@geraldmaron/construct 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (352) hide show
  1. package/.env.example +69 -0
  2. package/LICENSE +21 -0
  3. package/README.md +344 -0
  4. package/agents/prompts/cx-accessibility.md +29 -0
  5. package/agents/prompts/cx-ai-engineer.md +31 -0
  6. package/agents/prompts/cx-architect.md +40 -0
  7. package/agents/prompts/cx-business-strategist.md +25 -0
  8. package/agents/prompts/cx-data-analyst.md +30 -0
  9. package/agents/prompts/cx-data-engineer.md +32 -0
  10. package/agents/prompts/cx-debugger.md +27 -0
  11. package/agents/prompts/cx-designer.md +33 -0
  12. package/agents/prompts/cx-devil-advocate.md +36 -0
  13. package/agents/prompts/cx-docs-keeper.md +50 -0
  14. package/agents/prompts/cx-engineer.md +36 -0
  15. package/agents/prompts/cx-evaluator.md +26 -0
  16. package/agents/prompts/cx-explorer.md +38 -0
  17. package/agents/prompts/cx-legal-compliance.md +25 -0
  18. package/agents/prompts/cx-operations.md +28 -0
  19. package/agents/prompts/cx-orchestrator.md +30 -0
  20. package/agents/prompts/cx-platform-engineer.md +25 -0
  21. package/agents/prompts/cx-product-manager.md +30 -0
  22. package/agents/prompts/cx-qa.md +42 -0
  23. package/agents/prompts/cx-rd-lead.md +25 -0
  24. package/agents/prompts/cx-release-manager.md +31 -0
  25. package/agents/prompts/cx-researcher.md +31 -0
  26. package/agents/prompts/cx-reviewer.md +36 -0
  27. package/agents/prompts/cx-security.md +37 -0
  28. package/agents/prompts/cx-sre.md +26 -0
  29. package/agents/prompts/cx-test-automation.md +35 -0
  30. package/agents/prompts/cx-trace-reviewer.md +76 -0
  31. package/agents/prompts/cx-ux-researcher.md +30 -0
  32. package/agents/registry.json +879 -0
  33. package/agents/teams.json +94 -0
  34. package/bin/construct +613 -0
  35. package/commands/build/feature.md +21 -0
  36. package/commands/build/fix.md +20 -0
  37. package/commands/design/access.md +19 -0
  38. package/commands/design/flow.md +16 -0
  39. package/commands/design/ui.md +18 -0
  40. package/commands/measure/experiment.md +18 -0
  41. package/commands/measure/metrics.md +18 -0
  42. package/commands/measure/results.md +18 -0
  43. package/commands/plan/api.md +19 -0
  44. package/commands/plan/challenge.md +18 -0
  45. package/commands/plan/decide.md +20 -0
  46. package/commands/plan/feature.md +49 -0
  47. package/commands/plan/requirements.md +24 -0
  48. package/commands/remember/context.md +26 -0
  49. package/commands/remember/handoff.md +19 -0
  50. package/commands/remember/runbook.md +20 -0
  51. package/commands/review/code.md +21 -0
  52. package/commands/review/quality.md +19 -0
  53. package/commands/review/security.md +16 -0
  54. package/commands/ship/ready.md +19 -0
  55. package/commands/ship/release.md +19 -0
  56. package/commands/ship/status.md +18 -0
  57. package/commands/understand/docs.md +22 -0
  58. package/commands/understand/research.md +22 -0
  59. package/commands/understand/this.md +23 -0
  60. package/commands/understand/why.md +18 -0
  61. package/commands/work/clean.md +32 -0
  62. package/commands/work/drive.md +69 -0
  63. package/commands/work/optimize-prompts.md +46 -0
  64. package/commands/work/parallel-review.md +40 -0
  65. package/db/migrations/001_init.sql +38 -0
  66. package/langfuse/docker-compose.yml +82 -0
  67. package/lib/audit-skills.mjs +118 -0
  68. package/lib/auto-docs.mjs +293 -0
  69. package/lib/cli-commands.mjs +409 -0
  70. package/lib/codex-config.mjs +114 -0
  71. package/lib/comment-lint.mjs +191 -0
  72. package/lib/completions.mjs +170 -0
  73. package/lib/context-state.mjs +99 -0
  74. package/lib/cost.mjs +213 -0
  75. package/lib/distill.mjs +403 -0
  76. package/lib/efficiency.mjs +139 -0
  77. package/lib/env-config.mjs +53 -0
  78. package/lib/eval-harness.mjs +59 -0
  79. package/lib/features.mjs +209 -0
  80. package/lib/headhunt.mjs +597 -0
