npm - @dragonflymcp/plugin - Versions diffs - 1.0.0 - Mend

@dragonflymcp/plugin 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (666) hide show

package/.claude-plugin/plugin.json +26 -0
package/LICENSE +21 -0
package/README.md +126 -0
package/dist/core/annotations.d.ts +71 -0
package/dist/core/annotations.d.ts.map +1 -0
package/dist/core/annotations.js +61 -0
package/dist/core/annotations.js.map +1 -0
package/dist/core/config.d.ts +66 -0
package/dist/core/config.d.ts.map +1 -0
package/dist/core/config.js +131 -0
package/dist/core/config.js.map +1 -0
package/dist/core/dispatcher.d.ts +77 -0
package/dist/core/dispatcher.d.ts.map +1 -0
package/dist/core/dispatcher.js +132 -0
package/dist/core/dispatcher.js.map +1 -0
package/dist/core/server.d.ts +24 -0
package/dist/core/server.d.ts.map +1 -0
package/dist/core/server.js +41 -0
package/dist/core/server.js.map +1 -0
package/dist/core/store.d.ts +91 -0
package/dist/core/store.d.ts.map +1 -0
package/dist/core/store.js +157 -0
package/dist/core/store.js.map +1 -0
package/dist/core/types.d.ts +128 -0
package/dist/core/types.d.ts.map +1 -0
package/dist/core/types.js +5 -0
package/dist/core/types.js.map +1 -0
package/dist/index.d.ts +22 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +81 -0
package/dist/index.js.map +1 -0
package/dist/test-utils/store-harness.d.ts +41 -0
package/dist/test-utils/store-harness.d.ts.map +1 -0
package/dist/test-utils/store-harness.js +61 -0
package/dist/test-utils/store-harness.js.map +1 -0
package/dist/tools/analytics/aggregators.d.ts +18 -0
package/dist/tools/analytics/aggregators.d.ts.map +1 -0
package/dist/tools/analytics/aggregators.js +260 -0
package/dist/tools/analytics/aggregators.js.map +1 -0
package/dist/tools/analytics/aggregators.test.d.ts +2 -0
package/dist/tools/analytics/aggregators.test.d.ts.map +1 -0
package/dist/tools/analytics/aggregators.test.js +177 -0
package/dist/tools/analytics/aggregators.test.js.map +1 -0
package/dist/tools/analytics/drift.d.ts +15 -0
package/dist/tools/analytics/drift.d.ts.map +1 -0
package/dist/tools/analytics/drift.js +135 -0
package/dist/tools/analytics/drift.js.map +1 -0
package/dist/tools/analytics/drift.test.d.ts +2 -0
package/dist/tools/analytics/drift.test.d.ts.map +1 -0
package/dist/tools/analytics/drift.test.js +99 -0
package/dist/tools/analytics/drift.test.js.map +1 -0
package/dist/tools/analytics/index.d.ts +10 -0
package/dist/tools/analytics/index.d.ts.map +1 -0
package/dist/tools/analytics/index.js +192 -0
package/dist/tools/analytics/index.js.map +1 -0
package/dist/tools/analytics/learner.d.ts +29 -0
package/dist/tools/analytics/learner.d.ts.map +1 -0
package/dist/tools/analytics/learner.js +135 -0
package/dist/tools/analytics/learner.js.map +1 -0
package/dist/tools/analytics/learner.test.d.ts +2 -0
package/dist/tools/analytics/learner.test.d.ts.map +1 -0
package/dist/tools/analytics/learner.test.js +118 -0
package/dist/tools/analytics/learner.test.js.map +1 -0
package/dist/tools/analytics/observe.d.ts +22 -0
package/dist/tools/analytics/observe.d.ts.map +1 -0
package/dist/tools/analytics/observe.js +143 -0
package/dist/tools/analytics/observe.js.map +1 -0
package/dist/tools/analytics/observe.test.d.ts +2 -0
package/dist/tools/analytics/observe.test.d.ts.map +1 -0
package/dist/tools/analytics/observe.test.js +95 -0
package/dist/tools/analytics/observe.test.js.map +1 -0
package/dist/tools/analytics/store.d.ts +29 -0
package/dist/tools/analytics/store.d.ts.map +1 -0
package/dist/tools/analytics/store.js +192 -0
package/dist/tools/analytics/store.js.map +1 -0
package/dist/tools/analytics/types.d.ts +290 -0
package/dist/tools/analytics/types.d.ts.map +1 -0
package/dist/tools/analytics/types.js +7 -0
package/dist/tools/analytics/types.js.map +1 -0
package/dist/tools/ast/index.d.ts +8 -0
package/dist/tools/ast/index.d.ts.map +1 -0
package/dist/tools/ast/index.js +242 -0
package/dist/tools/ast/index.js.map +1 -0
package/dist/tools/ast/indexer.d.ts +41 -0
package/dist/tools/ast/indexer.d.ts.map +1 -0
package/dist/tools/ast/indexer.js +617 -0
package/dist/tools/ast/indexer.js.map +1 -0
package/dist/tools/ast/store.d.ts +87 -0
package/dist/tools/ast/store.d.ts.map +1 -0
package/dist/tools/ast/store.js +280 -0
package/dist/tools/ast/store.js.map +1 -0
package/dist/tools/ast/store.test.d.ts +6 -0
package/dist/tools/ast/store.test.d.ts.map +1 -0
package/dist/tools/ast/store.test.js +257 -0
package/dist/tools/ast/store.test.js.map +1 -0
package/dist/tools/bridge/bridge.d.ts +37 -0
package/dist/tools/bridge/bridge.d.ts.map +1 -0
package/dist/tools/bridge/bridge.js +82 -0
package/dist/tools/bridge/bridge.js.map +1 -0
package/dist/tools/bridge/bridge.test.d.ts +2 -0
package/dist/tools/bridge/bridge.test.d.ts.map +1 -0
package/dist/tools/bridge/bridge.test.js +119 -0
package/dist/tools/bridge/bridge.test.js.map +1 -0
package/dist/tools/bridge/index.d.ts +8 -0
package/dist/tools/bridge/index.d.ts.map +1 -0
package/dist/tools/bridge/index.js +153 -0
package/dist/tools/bridge/index.js.map +1 -0
package/dist/tools/bridge/store.d.ts +45 -0
package/dist/tools/bridge/store.d.ts.map +1 -0
package/dist/tools/bridge/store.js +307 -0
package/dist/tools/bridge/store.js.map +1 -0
package/dist/tools/bridge/store.test.d.ts +2 -0
package/dist/tools/bridge/store.test.d.ts.map +1 -0
package/dist/tools/bridge/store.test.js +180 -0
package/dist/tools/bridge/store.test.js.map +1 -0
package/dist/tools/bridge/types.d.ts +44 -0
package/dist/tools/bridge/types.d.ts.map +1 -0
package/dist/tools/bridge/types.js +6 -0
package/dist/tools/bridge/types.js.map +1 -0
package/dist/tools/evolve/algorithm.d.ts +33 -0
package/dist/tools/evolve/algorithm.d.ts.map +1 -0
package/dist/tools/evolve/algorithm.js +64 -0
package/dist/tools/evolve/algorithm.js.map +1 -0
package/dist/tools/evolve/algorithm.test.d.ts +6 -0
package/dist/tools/evolve/algorithm.test.d.ts.map +1 -0
package/dist/tools/evolve/algorithm.test.js +138 -0
package/dist/tools/evolve/algorithm.test.js.map +1 -0
package/dist/tools/evolve/index.d.ts +11 -0
package/dist/tools/evolve/index.d.ts.map +1 -0
package/dist/tools/evolve/index.js +300 -0
package/dist/tools/evolve/index.js.map +1 -0
package/dist/tools/evolve/store.d.ts +27 -0
package/dist/tools/evolve/store.d.ts.map +1 -0
