@geraldmaron/construct 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.env.example +69 -0
- package/LICENSE +21 -0
- package/README.md +344 -0
- package/agents/prompts/cx-accessibility.md +29 -0
- package/agents/prompts/cx-ai-engineer.md +31 -0
- package/agents/prompts/cx-architect.md +40 -0
- package/agents/prompts/cx-business-strategist.md +25 -0
- package/agents/prompts/cx-data-analyst.md +30 -0
- package/agents/prompts/cx-data-engineer.md +32 -0
- package/agents/prompts/cx-debugger.md +27 -0
- package/agents/prompts/cx-designer.md +33 -0
- package/agents/prompts/cx-devil-advocate.md +36 -0
- package/agents/prompts/cx-docs-keeper.md +50 -0
- package/agents/prompts/cx-engineer.md +36 -0
- package/agents/prompts/cx-evaluator.md +26 -0
- package/agents/prompts/cx-explorer.md +38 -0
- package/agents/prompts/cx-legal-compliance.md +25 -0
- package/agents/prompts/cx-operations.md +28 -0
- package/agents/prompts/cx-orchestrator.md +30 -0
- package/agents/prompts/cx-platform-engineer.md +25 -0
- package/agents/prompts/cx-product-manager.md +30 -0
- package/agents/prompts/cx-qa.md +42 -0
- package/agents/prompts/cx-rd-lead.md +25 -0
- package/agents/prompts/cx-release-manager.md +31 -0
- package/agents/prompts/cx-researcher.md +31 -0
- package/agents/prompts/cx-reviewer.md +36 -0
- package/agents/prompts/cx-security.md +37 -0
- package/agents/prompts/cx-sre.md +26 -0
- package/agents/prompts/cx-test-automation.md +35 -0
- package/agents/prompts/cx-trace-reviewer.md +76 -0
- package/agents/prompts/cx-ux-researcher.md +30 -0
- package/agents/registry.json +879 -0
- package/agents/teams.json +94 -0
- package/bin/construct +613 -0
- package/commands/build/feature.md +21 -0
- package/commands/build/fix.md +20 -0
- package/commands/design/access.md +19 -0
- package/commands/design/flow.md +16 -0
- package/commands/design/ui.md +18 -0
- package/commands/measure/experiment.md +18 -0
- package/commands/measure/metrics.md +18 -0
- package/commands/measure/results.md +18 -0
- package/commands/plan/api.md +19 -0
- package/commands/plan/challenge.md +18 -0
- package/commands/plan/decide.md +20 -0
- package/commands/plan/feature.md +49 -0
- package/commands/plan/requirements.md +24 -0
- package/commands/remember/context.md +26 -0
- package/commands/remember/handoff.md +19 -0
- package/commands/remember/runbook.md +20 -0
- package/commands/review/code.md +21 -0
- package/commands/review/quality.md +19 -0
- package/commands/review/security.md +16 -0
- package/commands/ship/ready.md +19 -0
- package/commands/ship/release.md +19 -0
- package/commands/ship/status.md +18 -0
- package/commands/understand/docs.md +22 -0
- package/commands/understand/research.md +22 -0
- package/commands/understand/this.md +23 -0
- package/commands/understand/why.md +18 -0
- package/commands/work/clean.md +32 -0
- package/commands/work/drive.md +69 -0
- package/commands/work/optimize-prompts.md +46 -0
- package/commands/work/parallel-review.md +40 -0
- package/db/migrations/001_init.sql +38 -0
- package/langfuse/docker-compose.yml +82 -0
- package/lib/audit-skills.mjs +118 -0
- package/lib/auto-docs.mjs +293 -0
- package/lib/cli-commands.mjs +409 -0
- package/lib/codex-config.mjs +114 -0
- package/lib/comment-lint.mjs +191 -0
- package/lib/completions.mjs +170 -0
- package/lib/context-state.mjs +99 -0
- package/lib/cost.mjs +213 -0
- package/lib/distill.mjs +403 -0
- package/lib/efficiency.mjs +139 -0
- package/lib/env-config.mjs +53 -0
- package/lib/eval-harness.mjs +59 -0
- package/lib/features.mjs +209 -0
- package/lib/headhunt.mjs +597 -0
- package/lib/hooks/adaptive-lint.mjs +112 -0
- package/lib/hooks/agent-tracker.mjs +50 -0
- package/lib/hooks/bootstrap-guard.mjs +90 -0
- package/lib/hooks/comment-lint.mjs +26 -0
- package/lib/hooks/config-protection.mjs +52 -0
- package/lib/hooks/console-warn.mjs +43 -0
- package/lib/hooks/context-window-recovery.mjs +90 -0
- package/lib/hooks/continuation-enforcer.mjs +72 -0
- package/lib/hooks/dep-audit.mjs +155 -0
- package/lib/hooks/drive-guard.mjs +89 -0
- package/lib/hooks/edit-accumulator.mjs +36 -0
- package/lib/hooks/edit-error-recovery.mjs +46 -0
- package/lib/hooks/edit-guard.mjs +109 -0
- package/lib/hooks/env-check.mjs +80 -0
