npm - @heyai-rules/pilo-masterkit - Versions diffs - 1.2.2 → 2.2.0 - Mend

@heyai-rules/pilo-masterkit 1.2.2 → 2.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (709) hide show

package/.agent/agents/PILO_MASTER.md +77 -77
package/.agent/agents/backend-specialist.md +263 -263
package/.agent/agents/code-archaeologist.md +106 -106
package/.agent/agents/csharp-reviewer.md +101 -0
package/.agent/agents/dart-build-resolver.md +201 -0
package/.agent/agents/database-architect.md +226 -226
package/.agent/agents/debugger.md +225 -225
package/.agent/agents/devops-engineer.md +242 -242
package/.agent/agents/documentation-writer.md +104 -104
package/.agent/agents/explorer-agent.md +73 -73
package/.agent/agents/frontend-specialist.md +593 -593
package/.agent/agents/game-developer.md +162 -162
package/.agent/agents/gan-evaluator.md +209 -0
package/.agent/agents/gan-generator.md +131 -0
package/.agent/agents/gan-planner.md +99 -0
package/.agent/agents/healthcare-reviewer.md +83 -0
package/.agent/agents/mobile-developer.md +377 -377
package/.agent/agents/opensource-forker.md +198 -0
package/.agent/agents/opensource-packager.md +249 -0
package/.agent/agents/opensource-sanitizer.md +188 -0
package/.agent/agents/orchestrator.md +416 -416
package/.agent/agents/penetration-tester.md +188 -188
package/.agent/agents/performance-optimizer.md +446 -187
package/.agent/agents/personas/athena-agent/agent.json +10 -0
package/.agent/agents/personas/athena-agent/athena-backend-logic-architecture-profile.md +189 -0
package/.agent/agents/personas/athena-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/athena-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/athena-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/athena-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/athena-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/athena-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/da-vinci-agent/agent.json +10 -0
package/.agent/agents/personas/da-vinci-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/da-vinci-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/da-vinci-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/da-vinci-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/da-vinci-agent/da-vinci-frontend-ui-ux-design-profile.md +189 -0
package/.agent/agents/personas/da-vinci-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/da-vinci-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/duong-tang-agent/agent.json +10 -0
package/.agent/agents/personas/duong-tang-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/duong-tang-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/duong-tang-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/duong-tang-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/duong-tang-agent/tang-monk-quality-testing-documentation-profile.md +189 -0
package/.agent/agents/personas/duong-tang-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/duong-tang-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/gia-cat-luong-agent/agent.json +10 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/gia-cat-luong-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/gia-cat-luong-agent/kongming-research-strategy-analysis-profile.md +189 -0
package/.agent/agents/personas/gia-cat-luong-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/gia-cat-luong-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/mihata-agent/agent.json +10 -0
package/.agent/agents/personas/mihata-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/mihata-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/mihata-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/mihata-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/mihata-agent/mihata-multi-agent-orchestration-profile.md +189 -0
package/.agent/agents/personas/mihata-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/mihata-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/tesla-agent/agent.json +10 -0
package/.agent/agents/personas/tesla-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/tesla-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/tesla-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/tesla-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/tesla-agent/tesla-fullstack-system-optimization-profile.md +189 -0
package/.agent/agents/personas/tesla-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/tesla-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/tu-ma-y-agent/agent.json +10 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/tu-ma-y-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/tu-ma-y-agent/simayi-feasibility-risk-control-profile.md +189 -0
package/.agent/agents/personas/tu-ma-y-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/tu-ma-y-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/venti-agent/agent.json +10 -0
package/.agent/agents/personas/venti-agent/context-files/agents.md +55 -0
package/.agent/agents/personas/venti-agent/context-files/identity.md +23 -0
package/.agent/agents/personas/venti-agent/context-files/soul.md +51 -0
package/.agent/agents/personas/venti-agent/context-files/user-predefined.md +15 -0
package/.agent/agents/personas/venti-agent/user-context-files/system/bootstrap.md +37 -0
package/.agent/agents/personas/venti-agent/user-context-files/system/user.md +45 -0
package/.agent/agents/personas/venti-agent/venti-learning-communication-mentoring-profile.md +189 -0
package/.agent/agents/product-manager.md +112 -112
package/.agent/agents/product-owner.md +95 -95
package/.agent/agents/project-planner.md +406 -406
package/.agent/agents/qa-automation-engineer.md +103 -103
package/.agent/agents/security-auditor.md +170 -170
package/.agent/agents/seo-specialist.md +111 -111
package/.agent/agents/test-engineer.md +158 -158
package/.agent/contexts/dev.md +20 -0
package/.agent/contexts/research.md +26 -0
package/.agent/contexts/review.md +22 -0
package/.agent/hooks/hooks.json +395 -0
package/.agent/hooks/readme.md +222 -0
package/.agent/mcp-configs/mcp-servers.json +181 -0
package/.agent/rules/ARCHITECTURAL_BLUEPRINTS.md +62 -62
package/.agent/rules/CODE_CRAFTSMANSHIP.md +69 -69
package/.agent/rules/CORE_RULES.md +72 -72
package/.agent/rules/PROJECT_MAP.md +58 -58
package/.agent/rules/QUALITY_ASSURANCE.md +54 -54
package/.agent/rules/SECURITY_ARMOR.md +44 -44
package/.agent/rules/VERSION_ORCHESTRATION.md +64 -64
package/.agent/rules/WORKFLOW_ORCHESTRATION.md +55 -55
package/.agent/rules/common/agents.md +50 -0
package/.agent/rules/common/code-review.md +124 -0
package/.agent/rules/common/coding-style.md +48 -0
package/.agent/rules/common/development-workflow.md +44 -0
package/.agent/rules/common/git-workflow.md +24 -0
package/.agent/rules/common/hooks.md +30 -0
package/.agent/rules/common/patterns.md +31 -0
package/.agent/rules/common/performance.md +55 -0
package/.agent/rules/common/security.md +29 -0
package/.agent/rules/common/testing.md +29 -0
