npm - @heyai-rules/pilo-masterkit - Versions diffs - 1.2.2 → 2.1.0 - Mend

@heyai-rules/pilo-masterkit 1.2.2 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (708) hide show

package/.agent/agents/PILO_MASTER.md +77 -77
package/.agent/agents/backend-specialist.md +263 -263
package/.agent/agents/code-archaeologist.md +106 -106
package/.agent/agents/csharp-reviewer.md +101 -0
package/.agent/agents/dart-build-resolver.md +201 -0
package/.agent/agents/database-architect.md +226 -226
package/.agent/agents/debugger.md +225 -225
package/.agent/agents/devops-engineer.md +242 -242
package/.agent/agents/documentation-writer.md +104 -104
package/.agent/agents/explorer-agent.md +73 -73
package/.agent/agents/frontend-specialist.md +593 -593
package/.agent/agents/game-developer.md +162 -162
package/.agent/agents/gan-evaluator.md +209 -0
package/.agent/agents/gan-generator.md +131 -0
package/.agent/agents/gan-planner.md +99 -0
package/.agent/agents/healthcare-reviewer.md +83 -0
package/.agent/agents/mobile-developer.md +377 -377
package/.agent/agents/opensource-forker.md +198 -0
package/.agent/agents/opensource-packager.md +249 -0
package/.agent/agents/opensource-sanitizer.md +188 -0
package/.agent/agents/orchestrator.md +416 -416
package/.agent/agents/penetration-tester.md +188 -188
package/.agent/agents/performance-optimizer.md +446 -187
package/.agent/agents/personas/athena-agent/agent.json +10 -0
package/.agent/agents/personas/athena-agent/athena-backend-logic-architecture-profile.md +189 -0
package/.agent/agents/personas/athena-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/athena-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/athena-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/athena-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/athena-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/athena-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/da-vinci-agent/agent.json +10 -0
package/.agent/agents/personas/da-vinci-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/da-vinci-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/da-vinci-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/da-vinci-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/da-vinci-agent/da-vinci-frontend-ui-ux-design-profile.md +189 -0
package/.agent/agents/personas/da-vinci-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/da-vinci-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/duong-tang-agent/agent.json +10 -0
package/.agent/agents/personas/duong-tang-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/duong-tang-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/duong-tang-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/duong-tang-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/duong-tang-agent/tang-monk-quality-testing-documentation-profile.md +189 -0
package/.agent/agents/personas/duong-tang-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/duong-tang-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/gia-cat-luong-agent/agent.json +10 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/gia-cat-luong-agent/kongming-research-strategy-analysis-profile.md +189 -0
package/.agent/agents/personas/gia-cat-luong-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/gia-cat-luong-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/mihata-agent/agent.json +10 -0
package/.agent/agents/personas/mihata-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/mihata-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/mihata-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/mihata-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/mihata-agent/mihata-multi-agent-orchestration-profile.md +189 -0
package/.agent/agents/personas/mihata-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/mihata-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/tesla-agent/agent.json +10 -0
package/.agent/agents/personas/tesla-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/tesla-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/tesla-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/tesla-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/tesla-agent/tesla-fullstack-system-optimization-profile.md +189 -0
package/.agent/agents/personas/tesla-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/tesla-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/tu-ma-y-agent/agent.json +10 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/tu-ma-y-agent/simayi-feasibility-risk-control-profile.md +189 -0
package/.agent/agents/personas/tu-ma-y-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/tu-ma-y-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/venti-agent/agent.json +10 -0
package/.agent/agents/personas/venti-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/venti-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/venti-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/venti-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/venti-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/venti-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/venti-agent/venti-learning-communication-mentoring-profile.md +189 -0
package/.agent/agents/product-manager.md +112 -112
package/.agent/agents/product-owner.md +95 -95
package/.agent/agents/project-planner.md +406 -406
package/.agent/agents/qa-automation-engineer.md +103 -103
package/.agent/agents/security-auditor.md +170 -170
package/.agent/agents/seo-specialist.md +111 -111
package/.agent/agents/test-engineer.md +158 -158
package/.agent/contexts/dev.md +20 -0
package/.agent/contexts/research.md +26 -0
package/.agent/contexts/review.md +22 -0
package/.agent/hooks/hooks.json +395 -0
package/.agent/hooks/readme.md +222 -0
package/.agent/mcp-configs/mcp-servers.json +181 -0
package/.agent/rules/ARCHITECTURAL_BLUEPRINTS.md +62 -62
package/.agent/rules/CODE_CRAFTSMANSHIP.md +69 -69
package/.agent/rules/CORE_RULES.md +72 -72
package/.agent/rules/PROJECT_MAP.md +58 -58
package/.agent/rules/QUALITY_ASSURANCE.md +54 -54
package/.agent/rules/SECURITY_ARMOR.md +44 -44
package/.agent/rules/VERSION_ORCHESTRATION.md +64 -64
package/.agent/rules/WORKFLOW_ORCHESTRATION.md +55 -55
package/.agent/rules/common/agents.md +50 -0
package/.agent/rules/common/code-review.md +124 -0
package/.agent/rules/common/coding-style.md +48 -0
package/.agent/rules/common/development-workflow.md +44 -0
package/.agent/rules/common/git-workflow.md +24 -0
package/.agent/rules/common/hooks.md +30 -0
package/.agent/rules/common/patterns.md +31 -0
package/.agent/rules/common/performance.md +55 -0
package/.agent/rules/common/security.md +29 -0
package/.agent/rules/common/testing.md +29 -0
package/.agent/rules/cpp/coding-style.md +44 -0
package/.agent/rules/cpp/hooks.md +39 -0
package/.agent/rules/cpp/patterns.md +51 -0
package/.agent/rules/cpp/security.md +51 -0
package/.agent/rules/cpp/testing.md +44 -0
package/.agent/rules/csharp/coding-style.md +72 -0
package/.agent/rules/csharp/hooks.md +25 -0
package/.agent/rules/csharp/patterns.md +50 -0
package/.agent/rules/csharp/security.md +58 -0
package/.agent/rules/csharp/testing.md +46 -0
package/.agent/rules/dart/coding-style.md +159 -0
