@jetrabbits/agentic 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/AGENTS.md +143 -0
- package/README.md +154 -0
- package/agentic +1615 -0
- package/areas/devops/ci-cd/AGENTS.md +48 -0
- package/areas/devops/ci-cd/PROMPTS.md +7 -0
- package/areas/devops/ci-cd/prompts/onboard-repo.md +97 -0
- package/areas/devops/ci-cd/prompts/pipeline-debug.md +103 -0
- package/areas/devops/ci-cd/prompts/release-pipeline.md +115 -0
- package/areas/devops/ci-cd/rules/pipeline-standards.md +33 -0
- package/areas/devops/ci-cd/rules/quality-gates.md +24 -0
- package/areas/devops/ci-cd/rules/supply-chain-security.md +34 -0
- package/areas/devops/ci-cd/skills/artifact-management/SKILL.md +157 -0
- package/areas/devops/ci-cd/skills/build-optimization/SKILL.md +168 -0
- package/areas/devops/ci-cd/skills/github-actions-patterns/SKILL.md +190 -0
- package/areas/devops/ci-cd/skills/gitlab-ci-patterns/SKILL.md +169 -0
- package/areas/devops/ci-cd/skills/pipeline-security/SKILL.md +161 -0
- package/areas/devops/ci-cd/workflows/onboard-repo.md +73 -0
- package/areas/devops/ci-cd/workflows/pipeline-debug.md +66 -0
- package/areas/devops/ci-cd/workflows/release-pipeline.md +115 -0
- package/areas/devops/database-ops/AGENTS.md +47 -0
- package/areas/devops/database-ops/prompts/backup-verify.md +83 -0
- package/areas/devops/database-ops/prompts/db-incident.md +127 -0
- package/areas/devops/database-ops/rules/access-control.md +20 -0
- package/areas/devops/database-ops/rules/backup-policy.md +33 -0
- package/areas/devops/database-ops/rules/migration-runbook.md +32 -0
- package/areas/devops/database-ops/skills/backup-restore/SKILL.md +226 -0
- package/areas/devops/database-ops/skills/db-performance/SKILL.md +205 -0
- package/areas/devops/database-ops/skills/migration-safety/SKILL.md +155 -0
- package/areas/devops/database-ops/skills/postgres-operations/SKILL.md +156 -0
- package/areas/devops/database-ops/skills/redis-operations/SKILL.md +174 -0
- package/areas/devops/database-ops/workflows/backup-verify.md +107 -0
- package/areas/devops/database-ops/workflows/db-incident.md +86 -0
- package/areas/devops/devsecops/AGENTS.md +47 -0
- package/areas/devops/devsecops/prompts/policy-onboard.md +79 -0
- package/areas/devops/devsecops/prompts/security-scan-pipeline.md +131 -0
- package/areas/devops/devsecops/rules/container-security.md +22 -0
- package/areas/devops/devsecops/rules/policy-as-code.md +37 -0
- package/areas/devops/devsecops/rules/shift-left-policy.md +26 -0
- package/areas/devops/devsecops/skills/container-hardening/SKILL.md +146 -0
- package/areas/devops/devsecops/skills/opa-policies/SKILL.md +188 -0
- package/areas/devops/devsecops/skills/sbom-supply-chain/SKILL.md +165 -0
- package/areas/devops/devsecops/skills/secret-detection/SKILL.md +190 -0
- package/areas/devops/devsecops/skills/sigstore-signing/SKILL.md +184 -0
- package/areas/devops/devsecops/workflows/policy-onboard.md +104 -0
- package/areas/devops/devsecops/workflows/security-scan-pipeline.md +155 -0
- package/areas/devops/infrastructure/AGENTS.md +50 -0
- package/areas/devops/infrastructure/prompts/destroy-environment.md +81 -0
- package/areas/devops/infrastructure/prompts/drift-remediation.md +71 -0
- package/areas/devops/infrastructure/prompts/module-development.md +69 -0
- package/areas/devops/infrastructure/prompts/provision-environment.md +121 -0
- package/areas/devops/infrastructure/rules/iac-standards.md +80 -0
- package/areas/devops/infrastructure/rules/immutability.md +28 -0
- package/areas/devops/infrastructure/rules/secret-hygiene.md +53 -0
- package/areas/devops/infrastructure/rules/state-management.md +47 -0
- package/areas/devops/infrastructure/skills/ansible-playbooks/SKILL.md +174 -0
- package/areas/devops/infrastructure/skills/cost-optimization/SKILL.md +177 -0
- package/areas/devops/infrastructure/skills/drift-detection/SKILL.md +178 -0
- package/areas/devops/infrastructure/skills/state-management/SKILL.md +159 -0
- package/areas/devops/infrastructure/skills/terraform-modules/SKILL.md +169 -0
- package/areas/devops/infrastructure/workflows/destroy-environment.md +96 -0
- package/areas/devops/infrastructure/workflows/drift-remediation.md +66 -0
- package/areas/devops/infrastructure/workflows/module-development.md +101 -0
- package/areas/devops/infrastructure/workflows/provision-environment.md +96 -0
- package/areas/devops/kubernetes/AGENTS.md +57 -0
- package/areas/devops/kubernetes/PROMPTS.md +9 -0
- package/areas/devops/kubernetes/prompts/cluster-bootstrap.md +67 -0
- package/areas/devops/kubernetes/prompts/debug-workload.md +91 -0
- package/areas/devops/kubernetes/prompts/onboard-service.md +101 -0
- package/areas/devops/kubernetes/prompts/upgrade-cluster.md +63 -0
- package/areas/devops/kubernetes/rules/cluster-standards.md +51 -0
- package/areas/devops/kubernetes/rules/resource-governance.md +80 -0
- package/areas/devops/kubernetes/rules/upgrade-policy.md +52 -0
- package/areas/devops/kubernetes/rules/workload-security.md +64 -0
- package/areas/devops/kubernetes/skills/cluster-operations/SKILL.md +136 -0
- package/areas/devops/kubernetes/skills/helm-charts/SKILL.md +152 -0
- package/areas/devops/kubernetes/skills/network-policies/SKILL.md +169 -0
- package/areas/devops/kubernetes/skills/pod-troubleshooting/SKILL.md +129 -0
- package/areas/devops/kubernetes/skills/rbac-design/SKILL.md +148 -0
- package/areas/devops/kubernetes/skills/resource-tuning/SKILL.md +156 -0
- package/areas/devops/kubernetes/workflows/cluster-bootstrap.md +194 -0
- package/areas/devops/kubernetes/workflows/debug-workload.md +108 -0
- package/areas/devops/kubernetes/workflows/onboard-service.md +124 -0
- package/areas/devops/kubernetes/workflows/upgrade-cluster.md +165 -0
- package/areas/devops/networking/AGENTS.md +47 -0
- package/areas/devops/networking/prompts/onboard-ingress.md +119 -0
- package/areas/devops/networking/prompts/service-mesh-onboard.md +77 -0
- package/areas/devops/networking/rules/ingress-standards.md +17 -0
- package/areas/devops/networking/rules/network-segmentation.md +24 -0
- package/areas/devops/networking/rules/tls-policy.md +32 -0
- package/areas/devops/networking/skills/dns-management/SKILL.md +169 -0
- package/areas/devops/networking/skills/ingress-patterns/SKILL.md +165 -0
- package/areas/devops/networking/skills/service-mesh/SKILL.md +206 -0
- package/areas/devops/networking/skills/tls-termination/SKILL.md +198 -0
- package/areas/devops/networking/skills/vpc-design/SKILL.md +132 -0
- package/areas/devops/networking/workflows/onboard-ingress.md +64 -0
- package/areas/devops/networking/workflows/service-mesh-onboard.md +122 -0
- package/areas/devops/observability/AGENTS.md +48 -0
- package/areas/devops/observability/prompts/alert-investigation.md +117 -0
- package/areas/devops/observability/prompts/observability-stack-setup.md +99 -0
- package/areas/devops/observability/prompts/onboard-service-monitoring.md +79 -0
- package/areas/devops/observability/rules/alerting-standards.md +36 -0
- package/areas/devops/observability/rules/data-retention.md +19 -0
- package/areas/devops/observability/rules/golden-signals.md +28 -0
- package/areas/devops/observability/skills/distributed-tracing/SKILL.md +149 -0
- package/areas/devops/observability/skills/grafana-dashboards/SKILL.md +201 -0
- package/areas/devops/observability/skills/log-aggregation/SKILL.md +159 -0
- package/areas/devops/observability/skills/prometheus-alertmanager/SKILL.md +188 -0
- package/areas/devops/observability/skills/slo-implementation/SKILL.md +189 -0
- package/areas/devops/observability/workflows/alert-investigation.md +98 -0
- package/areas/devops/observability/workflows/observability-stack-setup.md +156 -0
- package/areas/devops/observability/workflows/onboard-service-monitoring.md +83 -0
- package/areas/devops/sre/AGENTS.md +48 -0
- package/areas/devops/sre/prompts/incident-response.md +129 -0
- package/areas/devops/sre/prompts/postmortem.md +101 -0
- package/areas/devops/sre/prompts/slo-review.md +125 -0
- package/areas/devops/sre/rules/error-budget-policy.md +25 -0
- package/areas/devops/sre/rules/on-call-standards.md +25 -0
- package/areas/devops/sre/rules/slo-policy.md +31 -0
- package/areas/devops/sre/skills/capacity-planning/SKILL.md +162 -0
- package/areas/devops/sre/skills/chaos-engineering/SKILL.md +186 -0
- package/areas/devops/sre/skills/incident-command/SKILL.md +119 -0
- package/areas/devops/sre/skills/postmortem-analysis/SKILL.md +104 -0
- package/areas/devops/sre/skills/slo-sli-design/SKILL.md +145 -0
- package/areas/devops/sre/workflows/incident-response.md +66 -0
- package/areas/devops/sre/workflows/postmortem.md +90 -0
- package/areas/devops/sre/workflows/slo-review.md +95 -0
- package/areas/software/backend/AGENTS.md +59 -0