package/.agent/rules/cpp/coding-style.md +44 -0
package/.agent/rules/cpp/hooks.md +39 -0
package/.agent/rules/cpp/patterns.md +51 -0
package/.agent/rules/cpp/security.md +51 -0
package/.agent/rules/cpp/testing.md +44 -0
package/.agent/rules/csharp/coding-style.md +72 -0
package/.agent/rules/csharp/hooks.md +25 -0
package/.agent/rules/csharp/patterns.md +50 -0
package/.agent/rules/csharp/security.md +58 -0
package/.agent/rules/csharp/testing.md +46 -0
package/.agent/rules/dart/coding-style.md +159 -0
package/.agent/rules/dart/hooks.md +66 -0
package/.agent/rules/dart/patterns.md +261 -0
package/.agent/rules/dart/security.md +135 -0
package/.agent/rules/dart/testing.md +215 -0
package/.agent/rules/golang/coding-style.md +32 -0
package/.agent/rules/golang/hooks.md +17 -0
package/.agent/rules/golang/patterns.md +45 -0
package/.agent/rules/golang/security.md +34 -0
package/.agent/rules/golang/testing.md +31 -0
package/.agent/rules/java/coding-style.md +114 -0
package/.agent/rules/java/hooks.md +18 -0
package/.agent/rules/java/patterns.md +146 -0
package/.agent/rules/java/security.md +100 -0
package/.agent/rules/java/testing.md +131 -0
package/.agent/rules/kotlin/coding-style.md +86 -0
package/.agent/rules/kotlin/hooks.md +17 -0
package/.agent/rules/kotlin/patterns.md +146 -0
package/.agent/rules/kotlin/security.md +82 -0
package/.agent/rules/kotlin/testing.md +128 -0
package/.agent/rules/perl/coding-style.md +46 -0
package/.agent/rules/perl/hooks.md +22 -0
package/.agent/rules/perl/patterns.md +76 -0
package/.agent/rules/perl/security.md +69 -0
package/.agent/rules/perl/testing.md +54 -0
package/.agent/rules/php/coding-style.md +40 -0
package/.agent/rules/php/hooks.md +24 -0
package/.agent/rules/php/patterns.md +33 -0
package/.agent/rules/php/security.md +37 -0
package/.agent/rules/php/testing.md +39 -0
package/.agent/rules/python/coding-style.md +42 -0
package/.agent/rules/python/hooks.md +19 -0
package/.agent/rules/python/patterns.md +39 -0
package/.agent/rules/python/security.md +30 -0
package/.agent/rules/python/testing.md +38 -0
package/.agent/rules/readme.md +111 -0
package/.agent/rules/rust/coding-style.md +151 -0
package/.agent/rules/rust/hooks.md +16 -0
package/.agent/rules/rust/patterns.md +168 -0
package/.agent/rules/rust/security.md +141 -0
package/.agent/rules/rust/testing.md +154 -0
package/.agent/rules/swift/coding-style.md +47 -0
package/.agent/rules/swift/hooks.md +20 -0
package/.agent/rules/swift/patterns.md +66 -0
package/.agent/rules/swift/security.md +33 -0
package/.agent/rules/swift/testing.md +45 -0
package/.agent/rules/typescript/coding-style.md +199 -0
package/.agent/rules/typescript/hooks.md +22 -0
package/.agent/rules/typescript/patterns.md +52 -0
package/.agent/rules/typescript/security.md +28 -0
package/.agent/rules/typescript/testing.md +18 -0
package/.agent/rules/web/coding-style.md +96 -0
package/.agent/rules/web/design-quality.md +63 -0
package/.agent/rules/web/hooks.md +120 -0
package/.agent/rules/web/patterns.md +79 -0
package/.agent/rules/web/performance.md +64 -0
package/.agent/rules/web/security.md +57 -0
package/.agent/rules/web/testing.md +55 -0
package/.agent/rules/zh/agents.md +50 -0
package/.agent/rules/zh/code-review.md +124 -0
package/.agent/rules/zh/coding-style.md +48 -0
package/.agent/rules/zh/development-workflow.md +44 -0
package/.agent/rules/zh/git-workflow.md +24 -0
package/.agent/rules/zh/hooks.md +30 -0
package/.agent/rules/zh/patterns.md +31 -0
package/.agent/rules/zh/performance.md +55 -0
package/.agent/rules/zh/readme.md +108 -0
package/.agent/rules/zh/security.md +29 -0
package/.agent/rules/zh/testing.md +29 -0
package/.agent/scripts/auto_preview.py +148 -148
package/.agent/scripts/checklist.py +217 -217
package/.agent/scripts/session_manager.py +120 -120
package/.agent/scripts/verify_all.py +327 -327
package/.agent/skills/agent-eval/SKILL.md +145 -0
package/.agent/skills/agent-harness-construction/SKILL.md +73 -0
package/.agent/skills/agent-payment-x402/SKILL.md +178 -0
package/.agent/skills/agentic-engineering/SKILL.md +63 -0
package/.agent/skills/ai-first-engineering/SKILL.md +51 -0
package/.agent/skills/ai-regression-testing/SKILL.md +385 -0
package/.agent/skills/android-clean-architecture/SKILL.md +339 -0
package/.agent/skills/api-design/SKILL.md +523 -0
package/.agent/skills/api-patterns/SKILL.md +81 -81
package/.agent/skills/api-patterns/api-style.md +42 -42
package/.agent/skills/api-patterns/auth.md +24 -24
package/.agent/skills/api-patterns/documentation.md +26 -26
package/.agent/skills/api-patterns/graphql.md +41 -41
package/.agent/skills/api-patterns/rate-limiting.md +31 -31
package/.agent/skills/api-patterns/response.md +37 -37
package/.agent/skills/api-patterns/rest.md +40 -40
package/.agent/skills/api-patterns/scripts/api_validator.py +211 -211
package/.agent/skills/api-patterns/security-testing.md +122 -122
package/.agent/skills/api-patterns/trpc.md +41 -41
package/.agent/skills/api-patterns/versioning.md +22 -22
package/.agent/skills/app-builder/SKILL.md +75 -75
package/.agent/skills/app-builder/agent-coordination.md +71 -71
package/.agent/skills/app-builder/feature-building.md +53 -53
package/.agent/skills/app-builder/project-detection.md +34 -34
package/.agent/skills/app-builder/scaffolding.md +118 -118
package/.agent/skills/app-builder/tech-stack.md +41 -41
package/.agent/skills/app-builder/templates/SKILL.md +39 -39
package/.agent/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -76
package/.agent/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -92
package/.agent/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -88
package/.agent/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -88
package/.agent/skills/app-builder/templates/express-api/TEMPLATE.md +83 -83
package/.agent/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -90
package/.agent/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -90
package/.agent/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +122 -122
package/.agent/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +122 -122
package/.agent/skills/app-builder/templates/nextjs-static/TEMPLATE.md +169 -169
package/.agent/skills/app-builder/templates/nuxt-app/TEMPLATE.md +134 -134
package/.agent/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -83
package/.agent/skills/app-builder/templates/react-native-app/TEMPLATE.md +119 -119
package/.agent/skills/architecture/SKILL.md +55 -55
package/.agent/skills/architecture/context-discovery.md +43 -43
package/.agent/skills/architecture/examples.md +94 -94
package/.agent/skills/architecture/pattern-selection.md +68 -68
package/.agent/skills/architecture/patterns-reference.md +50 -50
package/.agent/skills/architecture/trade-off-analysis.md +77 -77
package/.agent/skills/architecture-decision-records/SKILL.md +179 -0
package/.agent/skills/article-writing/SKILL.md +79 -0
package/.agent/skills/autonomous-agent-harness/SKILL.md +267 -0
package/.agent/skills/autonomous-loops/SKILL.md +610 -0