package/.agent/rules/dart/hooks.md +66 -0
package/.agent/rules/dart/patterns.md +261 -0
package/.agent/rules/dart/security.md +135 -0
package/.agent/rules/dart/testing.md +215 -0
package/.agent/rules/golang/coding-style.md +32 -0
package/.agent/rules/golang/hooks.md +17 -0
package/.agent/rules/golang/patterns.md +45 -0
package/.agent/rules/golang/security.md +34 -0
package/.agent/rules/golang/testing.md +31 -0
package/.agent/rules/java/coding-style.md +114 -0
package/.agent/rules/java/hooks.md +18 -0
package/.agent/rules/java/patterns.md +146 -0
package/.agent/rules/java/security.md +100 -0
package/.agent/rules/java/testing.md +131 -0
package/.agent/rules/kotlin/coding-style.md +86 -0
package/.agent/rules/kotlin/hooks.md +17 -0
package/.agent/rules/kotlin/patterns.md +146 -0
package/.agent/rules/kotlin/security.md +82 -0
package/.agent/rules/kotlin/testing.md +128 -0
package/.agent/rules/perl/coding-style.md +46 -0
package/.agent/rules/perl/hooks.md +22 -0
package/.agent/rules/perl/patterns.md +76 -0
package/.agent/rules/perl/security.md +69 -0
package/.agent/rules/perl/testing.md +54 -0
package/.agent/rules/php/coding-style.md +40 -0
package/.agent/rules/php/hooks.md +24 -0
package/.agent/rules/php/patterns.md +33 -0
package/.agent/rules/php/security.md +37 -0
package/.agent/rules/php/testing.md +39 -0
package/.agent/rules/python/coding-style.md +42 -0
package/.agent/rules/python/hooks.md +19 -0
package/.agent/rules/python/patterns.md +39 -0
package/.agent/rules/python/security.md +30 -0
package/.agent/rules/python/testing.md +38 -0
package/.agent/rules/readme.md +111 -0
package/.agent/rules/rust/coding-style.md +151 -0
package/.agent/rules/rust/hooks.md +16 -0
package/.agent/rules/rust/patterns.md +168 -0
package/.agent/rules/rust/security.md +141 -0
package/.agent/rules/rust/testing.md +154 -0
package/.agent/rules/swift/coding-style.md +47 -0
package/.agent/rules/swift/hooks.md +20 -0
package/.agent/rules/swift/patterns.md +66 -0
package/.agent/rules/swift/security.md +33 -0
package/.agent/rules/swift/testing.md +45 -0
package/.agent/rules/typescript/coding-style.md +199 -0
package/.agent/rules/typescript/hooks.md +22 -0
package/.agent/rules/typescript/patterns.md +52 -0
package/.agent/rules/typescript/security.md +28 -0
package/.agent/rules/typescript/testing.md +18 -0
package/.agent/rules/web/coding-style.md +96 -0
package/.agent/rules/web/design-quality.md +63 -0
package/.agent/rules/web/hooks.md +120 -0
package/.agent/rules/web/patterns.md +79 -0
package/.agent/rules/web/performance.md +64 -0
package/.agent/rules/web/security.md +57 -0
package/.agent/rules/web/testing.md +55 -0
package/.agent/rules/zh/agents.md +50 -0
package/.agent/rules/zh/code-review.md +124 -0
package/.agent/rules/zh/coding-style.md +48 -0
package/.agent/rules/zh/development-workflow.md +44 -0
package/.agent/rules/zh/git-workflow.md +24 -0
package/.agent/rules/zh/hooks.md +30 -0
package/.agent/rules/zh/patterns.md +31 -0
package/.agent/rules/zh/performance.md +55 -0
package/.agent/rules/zh/readme.md +108 -0
package/.agent/rules/zh/security.md +29 -0
package/.agent/rules/zh/testing.md +29 -0
package/.agent/scripts/auto_preview.py +148 -148
package/.agent/scripts/checklist.py +217 -217
package/.agent/scripts/session_manager.py +120 -120
package/.agent/scripts/verify_all.py +327 -327
package/.agent/skills/agent-eval/SKILL.md +145 -0
package/.agent/skills/agent-harness-construction/SKILL.md +73 -0
package/.agent/skills/agent-payment-x402/SKILL.md +178 -0
package/.agent/skills/agentic-engineering/SKILL.md +63 -0
package/.agent/skills/ai-first-engineering/SKILL.md +51 -0
package/.agent/skills/ai-regression-testing/SKILL.md +385 -0
package/.agent/skills/android-clean-architecture/SKILL.md +339 -0
package/.agent/skills/api-design/SKILL.md +523 -0
package/.agent/skills/api-patterns/SKILL.md +81 -81
package/.agent/skills/api-patterns/api-style.md +42 -42
package/.agent/skills/api-patterns/auth.md +24 -24
package/.agent/skills/api-patterns/documentation.md +26 -26
package/.agent/skills/api-patterns/graphql.md +41 -41
package/.agent/skills/api-patterns/rate-limiting.md +31 -31
package/.agent/skills/api-patterns/response.md +37 -37
package/.agent/skills/api-patterns/rest.md +40 -40
package/.agent/skills/api-patterns/scripts/api_validator.py +211 -211
package/.agent/skills/api-patterns/security-testing.md +122 -122
package/.agent/skills/api-patterns/trpc.md +41 -41
package/.agent/skills/api-patterns/versioning.md +22 -22
package/.agent/skills/app-builder/SKILL.md +75 -75
package/.agent/skills/app-builder/agent-coordination.md +71 -71
package/.agent/skills/app-builder/feature-building.md +53 -53
package/.agent/skills/app-builder/project-detection.md +34 -34
package/.agent/skills/app-builder/scaffolding.md +118 -118
package/.agent/skills/app-builder/tech-stack.md +41 -41
package/.agent/skills/app-builder/templates/SKILL.md +39 -39
package/.agent/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -76
package/.agent/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -92
package/.agent/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -88
package/.agent/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -88
package/.agent/skills/app-builder/templates/express-api/TEMPLATE.md +83 -83
package/.agent/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -90
package/.agent/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -90
package/.agent/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +122 -122
package/.agent/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +122 -122
package/.agent/skills/app-builder/templates/nextjs-static/TEMPLATE.md +169 -169
package/.agent/skills/app-builder/templates/nuxt-app/TEMPLATE.md +134 -134
package/.agent/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -83
package/.agent/skills/app-builder/templates/react-native-app/TEMPLATE.md +119 -119
package/.agent/skills/architecture/SKILL.md +55 -55
package/.agent/skills/architecture/context-discovery.md +43 -43
package/.agent/skills/architecture/examples.md +94 -94
package/.agent/skills/architecture/pattern-selection.md +68 -68
package/.agent/skills/architecture/patterns-reference.md +50 -50
package/.agent/skills/architecture/trade-off-analysis.md +77 -77
package/.agent/skills/architecture-decision-records/SKILL.md +179 -0
package/.agent/skills/article-writing/SKILL.md +79 -0
package/.agent/skills/autonomous-agent-harness/SKILL.md +267 -0
package/.agent/skills/autonomous-loops/SKILL.md +610 -0
package/.agent/skills/backend-patterns/SKILL.md +598 -0
package/.agent/skills/bash-linux/SKILL.md +199 -199
package/.agent/skills/behavioral-modes/SKILL.md +242 -242
package/.agent/skills/benchmark/SKILL.md +93 -0
package/.agent/skills/blueprint/SKILL.md +105 -0
package/.agent/skills/brainstorming/SKILL.md +163 -163
package/.agent/skills/brainstorming/dynamic-questioning.md +350 -350
package/.agent/skills/brand-voice/SKILL.md +97 -0
package/.agent/skills/brand-voice/references/voice-profile-schema.md +55 -0
package/.agent/skills/browser-qa/SKILL.md +87 -0
package/.agent/skills/bun-runtime/SKILL.md +84 -0
package/.agent/skills/canary-watch/SKILL.md +99 -0
package/.agent/skills/carrier-relationship-management/SKILL.md +212 -0