  81. package/lib/hooks/adaptive-lint.mjs +112 -0
  82. package/lib/hooks/agent-tracker.mjs +50 -0
  83. package/lib/hooks/bootstrap-guard.mjs +90 -0
  84. package/lib/hooks/comment-lint.mjs +26 -0
  85. package/lib/hooks/config-protection.mjs +52 -0
  86. package/lib/hooks/console-warn.mjs +43 -0
  87. package/lib/hooks/context-window-recovery.mjs +90 -0
  88. package/lib/hooks/continuation-enforcer.mjs +72 -0
  89. package/lib/hooks/dep-audit.mjs +155 -0
  90. package/lib/hooks/drive-guard.mjs +89 -0
  91. package/lib/hooks/edit-accumulator.mjs +36 -0
  92. package/lib/hooks/edit-error-recovery.mjs +46 -0
  93. package/lib/hooks/edit-guard.mjs +109 -0
  94. package/lib/hooks/env-check.mjs +80 -0
  95. package/lib/hooks/guard-bash.mjs +83 -0
  96. package/lib/hooks/mcp-audit.mjs +57 -0
  97. package/lib/hooks/mcp-health-check.mjs +51 -0
  98. package/lib/hooks/mcp-task-scope.mjs +47 -0
  99. package/lib/hooks/model-fallback.mjs +105 -0
  100. package/lib/hooks/pre-compact.mjs +212 -0
  101. package/lib/hooks/pre-push-gate.mjs +129 -0
  102. package/lib/hooks/read-tracker.mjs +129 -0
  103. package/lib/hooks/registry-sync.mjs +23 -0
  104. package/lib/hooks/scan-secrets.mjs +76 -0
  105. package/lib/hooks/session-start.mjs +95 -0
  106. package/lib/hooks/stop-notify.mjs +191 -0
  107. package/lib/hooks/stop-typecheck.mjs +83 -0
  108. package/lib/hooks/task-completed-guard.mjs +43 -0
  109. package/lib/hooks/teammate-idle-guard.mjs +54 -0
  110. package/lib/hooks/workflow-guard.mjs +62 -0
  111. package/lib/host-capabilities.mjs +123 -0
  112. package/lib/init-docs.mjs +382 -0
  113. package/lib/mcp/server.mjs +1123 -0
  114. package/lib/mcp-catalog.json +243 -0
  115. package/lib/mcp-manager.mjs +433 -0
  116. package/lib/mcp-platform-config.mjs +104 -0
  117. package/lib/model-router.mjs +810 -0
  118. package/lib/opencode-config.mjs +44 -0
  119. package/lib/opencode-runtime-plugin.mjs +909 -0
  120. package/lib/opencode-telemetry.mjs +433 -0
  121. package/lib/orchestration-policy.mjs +258 -0
  122. package/lib/prompt-composer.mjs +196 -0
  123. package/lib/prompt-metadata.mjs +68 -0
  124. package/lib/review.mjs +429 -0
  125. package/lib/role-preload.mjs +52 -0
  126. package/lib/schemas/decision.json +50 -0
  127. package/lib/schemas/implementation.json +51 -0
  128. package/lib/schemas/review-report.json +32 -0
  129. package/lib/schemas/test-report.json +43 -0
  130. package/lib/server/index.mjs +334 -0
  131. package/lib/server/static/app.js +841 -0
  132. package/lib/server/static/index.html +820 -0
  133. package/lib/service-manager.mjs +225 -0
  134. package/lib/setup.mjs +319 -0
  135. package/lib/status.mjs +707 -0
  136. package/lib/storage/backend.mjs +44 -0
  137. package/lib/storage/embeddings.mjs +70 -0
  138. package/lib/storage/hybrid-query.mjs +184 -0
  139. package/lib/storage/sql-store.mjs +55 -0
  140. package/lib/storage/state-source.mjs +101 -0
  141. package/lib/storage/sync.mjs +164 -0
  142. package/lib/storage/vector-store.mjs +59 -0
  143. package/lib/telemetry/backends/langfuse.mjs +58 -0
  144. package/lib/telemetry/backends/noop.mjs +16 -0
  145. package/lib/telemetry/langfuse-ingest.mjs +108 -0
  146. package/lib/telemetry/langfuse-model-sync.mjs +270 -0
  147. package/lib/telemetry/team-rollup.mjs +143 -0
  148. package/lib/toolkit-env.mjs +30 -0
  149. package/lib/validator.mjs +181 -0
  150. package/lib/workflow-state.mjs +794 -0
  151. package/package.json +53 -0
  152. package/personas/construct.md +94 -0
  153. package/platforms/claude/CLAUDE.md +30 -0
  154. package/platforms/claude/settings.template.json +472 -0
  155. package/platforms/opencode/config.template.json +65 -0
  156. package/platforms/opencode/plugins/construct-fallback.js +5 -0
  157. package/platforms/opencode/sync-config.mjs +69 -0
  158. package/rules/common/agents.md +55 -0
  159. package/rules/common/code-review.md +129 -0
  160. package/rules/common/coding-style.md +95 -0