package/.agent/skills/backend-patterns/SKILL.md +598 -0
package/.agent/skills/bash-linux/SKILL.md +199 -199
package/.agent/skills/behavioral-modes/SKILL.md +242 -242
package/.agent/skills/benchmark/SKILL.md +93 -0
package/.agent/skills/blueprint/SKILL.md +105 -0
package/.agent/skills/brainstorming/SKILL.md +163 -163
package/.agent/skills/brainstorming/dynamic-questioning.md +350 -350
package/.agent/skills/brand-voice/SKILL.md +97 -0
package/.agent/skills/brand-voice/references/voice-profile-schema.md +55 -0
package/.agent/skills/browser-qa/SKILL.md +87 -0
package/.agent/skills/bun-runtime/SKILL.md +84 -0
package/.agent/skills/canary-watch/SKILL.md +99 -0
package/.agent/skills/carrier-relationship-management/SKILL.md +212 -0
package/.agent/skills/ck/SKILL.md +147 -0
package/.agent/skills/ck/commands/forget.mjs +44 -0
package/.agent/skills/ck/commands/info.mjs +24 -0
package/.agent/skills/ck/commands/init.mjs +143 -0
package/.agent/skills/ck/commands/list.mjs +40 -0
package/.agent/skills/ck/commands/migrate.mjs +202 -0
package/.agent/skills/ck/commands/resume.mjs +36 -0
package/.agent/skills/ck/commands/save.mjs +210 -0
package/.agent/skills/ck/commands/shared.mjs +387 -0
package/.agent/skills/ck/hooks/session-start.mjs +224 -0
package/.agent/skills/claude-api/SKILL.md +337 -0
package/.agent/skills/claude-devfleet/SKILL.md +103 -0
package/.agent/skills/clean-code/SKILL.md +201 -201
package/.agent/skills/click-path-audit/SKILL.md +244 -0
package/.agent/skills/clickhouse-io/SKILL.md +439 -0
package/.agent/skills/code-review-checklist/SKILL.md +109 -109
package/.agent/skills/codebase-onboarding/SKILL.md +233 -0
package/.agent/skills/coding-standards/SKILL.md +530 -0
package/.agent/skills/compose-multiplatform-patterns/SKILL.md +299 -0
package/.agent/skills/configure-ecc/SKILL.md +367 -0
package/.agent/skills/connections-optimizer/SKILL.md +189 -0
package/.agent/skills/content-engine/SKILL.md +131 -0
package/.agent/skills/content-hash-cache-pattern/SKILL.md +161 -0
package/.agent/skills/context-budget/SKILL.md +135 -0
package/.agent/skills/continuous-agent-loop/SKILL.md +45 -0
package/.agent/skills/continuous-learning/SKILL.md +119 -0
package/.agent/skills/continuous-learning/config.json +18 -0
package/.agent/skills/continuous-learning/evaluate-session.sh +69 -0
package/.agent/skills/continuous-learning-v2/SKILL.md +365 -0
package/.agent/skills/continuous-learning-v2/agents/observer-loop.sh +271 -0
package/.agent/skills/continuous-learning-v2/agents/observer.md +198 -0
package/.agent/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
package/.agent/skills/continuous-learning-v2/agents/start-observer.sh +244 -0
package/.agent/skills/continuous-learning-v2/config.json +8 -0
package/.agent/skills/continuous-learning-v2/hooks/observe.sh +428 -0
package/.agent/skills/continuous-learning-v2/scripts/detect-project.sh +228 -0
package/.agent/skills/continuous-learning-v2/scripts/instinct-cli.py +1426 -0
package/.agent/skills/continuous-learning-v2/scripts/test-parse-instinct.py +984 -0
package/.agent/skills/cost-aware-llm-pipeline/SKILL.md +183 -0
package/.agent/skills/cpp-coding-standards/SKILL.md +723 -0
package/.agent/skills/cpp-testing/SKILL.md +324 -0
package/.agent/skills/crosspost/SKILL.md +111 -0
package/.agent/skills/csharp-testing/SKILL.md +321 -0
package/.agent/skills/customer-billing-ops/SKILL.md +140 -0
package/.agent/skills/customs-trade-compliance/SKILL.md +263 -0
package/.agent/skills/dart-flutter-patterns/SKILL.md +563 -0
package/.agent/skills/data-scraper-agent/SKILL.md +764 -0
package/.agent/skills/database-design/SKILL.md +52 -52
package/.agent/skills/database-design/database-selection.md +43 -43
package/.agent/skills/database-design/indexing.md +39 -39
package/.agent/skills/database-design/migrations.md +48 -48
package/.agent/skills/database-design/optimization.md +36 -36
package/.agent/skills/database-design/orm-selection.md +30 -30
package/.agent/skills/database-design/schema-design.md +56 -56
package/.agent/skills/database-design/scripts/schema_validator.py +172 -172
package/.agent/skills/database-migrations/SKILL.md +429 -0
package/.agent/skills/deep-research/SKILL.md +155 -0
package/.agent/skills/deployment-patterns/SKILL.md +427 -0
package/.agent/skills/deployment-procedures/SKILL.md +241 -241
package/.agent/skills/design-system/SKILL.md +82 -0
package/.agent/skills/django-patterns/SKILL.md +734 -0
package/.agent/skills/django-security/SKILL.md +593 -0
package/.agent/skills/django-tdd/SKILL.md +729 -0
package/.agent/skills/django-verification/SKILL.md +469 -0
package/.agent/skills/dmux-workflows/SKILL.md +191 -0
package/.agent/skills/doc.md +177 -177
package/.agent/skills/docker-patterns/SKILL.md +364 -0
package/.agent/skills/documentation-lookup/SKILL.md +90 -0
package/.agent/skills/documentation-templates/SKILL.md +194 -194
package/.agent/skills/dotnet-patterns/SKILL.md +321 -0
package/.agent/skills/e2e-testing/SKILL.md +326 -0
package/.agent/skills/energy-procurement/SKILL.md +228 -0
package/.agent/skills/enterprise-agent-ops/SKILL.md +50 -0
package/.agent/skills/eval-harness/SKILL.md +270 -0
package/.agent/skills/exa-search/SKILL.md +103 -0
package/.agent/skills/fal-ai-media/SKILL.md +284 -0
package/.agent/skills/flutter-dart-code-review/SKILL.md +435 -0
package/.agent/skills/foundation-models-on-device/SKILL.md +243 -0
package/.agent/skills/frontend-design/SKILL.md +452 -452
package/.agent/skills/frontend-design/animation-guide.md +331 -331
package/.agent/skills/frontend-design/color-system.md +311 -311
package/.agent/skills/frontend-design/decision-trees.md +418 -418
package/.agent/skills/frontend-design/motion-graphics.md +306 -306
package/.agent/skills/frontend-design/scripts/accessibility_checker.py +183 -183
package/.agent/skills/frontend-design/scripts/ux_audit.py +722 -722
package/.agent/skills/frontend-design/typography-system.md +345 -345
package/.agent/skills/frontend-design/ux-psychology.md +1116 -1116
package/.agent/skills/frontend-design/visual-effects.md +383 -383
package/.agent/skills/frontend-patterns/SKILL.md +642 -0
package/.agent/skills/frontend-slides/SKILL.md +184 -0
package/.agent/skills/frontend-slides/style-presets.md +330 -0
package/.agent/skills/game-development/2d-games/SKILL.md +119 -119
package/.agent/skills/game-development/3d-games/SKILL.md +135 -135
package/.agent/skills/game-development/SKILL.md +167 -167
package/.agent/skills/game-development/game-art/SKILL.md +185 -185
package/.agent/skills/game-development/game-audio/SKILL.md +190 -190
package/.agent/skills/game-development/game-design/SKILL.md +129 -129
package/.agent/skills/game-development/mobile-games/SKILL.md +108 -108
package/.agent/skills/game-development/multiplayer/SKILL.md +132 -132
package/.agent/skills/game-development/pc-games/SKILL.md +144 -144
package/.agent/skills/game-development/vr-ar/SKILL.md +123 -123
package/.agent/skills/game-development/web-games/SKILL.md +150 -150
package/.agent/skills/gan-style-harness/SKILL.md +278 -0