- package/areas/software/backend/PROMPTS.md +50 -0
- package/areas/software/backend/README.md +48 -0
- package/areas/software/backend/prompts/add-migration.md +93 -0
- package/areas/software/backend/prompts/create-endpoint.md +97 -0
- package/areas/software/backend/prompts/debug-issue.md +87 -0
- package/areas/software/backend/prompts/develop-epic.md +83 -0
- package/areas/software/backend/prompts/develop-feature.md +91 -0
- package/areas/software/backend/prompts/refactor-module.md +79 -0
- package/areas/software/backend/prompts/test-feature.md +89 -0
- package/areas/software/backend/rules/architecture.md +20 -0
- package/areas/software/backend/rules/data_access.md +20 -0
- package/areas/software/backend/rules/security.md +20 -0
- package/areas/software/backend/rules/testing.md +19 -0
- package/areas/software/backend/skills/api-design/SKILL.md +170 -0
- package/areas/software/backend/skills/async-processing/SKILL.md +152 -0
- package/areas/software/backend/skills/database-modeling/SKILL.md +173 -0
- package/areas/software/backend/skills/observability/SKILL.md +162 -0
- package/areas/software/backend/skills/troubleshooting/SKILL.md +139 -0
- package/areas/software/backend/workflows/add-migration.md +79 -0
- package/areas/software/backend/workflows/create-endpoint.md +89 -0
- package/areas/software/backend/workflows/debug-issue.md +77 -0
- package/areas/software/backend/workflows/develop-epic.md +78 -0
- package/areas/software/backend/workflows/develop-feature.md +98 -0
- package/areas/software/backend/workflows/refactor-module.md +73 -0
- package/areas/software/backend/workflows/test-feature.md +67 -0
- package/areas/software/data-engineering/AGENTS.md +59 -0
- package/areas/software/data-engineering/PROMPTS.md +32 -0
- package/areas/software/data-engineering/prompts/backfill-data.md +107 -0
- package/areas/software/data-engineering/prompts/data-quality-incident.md +109 -0
- package/areas/software/data-engineering/prompts/lineage-trace.md +121 -0
- package/areas/software/data-engineering/prompts/new-model.md +117 -0
- package/areas/software/data-engineering/prompts/schema-migration.md +111 -0
- package/areas/software/data-engineering/rules/data-governance.md +11 -0
- package/areas/software/data-engineering/rules/pii-handling.md +19 -0
- package/areas/software/data-engineering/rules/pipeline-integrity.md +11 -0
- package/areas/software/data-engineering/rules/schema-management.md +21 -0
- package/areas/software/data-engineering/skills/data-modeling/SKILL.md +49 -0
- package/areas/software/data-engineering/skills/dbt-patterns/SKILL.md +43 -0
- package/areas/software/data-engineering/skills/lineage-governance/SKILL.md +38 -0
- package/areas/software/data-engineering/skills/orchestration/SKILL.md +35 -0
- package/areas/software/data-engineering/skills/quality-checks/SKILL.md +50 -0
- package/areas/software/data-engineering/skills/sql-optimization/SKILL.md +47 -0
- package/areas/software/data-engineering/skills/streaming-patterns/SKILL.md +48 -0
- package/areas/software/data-engineering/workflows/backfill-data.md +59 -0
- package/areas/software/data-engineering/workflows/data-quality-incident.md +64 -0
- package/areas/software/data-engineering/workflows/lineage-trace.md +56 -0
- package/areas/software/data-engineering/workflows/new-model.md +71 -0
- package/areas/software/data-engineering/workflows/schema-migration.md +67 -0
- package/areas/software/frontend/AGENTS.md +60 -0
- package/areas/software/frontend/PROMPTS.md +32 -0
- package/areas/software/frontend/prompts/a11y-fix.md +75 -0
- package/areas/software/frontend/prompts/bundle-analyze.md +75 -0
- package/areas/software/frontend/prompts/release-prep.md +83 -0
- package/areas/software/frontend/prompts/scaffold-component.md +69 -0
- package/areas/software/frontend/prompts/visual-regression.md +73 -0
- package/areas/software/frontend/rules/accessibility.md +16 -0
- package/areas/software/frontend/rules/architecture.md +29 -0
- package/areas/software/frontend/rules/performance.md +23 -0
- package/areas/software/frontend/rules/quality.md +12 -0
- package/areas/software/frontend/skills/a11y-audit/SKILL.md +61 -0
- package/areas/software/frontend/skills/api-integration/SKILL.md +58 -0
- package/areas/software/frontend/skills/component-design/SKILL.md +171 -0
- package/areas/software/frontend/skills/css-architecture/SKILL.md +146 -0
- package/areas/software/frontend/skills/error-handling/SKILL.md +55 -0
- package/areas/software/frontend/skills/performance-tuning/SKILL.md +58 -0
- package/areas/software/frontend/skills/state-management/SKILL.md +54 -0
- package/areas/software/frontend/skills/testing-patterns/SKILL.md +69 -0
- package/areas/software/frontend/workflows/a11y-fix.md +63 -0
- package/areas/software/frontend/workflows/bundle-analyze.md +56 -0
- package/areas/software/frontend/workflows/release-prep.md +66 -0
- package/areas/software/frontend/workflows/scaffold-component.md +67 -0
- package/areas/software/frontend/workflows/visual-regression.md +65 -0
- package/areas/software/full-stack/AGENTS.md +72 -0
- package/areas/software/full-stack/PROMPTS.md +66 -0
- package/areas/software/full-stack/prompts/backend-project-full-cycle.md +141 -0
- package/areas/software/full-stack/prompts/debug-issue.md +115 -0
- package/areas/software/full-stack/prompts/develop-feature.md +119 -0
- package/areas/software/full-stack/prompts/feature-implementation-flow.md +137 -0
- package/areas/software/full-stack/prompts/testing-ci-pipeline.md +119 -0
- package/areas/software/full-stack/rules/api-design-guide.md +24 -0
- package/areas/software/full-stack/rules/async-concurrency-guide.md +21 -0
- package/areas/software/full-stack/rules/backend-architecture-rule.md +41 -0
- package/areas/software/full-stack/rules/background-jobs-guide.md +20 -0
- package/areas/software/full-stack/rules/code-quality-guide.md +22 -0
- package/areas/software/full-stack/rules/database-access-guide.md +24 -0
- package/areas/software/full-stack/rules/database-migrations-guide.md +24 -0
- package/areas/software/full-stack/rules/domain-models-guide.md +28 -0
- package/areas/software/full-stack/rules/e2e-test-guide.md +18 -0
- package/areas/software/full-stack/rules/env-settings-guide.md +34 -0
- package/areas/software/full-stack/rules/error-handling-guide.md +20 -0
- package/areas/software/full-stack/rules/logging-observability-guide.md +22 -0
- package/areas/software/full-stack/rules/project-guide.md +34 -0
- package/areas/software/full-stack/rules/python-venv-guide.md +23 -0
- package/areas/software/full-stack/rules/security-guide.md +22 -0
- package/areas/software/full-stack/rules/svt-test-guide.md +17 -0
- package/areas/software/full-stack/rules/testing-ci-guide.md +25 -0
- package/areas/software/full-stack/skills/api-design-principles/SKILL.md +125 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/api-design-checklist.md +155 -0
- package/areas/software/full-stack/skills/api-design-principles/assets/rest-api-template.py +182 -0
- package/areas/software/full-stack/skills/api-design-principles/references/graphql-schema-design.md +583 -0
- package/areas/software/full-stack/skills/api-design-principles/references/rest-best-practices.md +408 -0
- package/areas/software/full-stack/skills/api-design-principles/resources/implementation-playbook.md +513 -0
- package/areas/software/full-stack/skills/api-patterns/SKILL.md +81 -0
- package/areas/software/full-stack/skills/api-patterns/api-style.md +42 -0
- package/areas/software/full-stack/skills/api-patterns/auth.md +24 -0
- package/areas/software/full-stack/skills/api-patterns/documentation.md +26 -0
- package/areas/software/full-stack/skills/api-patterns/graphql.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/rate-limiting.md +31 -0
- package/areas/software/full-stack/skills/api-patterns/response.md +37 -0
- package/areas/software/full-stack/skills/api-patterns/rest.md +40 -0
- package/areas/software/full-stack/skills/api-patterns/scripts/api_validator.py +211 -0
- package/areas/software/full-stack/skills/api-patterns/security-testing.md +122 -0
- package/areas/software/full-stack/skills/api-patterns/trpc.md +41 -0
- package/areas/software/full-stack/skills/api-patterns/versioning.md +22 -0
- package/areas/software/full-stack/skills/app-builder/SKILL.md +135 -0
- package/areas/software/full-stack/skills/app-builder/agent-coordination.md +71 -0
- package/areas/software/full-stack/skills/app-builder/feature-building.md +53 -0
- package/areas/software/full-stack/skills/app-builder/project-detection.md +34 -0
- package/areas/software/full-stack/skills/app-builder/scaffolding.md +118 -0
- package/areas/software/full-stack/skills/app-builder/tech-stack.md +40 -0
