@devo-bmad-custom/agent-orchestration 1.0.1 → 1.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (614) hide show
  1. package/lib/installer.js +44 -11
  2. package/package.json +1 -1
  3. package/src/.agents/skills/audit-website/README.md +20 -20
  4. package/src/.agents/skills/audit-website/SKILL.md +470 -470
  5. package/src/.agents/skills/audit-website/agents/openai.yaml +6 -6
  6. package/src/.agents/skills/audit-website/assets/icon-small.svg +41 -41
  7. package/src/.agents/skills/audit-website/references/OUTPUT-FORMAT.md +250 -250
  8. package/src/.agents/skills/clean-code-standards/SKILL.md +104 -104
  9. package/src/.agents/skills/excalidraw-dark-standard/SKILL.md +281 -281
  10. package/src/.agents/skills/frontend-responsive-design-standards/SKILL.md +434 -434
  11. package/src/.agents/skills/java-fundamentals/SKILL.md +116 -116
  12. package/src/.agents/skills/java-performance/SKILL.md +119 -119
  13. package/src/.agents/skills/next-best-practices/SKILL.md +153 -153
  14. package/src/.agents/skills/next-best-practices/async-patterns.md +87 -87
  15. package/src/.agents/skills/next-best-practices/bundling.md +180 -180
  16. package/src/.agents/skills/next-best-practices/data-patterns.md +297 -297
  17. package/src/.agents/skills/next-best-practices/debug-tricks.md +105 -105
  18. package/src/.agents/skills/next-best-practices/directives.md +73 -73
  19. package/src/.agents/skills/next-best-practices/error-handling.md +227 -227
  20. package/src/.agents/skills/next-best-practices/file-conventions.md +140 -140
  21. package/src/.agents/skills/next-best-practices/font.md +245 -245
  22. package/src/.agents/skills/next-best-practices/functions.md +108 -108
  23. package/src/.agents/skills/next-best-practices/hydration-error.md +91 -91
  24. package/src/.agents/skills/next-best-practices/image.md +173 -173
  25. package/src/.agents/skills/next-best-practices/metadata.md +301 -301
  26. package/src/.agents/skills/next-best-practices/parallel-routes.md +287 -287
  27. package/src/.agents/skills/next-best-practices/route-handlers.md +146 -146
  28. package/src/.agents/skills/next-best-practices/rsc-boundaries.md +159 -159
  29. package/src/.agents/skills/next-best-practices/runtime-selection.md +39 -39
  30. package/src/.agents/skills/next-best-practices/scripts.md +141 -141
  31. package/src/.agents/skills/next-best-practices/self-hosting.md +371 -371
  32. package/src/.agents/skills/next-best-practices/suspense-boundaries.md +67 -67
  33. package/src/.agents/skills/nextjs-app-router-patterns/SKILL.md +537 -537
  34. package/src/.agents/skills/postgresql-optimization/SKILL.md +404 -404
  35. package/src/.agents/skills/python-backend/SKILL.md +153 -153
  36. package/src/.agents/skills/python-fundamentals/SKILL.md +234 -234
  37. package/src/.agents/skills/python-performance/SKILL.md +404 -404
  38. package/src/.agents/skills/react-expert/SKILL.md +335 -335
  39. package/src/.agents/skills/redis-best-practices/SKILL.md +438 -438
  40. package/src/.agents/skills/security-best-practices/SKILL.md +288 -288
  41. package/src/.agents/skills/security-review/LICENSE +22 -22
  42. package/src/.agents/skills/security-review/SKILL.md +312 -312
  43. package/src/.agents/skills/security-review/infrastructure/docker.md +432 -432
  44. package/src/.agents/skills/security-review/languages/javascript.md +388 -388
  45. package/src/.agents/skills/security-review/languages/python.md +363 -363
  46. package/src/.agents/skills/security-review/references/api-security.md +519 -519
  47. package/src/.agents/skills/security-review/references/authentication.md +353 -353
  48. package/src/.agents/skills/security-review/references/authorization.md +372 -372
  49. package/src/.agents/skills/security-review/references/business-logic.md +443 -443
  50. package/src/.agents/skills/security-review/references/cryptography.md +329 -329
  51. package/src/.agents/skills/security-review/references/csrf.md +398 -398
  52. package/src/.agents/skills/security-review/references/data-protection.md +378 -378
  53. package/src/.agents/skills/security-review/references/deserialization.md +410 -410
  54. package/src/.agents/skills/security-review/references/error-handling.md +436 -436
  55. package/src/.agents/skills/security-review/references/file-security.md +457 -457
  56. package/src/.agents/skills/security-review/references/injection.md +259 -259
  57. package/src/.agents/skills/security-review/references/logging.md +433 -433
  58. package/src/.agents/skills/security-review/references/misconfiguration.md +435 -435
  59. package/src/.agents/skills/security-review/references/modern-threats.md +475 -475
  60. package/src/.agents/skills/security-review/references/ssrf.md +415 -415
  61. package/src/.agents/skills/security-review/references/supply-chain.md +405 -405
  62. package/src/.agents/skills/security-review/references/xss.md +336 -336
  63. package/src/.agents/skills/subagent-driven-development/SKILL.md +275 -275
  64. package/src/.agents/skills/subagent-driven-development/code-quality-reviewer-prompt.md +26 -26
  65. package/src/.agents/skills/subagent-driven-development/implementer-prompt.md +113 -113
  66. package/src/.agents/skills/subagent-driven-development/spec-reviewer-prompt.md +61 -61
  67. package/src/.agents/skills/systematic-debugging/CREATION-LOG.md +119 -119
  68. package/src/.agents/skills/systematic-debugging/SKILL.md +296 -296
  69. package/src/.agents/skills/systematic-debugging/condition-based-waiting-example.ts +158 -158
  70. package/src/.agents/skills/systematic-debugging/condition-based-waiting.md +115 -115
  71. package/src/.agents/skills/systematic-debugging/defense-in-depth.md +122 -122
  72. package/src/.agents/skills/systematic-debugging/root-cause-tracing.md +169 -169
  73. package/src/.agents/skills/systematic-debugging/test-academic.md +14 -14
  74. package/src/.agents/skills/systematic-debugging/test-pressure-1.md +58 -58
  75. package/src/.agents/skills/systematic-debugging/test-pressure-2.md +68 -68
  76. package/src/.agents/skills/systematic-debugging/test-pressure-3.md +69 -69
  77. package/src/.agents/skills/typescript-best-practices/SKILL.md +373 -373
  78. package/src/.agents/skills/ui-ux-pro-custom/SKILL.md +348 -348
  79. package/src/.agents/skills/ui-ux-pro-custom/data/charts.csv +26 -26
  80. package/src/.agents/skills/ui-ux-pro-custom/data/colors.csv +97 -97
  81. package/src/.agents/skills/ui-ux-pro-custom/data/icons.csv +101 -101
  82. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/SKILL.md +106 -106
  83. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/accessibility.md +475 -475
  84. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/animation.md +466 -466
  85. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/composition-locals.md +231 -231
  86. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/deprecated-patterns.md +323 -323
  87. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/lists-scrolling.md +400 -400
  88. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/modifiers.md +331 -331
  89. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/navigation.md +416 -416
  90. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/performance.md +446 -446
  91. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/side-effects.md +516 -516
  92. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/source-code/foundation-source.md +13327 -13327
  93. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/source-code/material3-source.md +19097 -19097
  94. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/source-code/navigation-source.md +2947 -2947
  95. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/source-code/runtime-source.md +11316 -11316
  96. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/source-code/ui-source.md +7896 -7896
  97. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/state-management.md +377 -377
  98. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/styles-experimental.md +470 -470
  99. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/theming-material3.md +349 -349
  100. package/src/.agents/skills/ui-ux-pro-custom/data/jetpack-compose-expert-skill/references/view-composition.md +595 -595
  101. package/src/.agents/skills/ui-ux-pro-custom/data/landing.csv +31 -31
  102. package/src/.agents/skills/ui-ux-pro-custom/data/mobile-ui-layout.md +654 -654
  103. package/src/.agents/skills/ui-ux-pro-custom/data/products.csv +96 -96
  104. package/src/.agents/skills/ui-ux-pro-custom/data/react-performance.csv +45 -45
  105. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/astro.csv +54 -54
  106. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/flutter.csv +53 -53
  107. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/html-tailwind.csv +56 -56
  108. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/jetpack-compose.csv +53 -53
  109. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/nextjs.csv +53 -53
  110. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/nuxt-ui.csv +51 -51
  111. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/nuxtjs.csv +59 -59
  112. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/react-native.csv +56 -56
  113. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/react.csv +54 -54
  114. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/shadcn.csv +61 -61
  115. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/svelte.csv +54 -54
  116. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/swiftui.csv +51 -51
  117. package/src/.agents/skills/ui-ux-pro-custom/data/stacks/vue.csv +50 -50
  118. package/src/.agents/skills/ui-ux-pro-custom/data/styles.csv +68 -68
  119. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/alarmkit/SKILL.md +438 -438
  120. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/alarmkit/references/alarmkit-patterns.md +584 -584
  121. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-clips/SKILL.md +436 -436
  122. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-intents/SKILL.md +489 -489
  123. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-intents/references/appintents-advanced.md +1076 -1076
  124. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-store-review/SKILL.md +340 -340
  125. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-store-review/references/privacy-manifest.md +90 -90
  126. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/app-store-review/references/review-checklists.md +106 -106
  127. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/apple-on-device-ai/SKILL.md +500 -500
  128. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/apple-on-device-ai/references/coreml-conversion.md +425 -425
  129. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/apple-on-device-ai/references/coreml-optimization.md +344 -344
  130. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/apple-on-device-ai/references/foundation-models.md +508 -508