package/.agent/skills/ck/SKILL.md +147 -0
package/.agent/skills/ck/commands/forget.mjs +44 -0
package/.agent/skills/ck/commands/info.mjs +24 -0
package/.agent/skills/ck/commands/init.mjs +143 -0
package/.agent/skills/ck/commands/list.mjs +40 -0
package/.agent/skills/ck/commands/migrate.mjs +202 -0
package/.agent/skills/ck/commands/resume.mjs +36 -0
package/.agent/skills/ck/commands/save.mjs +210 -0
package/.agent/skills/ck/commands/shared.mjs +387 -0
package/.agent/skills/ck/hooks/session-start.mjs +224 -0
package/.agent/skills/claude-api/SKILL.md +337 -0
package/.agent/skills/claude-devfleet/SKILL.md +103 -0
package/.agent/skills/clean-code/SKILL.md +201 -201
package/.agent/skills/click-path-audit/SKILL.md +244 -0
package/.agent/skills/clickhouse-io/SKILL.md +439 -0
package/.agent/skills/code-review-checklist/SKILL.md +109 -109
package/.agent/skills/codebase-onboarding/SKILL.md +233 -0
package/.agent/skills/coding-standards/SKILL.md +530 -0
package/.agent/skills/compose-multiplatform-patterns/SKILL.md +299 -0
package/.agent/skills/configure-ecc/SKILL.md +367 -0
package/.agent/skills/connections-optimizer/SKILL.md +189 -0
package/.agent/skills/content-engine/SKILL.md +131 -0
package/.agent/skills/content-hash-cache-pattern/SKILL.md +161 -0
package/.agent/skills/context-budget/SKILL.md +135 -0
package/.agent/skills/continuous-agent-loop/SKILL.md +45 -0
package/.agent/skills/continuous-learning/SKILL.md +119 -0
package/.agent/skills/continuous-learning/config.json +18 -0
package/.agent/skills/continuous-learning/evaluate-session.sh +69 -0
package/.agent/skills/continuous-learning-v2/SKILL.md +365 -0
package/.agent/skills/continuous-learning-v2/agents/observer-loop.sh +271 -0
package/.agent/skills/continuous-learning-v2/agents/observer.md +198 -0
package/.agent/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
package/.agent/skills/continuous-learning-v2/agents/start-observer.sh +244 -0
package/.agent/skills/continuous-learning-v2/config.json +8 -0
package/.agent/skills/continuous-learning-v2/hooks/observe.sh +428 -0
package/.agent/skills/continuous-learning-v2/scripts/detect-project.sh +228 -0
package/.agent/skills/continuous-learning-v2/scripts/instinct-cli.py +1426 -0
package/.agent/skills/continuous-learning-v2/scripts/test-parse-instinct.py +984 -0
package/.agent/skills/cost-aware-llm-pipeline/SKILL.md +183 -0
package/.agent/skills/cpp-coding-standards/SKILL.md +723 -0
package/.agent/skills/cpp-testing/SKILL.md +324 -0
package/.agent/skills/crosspost/SKILL.md +111 -0
package/.agent/skills/csharp-testing/SKILL.md +321 -0
package/.agent/skills/customer-billing-ops/SKILL.md +140 -0
package/.agent/skills/customs-trade-compliance/SKILL.md +263 -0
package/.agent/skills/dart-flutter-patterns/SKILL.md +563 -0
package/.agent/skills/data-scraper-agent/SKILL.md +764 -0
package/.agent/skills/database-design/SKILL.md +52 -52
package/.agent/skills/database-design/database-selection.md +43 -43
package/.agent/skills/database-design/indexing.md +39 -39
package/.agent/skills/database-design/migrations.md +48 -48
package/.agent/skills/database-design/optimization.md +36 -36
package/.agent/skills/database-design/orm-selection.md +30 -30
package/.agent/skills/database-design/schema-design.md +56 -56
package/.agent/skills/database-design/scripts/schema_validator.py +172 -172
package/.agent/skills/database-migrations/SKILL.md +429 -0
package/.agent/skills/deep-research/SKILL.md +155 -0
package/.agent/skills/deployment-patterns/SKILL.md +427 -0
package/.agent/skills/deployment-procedures/SKILL.md +241 -241
package/.agent/skills/design-system/SKILL.md +82 -0
package/.agent/skills/django-patterns/SKILL.md +734 -0
package/.agent/skills/django-security/SKILL.md +593 -0
package/.agent/skills/django-tdd/SKILL.md +729 -0
package/.agent/skills/django-verification/SKILL.md +469 -0
package/.agent/skills/dmux-workflows/SKILL.md +191 -0
package/.agent/skills/doc.md +177 -177
package/.agent/skills/docker-patterns/SKILL.md +364 -0
package/.agent/skills/documentation-lookup/SKILL.md +90 -0
package/.agent/skills/documentation-templates/SKILL.md +194 -194
package/.agent/skills/dotnet-patterns/SKILL.md +321 -0
package/.agent/skills/e2e-testing/SKILL.md +326 -0
package/.agent/skills/energy-procurement/SKILL.md +228 -0
package/.agent/skills/enterprise-agent-ops/SKILL.md +50 -0
package/.agent/skills/eval-harness/SKILL.md +270 -0
package/.agent/skills/exa-search/SKILL.md +103 -0
package/.agent/skills/fal-ai-media/SKILL.md +284 -0
package/.agent/skills/flutter-dart-code-review/SKILL.md +435 -0
package/.agent/skills/foundation-models-on-device/SKILL.md +243 -0
package/.agent/skills/frontend-design/SKILL.md +452 -452
package/.agent/skills/frontend-design/animation-guide.md +331 -331
package/.agent/skills/frontend-design/color-system.md +311 -311
package/.agent/skills/frontend-design/decision-trees.md +418 -418
package/.agent/skills/frontend-design/motion-graphics.md +306 -306
package/.agent/skills/frontend-design/scripts/accessibility_checker.py +183 -183
package/.agent/skills/frontend-design/scripts/ux_audit.py +722 -722
package/.agent/skills/frontend-design/typography-system.md +345 -345
package/.agent/skills/frontend-design/ux-psychology.md +1116 -1116
package/.agent/skills/frontend-design/visual-effects.md +383 -383
package/.agent/skills/frontend-patterns/SKILL.md +642 -0
package/.agent/skills/frontend-slides/SKILL.md +184 -0
package/.agent/skills/frontend-slides/style-presets.md +330 -0
package/.agent/skills/game-development/2d-games/SKILL.md +119 -119
package/.agent/skills/game-development/3d-games/SKILL.md +135 -135
package/.agent/skills/game-development/SKILL.md +167 -167
package/.agent/skills/game-development/game-art/SKILL.md +185 -185
package/.agent/skills/game-development/game-audio/SKILL.md +190 -190
package/.agent/skills/game-development/game-design/SKILL.md +129 -129
package/.agent/skills/game-development/mobile-games/SKILL.md +108 -108
package/.agent/skills/game-development/multiplayer/SKILL.md +132 -132
package/.agent/skills/game-development/pc-games/SKILL.md +144 -144
package/.agent/skills/game-development/vr-ar/SKILL.md +123 -123
package/.agent/skills/game-development/web-games/SKILL.md +150 -150
package/.agent/skills/gan-style-harness/SKILL.md +278 -0
package/.agent/skills/geo-fundamentals/SKILL.md +156 -156
package/.agent/skills/geo-fundamentals/scripts/geo_checker.py +289 -289
package/.agent/skills/git-workflow/SKILL.md +715 -0
package/.agent/skills/golang-patterns/SKILL.md +674 -0
package/.agent/skills/golang-testing/SKILL.md +720 -0
package/.agent/skills/google-workspace-ops/SKILL.md +95 -0
package/.agent/skills/healthcare-cdss-patterns/SKILL.md +245 -0
package/.agent/skills/healthcare-emr-patterns/SKILL.md +159 -0
package/.agent/skills/healthcare-eval-harness/SKILL.md +207 -0
package/.agent/skills/healthcare-phi-compliance/SKILL.md +145 -0
package/.agent/skills/hexagonal-architecture/SKILL.md +276 -0
package/.agent/skills/i18n-localization/SKILL.md +154 -154
package/.agent/skills/i18n-localization/scripts/i18n_checker.py +241 -241
package/.agent/skills/intelligent-routing/SKILL.md +335 -335
package/.agent/skills/inventory-demand-planning/SKILL.md +247 -0
