npm - @ericrisco/rsc - Versions diffs - 0.1.5 - Mend

@ericrisco/rsc 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (1419) hide show

package/LICENSE +21 -0
package/README.md +294 -0
package/manifest.json +4761 -0
package/package.json +60 -0
package/schema/frontmatter.schema.json +12 -0
package/scripts/build-manifest.js +72 -0
package/scripts/consult.js +106 -0
package/scripts/detect-repo.js +118 -0
package/scripts/doctor.js +21 -0
package/scripts/eval-lint.sh +179 -0
package/scripts/install-apply.js +52 -0
package/scripts/install-plan.js +13 -0
package/scripts/lib/behavior-score.js +103 -0
package/scripts/lib/domains.js +30 -0
package/scripts/lib/frontmatter.js +47 -0
package/scripts/lib/harden-policy.js +41 -0
package/scripts/lib/manifest.js +18 -0
package/scripts/lib/recommend.js +36 -0
package/scripts/lib/registry.js +110 -0
package/scripts/lib/result-envelope.js +35 -0
package/scripts/lib/state.js +12 -0
package/scripts/lib/ui.js +159 -0
package/scripts/reviewer-guard.sh +67 -0
package/scripts/rsc.js +187 -0
package/scripts/skill-behavior-eval.js +33 -0
package/scripts/skill-behavior-eval.workflow.js +136 -0
package/scripts/skill-behavior-rubric.md +63 -0
package/scripts/skill-harden-rubric.md +40 -0
package/scripts/skill-harden.workflow.js +161 -0
package/scripts/skill-rubric.md +39 -0
package/scripts/skill-scoreboard.workflow.js +35 -0
package/skills/ab-testing/SKILL.md +191 -0
package/skills/ab-testing/evals/README.md +8 -0
package/skills/ab-testing/evals/cases.yaml +49 -0
package/skills/ab-testing/references/pitfalls.md +74 -0
package/skills/ab-testing/references/sample-size-and-cuped.md +128 -0
package/skills/ab-testing/scripts/verify.sh +89 -0
package/skills/accessibility/SKILL.md +218 -0
package/skills/accessibility/evals/README.md +3 -0
package/skills/accessibility/evals/cases.yaml +47 -0
package/skills/accessibility/references/aria-patterns.md +113 -0
package/skills/accessibility/references/wcag22-checklist.md +83 -0
package/skills/accessibility/scripts/verify.sh +103 -0
package/skills/ads/SKILL.md +175 -0
package/skills/ads/evals/README.md +15 -0
package/skills/ads/evals/cases.yaml +58 -0
package/skills/ads/references/platform-specs.md +73 -0
package/skills/ads/references/roas-model.md +77 -0
package/skills/ads/scripts/verify.sh +210 -0
package/skills/agent-eval/SKILL.md +213 -0
package/skills/agent-eval/evals/README.md +12 -0
package/skills/agent-eval/evals/cases.yaml +45 -0
package/skills/agent-eval/references/judge-design.md +118 -0
package/skills/agent-eval/references/runner-and-gate.md +183 -0
package/skills/agent-eval/scripts/verify.sh +161 -0
package/skills/agent-safety/SKILL.md +176 -0
package/skills/agent-safety/evals/README.md +12 -0
package/skills/agent-safety/evals/cases.yaml +46 -0
package/skills/agent-safety/references/threat-model.md +51 -0
package/skills/ai-media/SKILL.md +196 -0
package/skills/ai-media/evals/README.md +3 -0
package/skills/ai-media/evals/cases.yaml +45 -0
package/skills/ai-media/references/ffmpeg-assembly.md +117 -0
package/skills/ai-media/references/models-and-params.md +78 -0
package/skills/ai-media/scripts/verify.sh +103 -0
package/skills/analytics/SKILL.md +219 -0
package/skills/analytics/evals/README.md +9 -0
package/skills/analytics/evals/cases.yaml +53 -0
package/skills/analytics/references/event-taxonomy.md +75 -0
package/skills/analytics/references/ga4-setup.md +122 -0
package/skills/analytics/references/posthog-setup.md +100 -0
package/skills/analytics/scripts/verify.sh +95 -0
package/skills/analyze/SKILL.md +136 -0
package/skills/analyze/evals/README.md +72 -0
package/skills/analyze/evals/cases.yaml +74 -0
package/skills/angular/SKILL.md +288 -0
package/skills/angular/evals/README.md +3 -0
package/skills/angular/evals/cases.yaml +38 -0
package/skills/angular/references/migration.md +81 -0
package/skills/angular/references/signals-rxjs.md +92 -0
package/skills/angular/scripts/verify.sh +122 -0
package/skills/api-connector-builder/SKILL.md +285 -0
package/skills/api-connector-builder/evals/README.md +11 -0
package/skills/api-connector-builder/evals/cases.yaml +47 -0
package/skills/api-connector-builder/references/auth-flows.md +132 -0
package/skills/api-connector-builder/references/pagination.md +144 -0
package/skills/api-connector-builder/scripts/verify.sh +172 -0
package/skills/api-design/SKILL.md +189 -0
package/skills/api-design/evals/README.md +3 -0
package/skills/api-design/evals/cases.yaml +45 -0
package/skills/api-design/references/graphql-design.md +70 -0
package/skills/api-design/references/openapi-contract.md +86 -0
package/skills/api-design/references/rest-conventions.md +63 -0
package/skills/api-design/references/versioning-and-evolution.md +49 -0
package/skills/api-design/scripts/verify.sh +138 -0
package/skills/article-writing/SKILL.md +175 -0
package/skills/article-writing/evals/README.md +3 -0
package/skills/article-writing/evals/cases.yaml +47 -0
package/skills/article-writing/references/ai-tell-banlist.md +114 -0
package/skills/article-writing/references/on-page-seo.md +133 -0
package/skills/article-writing/scripts/verify.sh +165 -0
package/skills/astro/SKILL.md +275 -0
package/skills/astro/evals/README.md +3 -0
package/skills/astro/evals/cases.yaml +41 -0
package/skills/astro/references/content-layer.md +118 -0
package/skills/astro/references/deploy-and-integrations.md +163 -0
package/skills/astro/scripts/verify.sh +137 -0
package/skills/author-skill/SKILL.md +206 -0
package/skills/author-skill/evals/README.md +66 -0
package/skills/author-skill/evals/cases.yaml +75 -0
package/skills/author-skill/references/description-recipe.md +84 -0
package/skills/author-skill/references/eval-authoring.md +74 -0
package/skills/author-skill/references/rsc-conventions.md +91 -0
package/skills/automation-flows/SKILL.md +132 -0
package/skills/automation-flows/evals/README.md +5 -0
package/skills/automation-flows/evals/cases.yaml +44 -0
package/skills/automation-flows/references/error-handling.md +58 -0
package/skills/automation-flows/references/n8n-workflow-json.md +63 -0
package/skills/automation-flows/scripts/verify.sh +78 -0
package/skills/aws-essentials/SKILL.md +223 -0
package/skills/aws-essentials/evals/README.md +10 -0
package/skills/aws-essentials/evals/cases.yaml +44 -0
package/skills/aws-essentials/references/iam-least-privilege.md +134 -0
package/skills/aws-essentials/references/rds-cloudfront-recipes.md +127 -0
package/skills/aws-essentials/scripts/verify.sh +99 -0
package/skills/backups/SKILL.md +137 -0
package/skills/backups/evals/README.md +3 -0
package/skills/backups/evals/cases.yaml +42 -0
package/skills/backups/references/engine-recipes.md +121 -0
package/skills/backups/references/restore-runbook.md +65 -0
package/skills/backups/scripts/verify.sh +80 -0
package/skills/bash-scripting/SKILL.md +231 -0
package/skills/bash-scripting/evals/README.md +3 -0
package/skills/bash-scripting/evals/cases.yaml +45 -0
package/skills/bash-scripting/references/portability.md +97 -0
package/skills/bash-scripting/scripts/verify.sh +140 -0
package/skills/bookkeeping/SKILL.md +184 -0
package/skills/bookkeeping/evals/README.md +5 -0
package/skills/bookkeeping/evals/cases.yaml +52 -0
package/skills/bookkeeping/references/chart-of-accounts.md +87 -0
package/skills/bookkeeping/references/reconciliation-playbook.md +54 -0
package/skills/bookkeeping/references/tricky-transactions.md +192 -0
package/skills/brand-identity/SKILL.md +161 -0
package/skills/brand-identity/evals/README.md +14 -0
package/skills/brand-identity/evals/cases.yaml +43 -0
package/skills/brand-identity/references/color-and-tokens.md +129 -0
package/skills/brand-identity/references/logo-and-assets.md +117 -0
package/skills/brand-identity/scripts/verify.sh +224 -0
package/skills/brand-voice/SKILL.md +183 -0
package/skills/brand-voice/evals/README.md +3 -0
package/skills/brand-voice/evals/cases.yaml +57 -0
package/skills/brand-voice/references/voice-guide-template.md +150 -0
package/skills/brand-voice/references/word-bank.md +61 -0
package/skills/brand-voice/scripts/verify.sh +190 -0
package/skills/building-agents/SKILL.md +469 -0
package/skills/building-agents/evals/README.md +68 -0
package/skills/building-agents/evals/cases.yaml +60 -0
package/skills/building-agents/references/agent-loops-and-harness.md +371 -0
package/skills/building-agents/references/evals-and-observability.md +420 -0
package/skills/building-agents/references/mcp-servers.md +294 -0
package/skills/building-agents/references/provider-abstraction.md +489 -0
package/skills/building-agents/references/tools-and-rag.md +417 -0
package/skills/building-agents/scripts/verify.sh +121 -0
package/skills/business-intelligence/SKILL.md +176 -0
package/skills/business-intelligence/evals/README.md +3 -0
package/skills/business-intelligence/evals/cases.yaml +43 -0
package/skills/business-intelligence/references/authoring-semantic-models.md +120 -0
package/skills/business-intelligence/references/wiring-agents-and-apis.md +79 -0
package/skills/business-intelligence/scripts/verify.sh +143 -0
package/skills/calendar-scheduling/SKILL.md +196 -0
package/skills/calendar-scheduling/evals/README.md +14 -0
package/skills/calendar-scheduling/evals/cases.yaml +45 -0
package/skills/calendar-scheduling/references/google-calendar-sync.md +78 -0
package/skills/calendar-scheduling/references/provider-matrix.md +71 -0
package/skills/calendar-scheduling/scripts/verify.sh +117 -0
package/skills/case-studies/SKILL.md +147 -0
package/skills/case-studies/evals/README.md +3 -0
package/skills/case-studies/evals/cases.yaml +63 -0
package/skills/case-studies/references/case-study-skeleton.md +90 -0
package/skills/case-studies/references/consent-and-substantiation.md +80 -0
package/skills/case-studies/scripts/verify.sh +161 -0
package/skills/chatbot/SKILL.md +168 -0
package/skills/chatbot/evals/README.md +13 -0
package/skills/chatbot/evals/cases.yaml +43 -0
package/skills/chatbot/references/handoff-and-sales.md +71 -0
package/skills/chatbot/references/system-prompt-and-guardrails.md +78 -0
package/skills/chatbot/scripts/verify.sh +162 -0
package/skills/chrome-extension/SKILL.md +169 -0
package/skills/chrome-extension/evals/README.md +12 -0
package/skills/chrome-extension/evals/cases.yaml +40 -0
package/skills/chrome-extension/references/store-and-migration.md +84 -0
package/skills/chrome-extension/scripts/verify.sh +62 -0
package/skills/clarify/SKILL.md +159 -0
package/skills/clarify/evals/README.md +70 -0
package/skills/clarify/evals/cases.yaml +71 -0
package/skills/clickhouse-analytics/SKILL.md +165 -0
package/skills/clickhouse-analytics/evals/README.md +3 -0
package/skills/clickhouse-analytics/evals/cases.yaml +45 -0
package/skills/clickhouse-analytics/references/ingestion-and-mvs.md +109 -0
package/skills/clickhouse-analytics/references/query-optimization.md +76 -0
package/skills/clickhouse-analytics/references/schema-and-engines.md +63 -0
package/skills/clickhouse-analytics/scripts/verify.sh +109 -0
package/skills/client-onboarding/SKILL.md +254 -0
package/skills/client-onboarding/evals/README.md +14 -0
package/skills/client-onboarding/evals/cases.yaml +40 -0
package/skills/client-onboarding/references/onboarding-playbook.md +126 -0
package/skills/cloudflare/SKILL.md +191 -0
package/skills/cloudflare/evals/README.md +15 -0
package/skills/cloudflare/evals/cases.yaml +46 -0
package/skills/cloudflare/references/storage-primitives.md +104 -0
package/skills/cloudflare/references/wrangler-config.md +91 -0
package/skills/cloudflare/scripts/verify.sh +133 -0
package/skills/code-review/SKILL.md +143 -0
package/skills/code-review/evals/README.md +3 -0
package/skills/code-review/evals/cases.yaml +55 -0
package/skills/code-review/references/pr-workflow.md +67 -0
package/skills/codebase-onboarding/SKILL.md +133 -0
package/skills/codebase-onboarding/evals/README.md +3 -0
package/skills/codebase-onboarding/evals/cases.yaml +69 -0
package/skills/codebase-onboarding/references/recon-playbook.md +57 -0
package/skills/codebase-onboarding/scripts/verify.sh +54 -0
package/skills/cold-outreach/SKILL.md +206 -0
package/skills/cold-outreach/evals/README.md +3 -0
package/skills/cold-outreach/evals/cases.yaml +60 -0
package/skills/cold-outreach/references/compliance-footer.md +50 -0
package/skills/cold-outreach/references/hook-derivation.md +73 -0
package/skills/cold-outreach/references/templates.md +88 -0
package/skills/cold-outreach/scripts/verify.sh +170 -0
package/skills/community/SKILL.md +225 -0
package/skills/community/evals/README.md +3 -0
package/skills/community/evals/cases.yaml +40 -0
package/skills/community/references/metrics-and-rituals.md +58 -0
package/skills/community/references/platform-playbooks.md +64 -0
package/skills/community/scripts/verify.sh +83 -0
package/skills/competitor-watch/SKILL.md +193 -0
package/skills/competitor-watch/evals/README.md +19 -0
package/skills/competitor-watch/evals/cases.yaml +54 -0
package/skills/competitor-watch/references/monitoring-config.md +124 -0
package/skills/competitor-watch/references/tracker-schema.md +79 -0
package/skills/competitor-watch/scripts/verify.sh +253 -0
