npm - @heytherevibin/skillforge - Versions diffs - 0.2.1 - Mend

@heytherevibin/skillforge 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (402) hide show

package/CHANGELOG.md +16 -0
package/CODE_OF_CONDUCT.md +34 -0
package/CONTRIBUTING.md +38 -0
package/LICENSE +21 -0
package/README.md +337 -0
package/RELEASING.md +93 -0
package/SECURITY.md +31 -0
package/STRATEGY.md +26 -0
package/bin/cli.js +547 -0
package/lib/packs.js +184 -0
package/package.json +38 -0
package/python/app/__init__.py +0 -0
package/python/app/__pycache__/__init__.cpython-312.pyc +0 -0
package/python/app/__pycache__/auth.cpython-312.pyc +0 -0
package/python/app/__pycache__/main.cpython-312.pyc +0 -0
package/python/app/auth.py +63 -0
package/python/app/cli.py +78 -0
package/python/app/db_paths.py +26 -0
package/python/app/events_cli.py +175 -0
package/python/app/main.py +647 -0
package/python/app/materialize.py +138 -0
package/python/app/mcp_server.py +610 -0
package/python/app/route_cli.py +117 -0
package/python/requirements-dev.txt +1 -0
package/python/requirements.txt +7 -0
package/python/tests/test_db_paths.py +41 -0
package/skills/accessibility/SKILL.md +145 -0
package/skills/agent-architecture-audit/SKILL.md +256 -0
package/skills/agent-eval/SKILL.md +144 -0
package/skills/agent-harness-construction/SKILL.md +72 -0
package/skills/agent-introspection-debugging/SKILL.md +152 -0
package/skills/agent-payment-x402/SKILL.md +224 -0
package/skills/agent-sort/SKILL.md +214 -0
package/skills/agentic-engineering/SKILL.md +62 -0
package/skills/agentic-os/SKILL.md +386 -0
package/skills/ai-first-engineering/SKILL.md +50 -0
package/skills/ai-regression-testing/SKILL.md +384 -0
package/skills/android-clean-architecture/SKILL.md +338 -0
package/skills/angular-developer/SKILL.md +153 -0
package/skills/angular-developer/references/angular-animations.md +160 -0
package/skills/angular-developer/references/angular-aria.md +410 -0
package/skills/angular-developer/references/cli.md +86 -0
package/skills/angular-developer/references/component-harnesses.md +59 -0
package/skills/angular-developer/references/component-styling.md +91 -0
package/skills/angular-developer/references/components.md +117 -0
package/skills/angular-developer/references/creating-services.md +97 -0
package/skills/angular-developer/references/data-resolvers.md +69 -0
package/skills/angular-developer/references/define-routes.md +67 -0
package/skills/angular-developer/references/defining-providers.md +72 -0
package/skills/angular-developer/references/di-fundamentals.md +120 -0
package/skills/angular-developer/references/e2e-testing.md +56 -0
package/skills/angular-developer/references/effects.md +83 -0
package/skills/angular-developer/references/hierarchical-injectors.md +43 -0
package/skills/angular-developer/references/host-elements.md +80 -0
package/skills/angular-developer/references/injection-context.md +63 -0
package/skills/angular-developer/references/inputs.md +101 -0
package/skills/angular-developer/references/linked-signal.md +59 -0
package/skills/angular-developer/references/loading-strategies.md +61 -0
package/skills/angular-developer/references/mcp.md +108 -0
package/skills/angular-developer/references/navigate-to-routes.md +69 -0
package/skills/angular-developer/references/outputs.md +86 -0
package/skills/angular-developer/references/reactive-forms.md +122 -0
package/skills/angular-developer/references/rendering-strategies.md +44 -0
package/skills/angular-developer/references/resource.md +77 -0
package/skills/angular-developer/references/route-animations.md +56 -0
package/skills/angular-developer/references/route-guards.md +52 -0
package/skills/angular-developer/references/router-lifecycle.md +45 -0
package/skills/angular-developer/references/router-testing.md +87 -0
package/skills/angular-developer/references/show-routes-with-outlets.md +68 -0
package/skills/angular-developer/references/signal-forms.md +795 -0
package/skills/angular-developer/references/signals-overview.md +94 -0
package/skills/angular-developer/references/tailwind-css.md +69 -0
package/skills/angular-developer/references/template-driven-forms.md +114 -0
package/skills/angular-developer/references/testing-fundamentals.md +65 -0
package/skills/api-connector-builder/SKILL.md +120 -0
package/skills/api-design/SKILL.md +522 -0
package/skills/architecture-decision-records/SKILL.md +178 -0
