npm - @dragonflymcp/plugin - Versions diffs - 1.0.0 - Mend

@dragonflymcp/plugin 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/.claude-plugin/plugin.json +26 -0
package/LICENSE +21 -0
package/README.md +126 -0
package/dist/core/annotations.d.ts +71 -0
package/dist/core/annotations.d.ts.map +1 -0
package/dist/core/annotations.js +61 -0
package/dist/core/annotations.js.map +1 -0
package/dist/core/config.d.ts +66 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +131 -0
package/dist/core/config.js.map +1 -0
package/dist/core/dispatcher.d.ts +77 -0
package/dist/core/dispatcher.d.ts.map +1 -0
package/dist/core/dispatcher.js +132 -0
package/dist/core/dispatcher.js.map +1 -0
package/dist/core/server.d.ts +24 -0
package/dist/core/server.d.ts.map +1 -0
package/dist/core/server.js +41 -0
package/dist/core/server.js.map +1 -0
package/dist/core/store.d.ts +91 -0
package/dist/core/store.d.ts.map +1 -0
package/dist/core/store.js +157 -0
package/dist/core/store.js.map +1 -0
package/dist/core/types.d.ts +128 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/core/types.js +5 -0
package/dist/core/types.js.map +1 -0
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +81 -0
package/dist/index.js.map +1 -0
package/dist/test-utils/store-harness.d.ts +41 -0
package/dist/test-utils/store-harness.d.ts.map +1 -0
package/dist/test-utils/store-harness.js +61 -0
package/dist/test-utils/store-harness.js.map +1 -0
package/dist/tools/analytics/aggregators.d.ts +18 -0
package/dist/tools/analytics/aggregators.d.ts.map +1 -0
package/dist/tools/analytics/aggregators.js +260 -0
package/dist/tools/analytics/aggregators.js.map +1 -0
package/dist/tools/analytics/aggregators.test.d.ts +2 -0
package/dist/tools/analytics/aggregators.test.d.ts.map +1 -0
package/dist/tools/analytics/aggregators.test.js +177 -0
package/dist/tools/analytics/aggregators.test.js.map +1 -0
package/dist/tools/analytics/drift.d.ts +15 -0
package/dist/tools/analytics/drift.d.ts.map +1 -0
package/dist/tools/analytics/drift.js +135 -0
package/dist/tools/analytics/drift.js.map +1 -0
package/dist/tools/analytics/drift.test.d.ts +2 -0
package/dist/tools/analytics/drift.test.d.ts.map +1 -0
package/dist/tools/analytics/drift.test.js +99 -0
package/dist/tools/analytics/drift.test.js.map +1 -0
package/dist/tools/analytics/index.d.ts +10 -0
package/dist/tools/analytics/index.d.ts.map +1 -0
package/dist/tools/analytics/index.js +192 -0
package/dist/tools/analytics/index.js.map +1 -0
package/dist/tools/analytics/learner.d.ts +29 -0
package/dist/tools/analytics/learner.d.ts.map +1 -0
package/dist/tools/analytics/learner.js +135 -0
package/dist/tools/analytics/learner.js.map +1 -0
package/dist/tools/analytics/learner.test.d.ts +2 -0
package/dist/tools/analytics/learner.test.d.ts.map +1 -0
package/dist/tools/analytics/learner.test.js +118 -0
package/dist/tools/analytics/learner.test.js.map +1 -0
package/dist/tools/analytics/observe.d.ts +22 -0
package/dist/tools/analytics/observe.d.ts.map +1 -0
package/dist/tools/analytics/observe.js +143 -0
package/dist/tools/analytics/observe.js.map +1 -0
package/dist/tools/analytics/observe.test.d.ts +2 -0
package/dist/tools/analytics/observe.test.d.ts.map +1 -0
package/dist/tools/analytics/observe.test.js +95 -0
package/dist/tools/analytics/observe.test.js.map +1 -0
package/dist/tools/analytics/store.d.ts +29 -0
package/dist/tools/analytics/store.d.ts.map +1 -0
package/dist/tools/analytics/store.js +192 -0
package/dist/tools/analytics/store.js.map +1 -0
package/dist/tools/analytics/types.d.ts +290 -0
package/dist/tools/analytics/types.d.ts.map +1 -0
package/dist/tools/analytics/types.js +7 -0
package/dist/tools/analytics/types.js.map +1 -0
package/dist/tools/ast/index.d.ts +8 -0
package/dist/tools/ast/index.d.ts.map +1 -0
package/dist/tools/ast/index.js +242 -0
package/dist/tools/ast/index.js.map +1 -0
package/dist/tools/ast/indexer.d.ts +41 -0
package/dist/tools/ast/indexer.d.ts.map +1 -0
package/dist/tools/ast/indexer.js +617 -0
package/dist/tools/ast/indexer.js.map +1 -0
package/dist/tools/ast/store.d.ts +87 -0
package/dist/tools/ast/store.d.ts.map +1 -0
package/dist/tools/ast/store.js +280 -0
package/dist/tools/ast/store.js.map +1 -0
package/dist/tools/ast/store.test.d.ts +6 -0
package/dist/tools/ast/store.test.d.ts.map +1 -0
package/dist/tools/ast/store.test.js +257 -0
package/dist/tools/ast/store.test.js.map +1 -0
package/dist/tools/bridge/bridge.d.ts +37 -0
package/dist/tools/bridge/bridge.d.ts.map +1 -0
package/dist/tools/bridge/bridge.js +82 -0
package/dist/tools/bridge/bridge.js.map +1 -0
package/dist/tools/bridge/bridge.test.d.ts +2 -0
package/dist/tools/bridge/bridge.test.d.ts.map +1 -0
package/dist/tools/bridge/bridge.test.js +119 -0
package/dist/tools/bridge/bridge.test.js.map +1 -0
package/dist/tools/bridge/index.d.ts +8 -0
package/dist/tools/bridge/index.d.ts.map +1 -0
package/dist/tools/bridge/index.js +153 -0
package/dist/tools/bridge/index.js.map +1 -0
package/dist/tools/bridge/store.d.ts +45 -0
package/dist/tools/bridge/store.d.ts.map +1 -0
package/dist/tools/bridge/store.js +307 -0
package/dist/tools/bridge/store.js.map +1 -0
package/dist/tools/bridge/store.test.d.ts +2 -0
package/dist/tools/bridge/store.test.d.ts.map +1 -0
package/dist/tools/bridge/store.test.js +180 -0
package/dist/tools/bridge/store.test.js.map +1 -0
package/dist/tools/bridge/types.d.ts +44 -0
package/dist/tools/bridge/types.d.ts.map +1 -0
package/dist/tools/bridge/types.js +6 -0
package/dist/tools/bridge/types.js.map +1 -0
package/dist/tools/evolve/algorithm.d.ts +33 -0
package/dist/tools/evolve/algorithm.d.ts.map +1 -0
package/dist/tools/evolve/algorithm.js +64 -0
package/dist/tools/evolve/algorithm.js.map +1 -0
package/dist/tools/evolve/algorithm.test.d.ts +6 -0
package/dist/tools/evolve/algorithm.test.d.ts.map +1 -0
package/dist/tools/evolve/algorithm.test.js +138 -0
package/dist/tools/evolve/algorithm.test.js.map +1 -0
package/dist/tools/evolve/index.d.ts +11 -0
package/dist/tools/evolve/index.d.ts.map +1 -0
package/dist/tools/evolve/index.js +300 -0
package/dist/tools/evolve/index.js.map +1 -0
package/dist/tools/evolve/store.d.ts +27 -0
package/dist/tools/evolve/store.d.ts.map +1 -0
package/dist/tools/evolve/store.js +147 -0
package/dist/tools/evolve/store.js.map +1 -0
package/dist/tools/evolve/store.test.d.ts +6 -0
package/dist/tools/evolve/store.test.d.ts.map +1 -0
package/dist/tools/evolve/store.test.js +162 -0
package/dist/tools/evolve/store.test.js.map +1 -0
package/dist/tools/evolve/types.d.ts +38 -0
package/dist/tools/evolve/types.d.ts.map +1 -0
package/dist/tools/evolve/types.js +6 -0
package/dist/tools/evolve/types.js.map +1 -0
package/dist/tools/framework/content-loader.d.ts +45 -0