package/skills/compliance/SKILL.md +184 -0
package/skills/compliance/evals/README.md +14 -0
package/skills/compliance/evals/cases.yaml +46 -0
package/skills/compliance/references/frameworks.md +108 -0
package/skills/compliance/references/operating-rhythm.md +79 -0
package/skills/compliance/scripts/verify.sh +168 -0
package/skills/compose-multiplatform/SKILL.md +198 -0
package/skills/compose-multiplatform/evals/README.md +3 -0
package/skills/compose-multiplatform/evals/cases.yaml +40 -0
package/skills/compose-multiplatform/references/ios-interop.md +91 -0
package/skills/compose-multiplatform/references/project-setup.md +96 -0
package/skills/compose-multiplatform/scripts/verify.sh +123 -0
package/skills/constitution/SKILL.md +160 -0
package/skills/constitution/evals/README.md +68 -0
package/skills/constitution/evals/cases.yaml +72 -0
package/skills/constitution/references/constitution-template.md +90 -0
package/skills/content-engine/SKILL.md +164 -0
package/skills/content-engine/evals/README.md +17 -0
package/skills/content-engine/evals/cases.yaml +62 -0
package/skills/content-engine/references/atomization.md +81 -0
package/skills/content-engine/references/brief-and-pipeline.md +90 -0
package/skills/content-engine/scripts/verify.sh +146 -0
package/skills/context-budget/SKILL.md +132 -0
package/skills/context-budget/evals/README.md +11 -0
package/skills/context-budget/evals/cases.yaml +40 -0
package/skills/context-budget/references/handoff-and-compaction.md +96 -0
package/skills/continuous-learning/SKILL.md +136 -0
package/skills/continuous-learning/evals/README.md +16 -0
package/skills/continuous-learning/evals/cases.yaml +39 -0
package/skills/continuous-learning/references/lesson-routing.md +106 -0
package/skills/contracts/SKILL.md +124 -0
package/skills/contracts/evals/README.md +3 -0
package/skills/contracts/evals/cases.yaml +42 -0
package/skills/contracts/references/clause-library.md +129 -0
package/skills/contracts/references/review-playbook.md +49 -0
package/skills/contracts/scripts/verify.sh +53 -0
package/skills/coolify/SKILL.md +201 -0
package/skills/coolify/evals/README.md +21 -0
package/skills/coolify/evals/cases.yaml +46 -0
package/skills/coolify/references/databases-and-backups.md +99 -0
package/skills/coolify/references/deploy-recipes.md +105 -0
package/skills/coolify/references/install-and-proxy.md +80 -0
package/skills/coolify/scripts/verify.sh +123 -0
package/skills/cost-tracking/SKILL.md +183 -0
package/skills/cost-tracking/evals/README.md +3 -0
package/skills/cost-tracking/evals/cases.yaml +45 -0
package/skills/cost-tracking/references/cloud-caps.md +52 -0
package/skills/cost-tracking/references/pricing-tables.md +51 -0
package/skills/cost-tracking/scripts/verify.sh +135 -0
package/skills/course-builder/SKILL.md +186 -0
package/skills/course-builder/evals/README.md +16 -0
package/skills/course-builder/evals/cases.yaml +49 -0
package/skills/course-builder/references/assessment-design.md +74 -0
package/skills/course-builder/references/grounding-and-scoping.md +69 -0
package/skills/course-builder/references/outcomes-and-blooms.md +82 -0
package/skills/course-builder/scripts/verify.sh +247 -0
package/skills/course-storytelling/SKILL.md +205 -0
package/skills/course-storytelling/evals/README.md +54 -0
package/skills/course-storytelling/evals/cases.yaml +50 -0
package/skills/course-storytelling/references/brunson-frameworks.md +190 -0
package/skills/course-storytelling/references/concept-landing-recipe.md +136 -0
package/skills/course-storytelling/references/course-analysis.md +124 -0
package/skills/course-storytelling/references/learner-grounding.md +183 -0
package/skills/course-storytelling/references/mental-models.md +115 -0
package/skills/course-storytelling/scripts/verify.sh +223 -0
package/skills/cpp/SKILL.md +349 -0
package/skills/cpp/evals/README.md +14 -0
package/skills/cpp/evals/cases.yaml +44 -0
package/skills/cpp/references/cmake.md +167 -0
package/skills/cpp/references/move-and-templates.md +130 -0
package/skills/cpp/references/undefined-behavior.md +86 -0
package/skills/cpp/scripts/verify.sh +165 -0
package/skills/csharp-dotnet/SKILL.md +291 -0
package/skills/csharp-dotnet/evals/README.md +3 -0
package/skills/csharp-dotnet/evals/cases.yaml +48 -0
package/skills/csharp-dotnet/references/aspnetcore.md +99 -0
package/skills/csharp-dotnet/references/async.md +82 -0
package/skills/csharp-dotnet/references/efcore.md +96 -0
package/skills/csharp-dotnet/scripts/verify.sh +90 -0
package/skills/customer-support/SKILL.md +193 -0
package/skills/customer-support/evals/README.md +13 -0
package/skills/customer-support/evals/cases.yaml +61 -0
package/skills/customer-support/references/macros-and-sla.md +142 -0
package/skills/dashboard/SKILL.md +205 -0
package/skills/dashboard/evals/README.md +3 -0
package/skills/dashboard/evals/cases.yaml +50 -0
package/skills/dashboard/references/chart-selection.md +34 -0
package/skills/dashboard/references/tile-schema.md +164 -0
package/skills/dashboard/scripts/verify.sh +130 -0
package/skills/data-cleaning/SKILL.md +285 -0
package/skills/data-cleaning/evals/README.md +16 -0
package/skills/data-cleaning/evals/cases.yaml +57 -0
package/skills/data-cleaning/references/normalization-recipes.md +136 -0
package/skills/data-cleaning/references/validation-patterns.md +134 -0
package/skills/data-cleaning/scripts/verify.sh +115 -0
package/skills/data-policy/SKILL.md +163 -0
package/skills/data-policy/evals/README.md +15 -0
package/skills/data-policy/evals/cases.yaml +44 -0
package/skills/data-policy/references/consent-and-ropa.md +97 -0
package/skills/data-policy/references/retention-schedule.md +83 -0
package/skills/data-policy/scripts/verify.sh +143 -0
package/skills/data-scraper/SKILL.md +134 -0
package/skills/data-scraper/evals/README.md +3 -0
package/skills/data-scraper/evals/cases.yaml +46 -0
package/skills/data-scraper/references/anti-bot.md +85 -0
package/skills/data-scraper/references/frameworks.md +116 -0
package/skills/data-scraper/references/legal-compliance.md +59 -0
package/skills/data-scraper/scripts/verify.sh +166 -0
package/skills/db-migrations/SKILL.md +254 -0
package/skills/db-migrations/evals/README.md +10 -0
package/skills/db-migrations/evals/cases.yaml +46 -0
package/skills/db-migrations/references/backfill-and-batching.md +105 -0
package/skills/db-migrations/references/expand-contract-playbook.md +152 -0
package/skills/db-migrations/references/tools-and-runners.md +88 -0
package/skills/db-migrations/scripts/verify.sh +112 -0
package/skills/debug/SKILL.md +227 -0
package/skills/debug/evals/README.md +88 -0
package/skills/debug/evals/cases.yaml +74 -0
package/skills/decision-records/SKILL.md +189 -0
package/skills/decision-records/evals/README.md +3 -0
package/skills/decision-records/evals/cases.yaml +43 -0
package/skills/decision-records/references/templates.md +232 -0
package/skills/decision-records/scripts/verify.sh +105 -0
package/skills/deployment/SKILL.md +439 -0
package/skills/deployment/evals/README.md +50 -0
package/skills/deployment/evals/cases.yaml +53 -0
package/skills/deployment/references/coolify.md +216 -0
package/skills/deployment/references/dockerfiles-by-stack.md +319 -0
package/skills/deployment/references/github-actions.md +295 -0
package/skills/deployment/references/hosting-targets.md +272 -0
package/skills/deployment/scripts/verify.sh +134 -0
package/skills/design/SKILL.md +399 -0
package/skills/design/evals/README.md +53 -0
package/skills/design/evals/cases.yaml +56 -0
package/skills/design/references/brand-grounding.md +187 -0
package/skills/design/references/copywriting-frameworks.md +138 -0
package/skills/design/references/landing-anatomy-and-cro.md +202 -0
package/skills/design/references/motion-and-interaction.md +182 -0
package/skills/design/references/research-method.md +147 -0
package/skills/design/references/signature-and-craft.md +148 -0
package/skills/design/references/trends-2026.md +80 -0
package/skills/design/references/visual-system.md +236 -0
package/skills/design/scripts/verify.sh +248 -0
package/skills/digitalocean/SKILL.md +251 -0
package/skills/digitalocean/evals/README.md +10 -0
package/skills/digitalocean/evals/cases.yaml +37 -0
package/skills/digitalocean/references/app-spec.md +126 -0
package/skills/digitalocean/references/droplet-ops.md +95 -0
package/skills/digitalocean/scripts/verify.sh +102 -0
package/skills/django/SKILL.md +268 -0
package/skills/django/evals/README.md +11 -0
package/skills/django/evals/cases.yaml +47 -0
package/skills/django/references/drf.md +109 -0
package/skills/django/references/orm-performance.md +91 -0
package/skills/django/references/security.md +81 -0
package/skills/django/references/testing.md +86 -0
package/skills/django/scripts/verify.sh +115 -0
package/skills/docker/SKILL.md +283 -0
package/skills/docker/evals/README.md +10 -0
package/skills/docker/evals/cases.yaml +44 -0
package/skills/docker/references/base-images-and-stages.md +104 -0
package/skills/docker/references/compose-recipes.md +109 -0
package/skills/docker/scripts/verify.sh +149 -0
package/skills/document-processing/SKILL.md +214 -0
package/skills/document-processing/evals/README.md +3 -0
package/skills/document-processing/evals/cases.yaml +65 -0
package/skills/document-processing/references/engines.md +67 -0
package/skills/document-processing/scripts/verify.sh +172 -0
package/skills/domains-dns/SKILL.md +146 -0
package/skills/domains-dns/evals/README.md +16 -0
package/skills/domains-dns/evals/cases.yaml +47 -0
package/skills/domains-dns/references/record-cookbook.md +94 -0
package/skills/domains-dns/references/tls-and-acme.md +90 -0
package/skills/domains-dns/references/verify-and-debug.md +64 -0
package/skills/domains-dns/scripts/verify.sh +163 -0
package/skills/drizzle-orm/SKILL.md +234 -0
package/skills/drizzle-orm/evals/README.md +12 -0
package/skills/drizzle-orm/evals/cases.yaml +47 -0
package/skills/drizzle-orm/references/relations-and-drivers.md +118 -0
package/skills/drizzle-orm/scripts/verify.sh +155 -0
package/skills/duckdb/SKILL.md +207 -0
package/skills/duckdb/evals/README.md +31 -0
package/skills/duckdb/evals/cases.yaml +41 -0
package/skills/duckdb/references/python-and-interop.md +105 -0
package/skills/duckdb/references/remote-and-lakehouse.md +101 -0
package/skills/duckdb/scripts/verify.sh +71 -0
package/skills/dynamodb/SKILL.md +217 -0
package/skills/dynamodb/evals/README.md +8 -0
package/skills/dynamodb/evals/cases.yaml +46 -0
package/skills/dynamodb/references/access-patterns.md +127 -0
package/skills/dynamodb/references/capacity-and-limits.md +78 -0
package/skills/dynamodb/scripts/verify.sh +108 -0
package/skills/e-signature/SKILL.md +185 -0
package/skills/e-signature/evals/README.md +3 -0
package/skills/e-signature/evals/cases.yaml +44 -0
package/skills/e-signature/references/docusign.md +83 -0
package/skills/e-signature/references/dropbox-sign.md +73 -0
package/skills/e-signature/references/legal-tiers.md +37 -0
package/skills/e-signature/scripts/verify.sh +81 -0
package/skills/e2e-testing/SKILL.md +243 -0
package/skills/e2e-testing/evals/README.md +10 -0
package/skills/e2e-testing/evals/cases.yaml +64 -0
package/skills/e2e-testing/references/config-and-ci.md +156 -0
package/skills/e2e-testing/references/flakiness-playbook.md +124 -0
package/skills/e2e-testing/scripts/verify.sh +117 -0
package/skills/electron/SKILL.md +221 -0
package/skills/electron/evals/README.md +13 -0
package/skills/electron/evals/cases.yaml +38 -0
package/skills/electron/references/packaging-and-updates.md +122 -0
package/skills/electron/references/security-and-ipc.md +158 -0
package/skills/electron/scripts/verify.sh +143 -0
package/skills/elixir/SKILL.md +217 -0
package/skills/elixir/evals/README.md +3 -0
package/skills/elixir/evals/cases.yaml +41 -0
package/skills/elixir/references/mix-and-releases.md +91 -0
package/skills/elixir/references/otp-patterns.md +96 -0
package/skills/elixir/scripts/verify.sh +76 -0
package/skills/email-connector/SKILL.md +294 -0
package/skills/email-connector/evals/README.md +19 -0
package/skills/email-connector/evals/cases.yaml +39 -0
package/skills/email-connector/references/providers.md +107 -0
package/skills/email-connector/scripts/verify.sh +72 -0
package/skills/email-deliverability/SKILL.md +168 -0
package/skills/email-deliverability/evals/README.md +21 -0
package/skills/email-deliverability/evals/cases.yaml +45 -0
package/skills/email-deliverability/scripts/verify.sh +98 -0
package/skills/embeddings-search/SKILL.md +193 -0
package/skills/embeddings-search/evals/README.md +10 -0
package/skills/embeddings-search/evals/cases.yaml +44 -0
package/skills/embeddings-search/references/evaluation.md +86 -0
package/skills/embeddings-search/references/models.md +73 -0
package/skills/embeddings-search/scripts/verify.sh +103 -0
package/skills/error-handling/SKILL.md +307 -0
package/skills/error-handling/evals/README.md +12 -0
package/skills/error-handling/evals/cases.yaml +46 -0
package/skills/error-handling/references/boundaries-and-messaging.md +120 -0
package/skills/error-handling/references/retry-and-resilience.md +154 -0
package/skills/error-handling/scripts/verify.sh +110 -0