package/skills/article-writing/SKILL.md +78 -0
package/skills/automation-audit-ops/SKILL.md +141 -0
package/skills/autonomous-agent-harness/SKILL.md +272 -0
package/skills/autonomous-loops/SKILL.md +609 -0
package/skills/backend-patterns/SKILL.md +560 -0
package/skills/benchmark/SKILL.md +92 -0
package/skills/blueprint/SKILL.md +104 -0
package/skills/browser-qa/SKILL.md +86 -0
package/skills/bun-runtime/SKILL.md +83 -0
package/skills/canary-watch/SKILL.md +98 -0
package/skills/carrier-relationship-management/SKILL.md +211 -0
package/skills/cisco-ios-patterns/SKILL.md +163 -0
package/skills/ck/SKILL.md +147 -0
package/skills/ck/commands/forget.mjs +44 -0
package/skills/ck/commands/info.mjs +24 -0
package/skills/ck/commands/init.mjs +143 -0
package/skills/ck/commands/list.mjs +40 -0
package/skills/ck/commands/migrate.mjs +202 -0
package/skills/ck/commands/resume.mjs +36 -0
package/skills/ck/commands/save.mjs +210 -0
package/skills/ck/commands/shared.mjs +387 -0
package/skills/ck/hooks/session-start.mjs +224 -0
package/skills/claude-devfleet/SKILL.md +103 -0
package/skills/click-path-audit/SKILL.md +244 -0
package/skills/clickhouse-io/SKILL.md +438 -0
package/skills/code-tour/SKILL.md +235 -0
package/skills/codebase-onboarding/SKILL.md +232 -0
package/skills/coding-standards/SKILL.md +548 -0
package/skills/compose-multiplatform-patterns/SKILL.md +298 -0
package/skills/connections-optimizer/SKILL.md +188 -0
package/skills/content-engine/SKILL.md +126 -0
package/skills/content-hash-cache-pattern/SKILL.md +160 -0
package/skills/context-budget/SKILL.md +134 -0
package/skills/continuous-agent-loop/SKILL.md +44 -0
package/skills/continuous-learning/SKILL.md +129 -0
package/skills/continuous-learning/config.json +18 -0
package/skills/continuous-learning/evaluate-session.sh +69 -0
package/skills/continuous-learning-v2/SKILL.md +358 -0
package/skills/continuous-learning-v2/agents/observer-loop.sh +322 -0
package/skills/continuous-learning-v2/agents/observer.md +198 -0
package/skills/continuous-learning-v2/agents/session-guardian.sh +150 -0
package/skills/continuous-learning-v2/agents/start-observer.sh +248 -0
package/skills/continuous-learning-v2/config.json +8 -0
package/skills/continuous-learning-v2/hooks/observe.sh +476 -0
package/skills/continuous-learning-v2/scripts/detect-project.sh +288 -0
package/skills/continuous-learning-v2/scripts/instinct-cli.py +1519 -0
package/skills/continuous-learning-v2/scripts/lib/homunculus-dir.sh +31 -0
package/skills/continuous-learning-v2/scripts/migrate-homunculus.sh +62 -0
package/skills/continuous-learning-v2/scripts/test_parse_instinct.py +1018 -0
package/skills/cost-aware-llm-pipeline/SKILL.md +182 -0
package/skills/cost-tracking/SKILL.md +147 -0
package/skills/council/SKILL.md +202 -0
package/skills/cpp-coding-standards/SKILL.md +722 -0
package/skills/cpp-testing/SKILL.md +323 -0
package/skills/crosspost/SKILL.md +110 -0
package/skills/csharp-testing/SKILL.md +320 -0
package/skills/customer-billing-ops/SKILL.md +139 -0
package/skills/customs-trade-compliance/SKILL.md +262 -0
package/skills/dart-flutter-patterns/SKILL.md +562 -0
package/skills/dashboard-builder/SKILL.md +108 -0
package/skills/data-scraper-agent/SKILL.md +764 -0
package/skills/database-migrations/SKILL.md +428 -0
package/skills/deep-research/SKILL.md +158 -0
package/skills/defi-amm-security/SKILL.md +166 -0
package/skills/deployment-patterns/SKILL.md +426 -0
package/skills/design-system/SKILL.md +81 -0
package/skills/django-celery/SKILL.md +456 -0
package/skills/django-patterns/SKILL.md +733 -0
package/skills/django-security/SKILL.md +592 -0
package/skills/django-tdd/SKILL.md +728 -0
package/skills/django-verification/SKILL.md +468 -0
package/skills/dmux-workflows/SKILL.md +190 -0
package/skills/docker-patterns/SKILL.md +363 -0
package/skills/documentation-lookup/SKILL.md +89 -0
package/skills/dotnet-patterns/SKILL.md +320 -0
package/skills/e2e-testing/SKILL.md +325 -0
package/skills/email-ops/SKILL.md +120 -0
package/skills/energy-procurement/SKILL.md +227 -0
package/skills/enterprise-agent-ops/SKILL.md +49 -0
package/skills/error-handling/SKILL.md +375 -0
package/skills/eval-harness/SKILL.md +269 -0
package/skills/evm-token-decimals/SKILL.md +130 -0
package/skills/exa-search/SKILL.md +106 -0
package/skills/fal-ai-media/SKILL.md +287 -0
package/skills/fastapi-patterns/SKILL.md +327 -0
package/skills/finance-billing-ops/SKILL.md +126 -0