package/dist/tools/framework/content-loader.d.ts.map +1 -0
package/dist/tools/framework/content-loader.js +258 -0
package/dist/tools/framework/content-loader.js.map +1 -0
package/dist/tools/framework/content-loader.test.d.ts +5 -0
package/dist/tools/framework/content-loader.test.d.ts.map +1 -0
package/dist/tools/framework/content-loader.test.js +262 -0
package/dist/tools/framework/content-loader.test.js.map +1 -0
package/dist/tools/framework/index.d.ts +30 -0
package/dist/tools/framework/index.d.ts.map +1 -0
package/dist/tools/framework/index.js +517 -0
package/dist/tools/framework/index.js.map +1 -0
package/dist/tools/framework/session.d.ts +85 -0
package/dist/tools/framework/session.d.ts.map +1 -0
package/dist/tools/framework/session.js +311 -0
package/dist/tools/framework/session.js.map +1 -0
package/dist/tools/framework/session.test.d.ts +5 -0
package/dist/tools/framework/session.test.d.ts.map +1 -0
package/dist/tools/framework/session.test.js +291 -0
package/dist/tools/framework/session.test.js.map +1 -0
package/dist/tools/framework/sync-evaluator.d.ts +41 -0
package/dist/tools/framework/sync-evaluator.d.ts.map +1 -0
package/dist/tools/framework/sync-evaluator.js +298 -0
package/dist/tools/framework/sync-evaluator.js.map +1 -0
package/dist/tools/framework/sync-evaluator.test.d.ts +5 -0
package/dist/tools/framework/sync-evaluator.test.d.ts.map +1 -0
package/dist/tools/framework/sync-evaluator.test.js +288 -0
package/dist/tools/framework/sync-evaluator.test.js.map +1 -0
package/dist/tools/framework/types.d.ts +279 -0
package/dist/tools/framework/types.d.ts.map +1 -0
package/dist/tools/framework/types.js +6 -0
package/dist/tools/framework/types.js.map +1 -0
package/dist/tools/framework/workflow-intelligence.d.ts +55 -0
package/dist/tools/framework/workflow-intelligence.d.ts.map +1 -0
package/dist/tools/framework/workflow-intelligence.js +199 -0
package/dist/tools/framework/workflow-intelligence.js.map +1 -0
package/dist/tools/framework/workflow-intelligence.test.d.ts +6 -0
package/dist/tools/framework/workflow-intelligence.test.d.ts.map +1 -0
package/dist/tools/framework/workflow-intelligence.test.js +257 -0
package/dist/tools/framework/workflow-intelligence.test.js.map +1 -0
package/dist/tools/framework/workflow-planner.d.ts +10 -0
package/dist/tools/framework/workflow-planner.d.ts.map +1 -0
package/dist/tools/framework/workflow-planner.js +214 -0
package/dist/tools/framework/workflow-planner.js.map +1 -0
package/dist/tools/framework/workflow-planner.test.d.ts +5 -0
package/dist/tools/framework/workflow-planner.test.d.ts.map +1 -0
package/dist/tools/framework/workflow-planner.test.js +137 -0
package/dist/tools/framework/workflow-planner.test.js.map +1 -0
package/dist/tools/knowledge/bridge.d.ts +34 -0
package/dist/tools/knowledge/bridge.d.ts.map +1 -0
package/dist/tools/knowledge/bridge.js +249 -0
package/dist/tools/knowledge/bridge.js.map +1 -0
package/dist/tools/knowledge/bridge.test.d.ts +5 -0
package/dist/tools/knowledge/bridge.test.d.ts.map +1 -0
package/dist/tools/knowledge/bridge.test.js +221 -0
package/dist/tools/knowledge/bridge.test.js.map +1 -0
package/dist/tools/knowledge/extractor.d.ts +22 -0
package/dist/tools/knowledge/extractor.d.ts.map +1 -0
package/dist/tools/knowledge/extractor.js +154 -0
package/dist/tools/knowledge/extractor.js.map +1 -0
package/dist/tools/knowledge/index.d.ts +12 -0
package/dist/tools/knowledge/index.d.ts.map +1 -0
package/dist/tools/knowledge/index.js +505 -0
package/dist/tools/knowledge/index.js.map +1 -0
package/dist/tools/knowledge/retrieval.d.ts +28 -0
package/dist/tools/knowledge/retrieval.d.ts.map +1 -0
package/dist/tools/knowledge/retrieval.js +164 -0
package/dist/tools/knowledge/retrieval.js.map +1 -0
package/dist/tools/knowledge/store.d.ts +96 -0
package/dist/tools/knowledge/store.d.ts.map +1 -0
package/dist/tools/knowledge/store.js +562 -0
package/dist/tools/knowledge/store.js.map +1 -0
package/dist/tools/knowledge/store.test.d.ts +6 -0
package/dist/tools/knowledge/store.test.d.ts.map +1 -0
package/dist/tools/knowledge/store.test.js +385 -0
package/dist/tools/knowledge/store.test.js.map +1 -0
package/dist/tools/knowledge/types.d.ts +168 -0
package/dist/tools/knowledge/types.d.ts.map +1 -0
package/dist/tools/knowledge/types.js +6 -0
package/dist/tools/knowledge/types.js.map +1 -0
package/dist/tools/memory/evolution.d.ts +31 -0
package/dist/tools/memory/evolution.d.ts.map +1 -0
package/dist/tools/memory/evolution.js +130 -0
package/dist/tools/memory/evolution.js.map +1 -0
package/dist/tools/memory/index.d.ts +11 -0
package/dist/tools/memory/index.d.ts.map +1 -0
package/dist/tools/memory/index.js +239 -0
package/dist/tools/memory/index.js.map +1 -0
package/dist/tools/memory/store.d.ts +75 -0
package/dist/tools/memory/store.d.ts.map +1 -0
package/dist/tools/memory/store.js +398 -0
package/dist/tools/memory/store.js.map +1 -0
package/dist/tools/memory/store.test.d.ts +6 -0
package/dist/tools/memory/store.test.d.ts.map +1 -0
package/dist/tools/memory/store.test.js +429 -0
package/dist/tools/memory/store.test.js.map +1 -0
package/dist/tools/memory/types.d.ts +171 -0
package/dist/tools/memory/types.d.ts.map +1 -0
package/dist/tools/memory/types.js +6 -0
package/dist/tools/memory/types.js.map +1 -0
package/dist/tools/pipeline/composer.d.ts +29 -0
package/dist/tools/pipeline/composer.d.ts.map +1 -0
package/dist/tools/pipeline/composer.js +225 -0
package/dist/tools/pipeline/composer.js.map +1 -0
package/dist/tools/pipeline/composer.test.d.ts +2 -0
package/dist/tools/pipeline/composer.test.d.ts.map +1 -0
package/dist/tools/pipeline/composer.test.js +162 -0
package/dist/tools/pipeline/composer.test.js.map +1 -0
package/dist/tools/pipeline/index.d.ts +8 -0
package/dist/tools/pipeline/index.d.ts.map +1 -0
package/dist/tools/pipeline/index.js +102 -0
package/dist/tools/pipeline/index.js.map +1 -0
package/dist/tools/pipeline/planner.d.ts +10 -0
package/dist/tools/pipeline/planner.d.ts.map +1 -0
package/dist/tools/pipeline/planner.js +147 -0
package/dist/tools/pipeline/planner.js.map +1 -0
package/dist/tools/pipeline/planner.test.d.ts +2 -0
package/dist/tools/pipeline/planner.test.d.ts.map +1 -0
package/dist/tools/pipeline/planner.test.js +96 -0
package/dist/tools/pipeline/planner.test.js.map +1 -0
package/dist/tools/pipeline/preconditions.d.ts +14 -0
package/dist/tools/pipeline/preconditions.d.ts.map +1 -0
package/dist/tools/pipeline/preconditions.js +65 -0
package/dist/tools/pipeline/preconditions.js.map +1 -0
package/dist/tools/pipeline/preconditions.test.d.ts +2 -0
package/dist/tools/pipeline/preconditions.test.d.ts.map +1 -0
package/dist/tools/pipeline/preconditions.test.js +74 -0