package/dist/tools/evolve/store.js +147 -0
package/dist/tools/evolve/store.js.map +1 -0
package/dist/tools/evolve/store.test.d.ts +6 -0
package/dist/tools/evolve/store.test.d.ts.map +1 -0
package/dist/tools/evolve/store.test.js +162 -0
package/dist/tools/evolve/store.test.js.map +1 -0
package/dist/tools/evolve/types.d.ts +38 -0
package/dist/tools/evolve/types.d.ts.map +1 -0
package/dist/tools/evolve/types.js +6 -0
package/dist/tools/evolve/types.js.map +1 -0
package/dist/tools/framework/content-loader.d.ts +45 -0
package/dist/tools/framework/content-loader.d.ts.map +1 -0
package/dist/tools/framework/content-loader.js +258 -0
package/dist/tools/framework/content-loader.js.map +1 -0
package/dist/tools/framework/content-loader.test.d.ts +5 -0
package/dist/tools/framework/content-loader.test.d.ts.map +1 -0
package/dist/tools/framework/content-loader.test.js +262 -0
package/dist/tools/framework/content-loader.test.js.map +1 -0
package/dist/tools/framework/index.d.ts +30 -0
package/dist/tools/framework/index.d.ts.map +1 -0
package/dist/tools/framework/index.js +517 -0
package/dist/tools/framework/index.js.map +1 -0
package/dist/tools/framework/session.d.ts +85 -0
package/dist/tools/framework/session.d.ts.map +1 -0
package/dist/tools/framework/session.js +311 -0
package/dist/tools/framework/session.js.map +1 -0
package/dist/tools/framework/session.test.d.ts +5 -0
package/dist/tools/framework/session.test.d.ts.map +1 -0
package/dist/tools/framework/session.test.js +291 -0
package/dist/tools/framework/session.test.js.map +1 -0
package/dist/tools/framework/sync-evaluator.d.ts +41 -0
package/dist/tools/framework/sync-evaluator.d.ts.map +1 -0
package/dist/tools/framework/sync-evaluator.js +298 -0
package/dist/tools/framework/sync-evaluator.js.map +1 -0
package/dist/tools/framework/sync-evaluator.test.d.ts +5 -0
package/dist/tools/framework/sync-evaluator.test.d.ts.map +1 -0
package/dist/tools/framework/sync-evaluator.test.js +288 -0
package/dist/tools/framework/sync-evaluator.test.js.map +1 -0
package/dist/tools/framework/types.d.ts +279 -0
package/dist/tools/framework/types.d.ts.map +1 -0
package/dist/tools/framework/types.js +6 -0
package/dist/tools/framework/types.js.map +1 -0
package/dist/tools/framework/workflow-intelligence.d.ts +55 -0
package/dist/tools/framework/workflow-intelligence.d.ts.map +1 -0
package/dist/tools/framework/workflow-intelligence.js +199 -0
package/dist/tools/framework/workflow-intelligence.js.map +1 -0
package/dist/tools/framework/workflow-intelligence.test.d.ts +6 -0
package/dist/tools/framework/workflow-intelligence.test.d.ts.map +1 -0
package/dist/tools/framework/workflow-intelligence.test.js +257 -0
package/dist/tools/framework/workflow-intelligence.test.js.map +1 -0
package/dist/tools/framework/workflow-planner.d.ts +10 -0
package/dist/tools/framework/workflow-planner.d.ts.map +1 -0
package/dist/tools/framework/workflow-planner.js +214 -0
package/dist/tools/framework/workflow-planner.js.map +1 -0
package/dist/tools/framework/workflow-planner.test.d.ts +5 -0
package/dist/tools/framework/workflow-planner.test.d.ts.map +1 -0
package/dist/tools/framework/workflow-planner.test.js +137 -0
package/dist/tools/framework/workflow-planner.test.js.map +1 -0
package/dist/tools/knowledge/bridge.d.ts +34 -0
package/dist/tools/knowledge/bridge.d.ts.map +1 -0
package/dist/tools/knowledge/bridge.js +249 -0
package/dist/tools/knowledge/bridge.js.map +1 -0
package/dist/tools/knowledge/bridge.test.d.ts +5 -0
package/dist/tools/knowledge/bridge.test.d.ts.map +1 -0
package/dist/tools/knowledge/bridge.test.js +221 -0
package/dist/tools/knowledge/bridge.test.js.map +1 -0
package/dist/tools/knowledge/extractor.d.ts +22 -0
package/dist/tools/knowledge/extractor.d.ts.map +1 -0
package/dist/tools/knowledge/extractor.js +154 -0
package/dist/tools/knowledge/extractor.js.map +1 -0
package/dist/tools/knowledge/index.d.ts +12 -0
package/dist/tools/knowledge/index.d.ts.map +1 -0
package/dist/tools/knowledge/index.js +505 -0
package/dist/tools/knowledge/index.js.map +1 -0
package/dist/tools/knowledge/retrieval.d.ts +28 -0
package/dist/tools/knowledge/retrieval.d.ts.map +1 -0
package/dist/tools/knowledge/retrieval.js +164 -0
package/dist/tools/knowledge/retrieval.js.map +1 -0
package/dist/tools/knowledge/store.d.ts +96 -0
package/dist/tools/knowledge/store.d.ts.map +1 -0
package/dist/tools/knowledge/store.js +562 -0
package/dist/tools/knowledge/store.js.map +1 -0
package/dist/tools/knowledge/store.test.d.ts +6 -0
package/dist/tools/knowledge/store.test.d.ts.map +1 -0
package/dist/tools/knowledge/store.test.js +385 -0
package/dist/tools/knowledge/store.test.js.map +1 -0
package/dist/tools/knowledge/types.d.ts +168 -0
package/dist/tools/knowledge/types.d.ts.map +1 -0
package/dist/tools/knowledge/types.js +6 -0
package/dist/tools/knowledge/types.js.map +1 -0
package/dist/tools/memory/evolution.d.ts +31 -0
package/dist/tools/memory/evolution.d.ts.map +1 -0
package/dist/tools/memory/evolution.js +130 -0
package/dist/tools/memory/evolution.js.map +1 -0
package/dist/tools/memory/index.d.ts +11 -0
package/dist/tools/memory/index.d.ts.map +1 -0
package/dist/tools/memory/index.js +239 -0
package/dist/tools/memory/index.js.map +1 -0
package/dist/tools/memory/store.d.ts +75 -0
package/dist/tools/memory/store.d.ts.map +1 -0
package/dist/tools/memory/store.js +398 -0
package/dist/tools/memory/store.js.map +1 -0
package/dist/tools/memory/store.test.d.ts +6 -0
package/dist/tools/memory/store.test.d.ts.map +1 -0
package/dist/tools/memory/store.test.js +429 -0
package/dist/tools/memory/store.test.js.map +1 -0
package/dist/tools/memory/types.d.ts +171 -0
package/dist/tools/memory/types.d.ts.map +1 -0
package/dist/tools/memory/types.js +6 -0
package/dist/tools/memory/types.js.map +1 -0
package/dist/tools/pipeline/composer.d.ts +29 -0
package/dist/tools/pipeline/composer.d.ts.map +1 -0
package/dist/tools/pipeline/composer.js +225 -0
package/dist/tools/pipeline/composer.js.map +1 -0
package/dist/tools/pipeline/composer.test.d.ts +2 -0
package/dist/tools/pipeline/composer.test.d.ts.map +1 -0
package/dist/tools/pipeline/composer.test.js +162 -0
package/dist/tools/pipeline/composer.test.js.map +1 -0
package/dist/tools/pipeline/index.d.ts +8 -0