package/skills/flox-environments/SKILL.md +496 -0
package/skills/flutter-dart-code-review/SKILL.md +434 -0
package/skills/foundation-models-on-device/SKILL.md +243 -0
package/skills/frontend-design-direction/SKILL.md +92 -0
package/skills/frontend-patterns/SKILL.md +641 -0
package/skills/frontend-slides/SKILL.md +183 -0
package/skills/frontend-slides/STYLE_PRESETS.md +330 -0
package/skills/frontend-slides/animation-patterns.md +122 -0
package/skills/frontend-slides/html-template.md +419 -0
package/skills/frontend-slides/scripts/export-pdf.sh +418 -0
package/skills/frontend-slides/scripts/extract-pptx.py +96 -0
package/skills/frontend-slides/viewport-base.css +153 -0
package/skills/fsharp-testing/SKILL.md +279 -0
package/skills/gan-style-harness/SKILL.md +278 -0
package/skills/gateguard/SKILL.md +125 -0
package/skills/git-workflow/SKILL.md +714 -0
package/skills/github-ops/SKILL.md +143 -0
package/skills/golang-patterns/SKILL.md +673 -0
package/skills/golang-testing/SKILL.md +719 -0
package/skills/google-workspace-ops/SKILL.md +94 -0
package/skills/healthcare-cdss-patterns/SKILL.md +245 -0
package/skills/healthcare-emr-patterns/SKILL.md +159 -0
package/skills/healthcare-eval-harness/SKILL.md +207 -0
package/skills/healthcare-phi-compliance/SKILL.md +145 -0
package/skills/hermes-imports/SKILL.md +87 -0
package/skills/hexagonal-architecture/SKILL.md +275 -0
package/skills/hipaa-compliance/SKILL.md +78 -0
package/skills/homelab-network-readiness/SKILL.md +169 -0
package/skills/homelab-network-setup/SKILL.md +129 -0
package/skills/homelab-pihole-dns/SKILL.md +274 -0
package/skills/homelab-vlan-segmentation/SKILL.md +311 -0
package/skills/homelab-wireguard-vpn/SKILL.md +305 -0
package/skills/hookify-rules/SKILL.md +128 -0
package/skills/inventory-demand-planning/SKILL.md +246 -0
package/skills/investor-materials/SKILL.md +95 -0
package/skills/investor-outreach/SKILL.md +90 -0
package/skills/ios-icon-gen/SKILL.md +157 -0
package/skills/ios-icon-gen/scripts/generate_icons.swift +258 -0
package/skills/ios-icon-gen/scripts/iconify_gen.sh +235 -0
package/skills/iterative-retrieval/SKILL.md +209 -0
package/skills/java-coding-standards/SKILL.md +382 -0
package/skills/jira-integration/SKILL.md +292 -0
package/skills/jpa-patterns/SKILL.md +150 -0
package/skills/knowledge-ops/SKILL.md +153 -0
package/skills/kotlin-coroutines-flows/SKILL.md +283 -0
package/skills/kotlin-exposed-patterns/SKILL.md +718 -0
package/skills/kotlin-ktor-patterns/SKILL.md +688 -0
package/skills/kotlin-patterns/SKILL.md +710 -0
package/skills/kotlin-testing/SKILL.md +823 -0
package/skills/laravel-patterns/SKILL.md +414 -0
package/skills/laravel-plugin-discovery/SKILL.md +228 -0
package/skills/laravel-security/SKILL.md +284 -0
package/skills/laravel-tdd/SKILL.md +282 -0
package/skills/laravel-verification/SKILL.md +178 -0
package/skills/lead-intelligence/SKILL.md +320 -0
package/skills/lead-intelligence/agents/enrichment-agent.md +85 -0
package/skills/lead-intelligence/agents/mutual-mapper.md +75 -0
package/skills/lead-intelligence/agents/outreach-drafter.md +98 -0
package/skills/lead-intelligence/agents/signal-scorer.md +60 -0
package/skills/liquid-glass-design/SKILL.md +279 -0
package/skills/llm-trading-agent-security/SKILL.md +146 -0
package/skills/logistics-exception-management/SKILL.md +221 -0
package/skills/make-interfaces-feel-better/SKILL.md +151 -0
package/skills/manim-video/SKILL.md +88 -0
package/skills/manim-video/assets/network_graph_scene.py +52 -0
package/skills/market-research/SKILL.md +74 -0
package/skills/mcp-server-patterns/SKILL.md +68 -0
package/skills/messages-ops/SKILL.md +103 -0
package/skills/mle-workflow/SKILL.md +345 -0
package/skills/motion-advanced/SKILL.md +596 -0
package/skills/motion-foundations/SKILL.md +299 -0
package/skills/motion-patterns/SKILL.md +435 -0
package/skills/motion-ui/SKILL.md +574 -0
package/skills/mysql-patterns/SKILL.md +411 -0
package/skills/nanoclaw-repl/SKILL.md +32 -0
package/skills/nestjs-patterns/SKILL.md +229 -0
package/skills/netmiko-ssh-automation/SKILL.md +173 -0
package/skills/network-bgp-diagnostics/SKILL.md +167 -0
package/skills/network-config-validation/SKILL.md +210 -0
package/skills/network-interface-health/SKILL.md +152 -0
package/skills/nextjs-turbopack/SKILL.md +43 -0
package/skills/nodejs-keccak256/SKILL.md +102 -0
package/skills/nutrient-document-processing/SKILL.md +166 -0