  161. package/rules/common/comments.md +139 -0
  162. package/rules/common/cx-agent-routing.md +61 -0
  163. package/rules/common/cx-skill-routing.md +11 -0
  164. package/rules/common/development-workflow.md +49 -0
  165. package/rules/common/git-workflow.md +29 -0
  166. package/rules/common/hooks.md +35 -0
  167. package/rules/common/patterns.md +36 -0
  168. package/rules/common/performance.md +71 -0
  169. package/rules/common/security.md +34 -0
  170. package/rules/common/testing.md +62 -0
  171. package/rules/golang/coding-style.md +37 -0
  172. package/rules/golang/hooks.md +22 -0
  173. package/rules/golang/patterns.md +50 -0
  174. package/rules/golang/security.md +39 -0
  175. package/rules/golang/testing.md +36 -0
  176. package/rules/python/coding-style.md +47 -0
  177. package/rules/python/hooks.md +24 -0
  178. package/rules/python/patterns.md +44 -0
  179. package/rules/python/security.md +35 -0
  180. package/rules/python/testing.md +43 -0
  181. package/rules/swift/coding-style.md +52 -0
  182. package/rules/swift/hooks.md +25 -0
  183. package/rules/swift/patterns.md +71 -0
  184. package/rules/swift/security.md +38 -0
  185. package/rules/swift/testing.md +50 -0
  186. package/rules/typescript/coding-style.md +204 -0
  187. package/rules/typescript/hooks.md +27 -0
  188. package/rules/typescript/patterns.md +57 -0
  189. package/rules/typescript/security.md +33 -0
  190. package/rules/typescript/testing.md +23 -0
  191. package/rules/web/coding-style.md +101 -0
  192. package/rules/web/design-quality.md +68 -0
  193. package/rules/web/hooks.md +125 -0
  194. package/rules/web/patterns.md +84 -0
  195. package/rules/web/performance.md +69 -0
  196. package/rules/web/security.md +62 -0
  197. package/rules/web/testing.md +60 -0
  198. package/rules/zh/README.md +113 -0
  199. package/rules/zh/agents.md +55 -0
  200. package/rules/zh/code-review.md +129 -0
  201. package/rules/zh/coding-style.md +53 -0
  202. package/rules/zh/development-workflow.md +49 -0
  203. package/rules/zh/git-workflow.md +29 -0
  204. package/rules/zh/hooks.md +35 -0
  205. package/rules/zh/patterns.md +36 -0
  206. package/rules/zh/performance.md +60 -0
  207. package/rules/zh/security.md +34 -0
  208. package/rules/zh/testing.md +34 -0
  209. package/skills/ai/agent-dev.md +102 -0
  210. package/skills/ai/llm-security.md +105 -0
  211. package/skills/ai/ml-ops.md +169 -0
  212. package/skills/ai/orchestration-workflow.md +87 -0
  213. package/skills/ai/prompt-and-eval.md +114 -0
  214. package/skills/ai/prompt-optimizer.md +114 -0
  215. package/skills/ai/rag-system.md +104 -0
  216. package/skills/architecture/api-design.md +100 -0
  217. package/skills/architecture/caching.md +101 -0
  218. package/skills/architecture/cloud-native.md +97 -0
  219. package/skills/architecture/message-queue.md +100 -0
  220. package/skills/architecture/security-arch.md +105 -0
  221. package/skills/development/cpp.md +127 -0
  222. package/skills/development/go.md +129 -0
  223. package/skills/development/java.md +134 -0
  224. package/skills/development/kotlin.md +140 -0
  225. package/skills/development/mobile-crossplatform.md +144 -0
  226. package/skills/development/python.md +109 -0
  227. package/skills/development/rust.md +127 -0
  228. package/skills/development/shell.md +127 -0
  229. package/skills/development/swift.md +129 -0
  230. package/skills/development/typescript.md +129 -0
  231. package/skills/devops/ci-cd.md +108 -0
  232. package/skills/devops/containerization.md +106 -0
  233. package/skills/devops/cost-optimization.md +105 -0
  234. package/skills/devops/data-engineering.md +181 -0
  235. package/skills/devops/database.md +95 -0
  236. package/skills/devops/dependency-management.md +91 -0
  237. package/skills/devops/devsecops.md +96 -0
  238. package/skills/devops/git-workflow.md +100 -0
  239. package/skills/devops/incident-response.md +167 -0