package/skills/expo/SKILL.md +253 -0
package/skills/expo/evals/README.md +13 -0
package/skills/expo/evals/cases.yaml +44 -0
package/skills/expo/references/config-plugins.md +117 -0
package/skills/expo/references/eas-update.md +118 -0
package/skills/expo/scripts/verify.sh +132 -0
package/skills/fal/SKILL.md +210 -0
package/skills/fal/evals/README.md +3 -0
package/skills/fal/evals/cases.yaml +42 -0
package/skills/fal/references/models-and-cost.md +53 -0
package/skills/fal/references/queue-and-webhooks.md +153 -0
package/skills/fal/scripts/verify.sh +72 -0
package/skills/fastapi/SKILL.md +499 -0
package/skills/fastapi/evals/README.md +50 -0
package/skills/fastapi/evals/cases.yaml +55 -0
package/skills/fastapi/references/database.md +347 -0
package/skills/fastapi/references/production.md +338 -0
package/skills/fastapi/references/security.md +330 -0
package/skills/fastapi/references/testing.md +349 -0
package/skills/fastapi/scripts/verify.sh +116 -0
package/skills/finance-ops/SKILL.md +149 -0
package/skills/finance-ops/evals/README.md +3 -0
package/skills/finance-ops/evals/cases.yaml +39 -0
package/skills/finance-ops/references/cash-flow-forecast.md +57 -0
package/skills/finance-ops/references/month-close.md +59 -0
package/skills/finance-ops/references/reconciliation.md +65 -0
package/skills/finance-ops/scripts/verify.sh +166 -0
package/skills/financial-model/SKILL.md +170 -0
package/skills/financial-model/evals/README.md +3 -0
package/skills/financial-model/evals/cases.yaml +53 -0
package/skills/financial-model/references/benchmarks-and-scenarios.md +55 -0
package/skills/financial-model/references/model-structure.md +67 -0
package/skills/financial-model/references/revenue-build.md +68 -0
package/skills/financial-model/scripts/verify.sh +232 -0
package/skills/firebase/SKILL.md +251 -0
package/skills/firebase/evals/README.md +12 -0
package/skills/firebase/evals/cases.yaml +45 -0
package/skills/firebase/references/cloud-functions.md +102 -0
package/skills/firebase/references/data-modeling.md +108 -0
package/skills/firebase/references/security-rules.md +137 -0
package/skills/firebase/scripts/verify.sh +98 -0
package/skills/flutter/SKILL.md +448 -0
package/skills/flutter/evals/README.md +54 -0
package/skills/flutter/evals/cases.yaml +69 -0
package/skills/flutter/references/architecture-and-state.md +499 -0
package/skills/flutter/references/i18n-and-dependencies.md +197 -0
package/skills/flutter/references/performance.md +299 -0
package/skills/flutter/references/testing.md +385 -0
package/skills/flutter/references/ui-and-navigation.md +378 -0
package/skills/flutter/scripts/verify.sh +104 -0
package/skills/fly-io/SKILL.md +206 -0
package/skills/fly-io/evals/README.md +3 -0
package/skills/fly-io/evals/cases.yaml +42 -0
package/skills/fly-io/references/fly-toml.md +155 -0
package/skills/fly-io/references/multi-region.md +66 -0
package/skills/fly-io/scripts/verify.sh +90 -0
package/skills/forecasting/SKILL.md +139 -0
package/skills/forecasting/evals/README.md +13 -0
package/skills/forecasting/evals/cases.yaml +47 -0
package/skills/forecasting/references/accuracy-and-backtesting.md +104 -0
package/skills/forecasting/references/methods-cheatsheet.md +94 -0
package/skills/forecasting/scripts/verify.sh +99 -0
package/skills/fundraising/SKILL.md +162 -0
package/skills/fundraising/evals/README.md +18 -0
package/skills/fundraising/evals/cases.yaml +76 -0
package/skills/fundraising/references/funnel-math.md +90 -0
package/skills/fundraising/references/process-playbook.md +97 -0
package/skills/gcp-essentials/SKILL.md +327 -0
package/skills/gcp-essentials/evals/README.md +12 -0
package/skills/gcp-essentials/evals/cases.yaml +38 -0
package/skills/gcp-essentials/references/deploy-recipes.md +81 -0
package/skills/gcp-essentials/references/iam-and-auth.md +94 -0
package/skills/gcp-essentials/references/networking-and-sql.md +74 -0
package/skills/gcp-essentials/scripts/verify.sh +158 -0
package/skills/gdpr-privacy/SKILL.md +167 -0
package/skills/gdpr-privacy/evals/README.md +3 -0
package/skills/gdpr-privacy/evals/cases.yaml +47 -0
package/skills/gdpr-privacy/references/dpa-and-transfers.md +63 -0
package/skills/gdpr-privacy/references/dsar-and-consent.md +83 -0
package/skills/gdpr-privacy/references/privacy-policy-blueprint.md +99 -0
package/skills/gdpr-privacy/scripts/verify.sh +84 -0
package/skills/git-workflow/SKILL.md +190 -0
package/skills/git-workflow/evals/README.md +10 -0
package/skills/git-workflow/evals/cases.yaml +47 -0
package/skills/git-workflow/references/interactive-rebase.md +89 -0
package/skills/github-actions/SKILL.md +256 -0
package/skills/github-actions/evals/README.md +3 -0
package/skills/github-actions/evals/cases.yaml +45 -0
package/skills/github-actions/references/caching-and-matrix.md +92 -0
package/skills/github-actions/references/oidc-deploys.md +130 -0
package/skills/github-actions/scripts/verify.sh +105 -0
package/skills/go/SKILL.md +438 -0
package/skills/go/evals/README.md +56 -0
package/skills/go/evals/cases.yaml +55 -0
package/skills/go/references/concurrency.md +557 -0
package/skills/go/references/http-services.md +529 -0
package/skills/go/references/testing.md +338 -0
package/skills/go/scripts/verify.sh +109 -0
package/skills/google-workspace/SKILL.md +287 -0
package/skills/google-workspace/evals/README.md +16 -0
package/skills/google-workspace/evals/cases.yaml +44 -0
package/skills/google-workspace/references/api-recipes.md +148 -0
package/skills/google-workspace/references/auth-setup.md +100 -0
package/skills/google-workspace/scripts/verify.sh +128 -0
package/skills/grants/SKILL.md +171 -0
package/skills/grants/evals/README.md +3 -0
package/skills/grants/evals/cases.yaml +69 -0
package/skills/grants/references/budget-justification.md +71 -0
package/skills/grants/references/jurisdictions.md +35 -0
package/skills/grants/references/logic-model.md +66 -0
package/skills/grants/scripts/verify.sh +193 -0
package/skills/harness/SKILL.md +329 -0
package/skills/harness/assets/_TEMPLATE/.env.example +8 -0
package/skills/harness/assets/_TEMPLATE/CREDENTIALS.md +25 -0
package/skills/harness/assets/_TEMPLATE/README.md +25 -0
package/skills/harness/assets/_TEMPLATE/test_connection.sh +30 -0
package/skills/harness/evals/README.md +54 -0
package/skills/harness/evals/cases.yaml +72 -0
package/skills/harness/examples/audit-example.md +120 -0
package/skills/harness/references/agents-md-template.md +41 -0
package/skills/harness/references/audit-report-template.html +140 -0
package/skills/harness/references/audit-report-template.md +116 -0
package/skills/harness/references/claude-md-template.md +98 -0
package/skills/harness/references/inbox-readme-template.md +51 -0
package/skills/harness/references/ingest-formats.md +185 -0
package/skills/harness/references/providers.yaml +3410 -0
package/skills/harness/references/tools-readme-template.md +88 -0
package/skills/harness/references/wiki-archive-template.html +81 -0
package/skills/harness/references/wiki-article-template.md +20 -0
package/skills/harness/references/wiki-dashboard-template.html +136 -0
package/skills/harness/references/wiki-deep-improve-report-template.html +126 -0
package/skills/harness/references/wiki-gaps-template.md +18 -0
package/skills/harness/references/wiki-index-template.md +23 -0
package/skills/harness/references/wiki-protocol.md +699 -0
package/skills/harness/references/wiki-raw-template.md +7 -0
package/skills/hetzner/SKILL.md +221 -0
package/skills/hetzner/evals/README.md +35 -0
package/skills/hetzner/evals/cases.yaml +46 -0
package/skills/hetzner/references/cloud-init.md +120 -0
package/skills/hetzner/references/plans-and-locations.md +56 -0
package/skills/hetzner/scripts/verify.sh +122 -0
package/skills/hiring/SKILL.md +248 -0
package/skills/hiring/evals/README.md +13 -0
package/skills/hiring/evals/cases.yaml +41 -0
package/skills/hiring/references/templates.md +118 -0
package/skills/htmx/SKILL.md +261 -0
package/skills/htmx/evals/README.md +3 -0
package/skills/htmx/evals/cases.yaml +38 -0
package/skills/htmx/references/patterns.md +113 -0
package/skills/htmx/references/server-contract.md +91 -0
package/skills/htmx/scripts/verify.sh +93 -0
package/skills/huggingface/SKILL.md +190 -0
package/skills/huggingface/evals/README.md +11 -0
package/skills/huggingface/evals/cases.yaml +41 -0
package/skills/huggingface/references/endpoints-and-spaces.md +99 -0
package/skills/huggingface/references/hub-and-cli.md +85 -0
package/skills/huggingface/references/inference-providers.md +115 -0
package/skills/huggingface/scripts/verify.sh +123 -0
package/skills/implement/SKILL.md +283 -0
package/skills/implement/evals/README.md +56 -0
package/skills/implement/evals/cases.yaml +43 -0
package/skills/init/SKILL.md +184 -0
package/skills/init/evals/README.md +49 -0
package/skills/init/evals/cases.yaml +74 -0
package/skills/init/references/accompaniment-and-profile.md +140 -0
package/skills/init/references/discovery.md +90 -0
package/skills/init/references/recommend-skills.md +115 -0
package/skills/init/scripts/verify.sh +122 -0
package/skills/instagram-api/SKILL.md +241 -0
package/skills/instagram-api/evals/README.md +3 -0
package/skills/instagram-api/evals/cases.yaml +43 -0
package/skills/instagram-api/references/insights-metrics.md +88 -0
package/skills/instagram-api/references/publish-reel.md +98 -0
package/skills/instagram-api/scripts/verify.sh +137 -0
package/skills/inventory/SKILL.md +131 -0
package/skills/inventory/evals/README.md +3 -0
package/skills/inventory/evals/cases.yaml +43 -0
package/skills/inventory/references/abc-xyz.md +52 -0
package/skills/inventory/references/ddmrp.md +32 -0
package/skills/inventory/references/reorder-policies.md +85 -0
package/skills/inventory/references/safety-stock.md +63 -0
package/skills/inventory/scripts/verify.sh +155 -0
package/skills/investor-materials/SKILL.md +175 -0
package/skills/investor-materials/evals/README.md +15 -0
package/skills/investor-materials/evals/cases.yaml +60 -0
package/skills/investor-materials/references/dataroom-checklist.md +134 -0
package/skills/investor-materials/references/update-and-onepager-templates.md +152 -0
package/skills/investor-materials/scripts/verify.sh +148 -0
package/skills/invoicing/SKILL.md +154 -0
package/skills/invoicing/evals/README.md +5 -0
package/skills/invoicing/evals/cases.yaml +49 -0
package/skills/invoicing/references/dunning-ladder.md +53 -0
package/skills/invoicing/references/e-invoicing-mandates.md +43 -0
package/skills/invoicing/scripts/fixtures/broken-invoice.json +13 -0
package/skills/invoicing/scripts/fixtures/valid-invoice.json +15 -0
package/skills/invoicing/scripts/verify.sh +133 -0
package/skills/ip-trademark/SKILL.md +186 -0
package/skills/ip-trademark/evals/README.md +10 -0
package/skills/ip-trademark/evals/cases.yaml +47 -0
package/skills/ip-trademark/references/jurisdictions.md +63 -0
package/skills/ip-trademark/references/ownership-and-licensing.md +90 -0
package/skills/java/SKILL.md +341 -0
package/skills/java/evals/README.md +23 -0
package/skills/java/evals/cases.yaml +43 -0
package/skills/java/references/builds.md +133 -0
package/skills/java/references/concurrency.md +108 -0
package/skills/java/references/streams.md +102 -0
package/skills/java/scripts/verify.sh +107 -0
package/skills/knowledge-ops/SKILL.md +125 -0
package/skills/knowledge-ops/evals/README.md +16 -0
package/skills/knowledge-ops/evals/cases.yaml +50 -0
package/skills/knowledge-ops/references/gardening-playbook.md +116 -0
package/skills/kotlin-android/SKILL.md +245 -0
package/skills/kotlin-android/evals/README.md +13 -0
package/skills/kotlin-android/evals/cases.yaml +56 -0
package/skills/kotlin-android/references/architecture.md +200 -0
package/skills/kotlin-android/references/gradle-setup.md +125 -0
package/skills/kotlin-android/scripts/verify.sh +109 -0
package/skills/kpi-framework/SKILL.md +199 -0
package/skills/kpi-framework/evals/README.md +11 -0
package/skills/kpi-framework/evals/cases.yaml +42 -0
package/skills/kpi-framework/references/definition-and-targets.md +64 -0
package/skills/kpi-framework/references/metric-catalog.md +84 -0
package/skills/landing-copy/SKILL.md +153 -0
package/skills/landing-copy/evals/README.md +18 -0
package/skills/landing-copy/evals/cases.yaml +63 -0
package/skills/landing-copy/references/frameworks.md +61 -0
package/skills/landing-copy/references/page-skeleton.md +92 -0
package/skills/landing-copy/scripts/verify.sh +164 -0
package/skills/laravel/SKILL.md +301 -0
package/skills/laravel/evals/README.md +10 -0
package/skills/laravel/evals/cases.yaml +45 -0
package/skills/laravel/references/eloquent-patterns.md +126 -0
package/skills/laravel/references/queues-and-scheduling.md +153 -0
package/skills/laravel/scripts/verify.sh +128 -0
package/skills/lead-gen/SKILL.md +155 -0
package/skills/lead-gen/evals/README.md +3 -0
package/skills/lead-gen/evals/cases.yaml +43 -0
package/skills/lead-gen/references/data-sources.md +87 -0
package/skills/lead-gen/references/scoring-model.md +93 -0
package/skills/lead-gen/scripts/verify.sh +179 -0
package/skills/linkedin-api/SKILL.md +211 -0