package/skills/nuxt4-patterns/SKILL.md +99 -0
package/skills/openclaw-persona-forge/SKILL.md +288 -0
package/skills/openclaw-persona-forge/gacha.py +224 -0
package/skills/openclaw-persona-forge/gacha.sh +5 -0
package/skills/openclaw-persona-forge/references/avatar-style.md +124 -0
package/skills/openclaw-persona-forge/references/boundary-rules.md +53 -0
package/skills/openclaw-persona-forge/references/error-handling.md +53 -0
package/skills/openclaw-persona-forge/references/identity-tension.md +48 -0
package/skills/openclaw-persona-forge/references/naming-system.md +39 -0
package/skills/openclaw-persona-forge/references/output-template.md +166 -0
package/skills/opensource-pipeline/SKILL.md +254 -0
package/skills/perl-patterns/SKILL.md +503 -0
package/skills/perl-security/SKILL.md +502 -0
package/skills/perl-testing/SKILL.md +474 -0
package/skills/plan-orchestrate/SKILL.md +253 -0
package/skills/plankton-code-quality/SKILL.md +236 -0
package/skills/postgres-patterns/SKILL.md +146 -0
package/skills/product-capability/SKILL.md +140 -0
package/skills/product-lens/SKILL.md +91 -0
package/skills/production-audit/SKILL.md +206 -0
package/skills/production-scheduling/SKILL.md +237 -0
package/skills/project-flow-ops/SKILL.md +110 -0
package/skills/prompt-optimizer/SKILL.md +398 -0
package/skills/python-patterns/SKILL.md +749 -0
package/skills/python-testing/SKILL.md +815 -0
package/skills/pytorch-patterns/SKILL.md +395 -0
package/skills/quality-nonconformance/SKILL.md +259 -0
package/skills/quarkus-patterns/SKILL.md +721 -0
package/skills/quarkus-security/SKILL.md +466 -0
package/skills/quarkus-tdd/SKILL.md +810 -0
package/skills/quarkus-verification/SKILL.md +478 -0
package/skills/ralphinho-rfc-pipeline/SKILL.md +66 -0
package/skills/redis-patterns/SKILL.md +402 -0
package/skills/regex-vs-llm-structured-text/SKILL.md +219 -0
package/skills/remotion-video-creation/SKILL.md +43 -0
package/skills/remotion-video-creation/rules/3d.md +86 -0
package/skills/remotion-video-creation/rules/animations.md +29 -0
package/skills/remotion-video-creation/rules/assets/charts-bar-chart.tsx +173 -0
package/skills/remotion-video-creation/rules/assets/text-animations-typewriter.tsx +100 -0
package/skills/remotion-video-creation/rules/assets/text-animations-word-highlight.tsx +108 -0
package/skills/remotion-video-creation/rules/assets.md +78 -0
package/skills/remotion-video-creation/rules/audio.md +172 -0
package/skills/remotion-video-creation/rules/calculate-metadata.md +104 -0
package/skills/remotion-video-creation/rules/can-decode.md +75 -0
package/skills/remotion-video-creation/rules/charts.md +58 -0
package/skills/remotion-video-creation/rules/compositions.md +146 -0
package/skills/remotion-video-creation/rules/display-captions.md +126 -0
package/skills/remotion-video-creation/rules/extract-frames.md +229 -0
package/skills/remotion-video-creation/rules/fonts.md +152 -0
package/skills/remotion-video-creation/rules/get-audio-duration.md +58 -0
package/skills/remotion-video-creation/rules/get-video-dimensions.md +68 -0
package/skills/remotion-video-creation/rules/get-video-duration.md +58 -0
package/skills/remotion-video-creation/rules/gifs.md +138 -0
package/skills/remotion-video-creation/rules/images.md +130 -0
package/skills/remotion-video-creation/rules/import-srt-captions.md +67 -0
package/skills/remotion-video-creation/rules/lottie.md +67 -0
package/skills/remotion-video-creation/rules/measuring-dom-nodes.md +34 -0
package/skills/remotion-video-creation/rules/measuring-text.md +143 -0
package/skills/remotion-video-creation/rules/sequencing.md +106 -0
package/skills/remotion-video-creation/rules/tailwind.md +11 -0
package/skills/remotion-video-creation/rules/text-animations.md +20 -0
package/skills/remotion-video-creation/rules/timing.md +179 -0
package/skills/remotion-video-creation/rules/transcribe-captions.md +19 -0
package/skills/remotion-video-creation/rules/transitions.md +122 -0
package/skills/remotion-video-creation/rules/trimming.md +52 -0
package/skills/remotion-video-creation/rules/videos.md +171 -0
package/skills/repo-scan/SKILL.md +78 -0
package/skills/research-ops/SKILL.md +111 -0
package/skills/returns-reverse-logistics/SKILL.md +239 -0
package/skills/rules-distill/SKILL.md +263 -0
package/skills/rules-distill/scripts/scan-rules.sh +58 -0
package/skills/rules-distill/scripts/scan-skills.sh +129 -0