package/dist/tools/pipeline/preconditions.test.js.map +1 -0
package/dist/tools/pipeline/types.d.ts +105 -0
package/dist/tools/pipeline/types.d.ts.map +1 -0
package/dist/tools/pipeline/types.js +6 -0
package/dist/tools/pipeline/types.js.map +1 -0
package/dist/tools/repair/index.d.ts +8 -0
package/dist/tools/repair/index.d.ts.map +1 -0
package/dist/tools/repair/index.js +384 -0
package/dist/tools/repair/index.js.map +1 -0
package/dist/tools/repair/repairer.d.ts +67 -0
package/dist/tools/repair/repairer.d.ts.map +1 -0
package/dist/tools/repair/repairer.js +257 -0
package/dist/tools/repair/repairer.js.map +1 -0
package/dist/tools/repair/repairer.test.d.ts +6 -0
package/dist/tools/repair/repairer.test.d.ts.map +1 -0
package/dist/tools/repair/repairer.test.js +159 -0
package/dist/tools/repair/repairer.test.js.map +1 -0
package/dist/tools/semantic/chunker.d.ts +23 -0
package/dist/tools/semantic/chunker.d.ts.map +1 -0
package/dist/tools/semantic/chunker.js +244 -0
package/dist/tools/semantic/chunker.js.map +1 -0
package/dist/tools/semantic/embedder.d.ts +16 -0
package/dist/tools/semantic/embedder.d.ts.map +1 -0
package/dist/tools/semantic/embedder.js +88 -0
package/dist/tools/semantic/embedder.js.map +1 -0
package/dist/tools/semantic/index.d.ts +8 -0
package/dist/tools/semantic/index.d.ts.map +1 -0
package/dist/tools/semantic/index.js +144 -0
package/dist/tools/semantic/index.js.map +1 -0
package/dist/tools/semantic/store.d.ts +31 -0
package/dist/tools/semantic/store.d.ts.map +1 -0
package/dist/tools/semantic/store.js +168 -0
package/dist/tools/semantic/store.js.map +1 -0
package/dist/tools/semantic/store.test.d.ts +6 -0
package/dist/tools/semantic/store.test.d.ts.map +1 -0
package/dist/tools/semantic/store.test.js +240 -0
package/dist/tools/semantic/store.test.js.map +1 -0
package/dist/tools/spec/generator.d.ts +32 -0
package/dist/tools/spec/generator.d.ts.map +1 -0
package/dist/tools/spec/generator.js +278 -0
package/dist/tools/spec/generator.js.map +1 -0
package/dist/tools/spec/generator.test.d.ts +6 -0
package/dist/tools/spec/generator.test.d.ts.map +1 -0
package/dist/tools/spec/generator.test.js +208 -0
package/dist/tools/spec/generator.test.js.map +1 -0
package/dist/tools/spec/index.d.ts +11 -0
package/dist/tools/spec/index.d.ts.map +1 -0
package/dist/tools/spec/index.js +426 -0
package/dist/tools/spec/index.js.map +1 -0
package/dist/tools/spec/store.d.ts +24 -0
package/dist/tools/spec/store.d.ts.map +1 -0
package/dist/tools/spec/store.js +104 -0
package/dist/tools/spec/store.js.map +1 -0
package/dist/tools/spec/store.test.d.ts +6 -0
package/dist/tools/spec/store.test.d.ts.map +1 -0
package/dist/tools/spec/store.test.js +173 -0
package/dist/tools/spec/store.test.js.map +1 -0
package/dist/tools/spec/types.d.ts +61 -0
package/dist/tools/spec/types.d.ts.map +1 -0
package/dist/tools/spec/types.js +6 -0
package/dist/tools/spec/types.js.map +1 -0
package/dist/tools/state/index.d.ts +11 -0
package/dist/tools/state/index.d.ts.map +1 -0
package/dist/tools/state/index.js +386 -0
package/dist/tools/state/index.js.map +1 -0
package/dist/tools/state/migrate.d.ts +39 -0
package/dist/tools/state/migrate.d.ts.map +1 -0
package/dist/tools/state/migrate.js +242 -0
package/dist/tools/state/migrate.js.map +1 -0
package/dist/tools/state/migrate.test.d.ts +2 -0
package/dist/tools/state/migrate.test.d.ts.map +1 -0
package/dist/tools/state/migrate.test.js +265 -0
package/dist/tools/state/migrate.test.js.map +1 -0
package/dist/tools/state/store.d.ts +107 -0
package/dist/tools/state/store.d.ts.map +1 -0
package/dist/tools/state/store.js +365 -0
package/dist/tools/state/store.js.map +1 -0
package/dist/tools/state/store.test.d.ts +5 -0
package/dist/tools/state/store.test.d.ts.map +1 -0
package/dist/tools/state/store.test.js +293 -0
package/dist/tools/state/store.test.js.map +1 -0
package/dist/tools/state/types.d.ts +90 -0
package/dist/tools/state/types.d.ts.map +1 -0
package/dist/tools/state/types.js +6 -0
package/dist/tools/state/types.js.map +1 -0
package/dist/tools/testing/analyzer.d.ts +44 -0
package/dist/tools/testing/analyzer.d.ts.map +1 -0
package/dist/tools/testing/analyzer.js +280 -0
package/dist/tools/testing/analyzer.js.map +1 -0
package/dist/tools/testing/generator.d.ts +57 -0
package/dist/tools/testing/generator.d.ts.map +1 -0
package/dist/tools/testing/generator.js +478 -0
package/dist/tools/testing/generator.js.map +1 -0
package/dist/tools/testing/generator.test.d.ts +6 -0
package/dist/tools/testing/generator.test.d.ts.map +1 -0
package/dist/tools/testing/generator.test.js +285 -0
package/dist/tools/testing/generator.test.js.map +1 -0
package/dist/tools/testing/index.d.ts +8 -0
package/dist/tools/testing/index.d.ts.map +1 -0
package/dist/tools/testing/index.js +373 -0
package/dist/tools/testing/index.js.map +1 -0
package/dist/utils/embedder.d.ts +7 -0
package/dist/utils/embedder.d.ts.map +1 -0
package/dist/utils/embedder.js +13 -0
package/dist/utils/embedder.js.map +1 -0
package/dist/utils/execution.d.ts +68 -0
package/dist/utils/execution.d.ts.map +1 -0
package/dist/utils/execution.js +467 -0
package/dist/utils/execution.js.map +1 -0
package/dist/utils/graph.d.ts +26 -0
package/dist/utils/graph.d.ts.map +1 -0
package/dist/utils/graph.js +32 -0
package/dist/utils/graph.js.map +1 -0
package/dist/utils/guards.d.ts +32 -0
package/dist/utils/guards.d.ts.map +1 -0
package/dist/utils/guards.js +40 -0
package/dist/utils/guards.js.map +1 -0
package/dist/utils/ids.d.ts +5 -0
package/dist/utils/ids.d.ts.map +1 -0
package/dist/utils/ids.js +7 -0
package/dist/utils/ids.js.map +1 -0
package/dist/utils/languages.d.ts +34 -0
package/dist/utils/languages.d.ts.map +1 -0
package/dist/utils/languages.js +153 -0
package/dist/utils/languages.js.map +1 -0
package/dist/utils/lazy.d.ts +17 -0
package/dist/utils/lazy.d.ts.map +1 -0
package/dist/utils/lazy.js +35 -0
package/dist/utils/lazy.js.map +1 -0
package/dist/utils/project.d.ts +41 -0
package/dist/utils/project.d.ts.map +1 -0
package/dist/utils/project.js +82 -0
package/dist/utils/project.js.map +1 -0
package/dist/utils/responses.d.ts +27 -0
package/dist/utils/responses.d.ts.map +1 -0
package/dist/utils/responses.js +72 -0
package/dist/utils/responses.js.map +1 -0
package/dist/utils/vectors.d.ts +33 -0
package/dist/utils/vectors.d.ts.map +1 -0
package/dist/utils/vectors.js +80 -0
package/dist/utils/vectors.js.map +1 -0
package/dist/utils/vectors.test.d.ts +6 -0
package/dist/utils/vectors.test.d.ts.map +1 -0
package/dist/utils/vectors.test.js +96 -0
package/dist/utils/vectors.test.js.map +1 -0
package/package.json +69 -0
package/scripts/init.js +142 -0
package/templates/CLAUDE.md.template +96 -0
package/templates/agents/architecture-concept.md +237 -0