package/.agent/skills/investor-materials/SKILL.md +96 -0
package/.agent/skills/investor-outreach/SKILL.md +91 -0
package/.agent/skills/iterative-retrieval/SKILL.md +211 -0
package/.agent/skills/java-coding-standards/SKILL.md +147 -0
package/.agent/skills/jira-integration/SKILL.md +293 -0
package/.agent/skills/jpa-patterns/SKILL.md +151 -0
package/.agent/skills/kotlin-coroutines-flows/SKILL.md +284 -0
package/.agent/skills/kotlin-exposed-patterns/SKILL.md +719 -0
package/.agent/skills/kotlin-ktor-patterns/SKILL.md +689 -0
package/.agent/skills/kotlin-patterns/SKILL.md +711 -0
package/.agent/skills/kotlin-testing/SKILL.md +824 -0
package/.agent/skills/laravel-patterns/SKILL.md +415 -0
package/.agent/skills/laravel-plugin-discovery/SKILL.md +229 -0
package/.agent/skills/laravel-security/SKILL.md +285 -0
package/.agent/skills/laravel-tdd/SKILL.md +283 -0
package/.agent/skills/laravel-verification/SKILL.md +179 -0
package/.agent/skills/lead-intelligence/SKILL.md +321 -0
package/.agent/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
package/.agent/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
package/.agent/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
package/.agent/skills/lead-intelligence/agents/signal-scorer.md +60 -0
package/.agent/skills/lint-and-validate/SKILL.md +45 -45
package/.agent/skills/lint-and-validate/scripts/lint_runner.py +184 -184
package/.agent/skills/lint-and-validate/scripts/type_coverage.py +173 -173
package/.agent/skills/liquid-glass-design/SKILL.md +279 -0
package/.agent/skills/logistics-exception-management/SKILL.md +222 -0
package/.agent/skills/manim-video/SKILL.md +89 -0
package/.agent/skills/manim-video/assets/network-graph-scene.py +52 -0
package/.agent/skills/market-research/SKILL.md +75 -0
package/.agent/skills/mcp-builder/SKILL.md +173 -113
package/.agent/skills/mcp-builder/license.txt +202 -0
package/.agent/skills/mcp-builder/reference/evaluation.md +602 -0
package/.agent/skills/mcp-builder/reference/mcp-best-practices.md +249 -0
package/.agent/skills/mcp-builder/reference/node-mcp-server.md +970 -0
package/.agent/skills/mcp-builder/reference/python-mcp-server.md +719 -0
package/.agent/skills/mcp-builder/scripts/connections.py +151 -0
package/.agent/skills/mcp-builder/scripts/evaluation.py +373 -0
package/.agent/skills/mcp-builder/scripts/example-evaluation.xml +22 -0
package/.agent/skills/mcp-builder/scripts/requirements.txt +2 -0
package/.agent/skills/mcp-server-patterns/SKILL.md +67 -0
package/.agent/skills/mobile-design/SKILL.md +394 -394
package/.agent/skills/mobile-design/decision-trees.md +516 -516
package/.agent/skills/mobile-design/mobile-backend.md +491 -491
package/.agent/skills/mobile-design/mobile-color-system.md +420 -420
package/.agent/skills/mobile-design/mobile-debugging.md +122 -122
package/.agent/skills/mobile-design/mobile-design-thinking.md +357 -357
package/.agent/skills/mobile-design/mobile-navigation.md +458 -458
package/.agent/skills/mobile-design/mobile-performance.md +767 -767
package/.agent/skills/mobile-design/mobile-testing.md +356 -356
package/.agent/skills/mobile-design/mobile-typography.md +433 -433
package/.agent/skills/mobile-design/platform-android.md +666 -666
package/.agent/skills/mobile-design/platform-ios.md +561 -561
package/.agent/skills/mobile-design/scripts/mobile_audit.py +670 -670
package/.agent/skills/mobile-design/touch-psychology.md +537 -537
package/.agent/skills/nanoclaw-repl/SKILL.md +33 -0
package/.agent/skills/nestjs-patterns/SKILL.md +230 -0
package/.agent/skills/nextjs-react-expert/1-async-eliminating-waterfalls.md +351 -351
package/.agent/skills/nextjs-react-expert/2-bundle-bundle-size-optimization.md +240 -240
package/.agent/skills/nextjs-react-expert/3-server-server-side-performance.md +490 -490
package/.agent/skills/nextjs-react-expert/4-client-client-side-data-fetching.md +264 -264
package/.agent/skills/nextjs-react-expert/5-rerender-re-render-optimization.md +581 -581
package/.agent/skills/nextjs-react-expert/6-rendering-rendering-performance.md +432 -432
package/.agent/skills/nextjs-react-expert/7-js-javascript-performance.md +684 -684
package/.agent/skills/nextjs-react-expert/8-advanced-advanced-patterns.md +150 -150
package/.agent/skills/nextjs-react-expert/9-cache-components.md +103 -103
package/.agent/skills/nextjs-react-expert/SKILL.md +293 -293
package/.agent/skills/nextjs-react-expert/scripts/convert_rules.py +222 -222
package/.agent/skills/nextjs-react-expert/scripts/react_performance_checker.py +252 -252
package/.agent/skills/nextjs-turbopack/SKILL.md +44 -0
package/.agent/skills/nodejs-best-practices/SKILL.md +333 -333
package/.agent/skills/nutrient-document-processing/SKILL.md +167 -0
package/.agent/skills/nuxt4-patterns/SKILL.md +100 -0
package/.agent/skills/openclaw-persona-forge/SKILL.md +296 -0
package/.agent/skills/openclaw-persona-forge/gacha.py +224 -0
package/.agent/skills/openclaw-persona-forge/gacha.sh +5 -0
package/.agent/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
package/.agent/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
package/.agent/skills/openclaw-persona-forge/references/error-handling.md +53 -0
package/.agent/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
package/.agent/skills/openclaw-persona-forge/references/naming-system.md +39 -0
package/.agent/skills/openclaw-persona-forge/references/output-template.md +166 -0
package/.agent/skills/opensource-pipeline/SKILL.md +255 -0
package/.agent/skills/parallel-agents/SKILL.md +175 -175
package/.agent/skills/performance-profiling/SKILL.md +143 -143
package/.agent/skills/performance-profiling/scripts/lighthouse_audit.py +76 -76
package/.agent/skills/perl-patterns/SKILL.md +504 -0
package/.agent/skills/perl-security/SKILL.md +503 -0
package/.agent/skills/perl-testing/SKILL.md +475 -0
package/.agent/skills/plan-writing/SKILL.md +152 -152
package/.agent/skills/plankton-code-quality/SKILL.md +236 -0
package/.agent/skills/postgres-patterns/SKILL.md +147 -0
package/.agent/skills/powershell-windows/SKILL.md +167 -167
package/.agent/skills/product-lens/SKILL.md +85 -0
package/.agent/skills/production-scheduling/SKILL.md +238 -0
package/.agent/skills/project-flow-ops/SKILL.md +111 -0
package/.agent/skills/project-guidelines-example/SKILL.md +349 -0
package/.agent/skills/prompt-optimizer/SKILL.md +397 -0
package/.agent/skills/python-patterns/SKILL.md +750 -441
package/.agent/skills/python-testing/SKILL.md +816 -0
package/.agent/skills/pytorch-patterns/SKILL.md +396 -0
package/.agent/skills/quality-nonconformance/SKILL.md +260 -0
package/.agent/skills/ralphinho-rfc-pipeline/SKILL.md +67 -0
package/.agent/skills/red-team-tactics/SKILL.md +199 -199
package/.agent/skills/regex-vs-llm-structured-text/SKILL.md +220 -0
package/.agent/skills/remotion-video-creation/SKILL.md +43 -0
package/.agent/skills/remotion-video-creation/rules/3d.md +86 -0
package/.agent/skills/remotion-video-creation/rules/animations.md +29 -0
package/.agent/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
package/.agent/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
package/.agent/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
package/.agent/skills/remotion-video-creation/rules/assets.md +78 -0