package/skills/linkedin-api/evals/README.md +3 -0
package/skills/linkedin-api/evals/cases.yaml +41 -0
package/skills/linkedin-api/references/api-reference.md +168 -0
package/skills/linkedin-api/scripts/verify.sh +98 -0
package/skills/linkedin-carousels/SKILL.md +239 -0
package/skills/linkedin-carousels/evals/README.md +13 -0
package/skills/linkedin-carousels/evals/cases.yaml +62 -0
package/skills/linkedin-carousels/references/carousel-patterns.md +200 -0
package/skills/linkedin-carousels/scripts/verify.sh +160 -0
package/skills/linkedin-content/SKILL.md +162 -0
package/skills/linkedin-content/evals/README.md +13 -0
package/skills/linkedin-content/evals/cases.yaml +62 -0
package/skills/linkedin-content/references/hooks-and-formats.md +114 -0
package/skills/linkedin-content/scripts/verify.sh +154 -0
package/skills/linkedin-outreach/SKILL.md +174 -0
package/skills/linkedin-outreach/evals/README.md +3 -0
package/skills/linkedin-outreach/evals/cases.yaml +43 -0
package/skills/linkedin-outreach/references/ledger-schema.md +48 -0
package/skills/linkedin-outreach/references/sales-navigator-playbook.md +61 -0
package/skills/linkedin-outreach/scripts/verify.sh +120 -0
package/skills/linkedin-strategy/SKILL.md +167 -0
package/skills/linkedin-strategy/evals/README.md +3 -0
package/skills/linkedin-strategy/evals/cases.yaml +49 -0
package/skills/linkedin-strategy/references/ssi-and-pillars.md +59 -0
package/skills/linkedin-strategy/references/wiki-records.md +62 -0
package/skills/linkedin-strategy/scripts/verify.sh +120 -0
package/skills/llm-pipeline/SKILL.md +155 -0
package/skills/llm-pipeline/evals/README.md +3 -0
package/skills/llm-pipeline/evals/cases.yaml +44 -0
package/skills/llm-pipeline/references/caching-layers.md +60 -0
package/skills/llm-pipeline/references/litellm-router.md +101 -0
package/skills/llm-pipeline/scripts/verify.sh +169 -0
package/skills/logistics-ops/SKILL.md +219 -0
package/skills/logistics-ops/evals/README.md +20 -0
package/skills/logistics-ops/evals/cases.yaml +48 -0
package/skills/logistics-ops/references/carriers-and-claims.md +105 -0
package/skills/market-research/SKILL.md +145 -0
package/skills/market-research/evals/README.md +3 -0
package/skills/market-research/evals/cases.yaml +48 -0
package/skills/market-research/references/demand-signals.md +63 -0
package/skills/market-research/references/sizing-playbook.md +121 -0
package/skills/market-research/scripts/verify.sh +215 -0
package/skills/marketing/SKILL.md +233 -0
package/skills/marketing/evals/README.md +61 -0
package/skills/marketing/evals/cases.yaml +84 -0
package/skills/marketing/references/brand-grounding.md +197 -0
package/skills/marketing/references/campaigns-and-channels.md +151 -0
package/skills/marketing/references/copy-frameworks.md +166 -0
package/skills/marketing/references/landing-copy.md +191 -0
package/skills/marketing/references/seo-geo.md +391 -0
package/skills/marketing/scripts/seo_audit.py +166 -0
package/skills/marketing/scripts/verify.sh +233 -0
package/skills/medium-publishing/SKILL.md +152 -0
package/skills/medium-publishing/evals/README.md +3 -0
package/skills/medium-publishing/evals/cases.yaml +42 -0
package/skills/medium-publishing/references/cross-post-and-canonical.md +65 -0
package/skills/medium-publishing/references/legacy-api.md +100 -0
package/skills/medium-strategy/SKILL.md +161 -0
package/skills/medium-strategy/evals/README.md +3 -0
package/skills/medium-strategy/evals/cases.yaml +50 -0
package/skills/medium-strategy/references/distribution-and-boost.md +65 -0
package/skills/medium-strategy/references/wiki-records.md +60 -0
package/skills/medium-strategy/scripts/verify.sh +118 -0
package/skills/medium-writing/SKILL.md +140 -0
package/skills/medium-writing/evals/README.md +5 -0
package/skills/medium-writing/evals/cases.yaml +39 -0
package/skills/medium-writing/references/title-patterns.md +79 -0
package/skills/meeting-notes/SKILL.md +168 -0
package/skills/meeting-notes/evals/README.md +14 -0
package/skills/meeting-notes/evals/cases.yaml +46 -0
package/skills/meeting-notes/references/templates.md +140 -0
package/skills/modal/SKILL.md +307 -0
package/skills/modal/evals/README.md +29 -0
package/skills/modal/evals/cases.yaml +50 -0
package/skills/modal/references/images-gpu-cookbook.md +160 -0
package/skills/modal/references/web-and-scaling.md +138 -0
package/skills/modal/scripts/verify.sh +127 -0
package/skills/mongodb/SKILL.md +342 -0
package/skills/mongodb/evals/README.md +29 -0
package/skills/mongodb/evals/cases.yaml +41 -0
package/skills/mongodb/references/aggregation.md +115 -0
package/skills/mongodb/references/data-modeling.md +135 -0
package/skills/mongodb/references/transactions-and-ops.md +128 -0
package/skills/mongodb/scripts/verify.sh +151 -0
package/skills/monitoring/SKILL.md +155 -0
package/skills/monitoring/evals/README.md +3 -0
package/skills/monitoring/evals/cases.yaml +47 -0
package/skills/monitoring/references/burn-rate-and-oncall.md +128 -0
package/skills/monitoring/references/tool-setup.md +154 -0
package/skills/monitoring/scripts/verify.sh +145 -0
package/skills/mysql/SKILL.md +249 -0
package/skills/mysql/evals/README.md +12 -0
package/skills/mysql/evals/cases.yaml +49 -0
package/skills/mysql/references/indexing-and-explain.md +161 -0
package/skills/mysql/references/mysql-vs-mariadb.md +78 -0
package/skills/mysql/references/online-ddl-and-migrations.md +120 -0
package/skills/mysql/references/replication-and-ha.md +115 -0
package/skills/mysql/scripts/verify.sh +141 -0
package/skills/neon/SKILL.md +218 -0
package/skills/neon/evals/README.md +11 -0
package/skills/neon/evals/cases.yaml +45 -0
package/skills/neon/references/branching-ci.md +86 -0
package/skills/neon/scripts/verify.sh +78 -0
package/skills/nestjs/SKILL.md +225 -0
package/skills/nestjs/evals/README.md +3 -0
package/skills/nestjs/evals/cases.yaml +38 -0
package/skills/nestjs/references/cross-cutting.md +135 -0
package/skills/nestjs/references/testing-recipes.md +105 -0
package/skills/nestjs/scripts/verify.sh +98 -0
package/skills/netlify/SKILL.md +208 -0
package/skills/netlify/evals/README.md +13 -0
package/skills/netlify/evals/cases.yaml +43 -0
package/skills/netlify/references/functions.md +97 -0
package/skills/netlify/references/netlify-toml.md +115 -0
package/skills/netlify/scripts/verify.sh +95 -0
package/skills/newsletter/SKILL.md +162 -0
package/skills/newsletter/evals/README.md +12 -0
package/skills/newsletter/evals/cases.yaml +42 -0
package/skills/newsletter/references/growth-loops.md +73 -0
package/skills/newsletter/references/welcome-sequence.md +62 -0
package/skills/newsletter/scripts/verify.sh +173 -0
package/skills/nextjs/SKILL.md +472 -0
package/skills/nextjs/evals/README.md +59 -0
package/skills/nextjs/evals/cases.yaml +56 -0
package/skills/nextjs/references/data-and-caching.md +309 -0
package/skills/nextjs/references/metadata.md +208 -0
package/skills/nextjs/references/performance.md +325 -0
package/skills/nextjs/references/react.md +383 -0
package/skills/nextjs/references/security.md +239 -0
package/skills/nextjs/references/testing.md +290 -0
package/skills/nextjs/scripts/verify.sh +141 -0
package/skills/no-code-app/SKILL.md +153 -0
package/skills/no-code-app/evals/README.md +3 -0
package/skills/no-code-app/evals/cases.yaml +43 -0
package/skills/no-code-app/references/platform-limits.md +100 -0
package/skills/nodejs/SKILL.md +242 -0
package/skills/nodejs/evals/README.md +3 -0
package/skills/nodejs/evals/cases.yaml +39 -0
package/skills/nodejs/references/express5-migration.md +53 -0
package/skills/nodejs/references/graceful-shutdown.md +73 -0
package/skills/nodejs/scripts/verify.sh +122 -0
package/skills/notion-connector/SKILL.md +234 -0
package/skills/notion-connector/evals/README.md +15 -0
package/skills/notion-connector/evals/cases.yaml +45 -0
package/skills/notion-connector/references/api-versions.md +63 -0
package/skills/notion-connector/references/property-shapes.md +110 -0
package/skills/notion-connector/references/sync-patterns.md +95 -0
package/skills/notion-connector/scripts/verify.sh +162 -0
package/skills/observability/SKILL.md +231 -0
package/skills/observability/evals/README.md +3 -0
package/skills/observability/evals/cases.yaml +49 -0
package/skills/observability/references/collector-config.md +98 -0
package/skills/observability/references/instrumentation-recipes.md +115 -0
package/skills/observability/scripts/verify.sh +156 -0
package/skills/ollama/SKILL.md +213 -0
package/skills/ollama/evals/README.md +9 -0
package/skills/ollama/evals/cases.yaml +43 -0
package/skills/ollama/references/api.md +148 -0
package/skills/ollama/references/hardware-sizing.md +87 -0
package/skills/ollama/scripts/verify.sh +116 -0
package/skills/orient/SKILL.md +54 -0
package/skills/orient/evals/README.md +16 -0
package/skills/orient/evals/cases.yaml +57 -0
package/skills/orient/references/orientation-contract.md +34 -0
package/skills/parallel/SKILL.md +198 -0
package/skills/parallel/evals/README.md +62 -0
package/skills/parallel/evals/cases.yaml +44 -0
package/skills/people-ops/SKILL.md +122 -0
package/skills/people-ops/evals/README.md +14 -0
package/skills/people-ops/evals/cases.yaml +43 -0
package/skills/people-ops/references/templates.md +129 -0
package/skills/performance/SKILL.md +221 -0
package/skills/performance/evals/README.md +3 -0
package/skills/performance/evals/cases.yaml +47 -0
package/skills/performance/references/profiling-playbook.md +54 -0
package/skills/performance/scripts/verify.sh +94 -0
package/skills/phoenix/SKILL.md +169 -0
package/skills/phoenix/evals/README.md +3 -0
package/skills/phoenix/evals/cases.yaml +40 -0
package/skills/phoenix/references/auth-and-scopes.md +82 -0
package/skills/phoenix/references/ecto-patterns.md +93 -0
package/skills/phoenix/references/liveview.md +134 -0
package/skills/phoenix/scripts/verify.sh +73 -0
package/skills/php/SKILL.md +397 -0
package/skills/php/evals/README.md +12 -0
package/skills/php/evals/cases.yaml +45 -0
package/skills/php/references/tooling.md +170 -0
package/skills/php/references/type-system.md +220 -0
package/skills/php/scripts/verify.sh +155 -0
package/skills/pitch-deck/SKILL.md +209 -0
package/skills/pitch-deck/evals/README.md +15 -0
package/skills/pitch-deck/evals/cases.yaml +55 -0
package/skills/pitch-deck/references/numbers-that-matter.md +78 -0
package/skills/pitch-deck/references/slide-spine.md +149 -0
package/skills/pitch-deck/scripts/verify.sh +186 -0
package/skills/plan/SKILL.md +204 -0
package/skills/plan/evals/README.md +62 -0
package/skills/plan/evals/cases.yaml +49 -0
package/skills/plan/references/plan-template.md +124 -0
package/skills/planetscale/SKILL.md +223 -0
package/skills/planetscale/evals/README.md +11 -0
package/skills/planetscale/evals/cases.yaml +46 -0
package/skills/planetscale/references/deploy-requests.md +75 -0
package/skills/planetscale/references/no-foreign-keys.md +88 -0
package/skills/planetscale/scripts/verify.sh +115 -0
package/skills/podcast/SKILL.md +166 -0
package/skills/podcast/evals/README.md +17 -0
package/skills/podcast/evals/cases.yaml +61 -0
package/skills/podcast/references/rss-and-namespace.md +136 -0
package/skills/podcast/scripts/verify.sh +246 -0
package/skills/postgresdb/SKILL.md +372 -0
package/skills/postgresdb/evals/README.md +55 -0
package/skills/postgresdb/evals/cases.yaml +57 -0
package/skills/postgresdb/references/migrations.md +279 -0
package/skills/postgresdb/references/operations-and-security.md +267 -0
package/skills/postgresdb/references/query-optimization.md +374 -0
package/skills/postgresdb/references/schema-and-indexing.md +379 -0
package/skills/postgresdb/scripts/verify.sh +191 -0
package/skills/presentations/SKILL.md +296 -0
package/skills/presentations/evals/README.md +61 -0
package/skills/presentations/evals/cases.yaml +56 -0
package/skills/presentations/references/brand-grounding.md +160 -0
package/skills/presentations/references/markdown-decks.md +290 -0
package/skills/presentations/references/pptx-python.md +242 -0
package/skills/presentations/references/slide-design.md +261 -0
package/skills/presentations/references/storytelling-and-decks.md +150 -0
package/skills/presentations/scripts/verify.sh +252 -0
package/skills/press-kit/SKILL.md +243 -0
package/skills/press-kit/evals/README.md +15 -0
package/skills/press-kit/evals/cases.yaml +55 -0
package/skills/press-kit/references/release-types.md +102 -0
package/skills/press-kit/references/templates.md +132 -0
package/skills/press-kit/scripts/verify.sh +161 -0
package/skills/pricing/SKILL.md +160 -0
package/skills/pricing/evals/README.md +5 -0
package/skills/pricing/evals/cases.yaml +44 -0
package/skills/pricing/references/localization.md +56 -0
package/skills/pricing/references/pricing-models.md +55 -0
package/skills/pricing/scripts/verify.sh +91 -0
package/skills/prisma-orm/SKILL.md +320 -0
package/skills/prisma-orm/evals/README.md +12 -0
package/skills/prisma-orm/evals/cases.yaml +56 -0
package/skills/prisma-orm/references/migrations-and-v7-upgrade.md +197 -0
package/skills/prisma-orm/references/queries-and-performance.md +169 -0
package/skills/prisma-orm/scripts/verify.sh +137 -0