- package/lib/hooks/guard-bash.mjs +83 -0
- package/lib/hooks/mcp-audit.mjs +57 -0
- package/lib/hooks/mcp-health-check.mjs +51 -0
- package/lib/hooks/mcp-task-scope.mjs +47 -0
- package/lib/hooks/model-fallback.mjs +105 -0
- package/lib/hooks/pre-compact.mjs +212 -0
- package/lib/hooks/pre-push-gate.mjs +129 -0
- package/lib/hooks/read-tracker.mjs +129 -0
- package/lib/hooks/registry-sync.mjs +23 -0
- package/lib/hooks/scan-secrets.mjs +76 -0
- package/lib/hooks/session-start.mjs +95 -0
- package/lib/hooks/stop-notify.mjs +191 -0
- package/lib/hooks/stop-typecheck.mjs +83 -0
- package/lib/hooks/task-completed-guard.mjs +43 -0
- package/lib/hooks/teammate-idle-guard.mjs +54 -0
- package/lib/hooks/workflow-guard.mjs +62 -0
- package/lib/host-capabilities.mjs +123 -0
- package/lib/init-docs.mjs +382 -0
- package/lib/mcp/server.mjs +1123 -0
- package/lib/mcp-catalog.json +243 -0
- package/lib/mcp-manager.mjs +433 -0
- package/lib/mcp-platform-config.mjs +104 -0
- package/lib/model-router.mjs +810 -0
- package/lib/opencode-config.mjs +44 -0
- package/lib/opencode-runtime-plugin.mjs +909 -0
- package/lib/opencode-telemetry.mjs +433 -0
- package/lib/orchestration-policy.mjs +258 -0
- package/lib/prompt-composer.mjs +196 -0
- package/lib/prompt-metadata.mjs +68 -0
- package/lib/review.mjs +429 -0
- package/lib/role-preload.mjs +52 -0
- package/lib/schemas/decision.json +50 -0
- package/lib/schemas/implementation.json +51 -0
- package/lib/schemas/review-report.json +32 -0
- package/lib/schemas/test-report.json +43 -0
- package/lib/server/index.mjs +334 -0
- package/lib/server/static/app.js +841 -0
- package/lib/server/static/index.html +820 -0
- package/lib/service-manager.mjs +225 -0
- package/lib/setup.mjs +319 -0
- package/lib/status.mjs +707 -0
- package/lib/storage/backend.mjs +44 -0
- package/lib/storage/embeddings.mjs +70 -0
- package/lib/storage/hybrid-query.mjs +184 -0
- package/lib/storage/sql-store.mjs +55 -0
- package/lib/storage/state-source.mjs +101 -0
- package/lib/storage/sync.mjs +164 -0
- package/lib/storage/vector-store.mjs +59 -0
- package/lib/telemetry/backends/langfuse.mjs +58 -0
- package/lib/telemetry/backends/noop.mjs +16 -0
- package/lib/telemetry/langfuse-ingest.mjs +108 -0
- package/lib/telemetry/langfuse-model-sync.mjs +270 -0
- package/lib/telemetry/team-rollup.mjs +143 -0
- package/lib/toolkit-env.mjs +30 -0
- package/lib/validator.mjs +181 -0
- package/lib/workflow-state.mjs +794 -0
- package/package.json +53 -0
- package/personas/construct.md +94 -0
- package/platforms/claude/CLAUDE.md +30 -0
- package/platforms/claude/settings.template.json +472 -0
- package/platforms/opencode/config.template.json +65 -0
- package/platforms/opencode/plugins/construct-fallback.js +5 -0
- package/platforms/opencode/sync-config.mjs +69 -0
- package/rules/common/agents.md +55 -0
- package/rules/common/code-review.md +129 -0
- package/rules/common/coding-style.md +95 -0
- package/rules/common/comments.md +139 -0
- package/rules/common/cx-agent-routing.md +61 -0
- package/rules/common/cx-skill-routing.md +11 -0
- package/rules/common/development-workflow.md +49 -0
- package/rules/common/git-workflow.md +29 -0
- package/rules/common/hooks.md +35 -0
- package/rules/common/patterns.md +36 -0
- package/rules/common/performance.md +71 -0
- package/rules/common/security.md +34 -0
- package/rules/common/testing.md +62 -0
- package/rules/golang/coding-style.md +37 -0
- package/rules/golang/hooks.md +22 -0
- package/rules/golang/patterns.md +50 -0
- package/rules/golang/security.md +39 -0
- package/rules/golang/testing.md +36 -0
- package/rules/python/coding-style.md +47 -0
- package/rules/python/hooks.md +24 -0
- package/rules/python/patterns.md +44 -0
- package/rules/python/security.md +35 -0
- package/rules/python/testing.md +43 -0
- package/rules/swift/coding-style.md +52 -0
- package/rules/swift/hooks.md +25 -0
- package/rules/swift/patterns.md +71 -0
- package/rules/swift/security.md +38 -0
- package/rules/swift/testing.md +50 -0
- package/rules/typescript/coding-style.md +204 -0
- package/rules/typescript/hooks.md +27 -0
- package/rules/typescript/patterns.md +57 -0
- package/rules/typescript/security.md +33 -0