package/dist/tools/pipeline/index.d.ts.map +1 -0
package/dist/tools/pipeline/index.js +102 -0
package/dist/tools/pipeline/index.js.map +1 -0
package/dist/tools/pipeline/planner.d.ts +10 -0
package/dist/tools/pipeline/planner.d.ts.map +1 -0
package/dist/tools/pipeline/planner.js +147 -0
package/dist/tools/pipeline/planner.js.map +1 -0
package/dist/tools/pipeline/planner.test.d.ts +2 -0
package/dist/tools/pipeline/planner.test.d.ts.map +1 -0
package/dist/tools/pipeline/planner.test.js +96 -0
package/dist/tools/pipeline/planner.test.js.map +1 -0
package/dist/tools/pipeline/preconditions.d.ts +14 -0
package/dist/tools/pipeline/preconditions.d.ts.map +1 -0
package/dist/tools/pipeline/preconditions.js +65 -0
package/dist/tools/pipeline/preconditions.js.map +1 -0
package/dist/tools/pipeline/preconditions.test.d.ts +2 -0
package/dist/tools/pipeline/preconditions.test.d.ts.map +1 -0
package/dist/tools/pipeline/preconditions.test.js +74 -0
package/dist/tools/pipeline/preconditions.test.js.map +1 -0
package/dist/tools/pipeline/types.d.ts +105 -0
package/dist/tools/pipeline/types.d.ts.map +1 -0
package/dist/tools/pipeline/types.js +6 -0
package/dist/tools/pipeline/types.js.map +1 -0
package/dist/tools/repair/index.d.ts +8 -0
package/dist/tools/repair/index.d.ts.map +1 -0
package/dist/tools/repair/index.js +384 -0
package/dist/tools/repair/index.js.map +1 -0
package/dist/tools/repair/repairer.d.ts +67 -0
package/dist/tools/repair/repairer.d.ts.map +1 -0
package/dist/tools/repair/repairer.js +257 -0
package/dist/tools/repair/repairer.js.map +1 -0
package/dist/tools/repair/repairer.test.d.ts +6 -0
package/dist/tools/repair/repairer.test.d.ts.map +1 -0
package/dist/tools/repair/repairer.test.js +159 -0
package/dist/tools/repair/repairer.test.js.map +1 -0
package/dist/tools/semantic/chunker.d.ts +23 -0
package/dist/tools/semantic/chunker.d.ts.map +1 -0
package/dist/tools/semantic/chunker.js +244 -0
package/dist/tools/semantic/chunker.js.map +1 -0
package/dist/tools/semantic/embedder.d.ts +16 -0
package/dist/tools/semantic/embedder.d.ts.map +1 -0
package/dist/tools/semantic/embedder.js +88 -0
package/dist/tools/semantic/embedder.js.map +1 -0
package/dist/tools/semantic/index.d.ts +8 -0
package/dist/tools/semantic/index.d.ts.map +1 -0
package/dist/tools/semantic/index.js +144 -0
package/dist/tools/semantic/index.js.map +1 -0
package/dist/tools/semantic/store.d.ts +31 -0
package/dist/tools/semantic/store.d.ts.map +1 -0
package/dist/tools/semantic/store.js +168 -0
package/dist/tools/semantic/store.js.map +1 -0
package/dist/tools/semantic/store.test.d.ts +6 -0
package/dist/tools/semantic/store.test.d.ts.map +1 -0
package/dist/tools/semantic/store.test.js +240 -0
package/dist/tools/semantic/store.test.js.map +1 -0
package/dist/tools/spec/generator.d.ts +32 -0
package/dist/tools/spec/generator.d.ts.map +1 -0
package/dist/tools/spec/generator.js +278 -0
package/dist/tools/spec/generator.js.map +1 -0
package/dist/tools/spec/generator.test.d.ts +6 -0
package/dist/tools/spec/generator.test.d.ts.map +1 -0
package/dist/tools/spec/generator.test.js +208 -0
package/dist/tools/spec/generator.test.js.map +1 -0
package/dist/tools/spec/index.d.ts +11 -0
package/dist/tools/spec/index.d.ts.map +1 -0
package/dist/tools/spec/index.js +426 -0
package/dist/tools/spec/index.js.map +1 -0
package/dist/tools/spec/store.d.ts +24 -0
package/dist/tools/spec/store.d.ts.map +1 -0
package/dist/tools/spec/store.js +104 -0
package/dist/tools/spec/store.js.map +1 -0
package/dist/tools/spec/store.test.d.ts +6 -0
package/dist/tools/spec/store.test.d.ts.map +1 -0
package/dist/tools/spec/store.test.js +173 -0
package/dist/tools/spec/store.test.js.map +1 -0
package/dist/tools/spec/types.d.ts +61 -0
package/dist/tools/spec/types.d.ts.map +1 -0
package/dist/tools/spec/types.js +6 -0
package/dist/tools/spec/types.js.map +1 -0
package/dist/tools/state/index.d.ts +11 -0
package/dist/tools/state/index.d.ts.map +1 -0
package/dist/tools/state/index.js +386 -0
package/dist/tools/state/index.js.map +1 -0
package/dist/tools/state/migrate.d.ts +39 -0
package/dist/tools/state/migrate.d.ts.map +1 -0
package/dist/tools/state/migrate.js +242 -0
package/dist/tools/state/migrate.js.map +1 -0
package/dist/tools/state/migrate.test.d.ts +2 -0
package/dist/tools/state/migrate.test.d.ts.map +1 -0
package/dist/tools/state/migrate.test.js +265 -0
package/dist/tools/state/migrate.test.js.map +1 -0
package/dist/tools/state/store.d.ts +107 -0
package/dist/tools/state/store.d.ts.map +1 -0
package/dist/tools/state/store.js +365 -0
package/dist/tools/state/store.js.map +1 -0
package/dist/tools/state/store.test.d.ts +5 -0
package/dist/tools/state/store.test.d.ts.map +1 -0
package/dist/tools/state/store.test.js +293 -0
package/dist/tools/state/store.test.js.map +1 -0
package/dist/tools/state/types.d.ts +90 -0
package/dist/tools/state/types.d.ts.map +1 -0
package/dist/tools/state/types.js +6 -0
package/dist/tools/state/types.js.map +1 -0
package/dist/tools/testing/analyzer.d.ts +44 -0
package/dist/tools/testing/analyzer.d.ts.map +1 -0
package/dist/tools/testing/analyzer.js +280 -0
package/dist/tools/testing/analyzer.js.map +1 -0
package/dist/tools/testing/generator.d.ts +57 -0
package/dist/tools/testing/generator.d.ts.map +1 -0
package/dist/tools/testing/generator.js +478 -0
package/dist/tools/testing/generator.js.map +1 -0
package/dist/tools/testing/generator.test.d.ts +6 -0
package/dist/tools/testing/generator.test.d.ts.map +1 -0
package/dist/tools/testing/generator.test.js +285 -0
package/dist/tools/testing/generator.test.js.map +1 -0
package/dist/tools/testing/index.d.ts +8 -0
package/dist/tools/testing/index.d.ts.map +1 -0
package/dist/tools/testing/index.js +373 -0
package/dist/tools/testing/index.js.map +1 -0
package/dist/utils/embedder.d.ts +7 -0
package/dist/utils/embedder.d.ts.map +1 -0
package/dist/utils/embedder.js +13 -0
package/dist/utils/embedder.js.map +1 -0
package/dist/utils/execution.d.ts +68 -0
package/dist/utils/execution.d.ts.map +1 -0
package/dist/utils/execution.js +467 -0
package/dist/utils/execution.js.map +1 -0
package/dist/utils/graph.d.ts +26 -0
package/dist/utils/graph.d.ts.map +1 -0
package/dist/utils/graph.js +32 -0
package/dist/utils/graph.js.map +1 -0
