@ekkos/cli 0.2.0

package/templates/skills/ekkOS_Summary/Skill.md

@@ -0,0 +1,257 @@
+---
+name: ekkOS_Summary
+description: Show what ekkOS learned and did. Activate when the user asks "what did you learn", "show me my patterns", "ekkOS status", "memory summary", or wants to understand what the memory system captured. This skill provides transparency about memory operations.
+allowed-tools:
+  - mcp__ekkos-memory__ekkOS_Summary
+  - mcp__ekkos-memory__ekkOS_Stats
+  - mcp__ekkos-memory__ekkOS_Search
+  - mcp__ekkos-memory__ekkOS_Plans
+---
+
+# ekkOS_Summary
+
+You are augmented with **ekkOS_ memory** - and you can show users exactly what the memory system has learned and done.
+
+## Why This Skill Exists
+
+Transparency builds trust:
+- Users should know what's being remembered
+- Pattern counts and success rates matter
+- Session activity should be visible
+
+This skill provides insight into ekkOS operations.
+
+## When To Activate
+
+This skill should trigger when:
+
+| Trigger | Example |
+|---------|---------|
+| "What did you learn?" | Wants to see forged patterns |
+| "Show my patterns" | Wants pattern list |
+| "ekkOS status" | System health check |
+| "Memory summary" | Overview request |
+| "What did ekkOS do?" | Activity review |
+| End of session | Natural summary point |
+
+## Instructions
+
+### Session Summary
+
+```
+ekkOS_Summary({
+  time_window_seconds: 300  // Last 5 minutes
+})
+```
+
+Response:
+```json
+{
+  "session_activity": {
+    "searches": 5,
+    "patterns_retrieved": 12,
+    "patterns_applied": 4,
+    "patterns_forged": 2,
+    "directives_created": 1
+  },
+  "recent_events": [
+    {"type": "search", "query": "auth error", "results": 3},
+    {"type": "forge", "title": "JWT clock tolerance fix"},
+    {"type": "apply", "pattern": "Error handling middleware"}
+  ]
+}
+```
+
+### Memory Statistics
+
+```
+ekkOS_Stats({
+  scope: "personal"  // or "collective" or "both"
+})
+```
+
+Response:
+```json
+{
+  "personal": {
+    "patterns": 127,
+    "directives": 23,
+    "episodes": 489,
+    "avg_success_rate": 0.82
+  },
+  "collective": {
+    "patterns": 5420,
+    "avg_success_rate": 0.78
+  }
+}
+```
+
+## Example Scenarios
+
+### Scenario 1: Session Summary
+```
+User: "What did ekkOS do this session?"
+
+You: ekkOS_Summary({ time_window_seconds: 3600 })
+
+     "🧠 ekkOS Session Summary (last hour):
+
+      📊 Activity:
+      ├── Searches: 8 queries
+      ├── Patterns retrieved: 15
+      ├── Patterns applied: 6
+      └── Patterns forged: 3
+
+      ✨ New patterns created:
+      1. 'Fix CORS with credentials mode'
+      2. 'Supabase RLS policy syntax'
+      3. 'React useEffect cleanup pattern'
+
+      📋 Directives added:
+      1. [PREFER] Use arrow functions
+
+      🎯 Golden Loop compliance: 94%
+
+      Your memory is growing!"
+```
+
+### Scenario 2: Overall Statistics
+```
+User: "How's my ekkOS memory doing?"
+
+You: ekkOS_Stats({ scope: "both" })
+
+     "🧠 ekkOS Memory Statistics:
+
+      📚 Your Personal Memory:
+      ├── Patterns: 127 total
+      ├── Success rate: 82%
+      ├── Directives: 23 active
+      ├── Episodes: 489 conversations
+      └── Most used: 'Error handling' (45 applications)
+
+      🌐 Collective Memory:
+      ├── Total patterns: 5,420
+      ├── Your contributions: 127
+      └── Top category: API Integration
+
+      📈 Growth:
+      ├── This week: +12 patterns
+      ├── This month: +47 patterns
+      └── Trend: ↑ 15% more than last month
+
+      You're in the top 10% of ekkOS contributors!"
+```
+
+### Scenario 3: What Did You Learn?
+```
+User: "What patterns did you learn from our conversation?"
+
+You: ekkOS_Search({
+       query: "session:" + session_id,
+       sources: ["patterns"]
+     })
+
+     "🧠 Patterns learned this session:
+
+      1. **Fix timezone issues in date comparison**
+         Problem: Dates compared without timezone normalization
+         Solution: Always convert to UTC before comparison
+         Confidence: 85%
+
+      2. **Supabase real-time subscription cleanup**
+         Problem: Memory leak from unsubscribed channels
+         Solution: Store subscription and call unsubscribe in useEffect cleanup
+         Confidence: 90%
+
+      3. **Anti-pattern: Don't use .env in client code**
+         Problem: Tried to read .env directly in React
+         Solution: Use NEXT_PUBLIC_ prefix or server-side only
+         Type: Anti-pattern (learned from mistake)
+
+      These will help in future sessions!"