package/skills/rust-patterns/SKILL.md +498 -0
package/skills/rust-testing/SKILL.md +499 -0
package/skills/safety-guard/SKILL.md +74 -0
package/skills/santa-method/SKILL.md +306 -0
package/skills/scientific-db-pubmed-database/SKILL.md +175 -0
package/skills/scientific-db-uspto-database/SKILL.md +177 -0
package/skills/scientific-pkg-gget/SKILL.md +166 -0
package/skills/scientific-thinking-literature-review/SKILL.md +192 -0
package/skills/scientific-thinking-scholar-evaluation/SKILL.md +160 -0
package/skills/search-first/SKILL.md +181 -0
package/skills/security-bounty-hunter/SKILL.md +99 -0
package/skills/security-review/SKILL.md +502 -0
package/skills/security-review/cloud-infrastructure-security.md +361 -0
package/skills/seo/SKILL.md +153 -0
package/skills/skill-comply/SKILL.md +57 -0
package/skills/skill-comply/fixtures/compliant_trace.jsonl +5 -0
package/skills/skill-comply/fixtures/noncompliant_trace.jsonl +3 -0
package/skills/skill-comply/fixtures/tdd_spec.yaml +44 -0
package/skills/skill-comply/prompts/classifier.md +24 -0
package/skills/skill-comply/prompts/scenario_generator.md +62 -0
package/skills/skill-comply/prompts/spec_generator.md +42 -0
package/skills/skill-comply/pyproject.toml +15 -0
package/skills/skill-comply/scripts/__init__.py +0 -0
package/skills/skill-comply/scripts/classifier.py +85 -0
package/skills/skill-comply/scripts/grader.py +124 -0
package/skills/skill-comply/scripts/parser.py +107 -0
package/skills/skill-comply/scripts/report.py +170 -0
package/skills/skill-comply/scripts/run.py +127 -0
package/skills/skill-comply/scripts/runner.py +186 -0
package/skills/skill-comply/scripts/scenario_generator.py +70 -0
package/skills/skill-comply/scripts/spec_generator.py +72 -0
package/skills/skill-comply/scripts/utils.py +13 -0
package/skills/skill-comply/tests/test_grader.py +197 -0
package/skills/skill-comply/tests/test_parser.py +90 -0
package/skills/skill-comply/tests/test_runner.py +172 -0
package/skills/skill-scout/SKILL.md +139 -0
package/skills/skill-stocktake/SKILL.md +193 -0
package/skills/skill-stocktake/scripts/quick-diff.sh +87 -0
package/skills/skill-stocktake/scripts/save-results.sh +56 -0
package/skills/skill-stocktake/scripts/scan.sh +170 -0
package/skills/social-graph-ranker/SKILL.md +153 -0
package/skills/springboot-patterns/SKILL.md +313 -0
package/skills/springboot-security/SKILL.md +271 -0
package/skills/springboot-tdd/SKILL.md +157 -0
package/skills/springboot-verification/SKILL.md +230 -0
package/skills/strategic-compact/SKILL.md +129 -0
package/skills/strategic-compact/suggest-compact.sh +54 -0
package/skills/swift-actor-persistence/SKILL.md +142 -0
package/skills/swift-concurrency-6-2/SKILL.md +216 -0
package/skills/swift-protocol-di-testing/SKILL.md +189 -0
package/skills/swiftui-patterns/SKILL.md +259 -0
package/skills/tdd-workflow/SKILL.md +462 -0
package/skills/team-builder/SKILL.md +166 -0
package/skills/terminal-ops/SKILL.md +108 -0
package/skills/tinystruct-patterns/SKILL.md +130 -0
package/skills/tinystruct-patterns/references/architecture.md +77 -0
package/skills/tinystruct-patterns/references/data-handling.md +35 -0
package/skills/tinystruct-patterns/references/routing.md +57 -0
package/skills/tinystruct-patterns/references/system-usage.md +74 -0
package/skills/tinystruct-patterns/references/testing.md +59 -0
package/skills/token-budget-advisor/SKILL.md +133 -0
package/skills/ui-demo/SKILL.md +464 -0
package/skills/ui-to-vue/SKILL.md +134 -0
package/skills/unified-notifications-ops/SKILL.md +186 -0
package/skills/verification-loop/SKILL.md +125 -0
package/skills/video-editing/SKILL.md +309 -0
package/skills/videodb/SKILL.md +373 -0
package/skills/videodb/reference/api-reference.md +550 -0
package/skills/videodb/reference/capture-reference.md +407 -0
package/skills/videodb/reference/capture.md +101 -0
package/skills/videodb/reference/editor.md +443 -0
package/skills/videodb/reference/generative.md +331 -0
package/skills/videodb/reference/rtstream-reference.md +564 -0
package/skills/videodb/reference/rtstream.md +65 -0
package/skills/videodb/reference/search.md +230 -0
package/skills/videodb/reference/streaming.md +406 -0
package/skills/videodb/reference/use-cases.md +118 -0
package/skills/videodb/scripts/ws_listener.py +282 -0
package/skills/visa-doc-translate/README.md +86 -0
package/skills/visa-doc-translate/SKILL.md +117 -0