  131. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/apple-on-device-ai/references/mlx-swift.md +285 -285
  132. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/authentication/SKILL.md +496 -496
  133. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/authentication/references/keychain-biometric.md +211 -211
  134. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/background-processing/SKILL.md +499 -499
  135. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/background-processing/references/background-task-patterns.md +390 -390
  136. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/callkit-voip/SKILL.md +461 -461
  137. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/callkit-voip/references/callkit-patterns.md +425 -425
  138. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/cloudkit-sync/SKILL.md +492 -492
  139. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/cloudkit-sync/references/cloudkit-patterns.md +461 -461
  140. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/codable-patterns/SKILL.md +467 -467
  141. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/contacts-framework/SKILL.md +425 -425
  142. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/contacts-framework/references/contacts-patterns.md +409 -409
  143. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-bluetooth/SKILL.md +491 -491
  144. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-bluetooth/references/ble-patterns.md +435 -435
  145. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-motion/SKILL.md +388 -388
  146. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-motion/references/motion-patterns.md +405 -405
  147. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-nfc/SKILL.md +495 -495
  148. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/core-nfc/references/nfc-patterns.md +420 -420
  149. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/coreml/SKILL.md +459 -459
  150. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/coreml/references/coreml-swift-integration.md +765 -765
  151. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/debugging-instruments/SKILL.md +422 -422
  152. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/debugging-instruments/references/instruments-guide.md +387 -387
  153. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/debugging-instruments/references/lldb-patterns.md +298 -298
  154. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/device-integrity/SKILL.md +477 -477
  155. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/energykit/SKILL.md +460 -460
  156. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/energykit/references/energykit-patterns.md +541 -541
  157. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/eventkit-calendar/SKILL.md +483 -483
  158. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/eventkit-calendar/references/eventkit-patterns.md +326 -326
  159. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/healthkit/SKILL.md +498 -498
  160. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/healthkit/references/healthkit-patterns.md +602 -602
  161. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/homekit-matter/SKILL.md +496 -496
  162. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/homekit-matter/references/matter-commissioning.md +455 -455
  163. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-accessibility/SKILL.md +301 -301
  164. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-accessibility/references/a11y-patterns.md +140 -140
  165. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-localization/SKILL.md +418 -418
  166. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-localization/references/formatstyle-locale.md +627 -627
  167. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-localization/references/string-catalogs.md +462 -462
  168. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-networking/SKILL.md +441 -441
  169. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-networking/references/background-websocket.md +862 -862
  170. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-networking/references/lightweight-clients.md +93 -93
  171. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-networking/references/network-framework.md +563 -563
  172. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-networking/references/urlsession-patterns.md +1116 -1116
  173. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-security/SKILL.md +496 -496
  174. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-security/references/app-review-guidelines.md +174 -174
  175. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-security/references/cryptokit-advanced.md +296 -296
  176. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-security/references/file-storage-patterns.md +354 -354
  177. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/ios-security/references/privacy-manifest.md +117 -117
  178. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/live-activities/SKILL.md +500 -500
  179. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/live-activities/references/live-activity-patterns.md +868 -868
  180. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/mapkit-location/SKILL.md +485 -485
  181. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/mapkit-location/references/corelocation-patterns.md +730 -730
  182. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/mapkit-location/references/mapkit-patterns.md +748 -748
  183. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/metrickit-diagnostics/SKILL.md +479 -479
  184. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/musickit-audio/SKILL.md +395 -395
  185. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/musickit-audio/references/musickit-patterns.md +363 -363
  186. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/natural-language/SKILL.md +412 -412
  187. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/natural-language/references/translation-patterns.md +311 -311
  188. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/passkit-wallet/SKILL.md +398 -398
  189. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/passkit-wallet/references/wallet-passes.md +254 -254
  190. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/pencilkit-drawing/SKILL.md +387 -387
  191. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/pencilkit-drawing/references/paperkit-integration.md +376 -376
  192. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/pencilkit-drawing/references/pencilkit-patterns.md +302 -302
  193. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/permissionkit/SKILL.md +446 -446
  194. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/permissionkit/references/permissionkit-patterns.md +435 -435
  195. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/photos-camera-media/SKILL.md +500 -500
  196. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/photos-camera-media/references/av-playback.md +701 -701
  197. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/photos-camera-media/references/camera-capture.md +774 -774
  198. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/photos-camera-media/references/image-loading-caching.md +869 -869
  199. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/photos-camera-media/references/photospicker-patterns.md +597 -597
  200. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/push-notifications/SKILL.md +500 -500
  201. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/push-notifications/references/notification-patterns.md +677 -677
  202. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/push-notifications/references/rich-notifications.md +745 -745
  203. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/realitykit-ar/SKILL.md +479 -479
  204. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/realitykit-ar/references/realitykit-patterns.md +480 -480
  205. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/shareplay-activities/SKILL.md +483 -483
  206. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/shareplay-activities/references/shareplay-patterns.md +544 -544
  207. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/speech-recognition/SKILL.md +485 -485
  208. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/storekit/SKILL.md +478 -478
  209. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/storekit/references/app-review-guidelines.md +58 -58
  210. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/storekit/references/storekit-advanced.md +755 -755
  211. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-charts/SKILL.md +487 -487
  212. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-charts/references/charts-patterns.md +895 -895
  213. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-concurrency/SKILL.md +408 -408
  214. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-concurrency/references/approachable-concurrency.md +80 -80
  215. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-concurrency/references/swift-6-2-concurrency.md +233 -233
  216. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-concurrency/references/swiftui-concurrency.md +187 -187
  217. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-concurrency/references/synchronization-primitives.md +341 -341
  218. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-language/SKILL.md +498 -498
  219. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-language/references/swift-patterns-extended.md +505 -505
  220. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-testing/SKILL.md +467 -467
  221. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swift-testing/references/testing-patterns.md +504 -504
  222. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftdata/SKILL.md +334 -334
  223. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftdata/references/core-data-coexistence.md +504 -504
  224. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftdata/references/swiftdata-advanced.md +975 -975
  225. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftdata/references/swiftdata-queries.md +675 -675
  226. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-animation/SKILL.md +481 -481
  227. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-animation/references/animation-advanced.md +804 -804
  228. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-animation/references/core-animation-bridge.md +553 -553
  229. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-gestures/SKILL.md +450 -450
  230. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-gestures/references/gesture-patterns.md +425 -425
  231. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-layout-components/SKILL.md +336 -336
  232. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-layout-components/references/form.md +97 -97
  233. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-layout-components/references/grids.md +69 -69