package/templates/agents/checkpoint-concept.md +218 -0
package/templates/agents/code-analysis-concept.md +171 -0
package/templates/agents/compete-control.md +44 -0
package/templates/agents/compete-evaluator.md +87 -0
package/templates/agents/compete-treatment.md +55 -0
package/templates/agents/context-concept.md +254 -0
package/templates/agents/debate-advocate.md +127 -0
package/templates/agents/debate-critic.md +119 -0
package/templates/agents/debate-synthesis.md +160 -0
package/templates/agents/documentation-concept.md +294 -0
package/templates/agents/implementation-concept.md +165 -0
package/templates/agents/quality-concept.md +299 -0
package/templates/agents/research-concept.md +169 -0
package/templates/agents/security-concept.md +255 -0
package/templates/agents/story-concept.md +207 -0
package/templates/agents/verification-concept.md +456 -0
package/templates/agents/version-concept.md +163 -0
package/templates/anchors/directory.anchor.yaml.template +53 -0
package/templates/anchors/rules.anchor.yaml.template +70 -0
package/templates/anchors/safety.anchor.yaml.template +96 -0
package/templates/claude-md-managed.template +105 -0
package/templates/commands/cache.md.template +439 -0
package/templates/commands/checkpoint.md.template +121 -0
package/templates/commands/classify.md.template +138 -0
package/templates/commands/compete.md.template +90 -0
package/templates/commands/costs.md.template +111 -0
package/templates/commands/estimate.md.template +196 -0
package/templates/commands/explore.md.template +186 -0
package/templates/commands/feature.md.template +216 -0
package/templates/commands/forget.md.template +104 -0
package/templates/commands/global-recall.md.template +250 -0
package/templates/commands/global-remember.md.template +187 -0
package/templates/commands/health.md.template +107 -0
package/templates/commands/help.md.template +253 -0
package/templates/commands/observe.md.template +211 -0
package/templates/commands/pr-review.md.template +164 -0
package/templates/commands/predict-cost.md.template +251 -0
package/templates/commands/profile.md.template +142 -0
package/templates/commands/reasoning.md.template +228 -0
package/templates/commands/recall.md.template +197 -0
package/templates/commands/remember.md.template +148 -0
package/templates/commands/replay.md.template +449 -0
package/templates/commands/restore.md.template +87 -0
package/templates/commands/retrospective.md.template +47 -0
package/templates/commands/slo.md.template +286 -0
package/templates/commands/spec.md.template +164 -0
package/templates/commands/status.md.template +53 -0
package/templates/commands/sync.md.template +321 -0
package/templates/commands/task.md.template +86 -0
package/templates/commands/trace.md.template +86 -0
package/templates/commands/visualize.md.template +216 -0
package/templates/commands/workflow.md.template +375 -0
package/templates/concepts/README.md +329 -0
package/templates/concepts/architecture.md.template +74 -0
package/templates/concepts/code-analysis.md.template +186 -0
package/templates/concepts/context-compactor.md.template +393 -0
package/templates/concepts/context.md.template +62 -0
package/templates/concepts/documentation.md.template +452 -0
package/templates/concepts/estimator.md.template +214 -0
package/templates/concepts/exploration.md.template +257 -0
package/templates/concepts/global-memory.md.template +222 -0
package/templates/concepts/implementation.md.template +62 -0
package/templates/concepts/pr-review.md.template +277 -0
package/templates/concepts/project-profile.md.template +358 -0
package/templates/concepts/quality.md.template +63 -0
package/templates/concepts/react-fallback.md.template +286 -0
package/templates/concepts/research.md.template +221 -0
package/templates/concepts/retrospective.md.template +93 -0
package/templates/concepts/security.md.template +442 -0
package/templates/concepts/slo.md.template +274 -0
package/templates/concepts/spec.md.template +71 -0
package/templates/concepts/story.md.template +50 -0
package/templates/concepts/tool-router.md.template +289 -0
package/templates/concepts/verification-synthesizer.md.template +279 -0
package/templates/concepts/version.md.template +61 -0
package/templates/config.yaml.template +347 -0
package/templates/examples/README.md +77 -0
package/templates/examples/architecture/api-design.yaml.template +286 -0
package/templates/examples/architecture/oauth-authentication.yaml.template +305 -0
package/templates/health/status.yaml.template +120 -0
package/templates/hooks/concept-complete.sh.template +45 -0
package/templates/hooks/lib/common.sh.template +160 -0
package/templates/hooks/post-commit.sh.template +37 -0
package/templates/hooks/post-concept-action.template +39 -0
package/templates/hooks/post-tool-structure-check.sh.template +138 -0
package/templates/hooks/post-tool-use.sh.template +51 -0
package/templates/hooks/pre-compact.sh.template +48 -0
package/templates/hooks/pre-tool-grounding.template +148 -0
package/templates/hooks/session-exit-checkpoint.sh.template +35 -0
package/templates/hooks/session-start.sh.template +67 -0
package/templates/hooks/statusline.sh.template +148 -0
package/templates/hooks/stop.sh.template +45 -0
package/templates/hooks/subagent-stop.sh.template +40 -0
package/templates/hooks/sync-blocked.sh.template +45 -0
package/templates/hooks/timeout.sh.template +48 -0
package/templates/hooks/user-prompt-submit.sh.template +68 -0
package/templates/koan/README.md +58 -0
package/templates/memory/index.yaml.template +48 -0
package/templates/memory/procedural/debugging.yaml.template +24 -0
package/templates/memory/procedural/workflows.yaml.template +22 -0
package/templates/memory/semantic/architecture.yaml.template +21 -0
package/templates/memory/semantic/conventions.yaml.template +18 -0
package/templates/memory/semantic/patterns.yaml.template +21 -0
package/templates/memory/semantic/preferences.yaml.template +18 -0
package/templates/prompts/architecture.yaml.template +349 -0
package/templates/prompts/context.yaml.template +384 -0
package/templates/prompts/implementation.yaml.template +365 -0
package/templates/prompts/planning.yaml.template +303 -0
package/templates/prompts/quality.yaml.template +345 -0
package/templates/prompts/retrospective.yaml.template +231 -0
package/templates/prompts/slo.yaml.template +360 -0
package/templates/prompts/story.yaml.template +236 -0
package/templates/prompts/tree-of-thoughts.yaml.template +299 -0
package/templates/prompts/verification.yaml.template +286 -0
package/templates/prompts/version.yaml.template +279 -0
package/templates/schemas/agent-schema.json +98 -0
package/templates/schemas/architecture.schema.json +69 -0