package/skills/procurement/SKILL.md +179 -0
package/skills/procurement/evals/README.md +20 -0
package/skills/procurement/evals/cases.yaml +49 -0
package/skills/procurement/references/scorecard-and-tco.md +100 -0
package/skills/procurement/references/sourcing-requests.md +116 -0
package/skills/procurement/scripts/verify.sh +280 -0
package/skills/project-ops/SKILL.md +130 -0
package/skills/project-ops/evals/README.md +3 -0
package/skills/project-ops/evals/cases.yaml +71 -0
package/skills/project-ops/references/raid-and-rag.md +58 -0
package/skills/project-ops/references/status-report-template.md +68 -0
package/skills/project-ops/scripts/verify.sh +257 -0
package/skills/prompt-engineering/SKILL.md +138 -0
package/skills/prompt-engineering/evals/README.md +11 -0
package/skills/prompt-engineering/evals/cases.yaml +46 -0
package/skills/prompt-engineering/references/eval-templates.md +94 -0
package/skills/prompt-engineering/references/output-contracts.md +120 -0
package/skills/prompt-engineering/scripts/verify.sh +84 -0
package/skills/proposals/SKILL.md +159 -0
package/skills/proposals/evals/README.md +3 -0
package/skills/proposals/evals/cases.yaml +53 -0
package/skills/proposals/references/proposal-skeleton.md +110 -0
package/skills/proposals/references/sow-skeleton.md +79 -0
package/skills/proposals/scripts/verify.sh +201 -0
package/skills/python/SKILL.md +369 -0
package/skills/python/evals/README.md +19 -0
package/skills/python/evals/cases.yaml +46 -0
package/skills/python/references/async.md +136 -0
package/skills/python/references/stdlib.md +162 -0
package/skills/python/references/typing.md +160 -0
package/skills/python/scripts/verify.sh +125 -0
package/skills/rag/SKILL.md +226 -0
package/skills/rag/evals/README.md +13 -0
package/skills/rag/evals/cases.yaml +45 -0
package/skills/rag/references/evaluation.md +99 -0
package/skills/rag/references/pipeline.md +151 -0
package/skills/rag/scripts/verify.sh +99 -0
package/skills/rails/SKILL.md +264 -0
package/skills/rails/evals/README.md +12 -0
package/skills/rails/evals/cases.yaml +47 -0
package/skills/rails/references/activerecord.md +148 -0
package/skills/rails/references/hotwire.md +139 -0
package/skills/rails/references/testing.md +110 -0
package/skills/rails/scripts/verify.sh +128 -0
package/skills/railway/SKILL.md +245 -0
package/skills/railway/evals/README.md +14 -0
package/skills/railway/evals/cases.yaml +44 -0
package/skills/railway/references/cli-cookbook.md +137 -0
package/skills/railway/references/config-as-code.md +120 -0
package/skills/railway/scripts/verify.sh +162 -0
package/skills/react/SKILL.md +222 -0
package/skills/react/evals/README.md +3 -0
package/skills/react/evals/cases.yaml +43 -0
package/skills/react/references/data-and-state.md +152 -0
package/skills/react/references/performance.md +75 -0
package/skills/react/references/routing.md +99 -0
package/skills/react/scripts/verify.sh +123 -0
package/skills/react-native/SKILL.md +220 -0
package/skills/react-native/evals/README.md +3 -0
package/skills/react-native/evals/cases.yaml +42 -0
package/skills/react-native/references/native-modules.md +123 -0
package/skills/react-native/references/performance-debugging.md +46 -0
package/skills/react-native/scripts/verify.sh +117 -0
package/skills/redis/SKILL.md +298 -0
package/skills/redis/evals/README.md +10 -0
package/skills/redis/evals/cases.yaml +43 -0
package/skills/redis/references/caching.md +116 -0
package/skills/redis/references/locks-and-rate-limiting.md +140 -0
package/skills/redis/references/queues.md +102 -0
package/skills/redis/scripts/verify.sh +164 -0
package/skills/remotion-video/SKILL.md +218 -0
package/skills/remotion-video/evals/README.md +23 -0
package/skills/remotion-video/evals/cases.yaml +64 -0
package/skills/remotion-video/references/captions-pipeline.md +163 -0
package/skills/remotion-video/references/render-and-pipeline.md +131 -0
package/skills/remotion-video/scripts/verify.sh +169 -0
package/skills/render/SKILL.md +256 -0
package/skills/render/evals/README.md +12 -0
package/skills/render/evals/cases.yaml +45 -0
package/skills/render/references/blueprint-reference.md +203 -0
package/skills/render/scripts/verify.sh +167 -0
package/skills/replicate/SKILL.md +210 -0
package/skills/replicate/evals/README.md +9 -0
package/skills/replicate/evals/cases.yaml +45 -0
package/skills/replicate/references/cog-packaging.md +89 -0
package/skills/replicate/references/deployments-api.md +87 -0
package/skills/replicate/references/webhooks-and-async.md +110 -0
package/skills/replicate/scripts/verify.sh +162 -0
package/skills/replicate-images/SKILL.md +241 -0
package/skills/replicate-images/evals/README.md +13 -0
package/skills/replicate-images/evals/cases.yaml +41 -0
package/skills/replicate-images/references/editing-recipes.md +129 -0
package/skills/replicate-images/references/models.md +131 -0
package/skills/replicate-images/scripts/verify.sh +178 -0
package/skills/reporting/SKILL.md +178 -0
package/skills/reporting/evals/README.md +12 -0
package/skills/reporting/evals/cases.yaml +46 -0
package/skills/reporting/references/pipeline.md +213 -0
package/skills/reporting/scripts/verify.sh +149 -0
package/skills/research-ops/SKILL.md +200 -0
package/skills/research-ops/evals/README.md +13 -0
package/skills/research-ops/evals/cases.yaml +38 -0
package/skills/research-ops/references/credibility-rubric.md +78 -0
package/skills/research-ops/references/memo-template.md +63 -0
package/skills/research-ops/scripts/verify.sh +181 -0
package/skills/retention/SKILL.md +206 -0
package/skills/retention/evals/README.md +13 -0
package/skills/retention/evals/cases.yaml +42 -0
package/skills/retention/references/health-score-and-metrics.md +97 -0
package/skills/retention/references/save-and-winback-plays.md +65 -0
package/skills/review/SKILL.md +222 -0
package/skills/review/evals/README.md +84 -0
package/skills/review/evals/cases.yaml +55 -0
package/skills/review-management/SKILL.md +204 -0
package/skills/review-management/evals/README.md +13 -0
package/skills/review-management/evals/cases.yaml +60 -0
package/skills/review-management/references/platform-apis.md +86 -0
package/skills/review-management/scripts/verify.sh +128 -0
package/skills/ruby/SKILL.md +316 -0
package/skills/ruby/evals/README.md +12 -0
package/skills/ruby/evals/cases.yaml +41 -0
package/skills/ruby/references/gems-and-testing.md +208 -0
package/skills/ruby/references/metaprogramming.md +161 -0
package/skills/ruby/scripts/verify.sh +83 -0
package/skills/runpod/SKILL.md +238 -0
package/skills/runpod/evals/README.md +11 -0
package/skills/runpod/evals/cases.yaml +47 -0
package/skills/runpod/references/cost-and-scaling.md +85 -0
package/skills/runpod/references/serverless-workers.md +101 -0
package/skills/runpod/scripts/verify.sh +126 -0
package/skills/rust/SKILL.md +395 -0
package/skills/rust/evals/README.md +12 -0
package/skills/rust/evals/cases.yaml +42 -0
package/skills/rust/references/async-tokio.md +141 -0
package/skills/rust/references/axum-service.md +132 -0
package/skills/rust/references/ownership.md +86 -0
package/skills/rust/references/testing.md +108 -0
package/skills/rust/scripts/verify.sh +91 -0
package/skills/sales-pipeline/SKILL.md +162 -0
package/skills/sales-pipeline/evals/README.md +13 -0
package/skills/sales-pipeline/evals/cases.yaml +60 -0
package/skills/sales-pipeline/references/forecasting-math.md +82 -0
package/skills/sales-pipeline/references/stage-playbook.md +84 -0
package/skills/sales-pipeline/scripts/verify.sh +210 -0
package/skills/scaling/SKILL.md +137 -0
package/skills/scaling/evals/README.md +3 -0
package/skills/scaling/evals/cases.yaml +42 -0
package/skills/scaling/references/load-testing-k6.md +127 -0
package/skills/scaling/scripts/example.load.js +24 -0
package/skills/scaling/scripts/verify.sh +70 -0
package/skills/sdd/SKILL.md +203 -0
package/skills/sdd/evals/README.md +60 -0
package/skills/sdd/evals/cases.yaml +78 -0
package/skills/sdd-init/SKILL.md +148 -0
package/skills/sdd-init/evals/README.md +3 -0
package/skills/sdd-init/evals/cases.yaml +43 -0
package/skills/secure-coding/SKILL.md +365 -0
package/skills/secure-coding/evals/README.md +68 -0
package/skills/secure-coding/evals/cases.yaml +55 -0
package/skills/secure-coding/references/authn-authz.md +249 -0
package/skills/secure-coding/references/owasp-by-stack.md +574 -0
package/skills/secure-coding/references/secrets-and-supply-chain.md +205 -0
package/skills/secure-coding/references/threat-modeling.md +213 -0
package/skills/secure-coding/scripts/verify.sh +208 -0
package/skills/security-scan/SKILL.md +239 -0
package/skills/security-scan/evals/README.md +14 -0
package/skills/security-scan/evals/cases.yaml +50 -0
package/skills/security-scan/references/tools.md +98 -0
package/skills/security-scan/references/triage.md +93 -0
package/skills/security-scan/scripts/verify.sh +108 -0
package/skills/seo-geo/SKILL.md +192 -0
package/skills/seo-geo/evals/README.md +14 -0
package/skills/seo-geo/evals/cases.yaml +45 -0
package/skills/seo-geo/references/ai-crawler-control.md +104 -0
package/skills/seo-geo/references/schema-recipes.md +130 -0
package/skills/seo-geo/scripts/verify.sh +236 -0
package/skills/ship/SKILL.md +258 -0
package/skills/ship/evals/README.md +89 -0
package/skills/ship/evals/cases.yaml +44 -0
package/skills/shopify/SKILL.md +229 -0
package/skills/shopify/evals/README.md +14 -0
package/skills/shopify/evals/cases.yaml +41 -0
package/skills/shopify/references/apps-graphql.md +103 -0
package/skills/shopify/references/checkout-extensibility.md +71 -0
package/skills/shopify/references/liquid-themes.md +89 -0
package/skills/shopify/scripts/verify.sh +120 -0
package/skills/shortform-editing/SKILL.md +161 -0
package/skills/shortform-editing/evals/README.md +16 -0
package/skills/shortform-editing/evals/cases.yaml +61 -0
package/skills/shortform-editing/references/captions.md +85 -0
package/skills/shortform-editing/references/ffmpeg-pipeline.md +126 -0
package/skills/shortform-editing/scripts/verify.sh +148 -0
package/skills/shortform-ideation/SKILL.md +153 -0
package/skills/shortform-ideation/evals/README.md +20 -0
package/skills/shortform-ideation/evals/cases.yaml +58 -0
package/skills/shortform-ideation/references/experiment-ledger.md +85 -0
package/skills/shortform-ideation/references/trend-sources.md +69 -0
package/skills/shortform-ideation/scripts/verify.sh +172 -0
package/skills/shortform-packaging/SKILL.md +247 -0
package/skills/shortform-packaging/evals/README.md +10 -0
package/skills/shortform-packaging/evals/cases.yaml +48 -0
package/skills/shortform-packaging/references/package-templates.md +117 -0
package/skills/shortform-packaging/scripts/verify.sh +210 -0
package/skills/shortform-strategy/SKILL.md +149 -0
package/skills/shortform-strategy/evals/README.md +3 -0
package/skills/shortform-strategy/evals/cases.yaml +52 -0
package/skills/shortform-strategy/references/learning-loop-template.md +49 -0
package/skills/shortform-strategy/references/platform-signals-2026.md +46 -0
package/skills/shortform-strategy/scripts/verify.sh +176 -0
package/skills/skill-scout/SKILL.md +133 -0
package/skills/skill-scout/evals/README.md +12 -0
package/skills/skill-scout/evals/cases.yaml +56 -0
package/skills/skill-scout/references/install-commands.md +76 -0
package/skills/skill-scout/scripts/verify.sh +154 -0
package/skills/social-publisher/SKILL.md +179 -0
package/skills/social-publisher/evals/README.md +14 -0
package/skills/social-publisher/evals/cases.yaml +55 -0
package/skills/social-publisher/references/calendar-schema.md +97 -0
package/skills/social-publisher/references/platform-limits.md +56 -0
package/skills/social-publisher/scripts/verify.sh +232 -0
package/skills/solid-js/SKILL.md +260 -0
package/skills/solid-js/evals/README.md +3 -0
package/skills/solid-js/evals/cases.yaml +38 -0
package/skills/solid-js/references/reactivity-deep-dive.md +89 -0
package/skills/solid-js/references/router-and-start.md +93 -0
package/skills/solid-js/scripts/verify.sh +130 -0
package/skills/sop-builder/SKILL.md +233 -0
package/skills/sop-builder/evals/README.md +14 -0
package/skills/sop-builder/evals/cases.yaml +48 -0
package/skills/sop-builder/references/sop-skeleton.md +170 -0
package/skills/specify/SKILL.md +214 -0
package/skills/specify/evals/README.md +73 -0
package/skills/specify/evals/cases.yaml +80 -0
package/skills/specify/references/eliciting-requirements.md +77 -0
package/skills/specify/references/spec-template.md +60 -0
package/skills/spreadsheet-ops/SKILL.md +180 -0
package/skills/spreadsheet-ops/evals/README.md +33 -0
package/skills/spreadsheet-ops/evals/cases.yaml +42 -0
package/skills/spreadsheet-ops/references/formula-cookbook.md +70 -0
package/skills/spreadsheet-ops/references/python-excel.md +87 -0
package/skills/spreadsheet-ops/references/sheets-api-appsscript.md +118 -0
package/skills/spreadsheet-ops/scripts/verify.sh +152 -0
package/skills/spring-boot/SKILL.md +375 -0
package/skills/spring-boot/evals/README.md +11 -0
package/skills/spring-boot/evals/cases.yaml +49 -0
package/skills/spring-boot/references/jpa.md +94 -0
package/skills/spring-boot/references/security.md +92 -0