  234. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-layout-components/references/list.md +99 -99
  235. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-layout-components/references/scrollview.md +147 -147
  236. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-liquid-glass/SKILL.md +325 -325
  237. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-liquid-glass/references/liquid-glass.md +387 -387
  238. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-navigation/SKILL.md +262 -262
  239. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-navigation/references/deeplinks.md +207 -207
  240. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-navigation/references/navigationstack.md +177 -177
  241. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-navigation/references/sheets.md +169 -169
  242. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-navigation/references/tabview.md +178 -178
  243. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-patterns/SKILL.md +381 -381
  244. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-patterns/references/architecture-patterns.md +486 -486
  245. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-patterns/references/deprecated-migration.md +1097 -1097
  246. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-patterns/references/design-polish.md +780 -780
  247. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-patterns/references/platform-and-sharing.md +696 -696
  248. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-performance/SKILL.md +491 -491
  249. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-performance/references/demystify-swiftui-performance-wwdc23.md +46 -46
  250. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-performance/references/optimizing-swiftui-performance-instruments.md +29 -29
  251. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-performance/references/understanding-hangs-in-your-app.md +33 -33
  252. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-performance/references/understanding-improving-swiftui-performance.md +52 -52
  253. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-uikit-interop/SKILL.md +428 -428
  254. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-uikit-interop/references/hosting-migration.md +534 -534
  255. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/swiftui-uikit-interop/references/representable-recipes.md +1133 -1133
  256. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/tipkit/SKILL.md +494 -494
  257. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/tipkit/references/tipkit-patterns.md +782 -782
  258. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/vision-framework/SKILL.md +475 -475
  259. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/vision-framework/references/vision-requests.md +736 -736
  260. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/vision-framework/references/visionkit-scanner.md +738 -738
  261. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/weatherkit/SKILL.md +410 -410
  262. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/weatherkit/references/weatherkit-patterns.md +567 -567
  263. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/widgetkit/SKILL.md +497 -497
  264. package/src/.agents/skills/ui-ux-pro-custom/data/swift-ios-skills/widgetkit/references/widgetkit-advanced.md +871 -871
  265. package/src/.agents/skills/ui-ux-pro-custom/data/typography.csv +57 -57
  266. package/src/.agents/skills/ui-ux-pro-custom/data/ui-reasoning.csv +101 -101
  267. package/src/.agents/skills/ui-ux-pro-custom/data/ux-guidelines.csv +99 -99
  268. package/src/.agents/skills/ui-ux-pro-custom/data/web-interface.csv +31 -31
  269. package/src/.agents/skills/ui-ux-pro-custom/scripts/core.py +253 -253
  270. package/src/.agents/skills/ui-ux-pro-custom/scripts/design_system.py +1067 -1067
  271. package/src/.agents/skills/ui-ux-pro-custom/scripts/search.py +114 -114
  272. package/src/.agents/skills/ux-audit/SKILL.md +150 -150
  273. package/src/.agents/skills/websocket-engineer/SKILL.md +168 -168
  274. package/src/.agents/skills/websocket-engineer/references/alternatives.md +391 -391
  275. package/src/.agents/skills/websocket-engineer/references/patterns.md +400 -400
  276. package/src/.agents/skills/websocket-engineer/references/protocol.md +195 -195
  277. package/src/.agents/skills/websocket-engineer/references/scaling.md +333 -333
  278. package/src/.agents/skills/websocket-engineer/references/security.md +474 -474
  279. package/src/.agents/skills/writing-skills/SKILL.md +655 -655
  280. package/src/.agents/skills/writing-skills/anthropic-best-practices.md +1150 -1150
  281. package/src/.agents/skills/writing-skills/examples/CLAUDE_MD_TESTING.md +189 -189
  282. package/src/.agents/skills/writing-skills/graphviz-conventions.dot +171 -171
  283. package/src/.agents/skills/writing-skills/persuasion-principles.md +187 -187
  284. package/src/.agents/skills/writing-skills/render-graphs.js +168 -168
  285. package/src/.agents/skills/writing-skills/testing-skills-with-subagents.md +384 -384
  286. package/src/.claude/commands/bmad-track-compact.md +1 -1
  287. package/src/.claude/commands/bmad-track-extended.md +1 -1
  288. package/src/.claude/commands/bmad-track-large.md +1 -1
  289. package/src/.claude/commands/bmad-track-medium.md +1 -1
  290. package/src/.claude/commands/bmad-track-nano.md +1 -1
  291. package/src/.claude/commands/bmad-track-rv.md +1 -1
  292. package/src/.claude/commands/bmad-track-small.md +1 -1
  293. package/src/.claude/commands/master-orchestrator.md +15 -0
  294. package/src/_memory/config.yaml +11 -11
  295. package/src/_memory/master-orchestrator-sidecar/instructions.md +85 -32
  296. package/src/_memory/skills/nimbalyst-tracking/SKILL.md +103 -103
  297. package/src/_memory/skills/writing-skills/SKILL.md +655 -655
  298. package/src/bmb/agents/agent-builder.md +59 -59
  299. package/src/bmb/agents/module-builder.md +60 -60
  300. package/src/bmb/agents/workflow-builder.md +61 -61
  301. package/src/bmb/config.yaml +12 -12
  302. package/src/bmb/module-help.csv +13 -13
  303. package/src/bmb/workflows/agent/data/agent-architecture.md +258 -258
  304. package/src/bmb/workflows/agent/data/agent-compilation.md +185 -185
  305. package/src/bmb/workflows/agent/data/agent-menu-patterns.md +189 -189
  306. package/src/bmb/workflows/agent/data/agent-metadata.md +133 -133
  307. package/src/bmb/workflows/agent/data/agent-validation.md +111 -111
  308. package/src/bmb/workflows/agent/data/brainstorm-context.md +96 -96
  309. package/src/bmb/workflows/agent/data/communication-presets.csv +61 -61
  310. package/src/bmb/workflows/agent/data/critical-actions.md +75 -75
  311. package/src/bmb/workflows/agent/data/persona-properties.md +252 -252
  312. package/src/bmb/workflows/agent/data/principles-crafting.md +142 -142
  313. package/src/bmb/workflows/agent/data/reference/module-examples/architect.md +68 -68
  314. package/src/bmb/workflows/agent/data/reference/with-sidecar/journal-keeper/journal-keeper-sidecar/entries/yy-mm-dd-entry-template.md +16 -16
  315. package/src/bmb/workflows/agent/data/understanding-agent-types.md +126 -126
  316. package/src/bmb/workflows/agent/steps-c/step-01-brainstorm.md +129 -129
  317. package/src/bmb/workflows/agent/steps-c/step-02-discovery.md +170 -170
  318. package/src/bmb/workflows/agent/steps-c/step-03-sidecar-metadata.md +309 -309
  319. package/src/bmb/workflows/agent/steps-c/step-04-persona.md +213 -213
  320. package/src/bmb/workflows/agent/steps-c/step-05-commands-menu.md +179 -179
  321. package/src/bmb/workflows/agent/steps-c/step-06-activation.md +278 -278
  322. package/src/bmb/workflows/agent/steps-c/step-07-build-agent.md +316 -316
  323. package/src/bmb/workflows/agent/steps-c/step-08-celebrate.md +247 -247
  324. package/src/bmb/workflows/agent/steps-e/e-01-load-existing.md +221 -221
  325. package/src/bmb/workflows/agent/steps-e/e-02-discover-edits.md +195 -195
  326. package/src/bmb/workflows/agent/steps-e/e-04-sidecar-metadata.md +126 -126
  327. package/src/bmb/workflows/agent/steps-e/e-05-persona.md +135 -135
  328. package/src/bmb/workflows/agent/steps-e/e-06-commands-menu.md +123 -123
  329. package/src/bmb/workflows/agent/steps-e/e-07-activation.md +124 -124
  330. package/src/bmb/workflows/agent/steps-e/e-08-edit-agent.md +197 -197
  331. package/src/bmb/workflows/agent/steps-e/e-09-celebrate.md +155 -155
  332. package/src/bmb/workflows/agent/steps-v/v-01-load-review.md +137 -137
  333. package/src/bmb/workflows/agent/steps-v/v-02a-validate-metadata.md +116 -116
  334. package/src/bmb/workflows/agent/steps-v/v-02b-validate-persona.md +124 -124
  335. package/src/bmb/workflows/agent/steps-v/v-02c-validate-menu.md +127 -127
  336. package/src/bmb/workflows/agent/steps-v/v-02d-validate-structure.md +134 -134
  337. package/src/bmb/workflows/agent/steps-v/v-02e-validate-sidecar.md +134 -134
  338. package/src/bmb/workflows/agent/steps-v/v-03-summary.md +104 -104
  339. package/src/bmb/workflows/agent/templates/agent-plan.template.md +5 -5
  340. package/src/bmb/workflows/agent/templates/agent-template.md +89 -89
  341. package/src/bmb/workflows/agent/workflow-create-agent.md +72 -72
  342. package/src/bmb/workflows/agent/workflow-edit-agent.md +75 -75
  343. package/src/bmb/workflows/agent/workflow-validate-agent.md +73 -73
  344. package/src/bmb/workflows/module/data/agent-architecture.md +179 -179
  345. package/src/bmb/workflows/module/data/agent-spec-template.md +79 -79
  346. package/src/bmb/workflows/module/data/module-standards.md +263 -263
  347. package/src/bmb/workflows/module/data/module-yaml-conventions.md +392 -392
  348. package/src/bmb/workflows/module/module-help-generate.md +254 -254
  349. package/src/bmb/workflows/module/steps-b/step-01-welcome.md +148 -148
  350. package/src/bmb/workflows/module/steps-b/step-02-spark.md +141 -141
  351. package/src/bmb/workflows/module/steps-b/step-03-module-type.md +149 -149
  352. package/src/bmb/workflows/module/steps-b/step-04-vision.md +83 -83
  353. package/src/bmb/workflows/module/steps-b/step-05-identity.md +97 -97
  354. package/src/bmb/workflows/module/steps-b/step-06-users.md +86 -86
  355. package/src/bmb/workflows/module/steps-b/step-07-value.md +76 -76
  356. package/src/bmb/workflows/module/steps-b/step-08-agents.md +97 -97
  357. package/src/bmb/workflows/module/steps-b/step-09-workflows.md +83 -83
  358. package/src/bmb/workflows/module/steps-b/step-10-tools.md +91 -91
  359. package/src/bmb/workflows/module/steps-b/step-11-scenarios.md +84 -84
  360. package/src/bmb/workflows/module/steps-b/step-12-creative.md +95 -95
  361. package/src/bmb/workflows/module/steps-b/step-13-review.md +105 -105
  362. package/src/bmb/workflows/module/steps-b/step-14-finalize.md +117 -117
  363. package/src/bmb/workflows/module/steps-c/step-01-load-brief.md +179 -179
  364. package/src/bmb/workflows/module/steps-c/step-01b-continue.md +82 -82