package/.agent/skills/geo-fundamentals/SKILL.md +156 -156
package/.agent/skills/geo-fundamentals/scripts/geo_checker.py +289 -289
package/.agent/skills/git-workflow/SKILL.md +715 -0
package/.agent/skills/golang-patterns/SKILL.md +674 -0
package/.agent/skills/golang-testing/SKILL.md +720 -0
package/.agent/skills/google-workspace-ops/SKILL.md +95 -0
package/.agent/skills/healthcare-cdss-patterns/SKILL.md +245 -0
package/.agent/skills/healthcare-emr-patterns/SKILL.md +159 -0
package/.agent/skills/healthcare-eval-harness/SKILL.md +207 -0
package/.agent/skills/healthcare-phi-compliance/SKILL.md +145 -0
package/.agent/skills/hexagonal-architecture/SKILL.md +276 -0
package/.agent/skills/i18n-localization/SKILL.md +154 -154
package/.agent/skills/i18n-localization/scripts/i18n_checker.py +241 -241
package/.agent/skills/intelligent-routing/SKILL.md +335 -335
package/.agent/skills/inventory-demand-planning/SKILL.md +247 -0
package/.agent/skills/investor-materials/SKILL.md +96 -0
package/.agent/skills/investor-outreach/SKILL.md +91 -0
package/.agent/skills/iterative-retrieval/SKILL.md +211 -0
package/.agent/skills/java-coding-standards/SKILL.md +147 -0
package/.agent/skills/jira-integration/SKILL.md +293 -0
package/.agent/skills/jpa-patterns/SKILL.md +151 -0
package/.agent/skills/kotlin-coroutines-flows/SKILL.md +284 -0
package/.agent/skills/kotlin-exposed-patterns/SKILL.md +719 -0
package/.agent/skills/kotlin-ktor-patterns/SKILL.md +689 -0
package/.agent/skills/kotlin-patterns/SKILL.md +711 -0
package/.agent/skills/kotlin-testing/SKILL.md +824 -0
package/.agent/skills/laravel-patterns/SKILL.md +415 -0
package/.agent/skills/laravel-plugin-discovery/SKILL.md +229 -0
package/.agent/skills/laravel-security/SKILL.md +285 -0
package/.agent/skills/laravel-tdd/SKILL.md +283 -0
package/.agent/skills/laravel-verification/SKILL.md +179 -0
package/.agent/skills/lead-intelligence/SKILL.md +321 -0
package/.agent/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
package/.agent/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
package/.agent/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
package/.agent/skills/lead-intelligence/agents/signal-scorer.md +60 -0
package/.agent/skills/lint-and-validate/SKILL.md +45 -45
package/.agent/skills/lint-and-validate/scripts/lint_runner.py +184 -184
package/.agent/skills/lint-and-validate/scripts/type_coverage.py +173 -173
package/.agent/skills/liquid-glass-design/SKILL.md +279 -0
package/.agent/skills/logistics-exception-management/SKILL.md +222 -0
package/.agent/skills/manim-video/SKILL.md +89 -0
package/.agent/skills/manim-video/assets/network-graph-scene.py +52 -0
package/.agent/skills/market-research/SKILL.md +75 -0
package/.agent/skills/mcp-builder/SKILL.md +173 -113
package/.agent/skills/mcp-builder/license.txt +202 -0
package/.agent/skills/mcp-builder/reference/evaluation.md +602 -0
package/.agent/skills/mcp-builder/reference/mcp-best-practices.md +249 -0
package/.agent/skills/mcp-builder/reference/node-mcp-server.md +970 -0
package/.agent/skills/mcp-builder/reference/python-mcp-server.md +719 -0
package/.agent/skills/mcp-builder/scripts/connections.py +151 -0
package/.agent/skills/mcp-builder/scripts/evaluation.py +373 -0
package/.agent/skills/mcp-builder/scripts/example-evaluation.xml +22 -0
package/.agent/skills/mcp-builder/scripts/requirements.txt +2 -0
package/.agent/skills/mcp-server-patterns/SKILL.md +67 -0
package/.agent/skills/mobile-design/SKILL.md +394 -394
package/.agent/skills/mobile-design/decision-trees.md +516 -516
package/.agent/skills/mobile-design/mobile-backend.md +491 -491
package/.agent/skills/mobile-design/mobile-color-system.md +420 -420
package/.agent/skills/mobile-design/mobile-debugging.md +122 -122
package/.agent/skills/mobile-design/mobile-design-thinking.md +357 -357
package/.agent/skills/mobile-design/mobile-navigation.md +458 -458
package/.agent/skills/mobile-design/mobile-performance.md +767 -767
package/.agent/skills/mobile-design/mobile-testing.md +356 -356
package/.agent/skills/mobile-design/mobile-typography.md +433 -433
package/.agent/skills/mobile-design/platform-android.md +666 -666
package/.agent/skills/mobile-design/platform-ios.md +561 -561
package/.agent/skills/mobile-design/scripts/mobile_audit.py +670 -670
package/.agent/skills/mobile-design/touch-psychology.md +537 -537
package/.agent/skills/nanoclaw-repl/SKILL.md +33 -0
package/.agent/skills/nestjs-patterns/SKILL.md +230 -0
package/.agent/skills/nextjs-react-expert/1-async-eliminating-waterfalls.md +351 -351
package/.agent/skills/nextjs-react-expert/2-bundle-bundle-size-optimization.md +240 -240
package/.agent/skills/nextjs-react-expert/3-server-server-side-performance.md +490 -490
package/.agent/skills/nextjs-react-expert/4-client-client-side-data-fetching.md +264 -264
package/.agent/skills/nextjs-react-expert/5-rerender-re-render-optimization.md +581 -581
package/.agent/skills/nextjs-react-expert/6-rendering-rendering-performance.md +432 -432
package/.agent/skills/nextjs-react-expert/7-js-javascript-performance.md +684 -684
package/.agent/skills/nextjs-react-expert/8-advanced-advanced-patterns.md +150 -150
package/.agent/skills/nextjs-react-expert/9-cache-components.md +103 -103
package/.agent/skills/nextjs-react-expert/SKILL.md +293 -293
package/.agent/skills/nextjs-react-expert/scripts/convert_rules.py +222 -222
package/.agent/skills/nextjs-react-expert/scripts/react_performance_checker.py +252 -252
package/.agent/skills/nextjs-turbopack/SKILL.md +44 -0
package/.agent/skills/nodejs-best-practices/SKILL.md +333 -333
package/.agent/skills/nutrient-document-processing/SKILL.md +167 -0
package/.agent/skills/nuxt4-patterns/SKILL.md +100 -0
package/.agent/skills/openclaw-persona-forge/SKILL.md +296 -0
package/.agent/skills/openclaw-persona-forge/gacha.py +224 -0
package/.agent/skills/openclaw-persona-forge/gacha.sh +5 -0
package/.agent/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
package/.agent/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
package/.agent/skills/openclaw-persona-forge/references/error-handling.md +53 -0
package/.agent/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
package/.agent/skills/openclaw-persona-forge/references/naming-system.md +39 -0
package/.agent/skills/openclaw-persona-forge/references/output-template.md +166 -0
package/.agent/skills/opensource-pipeline/SKILL.md +255 -0
package/.agent/skills/parallel-agents/SKILL.md +175 -175
package/.agent/skills/performance-profiling/SKILL.md +143 -143
package/.agent/skills/performance-profiling/scripts/lighthouse_audit.py +76 -76
package/.agent/skills/perl-patterns/SKILL.md +504 -0
package/.agent/skills/perl-security/SKILL.md +503 -0
package/.agent/skills/perl-testing/SKILL.md +475 -0
package/.agent/skills/plan-writing/SKILL.md +152 -152
package/.agent/skills/plankton-code-quality/SKILL.md +236 -0
package/.agent/skills/postgres-patterns/SKILL.md +147 -0
package/.agent/skills/powershell-windows/SKILL.md +167 -167