- package/areas/software/full-stack/skills/app-builder/templates/SKILL.md +39 -0
- package/areas/software/full-stack/skills/app-builder/templates/astro-static/TEMPLATE.md +76 -0
- package/areas/software/full-stack/skills/app-builder/templates/chrome-extension/TEMPLATE.md +92 -0
- package/areas/software/full-stack/skills/app-builder/templates/cli-tool/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/electron-desktop/TEMPLATE.md +88 -0
- package/areas/software/full-stack/skills/app-builder/templates/express-api/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/flutter-app/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +90 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +82 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +100 -0
- package/areas/software/full-stack/skills/app-builder/templates/nextjs-static/TEMPLATE.md +106 -0
- package/areas/software/full-stack/skills/app-builder/templates/nuxt-app/TEMPLATE.md +101 -0
- package/areas/software/full-stack/skills/app-builder/templates/python-fastapi/TEMPLATE.md +83 -0
- package/areas/software/full-stack/skills/app-builder/templates/react-native-app/TEMPLATE.md +93 -0
- package/areas/software/full-stack/skills/backend-developer/SKILL.md +58 -0
- package/areas/software/full-stack/skills/bash-pro/SKILL.md +310 -0
- package/areas/software/full-stack/skills/blackbox-test/SKILL.md +84 -0
- package/areas/software/full-stack/skills/prompt-project-planner/SKILL.md +130 -0
- package/areas/software/full-stack/skills/prompt-project-planner/output.schema.md +68 -0
- package/areas/software/full-stack/skills/prompt-project-planner/questions.md +80 -0
- package/areas/software/full-stack/skills/python-pro/SKILL.md +158 -0
- package/areas/software/full-stack/skills/skill-creator/LICENSE.txt +202 -0
- package/areas/software/full-stack/skills/skill-creator/SKILL.md +356 -0
- package/areas/software/full-stack/skills/skill-creator/references/output-patterns.md +82 -0
- package/areas/software/full-stack/skills/skill-creator/references/workflows.md +28 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/init_skill.py +303 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/package_skill.py +110 -0
- package/areas/software/full-stack/skills/skill-creator/scripts/quick_validate.py +95 -0
- package/areas/software/full-stack/workflows/backend-project-full-cycle.md +132 -0
- package/areas/software/full-stack/workflows/debug-issue.md +70 -0
- package/areas/software/full-stack/workflows/develop-feature.md +85 -0
- package/areas/software/full-stack/workflows/feature-implementation-flow.md +78 -0
- package/areas/software/full-stack/workflows/testing-ci-pipeline.md +65 -0
- package/areas/software/general/AGENTS.md +68 -0
- package/areas/software/general/prompts/code-review-workflow.md +87 -0
- package/areas/software/general/prompts/development-cycle-workflow.md +83 -0
- package/areas/software/general/prompts/project-setup-workflow.md +93 -0
- package/areas/software/general/rules/code-style-guide.md +31 -0
- package/areas/software/general/rules/docker-compose-guide.md +27 -0
- package/areas/software/general/rules/git-workflow-guide.md +27 -0
- package/areas/software/general/rules/github-workflow-guide.md +27 -0
- package/areas/software/general/rules/gitlab-ci-guide.md +27 -0
- package/areas/software/general/rules/lint-format-guide.md +29 -0
- package/areas/software/general/rules/makefile-guide.md +34 -0
- package/areas/software/general/rules/readme-sync-guide.md +40 -0
- package/areas/software/general/rules/sdlc-methodology-guide.md +27 -0
- package/areas/software/general/rules/sdlc-role-responsibilities.md +108 -0
- package/areas/software/general/skills/general-dev-tools/SKILL.md +324 -0
- package/areas/software/general/workflows/code-review-workflow.md +84 -0
- package/areas/software/general/workflows/development-cycle-workflow.md +85 -0
- package/areas/software/general/workflows/project-setup-workflow.md +94 -0
- package/areas/software/mlops/AGENTS.md +57 -0
- package/areas/software/mlops/PROMPTS.md +32 -0
- package/areas/software/mlops/prompts/champion-challenger.md +87 -0
- package/areas/software/mlops/prompts/deploy-endpoint.md +91 -0
- package/areas/software/mlops/prompts/evaluate-model.md +87 -0
- package/areas/software/mlops/prompts/model-incident.md +87 -0
- package/areas/software/mlops/prompts/train-experiment.md +83 -0
- package/areas/software/mlops/rules/data-integrity.md +9 -0
- package/areas/software/mlops/rules/model-governance.md +9 -0
- package/areas/software/mlops/rules/production-safety.md +9 -0
- package/areas/software/mlops/rules/reproducibility.md +9 -0
- package/areas/software/mlops/skills/experiment-tracking/SKILL.md +29 -0
- package/areas/software/mlops/skills/feature-engineering/SKILL.md +44 -0
- package/areas/software/mlops/skills/inference-serving/SKILL.md +35 -0
- package/areas/software/mlops/skills/model-evaluation/SKILL.md +40 -0
- package/areas/software/mlops/skills/model-monitoring/SKILL.md +32 -0
- package/areas/software/mlops/workflows/champion-challenger.md +65 -0
- package/areas/software/mlops/workflows/deploy-endpoint.md +70 -0
- package/areas/software/mlops/workflows/evaluate-model.md +63 -0
- package/areas/software/mlops/workflows/model-incident.md +64 -0
- package/areas/software/mlops/workflows/train-experiment.md +56 -0
- package/areas/software/mobile/AGENTS.md +58 -0
- package/areas/software/mobile/PROMPTS.md +32 -0
- package/areas/software/mobile/prompts/crash-triage.md +63 -0
- package/areas/software/mobile/prompts/device-testing.md +83 -0
- package/areas/software/mobile/prompts/ota-update.md +75 -0
- package/areas/software/mobile/prompts/release-build.md +67 -0
- package/areas/software/mobile/prompts/store-submission.md +79 -0
- package/areas/software/mobile/rules/offline-first.md +10 -0
- package/areas/software/mobile/rules/performance-budget.md +20 -0
- package/areas/software/mobile/rules/platform-compliance.md +17 -0
- package/areas/software/mobile/rules/security-mobile.md +9 -0
- package/areas/software/mobile/skills/app-store-prep/SKILL.md +27 -0
- package/areas/software/mobile/skills/mobile-testing/SKILL.md +36 -0
- package/areas/software/mobile/skills/native-modules/SKILL.md +38 -0
- package/areas/software/mobile/skills/navigation-patterns/SKILL.md +49 -0
- package/areas/software/mobile/skills/push-notifications/SKILL.md +40 -0
- package/areas/software/mobile/skills/state-sync/SKILL.md +48 -0
- package/areas/software/mobile/workflows/crash-triage.md +63 -0
- package/areas/software/mobile/workflows/device-testing.md +54 -0
- package/areas/software/mobile/workflows/ota-update.md +54 -0
- package/areas/software/mobile/workflows/release-build.md +67 -0
- package/areas/software/mobile/workflows/store-submission.md +63 -0
- package/areas/software/platform/AGENTS.md +67 -0
- package/areas/software/platform/PROMPTS.md +32 -0
- package/areas/software/platform/prompts/cost-audit.md +117 -0
- package/areas/software/platform/prompts/deploy-production.md +109 -0
- package/areas/software/platform/prompts/drift-check.md +107 -0
- package/areas/software/platform/prompts/incident-response.md +121 -0
- package/areas/software/platform/prompts/provision-env.md +113 -0
- package/areas/software/platform/rules/cost-governance.md +11 -0
- package/areas/software/platform/rules/immutability.md +17 -0
- package/areas/software/platform/rules/reliability.md +19 -0
- package/areas/software/platform/rules/security-posture.md +12 -0
- package/areas/software/platform/skills/ci-cd-pipelines/SKILL.md +58 -0
- package/areas/software/platform/skills/incident-response/SKILL.md +41 -0
- package/areas/software/platform/skills/k8s-manifests/SKILL.md +56 -0
- package/areas/software/platform/skills/networking/SKILL.md +44 -0
- package/areas/software/platform/skills/observability-setup/SKILL.md +49 -0
- package/areas/software/platform/skills/secrets-management/SKILL.md +43 -0
- package/areas/software/platform/skills/terraform-patterns/SKILL.md +75 -0
- package/areas/software/platform/workflows/cost-audit.md +61 -0
- package/areas/software/platform/workflows/deploy-production.md +67 -0
- package/areas/software/platform/workflows/drift-check.md +61 -0
- package/areas/software/platform/workflows/incident-response.md +69 -0
- package/areas/software/platform/workflows/provision-env.md +77 -0
- package/areas/software/qa/AGENTS.md +58 -0
- package/areas/software/qa/PROMPTS.md +32 -0
- package/areas/software/qa/prompts/flakiness-investigation.md +61 -0
- package/areas/software/qa/prompts/performance-audit.md +65 -0
- package/areas/software/qa/prompts/regression-suite.md +61 -0
- package/areas/software/qa/prompts/smoke-test.md +65 -0
- package/areas/software/qa/prompts/test-coverage-report.md +61 -0
- package/areas/software/qa/rules/flakiness-policy.md +12 -0