  365. package/src/bmb/workflows/module/steps-c/step-02-structure.md +105 -105
  366. package/src/bmb/workflows/module/steps-c/step-03-config.md +119 -119
  367. package/src/bmb/workflows/module/steps-c/step-04-agents.md +168 -168
  368. package/src/bmb/workflows/module/steps-c/step-05-workflows.md +184 -184
  369. package/src/bmb/workflows/module/steps-c/step-06-docs.md +401 -401
  370. package/src/bmb/workflows/module/steps-c/step-07-complete.md +152 -152
  371. package/src/bmb/workflows/module/steps-e/step-01-load-target.md +81 -81
  372. package/src/bmb/workflows/module/steps-e/step-02-select-edit.md +77 -77
  373. package/src/bmb/workflows/module/steps-e/step-03-apply-edit.md +77 -77
  374. package/src/bmb/workflows/module/steps-e/step-04-review.md +80 -80
  375. package/src/bmb/workflows/module/steps-e/step-05-confirm.md +75 -75
  376. package/src/bmb/workflows/module/steps-v/step-01-load-target.md +96 -96
  377. package/src/bmb/workflows/module/steps-v/step-02-file-structure.md +93 -93
  378. package/src/bmb/workflows/module/steps-v/step-03-module-yaml.md +99 -99
  379. package/src/bmb/workflows/module/steps-v/step-04-agent-specs.md +152 -152
  380. package/src/bmb/workflows/module/steps-v/step-05-workflow-specs.md +152 -152
  381. package/src/bmb/workflows/module/steps-v/step-06-documentation.md +143 -143
  382. package/src/bmb/workflows/module/steps-v/step-07-installation.md +102 -102
  383. package/src/bmb/workflows/module/steps-v/step-08-report.md +197 -197
  384. package/src/bmb/workflows/module/templates/brief-template.md +154 -154
  385. package/src/bmb/workflows/module/templates/workflow-spec-template.md +96 -96
  386. package/src/bmb/workflows/module/workflow-create-module-brief.md +71 -71
  387. package/src/bmb/workflows/module/workflow-create-module.md +86 -86
  388. package/src/bmb/workflows/module/workflow-edit-module.md +66 -66
  389. package/src/bmb/workflows/module/workflow-validate-module.md +66 -66
  390. package/src/bmb/workflows/workflow/data/architecture.md +150 -150
  391. package/src/bmb/workflows/workflow/data/common-workflow-tools.csv +19 -19
  392. package/src/bmb/workflows/workflow/data/csv-data-file-standards.md +53 -53
  393. package/src/bmb/workflows/workflow/data/frontmatter-standards.md +184 -184
  394. package/src/bmb/workflows/workflow/data/input-discovery-standards.md +191 -191
  395. package/src/bmb/workflows/workflow/data/intent-vs-prescriptive-spectrum.md +44 -44
  396. package/src/bmb/workflows/workflow/data/menu-handling-standards.md +133 -133
  397. package/src/bmb/workflows/workflow/data/output-format-standards.md +135 -135
  398. package/src/bmb/workflows/workflow/data/step-file-rules.md +235 -235
  399. package/src/bmb/workflows/workflow/data/step-type-patterns.md +257 -257
  400. package/src/bmb/workflows/workflow/data/subprocess-optimization-patterns.md +188 -188
  401. package/src/bmb/workflows/workflow/data/trimodal-workflow-structure.md +164 -164
  402. package/src/bmb/workflows/workflow/data/workflow-chaining-standards.md +222 -222
  403. package/src/bmb/workflows/workflow/data/workflow-examples.md +232 -232
  404. package/src/bmb/workflows/workflow/data/workflow-type-criteria.md +134 -134
  405. package/src/bmb/workflows/workflow/steps-c/step-00-conversion.md +263 -263
  406. package/src/bmb/workflows/workflow/steps-c/step-01-discovery.md +194 -194
  407. package/src/bmb/workflows/workflow/steps-c/step-01b-continuation.md +3 -3
  408. package/src/bmb/workflows/workflow/steps-c/step-02-classification.md +270 -270
  409. package/src/bmb/workflows/workflow/steps-c/step-03-requirements.md +283 -283
  410. package/src/bmb/workflows/workflow/steps-c/step-04-tools.md +282 -282
  411. package/src/bmb/workflows/workflow/steps-c/step-05-plan-review.md +243 -243
  412. package/src/bmb/workflows/workflow/steps-c/step-06-design.md +330 -330
  413. package/src/bmb/workflows/workflow/steps-c/step-07-foundation.md +239 -239
  414. package/src/bmb/workflows/workflow/steps-c/step-08-build-step-01.md +379 -379
  415. package/src/bmb/workflows/workflow/steps-c/step-09-build-next-step.md +350 -350
  416. package/src/bmb/workflows/workflow/steps-c/step-10-confirmation.md +322 -322
  417. package/src/bmb/workflows/workflow/steps-c/step-11-completion.md +191 -191
  418. package/src/bmb/workflows/workflow/steps-e/step-e-01-assess-workflow.md +237 -237
  419. package/src/bmb/workflows/workflow/steps-e/step-e-02-discover-edits.md +251 -251
  420. package/src/bmb/workflows/workflow/steps-e/step-e-03-fix-validation.md +254 -254
  421. package/src/bmb/workflows/workflow/steps-e/step-e-04-direct-edit.md +277 -277
  422. package/src/bmb/workflows/workflow/steps-e/step-e-05-apply-edit.md +154 -154
  423. package/src/bmb/workflows/workflow/steps-e/step-e-06-validate-after.md +190 -190
  424. package/src/bmb/workflows/workflow/steps-e/step-e-07-complete.md +206 -206
  425. package/src/bmb/workflows/workflow/steps-v/step-01-validate-max-mode.md +109 -109
  426. package/src/bmb/workflows/workflow/steps-v/step-01-validate.md +221 -221
  427. package/src/bmb/workflows/workflow/steps-v/step-01b-structure.md +152 -152
  428. package/src/bmb/workflows/workflow/steps-v/step-02-frontmatter-validation.md +199 -199
  429. package/src/bmb/workflows/workflow/steps-v/step-02b-path-violations.md +265 -265
  430. package/src/bmb/workflows/workflow/steps-v/step-03-menu-validation.md +164 -164
  431. package/src/bmb/workflows/workflow/steps-v/step-04-step-type-validation.md +211 -211
  432. package/src/bmb/workflows/workflow/steps-v/step-05-output-format-validation.md +200 -200
  433. package/src/bmb/workflows/workflow/steps-v/step-06-validation-design-check.md +195 -195
  434. package/src/bmb/workflows/workflow/steps-v/step-07-instruction-style-check.md +209 -209
  435. package/src/bmb/workflows/workflow/steps-v/step-08-collaborative-experience-check.md +199 -199
  436. package/src/bmb/workflows/workflow/steps-v/step-08b-subprocess-optimization.md +179 -179
  437. package/src/bmb/workflows/workflow/steps-v/step-09-cohesive-review.md +186 -186
  438. package/src/bmb/workflows/workflow/steps-v/step-10-report-complete.md +154 -154
  439. package/src/bmb/workflows/workflow/steps-v/step-11-plan-validation.md +237 -237
  440. package/src/bmb/workflows/workflow/templates/minimal-output-template.md +11 -11
  441. package/src/bmb/workflows/workflow/templates/step-01-init-continuable-template.md +241 -241
  442. package/src/bmb/workflows/workflow/templates/step-1b-template.md +224 -224
  443. package/src/bmb/workflows/workflow/templates/step-template.md +294 -294
  444. package/src/bmb/workflows/workflow/templates/workflow-template.md +102 -102
  445. package/src/bmb/workflows/workflow/workflow-create-workflow.md +79 -79
  446. package/src/bmb/workflows/workflow/workflow-edit-workflow.md +65 -65
  447. package/src/bmb/workflows/workflow/workflow-rework-workflow.md +65 -65
  448. package/src/bmb/workflows/workflow/workflow-validate-max-parallel-workflow.md +66 -66
  449. package/src/bmb/workflows/workflow/workflow-validate-workflow.md +65 -65
  450. package/src/bmm/agents/analyst.md +104 -104
  451. package/src/bmm/agents/dev.md +100 -100
  452. package/src/bmm/agents/qa.md +100 -90
  453. package/src/bmm/agents/review-agent.md +1 -1
  454. package/src/bmm/agents/tech-writer/tech-writer.md +94 -94
  455. package/src/bmm/module-help.csv +31 -31
  456. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-01-init.md +115 -115
  457. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-01b-continue.md +107 -107
  458. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-02-vision.md +141 -141
  459. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-03-users.md +144 -144
  460. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-04-metrics.md +147 -147
  461. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-05-scope.md +161 -161
  462. package/src/bmm/workflows/1-analysis/create-product-brief/steps/step-06-complete.md +99 -99
  463. package/src/bmm/workflows/1-analysis/create-product-brief/workflow.md +57 -57
  464. package/src/bmm/workflows/1-analysis/research/domain-steps/step-01-init.md +87 -87
  465. package/src/bmm/workflows/1-analysis/research/domain-steps/step-02-domain-analysis.md +156 -156
  466. package/src/bmm/workflows/1-analysis/research/domain-steps/step-03-competitive-landscape.md +165 -165
  467. package/src/bmm/workflows/1-analysis/research/domain-steps/step-04-regulatory-focus.md +140 -140
  468. package/src/bmm/workflows/1-analysis/research/domain-steps/step-05-technical-trends.md +152 -152
  469. package/src/bmm/workflows/1-analysis/research/domain-steps/step-06-research-synthesis.md +345 -345
  470. package/src/bmm/workflows/1-analysis/research/market-steps/step-01-init.md +92 -92
  471. package/src/bmm/workflows/1-analysis/research/market-steps/step-02-customer-behavior.md +164 -164
  472. package/src/bmm/workflows/1-analysis/research/market-steps/step-03-customer-pain-points.md +174 -174
  473. package/src/bmm/workflows/1-analysis/research/market-steps/step-04-customer-decisions.md +184 -184
  474. package/src/bmm/workflows/1-analysis/research/market-steps/step-05-competitive-analysis.md +105 -105
  475. package/src/bmm/workflows/1-analysis/research/market-steps/step-06-research-completion.md +360 -360
  476. package/src/bmm/workflows/1-analysis/research/technical-steps/step-01-init.md +87 -87
  477. package/src/bmm/workflows/1-analysis/research/technical-steps/step-02-technical-overview.md +165 -165
  478. package/src/bmm/workflows/1-analysis/research/technical-steps/step-03-integration-patterns.md +174 -174
  479. package/src/bmm/workflows/1-analysis/research/technical-steps/step-04-architectural-patterns.md +141 -141
  480. package/src/bmm/workflows/1-analysis/research/technical-steps/step-05-implementation-research.md +159 -159
  481. package/src/bmm/workflows/1-analysis/research/technical-steps/step-06-research-synthesis.md +387 -387
  482. package/src/bmm/workflows/1-analysis/research/workflow-domain-research.md +54 -54
  483. package/src/bmm/workflows/1-analysis/research/workflow-market-research.md +54 -54
  484. package/src/bmm/workflows/1-analysis/research/workflow-technical-research.md +54 -54
  485. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-01b-continue.md +100 -100
  486. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-02-discovery.md +160 -160
  487. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-02b-vision.md +88 -88
  488. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-02c-executive-summary.md +99 -99
  489. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-03-success.md +169 -169
  490. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-04-journeys.md +156 -156
  491. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-05-domain.md +136 -136
  492. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-06-innovation.md +176 -176