package/dist/utils/guards.d.ts +32 -0
package/dist/utils/guards.d.ts.map +1 -0
package/dist/utils/guards.js +40 -0
package/dist/utils/guards.js.map +1 -0
package/dist/utils/ids.d.ts +5 -0
package/dist/utils/ids.d.ts.map +1 -0
package/dist/utils/ids.js +7 -0
package/dist/utils/ids.js.map +1 -0
package/dist/utils/languages.d.ts +34 -0
package/dist/utils/languages.d.ts.map +1 -0
package/dist/utils/languages.js +153 -0
package/dist/utils/languages.js.map +1 -0
package/dist/utils/lazy.d.ts +17 -0
package/dist/utils/lazy.d.ts.map +1 -0
package/dist/utils/lazy.js +35 -0
package/dist/utils/lazy.js.map +1 -0
package/dist/utils/project.d.ts +41 -0
package/dist/utils/project.d.ts.map +1 -0
package/dist/utils/project.js +82 -0
package/dist/utils/project.js.map +1 -0
package/dist/utils/responses.d.ts +27 -0
package/dist/utils/responses.d.ts.map +1 -0
package/dist/utils/responses.js +72 -0
package/dist/utils/responses.js.map +1 -0
package/dist/utils/vectors.d.ts +33 -0
package/dist/utils/vectors.d.ts.map +1 -0
package/dist/utils/vectors.js +80 -0
package/dist/utils/vectors.js.map +1 -0
package/dist/utils/vectors.test.d.ts +6 -0
package/dist/utils/vectors.test.d.ts.map +1 -0
package/dist/utils/vectors.test.js +96 -0
package/dist/utils/vectors.test.js.map +1 -0
package/package.json +69 -0
package/scripts/init.js +142 -0
package/templates/CLAUDE.md.template +96 -0
package/templates/agents/architecture-concept.md +237 -0
package/templates/agents/checkpoint-concept.md +218 -0
package/templates/agents/code-analysis-concept.md +171 -0
package/templates/agents/compete-control.md +44 -0
package/templates/agents/compete-evaluator.md +87 -0
package/templates/agents/compete-treatment.md +55 -0
package/templates/agents/context-concept.md +254 -0
package/templates/agents/debate-advocate.md +127 -0
package/templates/agents/debate-critic.md +119 -0
package/templates/agents/debate-synthesis.md +160 -0
package/templates/agents/documentation-concept.md +294 -0
package/templates/agents/implementation-concept.md +165 -0
package/templates/agents/quality-concept.md +299 -0
package/templates/agents/research-concept.md +169 -0
package/templates/agents/security-concept.md +255 -0
package/templates/agents/story-concept.md +207 -0
package/templates/agents/verification-concept.md +456 -0
package/templates/agents/version-concept.md +163 -0
package/templates/anchors/directory.anchor.yaml.template +53 -0
package/templates/anchors/rules.anchor.yaml.template +70 -0
package/templates/anchors/safety.anchor.yaml.template +96 -0
package/templates/claude-md-managed.template +105 -0
package/templates/commands/cache.md.template +439 -0
package/templates/commands/checkpoint.md.template +121 -0
package/templates/commands/classify.md.template +138 -0
package/templates/commands/compete.md.template +90 -0
package/templates/commands/costs.md.template +111 -0
package/templates/commands/estimate.md.template +196 -0
package/templates/commands/explore.md.template +186 -0
package/templates/commands/feature.md.template +216 -0
package/templates/commands/forget.md.template +104 -0
package/templates/commands/global-recall.md.template +250 -0
package/templates/commands/global-remember.md.template +187 -0
package/templates/commands/health.md.template +107 -0
package/templates/commands/help.md.template +253 -0
package/templates/commands/observe.md.template +211 -0
package/templates/commands/pr-review.md.template +164 -0
package/templates/commands/predict-cost.md.template +251 -0
package/templates/commands/profile.md.template +142 -0
package/templates/commands/reasoning.md.template +228 -0
package/templates/commands/recall.md.template +197 -0
package/templates/commands/remember.md.template +148 -0
package/templates/commands/replay.md.template +449 -0
package/templates/commands/restore.md.template +87 -0
package/templates/commands/retrospective.md.template +47 -0
package/templates/commands/slo.md.template +286 -0
package/templates/commands/spec.md.template +164 -0
package/templates/commands/status.md.template +53 -0
package/templates/commands/sync.md.template +321 -0
package/templates/commands/task.md.template +86 -0
package/templates/commands/trace.md.template +86 -0
package/templates/commands/visualize.md.template +216 -0
package/templates/commands/workflow.md.template +375 -0
package/templates/concepts/README.md +329 -0
package/templates/concepts/architecture.md.template +74 -0
package/templates/concepts/code-analysis.md.template +186 -0
package/templates/concepts/context-compactor.md.template +393 -0
package/templates/concepts/context.md.template +62 -0
package/templates/concepts/documentation.md.template +452 -0
package/templates/concepts/estimator.md.template +214 -0
package/templates/concepts/exploration.md.template +257 -0
package/templates/concepts/global-memory.md.template +222 -0
package/templates/concepts/implementation.md.template +62 -0
package/templates/concepts/pr-review.md.template +277 -0
package/templates/concepts/project-profile.md.template +358 -0
package/templates/concepts/quality.md.template +63 -0
package/templates/concepts/react-fallback.md.template +286 -0
package/templates/concepts/research.md.template +221 -0
package/templates/concepts/retrospective.md.template +93 -0
package/templates/concepts/security.md.template +442 -0
package/templates/concepts/slo.md.template +274 -0
package/templates/concepts/spec.md.template +71 -0
package/templates/concepts/story.md.template +50 -0
package/templates/concepts/tool-router.md.template +289 -0
package/templates/concepts/verification-synthesizer.md.template +279 -0
package/templates/concepts/version.md.template +61 -0
package/templates/config.yaml.template +347 -0
package/templates/examples/README.md +77 -0
package/templates/examples/architecture/api-design.yaml.template +286 -0
package/templates/examples/architecture/oauth-authentication.yaml.template +305 -0
package/templates/health/status.yaml.template +120 -0
package/templates/hooks/concept-complete.sh.template +45 -0
package/templates/hooks/lib/common.sh.template +160 -0
package/templates/hooks/post-commit.sh.template +37 -0
package/templates/hooks/post-concept-action.template +39 -0
package/templates/hooks/post-tool-structure-check.sh.template +138 -0