package/templates/schemas/config-schema.json +165 -0
package/templates/schemas/implementation.schema.json +75 -0
package/templates/schemas/planning.schema.json +243 -0
package/templates/schemas/provenance.schema.json +111 -0
package/templates/schemas/retrospective.schema.json +174 -0
package/templates/schemas/review.schema.json +284 -0
package/templates/schemas/slo.schema.json +443 -0
package/templates/schemas/story.schema.json +68 -0
package/templates/schemas/sync-schema.json +196 -0
package/templates/schemas/task.schema.json +127 -0
package/templates/schemas/tree-of-thoughts.schema.json +175 -0
package/templates/schemas/verification.schema.json +106 -0
package/templates/settings.full.json.template +135 -0
package/templates/settings.minimal.json.template +68 -0
package/templates/settings.standard.json.template +135 -0
package/templates/skills/acceptance-criteria-generation.md.template +330 -0
package/templates/skills/accessibility-checking.md.template +341 -0
package/templates/skills/api-design-patterns.md.template +395 -0
package/templates/skills/batch-processing.md.template +605 -0
package/templates/skills/branch-strategy.md.template +362 -0
package/templates/skills/changelog-generation.md.template +403 -0
package/templates/skills/code-coverage-analysis.md.template +362 -0
package/templates/skills/code-style-enforcement.md.template +294 -0
package/templates/skills/code-template-patterns.md.template +419 -0
package/templates/skills/concept-development.md.template +159 -0
package/templates/skills/context-prioritization.md.template +306 -0
package/templates/skills/cost-optimization.md.template +482 -0
package/templates/skills/cross-project-knowledge.md.template +316 -0
package/templates/skills/dependency-impact-analysis.md.template +263 -0
package/templates/skills/documentation-generation.md.template +409 -0
package/templates/skills/effort-estimation.md.template +350 -0
package/templates/skills/error-classification.md.template +709 -0
package/templates/skills/error-messages.md.template +339 -0
package/templates/skills/ide-diagnostics.md.template +480 -0
package/templates/skills/incremental-loading.md.template +574 -0
package/templates/skills/output-caching.md.template +524 -0
package/templates/skills/performance-estimation.md.template +325 -0
package/templates/skills/performance-testing-patterns.md.template +341 -0
package/templates/skills/phase2-optimizations-summary.md.template +458 -0
package/templates/skills/progressive-disclosure-pattern.md.template +190 -0
package/templates/skills/project-structure.md.template +372 -0
package/templates/skills/provenance-analysis.md.template +609 -0
package/templates/skills/react-executor.md.template +366 -0
package/templates/skills/refactoring-patterns.md.template +422 -0
package/templates/skills/release-management.md.template +373 -0
package/templates/skills/requirement-prioritization.md.template +357 -0
package/templates/skills/schema-validation.md.template +321 -0
package/templates/skills/security-design-patterns.md.template +692 -0
package/templates/skills/security-vulnerability-scanning.md.template +663 -0
package/templates/skills/semantic-memory.md.template +266 -0
package/templates/skills/semantic-versioning.md.template +371 -0
package/templates/skills/smart-retry.md.template +676 -0
package/templates/skills/smart-summarization.md.template +358 -0
package/templates/skills/story-decomposition.md.template +278 -0
package/templates/skills/synchronization-patterns.md.template +303 -0
package/templates/skills/test-generation-strategy.md.template +247 -0
package/templates/skills/workflow-replay.md.template +478 -0
package/templates/skills/wysiwid-principles.md.template +364 -0
package/templates/skills-manifest.yaml.template +526 -0
package/templates/stubs/agents/architecture-concept.md +20 -0
package/templates/stubs/agents/checkpoint-concept.md +19 -0
package/templates/stubs/agents/code-analysis-concept.md +36 -0
package/templates/stubs/agents/context-concept.md +37 -0
package/templates/stubs/agents/debate-advocate.md +12 -0
package/templates/stubs/agents/debate-critic.md +12 -0
package/templates/stubs/agents/debate-synthesis.md +12 -0
package/templates/stubs/agents/documentation-concept.md +39 -0
package/templates/stubs/agents/implementation-concept.md +41 -0
package/templates/stubs/agents/quality-concept.md +41 -0
package/templates/stubs/agents/research-concept.md +35 -0
package/templates/stubs/agents/security-concept.md +40 -0
package/templates/stubs/agents/spec-concept.md +35 -0
package/templates/stubs/agents/story-concept.md +36 -0
package/templates/stubs/agents/verification-concept.md +39 -0
package/templates/stubs/agents/version-concept.md +37 -0
package/templates/stubs/commands/cache.md.template +2 -0
package/templates/stubs/commands/checkpoint.md.template +2 -0
package/templates/stubs/commands/classify.md.template +2 -0
package/templates/stubs/commands/compete.md.template +2 -0
package/templates/stubs/commands/costs.md.template +2 -0
package/templates/stubs/commands/estimate.md.template +2 -0
package/templates/stubs/commands/explore.md.template +2 -0
package/templates/stubs/commands/feature.md.template +2 -0
package/templates/stubs/commands/forget.md.template +2 -0
package/templates/stubs/commands/global-recall.md.template +2 -0
package/templates/stubs/commands/global-remember.md.template +2 -0
package/templates/stubs/commands/health.md.template +2 -0
package/templates/stubs/commands/help.md.template +2 -0
package/templates/stubs/commands/observe.md.template +2 -0
package/templates/stubs/commands/pr-review.md.template +2 -0
package/templates/stubs/commands/predict-cost.md.template +2 -0
package/templates/stubs/commands/profile.md.template +2 -0
package/templates/stubs/commands/reasoning.md.template +2 -0
package/templates/stubs/commands/recall.md.template +2 -0
package/templates/stubs/commands/remember.md.template +2 -0
package/templates/stubs/commands/replay.md.template +2 -0
package/templates/stubs/commands/restore.md.template +2 -0
package/templates/stubs/commands/retrospective.md.template +2 -0
package/templates/stubs/commands/slo.md.template +2 -0
package/templates/stubs/commands/spec.md.template +2 -0
package/templates/stubs/commands/sync.md.template +2 -0
package/templates/stubs/commands/task.md.template +2 -0
package/templates/stubs/commands/trace.md.template +2 -0
package/templates/stubs/commands/visualize.md.template +2 -0
package/templates/stubs/commands/workflow.md.template +2 -0
package/templates/synchronizations/archive/adaptive-learning.yaml.template +595 -0
package/templates/synchronizations/archive/code-understanding-flow.yaml.template +533 -0