- package/rules/typescript/testing.md +23 -0
- package/rules/web/coding-style.md +101 -0
- package/rules/web/design-quality.md +68 -0
- package/rules/web/hooks.md +125 -0
- package/rules/web/patterns.md +84 -0
- package/rules/web/performance.md +69 -0
- package/rules/web/security.md +62 -0
- package/rules/web/testing.md +60 -0
- package/rules/zh/README.md +113 -0
- package/rules/zh/agents.md +55 -0
- package/rules/zh/code-review.md +129 -0
- package/rules/zh/coding-style.md +53 -0
- package/rules/zh/development-workflow.md +49 -0
- package/rules/zh/git-workflow.md +29 -0
- package/rules/zh/hooks.md +35 -0
- package/rules/zh/patterns.md +36 -0
- package/rules/zh/performance.md +60 -0
- package/rules/zh/security.md +34 -0
- package/rules/zh/testing.md +34 -0
- package/skills/ai/agent-dev.md +102 -0
- package/skills/ai/llm-security.md +105 -0
- package/skills/ai/ml-ops.md +169 -0
- package/skills/ai/orchestration-workflow.md +87 -0
- package/skills/ai/prompt-and-eval.md +114 -0
- package/skills/ai/prompt-optimizer.md +114 -0
- package/skills/ai/rag-system.md +104 -0
- package/skills/architecture/api-design.md +100 -0
- package/skills/architecture/caching.md +101 -0
- package/skills/architecture/cloud-native.md +97 -0
- package/skills/architecture/message-queue.md +100 -0
- package/skills/architecture/security-arch.md +105 -0
- package/skills/development/cpp.md +127 -0
- package/skills/development/go.md +129 -0
- package/skills/development/java.md +134 -0
- package/skills/development/kotlin.md +140 -0
- package/skills/development/mobile-crossplatform.md +144 -0
- package/skills/development/python.md +109 -0
- package/skills/development/rust.md +127 -0
- package/skills/development/shell.md +127 -0
- package/skills/development/swift.md +129 -0
- package/skills/development/typescript.md +129 -0
- package/skills/devops/ci-cd.md +108 -0
- package/skills/devops/containerization.md +106 -0
- package/skills/devops/cost-optimization.md +105 -0
- package/skills/devops/data-engineering.md +181 -0
- package/skills/devops/database.md +95 -0
- package/skills/devops/dependency-management.md +91 -0
- package/skills/devops/devsecops.md +96 -0
- package/skills/devops/git-workflow.md +100 -0
- package/skills/devops/incident-response.md +167 -0
- package/skills/devops/monorepo.md +87 -0
- package/skills/devops/observability.md +103 -0
- package/skills/devops/performance.md +104 -0
- package/skills/devops/testing.md +104 -0
- package/skills/docs/adr-workflow.md +32 -0
- package/skills/docs/backlog-proposal-workflow.md +19 -0
- package/skills/docs/customer-profile-workflow.md +22 -0
- package/skills/docs/evidence-ingest-workflow.md +23 -0
- package/skills/docs/init-docs.md +160 -0
- package/skills/docs/init-project.md +50 -0
- package/skills/docs/prd-workflow.md +57 -0
- package/skills/docs/prfaq-workflow.md +25 -0
- package/skills/docs/product-intelligence-review.md +22 -0
- package/skills/docs/product-intelligence-workflow.md +62 -0
- package/skills/docs/product-signal-workflow.md +27 -0
- package/skills/docs/research-workflow.md +28 -0
- package/skills/docs/runbook-workflow.md +24 -0
- package/skills/exploration/repo-map.md +297 -0
- package/skills/frameworks/django.md +159 -0
- package/skills/frameworks/nextjs.md +148 -0
- package/skills/frameworks/react.md +132 -0
- package/skills/frameworks/spring-boot.md +165 -0
- package/skills/frontend-design/accessibility.md +153 -0
- package/skills/frontend-design/component-patterns.md +111 -0
- package/skills/frontend-design/engineering.md +122 -0
- package/skills/frontend-design/state-management.md +118 -0
- package/skills/frontend-design/ui-aesthetics.md +102 -0
- package/skills/frontend-design/ux-principles.md +126 -0
- package/skills/quality-gates/review-work.md +90 -0
- package/skills/quality-gates/verify-change.md +94 -0
- package/skills/quality-gates/verify-module.md +96 -0
- package/skills/quality-gates/verify-quality.md +93 -0
- package/skills/quality-gates/verify-security.md +95 -0
- package/skills/roles/architect.ai-systems.md +37 -0
- package/skills/roles/architect.data.md +37 -0
- package/skills/roles/architect.enterprise.md +37 -0
- package/skills/roles/architect.integration.md +37 -0