- package/areas/software/qa/rules/quality-gates.md +28 -0
- package/areas/software/qa/rules/test-data.md +9 -0
- package/areas/software/qa/rules/test-strategy.md +11 -0
- package/areas/software/qa/skills/accessibility-testing/SKILL.md +139 -0
- package/areas/software/qa/skills/api-testing/SKILL.md +140 -0
- package/areas/software/qa/skills/e2e-patterns/SKILL.md +152 -0
- package/areas/software/qa/skills/performance-testing/SKILL.md +177 -0
- package/areas/software/qa/skills/test-data-management/SKILL.md +161 -0
- package/areas/software/qa/skills/test-pyramid/SKILL.md +127 -0
- package/areas/software/qa/workflows/flakiness-investigation.md +63 -0
- package/areas/software/qa/workflows/performance-audit.md +59 -0
- package/areas/software/qa/workflows/regression-suite.md +59 -0
- package/areas/software/qa/workflows/smoke-test.md +64 -0
- package/areas/software/qa/workflows/test-coverage-report.md +57 -0
- package/areas/software/security/AGENTS.md +58 -0
- package/areas/software/security/PROMPTS.md +32 -0
- package/areas/software/security/prompts/compliance-report.md +113 -0
- package/areas/software/security/prompts/pen-test-sim.md +113 -0
- package/areas/software/security/prompts/secret-rotation.md +115 -0
- package/areas/software/security/prompts/security-scan.md +91 -0
- package/areas/software/security/prompts/threat-model-review.md +105 -0
- package/areas/software/security/rules/compliance-baseline.md +23 -0
- package/areas/software/security/rules/dependency-policy.md +12 -0
- package/areas/software/security/rules/secrets-policy.md +22 -0
- package/areas/software/security/rules/secure-coding.md +22 -0
- package/areas/software/security/skills/auth-patterns/SKILL.md +42 -0
- package/areas/software/security/skills/crypto-standards/SKILL.md +42 -0
- package/areas/software/security/skills/dependency-audit/SKILL.md +29 -0
- package/areas/software/security/skills/sast-dast-interpretation/SKILL.md +33 -0
- package/areas/software/security/skills/security-headers/SKILL.md +29 -0
- package/areas/software/security/skills/threat-modeling/SKILL.md +36 -0
- package/areas/software/security/workflows/compliance-report.md +57 -0
- package/areas/software/security/workflows/pen-test-sim.md +63 -0
- package/areas/software/security/workflows/secret-rotation.md +67 -0
- package/areas/software/security/workflows/security-scan.md +64 -0
- package/areas/software/security/workflows/threat-model-review.md +62 -0
- package/areas/template/AGENTS-area.tmpl.md +61 -0
- package/areas/template/AGENTS.tmpl.md +67 -0
- package/areas/template/GUIDE.md +102 -0
- package/areas/template/PROMPTS.tmpl.md +29 -0
- package/areas/template/README.md +57 -0
- package/areas/template/README.tmpl.md +51 -0
- package/areas/template/prompt.tmpl.md +101 -0
- package/areas/template/rule.tmpl.md +71 -0
- package/areas/template/skill.tmpl.md +108 -0
- package/areas/template/workflow.tmpl.md +104 -0
- package/bin/agentic.js +24 -0
- package/extensions/antigravity/GEMINI.md +10 -0
- package/extensions/claude/CLAUDE.md +10 -0
- package/extensions/codex/AGENTS.override.md +93 -0
- package/extensions/gemini/GEMINI.md +10 -0
- package/extensions/opencode/agents/designer.md +65 -0
- package/extensions/opencode/agents/developer.md +63 -0
- package/extensions/opencode/agents/devops-engineer.md +69 -0
- package/extensions/opencode/agents/pm.md +61 -0
- package/extensions/opencode/agents/product-owner.md +76 -0
- package/extensions/opencode/agents/qa.md +66 -0
- package/extensions/opencode/agents/team-lead.md +67 -0
- package/extensions/opencode/commands/feature.md +75 -0
- package/extensions/opencode/opencode.json +93 -0
- package/extensions/opencode/plugins/model-checker.json +14 -0
- package/extensions/opencode/plugins/model-checker.ts +279 -0
- package/extensions/opencode/plugins/sound-notification.ts +13 -0
- package/extensions/opencode/plugins/telegram-notification.ts +86 -0
- package/extensions/opencode/skills/code_review_expert/SKILL.md +144 -0
- package/extensions/opencode/skills/design_expert/SKILL.md +42 -0
- package/extensions/opencode/skills/qa_expert/SKILL.md +116 -0
- package/package.json +19 -0
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: compliance-report
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/compliance-report`
|
|
6
|
+
|
|
7
|
+
Use when: generating a compliance evidence report for a specific framework (SOC 2, PCI-DSS, GDPR, ISO 27001) — mapping controls to evidence and identifying gaps.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — SOC 2 Type II readiness
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/compliance-report
|
|
16
|
+
|
|
17
|
+
Framework: SOC 2 Type II (Trust Service Criteria: Security + Availability)
|
|
18
|
+
Scope: order-service, payment-service, user-service (production AWS environment)
|
|
19
|
+
Audit window: last 12 months
|
|
20
|
+
Evidence sources to collect:
|
|
21
|
+
- Access control: IAM role assignments, MFA enforcement logs (AWS CloudTrail)
|
|
22
|
+
- Change management: PR merge records, CI/CD pipeline logs (GitHub Actions)
|
|
23
|
+
- Incident response: PagerDuty incident log, postmortem documents
|
|
24
|
+
- Monitoring: CloudWatch alarm configs, uptime records (SLA: 99.9%)
|
|
25
|
+
- Encryption: KMS key policies, S3 bucket encryption settings
|
|
26
|
+
Gaps from last audit: CC6.1 (access review not documented quarterly)
|
|
27
|
+
Output: compliance-report-soc2-2024.md — control matrix with evidence links + gap list
|
|
28
|
+
```
|
|
29
|
+
|
|
30
|
+
**RU:**
|
|
31
|
+
```
|
|
32
|
+
/compliance-report
|
|
33
|
+
|
|
34
|
+
Фреймворк: SOC 2 Type II (Trust Service Criteria: Security + Availability)
|
|
35
|
+
Скоуп: order-service, payment-service, user-service (production AWS окружение)
|
|
36
|
+
Период аудита: последние 12 месяцев
|
|
37
|
+
Источники доказательств для сбора:
|
|
38
|
+
- Контроль доступа: назначения IAM ролей, логи соблюдения MFA (AWS CloudTrail)
|
|
39
|
+
- Управление изменениями: записи мержа PR, логи CI/CD pipeline (GitHub Actions)
|
|
40
|
+
- Реагирование на инциденты: лог инцидентов PagerDuty, документы postmortem
|
|
41
|
+
- Мониторинг: конфигурации алармов CloudWatch, записи uptime (SLA: 99.9%)
|
|
42
|
+
- Шифрование: политики KMS ключей, настройки шифрования S3 bucket
|
|
43
|
+
Пробелы с прошлого аудита: CC6.1 (ежеквартальный ревью доступа не задокументирован)
|
|
44
|
+
Результат: compliance-report-soc2-2024.md — матрица контролей со ссылками на доказательства + список пробелов
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
---
|
|
48
|
+
|
|
49
|
+
## Example 2 — GDPR data processing audit
|
|
50
|
+
|
|
51
|
+
**EN:**
|
|
52
|
+
```
|
|
53
|
+
/compliance-report
|
|
54
|
+
|
|
55
|
+
Framework: GDPR (EU) — Articles 13, 14, 17, 30
|
|
56
|
+
Concern: new analytics pipeline collects user behaviour events — need DPA review
|
|
57
|
+
Data flows to document:
|
|
58
|
+
- User events → Kafka → ClickHouse (EU region) — retention 90 days
|
|
59
|
+
- Aggregated reports → BigQuery (EU region) — retention 3 years
|
|
60
|
+
- Raw events → S3 (EU region) — retention 30 days
|
|
61
|
+
PII in events: user_id (pseudonymised), session_id, country, browser
|
|
62
|
+
Legal basis: legitimate interest (analytics) — documented in privacy policy v3.2
|
|
63
|
+
Right to erasure: user_id hash deletion must cascade to ClickHouse + BigQuery
|
|
64
|
+
Output: Article 30 record of processing + erasure procedure + DPA checklist
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
**RU:**
|
|
68
|
+
```
|
|
69
|
+
/compliance-report
|
|
70
|
+
|
|
71
|
+
Фреймворк: GDPR (EU) — Статьи 13, 14, 17, 30
|
|
72
|
+
Озабоченность: новый analytics pipeline собирает события поведения пользователей — нужно ревью DPA
|
|
73
|
+
Потоки данных для документирования:
|
|
74
|
+
- Пользовательские события → Kafka → ClickHouse (EU регион) — хранение 90 дней
|
|
75
|
+
- Агрегированные отчёты → BigQuery (EU регион) — хранение 3 года
|
|
76
|
+
- Сырые события → S3 (EU регион) — хранение 30 дней
|
|
77
|
+
PII в событиях: user_id (псевдоанонимизирован), session_id, country, browser
|
|
78
|
+
Правовое основание: законный интерес (аналитика) — задокументировано в политике конфиденциальности v3.2
|
|
79
|
+
Право на удаление: удаление хэша user_id должно каскадироваться в ClickHouse + BigQuery
|
|
80
|
+
Результат: Запись обработки по Статье 30 + процедура удаления + чеклист DPA
|
|
81
|
+
```
|
|
82
|
+
|
|
83
|
+
---
|
|
84
|
+
|
|
85
|
+
## Example 3 — Quick / PCI-DSS scope check
|
|
86
|
+
|
|
87
|
+
**EN:**
|
|
88
|
+
```
|
|
89
|
+
/compliance-report
|
|
90
|
+
|
|
91
|
+
Framework: PCI-DSS v4.0 — scope assessment only (not full audit)
|
|
92
|
+
Question: does our new in-app chat feature bring card data into PCI scope?