  493. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-07-project-type.md +184 -184
  494. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-08-scoping.md +174 -174
  495. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-09-functional.md +175 -175
  496. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-10-nonfunctional.md +189 -189
  497. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-11-polish.md +162 -162
  498. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-c/step-12-complete.md +79 -79
  499. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-e/step-e-01-discovery.md +183 -183
  500. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-e/step-e-01b-legacy-conversion.md +149 -149
  501. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-e/step-e-02-review.md +187 -187
  502. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-e/step-e-03-edit.md +192 -192
  503. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-e/step-e-04-complete.md +108 -108
  504. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-01-discovery.md +166 -166
  505. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-02-format-detection.md +131 -131
  506. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-02b-parity-check.md +150 -150
  507. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-03-density-validation.md +118 -118
  508. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-04-brief-coverage-validation.md +155 -155
  509. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-05-measurability-validation.md +170 -170
  510. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-06-traceability-validation.md +158 -158
  511. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-07-implementation-leakage-validation.md +147 -147
  512. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-08-domain-compliance-validation.md +182 -182
  513. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-09-project-type-validation.md +202 -202
  514. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-10-smart-validation.md +148 -148
  515. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-11-holistic-quality-validation.md +201 -201
  516. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-12-completeness-validation.md +179 -179
  517. package/src/bmm/workflows/2-plan-workflows/create-prd/steps-v/step-v-13-report-complete.md +164 -164
  518. package/src/bmm/workflows/2-plan-workflows/create-prd/workflow-create-prd.md +65 -65
  519. package/src/bmm/workflows/2-plan-workflows/create-prd/workflow-edit-prd.md +65 -65
  520. package/src/bmm/workflows/2-plan-workflows/create-prd/workflow-validate-prd.md +63 -63
  521. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-01b-continue.md +63 -63
  522. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-02-discovery.md +106 -106
  523. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-03-core-experience.md +111 -111
  524. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-04-emotional-response.md +115 -115
  525. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-05-inspiration.md +127 -127
  526. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-06-design-system.md +167 -167
  527. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-07-defining-experience.md +143 -143
  528. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-08-visual-foundation.md +118 -118
  529. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-09-design-directions.md +154 -154
  530. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-10-user-journeys.md +136 -136
  531. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-11-component-strategy.md +165 -165
  532. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-12-ux-patterns.md +135 -135
  533. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-13-responsive-accessibility.md +192 -192
  534. package/src/bmm/workflows/2-plan-workflows/create-ux-design/steps/step-14-complete.md +101 -101
  535. package/src/bmm/workflows/2-plan-workflows/create-ux-design/workflow.md +45 -45
  536. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-01-document-discovery.md +185 -185
  537. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-02-prd-analysis.md +129 -129
  538. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-03-epic-coverage-validation.md +130 -130
  539. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-04-ux-alignment.md +93 -93
  540. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-05-epic-quality-review.md +196 -196
  541. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/steps/step-06-final-assessment.md +129 -129
  542. package/src/bmm/workflows/3-solutioning/check-implementation-readiness/workflow.md +54 -54
  543. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-01b-continue.md +82 -82
  544. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-02-context.md +106 -106
  545. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-03-starter.md +138 -138
  546. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-04-decisions.md +129 -129
  547. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-05-patterns.md +166 -166
  548. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-06-structure.md +186 -186
  549. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-07-validation.md +163 -163
  550. package/src/bmm/workflows/3-solutioning/create-architecture/steps/step-08-complete.md +38 -38
  551. package/src/bmm/workflows/3-solutioning/create-architecture/workflow.md +49 -49
  552. package/src/bmm/workflows/3-solutioning/create-epics-and-stories/steps/step-02-design-epics.md +124 -124
  553. package/src/bmm/workflows/3-solutioning/create-epics-and-stories/steps/step-03-create-stories.md +122 -122
  554. package/src/bmm/workflows/3-solutioning/create-epics-and-stories/steps/step-04-final-validation.md +84 -84
  555. package/src/bmm/workflows/3-solutioning/create-epics-and-stories/workflow.md +58 -58
  556. package/src/bmm/workflows/4-implementation/code-review/workflow.yaml +43 -43
  557. package/src/bmm/workflows/4-implementation/correct-course/workflow.yaml +53 -53
  558. package/src/bmm/workflows/4-implementation/create-story/checklist.md +159 -159
  559. package/src/bmm/workflows/4-implementation/create-story/template.md +79 -79
  560. package/src/bmm/workflows/4-implementation/create-story/workflow.yaml +52 -52
  561. package/src/bmm/workflows/4-implementation/dev-story/workflow.yaml +20 -20
  562. package/src/bmm/workflows/4-implementation/retrospective/workflow.yaml +52 -52
  563. package/src/bmm/workflows/4-implementation/sprint-planning/workflow.yaml +52 -52
  564. package/src/bmm/workflows/4-implementation/sprint-status/workflow.yaml +25 -25
  565. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-01-mode-detection.md +158 -158
  566. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-02-context-gathering.md +122 -122
  567. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-03-execute.md +93 -93
  568. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-04-self-check.md +93 -93
  569. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-05-adversarial-review.md +87 -87
  570. package/src/bmm/workflows/bmad-quick-flow/quick-dev/steps/step-06-resolve-findings.md +146 -146
  571. package/src/bmm/workflows/bmad-quick-flow/quick-dev/workflow.md +50 -50
  572. package/src/bmm/workflows/bmad-quick-flow/quick-spec/steps/step-02-investigate.md +152 -152
  573. package/src/bmm/workflows/bmad-quick-flow/quick-spec/steps/step-03-generate.md +123 -123
  574. package/src/bmm/workflows/bmad-quick-flow/quick-spec/steps/step-04-review.md +201 -201
  575. package/src/bmm/workflows/bmad-quick-flow/quick-spec/workflow.md +79 -79
  576. package/src/bmm/workflows/document-project/workflow.yaml +22 -22
  577. package/src/bmm/workflows/generate-project-context/steps/step-01-discover.md +184 -184
  578. package/src/bmm/workflows/generate-project-context/steps/step-02-generate.md +322 -322
  579. package/src/bmm/workflows/generate-project-context/steps/step-03-complete.md +235 -235
  580. package/src/bmm/workflows/generate-project-context/workflow.md +49 -49
  581. package/src/bmm/workflows/qa/automate/workflow.yaml +233 -233
  582. package/src/bmm/workflows/qa-generate-e2e-tests/workflow.yaml +42 -42
  583. package/src/core/agents/master-orchestrator.md +3 -3
  584. package/src/core/config.yaml +9 -9
  585. package/src/core/module-help.csv +10 -10
  586. package/src/core/scripts/generate-loop-report.py +72 -72
  587. package/src/core/tasks/editorial-review-prose.xml +101 -101
  588. package/src/core/tasks/editorial-review-structure.xml +207 -207
  589. package/src/core/tasks/help.md +86 -86
  590. package/src/core/tasks/index-docs.xml +64 -64
  591. package/src/core/tasks/review-adversarial-general.xml +66 -66
  592. package/src/core/tasks/review-adversarial-loop.xml +46 -46
  593. package/src/core/tasks/review-edge-case-hunter.xml +63 -63
  594. package/src/core/tasks/review-party-loop.xml +46 -46
  595. package/src/core/tasks/shard-doc.xml +107 -107
  596. package/src/core/tasks/workflow.xml +235 -235
  597. package/src/core/templates/review-loop-report.html +88 -88
  598. package/src/core/templates/review-loop-report.md +5 -5
  599. package/src/core/workflows/advanced-elicitation/workflow.xml +117 -117
  600. package/src/core/workflows/brainstorming/steps/step-01-session-setup.md +212 -212
  601. package/src/core/workflows/brainstorming/steps/step-01b-continue.md +122 -122
  602. package/src/core/workflows/brainstorming/steps/step-02a-user-selected.md +225 -225
  603. package/src/core/workflows/brainstorming/steps/step-02b-ai-recommended.md +237 -237
  604. package/src/core/workflows/brainstorming/steps/step-02c-random-selection.md +209 -209
  605. package/src/core/workflows/brainstorming/steps/step-02d-progressive-flow.md +264 -264
  606. package/src/core/workflows/brainstorming/steps/step-02e-deep-dive.md +68 -68
  607. package/src/core/workflows/brainstorming/steps/step-03-technique-execution.md +403 -403
  608. package/src/core/workflows/brainstorming/steps/step-04-idea-organization.md +303 -303
  609. package/src/core/workflows/brainstorming/workflow.md +60 -60
  610. package/src/core/workflows/extract-trackers/workflow.md +45 -45
  611. package/src/core/workflows/party-mode/steps/step-01-agent-loading.md +142 -142
  612. package/src/core/workflows/party-mode/workflow.md +194 -194
  613. package/src/docs/dev/tmux/actions_popup.py +291 -291
  614. package/src/docs/dev/tmux/tmux-setup.md +62 -1
package/src/.agents/skills/security-review/references/error-handling.md CHANGED
@@ -1,436 +1,436 @@
1
- # Error Handling Security Reference
2
-
3
- ## Overview
4
-
5
- Improper error handling can lead to information disclosure, denial of service, or security bypasses. This includes verbose error messages exposing internals, fail-open patterns that skip security checks on errors, and unhandled exceptions that crash services or leave systems in insecure states.