  240. package/skills/devops/monorepo.md +87 -0
  241. package/skills/devops/observability.md +103 -0
  242. package/skills/devops/performance.md +104 -0
  243. package/skills/devops/testing.md +104 -0
  244. package/skills/docs/adr-workflow.md +32 -0
  245. package/skills/docs/backlog-proposal-workflow.md +19 -0
  246. package/skills/docs/customer-profile-workflow.md +22 -0
  247. package/skills/docs/evidence-ingest-workflow.md +23 -0
  248. package/skills/docs/init-docs.md +160 -0
  249. package/skills/docs/init-project.md +50 -0
  250. package/skills/docs/prd-workflow.md +57 -0
  251. package/skills/docs/prfaq-workflow.md +25 -0
  252. package/skills/docs/product-intelligence-review.md +22 -0
  253. package/skills/docs/product-intelligence-workflow.md +62 -0
  254. package/skills/docs/product-signal-workflow.md +27 -0
  255. package/skills/docs/research-workflow.md +28 -0
  256. package/skills/docs/runbook-workflow.md +24 -0
  257. package/skills/exploration/repo-map.md +297 -0
  258. package/skills/frameworks/django.md +159 -0
  259. package/skills/frameworks/nextjs.md +148 -0
  260. package/skills/frameworks/react.md +132 -0
  261. package/skills/frameworks/spring-boot.md +165 -0
  262. package/skills/frontend-design/accessibility.md +153 -0
  263. package/skills/frontend-design/component-patterns.md +111 -0
  264. package/skills/frontend-design/engineering.md +122 -0
  265. package/skills/frontend-design/state-management.md +118 -0
  266. package/skills/frontend-design/ui-aesthetics.md +102 -0
  267. package/skills/frontend-design/ux-principles.md +126 -0
  268. package/skills/quality-gates/review-work.md +90 -0
  269. package/skills/quality-gates/verify-change.md +94 -0
  270. package/skills/quality-gates/verify-module.md +96 -0
  271. package/skills/quality-gates/verify-quality.md +93 -0
  272. package/skills/quality-gates/verify-security.md +95 -0
  273. package/skills/roles/architect.ai-systems.md +37 -0
  274. package/skills/roles/architect.data.md +37 -0
  275. package/skills/roles/architect.enterprise.md +37 -0
  276. package/skills/roles/architect.integration.md +37 -0
  277. package/skills/roles/architect.md +68 -0
  278. package/skills/roles/architect.platform.md +37 -0
  279. package/skills/roles/data-analyst.experiment.md +37 -0
  280. package/skills/roles/data-analyst.md +68 -0
  281. package/skills/roles/data-analyst.product-intelligence.md +37 -0
  282. package/skills/roles/data-analyst.product.md +37 -0
  283. package/skills/roles/data-analyst.telemetry.md +37 -0
  284. package/skills/roles/data-engineer.pipeline.md +37 -0
  285. package/skills/roles/data-engineer.vector-retrieval.md +37 -0
  286. package/skills/roles/data-engineer.warehouse.md +37 -0
  287. package/skills/roles/debugger.md +68 -0
  288. package/skills/roles/designer.accessibility.md +43 -0
  289. package/skills/roles/designer.md +68 -0
  290. package/skills/roles/engineer.ai.md +49 -0
  291. package/skills/roles/engineer.data.md +49 -0
  292. package/skills/roles/engineer.md +85 -0
  293. package/skills/roles/engineer.platform.md +49 -0
  294. package/skills/roles/operator.docs.md +43 -0
  295. package/skills/roles/operator.md +68 -0
  296. package/skills/roles/operator.release.md +43 -0
  297. package/skills/roles/operator.sre.md +43 -0
  298. package/skills/roles/orchestrator.md +66 -0
  299. package/skills/roles/product-manager.ai-product.md +37 -0
  300. package/skills/roles/product-manager.business-strategy.md +43 -0
  301. package/skills/roles/product-manager.enterprise.md +37 -0
  302. package/skills/roles/product-manager.growth.md +37 -0
  303. package/skills/roles/product-manager.md +67 -0
  304. package/skills/roles/product-manager.platform.md +37 -0
  305. package/skills/roles/product-manager.product.md +37 -0
  306. package/skills/roles/qa.ai-eval.md +37 -0
  307. package/skills/roles/qa.api-contract.md +37 -0