package/templates/hooks/post-tool-use.sh.template +51 -0
package/templates/hooks/pre-compact.sh.template +48 -0
package/templates/hooks/pre-tool-grounding.template +148 -0
package/templates/hooks/session-exit-checkpoint.sh.template +35 -0
package/templates/hooks/session-start.sh.template +67 -0
package/templates/hooks/statusline.sh.template +148 -0
package/templates/hooks/stop.sh.template +45 -0
package/templates/hooks/subagent-stop.sh.template +40 -0
package/templates/hooks/sync-blocked.sh.template +45 -0
package/templates/hooks/timeout.sh.template +48 -0
package/templates/hooks/user-prompt-submit.sh.template +68 -0
package/templates/koan/README.md +58 -0
package/templates/memory/index.yaml.template +48 -0
package/templates/memory/procedural/debugging.yaml.template +24 -0
package/templates/memory/procedural/workflows.yaml.template +22 -0
package/templates/memory/semantic/architecture.yaml.template +21 -0
package/templates/memory/semantic/conventions.yaml.template +18 -0
package/templates/memory/semantic/patterns.yaml.template +21 -0
package/templates/memory/semantic/preferences.yaml.template +18 -0
package/templates/prompts/architecture.yaml.template +349 -0
package/templates/prompts/context.yaml.template +384 -0
package/templates/prompts/implementation.yaml.template +365 -0
package/templates/prompts/planning.yaml.template +303 -0
package/templates/prompts/quality.yaml.template +345 -0
package/templates/prompts/retrospective.yaml.template +231 -0
package/templates/prompts/slo.yaml.template +360 -0
package/templates/prompts/story.yaml.template +236 -0
package/templates/prompts/tree-of-thoughts.yaml.template +299 -0
package/templates/prompts/verification.yaml.template +286 -0
package/templates/prompts/version.yaml.template +279 -0
package/templates/schemas/agent-schema.json +98 -0
package/templates/schemas/architecture.schema.json +69 -0
package/templates/schemas/config-schema.json +165 -0
package/templates/schemas/implementation.schema.json +75 -0
package/templates/schemas/planning.schema.json +243 -0
package/templates/schemas/provenance.schema.json +111 -0
package/templates/schemas/retrospective.schema.json +174 -0
package/templates/schemas/review.schema.json +284 -0
package/templates/schemas/slo.schema.json +443 -0
package/templates/schemas/story.schema.json +68 -0
package/templates/schemas/sync-schema.json +196 -0
package/templates/schemas/task.schema.json +127 -0
package/templates/schemas/tree-of-thoughts.schema.json +175 -0
package/templates/schemas/verification.schema.json +106 -0
package/templates/settings.full.json.template +135 -0
package/templates/settings.minimal.json.template +68 -0
package/templates/settings.standard.json.template +135 -0
package/templates/skills/acceptance-criteria-generation.md.template +330 -0
package/templates/skills/accessibility-checking.md.template +341 -0
package/templates/skills/api-design-patterns.md.template +395 -0
package/templates/skills/batch-processing.md.template +605 -0
package/templates/skills/branch-strategy.md.template +362 -0
package/templates/skills/changelog-generation.md.template +403 -0
package/templates/skills/code-coverage-analysis.md.template +362 -0
package/templates/skills/code-style-enforcement.md.template +294 -0
package/templates/skills/code-template-patterns.md.template +419 -0
package/templates/skills/concept-development.md.template +159 -0
package/templates/skills/context-prioritization.md.template +306 -0
package/templates/skills/cost-optimization.md.template +482 -0
package/templates/skills/cross-project-knowledge.md.template +316 -0
package/templates/skills/dependency-impact-analysis.md.template +263 -0
package/templates/skills/documentation-generation.md.template +409 -0
package/templates/skills/effort-estimation.md.template +350 -0
package/templates/skills/error-classification.md.template +709 -0
package/templates/skills/error-messages.md.template +339 -0
package/templates/skills/ide-diagnostics.md.template +480 -0
package/templates/skills/incremental-loading.md.template +574 -0
package/templates/skills/output-caching.md.template +524 -0
package/templates/skills/performance-estimation.md.template +325 -0
package/templates/skills/performance-testing-patterns.md.template +341 -0
package/templates/skills/phase2-optimizations-summary.md.template +458 -0
package/templates/skills/progressive-disclosure-pattern.md.template +190 -0
package/templates/skills/project-structure.md.template +372 -0
package/templates/skills/provenance-analysis.md.template +609 -0
package/templates/skills/react-executor.md.template +366 -0
package/templates/skills/refactoring-patterns.md.template +422 -0
package/templates/skills/release-management.md.template +373 -0
package/templates/skills/requirement-prioritization.md.template +357 -0
package/templates/skills/schema-validation.md.template +321 -0
package/templates/skills/security-design-patterns.md.template +692 -0
package/templates/skills/security-vulnerability-scanning.md.template +663 -0
package/templates/skills/semantic-memory.md.template +266 -0
package/templates/skills/semantic-versioning.md.template +371 -0
package/templates/skills/smart-retry.md.template +676 -0
package/templates/skills/smart-summarization.md.template +358 -0
package/templates/skills/story-decomposition.md.template +278 -0
package/templates/skills/synchronization-patterns.md.template +303 -0
package/templates/skills/test-generation-strategy.md.template +247 -0
package/templates/skills/workflow-replay.md.template +478 -0
package/templates/skills/wysiwid-principles.md.template +364 -0
package/templates/skills-manifest.yaml.template +526 -0
package/templates/stubs/agents/architecture-concept.md +20 -0
package/templates/stubs/agents/checkpoint-concept.md +19 -0
package/templates/stubs/agents/code-analysis-concept.md +36 -0
package/templates/stubs/agents/context-concept.md +37 -0
package/templates/stubs/agents/debate-advocate.md +12 -0
package/templates/stubs/agents/debate-critic.md +12 -0
package/templates/stubs/agents/debate-synthesis.md +12 -0
package/templates/stubs/agents/documentation-concept.md +39 -0
package/templates/stubs/agents/implementation-concept.md +41 -0
package/templates/stubs/agents/quality-concept.md +41 -0
package/templates/stubs/agents/research-concept.md +35 -0