6
-
7
- ---
8
-
9
- ## Information Disclosure
10
-
11
- ### Stack Traces in Responses
12
-
13
- ```python
14
- # VULNERABLE: Stack trace exposed to users
15
- @app.errorhandler(Exception)
16
- def handle_error(e):
17
- return f"Error: {traceback.format_exc()}", 500
18
-
19
- # VULNERABLE: Detailed exception info
20
- @app.route('/api/user/<id>')
21
- def get_user(id):
22
- try:
23
- return User.query.get(id).to_dict()
24
- except Exception as e:
25
- return jsonify({
26
- 'error': str(e),
27
- 'type': type(e).__name__,
28
- 'args': e.args
29
- }), 500
30
- ```
31
-
32
- ### Secure Error Handling
33
-
34
- ```python
35
- # SAFE: Generic messages, detailed logging
36
- import logging
37
-
38
- logger = logging.getLogger(__name__)
39
-
40
- @app.errorhandler(Exception)
41
- def handle_error(e):
42
- # Log full details server-side
43
- logger.error(f"Unhandled exception: {e}", exc_info=True)
44
-
45
- # Return generic message to client
46
- return jsonify({'error': 'An internal error occurred'}), 500
47
-
48
- # SAFE: Custom exceptions with safe messages
49
- class UserNotFoundError(Exception):
50
- pass
51
-
52
- @app.route('/api/user/<id>')
53
- def get_user(id):
54
- try:
55
- user = User.query.get(id)
56
- if not user:
57
- raise UserNotFoundError()
58
- return user.to_dict()
59
- except UserNotFoundError:
60
- return jsonify({'error': 'User not found'}), 404
61
- except Exception:
62
- logger.exception("Error fetching user")
63
- return jsonify({'error': 'Internal error'}), 500
64
- ```
65
-
66
- ---
67
-
68
- ## Fail-Open Patterns
69
-
70
- ### Authentication Bypass on Error
71
-
72
- ```python
73
- # VULNERABLE: Fail-open authentication
74
- def authenticate(token):
75
- try:
76
- user = verify_token(token)
77
- return user
78
- except Exception:
79
- return None # Returns None, might be treated as valid
80
-
81
- # VULNERABLE: Exception allows bypass
82
- def check_permission(user, resource):
83
- try:
84
- return permission_service.check(user, resource)
85
- except ServiceUnavailable:
86
- return True # DANGEROUS: Allows access on service failure
87
-
88
- # VULNERABLE: Default to authorized on error
89
- @app.route('/admin')
90
- def admin():
91
- try:
92
- if not is_admin(current_user):
93
- abort(403)
94
- except Exception:
95
- pass # Silently continues to admin page
96
- return render_admin_panel()
97
- ```
98
-
99
- ### Secure Fail-Closed Patterns
100
-
101
- ```python
102
- # SAFE: Fail-closed authentication
103
- def authenticate(token):
104
- try:
105
- user = verify_token(token)
106
- if user is None:
107
- raise AuthenticationError("Invalid token")
108
- return user
109
- except Exception as e:
110
- logger.error(f"Auth error: {e}")
111
- raise AuthenticationError("Authentication failed")
112
-
113
- # SAFE: Deny on service unavailable
114
- def check_permission(user, resource):
115
- try:
116
- return permission_service.check(user, resource)
117
- except ServiceUnavailable:
118
- logger.error("Permission service unavailable")
119
- return False # Deny access when unable to verify
120
-
121
- # SAFE: Explicit denial on error
122
- @app.route('/admin')
123
- def admin():
124
- try:
125
- if not is_admin(current_user):
126
- abort(403)
127
- except Exception as e:
128
- logger.error(f"Admin check failed: {e}")
129
- abort(500) # Don't proceed on error
130
- return render_admin_panel()
131
- ```
132
-
133
- ---
134
-
135
- ## Exception Swallowing
136
-
137
- ### Dangerous Patterns
138
-
139
- ```python
140
- # VULNERABLE: Silent exception swallowing
141
- try:
142
- validate_input(user_input)
143
- except:
144
- pass # Validation skipped entirely
145
-
146
- # VULNERABLE: Catch-all hides security issues
147
- try:
148
- result = dangerous_operation(user_data)
149
- except Exception:
150
- result = default_value # May hide injection attempts
151
-
152
- # VULNERABLE: Empty except block
153
- try:
154
- decrypt_sensitive_data(data)
155
- except:
156
- pass # Continues with encrypted/invalid data
157
- ```
158
-
159
- ### Secure Exception Handling
160
-
161
- ```python
162
- # SAFE: Handle specific exceptions
163
- try:
164
- validate_input(user_input)
165
- except ValidationError as e:
166
- logger.warning(f"Validation failed: {e}")
167
- return jsonify({'error': 'Invalid input'}), 400
168
- except Exception as e:
169
- logger.error(f"Unexpected validation error: {e}")
170
- return jsonify({'error': 'Validation error'}), 500
171
-
172
- # SAFE: Never silently swallow security-critical exceptions
173
- try:
174
- result = dangerous_operation(user_data)
175
- except SecurityException as e:
176
- logger.error(f"Security exception: {e}")
177
- raise # Re-raise security exceptions
178
- except ValueError as e:
179
- logger.warning(f"Invalid data: {e}")
180
- result = None
181
- ```
182
-
183
- ---
184
-
185
- ## Differential Error Messages
186
-
187
- ### User Enumeration via Errors
188
-
189
- ```python
190
- # VULNERABLE: Different messages reveal user existence
191
- @app.route('/login', methods=['POST'])
192
- def login():
193
- user = User.query.filter_by(email=email).first()
194
- if not user:
195
- return jsonify({'error': 'User not found'}), 401 # Reveals user doesn't exist
196
- if not check_password(password, user.password):
197
- return jsonify({'error': 'Wrong password'}), 401 # Reveals user exists
198
- return create_session(user)
199
-
200
- # VULNERABLE: Timing difference reveals user existence
201
- def login(email, password):
202
- user = User.query.filter_by(email=email).first()
203
- if not user:
204
- return False # Fast return
205
- return check_password(password, user.password) # Slow hash check
206
- ```
207
-
208
- ### Secure Consistent Errors
209
-
210
- ```python
211
- # SAFE: Consistent error messages
212
- @app.route('/login', methods=['POST'])
213
- def login():
214
- user = User.query.filter_by(email=email).first()
215
- if not user or not check_password(password, user.password):
216
- return jsonify({'error': 'Invalid credentials'}), 401 # Same message
217
- return create_session(user)
218
-
219
- # SAFE: Constant-time comparison with dummy hash
220
- DUMMY_HASH = generate_password_hash('dummy')
221
-
222
- def login(email, password):
223
- user = User.query.filter_by(email=email).first()
224
- if user:
225
- valid = check_password(password, user.password)
226
- else:
227
- check_password(password, DUMMY_HASH) # Constant time even if user not found
228
- valid = False
229
- return valid
230
- ```
231
-
232
- ---
233
-
234
- ## Resource Exhaustion via Errors
235
-
236
- ### Uncontrolled Exception Logging
237
-
238
- ```python
239
- # VULNERABLE: Attacker can fill logs
240
- @app.route('/api/data')
241
- def get_data():
242
- try:
243
- return process_data(request.json)
244
- except Exception as e:
245
- # Logs entire request body - attacker sends huge payloads
246
- logger.error(f"Error processing: {request.json}")
247
- return jsonify({'error': 'Error'}), 500
248
- ```
249
-
250
- ### Secure Logging
251
-
252
- ```python
253
- # SAFE: Limit logged data
254
- @app.route('/api/data')
255
- def get_data():
256
- try:
257
- return process_data(request.json)
258
- except Exception as e:
259
- # Log limited info, not full payload
260
- logger.error(f"Error processing request from {request.remote_addr}")
261
- return jsonify({'error': 'Error'}), 500
262
- ```
263
-
264
- ---
265
-
266
- ## Unhandled Async Exceptions
267
-
268
- ### Dangerous Patterns
269
-
270
- ```javascript
271
- // VULNERABLE: Unhandled promise rejection
272
- async function processUser(userId) {
273
- const user = await fetchUser(userId); // No catch
274
- return user;
275
- }
276
-
277
- // VULNERABLE: Missing error handler
278
- app.get('/api/data', async (req, res) => {
279
- const data = await fetchData(); // Unhandled rejection crashes server
280
- res.json(data);
281
- });
282
- ```
283
-
284
- ### Secure Async Handling
285
-
286
- ```javascript
287
- // SAFE: Always handle async errors
288
- async function processUser(userId) {
289
- try {
290
- const user = await fetchUser(userId);
291
- return user;
292
- } catch (error) {
293
- logger.error('Failed to fetch user', { userId, error });
294
- throw new UserFetchError('Unable to fetch user');
295
- }
296
- }
297
-
298
- // SAFE: Express async wrapper
299
- const asyncHandler = (fn) => (req, res, next) => {
300
- Promise.resolve(fn(req, res, next)).catch(next);
301
- };
302
-
303
- app.get('/api/data', asyncHandler(async (req, res) => {
304
- const data = await fetchData();
305
- res.json(data);
306
- }));
307
-
308
- // Global handler for unhandled rejections
309