package/templates/synchronizations/archive/collaboration-flow.yaml.template +521 -0
package/templates/synchronizations/archive/context-folding.yaml.template +353 -0
package/templates/synchronizations/archive/dead-letter-queue.yaml.template +530 -0
package/templates/synchronizations/archive/documentation-flow.yaml.template +560 -0
package/templates/synchronizations/archive/error-recovery-flow.yaml.template +1031 -0
package/templates/synchronizations/archive/execution-loop.yaml.template +336 -0
package/templates/synchronizations/archive/exploration-flow.yaml.template +369 -0
package/templates/synchronizations/archive/feature-development.yaml.template +2145 -0
package/templates/synchronizations/archive/learning-loop.yaml.template +657 -0
package/templates/synchronizations/archive/multi-verify.yaml.template +346 -0
package/templates/synchronizations/archive/planning-flow.yaml.template +312 -0
package/templates/synchronizations/archive/retrospective-flow.yaml.template +277 -0
package/templates/synchronizations/archive/security-flow.yaml.template +477 -0
package/templates/synchronizations/archive/slo-monitoring.yaml.template +209 -0
package/templates/synchronizations/archive/task-routing.yaml.template +489 -0
package/templates/synchronizations/archive/test-driven.yaml.template +291 -0
package/templates/synchronizations/archive/tool-routing.yaml.template +326 -0
package/templates/synchronizations/archive/verification-flow.yaml.template +407 -0
package/templates/synchronizations/error-policy.yaml.template +188 -0
package/templates/synchronizations/main.sync.template +319 -0
package/templates/synchronizations/slo-registry.yaml.template +229 -0
package/templates/tasks/task.yaml.template +67 -0
package/templates/zen-profile.yaml.template +14 -0

package/templates/skills/security-design-patterns.md.template ADDED Viewed

@@ -0,0 +1,692 @@
+---
+name: Security Design Patterns
+description: Apply OWASP-aligned security patterns during architecture design to prevent vulnerabilities from the start
+version: 1.0.0
+trigger_keywords: [security, auth, authorization, encryption, OWASP, vulnerability, authentication, password, token, session]
+author: Zen Architecture
+applies_to: [architecture-concept]
+priority: P0
+impact: critical
+---
+# Security Design Patterns - Expert Skill
+Apply security best practices during architecture design to prevent vulnerabilities before they're implemented.
+## Purpose
+Security design patterns provide:
+- **Prevention over detection**: Catch security issues at design time, not production
+- **OWASP alignment**: Industry-standard security checklist
+- **Cost savings**: Security retrofits are 10x more expensive than design-time fixes
+- **Compliance readiness**: Meet security audit requirements from the start
+## When to Use
+Use security design patterns when:
+- ✅ Designing authentication or authorization systems
+- ✅ Handling sensitive data (PII, credentials, financial)
+- ✅ Creating API endpoints exposed to users
+- ✅ Integrating with third-party services
+- ✅ Processing user input of any kind
+- ✅ Storing or transmitting secrets
+## OWASP Top 10 Checklist
+### A01: Broken Access Control
+**Design Checklist**:
+```yaml
+access_control:
+  - principle: "Deny by default"
+    implementation: "All endpoints require explicit authorization"
+    pattern: |
+      // Middleware-first authorization
+      router.use(authMiddleware);
+      router.use(authzMiddleware);
+  - principle: "Least privilege"
+    implementation: "Users get minimum permissions needed"
+    pattern: |
+      // Role-based with minimal grants
+      const permissions = {
+        viewer: ['read'],
+        editor: ['read', 'write'],
+        admin: ['read', 'write', 'delete', 'admin']
+      };
+  - principle: "Ownership verification"
+    implementation: "Verify user owns resource before access"
+    pattern: |
+      // Always check ownership
+      async function getResource(userId, resourceId) {
+        const resource = await db.find(resourceId);
+        if (resource.ownerId !== userId) {
+          throw new ForbiddenError();
+        }
+        return resource;
+      }
+```
+### A02: Cryptographic Failures
+**Design Checklist**:
+```yaml
+cryptography:
+  - principle: "Encrypt sensitive data at rest"
+    implementation: "Use AES-256 for data at rest"
+    pattern: |
+      // Encrypt before storing
+      const encrypted = await encrypt(sensitiveData, key);
+      await db.store({ data: encrypted, iv: iv });
+  - principle: "TLS everywhere"
+    implementation: "HTTPS only, no HTTP fallback"
+    pattern: |
+      // Force HTTPS in production
+      if (process.env.NODE_ENV === 'production') {
+        app.use(helmet.hsts());
+        app.use(redirectToHttps());
+      }
+  - principle: "No hardcoded secrets"
+    implementation: "Use environment variables or secret managers"
+    pattern: |
+      // Load from environment
+      const config = {
+        dbPassword: process.env.DB_PASSWORD,
+        apiKey: process.env.API_KEY,
+        jwtSecret: process.env.JWT_SECRET
+      };
+  - principle: "Secure password storage"
+    implementation: "bcrypt with cost factor >= 12"
+    pattern: |
+      // Hash passwords properly
+      const BCRYPT_ROUNDS = 12;
+      const hash = await bcrypt.hash(password, BCRYPT_ROUNDS);
+```
+### A03: Injection
+**Design Checklist**:
+```yaml
+injection_prevention:
+  - principle: "Parameterized queries only"
+    implementation: "Never concatenate user input into queries"
+    pattern: |
+      // GOOD: Parameterized
+      const result = await db.query(
+        'SELECT * FROM users WHERE id = $1',
+        [userId]
+      );
+      // BAD: Concatenation (NEVER DO THIS)
+      // const result = await db.query(
+      //   `SELECT * FROM users WHERE id = ${userId}`
+      // );
+  - principle: "Input validation"
+    implementation: "Validate and sanitize all input"
+    pattern: |
+      // Validate with schema
+      const schema = Joi.object({
+        email: Joi.string().email().required(),
+        age: Joi.number().integer().min(0).max(150)
+      });
+      const validated = await schema.validateAsync(input);
+  - principle: "Output encoding"
+    implementation: "Encode output based on context"
+    pattern: |
+      // HTML context
+      const safeHtml = escapeHtml(userInput);
+      // URL context
+      const safeUrl = encodeURIComponent(userInput);
+      // JavaScript context
+      const safeJs = JSON.stringify(userInput);
+```
+### A04: Insecure Design
+**Design Checklist**:
+```yaml
+secure_design:
+  - principle: "Threat modeling"
+    implementation: "Identify threats during design"
+    questions:
+      - "What data is sensitive?"