package/templates/stubs/agents/security-concept.md +40 -0
package/templates/stubs/agents/spec-concept.md +35 -0
package/templates/stubs/agents/story-concept.md +36 -0
package/templates/stubs/agents/verification-concept.md +39 -0
package/templates/stubs/agents/version-concept.md +37 -0
package/templates/stubs/commands/cache.md.template +2 -0
package/templates/stubs/commands/checkpoint.md.template +2 -0
package/templates/stubs/commands/classify.md.template +2 -0
package/templates/stubs/commands/compete.md.template +2 -0
package/templates/stubs/commands/costs.md.template +2 -0
package/templates/stubs/commands/estimate.md.template +2 -0
package/templates/stubs/commands/explore.md.template +2 -0
package/templates/stubs/commands/feature.md.template +2 -0
package/templates/stubs/commands/forget.md.template +2 -0
package/templates/stubs/commands/global-recall.md.template +2 -0
package/templates/stubs/commands/global-remember.md.template +2 -0
package/templates/stubs/commands/health.md.template +2 -0
package/templates/stubs/commands/help.md.template +2 -0
package/templates/stubs/commands/observe.md.template +2 -0
package/templates/stubs/commands/pr-review.md.template +2 -0
package/templates/stubs/commands/predict-cost.md.template +2 -0
package/templates/stubs/commands/profile.md.template +2 -0
package/templates/stubs/commands/reasoning.md.template +2 -0
package/templates/stubs/commands/recall.md.template +2 -0
package/templates/stubs/commands/remember.md.template +2 -0
package/templates/stubs/commands/replay.md.template +2 -0
package/templates/stubs/commands/restore.md.template +2 -0
package/templates/stubs/commands/retrospective.md.template +2 -0
package/templates/stubs/commands/slo.md.template +2 -0
package/templates/stubs/commands/spec.md.template +2 -0
package/templates/stubs/commands/sync.md.template +2 -0
package/templates/stubs/commands/task.md.template +2 -0
package/templates/stubs/commands/trace.md.template +2 -0
package/templates/stubs/commands/visualize.md.template +2 -0
package/templates/stubs/commands/workflow.md.template +2 -0
package/templates/synchronizations/archive/adaptive-learning.yaml.template +595 -0
package/templates/synchronizations/archive/code-understanding-flow.yaml.template +533 -0
package/templates/synchronizations/archive/collaboration-flow.yaml.template +521 -0
package/templates/synchronizations/archive/context-folding.yaml.template +353 -0
package/templates/synchronizations/archive/dead-letter-queue.yaml.template +530 -0
package/templates/synchronizations/archive/documentation-flow.yaml.template +560 -0
package/templates/synchronizations/archive/error-recovery-flow.yaml.template +1031 -0
package/templates/synchronizations/archive/execution-loop.yaml.template +336 -0
package/templates/synchronizations/archive/exploration-flow.yaml.template +369 -0
package/templates/synchronizations/archive/feature-development.yaml.template +2145 -0
package/templates/synchronizations/archive/learning-loop.yaml.template +657 -0
package/templates/synchronizations/archive/multi-verify.yaml.template +346 -0
package/templates/synchronizations/archive/planning-flow.yaml.template +312 -0
package/templates/synchronizations/archive/retrospective-flow.yaml.template +277 -0
package/templates/synchronizations/archive/security-flow.yaml.template +477 -0
package/templates/synchronizations/archive/slo-monitoring.yaml.template +209 -0
package/templates/synchronizations/archive/task-routing.yaml.template +489 -0
package/templates/synchronizations/archive/test-driven.yaml.template +291 -0
package/templates/synchronizations/archive/tool-routing.yaml.template +326 -0
package/templates/synchronizations/archive/verification-flow.yaml.template +407 -0
package/templates/synchronizations/error-policy.yaml.template +188 -0
package/templates/synchronizations/main.sync.template +319 -0
package/templates/synchronizations/slo-registry.yaml.template +229 -0
package/templates/tasks/task.yaml.template +67 -0
package/templates/zen-profile.yaml.template +14 -0

package/templates/skills/security-vulnerability-scanning.md.template ADDED Viewed

@@ -0,0 +1,663 @@
+---
+name: Security Vulnerability Scanning
+description: Detect common security vulnerabilities in generated code during quality review
+version: 1.0.0
+trigger_keywords: [security, vulnerability, CVE, injection, XSS, CSRF, scan, audit]
+author: Zen Architecture
+applies_to: [quality-concept]
+priority: P0
+impact: critical
+---
+# Security Vulnerability Scanning - Expert Skill
+Detect common security vulnerabilities in generated code before they reach production.
+## Purpose
+Security vulnerability scanning provides:
+- **Early detection**: Catch vulnerabilities at review time, not in production
+- **Automated checks**: Consistent security review across all code
+- **OWASP coverage**: Check for industry-standard vulnerability patterns
+- **Actionable feedback**: Specific remediation guidance for each issue
+## When to Use
+Use security scanning during quality review when code involves:
+- ✅ User input handling
+- ✅ Database queries
+- ✅ Authentication/authorization
+- ✅ File operations
+- ✅ External API calls
+- ✅ HTML/template rendering
+- ✅ Cryptographic operations
+- ✅ Session management
+## Vulnerability Detection Patterns
+### 1. SQL Injection (CWE-89)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: String concatenation in query
+const query = `SELECT * FROM users WHERE id = ${userId}`;
+const query = "SELECT * FROM users WHERE id = " + userId;
+const query = `SELECT * FROM users WHERE name = '${name}'`;
+// SAFE: Parameterized queries
+const query = 'SELECT * FROM users WHERE id = $1';
+await db.query(query, [userId]);
+```
+**Scan Rules**:
+```yaml
+sql_injection:
+  patterns:
+    - regex: 'SELECT.*FROM.*WHERE.*\$\{.*\}'
+      severity: critical
+      message: "Potential SQL injection: String interpolation in query"
+    - regex: '"SELECT.*".*\+.*[a-zA-Z]+'
+      severity: critical
+      message: "Potential SQL injection: String concatenation in query"
+    - regex: "query\\(['\"].*\\$\\{"
+      severity: critical
+      message: "Potential SQL injection: Template literal in query"
+  safe_patterns:
+    - 'query($1, $2)'
+    - 'query(?, ?)'