package/skills/spring-boot/references/testing.md +95 -0
package/skills/spring-boot/scripts/verify.sh +115 -0
package/skills/sql/SKILL.md +286 -0
package/skills/sql/evals/README.md +9 -0
package/skills/sql/evals/cases.yaml +49 -0
package/skills/sql/references/ctes-and-recursion.md +63 -0
package/skills/sql/references/joins-and-sets.md +71 -0
package/skills/sql/references/portability.md +38 -0
package/skills/sql/references/window-functions.md +72 -0
package/skills/sql/scripts/verify.sh +139 -0
package/skills/sqlite-turso/SKILL.md +214 -0
package/skills/sqlite-turso/evals/README.md +24 -0
package/skills/sqlite-turso/evals/cases.yaml +45 -0
package/skills/sqlite-turso/references/embedded-replicas.md +96 -0
package/skills/sqlite-turso/scripts/verify.sh +95 -0
package/skills/stripe/SKILL.md +269 -0
package/skills/stripe/evals/README.md +11 -0
package/skills/stripe/evals/cases.yaml +45 -0
package/skills/stripe/references/going-live.md +64 -0
package/skills/stripe/references/webhook-events.md +79 -0
package/skills/stripe/scripts/verify.sh +130 -0
package/skills/structured-extraction/SKILL.md +230 -0
package/skills/structured-extraction/evals/README.md +13 -0
package/skills/structured-extraction/evals/cases.yaml +70 -0
package/skills/structured-extraction/references/providers.md +152 -0
package/skills/structured-extraction/scripts/verify.sh +160 -0
package/skills/suggest/SKILL.md +30 -0
package/skills/suggest/evals/README.md +14 -0
package/skills/suggest/evals/cases.yaml +51 -0
package/skills/supabase/SKILL.md +268 -0
package/skills/supabase/evals/README.md +12 -0
package/skills/supabase/evals/cases.yaml +42 -0
package/skills/supabase/references/auth-ssr.md +173 -0
package/skills/supabase/references/rls-cookbook.md +122 -0
package/skills/supabase/scripts/verify.sh +149 -0
package/skills/svelte/SKILL.md +238 -0
package/skills/svelte/evals/README.md +3 -0
package/skills/svelte/evals/cases.yaml +41 -0
package/skills/svelte/references/runes.md +97 -0
package/skills/svelte/references/sveltekit-data.md +156 -0
package/skills/svelte/scripts/verify.sh +128 -0
package/skills/swift-ios/SKILL.md +217 -0
package/skills/swift-ios/evals/README.md +3 -0
package/skills/swift-ios/evals/cases.yaml +46 -0
package/skills/swift-ios/references/concurrency.md +132 -0
package/skills/swift-ios/references/testing.md +112 -0
package/skills/swift-ios/scripts/verify.sh +98 -0
package/skills/tasks/SKILL.md +260 -0
package/skills/tasks/evals/README.md +70 -0
package/skills/tasks/evals/cases.yaml +75 -0
package/skills/tauri/SKILL.md +224 -0
package/skills/tauri/evals/README.md +12 -0
package/skills/tauri/evals/cases.yaml +46 -0
package/skills/tauri/references/bundling-distribution.md +129 -0
package/skills/tauri/references/security.md +143 -0
package/skills/tauri/scripts/verify.sh +178 -0
package/skills/technical-writing/SKILL.md +230 -0
package/skills/technical-writing/evals/README.md +12 -0
package/skills/technical-writing/evals/cases.yaml +53 -0
package/skills/technical-writing/references/diataxis-modes.md +131 -0
package/skills/technical-writing/references/vale-starter.md +90 -0
package/skills/technical-writing/scripts/verify.sh +83 -0
package/skills/terms-conditions/SKILL.md +147 -0
package/skills/terms-conditions/evals/README.md +14 -0
package/skills/terms-conditions/evals/cases.yaml +48 -0
package/skills/terms-conditions/references/clause-library.md +158 -0
package/skills/terms-conditions/references/notices-and-aup.md +125 -0
package/skills/terms-conditions/scripts/verify.sh +92 -0
package/skills/testing-go/SKILL.md +246 -0
package/skills/testing-go/evals/README.md +3 -0
package/skills/testing-go/evals/cases.yaml +44 -0
package/skills/testing-go/references/coverage-and-benchmarks.md +85 -0
package/skills/testing-go/references/mocks-and-fakes.md +140 -0
package/skills/testing-go/references/synctest-and-concurrency.md +82 -0
package/skills/testing-go/scripts/verify.sh +72 -0
package/skills/testing-py/SKILL.md +179 -0
package/skills/testing-py/evals/README.md +5 -0
package/skills/testing-py/evals/cases.yaml +44 -0
package/skills/testing-py/references/mocking.md +141 -0
package/skills/testing-py/references/property-testing.md +99 -0
package/skills/testing-py/scripts/verify.sh +117 -0
package/skills/testing-web/SKILL.md +224 -0
package/skills/testing-web/evals/README.md +11 -0
package/skills/testing-web/evals/cases.yaml +52 -0
package/skills/testing-web/references/jest-setup.md +88 -0
package/skills/testing-web/references/recipes.md +116 -0
package/skills/testing-web/scripts/verify.sh +111 -0
package/skills/tiktok-api/SKILL.md +315 -0
package/skills/tiktok-api/evals/README.md +17 -0
package/skills/tiktok-api/evals/cases.yaml +51 -0
package/skills/tiktok-api/references/metrics-and-publish.md +127 -0
package/skills/tiktok-api/references/oauth-setup.md +105 -0
package/skills/tiktok-api/references/wiki-schema.md +85 -0
package/skills/tiktok-api/scripts/verify.sh +96 -0
package/skills/together-fireworks/SKILL.md +181 -0
package/skills/together-fireworks/evals/README.md +3 -0
package/skills/together-fireworks/evals/cases.yaml +50 -0
package/skills/together-fireworks/references/batch-and-tuning.md +59 -0
package/skills/together-fireworks/references/models-and-pricing.md +79 -0
package/skills/together-fireworks/scripts/verify.sh +165 -0
package/skills/translation-l10n/SKILL.md +229 -0
package/skills/translation-l10n/evals/README.md +3 -0
package/skills/translation-l10n/evals/cases.yaml +39 -0
package/skills/translation-l10n/references/icu-cookbook.md +82 -0
package/skills/translation-l10n/references/rtl-and-bidi.md +60 -0
package/skills/typescript/SKILL.md +258 -0
package/skills/typescript/evals/README.md +15 -0
package/skills/typescript/evals/cases.yaml +46 -0
package/skills/typescript/references/build-and-monorepo.md +141 -0
package/skills/typescript/references/type-system.md +162 -0
package/skills/typescript/scripts/verify.sh +52 -0
package/skills/unit-economics/SKILL.md +180 -0
package/skills/unit-economics/evals/README.md +5 -0
package/skills/unit-economics/evals/cases.yaml +43 -0
package/skills/unit-economics/references/formulas.md +144 -0
package/skills/unit-economics/scripts/verify.sh +179 -0
package/skills/vector-db/SKILL.md +189 -0
package/skills/vector-db/evals/README.md +10 -0
package/skills/vector-db/evals/cases.yaml +45 -0
package/skills/vector-db/references/engines.md +175 -0
package/skills/vector-db/references/tuning.md +62 -0
package/skills/vector-db/scripts/verify.sh +110 -0
package/skills/vercel/SKILL.md +242 -0
package/skills/vercel/evals/README.md +23 -0
package/skills/vercel/evals/cases.yaml +45 -0
package/skills/vercel/references/cli-cookbook.md +98 -0
package/skills/vercel/references/vercel-json.md +120 -0
package/skills/vercel/scripts/verify.sh +168 -0
package/skills/verify/SKILL.md +188 -0
package/skills/verify/evals/README.md +78 -0
package/skills/verify/evals/cases.yaml +74 -0
package/skills/video-shorts/SKILL.md +163 -0
package/skills/video-shorts/evals/README.md +15 -0
package/skills/video-shorts/evals/cases.yaml +56 -0
package/skills/video-shorts/references/hook-and-script-patterns.md +95 -0
package/skills/video-shorts/references/specs-and-safe-zones.md +74 -0
package/skills/video-shorts/scripts/verify.sh +172 -0
package/skills/vue-nuxt/SKILL.md +384 -0
package/skills/vue-nuxt/evals/README.md +11 -0
package/skills/vue-nuxt/evals/cases.yaml +49 -0
package/skills/vue-nuxt/references/data-and-state.md +127 -0
package/skills/vue-nuxt/references/migration-nuxt4.md +79 -0
package/skills/vue-nuxt/references/nitro-and-rendering.md +117 -0
package/skills/vue-nuxt/references/reactivity.md +135 -0
package/skills/vue-nuxt/scripts/verify.sh +148 -0
package/skills/webhooks/SKILL.md +246 -0
package/skills/webhooks/evals/README.md +15 -0
package/skills/webhooks/evals/cases.yaml +46 -0
package/skills/webhooks/references/framework-raw-body.md +97 -0
package/skills/webhooks/references/signature-schemes.md +66 -0
package/skills/webhooks/scripts/verify.sh +142 -0
package/skills/webinar/SKILL.md +196 -0
package/skills/webinar/evals/README.md +14 -0
package/skills/webinar/evals/cases.yaml +44 -0
package/skills/webinar/references/email-cadence.md +75 -0
package/skills/webinar/references/run-of-show.md +83 -0
package/skills/whatsapp-telegram/SKILL.md +235 -0
package/skills/whatsapp-telegram/evals/README.md +11 -0
package/skills/whatsapp-telegram/evals/cases.yaml +44 -0
package/skills/whatsapp-telegram/references/telegram-bot-api.md +91 -0
package/skills/whatsapp-telegram/references/whatsapp-cloud-api.md +103 -0
package/skills/whatsapp-telegram/scripts/verify.sh +90 -0
package/skills/wordpress/SKILL.md +224 -0
package/skills/wordpress/evals/README.md +3 -0
package/skills/wordpress/evals/cases.yaml +50 -0
package/skills/wordpress/references/hardening.md +108 -0
package/skills/wordpress/references/performance.md +80 -0
package/skills/wordpress/references/woocommerce.md +65 -0
package/skills/wordpress/scripts/verify.sh +96 -0
package/skills/worktrees/SKILL.md +199 -0
package/skills/worktrees/evals/README.md +78 -0
package/skills/worktrees/evals/cases.yaml +47 -0
package/skills/youtube-api/SKILL.md +286 -0
package/skills/youtube-api/evals/README.md +3 -0
package/skills/youtube-api/evals/cases.yaml +50 -0
package/skills/youtube-api/references/analytics-queries.md +89 -0
package/skills/youtube-api/references/oauth-setup.md +55 -0
package/skills/youtube-api/references/wiki-schema.md +70 -0
package/skills/youtube-api/scripts/verify.sh +84 -0
package/skills/youtube-ideation/SKILL.md +234 -0
package/skills/youtube-ideation/evals/README.md +14 -0
package/skills/youtube-ideation/evals/cases.yaml +52 -0
package/skills/youtube-ideation/references/idea-ledger-and-loop.md +89 -0
package/skills/youtube-ideation/references/research-and-signals.md +92 -0
package/skills/youtube-ideation/scripts/verify.sh +237 -0
package/skills/youtube-packaging/SKILL.md +220 -0
package/skills/youtube-packaging/evals/README.md +16 -0
package/skills/youtube-packaging/evals/cases.yaml +48 -0
package/skills/youtube-packaging/references/description-and-chapters.md +135 -0
package/skills/youtube-packaging/scripts/verify.sh +250 -0
package/skills/youtube-strategy/SKILL.md +157 -0
package/skills/youtube-strategy/evals/README.md +5 -0
package/skills/youtube-strategy/evals/cases.yaml +61 -0
package/skills/youtube-strategy/references/channel-architecture.md +46 -0
package/skills/youtube-strategy/references/wiki-records.md +86 -0
package/skills/youtube-strategy/scripts/verify.sh +118 -0
package/skills/youtube-thumbnails/SKILL.md +180 -0
package/skills/youtube-thumbnails/evals/README.md +11 -0
package/skills/youtube-thumbnails/evals/cases.yaml +48 -0
package/skills/youtube-thumbnails/references/composition-and-specs.md +69 -0
package/skills/youtube-thumbnails/references/experiment-log-format.md +65 -0
package/skills/youtube-thumbnails/scripts/verify.sh +123 -0
package/targets/claude.js +23 -0
package/targets/codex.js +29 -0
package/targets/cursor.js +20 -0
package/targets/gemini.js +29 -0
package/targets/index.js +55 -0

package/skills/security-scan/SKILL.md ADDED Viewed

@@ -0,0 +1,239 @@
+---
+name: security-scan
+description: "Use when running automated security scanners over a repo or app and turning the raw output into a triaged, ranked, gate-able report: scan for vulnerabilities before shipping, audit dependencies/lockfiles for known CVEs, find secrets committed to the tree or git history, run SAST, or wire scanners into CI. Triggers: 'scan this repo for vulnerabilities', 'check my package-lock for CVEs', 'did anyone commit AWS keys', 'scan git history for leaked keys', 'my lockfile has a transitive CVE', 'is aquasecurity/trivy-action@latest safe', 'set up Semgrep/gitleaks to fail CI', 'escanea el repo en busca de vulnerabilidades', 'audita las dependencias', 'analitza les dependències'. NOT threat-modeling, OWASP design reasoning, or authoring the fix (that is secure-coding)."
+tags: [security, sast, sca, secrets, scanning, owasp]
+recommends: [secure-coding, github-actions, verify]
+origin: risco
+---
+# Security scan — orchestrate scanners, triage the noise, emit a gate
+A **machine-first** vulnerability sweep. Point automated scanners at a codebase,
+collect SARIF/JSON, then do the work that has actual value: dedupe cross-tool
+overlap, rank by exploitability, and emit one gate artifact CI can act on. The
+finding comes from a **tool run**, not a hunch — if you are reasoning about a
+design or hand-writing a fix, that is [`secure-coding`](../secure-coding/SKILL.md),
+not this skill.
+Your job is orchestration + triage. Not eyeballing code, not authoring patches.
+## Operating posture
+- **Read-only by default.** Scan, triage, report. Apply fixes (version bumps,
+  rotation, `.gitignore` edits) only when the user asks. *Why:* a security sweep
+  that silently mutates the tree destroys the evidence and the trust.
+- **Machine-first.** Every finding must trace to a scanner run with a `ruleId`
+  and a source location. *Why:* "I think this looks injectable" is design
+  reasoning — route it to `secure-coding`. This skill ships reproducible output.