|
|
93
|
+
Context: chat allows users to type free text; could contain card numbers
|
|
94
|
+
Assessment needed:
|
|
95
|
+
- Is chat text stored? Where? How long?
|
|
96
|
+
- Is there PAN detection / masking on input?
|
|
97
|
+
- Does Stripe.js token flow bypass our servers?
|
|
98
|
+
Output: scope determination (in-scope / out-of-scope) with justification + required controls if in-scope
|
|
99
|
+
```
|
|
100
|
+
|
|
101
|
+
**RU:**
|
|
102
|
+
```
|
|
103
|
+
/compliance-report
|
|
104
|
+
|
|
105
|
+
Фреймворк: PCI-DSS v4.0 — только оценка скоупа (не полный аудит)
|
|
106
|
+
Вопрос: попадает ли наша новая функция внутреннего чата в скоуп PCI из-за данных карт?
|
|
107
|
+
Контекст: чат позволяет пользователям вводить произвольный текст; может содержать номера карт
|
|
108
|
+
Необходимая оценка:
|
|
109
|
+
- Хранится ли текст чата? Где? Как долго?
|
|
110
|
+
- Есть ли обнаружение PAN / маскирование на вводе?
|
|
111
|
+
- Обходит ли Stripe.js токен flow наши серверы?
|
|
112
|
+
Результат: определение скоупа (в скоупе / вне скоупа) с обоснованием + необходимые контроли если в скоупе
|
|
113
|
+
```
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: pen-test-sim
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/pen-test-sim`
|
|
6
|
+
|
|
7
|
+
Use when: simulating a penetration test on a staging environment to find exploitable vulnerabilities before they reach production.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — Full web application pen test
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/pen-test-sim
|
|
16
|
+
|
|
17
|
+
Target: https://staging.myapp.com (isolated staging — not production)
|
|
18
|
+
Scope: web application only; infrastructure out of scope
|
|
19
|
+
Authorization: confirmed — written sign-off from CTO (attached)
|
|
20
|
+
Application type: SPA (React) + REST API (FastAPI) + PostgreSQL
|
|
21
|
+
Auth mechanism: JWT (RS256) in Authorization header + refresh token in HttpOnly cookie
|
|
22
|
+
Test areas (OWASP Top 10 focus):
|
|
23
|
+
- A01 Broken Access Control: IDOR on /api/orders/{id}, horizontal privilege escalation
|
|
24
|
+
- A02 Cryptographic Failures: JWT algorithm confusion (RS256→HS256), weak token entropy
|
|
25
|
+
- A03 Injection: SQL injection in search/filter params, NoSQL injection if applicable
|
|
26
|
+
- A07 Identity/Auth Failures: brute force, credential stuffing, session fixation
|
|
27
|
+
- A09 Logging Failures: verify audit events present for sensitive actions
|
|
28
|
+
Test accounts: admin@test.myapp.com / viewer@test.myapp.com (credentials in vault)
|
|
29
|
+
Output: pentest-report.md — finding per OWASP category, CVSS score, PoC, remediation
|
|
30
|
+
```
|
|
31
|
+
|
|
32
|
+
**RU:**
|
|
33
|
+
```
|
|
34
|
+
/pen-test-sim
|
|
35
|
+
|
|
36
|
+
Цель: https://staging.myapp.com (изолированный staging — не production)
|
|
37
|
+
Скоуп: только веб-приложение; инфраструктура вне скоупа
|
|
38
|
+
Авторизация: подтверждена — письменное согласие от CTO (приложено)
|
|
39
|
+
Тип приложения: SPA (React) + REST API (FastAPI) + PostgreSQL
|
|
40
|
+
Механизм auth: JWT (RS256) в Authorization header + refresh token в HttpOnly cookie
|
|
41
|
+
Области тестирования (фокус OWASP Top 10):
|
|
42
|
+
- A01 Broken Access Control: IDOR на /api/orders/{id}, горизонтальная эскалация привилегий
|
|
43
|
+
- A02 Cryptographic Failures: JWT algorithm confusion (RS256→HS256), слабая энтропия токена
|
|
44
|
+
- A03 Injection: SQL injection в параметрах поиска/фильтрации, NoSQL injection если применимо
|
|
45
|
+
- A07 Identity/Auth Failures: brute force, credential stuffing, session fixation
|
|
46
|
+
- A09 Logging Failures: проверить наличие audit событий для чувствительных действий
|
|
47
|
+
Тестовые аккаунты: admin@test.myapp.com / viewer@test.myapp.com (credentials в vault)
|
|
48
|
+
Результат: pentest-report.md — находка по категории OWASP, CVSS оценка, PoC, устранение
|
|
49
|
+
```
|
|
50
|
+
|
|
51
|
+
---
|
|
52
|
+
|
|
53
|
+
## Example 2 — API-only targeted test
|
|
54
|
+
|
|
55
|
+
**EN:**
|
|
56
|
+
```
|
|
57
|
+
/pen-test-sim
|
|
58
|
+
|
|
59
|
+
Target: staging API — https://api-staging.myapp.com/api/v1
|
|
60
|
+
Scope: REST API endpoints only (no frontend, no infrastructure)
|
|
61
|
+
Focus: authentication bypass and authorisation boundary violations
|
|
62
|
+
Specific concern: new multi-tenant feature — verify tenant A cannot access tenant B data
|
|
63
|
+
Test vectors:
|
|
64
|
+
- JWT tampering: modify tenant_id claim, try none algorithm
|
|
65
|
+
- Forced browsing: enumerate /api/v1/tenants/{id}/... with ids 1–1000
|
|
66
|
+
- Mass assignment: send undocumented fields in PATCH requests
|
|
67
|
+
- Rate limiting: confirm 429 on /api/v1/auth/token after 10 failed attempts
|
|
68
|
+
Tools: Burp Suite CE, custom Python scripts
|
|
69
|
+
Output: findings per endpoint with HTTP request/response evidence
|
|
70
|
+
```
|
|
71
|
+
|
|
72
|
+
**RU:**
|
|
73
|
+
```
|
|
74
|
+
/pen-test-sim
|
|
75
|
+
|
|
76
|
+
Цель: staging API — https://api-staging.myapp.com/api/v1
|
|
77
|
+
Скоуп: только REST API эндпоинты (без фронтенда, без инфраструктуры)
|
|
78
|
+
Фокус: обход аутентификации и нарушения границ авторизации
|
|
79
|
+
Конкретная озабоченность: новая multi-tenant фича — убедиться что tenant A не может получить данные tenant B
|
|
80
|
+
Тестовые векторы:
|
|
81
|
+
- JWT tampering: изменить claim tenant_id, попробовать алгоритм none
|
|
82
|
+
- Forced browsing: перечислить /api/v1/tenants/{id}/... с id 1–1000
|
|
83
|
+
- Mass assignment: отправить недокументированные поля в PATCH запросах
|
|
84
|
+
- Rate limiting: убедиться в 429 на /api/v1/auth/token после 10 неудачных попыток
|
|
85
|
+
Инструменты: Burp Suite CE, кастомные Python скрипты
|
|
86
|
+
Результат: находки по эндпоинту с доказательствами HTTP запрос/ответ
|
|
87
|
+
```
|
|
88
|
+
|
|
89
|
+
---
|
|
90
|
+
|
|
91
|
+
## Example 3 — Quick / Auth flow check
|
|
92
|
+
|
|
93
|
+
**EN:**
|
|
94
|
+
```
|
|
95
|
+
/pen-test-sim
|
|
96
|
+
|
|
97
|
+
Scope: authentication flow only — login, registration, password reset
|
|
98
|
+
Target: staging environment
|
|
99
|
+
Check: password reset token entropy (should be ≥ 128 bits); token expiry enforced;
|
|
100
|
+
reset link single-use; account enumeration via timing attack on /auth/login
|
|
101
|
+
Output: pass/fail per check with evidence; critical findings block release
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
**RU:**
|
|
105
|
+
```
|
|
106
|
+
/pen-test-sim
|
|
107
|
+
|
|
108
|
+
Скоуп: только поток аутентификации — вход, регистрация, сброс пароля
|
|
109
|
+
Цель: staging окружение
|
|
110
|
+
Проверить: энтропия токена сброса пароля (должна быть ≥ 128 бит); истечение токена соблюдается;
|
|
111
|
+
ссылка для сброса одноразовая; перечисление аккаунтов через timing attack на /auth/login
|
|
112
|
+
Результат: pass/fail по каждой проверке с доказательствами; критические находки блокируют релиз
|
|
113
|
+
```
|
|
@@ -0,0 +1,115 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: secret-rotation
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/secret-rotation`
|
|
6
|
+
|
|
7
|
+