+```
+
+### Scenario 4: Plan Status
+```
+User: "What am I working on?"
+
+You: ekkOS_Plans({ status: "in_progress" })
+
+     ekkOS_Summary({ time_window_seconds: 86400 })
+
+     "🧠 Current State:
+
+      📋 Active Plans:
+      1. **API Refactoring** [5/8 steps]
+         Current: Creating service interfaces
+         Next: Add dependency injection
+
+      2. **Auth System** [2/6 steps]
+         Current: Implementing registration
+         Blocked: Waiting for email service
+
+      📊 Today's Progress:
+      ├── Completed 3 plan steps
+      ├── Forged 2 new patterns
+      └── Applied 8 existing patterns
+
+      Resume API Refactoring?"
+```
+
+### Scenario 5: Memory Health Check
+```
+User: "Is ekkOS working properly?"
+
+You: ekkOS_Stats({})
+
+     "🧠 ekkOS Health Check:
+
+      ✅ API Connection: Healthy
+      ✅ Pattern Layer: 127 patterns indexed
+      ✅ Directive Layer: 23 active rules
+      ✅ Episode Layer: 489 conversations stored
+      ✅ Context Guardian: Active
+
+      📊 Performance:
+      ├── Average search time: 120ms
+      ├── Pattern retrieval rate: 94%
+      └── Golden Loop compliance: 91%
+
+      ⚠️ Suggestions:
+      ├── 5 patterns have <50% success rate
+      └── Consider reviewing/updating these
+
+      Overall: System healthy! 🟢"
+```
+
+## Display Formats
+
+### Compact Summary
+```
+🧠 ekkOS: 127 patterns | 23 directives | 82% success rate
+```
+
+### Detailed Summary
+```
+🧠 ekkOS Memory Summary
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+Patterns:    127 total, 82% success rate
+Directives:  23 active (12 MUST, 8 NEVER, 3 PREFER)
+Episodes:    489 conversations indexed
+Plans:       2 in progress, 15 completed
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+```
+
+## Success Metrics
+
+You're using this skill correctly when:
+- Users understand what ekkOS is doing
+- Statistics are presented clearly
+- Session activity is transparent
+- Users trust the memory system
+- Summaries are useful, not overwhelming
+
+---
+
+**Mantra**: Show the work. Users should see what ekkOS learns.

package/templates/skills/ekkOS_Vault/Skill.md

@@ -0,0 +1,287 @@
+---
+name: ekkOS_Vault
+description: Securely store and retrieve credentials. Activate when the user shares an API key, password, token, secret, or any sensitive credential. Also activate when you need to use a stored credential or when the user asks about their stored secrets. All secrets are encrypted with AES-256-GCM.
+allowed-tools:
+  - mcp__ekkos-memory__ekkOS_StoreSecret
+  - mcp__ekkos-memory__ekkOS_GetSecret
+  - mcp__ekkos-memory__ekkOS_ListSecrets
+  - mcp__ekkos-memory__ekkOS_DeleteSecret
+  - mcp__ekkos-memory__ekkOS_RotateSecret
+---
+
+# ekkOS_Vault
+
+You are augmented with **ekkOS_ memory** - and you can securely store and retrieve encrypted credentials.
+
+## Why This Skill Exists
+
+Users share credentials during development:
+- API keys for services
+- Database passwords
+- OAuth tokens
+- Environment secrets
+
+This skill stores them securely (AES-256-GCM encrypted) and retrieves them when needed.
+
+## CRITICAL Security Rules
+
+1. **NEVER output secrets in plain text** unless user explicitly requests
+2. **NEVER include secrets in patterns** or regular memory
+3. **ALWAYS use masked display** when showing secrets exist
+4. **ALWAYS confirm before storing** sensitive data
+
+## When To Activate
+
+This skill should trigger when:
+
+| Trigger | Example |
+|---------|---------|
+| User shares API key | "Here's my OpenAI key: sk-..." |
+| User shares password | "The database password is ..." |
+| User shares token | "My GitHub token is ghp_..." |
+| Need to use stored cred | Making API call that needs key |
+| User asks about secrets | "What credentials do I have stored?" |
+| Key rotation | "I need to update my API key" |
+
+## Instructions
+
+### Storing Secrets
+
+When user shares a credential:
+
+```
+ekkOS_StoreSecret({
+  service: "openai",           // Service name
+  value: "sk-abc123...",       // The actual secret
+  type: "api_key",             // auto-detected if omitted
+  description: "Production API key",
+  expiresInDays: 90            // Optional expiration
+})
+```
+
+Then confirm (with masked value):
+```
+🔐 Secret stored securely:
+   Service: openai
+   Type: API Key
+   Preview: sk-a...123
+   Encrypted: AES-256-GCM
+
+   Use `ekkOS_GetSecret({service: "openai"})` to retrieve.