- package/skills/roles/architect.md +68 -0
- package/skills/roles/architect.platform.md +37 -0
- package/skills/roles/data-analyst.experiment.md +37 -0
- package/skills/roles/data-analyst.md +68 -0
- package/skills/roles/data-analyst.product-intelligence.md +37 -0
- package/skills/roles/data-analyst.product.md +37 -0
- package/skills/roles/data-analyst.telemetry.md +37 -0
- package/skills/roles/data-engineer.pipeline.md +37 -0
- package/skills/roles/data-engineer.vector-retrieval.md +37 -0
- package/skills/roles/data-engineer.warehouse.md +37 -0
- package/skills/roles/debugger.md +68 -0
- package/skills/roles/designer.accessibility.md +43 -0
- package/skills/roles/designer.md +68 -0
- package/skills/roles/engineer.ai.md +49 -0
- package/skills/roles/engineer.data.md +49 -0
- package/skills/roles/engineer.md +85 -0
- package/skills/roles/engineer.platform.md +49 -0
- package/skills/roles/operator.docs.md +43 -0
- package/skills/roles/operator.md +68 -0
- package/skills/roles/operator.release.md +43 -0
- package/skills/roles/operator.sre.md +43 -0
- package/skills/roles/orchestrator.md +66 -0
- package/skills/roles/product-manager.ai-product.md +37 -0
- package/skills/roles/product-manager.business-strategy.md +43 -0
- package/skills/roles/product-manager.enterprise.md +37 -0
- package/skills/roles/product-manager.growth.md +37 -0
- package/skills/roles/product-manager.md +67 -0
- package/skills/roles/product-manager.platform.md +37 -0
- package/skills/roles/product-manager.product.md +37 -0
- package/skills/roles/qa.ai-eval.md +37 -0
- package/skills/roles/qa.api-contract.md +37 -0
- package/skills/roles/qa.data-pipeline.md +37 -0
- package/skills/roles/qa.md +68 -0
- package/skills/roles/qa.test-automation.md +49 -0
- package/skills/roles/qa.web-ui.md +37 -0
- package/skills/roles/researcher.explorer.md +43 -0
- package/skills/roles/researcher.md +68 -0
- package/skills/roles/researcher.ux.md +43 -0
- package/skills/roles/reviewer.devil-advocate.md +43 -0
- package/skills/roles/reviewer.evaluator.md +43 -0
- package/skills/roles/reviewer.md +68 -0
- package/skills/roles/reviewer.trace.md +43 -0
- package/skills/roles/security.ai.md +37 -0
- package/skills/roles/security.appsec.md +37 -0
- package/skills/roles/security.cloud.md +37 -0
- package/skills/roles/security.legal-compliance.md +49 -0
- package/skills/roles/security.md +68 -0
- package/skills/roles/security.privacy.md +37 -0
- package/skills/roles/security.supply-chain.md +37 -0
- package/skills/routing.md +139 -0
- package/skills/security/blue-team.md +83 -0
- package/skills/security/code-audit.md +94 -0
- package/skills/security/pentest.md +84 -0
- package/skills/security/red-team.md +81 -0
- package/skills/security/threat-intel.md +89 -0
- package/skills/security/vuln-research.md +87 -0
- package/skills/utility/clean-code.md +165 -0
- package/sync-agents.mjs +899 -0
- package/templates/docs/adr.md +27 -0
- package/templates/docs/backlog-proposal.md +26 -0
- package/templates/docs/customer-profile.md +34 -0
- package/templates/docs/evidence-brief.md +37 -0
- package/templates/docs/incident-report.md +46 -0
- package/templates/docs/memo.md +27 -0
- package/templates/docs/meta-prd.md +56 -0
- package/templates/docs/one-pager.md +24 -0
- package/templates/docs/prd-business.md +61 -0
- package/templates/docs/prd-platform.md +62 -0
- package/templates/docs/prd.md +47 -0
- package/templates/docs/prfaq.md +31 -0
- package/templates/docs/product-intelligence-report.md +31 -0
- package/templates/docs/research-brief.md +29 -0
- package/templates/docs/rfc-platform.md +60 -0
- package/templates/docs/rfc.md +46 -0
- package/templates/docs/runbook.md +33 -0
- package/templates/docs/signal-brief.md +25 -0
|
@@ -0,0 +1,89 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/security/threat-intel.md — Threat Intelligence — Use this skill when performing OSINT, threat modeling, or building threat intell
|
|
3
|
+
|
|
4
|
+
Use this skill when performing OSINT, threat modeling, or building threat intelligence programs. ## OSINT Collection
|
|
5
|
+
-->
|
|
6
|
+
# Threat Intelligence
|
|
7
|
+
|
|
8
|
+
Use this skill when performing OSINT, threat modeling, or building threat intelligence programs.