package/.agent/skills/remotion-video-creation/rules/audio.md +172 -0
package/.agent/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
package/.agent/skills/remotion-video-creation/rules/can-decode.md +75 -0
package/.agent/skills/remotion-video-creation/rules/charts.md +58 -0
package/.agent/skills/remotion-video-creation/rules/compositions.md +146 -0
package/.agent/skills/remotion-video-creation/rules/display-captions.md +126 -0
package/.agent/skills/remotion-video-creation/rules/extract-frames.md +229 -0
package/.agent/skills/remotion-video-creation/rules/fonts.md +152 -0
package/.agent/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
package/.agent/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
package/.agent/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
package/.agent/skills/remotion-video-creation/rules/gifs.md +138 -0
package/.agent/skills/remotion-video-creation/rules/images.md +130 -0
package/.agent/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
package/.agent/skills/remotion-video-creation/rules/lottie.md +67 -0
package/.agent/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
package/.agent/skills/remotion-video-creation/rules/measuring-text.md +143 -0
package/.agent/skills/remotion-video-creation/rules/sequencing.md +106 -0
package/.agent/skills/remotion-video-creation/rules/tailwind.md +11 -0
package/.agent/skills/remotion-video-creation/rules/text-animations.md +20 -0
package/.agent/skills/remotion-video-creation/rules/timing.md +179 -0
package/.agent/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
package/.agent/skills/remotion-video-creation/rules/transitions.md +122 -0
package/.agent/skills/remotion-video-creation/rules/trimming.md +52 -0
package/.agent/skills/remotion-video-creation/rules/videos.md +171 -0
package/.agent/skills/repo-scan/SKILL.md +78 -0
package/.agent/skills/returns-reverse-logistics/SKILL.md +240 -0
package/.agent/skills/rules-distill/SKILL.md +264 -0
package/.agent/skills/rules-distill/scripts/scan-rules.sh +58 -0
package/.agent/skills/rules-distill/scripts/scan-skills.sh +129 -0
package/.agent/skills/rust-patterns/SKILL.md +499 -0
package/.agent/skills/rust-pro/SKILL.md +175 -175
package/.agent/skills/rust-testing/SKILL.md +500 -0
package/.agent/skills/safety-guard/SKILL.md +75 -0
package/.agent/skills/santa-method/SKILL.md +306 -0
package/.agent/skills/search-first/SKILL.md +161 -0
package/.agent/skills/security-review/SKILL.md +495 -0
package/.agent/skills/security-review/cloud-infrastructure-security.md +361 -0
package/.agent/skills/security-scan/SKILL.md +165 -0
package/.agent/skills/seo-fundamentals/SKILL.md +129 -129
package/.agent/skills/seo-fundamentals/scripts/seo_checker.py +219 -219
package/.agent/skills/server-management/SKILL.md +161 -161
package/.agent/skills/skill-comply/SKILL.md +58 -0
package/.agent/skills/skill-comply/fixtures/compliant-trace.jsonl +5 -0
package/.agent/skills/skill-comply/fixtures/noncompliant-trace.jsonl +3 -0
package/.agent/skills/skill-comply/fixtures/tdd-spec.yaml +44 -0
package/.agent/skills/skill-comply/prompts/classifier.md +24 -0
package/.agent/skills/skill-comply/prompts/scenario-generator.md +62 -0
package/.agent/skills/skill-comply/prompts/spec-generator.md +42 -0
package/.agent/skills/skill-comply/pyproject.toml +15 -0
package/.agent/skills/skill-comply/scripts/classifier.py +85 -0
package/.agent/skills/skill-comply/scripts/grader.py +122 -0
package/.agent/skills/skill-comply/scripts/init.py +0 -0
package/.agent/skills/skill-comply/scripts/parser.py +107 -0
package/.agent/skills/skill-comply/scripts/report.py +170 -0
package/.agent/skills/skill-comply/scripts/run.py +127 -0
package/.agent/skills/skill-comply/scripts/runner.py +161 -0
package/.agent/skills/skill-comply/scripts/scenario-generator.py +70 -0
package/.agent/skills/skill-comply/scripts/spec-generator.py +72 -0
package/.agent/skills/skill-comply/scripts/utils.py +13 -0
package/.agent/skills/skill-comply/tests/test-grader.py +137 -0
package/.agent/skills/skill-comply/tests/test-parser.py +90 -0
package/.agent/skills/skill-creator/SKILL.md +485 -0
package/.agent/skills/skill-creator/agents/analyzer.md +274 -0
package/.agent/skills/skill-creator/agents/comparator.md +202 -0
package/.agent/skills/skill-creator/agents/grader.md +223 -0
package/.agent/skills/skill-creator/assets/eval-review.html +146 -0
package/.agent/skills/skill-creator/eval-viewer/generate-review.py +471 -0
package/.agent/skills/skill-creator/eval-viewer/viewer.html +1325 -0
package/.agent/skills/skill-creator/license.txt +202 -0
package/.agent/skills/skill-creator/references/schemas.md +430 -0
package/.agent/skills/skill-creator/scripts/aggregate-benchmark.py +401 -0
package/.agent/skills/skill-creator/scripts/generate-report.py +326 -0
package/.agent/skills/skill-creator/scripts/improve-description.py +247 -0
package/.agent/skills/skill-creator/scripts/init.py +0 -0
package/.agent/skills/skill-creator/scripts/package-skill.py +136 -0
package/.agent/skills/skill-creator/scripts/quick-validate.py +103 -0
package/.agent/skills/skill-creator/scripts/run-eval.py +310 -0
package/.agent/skills/skill-creator/scripts/run-loop.py +328 -0
package/.agent/skills/skill-creator/scripts/utils.py +47 -0
package/.agent/skills/skill-stocktake/SKILL.md +193 -0
package/.agent/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
package/.agent/skills/skill-stocktake/scripts/save-results.sh +56 -0
package/.agent/skills/skill-stocktake/scripts/scan.sh +170 -0
package/.agent/skills/social-graph-ranker/SKILL.md +154 -0
package/.agent/skills/springboot-patterns/SKILL.md +314 -0
package/.agent/skills/springboot-security/SKILL.md +272 -0
package/.agent/skills/springboot-tdd/SKILL.md +158 -0
package/.agent/skills/springboot-verification/SKILL.md +231 -0
package/.agent/skills/strategic-compact/SKILL.md +131 -0
package/.agent/skills/strategic-compact/suggest-compact.sh +54 -0
package/.agent/skills/swift-actor-persistence/SKILL.md +143 -0
package/.agent/skills/swift-concurrency-6-2/SKILL.md +216 -0
package/.agent/skills/swift-protocol-di-testing/SKILL.md +190 -0
package/.agent/skills/swiftui-patterns/SKILL.md +259 -0
package/.agent/skills/systematic-debugging/SKILL.md +109 -109
package/.agent/skills/tailwind-patterns/SKILL.md +269 -269
package/.agent/skills/tdd-workflow/SKILL.md +463 -149
package/.agent/skills/team-builder/SKILL.md +168 -0
package/.agent/skills/testing-patterns/SKILL.md +178 -178
package/.agent/skills/testing-patterns/scripts/test_runner.py +219 -219
package/.agent/skills/token-budget-advisor/SKILL.md +133 -0
package/.agent/skills/ui-demo/SKILL.md +465 -0
package/.agent/skills/ui-ux-pro-max/SKILL.md +292 -292
package/.agent/skills/ui-ux-pro-max/data/icons.csv +101 -101
package/.agent/skills/ui-ux-pro-max/data/landing.csv +3 -3
package/.agent/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
package/.agent/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
package/.agent/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
package/.agent/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
package/.agent/skills/ui-ux-pro-max/data/typography.csv +57 -57
package/.agent/skills/ui-ux-pro-max/data/ui-reasoning.csv +101 -101