  308. package/skills/roles/qa.data-pipeline.md +37 -0
  309. package/skills/roles/qa.md +68 -0
  310. package/skills/roles/qa.test-automation.md +49 -0
  311. package/skills/roles/qa.web-ui.md +37 -0
  312. package/skills/roles/researcher.explorer.md +43 -0
  313. package/skills/roles/researcher.md +68 -0
  314. package/skills/roles/researcher.ux.md +43 -0
  315. package/skills/roles/reviewer.devil-advocate.md +43 -0
  316. package/skills/roles/reviewer.evaluator.md +43 -0
  317. package/skills/roles/reviewer.md +68 -0
  318. package/skills/roles/reviewer.trace.md +43 -0
  319. package/skills/roles/security.ai.md +37 -0
  320. package/skills/roles/security.appsec.md +37 -0
  321. package/skills/roles/security.cloud.md +37 -0
  322. package/skills/roles/security.legal-compliance.md +49 -0
  323. package/skills/roles/security.md +68 -0
  324. package/skills/roles/security.privacy.md +37 -0
  325. package/skills/roles/security.supply-chain.md +37 -0
  326. package/skills/routing.md +139 -0
  327. package/skills/security/blue-team.md +83 -0
  328. package/skills/security/code-audit.md +94 -0
  329. package/skills/security/pentest.md +84 -0
  330. package/skills/security/red-team.md +81 -0
  331. package/skills/security/threat-intel.md +89 -0
  332. package/skills/security/vuln-research.md +87 -0
  333. package/skills/utility/clean-code.md +165 -0
  334. package/sync-agents.mjs +899 -0
  335. package/templates/docs/adr.md +27 -0
  336. package/templates/docs/backlog-proposal.md +26 -0
  337. package/templates/docs/customer-profile.md +34 -0
  338. package/templates/docs/evidence-brief.md +37 -0
  339. package/templates/docs/incident-report.md +46 -0
  340. package/templates/docs/memo.md +27 -0
  341. package/templates/docs/meta-prd.md +56 -0
  342. package/templates/docs/one-pager.md +24 -0
  343. package/templates/docs/prd-business.md +61 -0
  344. package/templates/docs/prd-platform.md +62 -0
  345. package/templates/docs/prd.md +47 -0
  346. package/templates/docs/prfaq.md +31 -0
  347. package/templates/docs/product-intelligence-report.md +31 -0
  348. package/templates/docs/research-brief.md +29 -0
  349. package/templates/docs/rfc-platform.md +60 -0
  350. package/templates/docs/rfc.md +46 -0
  351. package/templates/docs/runbook.md +33 -0
  352. package/templates/docs/signal-brief.md +25 -0
@@ -0,0 +1,89 @@
1
+ <!--
2
+ skills/security/threat-intel.md — Threat Intelligence — Use this skill when performing OSINT, threat modeling, or building threat intell
3
+
4
+ Use this skill when performing OSINT, threat modeling, or building threat intelligence programs. ## OSINT Collection
5
+ -->
6
+ # Threat Intelligence
7
+
8
+ Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
9
+
10
+ ## OSINT Collection
11
+
12
+ ### Domain and Infrastructure
13
+ - DNS records: A, AAAA, MX, TXT, CNAME, NS, SOA
14
+ - Reverse DNS and IP range enumeration
15
+ - Certificate transparency logs (crt.sh, Censys)
16
+ - WHOIS history and registrar patterns
17
+ - Subdomain enumeration via passive sources and brute force
18
+ - Historical snapshots (Wayback Machine)
19
+
20
+ ### Organization and People
21
+ - Public employee directories and org charts
22
+ - Job postings reveal technology stack and priorities
23
+ - Social media for social engineering vectors
24
+ - Code repositories for leaked credentials and internal naming
25
+ - Leaked credential databases (for defensive awareness)
26
+ - Conference talks and publications reveal architecture decisions
27
+
28
+ ### Technology Fingerprinting
29
+ - Web technology stack: Wappalyzer patterns, HTTP headers, JavaScript libraries
30
+ - Cloud provider identification via IP ranges and DNS
31
+ - Email infrastructure: SPF, DKIM, DMARC records
32
+ - Exposed management interfaces and development endpoints
33
+
34
+ ## Threat Modeling
35
+
36
+ ### STRIDE Model
37
+ - **Spoofing**: Can an attacker impersonate a user, service, or component?