|
|
9
|
+
|
|
10
|
+
## OSINT Collection
|
|
11
|
+
|
|
12
|
+
### Domain and Infrastructure
|
|
13
|
+
- DNS records: A, AAAA, MX, TXT, CNAME, NS, SOA
|
|
14
|
+
- Reverse DNS and IP range enumeration
|
|
15
|
+
- Certificate transparency logs (crt.sh, Censys)
|
|
16
|
+
- WHOIS history and registrar patterns
|
|
17
|
+
- Subdomain enumeration via passive sources and brute force
|
|
18
|
+
- Historical snapshots (Wayback Machine)
|
|
19
|
+
|
|
20
|
+
### Organization and People
|
|
21
|
+
- Public employee directories and org charts
|
|
22
|
+
- Job postings reveal technology stack and priorities
|
|
23
|
+
- Social media for social engineering vectors
|
|
24
|
+
- Code repositories for leaked credentials and internal naming
|
|
25
|
+
- Leaked credential databases (for defensive awareness)
|
|
26
|
+
- Conference talks and publications reveal architecture decisions
|
|
27
|
+
|
|
28
|
+
### Technology Fingerprinting
|
|
29
|
+
- Web technology stack: Wappalyzer patterns, HTTP headers, JavaScript libraries
|
|
30
|
+
- Cloud provider identification via IP ranges and DNS
|
|
31
|
+
- Email infrastructure: SPF, DKIM, DMARC records
|
|
32
|
+
- Exposed management interfaces and development endpoints
|
|
33
|
+
|
|
34
|
+
## Threat Modeling
|
|
35
|
+
|
|
36
|
+
### STRIDE Model
|
|
37
|
+
- **Spoofing**: Can an attacker impersonate a user, service, or component?
|
|
38
|
+
- **Tampering**: Can data be modified in transit or at rest?
|
|
39
|
+
- **Repudiation**: Can actions be performed without attribution?
|
|
40
|
+
- **Information Disclosure**: Can sensitive data be exposed?
|
|
41
|
+
- **Denial of Service**: Can availability be degraded?
|
|
42
|
+
- **Elevation of Privilege**: Can an attacker gain unauthorized access?
|
|
43
|
+
|
|
44
|
+
### Process
|
|
45
|
+
1. Define the system scope and trust boundaries
|
|
46
|
+
2. Decompose into components and data flows
|
|
47
|
+
3. Identify threats per component using STRIDE
|
|
48
|
+
4. Rate risk: likelihood x impact
|
|
49
|
+
5. Prioritize mitigations by risk and cost
|
|
50
|
+
6. Document accepted risks with justification
|
|
51
|
+
|
|
52
|
+
## MITRE ATT&CK Mapping
|
|
53
|
+
|
|
54
|
+
- Map observed behaviors to ATT&CK techniques
|
|
55
|
+
- Use ATT&CK Navigator to visualize coverage and gaps
|
|
56
|
+
- Prioritize detection for techniques used by relevant threat actors
|
|
57
|
+
- Track technique prevalence in your sector
|
|
58
|
+
- Map defensive controls to techniques they detect or prevent
|
|
59
|
+
|
|
60
|
+
## Threat Actor Profiling
|
|
61
|
+
|
|
62
|
+
- Categorize: nation-state, cybercrime, hacktivist, insider, opportunistic
|
|
63
|
+
- Document: known TTPs, targeted sectors, infrastructure patterns, tooling
|
|
64
|
+
- Track campaigns and attribute based on overlap in infrastructure, code, and behavior
|
|
65
|
+
- Assess relevance to your organization's risk profile
|
|
66
|
+
- Update profiles as new intelligence emerges
|
|
67
|
+
|
|
68
|
+
## Intelligence Sharing
|
|
69
|
+
|
|
70
|
+
### Standards
|
|
71
|
+
- STIX 2.1 for structured threat intelligence objects
|
|
72
|
+
- TAXII for automated exchange
|
|
73
|
+
- OpenIOC for indicator sharing
|
|
74
|
+
- TLP (Traffic Light Protocol) for classification: RED, AMBER, GREEN, CLEAR
|
|
75
|
+
|
|
76
|
+
### Sources
|
|
77
|
+
- Commercial feeds: CrowdStrike, Recorded Future, Mandiant
|
|
78
|
+
- Open feeds: AlienVault OTX, Abuse.ch, PhishTank
|
|
79
|
+
- ISACs and ISAOs for sector-specific intelligence
|
|
80
|
+
- Government: CISA advisories, FBI flash alerts
|
|
81
|
+
- Internal: your own incident data is the highest-fidelity source
|
|
82
|