package/skills/vite-patterns/SKILL.md +448 -0
package/skills/windows-desktop-e2e/SKILL.md +787 -0
package/skills/workspace-surface-audit/SKILL.md +124 -0
package/skills/x-api/SKILL.md +233 -0

package/skills/quarkus-security/SKILL.md ADDED Viewed

@@ -0,0 +1,466 @@
+---
+name: quarkus-security
+description: Quarkus Security best practices for authentication, authorization, JWT/OIDC, RBAC, input validation, CSRF, secrets management, and dependency security.
+---
+# Quarkus Security Review
+Best practices for securing Quarkus applications with authentication, authorization, and input validation.
+## When to Activate
+- Adding authentication (JWT, OIDC, Basic Auth)
+- Implementing authorization with @RolesAllowed or SecurityIdentity
+- Validating user input (Bean Validation, custom validators)
+- Configuring CORS or security headers
+- Managing secrets (Vault, environment variables, config sources)
+- Adding rate limiting or brute-force protection
+- Scanning dependencies for CVEs
+- Working with MicroProfile JWT or SmallRye JWT
+## Authentication
+### JWT Authentication
+```java
+// Resource protected with JWT
+@Path("/api/protected")
+@Authenticated
+public class ProtectedResource {
+  @Inject
+  JsonWebToken jwt;
+  @Inject
+  SecurityIdentity securityIdentity;
+  @GET
+  public Response getData() {
+    String username = jwt.getName();
+    Set<String> roles = jwt.getGroups();
+    return Response.ok(Map.of(
+        "username", username,
+        "roles", roles,
+        "principal", securityIdentity.getPrincipal().getName()
+    )).build();
+  }
+}
+```
+Configuration (application.properties):
+```properties
+mp.jwt.verify.publickey.location=publicKey.pem
+mp.jwt.verify.issuer=https://auth.example.com
+# OIDC
+quarkus.oidc.auth-server-url=https://auth.example.com/realms/myrealm
+quarkus.oidc.client-id=backend-service
+quarkus.oidc.credentials.secret=${OIDC_SECRET}
+```
+### Custom Authentication Filter
+```java
+@Provider
+@Priority(Priorities.AUTHENTICATION)
+public class CustomAuthFilter implements ContainerRequestFilter {
+  @Inject
+  SecurityIdentity identity;
+  @Override
+  public void filter(ContainerRequestContext requestContext) {
+    String authHeader = requestContext.getHeaderString(HttpHeaders.AUTHORIZATION);
+    // Reject immediately if header is absent or malformed
+    if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+      requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
+      return;
+    }
+    String token = authHeader.substring(7);
+    if (!validateToken(token)) {
+      requestContext.abortWith(Response.status(Response.Status.UNAUTHORIZED).build());
+    }
+  }
+  private boolean validateToken(String token) {
+    // Token validation logic
+    return true;
+  }
+}
+```
+## Authorization
+### Role-Based Access Control
+```java
+@Path("/api/admin")
+@RolesAllowed("ADMIN")
+public class AdminResource {
+  @GET
+  @Path("/users")
+  public List<UserDto> listUsers() {
+    return userService.findAll();
+  }
+  @DELETE
+  @Path("/users/{id}")
+  @RolesAllowed({"ADMIN", "SUPER_ADMIN"})
+  public Response deleteUser(@PathParam("id") Long id) {
+    userService.delete(id);
+    return Response.noContent().build();
+  }
+}
+@Path("/api/users")
+public class UserResource {
+  @Inject
+  SecurityIdentity securityIdentity;
+  @GET
+  @Path("/{id}")
+  @RolesAllowed("USER")
+  public Response getUser(@PathParam("id") Long id) {
+    // Check ownership
+    if (!securityIdentity.hasRole("ADMIN") &&
+        !isOwner(id, securityIdentity.getPrincipal().getName())) {
+      return Response.status(Response.Status.FORBIDDEN).build();
+    }
+    return Response.ok(userService.findById(id)).build();
+  }
+  private boolean isOwner(Long userId, String username) {
+    return userService.isOwner(userId, username);
+  }
+}
+```
+### Programmatic Security
+```java
+@ApplicationScoped
+public class SecurityService {
+  @Inject
+  SecurityIdentity securityIdentity;
+  public boolean canAccessResource(Long resourceId) {
+    if (securityIdentity.isAnonymous()) {
+      return false;
+    }
+    if (securityIdentity.hasRole("ADMIN")) {
+      return true;
+    }
+    String userId = securityIdentity.getPrincipal().getName();
+    return resourceRepository.isOwner(resourceId, userId);
+  }
+}
+```
+## Input Validation
+### Bean Validation
+```java
+// BAD: No validation
+@POST