38
+ - **Tampering**: Can data be modified in transit or at rest?
39
+ - **Repudiation**: Can actions be performed without attribution?
40
+ - **Information Disclosure**: Can sensitive data be exposed?
41
+ - **Denial of Service**: Can availability be degraded?
42
+ - **Elevation of Privilege**: Can an attacker gain unauthorized access?
43
+
44
+ ### Process
45
+ 1. Define the system scope and trust boundaries
46
+ 2. Decompose into components and data flows
47
+ 3. Identify threats per component using STRIDE
48
+ 4. Rate risk: likelihood x impact
49
+ 5. Prioritize mitigations by risk and cost
50
+ 6. Document accepted risks with justification
51
+
52
+ ## MITRE ATT&CK Mapping
53
+
54
+ - Map observed behaviors to ATT&CK techniques
55
+ - Use ATT&CK Navigator to visualize coverage and gaps
56
+ - Prioritize detection for techniques used by relevant threat actors
57
+ - Track technique prevalence in your sector
58
+ - Map defensive controls to techniques they detect or prevent
59
+
60
+ ## Threat Actor Profiling
61
+
62
+ - Categorize: nation-state, cybercrime, hacktivist, insider, opportunistic
63
+ - Document: known TTPs, targeted sectors, infrastructure patterns, tooling
64
+ - Track campaigns and attribute based on overlap in infrastructure, code, and behavior
65
+ - Assess relevance to your organization's risk profile
66
+ - Update profiles as new intelligence emerges
67
+
68
+ ## Intelligence Sharing
69
+
70
+ ### Standards
71
+ - STIX 2.1 for structured threat intelligence objects
72
+ - TAXII for automated exchange
73
+ - OpenIOC for indicator sharing
74
+ - TLP (Traffic Light Protocol) for classification: RED, AMBER, GREEN, CLEAR
75
+
76
+ ### Sources
77
+ - Commercial feeds: CrowdStrike, Recorded Future, Mandiant
78
+ - Open feeds: AlienVault OTX, Abuse.ch, PhishTank
79
+ - ISACs and ISAOs for sector-specific intelligence
80
+ - Government: CISA advisories, FBI flash alerts
81
+ - Internal: your own incident data is the highest-fidelity source
82
+
83
+ ## Metrics
84
+
85
+ - Intelligence-to-detection conversion rate
86
+ - Time from IOC publication to operational deployment
87
+ - Percentage of incidents with prior intelligence
88
+ - Threat model coverage: components modeled vs total
89
+ - False positive rate of intelligence-derived detections
@@ -0,0 +1,87 @@
1
+ <!--
2
+ skills/security/vuln-research.md — Vulnerability Research — Use this skill when analyzing binaries, fuzzing software, or developing exploits
3
+
4
+ Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research. ## Binary Analysis
5
+ -->
6
+ # Vulnerability Research
7
+
8
+ Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
9
+
10
+ ## Binary Analysis
11
+
12
+ ### Static Analysis
13
+ - Identify compiler, language, and build flags (stripped, PIE, stack canaries, RELRO)
14
+ - Map function boundaries and call graph
15
+ - Locate string references to identify functionality
16
+ - Check security mitigations: NX, ASLR, stack protector, FORTIFY_SOURCE
17
+ - Identify statically linked libraries and their versions
18
+
19
+ ### Dynamic Analysis
20
+ - Trace system calls and library calls (strace, ltrace, dtrace)
21
+ - Monitor file, network, and registry activity
22
+ - Set breakpoints on interesting functions (malloc, free, recv, send, open)
23
+ - Inspect memory layout at runtime: stack, heap, mapped regions
24
+ - Use hardware breakpoints for anti-debug evasion
25
+
26
+ ## Fuzzing
27
+
28
+ ### Strategy
29
+ - Coverage-guided fuzzing (AFL++, libFuzzer, Honggfuzz) for maximum code coverage
30
+ - Grammar-based fuzzing for structured inputs (protocol buffers, file formats)
31
+ - Mutation-based fuzzing for unknown formats
32
+ - Seed corpus: collect real-world samples, minimize, then fuzz