+
|
|
83
|
+
## Metrics
|
|
84
|
+
|
|
85
|
+
- Intelligence-to-detection conversion rate
|
|
86
|
+
- Time from IOC publication to operational deployment
|
|
87
|
+
- Percentage of incidents with prior intelligence
|
|
88
|
+
- Threat model coverage: components modeled vs total
|
|
89
|
+
- False positive rate of intelligence-derived detections
|
|
@@ -0,0 +1,87 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/security/vuln-research.md — Vulnerability Research — Use this skill when analyzing binaries, fuzzing software, or developing exploits
|
|
3
|
+
|
|
4
|
+
Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research. ## Binary Analysis
|
|
5
|
+
-->
|
|
6
|
+
# Vulnerability Research
|
|
7
|
+
|
|
8
|
+
Use this skill when analyzing binaries, fuzzing software, or developing exploits for security research.
|
|
9
|
+
|
|
10
|
+
## Binary Analysis
|
|
11
|
+
|
|
12
|
+
### Static Analysis
|
|
13
|
+
- Identify compiler, language, and build flags (stripped, PIE, stack canaries, RELRO)
|
|
14
|
+
- Map function boundaries and call graph
|
|
15
|
+
- Locate string references to identify functionality
|
|
16
|
+
- Check security mitigations: NX, ASLR, stack protector, FORTIFY_SOURCE
|
|
17
|
+
- Identify statically linked libraries and their versions
|
|
18
|
+
|
|
19
|
+
### Dynamic Analysis
|
|
20
|
+
- Trace system calls and library calls (strace, ltrace, dtrace)
|
|
21
|
+
- Monitor file, network, and registry activity
|
|
22
|
+
- Set breakpoints on interesting functions (malloc, free, recv, send, open)
|
|
23
|
+
- Inspect memory layout at runtime: stack, heap, mapped regions
|
|
24
|
+
- Use hardware breakpoints for anti-debug evasion
|
|
25
|
+
|
|
26
|
+
## Fuzzing
|
|
27
|
+
|
|
28
|
+
### Strategy
|
|
29
|
+
- Coverage-guided fuzzing (AFL++, libFuzzer, Honggfuzz) for maximum code coverage
|
|
30
|
+
- Grammar-based fuzzing for structured inputs (protocol buffers, file formats)
|
|
31
|
+
- Mutation-based fuzzing for unknown formats
|
|
32
|
+
- Seed corpus: collect real-world samples, minimize, then fuzz
|
|
33
|
+
|
|
34
|
+
### Harness Design
|
|
35
|
+
- Isolate the target function from the full program
|
|
36
|
+
- Initialize state once, fuzz in a loop (persistent mode)
|
|
37
|
+
- Sanitizers: AddressSanitizer, UndefinedBehaviorSanitizer, MemorySanitizer
|
|
38
|
+
- Monitor for: crashes, hangs, memory leaks, assertion failures
|
|
39
|
+
|
|
40
|
+
### Triage
|
|
41
|
+
- Deduplicate crashes by stack hash
|
|
42
|
+
- Minimize crash inputs to smallest reproducer
|
|
43
|
+
- Classify: null deref, buffer overflow, use-after-free, integer overflow, type confusion
|
|
44
|
+
- Determine exploitability: write-what-where, control of instruction pointer, heap corruption state
|
|
45
|
+
|
|
46
|
+
## Memory Corruption
|
|
47
|
+
|
|
48
|
+
### Stack Overflow
|
|
49
|
+
- Overwrite return address, saved registers, or local variables
|
|
50
|
+
- Bypass canaries: info leak, format string, brute force (forking servers)
|
|
51
|
+
- ROP chains: find gadgets with ropper/ROPgadget, chain to control execution
|
|
52
|
+
|
|
53
|
+
### Heap Exploitation
|
|
54
|
+
- Use-after-free: control freed object's memory via replacement allocation
|
|
55
|
+
- Heap overflow: corrupt adjacent chunk metadata or application data
|
|
56
|
+
- Double free: manipulate allocator free list
|
|
57
|
+
- Technique selection depends on allocator: ptmalloc (glibc), jemalloc, tcmalloc, Windows heap
|
|
58
|
+
|
|
59
|
+
### Format String
|
|
60
|
+
- Read: `%x` to leak stack values, `%s` to read pointers
|
|
61
|
+
- Write: `%n` to write to arbitrary addresses
|
|
62
|
+