+    - 'where({ id: })'
+    - 'findById('
+```
+### 2. Cross-Site Scripting (XSS) (CWE-79)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Unescaped user input in HTML
+element.innerHTML = userInput;
+document.write(userInput);
+`<div>${userInput}</div>`;
+// SAFE: Escaped output
+element.textContent = userInput;
+escapeHtml(userInput);
+DOMPurify.sanitize(userInput);
+```
+**Scan Rules**:
+```yaml
+xss:
+  patterns:
+    - regex: 'innerHTML\s*=\s*[a-zA-Z]+'
+      severity: high
+      message: "Potential XSS: Unescaped assignment to innerHTML"
+    - regex: 'document\.write\('
+      severity: high
+      message: "Potential XSS: document.write with user input"
+    - regex: 'dangerouslySetInnerHTML'
+      severity: medium
+      message: "React dangerouslySetInnerHTML - ensure input is sanitized"
+    - regex: '\{\{\{.*\}\}\}'
+      severity: medium
+      message: "Handlebars unescaped output - ensure input is sanitized"
+  safe_patterns:
+    - 'textContent'
+    - 'escapeHtml('
+    - 'DOMPurify.sanitize('
+    - 'sanitizeHtml('
+```
+### 3. Command Injection (CWE-78)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: User input in shell commands
+exec(`ls ${userInput}`);
+spawn('bash', ['-c', userInput]);
+system(userInput);
+// SAFE: Validated input, no shell
+execFile('ls', [validatedPath]);
+spawn('ls', ['-la', validatedPath], { shell: false });
+```
+**Scan Rules**:
+```yaml
+command_injection:
+  patterns:
+    - regex: 'exec\([`"\'].*\$\{'
+      severity: critical
+      message: "Potential command injection: User input in exec()"
+    - regex: 'spawn\([^,]+,.*shell:\s*true'
+      severity: high
+      message: "Potential command injection: spawn with shell: true"
+    - regex: 'child_process.*\+.*[a-zA-Z]+'
+      severity: critical
+      message: "Potential command injection: String concatenation in command"
+  safe_patterns:
+    - 'execFile('
+    - 'shell: false'
+    - 'spawnSync(cmd, args)'
+```
+### 4. Path Traversal (CWE-22)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: User input in file paths
+fs.readFile(userInput);
+path.join(baseDir, userInput);  // if userInput contains ../
+// SAFE: Validated and normalized paths
+const safePath = path.resolve(baseDir, userInput);
+if (!safePath.startsWith(baseDir)) throw new Error('Invalid path');
+```
+**Scan Rules**:
+```yaml
+path_traversal:
+  patterns:
+    - regex: 'readFile\([a-zA-Z]+\)'
+      severity: high
+      message: "Potential path traversal: Unvalidated path in readFile"
+    - regex: 'path\.join\(.*,\s*req\.'
+      severity: high
+      message: "Potential path traversal: Request input in path.join"
+    - regex: '__dirname.*\+.*req\.'
+      severity: high
+      message: "Potential path traversal: Request input concatenated to path"
+  safe_patterns:
+    - 'path.resolve('
+    - 'startsWith(baseDir)'
+    - 'path.normalize('
+```
+### 5. Insecure Deserialization (CWE-502)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Deserializing untrusted data
+eval(userInput);
+new Function(userInput);
+JSON.parse(userInput);  // Only dangerous if result is used unsafely
+// SAFE: Validated deserialization
+const data = JSON.parse(userInput);
+const validated = schema.validate(data);
+```
+**Scan Rules**:
+```yaml
+insecure_deserialization:
+  patterns:
+    - regex: 'eval\('
+      severity: critical
+      message: "Critical: eval() with potential user input"
+    - regex: 'new Function\('
+      severity: critical
+      message: "Critical: new Function() with potential user input"
+    - regex: 'serialize-javascript.*uneval'
+      severity: high
+      message: "Potential insecure deserialization"
+  safe_patterns:
+    - 'JSON.parse'  # With validation
+    - 'schema.validate'
+```
+### 6. Hardcoded Secrets (CWE-798)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Hardcoded credentials
+const password = "secretpassword123";
+const apiKey = "sk-1234567890abcdef";
+const token = "eyJhbGciOiJIUzI1NiIs...";
+// SAFE: Environment variables
+const password = process.env.DB_PASSWORD;
+const apiKey = process.env.API_KEY;
+```
+**Scan Rules**:
+```yaml
+hardcoded_secrets:
+  patterns:
+    - regex: '(password|passwd|pwd)\s*[=:]\s*["\'][^"\']{8,}'
+      severity: critical
+      message: "Hardcoded password detected"
+    - regex: '(api[_-]?key|apikey)\s*[=:]\s*["\'][a-zA-Z0-9]{16,}'
+      severity: critical
+      message: "Hardcoded API key detected"
+    - regex: '(secret|token)\s*[=:]\s*["\'][a-zA-Z0-9+/=]{20,}'
+      severity: critical
+      message: "Hardcoded secret/token detected"
+    - regex: 'Bearer\s+[a-zA-Z0-9._-]{20,}'
+      severity: high
+      message: "Hardcoded bearer token detected"
+    - regex: '-----BEGIN (RSA |EC )?PRIVATE KEY-----'
+      severity: critical
+      message: "Private key in source code"
+  safe_patterns:
+    - 'process.env.'
+    - 'config.get('
+    - 'secrets.get('
+```
+### 7. Insecure Random (CWE-330)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Weak randomness for security
+const token = Math.random().toString(36);
+const id = Math.floor(Math.random() * 1000000);
+// SAFE: Cryptographically secure random
+const token = crypto.randomBytes(32).toString('hex');
+const id = crypto.randomUUID();
+```
+**Scan Rules**:
+```yaml
+insecure_random:
+  patterns:
+    - regex: 'Math\.random\(\).*token'
+      severity: high
+      message: "Insecure random for token generation"
+    - regex: 'Math\.random\(\).*password'
+      severity: critical
+      message: "Insecure random for password generation"
+    - regex: 'Math\.random\(\).*secret'
+      severity: critical
+      message: "Insecure random for secret generation"
+  safe_patterns:
+    - 'crypto.randomBytes'
+    - 'crypto.randomUUID'
+    - 'crypto.getRandomValues'
+    - 'uuid.v4()'
+```
+### 8. Missing Authentication (CWE-306)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Unprotected routes
+app.post('/api/admin/users', createUser);
+router.delete('/api/items/:id', deleteItem);
+// SAFE: Authentication middleware
+app.post('/api/admin/users', authMiddleware, createUser);
+router.delete('/api/items/:id', authenticate, authorize, deleteItem);
+```
+**Scan Rules**:
+```yaml
+missing_authentication:
+  patterns:
+    - regex: 'app\.(post|put|delete|patch)\([^,]+,\s*[a-zA-Z]+\)'
+      context: "Check if route needs authentication"
+      severity: medium
+      message: "Route may be missing authentication middleware"
+    - regex: '/api/(admin|user|account)'
+      context: "Sensitive routes"
+      severity: medium
+      message: "Sensitive route - verify authentication is in place"
+  safe_patterns:
+    - 'authMiddleware'
+    - 'authenticate'
+    - 'requireAuth'
+    - 'isAuthenticated'
+    - 'passport.authenticate'
+```
+### 9. CSRF Vulnerabilities (CWE-352)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: State-changing without CSRF protection
+app.post('/api/transfer', handleTransfer);
+// SAFE: CSRF token validation
+app.post('/api/transfer', csrfProtection, handleTransfer);
+```
+**Scan Rules**:
+```yaml
+csrf:
+  patterns:
+    - regex: 'app\.post\([^,]+,\s*(?!.*csrf)'
+      severity: medium
+      message: "POST route may need CSRF protection"
+  safe_patterns:
+    - 'csrf'
+    - 'csurf'
+    - 'csrfProtection'
+    - 'verifyCsrfToken'
+```
+### 10. Insecure Cookie Settings (CWE-614)
+**Detection Patterns**:
+```javascript
+// VULNERABLE: Insecure cookie
+res.cookie('session', value);
+res.cookie('token', value, { httpOnly: false });
+// SAFE: Secure cookie settings
+res.cookie('session', value, {
+  httpOnly: true,
+  secure: true,
+  sameSite: 'strict'
+});
+```
+**Scan Rules**:
+```yaml
+insecure_cookies:
+  patterns:
+    - regex: 'cookie\([^)]+\)(?!.*httpOnly)'
+      severity: medium
+      message: "Cookie missing httpOnly flag"
+    - regex: 'cookie\([^)]+\)(?!.*secure)'
+      severity: medium
+      message: "Cookie missing secure flag"
+    - regex: 'httpOnly:\s*false'
+      severity: high
+      message: "Cookie explicitly set httpOnly: false"
+  safe_patterns:
+    - 'httpOnly: true'
+    - 'secure: true'
+    - "sameSite: 'strict'"
+```
+## Scan Process
+### 1. Pre-Scan Setup
+```yaml
+scan_configuration:
+  enabled_checks:
+    - sql_injection
+    - xss
+    - command_injection
+    - path_traversal
+    - hardcoded_secrets
+    - insecure_random
+    - missing_authentication
+    - csrf
+    - insecure_cookies
+  severity_threshold: medium  # Report medium and above
+  file_patterns:
+    include:
+      - "**/*.js"
+      - "**/*.ts"
+      - "**/*.jsx"
+      - "**/*.tsx"
+      - "**/*.py"
+      - "**/*.java"
+    exclude:
+      - "node_modules/**"
+      - "**/*.test.*"
+      - "**/*.spec.*"
+```
+### 2. Scan Execution
+```python
+def scan_for_vulnerabilities(files, rules):
+    """
+    Scan files for security vulnerabilities.