+      - "Who should access what?"
+      - "What could an attacker try?"
+      - "What's the blast radius of a breach?"
+  - principle: "Defense in depth"
+    implementation: "Multiple layers of security"
+    layers:
+      - "Network: Firewall, VPN"
+      - "Application: Auth, authz, validation"
+      - "Data: Encryption, access controls"
+      - "Monitoring: Logging, alerting"
+  - principle: "Fail securely"
+    implementation: "Errors don't leak information"
+    pattern: |
+      // Don't reveal internal details
+      catch (error) {
+        logger.error('Internal error', { error, userId });
+        return res.status(500).json({
+          error: 'An error occurred',
+          // NOT: error.message, error.stack
+        });
+      }
+```
+### A05: Security Misconfiguration
+**Design Checklist**:
+```yaml
+configuration:
+  - principle: "Secure defaults"
+    implementation: "Default to most secure option"
+    examples:
+      - "CORS: Deny all origins by default"
+      - "Headers: Enable security headers"
+      - "Permissions: No access by default"
+  - principle: "Remove unnecessary features"
+    implementation: "Disable unused endpoints, methods, features"
+    pattern: |
+      // Only enable needed HTTP methods
+      router.route('/users/:id')
+        .get(getUser)
+        .put(updateUser);
+      // DELETE not enabled unless needed
+  - principle: "Security headers"
+    implementation: "Use helmet.js or equivalent"
+    pattern: |
+      app.use(helmet({
+        contentSecurityPolicy: true,
+        crossOriginEmbedderPolicy: true,
+        crossOriginOpenerPolicy: true,
+        crossOriginResourcePolicy: true,
+        dnsPrefetchControl: true,
+        frameguard: true,
+        hidePoweredBy: true,
+        hsts: true,
+        ieNoOpen: true,
+        noSniff: true,
+        originAgentCluster: true,
+        permittedCrossDomainPolicies: true,
+        referrerPolicy: true,
+        xssFilter: true
+      }));
+```
+### A06: Vulnerable Components
+**Design Checklist**:
+```yaml
+dependencies:
+  - principle: "Minimal dependencies"
+    implementation: "Only add necessary packages"
+  - principle: "Regular updates"
+    implementation: "Automated dependency updates"
+    tools:
+      - "Dependabot"
+      - "Renovate"
+      - "npm audit"
+  - principle: "Vulnerability scanning"
+    implementation: "CI/CD security scanning"
+    pattern: |
+      # In CI pipeline
+      - name: Security audit
+        run: npm audit --audit-level=high
+```
+### A07: Authentication Failures
+**Design Checklist**:
+```yaml
+authentication:
+  - principle: "Strong password policy"
+    implementation: "Minimum requirements + breach check"
+    pattern: |
+      const passwordPolicy = {
+        minLength: 12,
+        requireUppercase: true,
+        requireLowercase: true,
+        requireNumber: true,
+        requireSpecial: true,
+        checkBreached: true // Check haveibeenpwned
+      };
+  - principle: "Rate limiting"
+    implementation: "Limit auth attempts"
+    pattern: |
+      const loginLimiter = rateLimit({
+        windowMs: 15 * 60 * 1000, // 15 minutes
+        max: 5, // 5 attempts
+        message: 'Too many login attempts'
+      });
+      app.post('/login', loginLimiter, loginHandler);
+  - principle: "Multi-factor authentication"
+    implementation: "MFA for sensitive operations"
+    triggers:
+      - "New device login"
+      - "Password change"
+      - "Financial transactions"
+      - "Admin operations"
+  - principle: "Secure session management"
+    implementation: "HTTP-only, secure cookies"
+    pattern: |
+      app.use(session({
+        cookie: {
+          httpOnly: true,
+          secure: true,
+          sameSite: 'strict',
+          maxAge: 3600000 // 1 hour
+        },
+        resave: false,
+        saveUninitialized: false
+      }));
+```
+### A08: Software and Data Integrity
+**Design Checklist**:
+```yaml
+integrity:
+  - principle: "Verify dependencies"
+    implementation: "Lock files and integrity checks"
+    pattern: |
+      # package-lock.json with integrity hashes
+      npm ci # Use ci, not install
+  - principle: "Code signing"
+    implementation: "Sign releases and verify signatures"
+  - principle: "CI/CD security"
+    implementation: "Secure pipeline configuration"
+    checks:
+      - "Protected branches"
+      - "Required reviews"
+      - "Signed commits"
+```
+### A09: Security Logging and Monitoring
+**Design Checklist**:
+```yaml
+logging:
+  - principle: "Log security events"
+    implementation: "Audit trail for sensitive operations"
+    events_to_log:
+      - "Login success/failure"
+      - "Password changes"
+      - "Permission changes"
+      - "Data access"
+      - "Admin operations"
+  - principle: "Don't log sensitive data"
+    implementation: "Redact PII and secrets"
+    pattern: |
+      function sanitizeForLog(data) {
+        return {
+          ...data,
+          password: '[REDACTED]',
+          ssn: '[REDACTED]',
+          creditCard: '[REDACTED]'
+        };
+      }
+  - principle: "Alerting"
+    implementation: "Alert on suspicious patterns"
+    triggers:
+      - "Multiple failed logins"
+      - "Unusual access patterns"
+      - "Privilege escalation attempts"
+```
+### A10: Server-Side Request Forgery (SSRF)
+**Design Checklist**:
+```yaml
+ssrf_prevention:
+  - principle: "URL validation"
+    implementation: "Whitelist allowed destinations"
+    pattern: |
+      const allowedHosts = ['api.trusted.com', 'cdn.trusted.com'];
+      function validateUrl(url) {
+        const parsed = new URL(url);
+        if (!allowedHosts.includes(parsed.host)) {
+          throw new Error('URL not allowed');
+        }
+        return parsed;
+      }
+  - principle: "No internal access"
+    implementation: "Block requests to internal IPs"
+    blocked:
+      - "127.0.0.0/8"
+      - "10.0.0.0/8"
+      - "172.16.0.0/12"
+      - "192.168.0.0/16"
+      - "169.254.0.0/16"
+```
+## Authentication Pattern Selection
+### Pattern: OAuth 2.0 / OIDC
+**When to Use**:
+- Third-party identity provider integration
+- "Sign in with Google/GitHub/etc"
+- Delegated authorization
+**Architecture**:
+```yaml
+oauth_architecture:
+  components:
+    - name: "OAuth Client"
+      purpose: "Initiate auth flow, handle callbacks"
+    - name: "Token Store"
+      purpose: "Secure storage of access/refresh tokens"
+      encryption: "AES-256"
+    - name: "Token Refresh Service"
+      purpose: "Automatic token refresh before expiry"
+  flow:
+    1. "User clicks 'Sign in with Provider'"
+    2. "Redirect to provider with client_id, scope, state"
+    3. "User authenticates with provider"
+    4. "Provider redirects back with authorization code"
+    5. "Exchange code for tokens (server-side)"
+    6. "Store tokens securely"
+    7. "Create local session"
+```
+### Pattern: JWT Authentication
+**When to Use**:
+- Stateless authentication
+- Microservices architecture
+- Mobile app backends