- Use direct parameter access (`%7$x`) for precise targeting
|
|
63
|
+
|
|
64
|
+
### Integer Vulnerabilities
|
|
65
|
+
- Overflow/underflow leading to undersized allocations
|
|
66
|
+
- Sign confusion between signed and unsigned comparisons
|
|
67
|
+
- Truncation when casting between different-width types
|
|
68
|
+
|
|
69
|
+
## Exploit Development
|
|
70
|
+
|
|
71
|
+
- Determine target: return address, function pointer, vtable, GOT entry
|
|
72
|
+
- Build primitives: arbitrary read, arbitrary write, code execution
|
|
73
|
+
- Defeat mitigations:
|
|
74
|
+
- ASLR: information leak to disclose base addresses
|
|
75
|
+
- NX/DEP: ROP, JIT spraying, code reuse
|
|
76
|
+
- Stack canary: leak via info disclosure or brute force
|
|
77
|
+
- CFI: find valid call targets that enable further exploitation
|
|
78
|
+
- Test reliability across runs and environments
|
|
79
|
+
- Document the full exploit chain
|
|
80
|
+
|
|
81
|
+
## Responsible Disclosure
|
|
82
|
+
|
|
83
|
+
- Follow coordinated disclosure timelines (typically 90 days)
|
|
84
|
+
- Report to vendor security contact or bug bounty program
|
|
85
|
+
- Provide clear reproduction steps and impact assessment
|
|
86
|
+
- Do not publish exploit code before patch is available
|
|
87
|
+
- Request CVE assignment through CNA or MITRE
|
|
@@ -0,0 +1,165 @@
|
|
|
1
|
+
<!--
|
|
2
|
+
skills/utility/clean-code.md — AI Slop Removal — Patterns and heuristics for identifying and removing AI-generated code smells. U
|
|
3
|
+
|
|
4
|
+
Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools. ## Decision Tree
|
|
5
|
+
-->
|
|
6
|
+
# AI Slop Removal
|
|
7
|
+
|
|
8
|
+
Patterns and heuristics for identifying and removing AI-generated code smells. Use when cleaning up output from AI coding tools.
|
|
9
|
+
|
|
10
|
+
## Decision Tree
|
|
11
|
+
|
|
12
|
+
```
|
|
13
|
+
Is this comment derivable from the function/variable name?
|
|
14
|
+
YES → Delete it
|
|
15
|
+
|
|
16
|
+
Is this variable named result, data, temp, item, obj, value, or response?
|
|
17
|
+
YES → Rename to reflect what it actually contains
|
|
18
|
+
|
|
19
|
+
Is this a function that only calls one other function with no transformation?
|
|
20
|
+
YES → Inline it at the call site
|
|
21
|
+
|
|
22
|
+
Is this a TODO/FIXME comment older than one session, or referencing cleanup that never happened?
|
|
23
|
+
YES → Delete the comment and the dead code it describes
|
|
24
|
+
|
|
25
|
+
Is this catch block empty, returning null, or logging a generic "error occurred" message?
|
|
26
|
+
YES → Fix: propagate, rethrow with context, or log the actual error
|
|
27
|
+
|
|
28
|
+
Is this docstring/JSDoc restating the parameter names without adding information?
|
|
29
|
+
YES → Delete it
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
## 11 Smell Categories
|
|
33
|
+
|
|
34
|
+
### 1. Obvious Comments
|
|
35
|
+
Comments that restate what the code already says.
|
|
36
|
+
```
|
|
37
|
+
// BEFORE
|
|
38
|
+
// This function returns the sum of two numbers
|
|
39
|
+
function add(a, b) { return a + b; }
|
|
40
|
+
|
|
41
|
+
// AFTER
|
|
42
|
+
function add(a, b) { return a + b; }
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### 2. Hedging Variable Names
|
|
46
|
+
Generic names that hide what the value represents.
|
|
47
|
+
```
|
|
48
|
+
// BEFORE
|
|
49
|
+
const result = await fetchUser(id);
|
|
50
|
+
const data = result.profile;
|
|
51
|
+
|
|
52
|
+
// AFTER
|
|
53
|
+
const user = await fetchUser(id);
|
|
54
|
+
const profile = user.profile;
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
### 3. Debug Artifacts
|
|
58
|
+
Leftover logging from development.