33
+
34
+ ### Harness Design
35
+ - Isolate the target function from the full program
36
+ - Initialize state once, fuzz in a loop (persistent mode)
37
+ - Sanitizers: AddressSanitizer, UndefinedBehaviorSanitizer, MemorySanitizer
38
+ - Monitor for: crashes, hangs, memory leaks, assertion failures
39
+
40
+ ### Triage
41
+ - Deduplicate crashes by stack hash
42
+ - Minimize crash inputs to smallest reproducer
43
+ - Classify: null deref, buffer overflow, use-after-free, integer overflow, type confusion
44
+ - Determine exploitability: write-what-where, control of instruction pointer, heap corruption state
45
+
46
+ ## Memory Corruption
47
+
48
+ ### Stack Overflow
49
+ - Overwrite return address, saved registers, or local variables
50
+ - Bypass canaries: info leak, format string, brute force (forking servers)
51
+ - ROP chains: find gadgets with ropper/ROPgadget, chain to control execution
52
+
53
+ ### Heap Exploitation
54
+ - Use-after-free: control freed object's memory via replacement allocation
55
+ - Heap overflow: corrupt adjacent chunk metadata or application data
56
+ - Double free: manipulate allocator free list
57
+ - Technique selection depends on allocator: ptmalloc (glibc), jemalloc, tcmalloc, Windows heap
58
+
59
+ ### Format String
60
+ - Read: `%x` to leak stack values, `%s` to read pointers
61
+ - Write: `%n` to write to arbitrary addresses
62
+ - Use direct parameter access (`%7$x`) for precise targeting
63
+
64
+ ### Integer Vulnerabilities
65
+ - Overflow/underflow leading to undersized allocations
66
+ - Sign confusion between signed and unsigned comparisons
67
+ - Truncation when casting between different-width types
68
+
69
+ ## Exploit Development
70
+
71
+ - Determine target: return address, function pointer, vtable, GOT entry
72
+ - Build primitives: arbitrary read, arbitrary write, code execution
73
+ - Defeat mitigations:
74
+ - ASLR: information leak to disclose base addresses
75
+ - NX/DEP: ROP, JIT spraying, code reuse
76
+ - Stack canary: leak via info disclosure or brute force
77
+ - CFI: find valid call targets that enable further exploitation
78
+ - Test reliability across runs and environments
79
+ - Document the full exploit chain
80
+
81
+ ## Responsible Disclosure
82
+
83
+ - Follow coordinated disclosure timelines (typically 90 days)
84
+ - Report to vendor security contact or bug bounty program
85
+ - Provide clear reproduction steps and impact assessment
86
+ - Do not publish exploit code before patch is available
87
+ - Request CVE assignment through CNA or MITRE
@@ -0,0 +1,165 @@
1
+ <!--
2
+ skills/utility/clean-code.md — AI Slop Removal — Patterns and heuristics for identifying and removing AI-generated code smells. U
3
+
4
+ Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools. ## Decision Tree
5
+ -->
6
+ # AI Slop Removal
7
+
8
+ Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
9
+
10
+ ## Decision Tree
11
+
12
+ ```
13
+ Is this comment derivable from the function/variable name?
14
+ YES → Delete it
15
+
16
+ Is this variable named result, data, temp, item, obj, value, or response?
17
+ YES → Rename to reflect what it actually contains
18
+
19
+ Is this a function that only calls one other function with no transformation?
20
+ YES → Inline it at the call site
21
+
22
+ Is this a TODO/FIXME comment older than one session, or referencing cleanup that never happened?
23
+ YES → Delete the comment and the dead code it describes
24
+
25
+ Is this catch block empty, returning null, or logging a generic "error occurred" message?
26
+ YES → Fix: propagate, rethrow with context, or log the actual error
27
+
28
+ Is this docstring/JSDoc restating the parameter names without adding information?
