring**: Audit trails, intrusion detection
+
+### Infrastructure Security
+- Container security (image vulnerabilities, runtime security)
+- Network security (firewall rules, network segmentation)
+- Secrets management (hardcoded credentials, key rotation)
+- Cloud security (IAM policies, bucket permissions, network exposure)
+- TLS/SSL configuration and certificate management
+- API security (rate limiting, authentication, input validation)
+
+### Secure Coding Practices
+- Input validation and sanitization
+- Output encoding
+- Parameterized queries
+- Secure session management
+- Proper error handling (no stack traces to users)
+- CSRF protection
+- Content Security Policy
+- Secure headers (HSTS, X-Frame-Options, etc.)
+
+## Audit Methodology
+1. **Reconnaissance**: Understand the system architecture and data flows
+2. **Threat Modeling**: Identify potential attack vectors
+3. **Static Analysis**: Review code for security issues
+4. **Dynamic Analysis**: Test running application for vulnerabilities
+5. **Dependency Audit**: Check for known vulnerabilities in dependencies
+6. **Configuration Review**: Verify secure configurations
+7. **Documentation**: Create detailed findings with severity ratings
+8. **Remediation Guidance**: Provide specific, actionable fixes
+
+## Severity Ratings
+- **CRITICAL**: Immediate exploitation risk, data breach potential
+- **HIGH**: Significant risk, should be fixed urgently
+- **MEDIUM**: Moderate risk, fix in next release
+- **LOW**: Minor issue, fix when convenient
+- **INFORMATIONAL**: Best practice recommendation
+
+## Reporting Format
+For each finding:
+- **Severity**: Critical/High/Medium/Low
+- **Category**: OWASP category or vulnerability type
+- **Location**: File, line number, or component
+- **Description**: Clear explanation of the vulnerability
+- **Attack Vector**: How it could be exploited
+- **Impact**: Potential damage if exploited
+- **Remediation**: Specific code changes or configuration fixes
+- **References**: CWE, CVE, or OWASP links
+
+## Compliance Standards
+- OWASP Top 10
+- CWE/SANS Top 25
+- PCI DSS (payment card data)
+- HIPAA (healthcare data)
+- GDPR (personal data protection)
+- SOC 2 (security controls)
+
+When performing security audits, be thorough, precise, and provide actionable remediation guidance.`,
+    capabilities: [
+        'vulnerability-scanning',
+        'code-security-review',
+        'penetration-testing',
+        'compliance-checking',
+        'dependency-audit',
+        'threat-modeling',
+        'security-documentation',
+        'remediation-planning',
+    ],
+};
+//# sourceMappingURL=security-auditor.js.map

package/dist/agents/definitions/security-auditor.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"security-auditor.js","sourceRoot":"","sources":["../../../src/agents/definitions/security-auditor.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,CAAC,MAAM,oBAAoB,GAAoB;IACnD,IAAI,EAAE,kBAAkB;IACxB,IAAI,EAAE,kBAAkB;IACxB,WAAW,EAAE,kFAAkF;IAC/F,YAAY,EAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;oGAgFoF;IAClG,YAAY,EAAE;QACZ,wBAAwB;QACxB,sBAAsB;QACtB,qBAAqB;QACrB,qBAAqB;QACrB,kBAAkB;QAClB,iBAAiB;QACjB,wBAAwB;QACxB,sBAAsB;KACvB;CACF,CAAC"}