package/.agent/skills/ui-ux-pro-max/data/web-interface.csv +31 -31
package/.agent/skills/ui-ux-pro-max/scripts/core.py +253 -253
package/.agent/skills/ui-ux-pro-max/scripts/design_system.py +1067 -1067
package/.agent/skills/verification-loop/SKILL.md +126 -0
package/.agent/skills/video-editing/SKILL.md +310 -0
package/.agent/skills/videodb/SKILL.md +374 -0
package/.agent/skills/videodb/reference/api-reference.md +550 -0
package/.agent/skills/videodb/reference/capture-reference.md +407 -0
package/.agent/skills/videodb/reference/capture.md +101 -0
package/.agent/skills/videodb/reference/editor.md +443 -0
package/.agent/skills/videodb/reference/generative.md +331 -0
package/.agent/skills/videodb/reference/rtstream-reference.md +564 -0
package/.agent/skills/videodb/reference/rtstream.md +65 -0
package/.agent/skills/videodb/reference/search.md +230 -0
package/.agent/skills/videodb/reference/streaming.md +406 -0
package/.agent/skills/videodb/reference/use-cases.md +118 -0
package/.agent/skills/videodb/scripts/ws-listener.py +282 -0
package/.agent/skills/visa-doc-translate/SKILL.md +117 -0
package/.agent/skills/visa-doc-translate/readme.md +86 -0
package/.agent/skills/vulnerability-scanner/SKILL.md +276 -276
package/.agent/skills/vulnerability-scanner/checklists.md +121 -121
package/.agent/skills/vulnerability-scanner/scripts/security_scan.py +458 -458
package/.agent/skills/web-design-guidelines/SKILL.md +57 -57
package/.agent/skills/webapp-testing/SKILL.md +187 -187
package/.agent/skills/webapp-testing/scripts/playwright_runner.py +173 -173
package/.agent/skills/workspace-surface-audit/SKILL.md +125 -0
package/.agent/skills/x-api/SKILL.md +230 -0
package/.agent/tasks/lessons.md +40 -40
package/.agent/tasks/todo.md +33 -33
package/.agent/tasks/two-track-merge-contract.md +29 -0
package/.agent/workflows/aside.md +3 -3
package/.agent/workflows/brainstorm.md +113 -113
package/.agent/workflows/claw.md +13 -41
package/.agent/workflows/clean-memory.md +34 -0
package/.agent/workflows/code-review.md +260 -11
package/.agent/workflows/context-budget.md +12 -18
package/.agent/workflows/cpp-build.md +1 -1
package/.agent/workflows/cpp-review.md +4 -4
package/.agent/workflows/create.md +59 -59
package/.agent/workflows/debug.md +103 -103
package/.agent/workflows/deploy.md +176 -176
package/.agent/workflows/devfleet.md +13 -82
package/.agent/workflows/docs.md +13 -21
package/.agent/workflows/e2e.md +38 -135
package/.agent/workflows/enhance.md +63 -63
package/.agent/workflows/eval.md +15 -112
package/.agent/workflows/flutter-build.md +164 -0
package/.agent/workflows/flutter-review.md +116 -0
package/.agent/workflows/flutter-test.md +144 -0
package/.agent/workflows/gan-build.md +99 -0
package/.agent/workflows/gan-design.md +35 -0
package/.agent/workflows/go-build.md +1 -1
package/.agent/workflows/go-review.md +4 -4
package/.agent/workflows/harness-audit.md +5 -3
package/.agent/workflows/init-docs.md +46 -46
package/.agent/workflows/instinct-import.md +4 -4
package/.agent/workflows/jira.md +106 -0
package/.agent/workflows/kotlin-build.md +1 -1
package/.agent/workflows/kotlin-review.md +5 -5
package/.agent/workflows/learn-eval.md +9 -9
package/.agent/workflows/multi-plan.md +10 -10
package/.agent/workflows/orchestrate.md +23 -119
package/.agent/workflows/plan.md +2 -0
package/.agent/workflows/preview.md +81 -81
package/.agent/workflows/prompt-optimize.md +13 -28
package/.agent/workflows/prp-commit.md +112 -0
package/.agent/workflows/prp-implement.md +385 -0
package/.agent/workflows/prp-plan.md +502 -0
package/.agent/workflows/prp-pr.md +184 -0
package/.agent/workflows/prp-prd.md +447 -0
package/.agent/workflows/python-review.md +5 -5
package/.agent/workflows/refactor-clean.md +1 -1
package/.agent/workflows/resume-session.md +10 -10
package/.agent/workflows/rules-distill.md +14 -5
package/.agent/workflows/santa-loop.md +175 -0
package/.agent/workflows/save-session.md +9 -9
package/.agent/workflows/status.md +86 -86
package/.agent/workflows/tdd.md +30 -127
package/.agent/workflows/test-coverage.md +1 -1
package/.agent/workflows/test.md +144 -144
package/.agent/workflows/ui-ux-pro-max.md +295 -295
package/.agent/workflows/verify.md +15 -51
package/README.md +144 -136
package/RELEASE.md +32 -36
package/package.json +87 -79
package/scripts/release-check.js +1 -1
package/src/bin/cli.js +354 -78
package/src/lib/installer.js +151 -117
package/src/lib/manifests/stacks.js +122 -0
package/src/lib/slash-commands.js +28 -0
package/src/templates/claude/CLAUDE.en.md +42 -0
package/src/templates/claude/CLAUDE.md +42 -0
package/src/templates/claude/CLAUDE.vi.md +42 -0
package/src/templates/codex/AGENTS.en.md +40 -0
package/src/templates/codex/AGENTS.md +40 -0
package/src/templates/codex/AGENTS.vi.md +40 -0
package/src/templates/cursor/pilo-masterkit.mdc +20 -0
package/src/templates/gemini/GEMINI.en.md +56 -0
package/src/templates/gemini/GEMINI.md +56 -0
package/src/templates/gemini/GEMINI.vi.md +56 -0
package/src/templates/github/copilot-instructions.md +16 -0

package/.agent/skills/django-security/SKILL.md ADDED Viewed

@@ -0,0 +1,593 @@
+---
+name: django-security
+description: Django security best practices, authentication, authorization, CSRF protection, SQL injection prevention, XSS prevention, and secure deployment configurations.
+origin: ECC
+---
+# Django Security Best Practices
+Comprehensive security guidelines for Django applications to protect against common vulnerabilities.
+## When to Activate
+- Setting up Django authentication and authorization
+- Implementing user permissions and roles
+- Configuring production security settings
+- Reviewing Django application for security issues
+- Deploying Django applications to production
+## Core Security Settings
+### Production Settings Configuration
+```python
+# settings/production.py
+import os
+DEBUG = False  # CRITICAL: Never use True in production
+ALLOWED_HOSTS = os.environ.get('ALLOWED_HOSTS', '').split(',')
+# Security headers
+SECURE_SSL_REDIRECT = True
+SESSION_COOKIE_SECURE = True
+CSRF_COOKIE_SECURE = True
+SECURE_HSTS_SECONDS = 31536000  # 1 year
+SECURE_HSTS_INCLUDE_SUBDOMAINS = True
+SECURE_HSTS_PRELOAD = True
+SECURE_CONTENT_TYPE_NOSNIFF = True
+SECURE_BROWSER_XSS_FILTER = True
+X_FRAME_OPTIONS = 'DENY'
+# HTTPS and Cookies
+SESSION_COOKIE_HTTPONLY = True
+CSRF_COOKIE_HTTPONLY = True
+SESSION_COOKIE_SAMESITE = 'Lax'
+CSRF_COOKIE_SAMESITE = 'Lax'
+# Secret key (must be set via environment variable)
+SECRET_KEY = os.environ.get('DJANGO_SECRET_KEY')
+if not SECRET_KEY:
+    raise ImproperlyConfigured('DJANGO_SECRET_KEY environment variable is required')
+# Password validation
+AUTH_PASSWORD_VALIDATORS = [
+    {
+        'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator',
+        'OPTIONS': {
+            'min_length': 12,
+        }
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator',
+    },
+    {
+        'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator',
+    },
+]
+```
+## Authentication
+### Custom User Model
+```python
+# apps/users/models.py
+from django.contrib.auth.models import AbstractUser
+from django.db import models
+class User(AbstractUser):
+    """Custom user model for better security."""