29
+ YES → Delete it
30
+ ```
31
+
32
+ ## 11 Smell Categories
33
+
34
+ ### 1. Obvious Comments
35
+ Comments that restate what the code already says.
36
+ ```
37
+ // BEFORE
38
+ // This function returns the sum of two numbers
39
+ function add(a, b) { return a + b; }
40
+
41
+ // AFTER
42
+ function add(a, b) { return a + b; }
43
+ ```
44
+
45
+ ### 2. Hedging Variable Names
46
+ Generic names that hide what the value represents.
47
+ ```
48
+ // BEFORE
49
+ const result = await fetchUser(id);
50
+ const data = result.profile;
51
+
52
+ // AFTER
53
+ const user = await fetchUser(id);
54
+ const profile = user.profile;
55
+ ```
56
+
57
+ ### 3. Debug Artifacts
58
+ Leftover logging from development.
59
+ ```
60
+ // BEFORE
61
+ console.log('entering loop', items);
62
+ for (const item of items) { ... }
63
+
64
+ // AFTER
65
+ for (const item of items) { ... }
66
+ ```
67
+
68
+ ### 4. Unnecessary Wrappers
69
+ Functions that only delegate without adding value.
70
+ ```
71
+ // BEFORE
72
+ function getUser(id) { return userService.findById(id); }
73
+
74
+ // AFTER (inline at call site)
75
+ const user = await userService.findById(id);
76
+ ```
77
+
78
+ ### 5. Dead TODO Blocks
79
+ Stale markers and commented-out code.
80
+ ```
81
+ // BEFORE
82
+ // TODO: remove this once the replacement flow ships
83
+ // const unusedUser = transformDraft(raw);
84
+
85
+ // AFTER
86
+ (deleted)
87
+ ```
88
+
89
+ ### 6. Restated Types
90
+ Type annotations that repeat the variable name.
91
+ ```
92
+ // BEFORE
93
+ const userList: User[] = [];
94
+ const isLoadingFlag: boolean = false;
95
+
96
+ // AFTER
97
+ const users: User[] = [];
98
+ const isLoading = false;
99
+ ```
100
+
101
+ ### 7. Over-specified Test Assertions
102
+ Tests verifying implementation instead of behavior.
103
+ ```
104
+ // BEFORE
105
+ expect(result.constructor.name).toBe('UserService');
106
+ expect(spy).toHaveBeenCalledWith(expect.objectContaining({ method: 'findById' }));
107
+
108
+ // AFTER
109
+ expect(result).toEqual(expectedUser);
110
+ ```
111
+
112
+ ### 8. Swallowed Errors
113
+ Catch blocks that discard context.
114
+ ```
115
+ // BEFORE
116
+ try { await saveUser(user); } catch (e) { return null; }
117
+
118
+ // AFTER
119
+ try { await saveUser(user); } catch (e) {
120
+ throw new Error(`Failed to save user ${user.id}: ${e.message}`);
121
+ }
122
+ ```
123
+
124
+ ### 9. Single-Use Abstractions
125
+ Helpers created for one call site.
126
+ ```
127
+ // BEFORE
128
+ function buildUserQuery(id) { return { where: { id } }; }
129
+ const user = await db.user.findFirst(buildUserQuery(userId));
130
+
131
+ // AFTER
132
+ const user = await db.user.findFirst({ where: { id: userId } });
133
+ ```
134
+
135
+ ### 10. Padded Error Messages
136
+ Verbose error strings that obscure the actual failure.
137
+ ```
138
+ // BEFORE
139
+ throw new Error('An unexpected error occurred while attempting to process the user authentication request');
140
+
141
+ // AFTER
142
+ throw new Error(`Authentication failed for user ${userId}`);
143
+ ```
144
+
145
+ ### 11. Boilerplate Docstrings
146
+ Documentation that adds no information.
147
+ ```
148
+ // BEFORE
149
+ /**
150
+ * Gets the user by ID.
151
+ * @param id - The user ID
152
+ * @returns The user
153
+ */
154
+ async function getUserById(id: string): Promise<User> { ... }
155
+
156
+ // AFTER
157
+ async function getUserById(id: string): Promise<User> { ... }
158
+ ```
159
+
160
+ ## Rules
161
+
162
+ - Remove smell, nothing else. Do not refactor, reorganize, or add new abstractions.
163
+ - Keep diffs minimal — one smell per change where possible.
164
+ - Never change behavior. If a removal would change behavior, flag it instead.
165
+ - Show before/after for every change.