+**Architecture**:
+```yaml
+jwt_architecture:
+  token_structure:
+    header: "Algorithm, type"
+    payload: "Claims (sub, exp, iat, custom)"
+    signature: "HMAC or RSA signature"
+  best_practices:
+    - algorithm: "RS256 (asymmetric) or HS256 (symmetric)"
+    - expiry: "Short-lived (15-60 minutes)"
+    - refresh: "Separate refresh token with longer life"
+    - storage: "HTTP-only cookie (web) or secure storage (mobile)"
+    - revocation: "Token blacklist or short expiry + refresh"
+  pattern: |
+    // Generate token
+    const token = jwt.sign(
+      { sub: userId, role: userRole },
+      privateKey,
+      { algorithm: 'RS256', expiresIn: '15m' }
+    );
+    // Verify token
+    const decoded = jwt.verify(token, publicKey, {
+      algorithms: ['RS256']
+    });
+```
+### Pattern: Session-Based Authentication
+**When to Use**:
+- Traditional web applications
+- When server state is acceptable
+- Simpler security model needed
+**Architecture**:
+```yaml
+session_architecture:
+  storage: "Redis or database"
+  best_practices:
+    - "Regenerate session ID on login"
+    - "Set appropriate expiry"
+    - "Use secure, HTTP-only cookies"
+    - "Implement session fixation protection"
+  pattern: |
+    // Session configuration
+    app.use(session({
+      store: new RedisStore({ client: redisClient }),
+      secret: process.env.SESSION_SECRET,
+      name: 'sessionId',
+      resave: false,
+      saveUninitialized: false,
+      cookie: {
+        secure: true,
+        httpOnly: true,
+        sameSite: 'strict',
+        maxAge: 3600000
+      }
+    }));
+```
+## Authorization Model Selection
+### Model: Role-Based Access Control (RBAC)
+**When to Use**:
+- Simple permission structure
+- Users fit into clear roles
+- Permissions don't vary by resource
+**Architecture**:
+```yaml
+rbac_architecture:
+  structure:
+    roles:
+      - admin: [create, read, update, delete, manage_users]
+      - editor: [create, read, update]
+      - viewer: [read]
+  implementation: |
+    function hasPermission(user, permission) {
+      const rolePermissions = permissions[user.role];
+      return rolePermissions.includes(permission);
+    }
+```
+### Model: Attribute-Based Access Control (ABAC)
+**When to Use**:
+- Complex permission rules
+- Permissions depend on resource attributes
+- Context-aware access control
+**Architecture**:
+```yaml
+abac_architecture:
+  attributes:
+    subject: [role, department, clearance]
+    resource: [owner, classification, type]
+    action: [read, write, delete]
+    environment: [time, location, ip]
+  policy_example: |
+    // User can edit if:
+    // - They are the owner, OR
+    // - They are an editor AND resource is not confidential
+    function canEdit(user, resource) {
+      if (resource.ownerId === user.id) return true;
+      if (user.role === 'editor' && !resource.confidential) return true;
+      return false;
+    }
+```
+## Data Protection Patterns
+### Pattern: Encryption at Rest
+```yaml
+encryption_at_rest:
+  database:
+    method: "Transparent Data Encryption (TDE) or application-level"
+    algorithm: "AES-256"
+    key_management: "AWS KMS, HashiCorp Vault, or equivalent"
+  files:
+    method: "Encrypt before storage"
+    pattern: |
+      async function storeSecurely(data) {
+        const key = await kms.getKey('data-encryption-key');
+        const iv = crypto.randomBytes(16);
+        const cipher = crypto.createCipheriv('aes-256-gcm', key, iv);
+        const encrypted = Buffer.concat([
+          cipher.update(data),
+          cipher.final()
+        ]);
+        const tag = cipher.getAuthTag();
+        return { encrypted, iv, tag };
+      }
+```
+### Pattern: Data Masking
+```yaml
+data_masking:
+  purposes:
+    - "Display in UI"
+    - "Logging"
+    - "Non-production environments"
+  patterns:
+    email: "j***@example.com"
+    phone: "***-***-1234"
+    ssn: "***-**-1234"
+    credit_card: "****-****-****-1234"
+  implementation: |
+    function maskEmail(email) {
+      const [local, domain] = email.split('@');
+      return `${local[0]}***@${domain}`;
+    }
+    function maskCreditCard(cc) {
+      return `****-****-****-${cc.slice(-4)}`;
+    }
+```
+## Security Architecture Decision Template
+When designing security for a feature, use this template:
+```yaml
+security_design:
+  feature: "${feature_name}"
+  threat_model:
+    assets:
+      - description: "What sensitive data is involved?"
+        data_types: []
+        sensitivity: "low|medium|high|critical"
+    threats:
+      - threat: "What could an attacker try?"
+        likelihood: "low|medium|high"
+        impact: "low|medium|high|critical"
+        mitigations: []
+  authentication:
+    method: "oauth|jwt|session|api_key"
+    mfa_required: true|false
+    session_duration: ""
+  authorization:
+    model: "rbac|abac|acl"
+    permissions: []
+    ownership_checks: []
+  data_protection:
+    encryption_at_rest: true|false
+    encryption_in_transit: true|false
+    pii_fields: []
+    masking_required: []
+  input_validation:
+    schemas: []
+    sanitization: []
+  logging:
+    security_events: []
+    pii_redaction: []
+  compliance:
+    requirements: []  # GDPR, HIPAA, PCI-DSS, etc.
+```
+## Integration with Architecture Concept
+When the architecture concept designs a feature with security implications:
+1. **Identify Security Requirements**
+   - What data is sensitive?
+   - Who needs access?
+   - What regulations apply?
+2. **Apply OWASP Checklist**
+   - Review each of the Top 10
+   - Document mitigations
+3. **Select Patterns**
+   - Choose authentication method
+   - Choose authorization model
+   - Design data protection
+4. **Document in Architecture Output**
+   ```yaml
+   architecture:
+     # ... other sections ...
+     security_considerations:
+       authentication: "OAuth 2.0 with Google provider"
+       authorization: "RBAC with viewer/editor/admin roles"
+       data_protection:
+         - "PII encrypted at rest with AES-256"
+         - "All traffic over TLS 1.3"
+       owasp_mitigations:
+         - "A01: Middleware-based authorization on all routes"
+         - "A03: Parameterized queries, Joi validation"
+         - "A07: Rate limiting on auth endpoints"
+   ```
+## Best Practices Summary
+1. ✅ **Design security in, don't bolt it on**
+2. ✅ **Apply principle of least privilege**
+3. ✅ **Validate all input, encode all output**
+4. ✅ **Use parameterized queries exclusively**
+5. ✅ **Encrypt sensitive data at rest and in transit**
+6. ✅ **Implement proper authentication and session management**
+7. ✅ **Log security events, but never log sensitive data**
+8. ✅ **Keep dependencies updated and audited**
+9. ✅ **Fail securely - don't leak information in errors**
+10. ✅ **Defense in depth - multiple layers of protection**
+---
+**Use this skill when**: Designing any feature that handles user data, authentication, authorization, or external input. Security should be considered at architecture time, not as an afterthought.