package/.agent/skills/product-lens/SKILL.md +85 -0
package/.agent/skills/production-scheduling/SKILL.md +238 -0
package/.agent/skills/project-flow-ops/SKILL.md +111 -0
package/.agent/skills/project-guidelines-example/SKILL.md +349 -0
package/.agent/skills/prompt-optimizer/SKILL.md +397 -0
package/.agent/skills/python-patterns/SKILL.md +750 -441
package/.agent/skills/python-testing/SKILL.md +816 -0
package/.agent/skills/pytorch-patterns/SKILL.md +396 -0
package/.agent/skills/quality-nonconformance/SKILL.md +260 -0
package/.agent/skills/ralphinho-rfc-pipeline/SKILL.md +67 -0
package/.agent/skills/red-team-tactics/SKILL.md +199 -199
package/.agent/skills/regex-vs-llm-structured-text/SKILL.md +220 -0
package/.agent/skills/remotion-video-creation/SKILL.md +43 -0
package/.agent/skills/remotion-video-creation/rules/3d.md +86 -0
package/.agent/skills/remotion-video-creation/rules/animations.md +29 -0
package/.agent/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
package/.agent/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
package/.agent/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
package/.agent/skills/remotion-video-creation/rules/assets.md +78 -0
package/.agent/skills/remotion-video-creation/rules/audio.md +172 -0
package/.agent/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
package/.agent/skills/remotion-video-creation/rules/can-decode.md +75 -0
package/.agent/skills/remotion-video-creation/rules/charts.md +58 -0
package/.agent/skills/remotion-video-creation/rules/compositions.md +146 -0
package/.agent/skills/remotion-video-creation/rules/display-captions.md +126 -0
package/.agent/skills/remotion-video-creation/rules/extract-frames.md +229 -0
package/.agent/skills/remotion-video-creation/rules/fonts.md +152 -0
package/.agent/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
package/.agent/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
package/.agent/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
package/.agent/skills/remotion-video-creation/rules/gifs.md +138 -0
package/.agent/skills/remotion-video-creation/rules/images.md +130 -0
package/.agent/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
package/.agent/skills/remotion-video-creation/rules/lottie.md +67 -0
package/.agent/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
package/.agent/skills/remotion-video-creation/rules/measuring-text.md +143 -0
package/.agent/skills/remotion-video-creation/rules/sequencing.md +106 -0
package/.agent/skills/remotion-video-creation/rules/tailwind.md +11 -0
package/.agent/skills/remotion-video-creation/rules/text-animations.md +20 -0
package/.agent/skills/remotion-video-creation/rules/timing.md +179 -0
package/.agent/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
package/.agent/skills/remotion-video-creation/rules/transitions.md +122 -0
package/.agent/skills/remotion-video-creation/rules/trimming.md +52 -0
package/.agent/skills/remotion-video-creation/rules/videos.md +171 -0
package/.agent/skills/repo-scan/SKILL.md +78 -0
package/.agent/skills/returns-reverse-logistics/SKILL.md +240 -0
package/.agent/skills/rules-distill/SKILL.md +264 -0
package/.agent/skills/rules-distill/scripts/scan-rules.sh +58 -0
package/.agent/skills/rules-distill/scripts/scan-skills.sh +129 -0
package/.agent/skills/rust-patterns/SKILL.md +499 -0
package/.agent/skills/rust-pro/SKILL.md +175 -175
package/.agent/skills/rust-testing/SKILL.md +500 -0
package/.agent/skills/safety-guard/SKILL.md +75 -0
package/.agent/skills/santa-method/SKILL.md +306 -0
package/.agent/skills/search-first/SKILL.md +161 -0
package/.agent/skills/security-review/SKILL.md +495 -0
package/.agent/skills/security-review/cloud-infrastructure-security.md +361 -0
package/.agent/skills/security-scan/SKILL.md +165 -0
package/.agent/skills/seo-fundamentals/SKILL.md +129 -129
package/.agent/skills/seo-fundamentals/scripts/seo_checker.py +219 -219
package/.agent/skills/server-management/SKILL.md +161 -161
package/.agent/skills/skill-comply/SKILL.md +58 -0
package/.agent/skills/skill-comply/fixtures/compliant-trace.jsonl +5 -0
package/.agent/skills/skill-comply/fixtures/noncompliant-trace.jsonl +3 -0
package/.agent/skills/skill-comply/fixtures/tdd-spec.yaml +44 -0
package/.agent/skills/skill-comply/prompts/classifier.md +24 -0
package/.agent/skills/skill-comply/prompts/scenario-generator.md +62 -0
package/.agent/skills/skill-comply/prompts/spec-generator.md +42 -0
package/.agent/skills/skill-comply/pyproject.toml +15 -0
package/.agent/skills/skill-comply/scripts/classifier.py +85 -0
package/.agent/skills/skill-comply/scripts/grader.py +122 -0
package/.agent/skills/skill-comply/scripts/init.py +0 -0
package/.agent/skills/skill-comply/scripts/parser.py +107 -0
package/.agent/skills/skill-comply/scripts/report.py +170 -0
package/.agent/skills/skill-comply/scripts/run.py +127 -0
package/.agent/skills/skill-comply/scripts/runner.py +161 -0
package/.agent/skills/skill-comply/scripts/scenario-generator.py +70 -0
package/.agent/skills/skill-comply/scripts/spec-generator.py +72 -0
package/.agent/skills/skill-comply/scripts/utils.py +13 -0
package/.agent/skills/skill-comply/tests/test-grader.py +137 -0
package/.agent/skills/skill-comply/tests/test-parser.py +90 -0
package/.agent/skills/skill-creator/SKILL.md +485 -0
package/.agent/skills/skill-creator/agents/analyzer.md +274 -0
package/.agent/skills/skill-creator/agents/comparator.md +202 -0
package/.agent/skills/skill-creator/agents/grader.md +223 -0
package/.agent/skills/skill-creator/assets/eval-review.html +146 -0
package/.agent/skills/skill-creator/eval-viewer/generate-review.py +471 -0
package/.agent/skills/skill-creator/eval-viewer/viewer.html +1325 -0
package/.agent/skills/skill-creator/license.txt +202 -0
package/.agent/skills/skill-creator/references/schemas.md +430 -0
package/.agent/skills/skill-creator/scripts/aggregate-benchmark.py +401 -0
package/.agent/skills/skill-creator/scripts/generate-report.py +326 -0
package/.agent/skills/skill-creator/scripts/improve-description.py +247 -0
package/.agent/skills/skill-creator/scripts/init.py +0 -0
package/.agent/skills/skill-creator/scripts/package-skill.py +136 -0
package/.agent/skills/skill-creator/scripts/quick-validate.py +103 -0
package/.agent/skills/skill-creator/scripts/run-eval.py +310 -0
package/.agent/skills/skill-creator/scripts/run-loop.py +328 -0
package/.agent/skills/skill-creator/scripts/utils.py +47 -0
package/.agent/skills/skill-stocktake/SKILL.md +193 -0
package/.agent/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
package/.agent/skills/skill-stocktake/scripts/save-results.sh +56 -0
package/.agent/skills/skill-stocktake/scripts/scan.sh +170 -0
package/.agent/skills/social-graph-ranker/SKILL.md +154 -0
package/.agent/skills/springboot-patterns/SKILL.md +314 -0
package/.agent/skills/springboot-security/SKILL.md +272 -0
package/.agent/skills/springboot-tdd/SKILL.md +158 -0
package/.agent/skills/springboot-verification/SKILL.md +231 -0