- process.on('unhandledRejection', (reason, promise) => {
310
- logger.error('Unhandled Rejection', { reason });
311
- // Don't exit - handle gracefully
312
- });
313
- ```
314
-
315
- ---
316
-
317
- ## Error-Based SQL Injection Indicators
318
-
319
- ### Verbose Database Errors
320
-
321
- ```python
322
- # VULNERABLE: Database errors exposed
323
- @app.route('/api/search')
324
- def search():
325
- try:
326
- results = db.execute(f"SELECT * FROM items WHERE name = '{query}'")
327
- return jsonify(results)
328
- except Exception as e:
329
- return jsonify({'error': str(e)}), 500
330
- # Exposes: "syntax error at or near 'OR'" - reveals SQL injection possibility
331
- ```
332
-
333
- ### Secure Database Error Handling
334
-
335
- ```python
336
- # SAFE: Generic database errors
337
- @app.route('/api/search')
338
- def search():
339
- try:
340
- results = db.execute("SELECT * FROM items WHERE name = %s", (query,))
341
- return jsonify(results)
342
- except DatabaseError as e:
343
- logger.error(f"Database error: {e}")
344
- return jsonify({'error': 'Search failed'}), 500
345
- ```
346
-
347
- ---
348
-
349
- ## Cleanup on Error
350
-
351
- ### Resource Leaks
352
-
353
- ```python
354
- # VULNERABLE: Resource not cleaned up on error
355
- def process_file(filename):
356
- f = open(filename)
357
- data = f.read()
358
- process(data) # If this raises, file handle leaks
359
- f.close()
360
-
361
- # VULNERABLE: Connection not returned to pool
362
- def query_db():
363
- conn = pool.get_connection()
364
- result = conn.execute(query) # If this raises, connection leaks
365
- pool.return_connection(conn)
366
- return result
367
- ```
368
-
369
- ### Secure Resource Management
370
-
371
- ```python
372
- # SAFE: Context managers ensure cleanup
373
- def process_file(filename):
374
- with open(filename) as f:
375
- data = f.read()
376
- process(data) # File closed even on exception
377
-
378
- # SAFE: Try-finally for cleanup
379
- def query_db():
380
- conn = pool.get_connection()
381
- try:
382
- result = conn.execute(query)
383
- return result
384
- finally:
385
- pool.return_connection(conn) # Always returns connection
386
- ```
387
-
388
- ---
389
-
390
- ## Grep Patterns for Detection
391
-
392
- ```bash
393
- # Bare except clauses
394
- grep -rn "except:" --include="*.py" | grep -v "except Exception"
395
-
396
- # Empty exception handlers
397
- grep -rn "except.*:\s*$" -A1 --include="*.py" | grep "pass"
398
-
399
- # Stack traces in responses
400
- grep -rn "traceback\|format_exc\|exc_info" --include="*.py" | grep -v "logger\|logging"
401
-
402
- # Fail-open patterns
403
- grep -rn "except.*:\s*$" -A2 --include="*.py" | grep "return True\|return None"
404
-
405
- # Detailed error messages
406
- grep -rn "str(e)\|str(err)\|e\.args\|e\.message" --include="*.py" | grep "return\|jsonify\|response"
407
-
408
- # Differential error messages
409
- grep -rn "not found\|does not exist\|invalid password\|wrong password" --include="*.py"
410
-
411
- # Unhandled async
412
- grep -rn "await.*[^;]$" --include="*.js" --include="*.ts" | grep -v "try\|catch"
413
- ```
414
-
415
- ---
416
-
417
- ## Testing Checklist
418
-
419
- - [ ] No stack traces in production error responses
420
- - [ ] All security checks fail-closed (deny on error)
421
- - [ ] No empty except/catch blocks for security-critical code
422
- - [ ] Consistent error messages for auth (no user enumeration)
423
- - [ ] Async operations have error handlers
424
- - [ ] Resources cleaned up on error (files, connections)
425
- - [ ] Error logging doesn't include full user input
426
- - [ ] Database errors don't expose query structure
427
- - [ ] Rate limiting on error-generating endpoints
428
-
429
- ---
430
-
431
- ## References
432
-
433
- - [OWASP Error Handling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html)
434
- - [CWE-209: Information Exposure Through Error Message](https://cwe.mitre.org/data/definitions/209.html)
435
- - [CWE-755: Improper Handling of Exceptional Conditions](https://cwe.mitre.org/data/definitions/755.html)
436
- - [CWE-636: Not Failing Securely](https://cwe.mitre.org/data/definitions/636.html)
1
+ # Error Handling Security Reference
2
+
3
+ ## Overview
4
+
5
+ Improper error handling can lead to information disclosure, denial of service, or security bypasses. This includes verbose error messages exposing internals, fail-open patterns that skip security checks on errors, and unhandled exceptions that crash services or leave systems in insecure states.
6
+
7
+ ---
8
+
9
+ ## Information Disclosure
10
+
11
+ ### Stack Traces in Responses
12
+
13
+ ```python
14
+ # VULNERABLE: Stack trace exposed to users
15
+ @app.errorhandler(Exception)
16
+ def handle_error(e):
17
+ return f"Error: {traceback.format_exc()}", 500
18
+
19
+ # VULNERABLE: Detailed exception info
20
+ @app.route('/api/user/<id>')
21
+ def get_user(id):
22
+ try:
23
+ return User.query.get(id).to_dict()
24
+ except Exception as e:
25
+ return jsonify({
26
+ 'error': str(e),
27
+ 'type': type(e).__name__,
28
+ 'args': e.args
29
+ }), 500
30
+ ```
31
+
32
+ ### Secure Error Handling
33
+
34
+ ```python
35
+ # SAFE: Generic messages, detailed logging
36
+ import logging
37
+
38
+ logger = logging.getLogger(__name__)
39
+
40
+ @app.errorhandler(Exception)
41
+ def handle_error(e):
42
+ # Log full details server-side
43
+ logger.error(f"Unhandled exception: {e}", exc_info=True)
44
+
45
+ # Return generic message to client
46
+ return jsonify({'error': 'An internal error occurred'}), 500
47
+
48
+ # SAFE: Custom exceptions with safe messages
49
+ class UserNotFoundError(Exception):
50
+ pass
51
+
52
+ @app.route('/api/user/<id>')
53
+ def get_user(id):
54
+ try:
55
+ user = User.query.get(id)
56
+ if not user:
57
+ raise UserNotFoundError()
58
+ return user.to_dict()
59
+ except UserNotFoundError:
60
+ return jsonify({'error': 'User not found'}), 404
61
+ except Exception:
62
+ logger.exception("Error fetching user")
63
+ return jsonify({'error': 'Internal error'}), 500
64
+ ```
65
+
66
+ ---
67
+
68
+ ## Fail-Open Patterns
69
+
70
+ ### Authentication Bypass on Error
71
+
72
+ ```python
73
+ # VULNERABLE: Fail-open authentication
74
+ def authenticate(token):
75
+ try:
76
+ user = verify_token(token)
77
+ return user
78
+ except Exception:
79
+ return None # Returns None, might be treated as valid
80
+
81
+ # VULNERABLE: Exception allows bypass
82
+ def check_permission(user, resource):
83
+ try:
84
+ return permission_service.check(user, resource)
85
+ except ServiceUnavailable:
86
+ return True # DANGEROUS: Allows access on service failure
87
+
88
+ # VULNERABLE: Default to authorized on error
89
+ @app.route('/admin')
90
+ def admin():
91
+ try:
92
+ if not is_admin(current_user):
93
+ abort(403)
94
+ except Exception:
95
+ pass # Silently continues to admin page
96
+ return render_admin_panel()
97
+ ```
98
+
99
+ ### Secure Fail-Closed Patterns
100
+
101
+ ```python
102
+ # SAFE: Fail-closed authentication
103
+ def authenticate(token):
104
+ try:
105
+ user = verify_token(token)
106
+ if user is None:
107
+ raise AuthenticationError("Invalid token")
108
+ return user
109
+ except Exception as e:
110
+ logger.error(f"Auth error: {e}")
111
+ raise AuthenticationError("Authentication failed")
112
+
113
+ # SAFE: Deny on service unavailable
114
+ def check_permission(user, resource):
115
+ try:
116
+ return permission_service.check(user, resource)
117
+ except ServiceUnavailable:
118
+ logger.error("Permission service unavailable")
119
+ return False # Deny access when unable to verify
120
+
121
+ # SAFE: Explicit denial on error
122
+ @app.route('/admin')
123
+ def admin():
124
+ try:
125
+ if not is_admin(current_user):
126
+ abort(403)
127
+ except Exception as e:
128
+ logger.error(f"Admin check failed: {e}")
129
+ abort(500) # Don't proceed on error
130
+ return render_admin_panel()
131
+ ```
132
+
133
+ ---
134
+
135
+ ## Exception Swallowing
136
+
137
+ ### Dangerous Patterns
138
+
139
+ ```python
140
+ # VULNERABLE: Silent exception swallowing
141
+ try:
142
+ validate_input(user_input)
143
+ except:
144
+ pass # Validation skipped entirely
145
+
146
+ # VULNERABLE: Catch-all hides security issues
147
+ try:
148
+ result = dangerous_operation(user_data)
149
+ except Exception:
150
+ result = default_value # May hide injection attempts
151
+
152
+ # VULNERABLE: Empty except block
153
+ try:
154
+ decrypt_sensitive_data(data)
155
+ except:
156
+ pass # Continues with encrypted/invalid data
157
+ ```
158
+
159
+ ### Secure Exception Handling
160
+
161
+ ```python
162
+ # SAFE: Handle specific exceptions
163
+ try:
164