+public Response createUser(UserDto dto) {
+  return Response.ok(userService.create(dto)).build();
+}
+// GOOD: Validated DTO
+public record CreateUserDto(
+    @NotBlank @Size(max = 100) String name,
+    @NotBlank @Email String email,
+    @NotNull @Min(18) @Max(150) Integer age,
+    @Pattern(regexp = "^\\+?[1-9]\\d{1,14}$") String phone
+) {}
+@POST
+@Path("/users")
+public Response createUser(@Valid CreateUserDto dto) {
+  User user = userService.create(dto);
+  return Response.status(Response.Status.CREATED).entity(user).build();
+}
+```
+### Custom Validators
+```java
+@Target({ElementType.FIELD, ElementType.PARAMETER})
+@Retention(RetentionPolicy.RUNTIME)
+@Constraint(validatedBy = UsernameValidator.class)
+public @interface ValidUsername {
+  String message() default "Invalid username format";
+  Class<?>[] groups() default {};
+  Class<? extends Payload>[] payload() default {};
+}
+public class UsernameValidator implements ConstraintValidator<ValidUsername, String> {
+  @Override
+  public boolean isValid(String value, ConstraintValidatorContext context) {
+    if (value == null) return false;
+    return value.matches("^[a-zA-Z0-9_-]{3,20}$");
+  }
+}
+// Usage
+public record CreateUserDto(
+    @ValidUsername String username,
+    @NotBlank @Email String email
+) {}
+```
+## SQL Injection Prevention
+### Panache Active Record (Safe by Default)
+```java
+// GOOD: Parameterized queries with Panache
+List<User> users = User.list("email = ?1 and active = ?2", email, true);
+Optional<User> user = User.find("username", username).firstResultOptional();
+// GOOD: Named parameters
+List<User> users = User.list("email = :email and age > :minAge",
+    Parameters.with("email", email).and("minAge", 18));
+```
+### Native Queries (Use Parameters)
+```java
+// BAD: String concatenation
+@Query(value = "SELECT * FROM users WHERE name = '" + name + "'", nativeQuery = true)
+// GOOD: Parameterized native query
+@Entity
+public class User extends PanacheEntity {
+  public static List<User> findByEmailNative(String email) {
+    return getEntityManager()
+        .createNativeQuery("SELECT * FROM users WHERE email = :email", User.class)
+        .setParameter("email", email)
+        .getResultList();
+  }
+}
+```
+## Password Hashing
+```java
+@ApplicationScoped
+public class PasswordService {
+  public String hash(String plainPassword) {
+    return BcryptUtil.bcryptHash(plainPassword);
+  }
+  public boolean verify(String plainPassword, String hashedPassword) {
+    return BcryptUtil.matches(plainPassword, hashedPassword);
+  }
+}
+// In service
+@ApplicationScoped
+public class UserService {
+  @Inject
+  PasswordService passwordService;
+  @Transactional
+  public User register(CreateUserDto dto) {
+    String hashedPassword = passwordService.hash(dto.password());
+    User user = new User();
+    user.email = dto.email();
+    user.password = hashedPassword;
+    user.persist();
+    return user;
+  }
+  public boolean authenticate(String email, String password) {
+    return User.find("email", email)
+        .firstResultOptional()
+        .map(u -> passwordService.verify(password, u.password))
+        .orElse(false);
+  }
+}
+```
+## CORS Configuration
+```properties
+# application.properties
+quarkus.http.cors=true
+quarkus.http.cors.origins=https://app.example.com,https://admin.example.com
+quarkus.http.cors.methods=GET,POST,PUT,DELETE
+quarkus.http.cors.headers=accept,authorization,content-type,x-requested-with
+quarkus.http.cors.exposed-headers=Content-Disposition
+quarkus.http.cors.access-control-max-age=24H
+quarkus.http.cors.access-control-allow-credentials=true
+```
+## Secrets Management
+```properties
+# application.properties - NO SECRETS HERE
+# Use environment variables
+quarkus.datasource.username=${DB_USER}
+quarkus.datasource.password=${DB_PASSWORD}
+quarkus.oidc.credentials.secret=${OIDC_CLIENT_SECRET}
+# Or use Vault
+quarkus.vault.url=https://vault.example.com
+quarkus.vault.authentication.kubernetes.role=my-role
+```
+### HashiCorp Vault Integration
+```java
+@ApplicationScoped
+public class SecretService {
+  @ConfigProperty(name = "api-key")
+  String apiKey; // Fetched from Vault
+  public String getSecret(String key) {
+    return ConfigProvider.getConfig().getValue(key, String.class);
+  }
+}
+```
+## Rate Limiting
+**Security Note**: Never use `X-Forwarded-For` directly — clients can spoof it.