Use when: rotating credentials, API keys, or certificates without service downtime — using the dual-read window pattern.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — Database password rotation
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/secret-rotation
|
|
16
|
+
|
|
17
|
+
Secret type: PostgreSQL superuser password (prod)
|
|
18
|
+
Reason: scheduled quarterly rotation (compliance requirement)
|
|
19
|
+
Services consuming this secret: order-service, payment-service, analytics-service
|
|
20
|
+
Secret manager: AWS Secrets Manager
|
|
21
|
+
Current secret name: prod/db/postgres-password
|
|
22
|
+
Rotation strategy: dual-read window
|
|
23
|
+
Phase 1: create new password, store as prod/db/postgres-password-new
|
|
24
|
+
Phase 2: deploy all services with dual-read (try new → fall back to old)
|
|
25
|
+
Phase 3: verify all services healthy with new password
|
|
26
|
+
Phase 4: revoke old password, rename new → canonical
|
|
27
|
+
Rollback plan: revert all services to old secret if error rate > 0.1% in Phase 3
|
|
28
|
+
Zero-downtime requirement: yes — prod traffic must not be interrupted
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
**RU:**
|
|
32
|
+
```
|
|
33
|
+
/secret-rotation
|
|
34
|
+
|
|
35
|
+
Тип секрета: пароль суперпользователя PostgreSQL (prod)
|
|
36
|
+
Причина: плановая квартальная ротация (требование compliance)
|
|
37
|
+
Сервисы использующие этот секрет: order-service, payment-service, analytics-service
|
|
38
|
+
Secret manager: AWS Secrets Manager
|
|
39
|
+
Текущее имя секрета: prod/db/postgres-password
|
|
40
|
+
Стратегия ротации: dual-read window
|
|
41
|
+
Фаза 1: создать новый пароль, сохранить как prod/db/postgres-password-new
|
|
42
|
+
Фаза 2: задеплоить все сервисы с dual-read (пробовать новый → откат к старому)
|
|
43
|
+
Фаза 3: убедиться что все сервисы здоровы с новым паролем
|
|
44
|
+
Фаза 4: отозвать старый пароль, переименовать новый → канонический
|
|
45
|
+
План отката: откатить все сервисы к старому секрету если error rate > 0.1% в Фазе 3
|
|
46
|
+
Требование zero-downtime: да — прод трафик не должен прерываться
|
|
47
|
+
```
|
|
48
|
+
|
|
49
|
+
---
|
|
50
|
+
|
|
51
|
+
## Example 2 — Third-party API key rotation (after suspected leak)
|
|
52
|
+
|
|
53
|
+
**EN:**
|
|
54
|
+
```
|
|
55
|
+
/secret-rotation
|
|
56
|
+
|
|
57
|
+
Secret type: Stripe secret API key (sk_live_...)
|
|
58
|
+
Reason: URGENT — key found in git history (commit abc1234, merged 6 days ago)
|
|
59
|
+
Risk: key may be compromised; unknown if exploited
|
|
60
|
+
Immediate actions needed:
|
|
61
|
+
1. Generate new Stripe key NOW via Stripe dashboard
|
|
62
|
+
2. Deploy new key to all environments (prod, staging) within 30 minutes
|
|
63
|
+
3. Revoke old key in Stripe dashboard
|
|
64
|
+
4. Audit Stripe dashboard for unexpected API calls in last 6 days
|
|
65
|
+
5. Add git-secrets / trufflehog pre-commit hook to prevent recurrence
|
|
66
|
+
Services affected: payment-service, subscription-service
|
|
67
|
+
Secret manager: HashiCorp Vault
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
**RU:**
|
|
71
|
+
```
|
|
72
|
+
/secret-rotation
|
|
73
|
+
|
|
74
|
+
Тип секрета: Stripe secret API key (sk_live_...)
|
|
75
|
+
Причина: СРОЧНО — ключ найден в git истории (коммит abc1234, слит 6 дней назад)
|
|
76
|
+
Риск: ключ может быть скомпрометирован; неизвестно был ли использован
|
|
77
|
+
Немедленные действия:
|
|
78
|
+
1. Сгенерировать новый Stripe ключ СЕЙЧАС через Stripe dashboard
|
|
79
|
+
2. Задеплоить новый ключ во все окружения (prod, staging) в течение 30 минут
|
|
80
|
+
3. Отозвать старый ключ в Stripe dashboard
|
|
81
|
+
4. Проверить Stripe dashboard на неожиданные API вызовы за последние 6 дней
|
|
82
|
+
5. Добавить git-secrets / trufflehog pre-commit hook для предотвращения рецидива
|
|
83
|
+
Затронутые сервисы: payment-service, subscription-service
|
|
84
|
+
Secret manager: HashiCorp Vault
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
---
|
|
88
|
+
|
|
89
|
+
## Example 3 — TLS certificate renewal
|
|
90
|
+
|
|
91
|
+
**EN:**
|
|
92
|
+
```
|
|
93
|
+
/secret-rotation
|
|
94
|
+
|
|
95
|
+
Secret type: TLS certificate for api.myapp.com (Let's Encrypt)
|
|
96
|
+
Reason: certificate expires in 14 days (automated renewal failed)
|
|
97
|
+
Current location: Kubernetes Secret tls-api-cert in namespace prod
|
|
98
|
+
Renewal tool: cert-manager (already installed, renewal should be automatic)
|
|
99
|
+
Diagnose: check cert-manager logs for renewal failure reason
|
|
100
|
+
After renewal: verify new cert loaded by nginx ingress without pod restart
|
|
101
|
+
Alert: set up monitoring alert if cert expiry < 30 days
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
**RU:**
|
|
105
|
+
```
|
|
106
|
+
/secret-rotation
|
|
107
|
+
|
|
108
|
+
Тип секрета: TLS сертификат для api.myapp.com (Let's Encrypt)
|
|
109
|
+
Причина: сертификат истекает через 14 дней (автоматическое обновление не сработало)
|
|
110
|
+
Текущее расположение: Kubernetes Secret tls-api-cert в namespace prod
|
|
111
|
+
Инструмент обновления: cert-manager (уже установлен, обновление должно быть автоматическим)
|
|
112
|
+
Диагностика: проверить логи cert-manager на причину сбоя обновления
|
|
113
|
+
После обновления: убедиться что новый сертификат загружен nginx ingress без перезапуска подов
|
|
114
|
+
Оповещение: настроить monitoring alert если истечение cert < 30 дней
|
|
115
|
+
```
|
|
@@ -0,0 +1,91 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: security-scan
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/security-scan`
|
|
6
|
+
|
|
7
|
+
Use when: running a full automated security sweep — SAST, dependency audit, secrets detection, IaC checks — before a release or after a major change.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — Pre-release security gate
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/security-scan
|
|
16
|
+
|
|
17
|
+
Trigger: release candidate v2.5.0 ready for staging sign-off
|
|
18
|
+
Scope: full — SAST + dependency CVEs + secrets + IaC (Terraform)
|
|
19
|
+
Stack: Python 3.12 / FastAPI, PostgreSQL, Redis, Terraform (AWS)
|
|
20
|
+
Tools available: bandit, ruff, safety, trufflehog, tfsec, semgrep
|
|
21
|
+
Severity threshold: block release on any Critical or High; report Medium/Low
|
|
22
|
+
Output: security-scan-report.md with findings, severity, remediation steps
|
|
23
|
+
Branch: release/2.5.0
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
**RU:**
|
|
27
|
+
```
|
|
28
|
+
/security-scan
|
|
29
|
+
|
|
30
|
+
Триггер: release candidate v2.5.0 готов к sign-off на staging
|
|
31
|
+
Скоуп: полный — SAST + CVE зависимостей + секреты + IaC (Terraform)
|
|
32
|
+
Стек: Python 3.12 / FastAPI, PostgreSQL, Redis, Terraform (AWS)
|
|
33
|
+
Доступные инструменты: bandit, ruff, safety, trufflehog, tfsec, semgrep
|
|
34
|
+
Порог серьёзности: блокировать релиз на любом Critical или High; отчитываться о Medium/Low
|
|
35
|
+
Результат: security-scan-report.md с находками, серьёзностью, шагами устранения
|
|
36
|
+
Ветка: release/2.5.0
|
|
37
|
+
```
|
|
38
|
+
|
|
39
|
+
---
|
|
40
|
+
|
|
41
|
+
## Example 2 — Post-incident targeted scan
|
|
42
|
+
|
|
43
|
+