+    Args:
+        files: List of file paths to scan
+        rules: Security scan rules
+    Returns:
+        List of findings with severity and remediation
+    """
+    findings = []
+    for file_path in files:
+        content = read_file(file_path)
+        for rule_category, rule_config in rules.items():
+            for pattern in rule_config['patterns']:
+                matches = re.findall(pattern['regex'], content)
+                for match in matches:
+                    # Check if safe pattern present
+                    is_safe = any(
+                        safe in content[match.start-100:match.end+100]
+                        for safe in rule_config.get('safe_patterns', [])
+                    )
+                    if not is_safe:
+                        findings.append({
+                            'file': file_path,
+                            'line': get_line_number(content, match),
+                            'category': rule_category,
+                            'severity': pattern['severity'],
+                            'message': pattern['message'],
+                            'code': get_code_snippet(content, match),
+                            'remediation': get_remediation(rule_category)
+                        })
+    return sorted(findings, key=lambda x: severity_order[x['severity']])
+```
+### 3. Report Generation
+```yaml
+# koan/reviews/security-scan-{id}.yaml
+scan_id: "security-scan-001"
+timestamp: "2025-11-11T10:00:00Z"
+implementation_id: "impl-001"
+status: "findings_detected"
+summary:
+  total_findings: 5
+  critical: 1
+  high: 2
+  medium: 2
+  low: 0
+findings:
+  - id: "finding-001"
+    severity: critical
+    category: "sql_injection"
+    file: "src/services/user.service.ts"
+    line: 45
+    message: "Potential SQL injection: String interpolation in query"
+    code: |
+      const query = `SELECT * FROM users WHERE id = ${userId}`;
+    remediation: |
+      Use parameterized queries:
+      const query = 'SELECT * FROM users WHERE id = $1';
+      await db.query(query, [userId]);
+  - id: "finding-002"
+    severity: high
+    category: "hardcoded_secrets"
+    file: "src/config/database.ts"
+    line: 12
+    message: "Hardcoded password detected"
+    code: |
+      const password = "db_password_123";
+    remediation: |
+      Use environment variables:
+      const password = process.env.DB_PASSWORD;
+blocked: true  # Critical findings block merge
+```
+## Integration with Quality Concept
+### In Quality Review Action
+```yaml
+# Add to quality.review process
+quality_review:
+  steps:
+    - name: "Code Style Check"
+      tool: "eslint"
+    - name: "Security Vulnerability Scan"
+      tool: "security-scanner"
+      config:
+        severity_threshold: "medium"
+        block_on_critical: true
+        block_on_high: true
+    - name: "Type Check"
+      tool: "tsc"
+  blocking_conditions:
+    - "security.critical > 0"
+    - "security.high > 0"
+```
+### Scan Output in Review
+```yaml
+# koan/reviews/review-{id}.yaml
+review_id: "review-001"
+implementation_id: "impl-001"
+status: "needs_changes"  # Blocked by security findings
+security_scan:
+  status: "failed"
+  critical: 1
+  high: 2
+  findings:
+    - "SQL injection in user.service.ts:45"
+    - "Hardcoded password in database.ts:12"
+    - "Missing CSRF protection on /api/transfer"
+  remediation_required:
+    - file: "src/services/user.service.ts"
+      action: "Use parameterized queries"
+    - file: "src/config/database.ts"
+      action: "Move password to environment variable"
+    - file: "src/routes/transfer.ts"
+      action: "Add CSRF middleware"
+code_review:
+  status: "approved"
+  # Security issues override code approval
+```
+## Remediation Guidance
+### For Each Vulnerability Type
+```yaml
+remediation_guides:
+  sql_injection:
+    title: "Fix SQL Injection"
+    steps:
+      - "Replace string concatenation with parameterized queries"
+      - "Use ORM methods instead of raw SQL where possible"
+      - "Validate input types before query construction"
+    examples:
+      before: |
+        const query = `SELECT * FROM users WHERE id = ${userId}`;
+      after: |
+        const query = 'SELECT * FROM users WHERE id = $1';
+        await db.query(query, [userId]);
+  xss:
+    title: "Fix Cross-Site Scripting"
+    steps:
+      - "Use textContent instead of innerHTML for plain text"
+      - "Sanitize HTML with DOMPurify before rendering"
+      - "Use framework's built-in escaping (React, Vue, etc.)"
+    examples:
+      before: |
+        element.innerHTML = userInput;
+      after: |
+        element.textContent = userInput;
+        // Or if HTML is needed:
+        element.innerHTML = DOMPurify.sanitize(userInput);
+  hardcoded_secrets:
+    title: "Fix Hardcoded Secrets"
+    steps:
+      - "Move secrets to environment variables"
+      - "Use a secret manager (Vault, AWS Secrets Manager)"
+      - "Add secret patterns to .gitignore"
+    examples:
+      before: |
+        const apiKey = "sk-1234567890";
+      after: |
+        const apiKey = process.env.API_KEY;
+        // In .env (not committed):
+        // API_KEY=sk-1234567890
+```
+## SLO Expectations
+```yaml
+security_scan_slo:
+  expected_duration_ms: 5000
+  max_duration_ms: 30000
+  blocking_policy:
+    critical: "always_block"
+    high: "always_block"
+    medium: "warn_and_continue"
+    low: "log_only"
+  metrics:
+    target_false_positive_rate: "< 10%"
+    target_coverage: "> 95% of OWASP Top 10"
+```
+## Best Practices
+1. ✅ **Run on every code change** - Security scan in CI/CD pipeline
+2. ✅ **Block critical/high findings** - Don't merge vulnerable code
+3. ✅ **Provide clear remediation** - Actionable fix guidance
+4. ✅ **Track metrics** - False positive rate, time to remediate
+5. ✅ **Update rules regularly** - New vulnerability patterns emerge
+6. ✅ **Context-aware scanning** - Reduce false positives with context
+7. ✅ **Developer education** - Help developers understand why
+---
+**Use this skill when**: Reviewing any code that handles user input, authentication, data storage, or external communication. Security scanning should be automatic in the quality review phase.