|
|
59
|
+
```
|
|
60
|
+
// BEFORE
|
|
61
|
+
console.log('entering loop', items);
|
|
62
|
+
for (const item of items) { ... }
|
|
63
|
+
|
|
64
|
+
// AFTER
|
|
65
|
+
for (const item of items) { ... }
|
|
66
|
+
```
|
|
67
|
+
|
|
68
|
+
### 4. Unnecessary Wrappers
|
|
69
|
+
Functions that only delegate without adding value.
|
|
70
|
+
```
|
|
71
|
+
// BEFORE
|
|
72
|
+
function getUser(id) { return userService.findById(id); }
|
|
73
|
+
|
|
74
|
+
// AFTER (inline at call site)
|
|
75
|
+
const user = await userService.findById(id);
|
|
76
|
+
```
|
|
77
|
+
|
|
78
|
+
### 5. Dead TODO Blocks
|
|
79
|
+
Stale markers and commented-out code.
|
|
80
|
+
```
|
|
81
|
+
// BEFORE
|
|
82
|
+
// TODO: remove this once the replacement flow ships
|
|
83
|
+
// const unusedUser = transformDraft(raw);
|
|
84
|
+
|
|
85
|
+
// AFTER
|
|
86
|
+
(deleted)
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
### 6. Restated Types
|
|
90
|
+
Type annotations that repeat the variable name.
|
|
91
|
+
```
|
|
92
|
+
// BEFORE
|
|
93
|
+
const userList: User[] = [];
|
|
94
|
+
const isLoadingFlag: boolean = false;
|
|
95
|
+
|
|
96
|
+
// AFTER
|
|
97
|
+
const users: User[] = [];
|
|
98
|
+
const isLoading = false;
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
### 7. Over-specified Test Assertions
|
|
102
|
+
Tests verifying implementation instead of behavior.
|
|
103
|
+
```
|
|
104
|
+
// BEFORE
|
|
105
|
+
expect(result.constructor.name).toBe('UserService');
|
|
106
|
+
expect(spy).toHaveBeenCalledWith(expect.objectContaining({ method: 'findById' }));
|
|
107
|
+
|
|
108
|
+
// AFTER
|
|
109
|
+
expect(result).toEqual(expectedUser);
|
|
110
|
+
```
|
|
111
|
+
|
|
112
|
+
### 8. Swallowed Errors
|
|
113
|
+
Catch blocks that discard context.
|
|
114
|
+
```
|
|
115
|
+
// BEFORE
|
|
116
|
+
try { await saveUser(user); } catch (e) { return null; }
|
|
117
|
+
|
|
118
|
+
// AFTER
|
|
119
|
+
try { await saveUser(user); } catch (e) {
|
|
120
|
+
throw new Error(`Failed to save user ${user.id}: ${e.message}`);
|
|
121
|
+
}
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
### 9. Single-Use Abstractions
|
|
125
|
+
Helpers created for one call site.
|
|
126
|
+
```
|
|
127
|
+
// BEFORE
|
|
128
|
+
function buildUserQuery(id) { return { where: { id } }; }
|
|
129
|
+
const user = await db.user.findFirst(buildUserQuery(userId));
|
|
130
|
+
|
|
131
|
+
// AFTER
|
|
132
|
+
const user = await db.user.findFirst({ where: { id: userId } });
|
|
133
|
+
```
|
|
134
|
+
|
|
135
|
+
### 10. Padded Error Messages
|
|
136
|
+
Verbose error strings that obscure the actual failure.
|
|
137
|
+
```
|
|
138
|
+
// BEFORE
|
|
139
|
+
throw new Error('An unexpected error occurred while attempting to process the user authentication request');
|
|
140
|
+
|
|
141
|
+
// AFTER
|
|
142
|
+
throw new Error(`Authentication failed for user ${userId}`);
|
|
143
|
+
```
|
|
144
|
+
|
|
145
|
+
### 11. Boilerplate Docstrings
|
|
146
|
+
Documentation that adds no information.
|
|
147
|
+
```
|
|
148
|
+
// BEFORE
|
|
149
|
+
/**
|
|
150
|
+
* Gets the user by ID.
|
|
151
|
+
* @param id - The user ID
|
|
152
|
+
* @returns The user
|
|
153
|
+
*/
|
|
154
|
+
async function getUserById(id: string): Promise<User> { ... }
|
|
155
|
+
|
|
156
|
+
// AFTER
|
|
157
|
+
async function getUserById(id: string): Promise<User> { ... }
|
|
158
|
+
```
|
|
159
|
+
|
|
160
|
+
## Rules
|
|
161
|
+
|
|
162
|
+
- Remove smell, nothing else. Do not refactor, reorganize, or add new abstractions.
|
|
163
|
+
- Keep diffs minimal — one smell per change where possible.
|
|
164
|
+
- Never change behavior. If a removal would change behavior, flag it instead.
|
|
165
|
+
- Show before/after for every change.
|