+    email = models.EmailField(unique=True)
+    phone = models.CharField(max_length=20, blank=True)
+    USERNAME_FIELD = 'email'  # Use email as username
+    REQUIRED_FIELDS = ['username']
+    class Meta:
+        db_table = 'users'
+        verbose_name = 'User'
+        verbose_name_plural = 'Users'
+    def __str__(self):
+        return self.email
+# settings/base.py
+AUTH_USER_MODEL = 'users.User'
+```
+### Password Hashing
+```python
+# Django uses PBKDF2 by default. For stronger security:
+PASSWORD_HASHERS = [
+    'django.contrib.auth.hashers.Argon2PasswordHasher',
+    'django.contrib.auth.hashers.PBKDF2PasswordHasher',
+    'django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher',
+    'django.contrib.auth.hashers.BCryptSHA256PasswordHasher',
+]
+```
+### Session Management
+```python
+# Session configuration
+SESSION_ENGINE = 'django.contrib.sessions.backends.cache'  # Or 'db'
+SESSION_CACHE_ALIAS = 'default'
+SESSION_COOKIE_AGE = 3600 * 24 * 7  # 1 week
+SESSION_SAVE_EVERY_REQUEST = False
+SESSION_EXPIRE_AT_BROWSER_CLOSE = False  # Better UX, but less secure
+```
+## Authorization
+### Permissions
+```python
+# models.py
+from django.db import models
+from django.contrib.auth.models import Permission
+class Post(models.Model):
+    title = models.CharField(max_length=200)
+    content = models.TextField()
+    author = models.ForeignKey(User, on_delete=models.CASCADE)
+    class Meta:
+        permissions = [
+            ('can_publish', 'Can publish posts'),
+            ('can_edit_others', 'Can edit posts of others'),
+        ]
+    def user_can_edit(self, user):
+        """Check if user can edit this post."""
+        return self.author == user or user.has_perm('app.can_edit_others')
+# views.py
+from django.contrib.auth.mixins import LoginRequiredMixin, PermissionRequiredMixin
+from django.views.generic import UpdateView
+class PostUpdateView(LoginRequiredMixin, PermissionRequiredMixin, UpdateView):
+    model = Post
+    permission_required = 'app.can_edit_others'
+    raise_exception = True  # Return 403 instead of redirect
+    def get_queryset(self):
+        """Only allow users to edit their own posts."""
+        return Post.objects.filter(author=self.request.user)
+```
+### Custom Permissions
+```python
+# permissions.py
+from rest_framework import permissions
+class IsOwnerOrReadOnly(permissions.BasePermission):
+    """Allow only owners to edit objects."""
+    def has_object_permission(self, request, view, obj):
+        # Read permissions allowed for any request
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        # Write permissions only for owner
+        return obj.author == request.user
+class IsAdminOrReadOnly(permissions.BasePermission):
+    """Allow admins to do anything, others read-only."""
+    def has_permission(self, request, view):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return request.user and request.user.is_staff
+class IsVerifiedUser(permissions.BasePermission):
+    """Allow only verified users."""
+    def has_permission(self, request, view):
+        return request.user and request.user.is_authenticated and request.user.is_verified
+```
+### Role-Based Access Control (RBAC)
+```python
+# models.py
+from django.contrib.auth.models import AbstractUser, Group
+class User(AbstractUser):
+    ROLE_CHOICES = [
+        ('admin', 'Administrator'),
+        ('moderator', 'Moderator'),
+        ('user', 'Regular User'),
+    ]
+    role = models.CharField(max_length=20, choices=ROLE_CHOICES, default='user')
+    def is_admin(self):
+        return self.role == 'admin' or self.is_superuser
+    def is_moderator(self):
+        return self.role in ['admin', 'moderator']
+# Mixins
+class AdminRequiredMixin:
+    """Mixin to require admin role."""
+    def dispatch(self, request, *args, **kwargs):
+        if not request.user.is_authenticated or not request.user.is_admin():
+            from django.core.exceptions import PermissionDenied
+            raise PermissionDenied
+        return super().dispatch(request, *args, **kwargs)
+```
+## SQL Injection Prevention
+### Django ORM Protection
+```python
+# GOOD: Django ORM automatically escapes parameters
+def get_user(username):
+    return User.objects.get(username=username)  # Safe
+# GOOD: Using parameters with raw()
+def search_users(query):
+    return User.objects.raw('SELECT * FROM users WHERE username = %s', [query])
+# BAD: Never directly interpolate user input
+def get_user_bad(username):
+    return User.objects.raw(f'SELECT * FROM users WHERE username = {username}')  # VULNERABLE!
+# GOOD: Using filter with proper escaping
+def get_users_by_email(email):
+    return User.objects.filter(email__iexact=email)  # Safe
+# GOOD: Using Q objects for complex queries
+from django.db.models import Q
+def search_users_complex(query):
+    return User.objects.filter(
+        Q(username__icontains=query) |
+        Q(email__icontains=query)
+    )  # Safe
+```
+### Extra Security with raw()
+```python
+# If you must use raw SQL, always use parameters
+User.objects.raw(
+    'SELECT * FROM users WHERE email = %s AND status = %s',
+    [user_input_email, status]
+)
+```
+## XSS Prevention
+### Template Escaping
+```django
+{# Django auto-escapes variables by default - SAFE #}
+{{ user_input }}  {# Escaped HTML #}
+{# Explicitly mark safe only for trusted content #}
+{{ trusted_html|safe }}  {# Not escaped #}
+{# Use template filters for safe HTML #}
+{{ user_input|escape }}  {# Same as default #}
+{{ user_input|striptags }}  {# Remove all HTML tags #}
+{# JavaScript escaping #}
+<script>
+    var username = {{ username|escapejs }};
+</script>
+```
+### Safe String Handling
+```python
+from django.utils.safestring import mark_safe
+from django.utils.html import escape
+# BAD: Never mark user input as safe without escaping
+def render_bad(user_input):
+    return mark_safe(user_input)  # VULNERABLE!