+- **Pin and verify your scanners.** Pin exact versions, verify checksums/SHAs,
+  never pull `@latest` GitHub Actions. *Why:* in **March 2026 Trivy was
+  supply-chain compromised** — malicious releases `v0.69.4/0.69.5/0.69.6` and a
+  hijacked `aquasecurity/trivy-action` exfiltrated CI secrets. Your scanner runs
+  with repo + CI-secret access; an unpinned scanner is itself the attack surface.
+- **SARIF everything.** Make every tool emit SARIF (or JSON you normalize to it).
+  *Why:* a common schema is what lets you merge four tools, dedupe, and feed one
+  artifact into CI instead of four incompatible logs.
+- **Triage before you report.** Raw scanner output is high-noise. Rank by
+  exploitability and dedupe overlap; never dump 400 raw findings on the user.
+## The four scan classes
+| Class | What it catches | Primary tool | Backup / fast pass |
+|---|---|---|---|
+| **SAST** | injection, XSS, path traversal in *first-party* code | Semgrep | — |
+| **SCA / deps** | known CVEs in dependency manifests + lockfiles | osv-scanner | `npm audit`, `pip-audit` |
+| **Secrets** | credentials in the tree **or git history** | gitleaks (speed) | TruffleHog (depth + live verification) |
+| **Misconfig / IaC** | Dockerfile, k8s, Terraform, exposed config | Trivy `config` | Semgrep rulesets |
+### Tool selection by ecosystem
+Pick by what is in the repo. This is the real branch point — match the tool to
+the manifest, do not run everything everywhere.
+| Repo contains | SAST | SCA | Secrets | Misconfig |
+|---|---|---|---|---|
+| Node (`package-lock.json`/`pnpm-lock.yaml`) | Semgrep | osv-scanner + `npm audit` (fast) | gitleaks → TruffleHog | Trivy |
+| Python (`poetry.lock`/`requirements.txt`) | Semgrep | osv-scanner + `pip-audit` (fast) | gitleaks → TruffleHog | Trivy |
+| Go (`go.mod`/`go.sum`) | Semgrep | osv-scanner (+ `govulncheck` for reachability) | gitleaks | Trivy |
+| Containers (`Dockerfile`, images) | — | Trivy `fs`/`image` | Trivy `--scanners secret` | Trivy `config` |
+| IaC (Terraform/k8s/Helm) | Semgrep (IaC rules) | — | gitleaks | Trivy `config` |
+| Monorepo (mixed) | Semgrep `auto` | osv-scanner (multi-ecosystem) | gitleaks → TruffleHog | Trivy |
+Full install (pinned), flag matrix, and suppression syntax: `references/tools.md`.
+## Run recipes
+All recipes emit SARIF or JSON so they merge into one report. **Pin the version
+shown** — the placeholders below mark where to lock an exact tag/digest.
+### SAST — Semgrep
+Free OSS edition (latest `1.164.0`, 2026-05-27): 30+ languages, ~2,000 community
+rules. SCA + Secrets rulesets are gated behind the hosted platform — use the
+dedicated tools below for those, not Semgrep.
+```bash
+# Pin via the CLI version, not @latest. OWASP ruleset, SARIF out.
+semgrep scan --config p/owasp-top-ten --sarif --output sast.sarif .
+# Broader local sweep (community rules), no telemetry:
+semgrep scan --config auto --sarif --output sast.sarif --metrics off .
+```
+### SCA — osv-scanner (primary), native auditors (fast pass)
+osv-scanner (OpenSSF/Google) checks lockfiles against OSV.dev across ecosystems
+and catches **transitive** CVEs the native auditors miss. Run native first for
+speed, osv-scanner for coverage — never native alone.
+```bash
+# Primary: lockfile-aware, multi-ecosystem, SARIF.
+osv-scanner scan source --format sarif --output sca.sarif .
+# Fast first pass (ecosystem-native, weaker on transitive):
+npm audit --omit=dev --audit-level=high --json > npm-audit.json   # Node
+pip-audit --format json --output pip-audit.json                   # Python
+```
+### Secrets — gitleaks (tree + history), TruffleHog (verified)
+gitleaks (~150+ patterns, sub-second on diffs) is the pre-commit/CI workhorse.
+TruffleHog (800+ types) adds **live credential verification** — it auth-tests a
+hit to tell a real leaked key from a sample. Scan **history, not just the tree**:
+a key deleted in HEAD is still in the pack files and still rotatable.
+```bash
+# gitleaks: redacted SARIF over the working tree AND full git history.
+gitleaks detect --redact --report-format sarif --report-path secrets.sarif
+# TruffleHog: only verified (live) secrets across history.
+trufflehog git file://. --only-verified --json > trufflehog.json
+```
+### Misconfig / IaC — Trivy (PINNED — see the caveat)
+Trivy scans filesystems, images, and IaC and finds transitive CVEs `npm audit`
+misses. After the March 2026 compromise, **never** run an unpinned Trivy.
+```bash
+# Pin the EXACT version (NOT v0.69.4/.5/.6 — those were the malicious releases).
+# Verify the checksum/cosign signature before first use. See references/tools.md.
+trivy fs --scanners vuln,secret,misconfig --format sarif --output trivy.sarif .
+```
+## Triage — turn noise into a ranked report
+The deliverable is not the four SARIF files. It is a deduped, ranked report.
+1. **Merge + dedupe.** Cross-tool overlap is real (osv-scanner and Trivy both
+   flag the same CVE; gitleaks and TruffleHog both flag the same key). Key on
+   `(class, normalized-id, path, line)` and keep the richest record — prefer the
+   one with verification (TruffleHog) or reachability (govulncheck).
+2. **Normalize severity.** SARIF `level` and tool-native severities disagree;
+   map them all to one `critical/high/medium/low` scale (`references/triage.md`).
+3. **Rank by exploitability, not by count.** A finding scores higher when it is
+   **reachable** (called, not just present) **+ exposed** (on an untrusted path)
+   **+ a sensitive sink** (auth, money, PII, RCE). A verified live secret or a
+   reachable RCE CVE outranks a theoretical lib finding behind a feature flag.
+4. **Suppress with a written justification, never a blanket ignore.** Each
+   suppression records *who, why, and an expiry* — not a silent `.semgrepignore`
+   that hides the next real bug too.
+```text
+BAD  — dump 412 raw findings from four tools, sorted alphabetically, no ranking.
+GOOD — 3 unsuppressed criticals first:
+       1. [secrets] VERIFIED live Stripe sk_live_… in config/.env (history) → ROTATE NOW
+       2. [sca] CVE-2024-… lodash 4.17.20 transitive, reachable in src/api/parse.ts → bump 4.17.21
+       3. [sast] SQL built from req.query in routes/search.js:48 → parameterize
+       + 7 mediums summarized, + 18 suppressed (each with justification + expiry).
+```
+Full ranking rubric, dedupe keying, and severity-normalization map:
+`references/triage.md`.
+## The gate artifact
+Emit one `security-scan-report.json` — the machine-checkable contract CI gates on.
+```json
+{
+  "schemaVersion": "1.0",
+  "scannedAt": "2026-06-02T10:00:00Z",
+  "target": ".",
+  "tools": [{ "name": "osv-scanner", "version": "2.0.2" }],
+  "summary": { "critical": 1, "high": 2, "medium": 7, "low": 14, "suppressed": 18 },
+  "findings": [
+    {
+      "class": "sca",
+      "ruleId": "CVE-2024-XXXXX",
+      "path": "package-lock.json",
+      "line": 0,
+      "severity": "critical",
+      "status": "open",
+      "tool": "osv-scanner",
+      "exploitability": "reachable",
+      "title": "Prototype pollution in lodash <4.17.21"
+    }
+  ]
+}
+```
+- `status` is one of `open | suppressed | fixed`; `severity` one of
+  `critical | high | medium | low`. Schema in full: `references/triage.md`.
+- **Gate rule:** any `open` finding at `critical` (and, on a strict gate, `high`)
+  → fail. `suppressed` never fails. `scripts/verify.sh` enforces exactly this and
+  exits `0` on a clean/empty report (no false failure).
+## CI wiring (brief)
+- Pin actions to a **full commit SHA**, not a tag, never `@latest` — the hijacked
+  `aquasecurity/trivy-action` was pulled by tag.
+```yaml
+# .github/workflows/security-scan.yml — pin the SHA, verify before bumping.
+- uses: aquasecurity/trivy-action@<full-40-char-sha>  # NEVER @latest / @master
+  with: { scan-type: fs, format: sarif, output: trivy.sarif }
+- run: ./scripts/verify.sh   # gate on security-scan-report.json
+```
+- Upload SARIF to code scanning; gate the merge on `verify.sh`, not on a human
+  reading logs. See [`github-actions`](../github-actions/SKILL.md) for the
+  pipeline shell and [`verify`](../verify/SKILL.md) for the broader green gate
+  this feeds.
+## Anti-patterns
+| Rationalization | Reality |
+|---|---|
+| "Pull `aquasecurity/trivy-action@latest`, it's official." | March 2026: a hijacked tag stole CI secrets. Pin a full SHA, verify provenance. |
+| "Every scanner finding is a bug to fix." | Most are noise. Rank by reachable + exposed + sensitive sink; report the few that matter. |
+| "Scanned the working tree, no secrets." | History holds the deleted keys. Scan git history; a removed-in-HEAD key is still leaked and live. |
+| "`npm audit` is clean, deps are fine." | Native auditors miss transitive CVEs. Run osv-scanner/Trivy too; native is the fast pass, not the only pass. |
+| "Commit a blanket `.semgrepignore` to quiet CI." | A blanket ignore hides the next real bug. Suppress per-finding with a written justification + expiry. |
+| "We found a verified key, I deleted it from the file." | Deleting ≠ safe. Rotate the credential first, then scrub history. The committed value is already compromised. |
+| "Trust the SARIF `level`, that's the severity." | Tools disagree. Normalize to one scale before you rank or gate. |
+| "Dump all four tool outputs in the PR, let the reviewer sort it." | The reviewer won't. Merge, dedupe, rank, and emit one report. |
+| "Run the scan; it'll auto-fix the deps." | Read-only by default. Propose bumps; apply only when asked — never mutate during a sweep. |
+## Project grounding (02-DOCS + CLAUDE.md)
+In a project with a `02-DOCS/` layer (the [`harness`](../harness/SKILL.md)
+Karpathy wiki), record the scanner choices, pinned versions, gate thresholds, and
+any accepted-risk suppressions in `02-DOCS/wiki/stack/security-scan.md`, and link
+it from the root `CLAUDE.md` `## Knowledge map`. Read it first on every run so the
+next agent inherits the pinned tools and thresholds instead of re-deriving them.
+No `02-DOCS/`? Skip silently. Conventions are recorded, not gated — never block
+the scan on this.
+## See Also
+- [`secure-coding`](../secure-coding/SKILL.md) — the human-reasoning sibling:
+  threat-model a feature, hand-write the vulnerable→fixed diff. *If the answer
+  comes from a tool run it's this skill; if it comes from reasoning about the
+  design it's secure-coding.*
+- [`review`](../review/SKILL.md) — adversarial review of a diff against a spec.
+- [`code-review`](../code-review/SKILL.md) — general correctness/quality review.
+- [`verify`](../verify/SKILL.md) — the broader lint/type/test green gate this
+  feeds into.
+- **References** — `references/tools.md` (pinned installs, flag matrix,
+  suppression syntax); `references/triage.md` (ranking rubric, dedupe keying,
+  severity map, full report schema).
+</content>
+</invoke>

package/skills/security-scan/evals/README.md ADDED Viewed

@@ -0,0 +1,14 @@
+# Evals — security-scan
+`cases.yaml` holds two kinds of checks, run by the skill eval harness — no live
+scanners are invoked. `should_trigger` / `should_not_trigger` are routing cases:
+each prompt asserts whether this skill should fire, and every negative names the
+real sibling it belongs to (`secure-coding`, `code-review`, `review`, `verify`).
+The `capability` case is a rubric: given the monorepo scenario, the agent's plan
+is graded against the `must_include` list (correct tool per ecosystem, history
+secret scan, SARIF merge + dedupe, exploitability ranking, the
+`security-scan-report.json` artifact, scanner pinning, rotate-then-scrub, and
+read-only default). Score the routing cases as pass/fail on the trigger decision
+and the capability case by how many rubric items the plan covers. The
+`scripts/verify.sh` gate is exercised separately by pointing it at a sample
+`security-scan-report.json`.

package/skills/security-scan/evals/cases.yaml ADDED Viewed

@@ -0,0 +1,50 @@
+skill: security-scan
+should_trigger:
+  - prompt: "Scan this repo for vulnerabilities before we ship."
+    why: Core multi-class sweep (SAST + SCA + secrets) — the central use case.
+  - prompt: "Check my package-lock.json for known CVEs."
+    why: SCA over a lockfile; osv-scanner primary with npm audit as the fast pass.
+  - prompt: "Did anyone commit AWS keys? Scan the git history."
+    why: Non-obvious — secrets in history, not just the working tree; a deleted key is still leaked.
+  - prompt: "escanea el repo en busca de vulnerabilidades y secretos"
+    why: Spanish trigger for the full vuln + secrets sweep.
+  - prompt: "Set up Semgrep and gitleaks to fail CI on critical findings."
+    why: CI gate artifact — emit security-scan-report.json and wire verify.sh into the pipeline.
+  - prompt: "Is it safe to use aquasecurity/trivy-action@latest in my pipeline?"
+    why: Non-obvious — the scanner is itself a supply-chain risk (March 2026 Trivy compromise); pin SHA, verify provenance.
+  - prompt: "analitza les dependències del projecte per CVEs"
+    why: Catalan trigger for dependency CVE auditing.
+should_not_trigger:
+  - prompt: "Threat-model this new payments endpoint."
+    route_to: secure-coding
+    why: Design reasoning (STRIDE on a feature), no tool run — the answer comes from a human reasoning about the design.
+  - prompt: "Write the fix for this SQL injection."
+    route_to: secure-coding
+    why: Authoring a vulnerable→fixed diff; this skill reports findings, it does not write fixes.
+  - prompt: "Review my PR diff for correctness and quality."
+    route_to: code-review
+    why: General correctness/quality review of a diff, not a scanner-driven vuln sweep.
+  - prompt: "Be my adversarial reviewer for this change against the spec."
+    route_to: review
+    why: SDD adversarial review gate against a spec, not automated scanning.
+  - prompt: "Run lint and tests and tell me if the green gate passes."
+    route_to: verify
+    why: The lint/type/test verify phase; security-scan can feed it but is not it.
+capability:
+  - scenario: >
+      A Node + Python monorepo with a committed .env, a transitive lodash CVE
+      reachable from src/api, and a hardcoded Stripe sk_live key in config. Run a
+      security scan and produce the gate artifact.