+```
+
+### Retrieving Secrets
+
+When you need a stored credential:
+
+```
+ekkOS_GetSecret({
+  service: "openai",
+  masked: false  // true for safe display
+})
+```
+
+Response:
+```json
+{
+  "service": "openai",
+  "value": "sk-abc123...",  // Only if masked: false
+  "type": "api_key",
+  "created_at": "2024-01-15T10:30:00Z",
+  "last_accessed": "2024-01-20T14:22:00Z"
+}
+```
+
+**For display to user (masked):**
+```
+ekkOS_GetSecret({
+  service: "openai",
+  masked: true
+})
+
+Response: { value: "sk-a...123" }
+```
+
+### Listing Secrets
+
+Show what's stored (no values):
+
+```
+ekkOS_ListSecrets({})
+```
+
+Response:
+```
+🔐 Stored Credentials:
+
+1. openai (API Key)
+   Created: Jan 15, 2024
+   Last used: Jan 20, 2024
+
+2. supabase (API Key)
+   Created: Jan 10, 2024
+   Last used: Jan 19, 2024
+
+3. github (Token)
+   Created: Dec 1, 2023
+   Last used: Jan 18, 2024
+
+Total: 3 secrets stored
+```
+
+### Rotating Secrets
+
+When user has a new key:
+
+```
+ekkOS_RotateSecret({
+  service: "openai",
+  newValue: "sk-new-key-xyz..."
+})
+```
+
+Response:
+```
+🔐 Secret rotated:
+   Service: openai
+   Old key revoked
+   New key stored: sk-n...xyz
+
+   Remember to revoke the old key in OpenAI dashboard.
+```
+
+### Deleting Secrets
+
+```
+ekkOS_DeleteSecret({
+  secretId: "secret-uuid"
+})
+```
+
+Response:
+```
+🔐 Secret deleted permanently:
+   Service: openai
+   This cannot be recovered.
+```
+
+## Example Scenarios
+
+### Scenario 1: User Shares API Key
+```
+User: "Here's my Stripe key: sk_live_abc123xyz"
+
+You: "I'll store this securely.
+
+      ekkOS_StoreSecret({
+        service: 'stripe',
+        value: 'sk_live_abc123xyz',
+        type: 'api_key',
+        description: 'Live Stripe API key'
+      })
+
+      🔐 Stripe API key stored securely (AES-256-GCM encrypted).
+      Preview: sk_l...xyz
+
+      I can use this for Stripe API calls. You won't need to
+      share it again."
+```
+
+### Scenario 2: Using Stored Credential
+```
+User: "Make a Stripe API call to list customers"
+
+You: *Need Stripe key*
+
+     ekkOS_GetSecret({ service: 'stripe' })
+
+     → Retrieved: sk_live_abc123xyz
+
+     "Using your stored Stripe key..."
+
+     *Makes API call with the key*
+
+     "Here are your customers: ..."
+
+     *Key never shown to user*
+```
+
+### Scenario 3: What Credentials Exist
+```
+User: "What API keys do I have stored?"
+
+You: ekkOS_ListSecrets({})
+
+     "🔐 Your stored credentials:
+
+      1. **stripe** (API Key)
+         Created: 2 weeks ago
+         Last accessed: Yesterday
+
+      2. **openai** (API Key)
+         Created: 1 month ago
+         Last accessed: 3 days ago
+
+      3. **github** (Personal Access Token)
+         Created: 2 months ago
+         Last accessed: Last week
+
+      Would you like to see masked previews of any of these?"
+```
+
+### Scenario 4: Credential Rotation
+```
+User: "I regenerated my OpenAI key, here's the new one: sk-new123"
+
+You: ekkOS_RotateSecret({
+       service: 'openai',
+       newValue: 'sk-new123'
+     })
+
+     "🔐 OpenAI key rotated:
+      - Old key removed from vault
+      - New key stored: sk-n...123
+
+      ⚠️ Remember to delete the old key in OpenAI's dashboard
+      to prevent unauthorized use."
+```
+
+## Auto-Detection
+
+The skill can auto-detect secret types:
+
+| Pattern | Detected Type |
+|---------|---------------|
+| `sk-...` | OpenAI API Key |
+| `ghp_...` | GitHub Personal Token |
+| `sk_live_...` | Stripe Live Key |
+| `sk_test_...` | Stripe Test Key |
+| `xoxb-...` | Slack Bot Token |
+| `AKIA...` | AWS Access Key |
+
+## Security Reminders
+
+When storing:
+```
+⚠️ Security note: This key is encrypted and stored securely.
+   Only you can access it through ekkOS.
+   Never share this key in plain text or commit it to git.
+```
+
+When retrieving for API calls:
+```
+*Using stored credential - never displayed*
+```
+
+## Success Metrics
+
+You're using this skill correctly when:
+- Credentials are stored, not repeated in chat
+- Users don't have to re-share keys
+- Masked previews are used for display
+- Rotations are handled smoothly
+- No secrets appear in patterns or logs
+
+---
+
+**Mantra**: User shares a key? Store it. Need a key? Retrieve it. Never expose it.