+# GOOD: Escape first, then mark safe
+def render_good(user_input):
+    return mark_safe(escape(user_input))
+# GOOD: Use format_html for HTML with variables
+from django.utils.html import format_html
+def greet_user(username):
+    return format_html('<span class="user">{}</span>', escape(username))
+```
+### HTTP Headers
+```python
+# settings.py
+SECURE_CONTENT_TYPE_NOSNIFF = True  # Prevent MIME sniffing
+SECURE_BROWSER_XSS_FILTER = True  # Enable XSS filter
+X_FRAME_OPTIONS = 'DENY'  # Prevent clickjacking
+# Custom middleware
+from django.conf import settings
+class SecurityHeaderMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+    def __call__(self, request):
+        response = self.get_response(request)
+        response['X-Content-Type-Options'] = 'nosniff'
+        response['X-Frame-Options'] = 'DENY'
+        response['X-XSS-Protection'] = '1; mode=block'
+        response['Content-Security-Policy'] = "default-src 'self'"
+        return response
+```
+## CSRF Protection
+### Default CSRF Protection
+```python
+# settings.py - CSRF is enabled by default
+CSRF_COOKIE_SECURE = True  # Only send over HTTPS
+CSRF_COOKIE_HTTPONLY = True  # Prevent JavaScript access
+CSRF_COOKIE_SAMESITE = 'Lax'  # Prevent CSRF in some cases
+CSRF_TRUSTED_ORIGINS = ['https://example.com']  # Trusted domains
+# Template usage
+<form method="post">
+    {% csrf_token %}
+    {{ form.as_p }}
+    <button type="submit">Submit</button>
+</form>
+# AJAX requests
+function getCookie(name) {
+    let cookieValue = null;
+    if (document.cookie && document.cookie !== '') {
+        const cookies = document.cookie.split(';');
+        for (let i = 0; i < cookies.length; i++) {
+            const cookie = cookies[i].trim();
+            if (cookie.substring(0, name.length + 1) === (name + '=')) {
+                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
+                break;
+            }
+        }
+    }
+    return cookieValue;
+}
+fetch('/api/endpoint/', {
+    method: 'POST',
+    headers: {
+        'X-CSRFToken': getCookie('csrftoken'),
+        'Content-Type': 'application/json',
+    },
+    body: JSON.stringify(data)
+});
+```
+### Exempting Views (Use Carefully)
+```python
+from django.views.decorators.csrf import csrf_exempt
+@csrf_exempt  # Only use when absolutely necessary!
+def webhook_view(request):
+    # Webhook from external service
+    pass
+```
+## File Upload Security
+### File Validation
+```python
+import os
+from django.core.exceptions import ValidationError
+def validate_file_extension(value):
+    """Validate file extension."""
+    ext = os.path.splitext(value.name)[1]
+    valid_extensions = ['.jpg', '.jpeg', '.png', '.gif', '.pdf']
+    if not ext.lower() in valid_extensions:
+        raise ValidationError('Unsupported file extension.')
+def validate_file_size(value):
+    """Validate file size (max 5MB)."""
+    filesize = value.size
+    if filesize > 5 * 1024 * 1024:
+        raise ValidationError('File too large. Max size is 5MB.')
+# models.py
+class Document(models.Model):
+    file = models.FileField(
+        upload_to='documents/',
+        validators=[validate_file_extension, validate_file_size]
+    )
+```
+### Secure File Storage
+```python
+# settings.py
+MEDIA_ROOT = '/var/www/media/'
+MEDIA_URL = '/media/'
+# Use a separate domain for media in production
+MEDIA_DOMAIN = 'https://media.example.com'
+# Don't serve user uploads directly
+# Use whitenoise or a CDN for static files
+# Use a separate server or S3 for media files
+```
+## API Security
+### Rate Limiting
+```python
+# settings.py
+REST_FRAMEWORK = {
+    'DEFAULT_THROTTLE_CLASSES': [
+        'rest_framework.throttling.AnonRateThrottle',
+        'rest_framework.throttling.UserRateThrottle'
+    ],
+    'DEFAULT_THROTTLE_RATES': {
+        'anon': '100/day',
+        'user': '1000/day',
+        'upload': '10/hour',
+    }
+}
+# Custom throttle
+from rest_framework.throttling import UserRateThrottle
+class BurstRateThrottle(UserRateThrottle):
+    scope = 'burst'
+    rate = '60/min'
+class SustainedRateThrottle(UserRateThrottle):
+    scope = 'sustained'
+    rate = '1000/day'
+```
+### Authentication for APIs
+```python
+# settings.py
+REST_FRAMEWORK = {
+    'DEFAULT_AUTHENTICATION_CLASSES': [
+        'rest_framework.authentication.TokenAuthentication',
+        'rest_framework.authentication.SessionAuthentication',
+        'rest_framework_simplejwt.authentication.JWTAuthentication',
+    ],
+    'DEFAULT_PERMISSION_CLASSES': [
+        'rest_framework.permissions.IsAuthenticated',
+    ],
+}
+# views.py
+from rest_framework.decorators import api_view, permission_classes
+from rest_framework.permissions import IsAuthenticated
+@api_view(['GET', 'POST'])
+@permission_classes([IsAuthenticated])
+def protected_view(request):
+    return Response({'message': 'You are authenticated'})
+```
+## Security Headers
+### Content Security Policy
+```python
+# settings.py
+CSP_DEFAULT_SRC = "'self'"
+CSP_SCRIPT_SRC = "'self' https://cdn.example.com"
+CSP_STYLE_SRC = "'self' 'unsafe-inline'"
+CSP_IMG_SRC = "'self' data: https:"
+CSP_CONNECT_SRC = "'self' https://api.example.com"
+# Middleware
+class CSPMiddleware:
+    def __init__(self, get_response):
+        self.get_response = get_response
+    def __call__(self, request):
+        response = self.get_response(request)
+        response['Content-Security-Policy'] = (
+            f"default-src {CSP_DEFAULT_SRC}; "
+            f"script-src {CSP_SCRIPT_SRC}; "
+            f"style-src {CSP_STYLE_SRC}; "
+            f"img-src {CSP_IMG_SRC}; "
+            f"connect-src {CSP_CONNECT_SRC}"
+        )
+        return response
+```
+## Environment Variables
+### Managing Secrets
+```python
+# Use python-decouple or django-environ
+import environ
+env = environ.Env(
+    # set casting, default value
+    DEBUG=(bool, False)
+)
+# reading .env file
+environ.Env.read_env()
+SECRET_KEY = env('DJANGO_SECRET_KEY')
+DATABASE_URL = env('DATABASE_URL')
+ALLOWED_HOSTS = env.list('ALLOWED_HOSTS')
+# .env file (never commit this)
+DEBUG=False
+SECRET_KEY=your-secret-key-here
+DATABASE_URL=postgresql://user:password@localhost:5432/dbname
+ALLOWED_HOSTS=example.com,www.example.com
+```
+## Logging Security Events
+```python
+# settings.py
+LOGGING = {
+    'version': 1,
+    'disable_existing_loggers': False,
+    'handlers': {
+        'file': {
+            'level': 'WARNING',
+            'class': 'logging.FileHandler',
+            'filename': '/var/log/django/security.log',
+        },
+        'console': {
+            'level': 'INFO',
+            'class': 'logging.StreamHandler',
+        },
+    },
+    'loggers': {
+        'django.security': {
+            'handlers': ['file', 'console'],
+            'level': 'WARNING',
+            'propagate': True,
+        },
+        'django.request': {
+            'handlers': ['file'],
+            'level': 'ERROR',
+            'propagate': False,
+        },
+    },
+}
+```
+## Quick Security Checklist
+| Check | Description |
+|-------|-------------|
+| `DEBUG = False` | Never run with DEBUG in production |
+| HTTPS only | Force SSL, secure cookies |
+| Strong secrets | Use environment variables for SECRET_KEY |
+| Password validation | Enable all password validators |
+| CSRF protection | Enabled by default, don't disable |
+| XSS prevention | Django auto-escapes, don't use `&#124;safe` with user input |
+| SQL injection | Use ORM, never concatenate strings in queries |
+| File uploads | Validate file type and size |
+| Rate limiting | Throttle API endpoints |
+| Security headers | CSP, X-Frame-Options, HSTS |
+| Logging | Log security events |
+| Updates | Keep Django and dependencies updated |
+Remember: Security is a process, not a product. Regularly review and update your security practices.