+    must_include:
+      - Selects the correct tool per ecosystem (Semgrep SAST; osv-scanner SCA with npm audit / pip-audit as fast pass; gitleaks + TruffleHog secrets; Trivy misconfig)
+      - Scans git history for secrets, not just the working tree
+      - Emits SARIF/JSON per tool and merges into one report
+      - Dedupes cross-tool overlap (same CVE / same secret flagged twice)
+      - Ranks by exploitability (reachable + exposed + sensitive sink), criticals first
+      - Produces security-scan-report.json conforming to the documented schema
+      - Pins scanner versions and flags the Trivy supply-chain caveat (no @latest action)
+      - Recommends rotating the verified Stripe key first, then scrubbing history
+      - Does NOT auto-fix or mutate the tree without asking (read-only by default)

package/skills/security-scan/references/tools.md ADDED Viewed

@@ -0,0 +1,98 @@
+# Tools — pinned installs, flags, suppression syntax
+Facts accessed 2026-06-02. Pin the exact versions shown; treat the scanner as a
+supply-chain dependency, not a throwaway CLI.
+## Semgrep (SAST)
+- Latest OSS `1.164.0` (2026-05-27). Community/OSS edition: 30+ languages, ~2,000
+  community rules. **SCA + Secrets rulesets are gated behind the hosted AppSec
+  platform** (login required) — do not rely on Semgrep for those; use osv-scanner
+  and gitleaks/TruffleHog instead.
+```bash
+pip install semgrep==1.164.0        # or pipx install semgrep==1.164.0
+semgrep scan --config p/owasp-top-ten --sarif --output sast.sarif --metrics off .
+semgrep scan --config auto          --sarif --output sast.sarif --metrics off .
+```
+- Severity: gate on `ERROR`; treat `WARNING`/`INFO` as informational.
+- Suppression: inline `// nosemgrep: rule-id` on the line, or a `.semgrepignore`
+  for **paths** (`vendor/`, `test/fixtures/`) — never a blanket rule mute.
+## osv-scanner (SCA — primary)
+- OpenSSF/Google. Checks lockfiles against OSV.dev across ecosystems; ships
+  guided remediation. v2 CLI: `osv-scanner scan source`.
+```bash
+# Install a pinned release binary from github.com/google/osv-scanner/releases.
+osv-scanner scan source --format sarif --output sca.sarif .
+osv-scanner scan source -L package-lock.json --format sarif --output sca.sarif
+```
+- Suppression: `osv-scanner.toml` with an `[[IgnoredVulns]]` block per CVE,
+  including `reason` and `ignoreUntil` (expiry).
+## Native auditors (SCA — fast pass)
+Weaker on transitive CVEs; a first pass, never the only pass.
+```bash
+npm audit --omit=dev --audit-level=high --json > npm-audit.json     # Node
+pip-audit --format json --output pip-audit.json                     # Python (PyPA + Trail of Bits; OSV + PyPI feed)
+govulncheck ./...                                                   # Go — reachability-aware
+```
+## gitleaks (Secrets — speed)
+- ~150+ default regex patterns, sub-second on diffs. Ideal pre-commit + CI diff.
+```bash
+# Pin a release from github.com/gitleaks/gitleaks/releases.
+gitleaks detect --redact --report-format sarif --report-path secrets.sarif   # tree + full history
+gitleaks protect --staged --redact                                           # pre-commit (diff only)
+```
+- Suppression: `.gitleaks.toml` `[allowlist]` (regexes/paths/commits) or an inline
+  `# gitleaks:allow` comment on the offending line.
+## TruffleHog (Secrets — depth + verification)
+- 800+ secret types. **Credential verification:** live-tests a detected secret via
+  auth, so a hit is a *confirmed* live leak, not a guess. Scans git history, S3,
+  Docker, etc.
+```bash
+trufflehog git file://. --only-verified --json > trufflehog.json
+```
+- Pattern most teams use: **gitleaks pre-commit** (speed) + **TruffleHog in CI**
+  (depth + verification).
+## Trivy (Misconfig / IaC / containers) — PINNED, VERIFIED
+- Aqua Security, scans containers/filesystems/IaC/language deps, generates SBOM,
+  catches transitive CVEs `npm audit` misses.
+- **Supply-chain caveat (March 2026):** malicious releases `v0.69.4`, `v0.69.5`,
+  `v0.69.6` and a hijacked `aquasecurity/trivy-action` GitHub Action stole CI
+  secrets. **Pin an exact known-good version, verify the cosign signature /
+  checksum before first use, and pin the Action to a full commit SHA — never a
+  tag, never `@latest`.**
+```bash
+# Install a pinned, signature-verified release (NOT 0.69.4/.5/.6).
+trivy fs --scanners vuln,secret,misconfig --format sarif --output trivy.sarif .
+trivy config --format sarif --output trivy-iac.sarif ./infra
+trivy image --format sarif --output trivy-img.sarif <pinned-image@sha256:...>
+```
+- Suppression: `.trivyignore` (one CVE/check id per line) or inline
+  `#trivy:ignore:<id>` in IaC files. Record a reason in review, not just the id.
+## SARIF notes
+- Every recipe emits SARIF 2.1.0 so findings merge into one report. Where a tool
+  only emits native JSON (`npm audit`, `pip-audit`, TruffleHog), normalize it to
+  the report schema in `triage.md` rather than gating on its raw shape.
+</content>

package/skills/security-scan/references/triage.md ADDED Viewed

@@ -0,0 +1,93 @@
+# Triage — ranking, dedupe, severity, report schema
+The value of this skill lives here: scanner output is high-noise, and the job is
+turning four overlapping logs into one ranked, gate-able report.
+## Exploitability ranking rubric
+Score each finding on three axes, then sort. Count of findings is irrelevant —
+one reachable RCE outranks fifty theoretical lib advisories.
+| Axis | High | Low |
+|---|---|---|
+| **Reachable** | the vulnerable code/dep is actually called (govulncheck-confirmed, in the import graph) | present but unused / behind a disabled flag |
+| **Exposed** | on an untrusted path (HTTP handler, CLI arg, file upload, deserialization) | internal-only, dev-only, test fixture |
+| **Sink sensitivity** | auth, money, PII, RCE, secret material | logging, cosmetic, info-leak of non-sensitive data |
+- **Critical:** reachable **+** exposed **+** sensitive sink. Or any **verified
+  live secret** (TruffleHog confirmed) — those are critical by definition.
+- **High:** two of three axes high, or a reachable CVE with a public exploit.
+- **Medium:** one axis high; present-but-not-clearly-reachable CVEs.
+- **Low / informational:** theoretical, unreachable, or test-only.
+Report criticals first with the concrete remediation (rotate / bump to fixed
+version / parameterize), then summarize the rest. Do not emit a flat list.
+## Cross-tool dedupe
+Tools overlap: osv-scanner and Trivy both flag the same CVE; gitleaks and
+TruffleHog both flag the same key.
+- **Dedupe key:** `(class, normalized-id, path, line)`.
+  - `normalized-id`: CVE/GHSA for SCA; rule id for SAST; secret fingerprint
+    (provider + redacted last-4 + location) for secrets.
+- **Keep the richest record** when two tools collide: prefer the one carrying
+  **verification** (TruffleHog `verified: true`) or **reachability**
+  (govulncheck), and merge the `tool` field into a list of contributors.
+## Severity normalization
+SARIF `level` (`error`/`warning`/`note`/`none`) and tool-native severities
+disagree. Map everything to one scale before ranking or gating:
+| Source signal | Normalized |
+|---|---|
+| SARIF `error` / CVSS ≥ 9.0 / verified secret | `critical` |
+| SARIF `error` / CVSS 7.0–8.9 / Semgrep `ERROR` | `high` |
+| SARIF `warning` / CVSS 4.0–6.9 / Semgrep `WARNING` | `medium` |
+| SARIF `note` / CVSS < 4.0 / `INFO` | `low` |
+Where a tool gives both CVSS and a label, take the **higher** of the two.
+## Suppression discipline
+A suppression is a per-finding record, not a silent ignore-file. Each one carries
+`who`, `why`, and `expiry` so it surfaces again instead of hiding the next bug.
+Use the tool-native suppression (osv-scanner.toml `ignoreUntil`, `.trivyignore`,
+gitleaks allowlist, `// nosemgrep`) and set `status: "suppressed"` in the report.
+## Report schema — `security-scan-report.json`
+This is the contract `scripts/verify.sh` gates on.
+```json
+{
+  "schemaVersion": "1.0",
+  "scannedAt": "<ISO-8601 UTC>",
+  "target": "<path or repo>",
+  "tools": [{ "name": "<tool>", "version": "<pinned>" }],
+  "summary": {
+    "critical": 0, "high": 0, "medium": 0, "low": 0, "suppressed": 0
+  },
+  "findings": [
+    {
+      "class": "sast | sca | secrets | misconfig",
+      "ruleId": "<CVE / GHSA / rule-id / secret-fingerprint>",
+      "path": "<file>",
+      "line": 0,
+      "severity": "critical | high | medium | low",
+      "status": "open | suppressed | fixed",
+      "tool": "<tool name>",
+      "exploitability": "reachable | exposed | theoretical",
+      "title": "<short human description>"
+    }
+  ]
+}
+```
+- `summary` counts must agree with `findings` (verify.sh tolerates an empty
+  `findings` array as a clean pass).
+- **Gate:** any `findings[]` with `status: "open"` and `severity: "critical"`
+  → fail. Strict mode also fails on `open` + `high`. `suppressed`/`fixed` never
+  fail. An empty/clean report exits `0`.
+</content>

package/skills/security-scan/scripts/verify.sh ADDED Viewed

@@ -0,0 +1,108 @@
+#!/usr/bin/env bash
+set -euo pipefail
+# ============================================================================
+# NAME
+#   verify.sh — security-scan gate over security-scan-report.json
+#
+# USAGE
+#   ./verify.sh [path/to/security-scan-report.json]
+#   Defaults to ./security-scan-report.json in the current directory.
+#
+# WHAT IT DOES (read-only — never writes, never auto-fixes, never runs scanners)
+#   1. Locates the report. If it is ABSENT, exits 0 with a notice — the gate is
+#      vacuously clean (nothing scanned yet is not a failure).
+#   2. Parses it as JSON (requires jq).
+#   3. Validates the schema: schemaVersion, summary object, findings array, and
+#      that each finding carries class/ruleId/path/severity/status.
+#   4. Enforces the gate: any finding with status "open" at severity "critical"
+#      fails (exit 1). With STRICT=1, "open" + "high" also fails.
+#
+#   An empty/clean report (no open criticals, or an empty findings array)
+#   exits 0 — no false failure.
+#
+# ENV TOGGLES
+#   STRICT=1     Also fail on open HIGH findings (default: criticals only).
+#   NO_COLOR=1   Disable ANSI color.
+#
+# EXIT CODES
+#   0  Clean: report missing, empty, or no open critical (/high under STRICT).
+#   1  At least one open critical (or open high under STRICT).
+#   2  Usage / schema / tooling error (jq missing, malformed JSON, bad schema).
+# ============================================================================
+REPORT="${1:-./security-scan-report.json}"
+STRICT="${STRICT:-0}"
+if [ -n "${NO_COLOR:-}" ]; then
+  RED=""; YEL=""; GRN=""; RST=""
+else
+  RED=$'\033[31m'; YEL=$'\033[33m'; GRN=$'\033[32m'; RST=$'\033[0m'
+fi
+note() { printf '%s\n' "$*" >&2; }
+# --- 1. report absent => vacuously clean -----------------------------------
+if [ ! -e "$REPORT" ]; then
+  note "${YEL}notice:${RST} no report at '$REPORT' — nothing to gate. Clean."
+  exit 0
+fi
+# --- tooling ---------------------------------------------------------------
+if ! command -v jq >/dev/null 2>&1; then
+  note "${RED}error:${RST} jq is required to validate the report."
+  exit 2
+fi
+# --- 2. valid JSON ---------------------------------------------------------
+if ! jq -e . "$REPORT" >/dev/null 2>&1; then
+  note "${RED}error:${RST} '$REPORT' is not valid JSON."
+  exit 2
+fi
+# --- 3. schema -------------------------------------------------------------
+schema_ok=$(jq -e '
+  (has("schemaVersion"))
+  and (has("summary") and (.summary | type == "object"))
+  and (has("findings") and (.findings | type == "array"))
+  and (
+    .findings
+    | all(
+        (has("class")) and (has("ruleId")) and (has("path"))
+        and (has("severity")) and (has("status"))
+      )
+  )
+' "$REPORT" 2>/dev/null || echo "false")
+if [ "$schema_ok" != "true" ]; then
+  note "${RED}error:${RST} '$REPORT' does not conform to the schema"
+  note "       (need schemaVersion, summary{}, findings[] with"
+  note "        class/ruleId/path/severity/status on every finding)."
+  exit 2
+fi
+# --- 4. gate ---------------------------------------------------------------
+open_crit=$(jq '[.findings[] | select(.status == "open" and .severity == "critical")] | length' "$REPORT")
+open_high=$(jq '[.findings[] | select(.status == "open" and .severity == "high")] | length' "$REPORT")
+total=$(jq '.findings | length' "$REPORT")
+suppressed=$(jq '[.findings[] | select(.status == "suppressed")] | length' "$REPORT")
+note "Report: $REPORT  (findings: ${total}, suppressed: ${suppressed}, open-critical: ${open_crit}, open-high: ${open_high})"
+fail=0
+if [ "$open_crit" -gt 0 ]; then
+  note "${RED}FAIL:${RST} ${open_crit} open CRITICAL finding(s) — resolve or suppress with justification before merge."
+  jq -r '.findings[] | select(.status=="open" and .severity=="critical") | "  - [\(.class)] \(.ruleId)  \(.path)  \(.title // "")"' "$REPORT" >&2
+  fail=1
+fi
+if [ "$STRICT" = "1" ] && [ "$open_high" -gt 0 ]; then
+  note "${RED}FAIL (STRICT):${RST} ${open_high} open HIGH finding(s)."
+  jq -r '.findings[] | select(.status=="open" and .severity=="high") | "  - [\(.class)] \(.ruleId)  \(.path)  \(.title // "")"' "$REPORT" >&2
+  fail=1
+fi
+if [ "$fail" -eq 0 ]; then
+  note "${GRN}PASS:${RST} no open critical$([ "$STRICT" = "1" ] && echo "/high") findings."
+  exit 0
+fi
+exit 1