+ validate_input(user_input)
165
+ except ValidationError as e:
166
+ logger.warning(f"Validation failed: {e}")
167
+ return jsonify({'error': 'Invalid input'}), 400
168
+ except Exception as e:
169
+ logger.error(f"Unexpected validation error: {e}")
170
+ return jsonify({'error': 'Validation error'}), 500
171
+
172
+ # SAFE: Never silently swallow security-critical exceptions
173
+ try:
174
+ result = dangerous_operation(user_data)
175
+ except SecurityException as e:
176
+ logger.error(f"Security exception: {e}")
177
+ raise # Re-raise security exceptions
178
+ except ValueError as e:
179
+ logger.warning(f"Invalid data: {e}")
180
+ result = None
181
+ ```
182
+
183
+ ---
184
+
185
+ ## Differential Error Messages
186
+
187
+ ### User Enumeration via Errors
188
+
189
+ ```python
190
+ # VULNERABLE: Different messages reveal user existence
191
+ @app.route('/login', methods=['POST'])
192
+ def login():
193
+ user = User.query.filter_by(email=email).first()
194
+ if not user:
195
+ return jsonify({'error': 'User not found'}), 401 # Reveals user doesn't exist
196
+ if not check_password(password, user.password):
197
+ return jsonify({'error': 'Wrong password'}), 401 # Reveals user exists
198
+ return create_session(user)
199
+
200
+ # VULNERABLE: Timing difference reveals user existence
201
+ def login(email, password):
202
+ user = User.query.filter_by(email=email).first()
203
+ if not user:
204
+ return False # Fast return
205
+ return check_password(password, user.password) # Slow hash check
206
+ ```
207
+
208
+ ### Secure Consistent Errors
209
+
210
+ ```python
211
+ # SAFE: Consistent error messages
212
+ @app.route('/login', methods=['POST'])
213
+ def login():
214
+ user = User.query.filter_by(email=email).first()
215
+ if not user or not check_password(password, user.password):
216
+ return jsonify({'error': 'Invalid credentials'}), 401 # Same message
217
+ return create_session(user)
218
+
219
+ # SAFE: Constant-time comparison with dummy hash
220
+ DUMMY_HASH = generate_password_hash('dummy')
221
+
222
+ def login(email, password):
223
+ user = User.query.filter_by(email=email).first()
224
+ if user:
225
+ valid = check_password(password, user.password)
226
+ else:
227
+ check_password(password, DUMMY_HASH) # Constant time even if user not found
228
+ valid = False
229
+ return valid
230
+ ```
231
+
232
+ ---
233
+
234
+ ## Resource Exhaustion via Errors
235
+
236
+ ### Uncontrolled Exception Logging
237
+
238
+ ```python
239
+ # VULNERABLE: Attacker can fill logs
240
+ @app.route('/api/data')
241
+ def get_data():
242
+ try:
243
+ return process_data(request.json)
244
+ except Exception as e:
245
+ # Logs entire request body - attacker sends huge payloads
246
+ logger.error(f"Error processing: {request.json}")
247
+ return jsonify({'error': 'Error'}), 500
248
+ ```
249
+
250
+ ### Secure Logging
251
+
252
+ ```python
253
+ # SAFE: Limit logged data
254
+ @app.route('/api/data')
255
+ def get_data():
256
+ try:
257
+ return process_data(request.json)
258
+ except Exception as e:
259
+ # Log limited info, not full payload
260
+ logger.error(f"Error processing request from {request.remote_addr}")
261
+ return jsonify({'error': 'Error'}), 500
262
+ ```
263
+
264
+ ---
265
+
266
+ ## Unhandled Async Exceptions
267
+
268
+ ### Dangerous Patterns
269
+
270
+ ```javascript
271
+ // VULNERABLE: Unhandled promise rejection
272
+ async function processUser(userId) {
273
+ const user = await fetchUser(userId); // No catch
274
+ return user;
275
+ }
276
+
277
+ // VULNERABLE: Missing error handler
278
+ app.get('/api/data', async (req, res) => {
279
+ const data = await fetchData(); // Unhandled rejection crashes server
280
+ res.json(data);
281
+ });
282
+ ```
283
+
284
+ ### Secure Async Handling
285
+
286
+ ```javascript
287
+ // SAFE: Always handle async errors
288
+ async function processUser(userId) {
289
+ try {
290
+ const user = await fetchUser(userId);
291
+ return user;
292
+ } catch (error) {
293
+ logger.error('Failed to fetch user', { userId, error });
294
+ throw new UserFetchError('Unable to fetch user');
295
+ }
296
+ }
297
+
298
+ // SAFE: Express async wrapper
299
+ const asyncHandler = (fn) => (req, res, next) => {
300
+ Promise.resolve(fn(req, res, next)).catch(next);
301
+ };
302
+
303
+ app.get('/api/data', asyncHandler(async (req, res) => {
304
+ const data = await fetchData();
305
+ res.json(data);
306
+ }));
307
+
308
+ // Global handler for unhandled rejections
309
+ process.on('unhandledRejection', (reason, promise) => {
310
+ logger.error('Unhandled Rejection', { reason });
311
+ // Don't exit - handle gracefully
312
+ });
313
+ ```
314
+
315
+ ---
316
+
317
+ ## Error-Based SQL Injection Indicators
318
+
319
+ ### Verbose Database Errors
320
+
321
+ ```python
322
+ # VULNERABLE: Database errors exposed
323
+ @app.route('/api/search')
324
+ def search():
325
+ try:
326
+ results = db.execute(f"SELECT * FROM items WHERE name = '{query}'")
327
+ return jsonify(results)
328
+ except Exception as e:
329
+ return jsonify({'error': str(e)}), 500
330
+ # Exposes: "syntax error at or near 'OR'" - reveals SQL injection possibility
331
+ ```
332
+
333
+ ### Secure Database Error Handling
334
+
335
+ ```python
336
+ # SAFE: Generic database errors
337
+ @app.route('/api/search')
338
+ def search():
339
+ try:
340
+ results = db.execute("SELECT * FROM items WHERE name = %s", (query,))
341
+ return jsonify(results)
342
+ except DatabaseError as e:
343
+ logger.error(f"Database error: {e}")
344
+ return jsonify({'error': 'Search failed'}), 500
345
+ ```
346
+
347
+ ---
348
+
349
+ ## Cleanup on Error
350
+
351
+ ### Resource Leaks
352
+
353
+ ```python
354
+ # VULNERABLE: Resource not cleaned up on error
355
+ def process_file(filename):
356
+ f = open(filename)
357
+ data = f.read()
358
+ process(data) # If this raises, file handle leaks
359
+ f.close()
360
+
361
+ # VULNERABLE: Connection not returned to pool
362
+ def query_db():
363
+ conn = pool.get_connection()
364
+ result = conn.execute(query) # If this raises, connection leaks
365
+ pool.return_connection(conn)
366
+ return result
367
+ ```
368
+
369
+ ### Secure Resource Management
370
+
371
+ ```python
372
+ # SAFE: Context managers ensure cleanup
373
+ def process_file(filename):
374
+ with open(filename) as f:
375
+ data = f.read()
376
+ process(data) # File closed even on exception
377
+
378
+ # SAFE: Try-finally for cleanup
379
+ def query_db():
380
+ conn = pool.get_connection()
381
+ try:
382
+ result = conn.execute(query)
383
+ return result
384
+ finally:
385
+ pool.return_connection(conn) # Always returns connection
386
+ ```
387
+
388
+ ---
389
+
390
+ ## Grep Patterns for Detection
391
+
392
+ ```bash
393
+ # Bare except clauses
394
+ grep -rn "except:" --include="*.py" | grep -v "except Exception"
395
+
396
+ # Empty exception handlers
397
+ grep -rn "except.*:\s*$" -A1 --include="*.py" | grep "pass"
398
+
399
+ # Stack traces in responses
400
+ grep -rn "traceback\|format_exc\|exc_info" --include="*.py" | grep -v "logger\|logging"
401
+
402
+ # Fail-open patterns
403
+ grep -rn "except.*:\s*$" -A2 --include="*.py" | grep "return True\|return None"
404
+
405
+ # Detailed error messages
406
+ grep -rn "str(e)\|str(err)\|e\.args\|e\.message" --include="*.py" | grep "return\|jsonify\|response"
407
+
408
+ # Differential error messages
409
+ grep -rn "not found\|does not exist\|invalid password\|wrong password" --include="*.py"
410
+
411
+ # Unhandled async
412
+ grep -rn "await.*[^;]$" --include="*.js" --include="*.ts" | grep -v "try\|catch"
413
+ ```
414
+
415
+ ---
416
+
417
+ ## Testing Checklist
418
+
419
+ - [ ] No stack traces in production error responses
420
+ - [ ] All security checks fail-closed (deny on error)
421
+ - [ ] No empty except/catch blocks for security-critical code
422
+ - [ ] Consistent error messages for auth (no user enumeration)
423
+ - [ ] Async operations have error handlers
424
+ - [ ] Resources cleaned up on error (files, connections)
425
+ - [ ] Error logging doesn't include full user input
426
+ - [ ] Database errors don't expose query structure
427
+ - [ ] Rate limiting on error-generating endpoints
428
+
429
+ ---
430
+
431
+ ## References
432
+
433
+ - [OWASP Error Handling Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html)
434
+ - [CWE-209: Information Exposure Through Error Message](https://cwe.mitre.org/data/definitions/209.html)
435
+ - [CWE-755: Improper Handling of Exceptional Conditions](https://cwe.mitre.org/data/definitions/755.html)
436
+ - [CWE-636: Not Failing Securely](https://cwe.mitre.org/data/definitions/636.html)