package/.agent/skills/strategic-compact/SKILL.md +131 -0
package/.agent/skills/strategic-compact/suggest-compact.sh +54 -0
package/.agent/skills/swift-actor-persistence/SKILL.md +143 -0
package/.agent/skills/swift-concurrency-6-2/SKILL.md +216 -0
package/.agent/skills/swift-protocol-di-testing/SKILL.md +190 -0
package/.agent/skills/swiftui-patterns/SKILL.md +259 -0
package/.agent/skills/systematic-debugging/SKILL.md +109 -109
package/.agent/skills/tailwind-patterns/SKILL.md +269 -269
package/.agent/skills/tdd-workflow/SKILL.md +463 -149
package/.agent/skills/team-builder/SKILL.md +168 -0
package/.agent/skills/testing-patterns/SKILL.md +178 -178
package/.agent/skills/testing-patterns/scripts/test_runner.py +219 -219
package/.agent/skills/token-budget-advisor/SKILL.md +133 -0
package/.agent/skills/ui-demo/SKILL.md +465 -0
package/.agent/skills/ui-ux-pro-max/SKILL.md +292 -292
package/.agent/skills/ui-ux-pro-max/data/icons.csv +101 -101
package/.agent/skills/ui-ux-pro-max/data/landing.csv +3 -3
package/.agent/skills/ui-ux-pro-max/data/react-performance.csv +45 -45
package/.agent/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -54
package/.agent/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -53
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -51
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -59
package/.agent/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -61
package/.agent/skills/ui-ux-pro-max/data/typography.csv +57 -57
package/.agent/skills/ui-ux-pro-max/data/ui-reasoning.csv +101 -101
package/.agent/skills/ui-ux-pro-max/data/web-interface.csv +31 -31
package/.agent/skills/ui-ux-pro-max/scripts/core.py +253 -253
package/.agent/skills/ui-ux-pro-max/scripts/design_system.py +1067 -1067
package/.agent/skills/verification-loop/SKILL.md +126 -0
package/.agent/skills/video-editing/SKILL.md +310 -0
package/.agent/skills/videodb/SKILL.md +374 -0
package/.agent/skills/videodb/reference/api-reference.md +550 -0
package/.agent/skills/videodb/reference/capture-reference.md +407 -0
package/.agent/skills/videodb/reference/capture.md +101 -0
package/.agent/skills/videodb/reference/editor.md +443 -0
package/.agent/skills/videodb/reference/generative.md +331 -0
package/.agent/skills/videodb/reference/rtstream-reference.md +564 -0
package/.agent/skills/videodb/reference/rtstream.md +65 -0
package/.agent/skills/videodb/reference/search.md +230 -0
package/.agent/skills/videodb/reference/streaming.md +406 -0
package/.agent/skills/videodb/reference/use-cases.md +118 -0
package/.agent/skills/videodb/scripts/ws-listener.py +282 -0
package/.agent/skills/visa-doc-translate/SKILL.md +117 -0
package/.agent/skills/visa-doc-translate/readme.md +86 -0
package/.agent/skills/vulnerability-scanner/SKILL.md +276 -276
package/.agent/skills/vulnerability-scanner/checklists.md +121 -121
package/.agent/skills/vulnerability-scanner/scripts/security_scan.py +458 -458
package/.agent/skills/web-design-guidelines/SKILL.md +57 -57
package/.agent/skills/webapp-testing/SKILL.md +187 -187
package/.agent/skills/webapp-testing/scripts/playwright_runner.py +173 -173
package/.agent/skills/workspace-surface-audit/SKILL.md +125 -0
package/.agent/skills/x-api/SKILL.md +230 -0
package/.agent/tasks/lessons.md +40 -40
package/.agent/tasks/todo.md +33 -33
package/.agent/tasks/two-track-merge-contract.md +29 -0
package/.agent/workflows/aside.md +3 -3
package/.agent/workflows/brainstorm.md +113 -113
package/.agent/workflows/claw.md +13 -41
package/.agent/workflows/clean-memory.md +34 -0
package/.agent/workflows/code-review.md +260 -11
package/.agent/workflows/context-budget.md +12 -18
package/.agent/workflows/cpp-build.md +1 -1
package/.agent/workflows/cpp-review.md +4 -4
package/.agent/workflows/create.md +59 -59
package/.agent/workflows/debug.md +103 -103
package/.agent/workflows/deploy.md +176 -176
package/.agent/workflows/devfleet.md +13 -82
package/.agent/workflows/docs.md +13 -21
package/.agent/workflows/e2e.md +38 -135
package/.agent/workflows/enhance.md +63 -63
package/.agent/workflows/eval.md +15 -112
package/.agent/workflows/flutter-build.md +164 -0
package/.agent/workflows/flutter-review.md +116 -0
package/.agent/workflows/flutter-test.md +144 -0
package/.agent/workflows/gan-build.md +99 -0
package/.agent/workflows/gan-design.md +35 -0
package/.agent/workflows/go-build.md +1 -1
package/.agent/workflows/go-review.md +4 -4
package/.agent/workflows/harness-audit.md +5 -3
package/.agent/workflows/init-docs.md +46 -46
package/.agent/workflows/instinct-import.md +4 -4
package/.agent/workflows/jira.md +106 -0
package/.agent/workflows/kotlin-build.md +1 -1
package/.agent/workflows/kotlin-review.md +5 -5
package/.agent/workflows/learn-eval.md +9 -9
package/.agent/workflows/multi-plan.md +10 -10
package/.agent/workflows/orchestrate.md +23 -119
package/.agent/workflows/plan.md +2 -0
package/.agent/workflows/preview.md +81 -81
package/.agent/workflows/prompt-optimize.md +13 -28
package/.agent/workflows/prp-commit.md +112 -0
package/.agent/workflows/prp-implement.md +385 -0
package/.agent/workflows/prp-plan.md +502 -0
package/.agent/workflows/prp-pr.md +184 -0
package/.agent/workflows/prp-prd.md +447 -0
package/.agent/workflows/python-review.md +5 -5
package/.agent/workflows/refactor-clean.md +1 -1
package/.agent/workflows/resume-session.md +10 -10
package/.agent/workflows/rules-distill.md +14 -5
package/.agent/workflows/santa-loop.md +175 -0
package/.agent/workflows/save-session.md +9 -9
package/.agent/workflows/status.md +86 -86
package/.agent/workflows/tdd.md +30 -127
package/.agent/workflows/test-coverage.md +1 -1
package/.agent/workflows/test.md +144 -144
package/.agent/workflows/ui-ux-pro-max.md +295 -295
package/.agent/workflows/verify.md +15 -51
package/README.md +163 -136
package/RELEASE.md +32 -36
package/SLASH_COMMANDS.md +121 -0
package/package.json +12 -3
package/scripts/release-check.js +1 -1
package/src/bin/cli.js +399 -53
package/src/lib/installer.js +360 -114
package/src/lib/manifests/stacks.js +122 -0
package/src/lib/slash-commands.js +28 -0
package/src/templates/claude/CLAUDE.en.md +42 -0
package/src/templates/claude/CLAUDE.md +42 -0
package/src/templates/claude/CLAUDE.vi.md +42 -0
package/src/templates/codex/AGENTS.en.md +40 -0
package/src/templates/codex/AGENTS.md +40 -0
package/src/templates/codex/AGENTS.vi.md +40 -0
package/src/templates/cursor/pilo-masterkit.mdc +20 -0
package/src/templates/gemini/GEMINI.en.md +56 -0
package/src/templates/gemini/GEMINI.md +56 -0
package/src/templates/gemini/GEMINI.vi.md +56 -0
package/src/templates/github/copilot-instructions.md +16 -0

package/.agent/skills/vulnerability-scanner/SKILL.md CHANGED Viewed

@@ -1,276 +1,276 @@
----
-name: vulnerability-scanner
-description: Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
-allowed-tools: Read, Glob, Grep, Bash
----
-# Vulnerability Scanner
-> Think like an attacker, defend like an expert. 2025 threat landscape awareness.