+Use the actual remote address from the servlet request, or an authenticated
+identity (API key, JWT subject) when available.
+```java
+@ApplicationScoped
+public class RateLimitFilter implements ContainerRequestFilter {
+  private final Map<String, RateLimiter> limiters = new ConcurrentHashMap<>();
+  @Inject
+  HttpServletRequest servletRequest;
+  @Override
+  public void filter(ContainerRequestContext requestContext) {
+    String clientId = getClientIdentifier();
+    RateLimiter limiter = limiters.computeIfAbsent(clientId,
+        k -> RateLimiter.create(100.0)); // 100 requests per second
+    if (!limiter.tryAcquire()) {
+      requestContext.abortWith(
+          Response.status(429)
+              .entity(Map.of("error", "Too many requests"))
+              .build()
+      );
+    }
+  }
+  private String getClientIdentifier() {
+    // Use the container-provided remote address (not X-Forwarded-For).
+    // If behind a trusted proxy, configure quarkus.http.proxy.proxy-address-forwarding=true
+    // so getRemoteAddr() returns the real client IP.
+    return servletRequest.getRemoteAddr();
+  }
+}
+```
+## Security Headers
+```java
+@Provider
+public class SecurityHeadersFilter implements ContainerResponseFilter {
+  @Override
+  public void filter(ContainerRequestContext request, ContainerResponseContext response) {
+    MultivaluedMap<String, Object> headers = response.getHeaders();
+    // Prevent clickjacking
+    headers.putSingle("X-Frame-Options", "DENY");
+    // XSS protection
+    headers.putSingle("X-Content-Type-Options", "nosniff");
+    headers.putSingle("X-XSS-Protection", "1; mode=block");
+    // HSTS
+    headers.putSingle("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+    // CSP — avoid 'unsafe-inline' for script-src as it negates XSS protection;
+    // use nonces or hashes instead. 'unsafe-inline' for style-src is acceptable
+    // when CSS frameworks require it, but prefer nonces where possible.
+    headers.putSingle("Content-Security-Policy",
+        "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'");
+  }
+}
+```
+## Audit Logging
+```java
+@ApplicationScoped
+public class AuditService {
+  private static final Logger LOG = Logger.getLogger(AuditService.class);
+  @Inject
+  SecurityIdentity securityIdentity;
+  public void logAccess(String resource, String action) {
+    String user = securityIdentity.isAnonymous()
+        ? "anonymous"
+        : securityIdentity.getPrincipal().getName();
+    LOG.infof("AUDIT: user=%s action=%s resource=%s timestamp=%s",
+        user, action, resource, Instant.now());
+  }
+}
+// Usage in resource
+@Path("/api/sensitive")
+public class SensitiveResource {
+  @Inject
+  AuditService auditService;
+  @GET
+  @RolesAllowed("ADMIN")
+  public Response getData() {
+    auditService.logAccess("sensitive-data", "READ");
+    return Response.ok(data).build();
+  }
+}
+```
+## Dependency Security Scanning
+```bash
+# Maven
+mvn org.owasp:dependency-check-maven:check
+# Gradle
+./gradlew dependencyCheckAnalyze
+# Check Quarkus extensions
+quarkus extension list --installable
+```
+## Best Practices
+- Always use HTTPS in production
+- Enable JWT or OIDC for stateless authentication
+- Use `@RolesAllowed` for declarative authorization
+- Validate all input with Bean Validation
+- Hash passwords with BCrypt (never plaintext)
+- Store secrets in Vault or environment variables
+- Use parameterized queries to prevent SQL injection
+- Add security headers to all responses
+- Implement rate limiting for public endpoints
+- Audit sensitive operations
+- Keep dependencies updated and scan for CVEs
+- Use SecurityIdentity for programmatic checks
+- Set appropriate CORS policies
+- Test authentication and authorization paths