**EN:**
|
|
44
|
+
```
|
|
45
|
+
/security-scan
|
|
46
|
+
|
|
47
|
+
Trigger: post-incident — suspected SQL injection in orders module (INC-2024-088)
|
|
48
|
+
Scope: targeted — SAST only on src/api/ and src/repositories/; dependency audit for SQLAlchemy
|
|
49
|
+
Priority: SQL injection patterns, unsanitised inputs, ORM bypass risks
|
|
50
|
+
Skip: IaC scan, secrets scan (already clean, saves time)
|
|
51
|
+
Output: findings with code location + PoC query if reproducible
|
|
52
|
+
Timeframe: results needed within 2 hours for incident postmortem
|
|
53
|
+
```
|
|
54
|
+
|
|
55
|
+
**RU:**
|
|
56
|
+
```
|
|
57
|
+
/security-scan
|
|
58
|
+
|
|
59
|
+
Триггер: после инцидента — подозрение на SQL injection в модуле orders (INC-2024-088)
|
|
60
|
+
Скоуп: целевой — только SAST на src/api/ и src/repositories/; аудит зависимостей для SQLAlchemy
|
|
61
|
+
Приоритет: паттерны SQL injection, неэкранированные входные данные, риски обхода ORM
|
|
62
|
+
Пропустить: IaC сканирование, проверку секретов (уже чисто, экономия времени)
|
|
63
|
+
Результат: находки с расположением кода + PoC запрос если воспроизводимо
|
|
64
|
+
Срок: результаты нужны в течение 2 часов для postmortem инцидента
|
|
65
|
+
```
|
|
66
|
+
|
|
67
|
+
---
|
|
68
|
+
|
|
69
|
+
## Example 3 — Dependency-only quick scan
|
|
70
|
+
|
|
71
|
+
**EN:**
|
|
72
|
+
```
|
|
73
|
+
/security-scan
|
|
74
|
+
|
|
75
|
+
Scope: dependency CVE audit only
|
|
76
|
+
Stack: Node.js 20 / Express, npm lockfile
|
|
77
|
+
Command: npm audit --audit-level=high
|
|
78
|
+
Auto-fix: apply non-breaking patches automatically (npm audit fix)
|
|
79
|
+
Report: list packages with unresolved High/Critical CVEs that need manual review
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
**RU:**
|
|
83
|
+
```
|
|
84
|
+
/security-scan
|
|
85
|
+
|
|
86
|
+
Скоуп: только аудит CVE зависимостей
|
|
87
|
+
Стек: Node.js 20 / Express, npm lockfile
|
|
88
|
+
Команда: npm audit --audit-level=high
|
|
89
|
+
Авто-исправление: применить неломающие патчи автоматически (npm audit fix)
|
|
90
|
+
Отчёт: список пакетов с неустранёнными High/Critical CVE которые требуют ручного ревью
|
|
91
|
+
```
|
|
@@ -0,0 +1,105 @@
|
|
|
1
|
+
---
|
|
2
|
+
workflow: threat-model-review
|
|
3
|
+
---
|
|
4
|
+
|
|
5
|
+
# Prompt: `/threat-model-review`
|
|
6
|
+
|
|
7
|
+
Use when: reviewing an existing or new system design for security threats using STRIDE methodology before implementation or as part of an architecture review.
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Example 1 — New feature threat model
|
|
12
|
+
|
|
13
|
+
**EN:**
|
|
14
|
+
```
|
|
15
|
+
/threat-model-review
|
|
16
|
+
|
|
17
|
+
Feature: "OAuth2 social login (Google + GitHub)"
|
|
18
|
+
Stage: pre-implementation design review
|
|
19
|
+
System context:
|
|
20
|
+
- Current auth: username/password with JWT (RS256)
|
|
21
|
+
- Adding: OAuth2 authorization code flow
|
|
22
|
+
- New components: OAuth callback endpoint, state parameter store (Redis), token exchange
|
|
23
|
+
- User data stored: OAuth provider user ID, email, profile picture URL
|
|
24
|
+
Threat focus: token interception, CSRF via state param, account takeover via email collision
|
|
25
|
+
Assets to protect: user session, OAuth tokens, account linkage integrity
|
|
26
|
+
Output: STRIDE threat table + prioritised mitigations + go/no-go recommendation
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
**RU:**
|
|
30
|
+
```
|
|
31
|
+
/threat-model-review
|
|
32
|
+
|
|
33
|
+
Фича: "OAuth2 социальный вход (Google + GitHub)"
|
|
34
|
+
Этап: ревью дизайна до реализации
|
|
35
|
+
Системный контекст:
|
|
36
|
+
- Текущая auth: username/password с JWT (RS256)
|
|
37
|
+
- Добавляем: OAuth2 authorization code flow
|
|
38
|
+
- Новые компоненты: OAuth callback endpoint, хранилище state параметра (Redis), обмен токенов
|
|
39
|
+
- Хранимые данные пользователя: OAuth provider user ID, email, URL фото профиля
|
|
40
|
+
Фокус угроз: перехват токена, CSRF через state параметр, захват аккаунта через коллизию email
|
|
41
|
+
Защищаемые активы: пользовательская сессия, OAuth токены, целостность привязки аккаунта
|
|
42
|
+
Результат: таблица угроз STRIDE + приоритизированные меры защиты + рекомендация go/no-go
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
---
|
|
46
|
+
|
|
47
|
+
## Example 2 — Architecture-level review
|
|
48
|
+
|
|
49
|
+
**EN:**
|
|
50
|
+
```
|
|
51
|
+
/threat-model-review
|
|
52
|
+
|
|
53
|
+
System: payment processing service (PCI-DSS scope)
|
|
54
|
+
Review type: full architecture threat model (annual review)
|
|
55
|
+
Architecture:
|
|
56
|
+
- Public API gateway → payment-service (internal) → Stripe API
|
|
57
|
+
- Card data: never stored locally; tokenised via Stripe.js on client
|
|
58
|
+
- Sensitive fields: card_last4, billing_address stored in payments table
|
|
59
|
+
- Internal comms: mTLS between services
|
|
60
|
+
- Admin access: VPN + MFA required
|
|
61
|
+
Compliance: PCI-DSS SAQ-A (card data handled by Stripe only)
|
|
62
|
+
Output: DFD diagram description + STRIDE analysis per trust boundary + compliance gap list
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
**RU:**
|
|
66
|
+
```
|
|
67
|
+
/threat-model-review
|
|
68
|
+
|
|
69
|
+
Система: сервис обработки платежей (зона PCI-DSS)
|
|
70
|
+
Тип ревью: полная threat model архитектуры (ежегодное ревью)
|
|
71
|
+
Архитектура:
|
|
72
|
+
- Публичный API gateway → payment-service (внутренний) → Stripe API
|
|
73
|
+
- Данные карт: никогда не хранятся локально; токенизируются через Stripe.js на клиенте
|
|
74
|
+
- Чувствительные поля: card_last4, billing_address хранятся в таблице payments
|
|
75
|
+
- Внутренние коммуникации: mTLS между сервисами
|
|
76
|
+
- Доступ администратора: VPN + MFA обязательны
|
|
77
|
+
Соответствие: PCI-DSS SAQ-A (данные карт обрабатываются только Stripe)
|
|
78
|
+
Результат: описание DFD диаграммы + STRIDE анализ на каждой границе доверия + список несоответствий
|
|
79
|
+
```
|
|
80
|
+
|
|
81
|
+
---
|
|
82
|
+
|
|
83
|
+
## Example 3 — Quick / Single endpoint review
|
|
84
|
+
|
|
85
|
+
**EN:**
|
|
86
|
+
```
|
|
87
|
+
/threat-model-review
|
|
88
|
+
|
|
89
|
+
Scope: single endpoint — POST /admin/users/{id}/impersonate
|
|
90
|
+
Context: allows support team to log in as any user for debugging
|
|
91
|
+
Concerns: privilege escalation, audit trail completeness, session isolation
|
|
92
|
+
Must verify: impersonation sessions cannot perform irreversible actions (payments, deletions)
|
|
93
|
+
Output: threat list + required controls (audit log, scope restriction, TTL)
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
**RU:**
|
|
97
|
+
```
|
|
98
|
+
/threat-model-review
|
|
99
|
+
|
|
100
|
+
Скоуп: один эндпоинт — POST /admin/users/{id}/impersonate
|
|
101
|
+
Контекст: позволяет команде поддержки входить от имени любого пользователя для отладки
|
|
102
|
+
Опасения: эскалация привилегий, полнота audit trail, изоляция сессий
|
|
103
|
+
Обязательно проверить: сессии имперсонации не могут выполнять необратимые действия (платежи, удаления)
|
|
104
|
+
Результат: список угроз + необходимые меры (audit log, ограничение скоупа, TTL)