-## 🔧 Runtime Scripts
-**Execute for automated validation:**
-| Script | Purpose | Usage |
-|--------|---------|-------|
-| `scripts/security_scan.py` | Validate security principles applied | `python scripts/security_scan.py <project_path>` |
-## 📋 Reference Files
-| File | Purpose |
-|------|---------|
-| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |
----
-## 1. Security Expert Mindset
-### Core Principles
-| Principle | Application |
-|-----------|-------------|
-| **Assume Breach** | Design as if attacker already inside |
-| **Zero Trust** | Never trust, always verify |
-| **Defense in Depth** | Multiple layers, no single point |
-| **Least Privilege** | Minimum required access only |
-| **Fail Secure** | On error, deny access |
-### Threat Modeling Questions
-Before scanning, ask:
-1. What are we protecting? (Assets)
-2. Who would attack? (Threat actors)
-3. How would they attack? (Attack vectors)
-4. What's the impact? (Business risk)
----
-## 2. OWASP Top 10:2025
-### Risk Categories
-| Rank | Category | Think About |
-|------|----------|-------------|
-| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |
-| **A02** | Security Misconfiguration | Defaults, headers, exposed services |
-| **A03** | Software Supply Chain 🆕 | Dependencies, CI/CD, build integrity |
-| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |
-| **A05** | Injection | User input → system commands |
-| **A06** | Insecure Design | Flawed architecture |
-| **A07** | Authentication Failures | Session, credential management |
-| **A08** | Integrity Failures | Unsigned updates, tampered data |
-| **A09** | Logging & Alerting | Blind spots, no monitoring |
-| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |
-### 2025 Key Changes
-```
-2021 → 2025 Shifts:
-├── SSRF merged into A01 (Access Control)
-├── A02 elevated (Cloud/Container configs)
-├── A03 NEW: Supply Chain (major focus)
-├── A10 NEW: Exceptional Conditions
-└── Focus shift: Root causes > Symptoms
-```
----
-## 3. Supply Chain Security (A03)
-### Attack Surface
-| Vector | Risk | Question to Ask |
-|--------|------|-----------------|
-| **Dependencies** | Malicious packages | Do we audit new deps? |
-| **Lock files** | Integrity attacks | Are they committed? |
-| **Build pipeline** | CI/CD compromise | Who can modify? |
-| **Registry** | Typosquatting | Verified sources? |
-### Defense Principles
-- Verify package integrity (checksums)
-- Pin versions, audit updates
-- Use private registries for critical deps
-- Sign and verify artifacts
----
-## 4. Attack Surface Mapping
-### What to Map
-| Category | Elements |
-|----------|----------|
-| **Entry Points** | APIs, forms, file uploads |
-| **Data Flows** | Input → Process → Output |
-| **Trust Boundaries** | Where auth/authz checked |
-| **Assets** | Secrets, PII, business data |
-### Prioritization Matrix
-```
-Risk = Likelihood × Impact
-High Impact + High Likelihood → CRITICAL
-High Impact + Low Likelihood  → HIGH
-Low Impact + High Likelihood  → MEDIUM
-Low Impact + Low Likelihood   → LOW
-```
----
-## 5. Risk Prioritization
-### CVSS + Context
-| Factor | Weight | Question |
-|--------|--------|----------|
-| **CVSS Score** | Base severity | How severe is the vuln? |
-| **EPSS Score** | Exploit likelihood | Is it being exploited? |
-| **Asset Value** | Business context | What's at risk? |
-| **Exposure** | Attack surface | Internet-facing? |
-### Prioritization Decision Tree
-```
-Is it actively exploited (EPSS >0.5)?
-├── YES → CRITICAL: Immediate action
-└── NO → Check CVSS
-         ├── CVSS ≥9.0 → HIGH
-         ├── CVSS 7.0-8.9 → Consider asset value
-         └── CVSS <7.0 → Schedule for later
-```
----
-## 6. Exceptional Conditions (A10 - New)
-### Fail-Open vs Fail-Closed
-| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |
-|----------|-----------------|---------------------|
-| Auth error | Allow access | Deny access |
-| Parsing fails | Accept input | Reject input |
-| Timeout | Retry forever | Limit + abort |
-### What to Check
-- Exception handlers that catch-all and ignore
-- Missing error handling on security operations
-- Race conditions in auth/authz
-- Resource exhaustion scenarios
----
-## 7. Scanning Methodology
-### Phase-Based Approach
-```
-1. RECONNAISSANCE
-   └── Understand the target
-       ├── Technology stack
-       ├── Entry points
-       └── Data flows
-2. DISCOVERY
-   └── Identify potential issues
-       ├── Configuration review
-       ├── Dependency analysis
-       └── Code pattern search
-3. ANALYSIS
-   └── Validate and prioritize
-       ├── False positive elimination
-       ├── Risk scoring
-       └── Attack chain mapping
-4. REPORTING
-   └── Actionable findings
-       ├── Clear reproduction steps
-       ├── Business impact
-       └── Remediation guidance
-```
----
-## 8. Code Pattern Analysis
-### High-Risk Patterns
-| Pattern | Risk | Look For |
-|---------|------|----------|
-| **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
-| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
-| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
-| **Path manipulation** | Traversal | User input in file paths |
-| **Disabled security** | Various | `verify=False`, `--insecure` |
-### Secret Patterns
-| Type | Indicators |
-|------|-----------|
-| API Keys | `api_key`, `apikey`, high entropy |
-| Tokens | `token`, `bearer`, `jwt` |
-| Credentials | `password`, `secret`, `key` |
-| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |
----
-## 9. Cloud Security Considerations
-### Shared Responsibility
-| Layer | You Own | Provider Owns |
-|-------|---------|---------------|
-| Data | ✅ | ❌ |
-| Application | ✅ | ❌ |
-| OS/Runtime | Depends | Depends |
-| Infrastructure | ❌ | ✅ |
-### Cloud-Specific Checks
-- IAM: Least privilege applied?
-- Storage: Public buckets?
-- Network: Security groups tightened?
-- Secrets: Using secrets manager?
----
-## 10. Anti-Patterns
-| ❌ Don't | ✅ Do |
-|----------|-------|
-| Scan without understanding | Map attack surface first |
-| Alert on every CVE | Prioritize by exploitability + asset |
-| Ignore false positives | Maintain verified baseline |
-| Fix symptoms only | Address root causes |
-| Scan once before deploy | Continuous scanning |
-| Trust third-party deps blindly | Verify integrity, audit code |
----
-## 11. Reporting Principles
-### Finding Structure
-Each finding should answer:
-1. **What?** - Clear vulnerability description
-2. **Where?** - Exact location (file, line, endpoint)
-3. **Why?** - Root cause explanation
-4. **Impact?** - Business consequence
-5. **How to fix?** - Specific remediation
-### Severity Classification
-| Severity | Criteria |
-|----------|----------|
-| **Critical** | RCE, auth bypass, mass data exposure |
-| **High** | Data exposure, privilege escalation |
-| **Medium** | Limited scope, requires conditions |
-| **Low** | Informational, best practice |
----
-> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: "What would an attacker do with this?"
+---
+name: vulnerability-scanner
+description: Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
+allowed-tools: Read, Glob, Grep, Bash
+---
+# Vulnerability Scanner
+> Think like an attacker, defend like an expert. 2025 threat landscape awareness.
+## 🔧 Runtime Scripts
+**Execute for automated validation:**
+| Script | Purpose | Usage |
+|--------|---------|-------|
+| `scripts/security_scan.py` | Validate security principles applied | `python scripts/security_scan.py <project_path>` |
+## 📋 Reference Files
+| File | Purpose |
+|------|---------|
+| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |
+---
+## 1. Security Expert Mindset
+### Core Principles
+| Principle | Application |
+|-----------|-------------|
+| **Assume Breach** | Design as if attacker already inside |
+| **Zero Trust** | Never trust, always verify |
+| **Defense in Depth** | Multiple layers, no single point |
+| **Least Privilege** | Minimum required access only |
+| **Fail Secure** | On error, deny access |
+### Threat Modeling Questions
+Before scanning, ask:
+1. What are we protecting? (Assets)
+2. Who would attack? (Threat actors)
+3. How would they attack? (Attack vectors)
+4. What's the impact? (Business risk)
+---
+## 2. OWASP Top 10:2025
+### Risk Categories
+| Rank | Category | Think About |
+|------|----------|-------------|
+| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |
+| **A02** | Security Misconfiguration | Defaults, headers, exposed services |
+| **A03** | Software Supply Chain 🆕 | Dependencies, CI/CD, build integrity |
+| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |
+| **A05** | Injection | User input → system commands |
+| **A06** | Insecure Design | Flawed architecture |
+| **A07** | Authentication Failures | Session, credential management |
+| **A08** | Integrity Failures | Unsigned updates, tampered data |
+| **A09** | Logging & Alerting | Blind spots, no monitoring |
+| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |
+### 2025 Key Changes
+```
+2021 → 2025 Shifts:
+├── SSRF merged into A01 (Access Control)
+├── A02 elevated (Cloud/Container configs)
+├── A03 NEW: Supply Chain (major focus)
+├── A10 NEW: Exceptional Conditions
+└── Focus shift: Root causes > Symptoms
+```
+---
+## 3. Supply Chain Security (A03)
+### Attack Surface
+| Vector | Risk | Question to Ask |
+|--------|------|-----------------|
+| **Dependencies** | Malicious packages | Do we audit new deps? |
+| **Lock files** | Integrity attacks | Are they committed? |
+| **Build pipeline** | CI/CD compromise | Who can modify? |
+| **Registry** | Typosquatting | Verified sources? |
+### Defense Principles
+- Verify package integrity (checksums)
+- Pin versions, audit updates
+- Use private registries for critical deps
+- Sign and verify artifacts
+---
+## 4. Attack Surface Mapping
+### What to Map
+| Category | Elements |
+|----------|----------|
+| **Entry Points** | APIs, forms, file uploads |
+| **Data Flows** | Input → Process → Output |
+| **Trust Boundaries** | Where auth/authz checked |
+| **Assets** | Secrets, PII, business data |
+### Prioritization Matrix
+```
+Risk = Likelihood × Impact
+High Impact + High Likelihood → CRITICAL
+High Impact + Low Likelihood  → HIGH
+Low Impact + High Likelihood  → MEDIUM
+Low Impact + Low Likelihood   → LOW
+```
+---
+## 5. Risk Prioritization
+### CVSS + Context
+| Factor | Weight | Question |
+|--------|--------|----------|
+| **CVSS Score** | Base severity | How severe is the vuln? |
+| **EPSS Score** | Exploit likelihood | Is it being exploited? |
+| **Asset Value** | Business context | What's at risk? |
+| **Exposure** | Attack surface | Internet-facing? |
+### Prioritization Decision Tree
+```
+Is it actively exploited (EPSS >0.5)?
+├── YES → CRITICAL: Immediate action
+└── NO → Check CVSS
+         ├── CVSS ≥9.0 → HIGH
+         ├── CVSS 7.0-8.9 → Consider asset value
+         └── CVSS <7.0 → Schedule for later
+```
+---
+## 6. Exceptional Conditions (A10 - New)
+### Fail-Open vs Fail-Closed
+| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |
+|----------|-----------------|---------------------|
+| Auth error | Allow access | Deny access |
+| Parsing fails | Accept input | Reject input |
+| Timeout | Retry forever | Limit + abort |
+### What to Check
+- Exception handlers that catch-all and ignore
+- Missing error handling on security operations
+- Race conditions in auth/authz
+- Resource exhaustion scenarios
+---
+## 7. Scanning Methodology
+### Phase-Based Approach
+```
+1. RECONNAISSANCE
+   └── Understand the target
+       ├── Technology stack
+       ├── Entry points
+       └── Data flows
+2. DISCOVERY
+   └── Identify potential issues
+       ├── Configuration review
+       ├── Dependency analysis
+       └── Code pattern search
+3. ANALYSIS
+   └── Validate and prioritize
+       ├── False positive elimination
+       ├── Risk scoring
+       └── Attack chain mapping
+4. REPORTING
+   └── Actionable findings
+       ├── Clear reproduction steps
+       ├── Business impact
+       └── Remediation guidance
+```
+---
+## 8. Code Pattern Analysis
+### High-Risk Patterns
+| Pattern | Risk | Look For |
+|---------|------|----------|
+| **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
+| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
+| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
+| **Path manipulation** | Traversal | User input in file paths |
+| **Disabled security** | Various | `verify=False`, `--insecure` |
+### Secret Patterns
+| Type | Indicators |
+|------|-----------|
+| API Keys | `api_key`, `apikey`, high entropy |
+| Tokens | `token`, `bearer`, `jwt` |
+| Credentials | `password`, `secret`, `key` |
+| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |
+---
+## 9. Cloud Security Considerations
+### Shared Responsibility
+| Layer | You Own | Provider Owns |
+|-------|---------|---------------|
+| Data | ✅ | ❌ |
+| Application | ✅ | ❌ |
+| OS/Runtime | Depends | Depends |
+| Infrastructure | ❌ | ✅ |
+### Cloud-Specific Checks
+- IAM: Least privilege applied?
+- Storage: Public buckets?
+- Network: Security groups tightened?
+- Secrets: Using secrets manager?
+---
+## 10. Anti-Patterns
+| ❌ Don't | ✅ Do |
+|----------|-------|
+| Scan without understanding | Map attack surface first |
+| Alert on every CVE | Prioritize by exploitability + asset |
+| Ignore false positives | Maintain verified baseline |
+| Fix symptoms only | Address root causes |
+| Scan once before deploy | Continuous scanning |
+| Trust third-party deps blindly | Verify integrity, audit code |
+---
+## 11. Reporting Principles
+### Finding Structure
+Each finding should answer:
+1. **What?** - Clear vulnerability description
+2. **Where?** - Exact location (file, line, endpoint)
+3. **Why?** - Root cause explanation
+4. **Impact?** - Business consequence
+5. **How to fix?** - Specific remediation
+### Severity Classification
+| Severity | Criteria |
+|----------|----------|
+| **Critical** | RCE, auth bypass, mass data exposure |
+| **High** | Data exposure, privilege escalation |
+| **Medium** | Limited scope, requires conditions |
+| **Low** | Informational, best practice |
+---
+> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: "What would an attacker do with this?"