|
|
105
|
+
```
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# Rule: Compliance Baseline
|
|
2
|
+
|
|
3
|
+
**Priority**: P1 — Required before processing real user data.
|
|
4
|
+
|
|
5
|
+
## Minimum Controls
|
|
6
|
+
|
|
7
|
+
| Control | Requirement |
|
|
8
|
+
|:---|:---|
|
|
9
|
+
| Encryption at rest | All databases and file storage encrypted |
|
|
10
|
+
| Encryption in transit | TLS 1.2+ on all endpoints |
|
|
11
|
+
| Access logging | All admin actions logged with actor identity |
|
|
12
|
+
| Backup & recovery | Data backed up daily; restore tested quarterly |
|
|
13
|
+
| Incident response | Defined escalation path and communication plan |
|
|
14
|
+
| Vulnerability scanning | Weekly automated scan; critical patched within 7 days |
|
|
15
|
+
|
|
16
|
+
## PCI DSS (if handling card data)
|
|
17
|
+
- Card data never stored post-authorization (use Stripe/Adyen tokens)
|
|
18
|
+
- Network segmentation: cardholder data environment isolated
|
|
19
|
+
|
|
20
|
+
## GDPR/CCPA (if processing EU/CA user data)
|
|
21
|
+
- Data processing inventory maintained
|
|
22
|
+
- User deletion must complete within 30 days
|
|
23
|
+
- Breach notification procedure in place (72-hour window for GDPR)
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# Rule: Dependency Security Policy
|
|
2
|
+
|
|
3
|
+
**Priority**: P1 — Critical CVEs block deploy; High CVEs require plan within 72 hours.
|
|
4
|
+
|
|
5
|
+
## Constraints
|
|
6
|
+
|
|
7
|
+
1. **No direct use of packages with Critical CVEs**: Upgrade or replace immediately.
|
|
8
|
+
2. **High CVEs**: Remediation plan within 72 hours.
|
|
9
|
+
3. **Dependency audit in CI**: `npm audit`, `pip audit`, `trivy` run on every PR. Fail on severity ≥ HIGH.
|
|
10
|
+
4. **Pin transitive dependencies**: Lockfiles committed to Git (`package-lock.json`, `poetry.lock`, `go.sum`).
|
|
11
|
+
5. **No abandoned packages**: Packages without updates > 2 years require security review.
|
|
12
|
+
6. **License compliance**: No GPL in closed-source products without legal review. MIT, Apache 2.0, BSD pre-approved.
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Rule: Secrets Policy
|
|
2
|
+
|
|
3
|
+
**Priority**: P0 — Any committed secret triggers immediate incident response.
|
|
4
|
+
|
|
5
|
+
## Constraints
|
|
6
|
+
|
|
7
|
+
1. **Zero secrets in Git**: No passwords, API keys, tokens, certificates in any committed file — including `.env.example`.
|
|
8
|
+
2. **Pre-commit scanning mandatory**: `gitleaks` or `trufflehog` must run as pre-commit hook and in CI on every PR.
|
|
9
|
+
3. **Secret store required**: All secrets stored in: AWS Secrets Manager, HashiCorp Vault, GCP Secret Manager, or Azure Key Vault.
|
|
10
|
+
4. **Rotation schedule**: Every secret has defined expiry. No secret older than 90 days without documented rotation.
|
|
11
|
+
5. **Audit trail**: All secret access events must be logged (CloudTrail, Vault audit log).
|
|
12
|
+
|
|
13
|
+
## If a Secret is Leaked
|
|
14
|
+
|
|
15
|
+
```
|
|
16
|
+
Within 30 minutes:
|
|
17
|
+
1. REVOKE the exposed secret immediately
|
|
18
|
+
2. Audit access logs for the exposure window
|
|
19
|
+
3. Rotate all secrets sharing the same scope
|
|
20
|
+
4. File security incident report
|
|
21
|
+
5. Remove from Git history (git filter-repo) — does NOT replace revocation
|
|
22
|
+
```
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# Rule: Secure Coding Standards
|
|
2
|
+
|
|
3
|
+
**Priority**: P0 — Security vulnerabilities block merge unconditionally.
|
|
4
|
+
|
|
5
|
+
## Input Validation & Injection Prevention
|
|
6
|
+
|
|
7
|
+
1. **Validate all inputs at system boundaries**: HTTP requests, file uploads, queue payloads validated for type, length, format before processing.
|
|
8
|
+
2. **Parameterized queries only**: SQL never constructed via string concatenation. Use ORM or parameterized prepared statements.
|
|
9
|
+
3. **Output encoding**: User-controlled data rendered in HTML must be encoded. Never use `dangerouslySetInnerHTML` without `DOMPurify`.
|
|
10
|
+
4. **Command injection prevention**: Never pass user input to shell commands. Use allowlist validation and argument arrays.
|
|
11
|
+
5. **Path traversal prevention**: File paths from user input must be canonicalized against an allowed base directory.
|
|
12
|
+
|
|
13
|
+
## Authentication & Authorization
|
|
14
|
+
|
|
15
|
+
6. **Authentication on all endpoints**: Every endpoint explicitly declares auth requirement. "Private by default" with explicit `@public` annotation.
|
|
16
|
+
7. **Authorization checked server-side**: Re-verify permissions on every request. Never trust client-side auth state.
|
|
17
|
+
8. **No security through obscurity**: Hiding endpoints is not an access control mechanism.
|
|
18
|
+
|
|
19
|
+
## Error Handling
|
|
20
|
+
|
|
21
|
+
9. **No stack traces in production responses**: Generic messages to clients; details logged server-side only.
|
|
22
|
+
10. **No sensitive data in logs**: Passwords, tokens, credit card numbers, PII never in log output.
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
# Skill: Authentication & Authorization Patterns
|
|
2
|
+
|
|
3
|
+
## When to load
|
|
4
|
+
|
|
5
|
+
When implementing login, token management, OAuth integration, RBAC, or reviewing auth code.
|
|
6
|
+
|
|
7
|
+
## JWT Best Practices
|
|
8
|
+
|
|
9
|
+
```python
|
|
10
|
+
def create_access_token(user_id: str) -> str:
|
|
11
|
+
return jwt.encode(
|
|
12
|
+
payload={
|
|
13
|
+
"sub": user_id,
|
|
14
|
+
"iat": datetime.utcnow(),
|
|
15
|
+
"exp": datetime.utcnow() + timedelta(minutes=15), # Short expiry
|
|
16
|
+
"jti": str(uuid.uuid4()), # Unique ID for revocation
|
|
17
|
+
"type": "access", # Prevent refresh token as access token
|
|
18
|
+
},
|
|
19
|
+
key=settings.JWT_PRIVATE_KEY,
|
|
20
|
+
algorithm="RS256", # Asymmetric. Never HS256 in distributed systems.
|
|
21
|
+
)
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
**Anti-patterns**: No `exp` claim; storing JWT in `localStorage`; using `alg: none`; sensitive data in payload.
|
|
25
|
+
|
|
26
|
+
## RBAC Pattern
|
|
27
|
+
|
|
28
|
+
```python
|
|
29
|
+
PERMISSIONS = {
|
|
30
|
+
"invoices:read": ["viewer", "editor", "admin"],
|
|
31
|
+
"invoices:create": ["editor", "admin"],
|
|
32
|
+
"invoices:delete": ["admin"],
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
def require_permission(permission: str):
|
|
36
|
+
def dependency(current_user: User = Depends(get_current_user)):
|
|
37
|
+
allowed_roles = PERMISSIONS.get(permission, [])
|
|
38
|
+
if current_user.role not in allowed_roles:
|
|
39
|
+
raise HTTPException(status_code=403)
|
|
40
|
+
return current_user
|
|
41
|
+
return dependency
|
|
42
|
+
```
|