@maestro-ai/mcp-server 1.0.0 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +266 -227
- package/dist/content/design-system/README.md +231 -231
- package/dist/content/design-system/indexes/README.md +211 -211
- package/dist/content/design-system/indexes/colors-index.md +156 -156
- package/dist/content/design-system/indexes/quick-search.md +111 -111
- package/dist/content/design-system/indexes/stacks-index.md +341 -341
- package/dist/content/examples/Exemplo de Fluxo Completo com Java e Spring Boot.md +249 -249
- package/dist/content/examples/Exemplo de Fluxo Completo com Laravel e Filament.md +277 -277
- package/dist/content/examples/Exemplo de Fluxo Completo com Laravel e Livewire.md +260 -260
- package/dist/content/examples/Exemplo de Fluxo Completo com Node e NestJS.md +257 -257
- package/dist/content/guides/Cat/303/241logo de Stacks para Cloud Moderna.md" +119 -119
- package/dist/content/guides/Cat/303/241logo de Stacks para Hospedagem Compartilhada.md" +147 -147
- package/dist/content/guides/Checklist Mestre de Entrega.md +68 -68
- package/dist/content/guides/Gates de Qualidade.md +209 -209
- package/dist/content/guides/Guia de Adi/303/247/303/243o de Novas Funcionalidades.md" +355 -355
- package/dist/content/guides/Guia de Chaos Engineering.md +267 -267
- package/dist/content/guides/Guia de Debugging com IA.md +135 -135
- package/dist/content/guides/Guia de Estrat/303/251gias de Cache.md" +352 -352
- package/dist/content/guides/Guia de Migrations Zero-Downtime.md +311 -311
- package/dist/content/guides/Guia de Multi-tenancy.md +368 -368
- package/dist/content/guides/Guia de Otimiza/303/247/303/243o de Custos Cloud.md" +195 -195
- package/dist/content/guides/Guia de Refatora/303/247/303/243o de C/303/263digo Legado com IA.md" +162 -162
- package/dist/content/guides/Guia de SLOs e Error Budgets.md +315 -315
- package/dist/content/guides/M/303/251tricas de Efici/303/252ncia do Desenvolvimento com IA.md" +93 -93
- package/dist/content/guides/Rules base.md +90 -90
- package/dist/content/playbook/Playbook de Desenvolvimento com IA.md +364 -364
- package/dist/content/prompts/README.md +203 -203
- package/dist/content/prompts/acessibilidade/analise-acessibilidade.md +257 -257
- package/dist/content/prompts/apis/design-api-rest.md +303 -303
- package/dist/content/prompts/apis/idempotencia.md +254 -254
- package/dist/content/prompts/apis/versionamento.md +313 -313
- package/dist/content/prompts/arquitetura/arquitetura-c4-completo.md +190 -190
- package/dist/content/prompts/arquitetura/clean-architecture.md +151 -151
- package/dist/content/prompts/arquitetura/ddd-bounded-contexts.md +183 -183
- package/dist/content/prompts/arquitetura/ddd-cqrs.md +176 -176
- package/dist/content/prompts/arquitetura/modelo-dominio.md +207 -207
- package/dist/content/prompts/arquitetura/multi-tenancy.md +235 -235
- package/dist/content/prompts/database/migrations-zero-downtime.md +192 -192
- package/dist/content/prompts/database/otimizacao-queries.md +296 -296
- package/dist/content/prompts/desenvolvimento/code-review.md +301 -301
- package/dist/content/prompts/desenvolvimento/gerar-servico.md +271 -271
- package/dist/content/prompts/devops/docker-compose.md +336 -336
- package/dist/content/prompts/devops/feature-flags.md +374 -374
- package/dist/content/prompts/devops/kubernetes-deploy.md +460 -460
- package/dist/content/prompts/devops/pipeline-cicd.md +358 -358
- package/dist/content/prompts/devops/terraform-iac.md +502 -502
- package/dist/content/prompts/escalabilidade/analise-performance.md +240 -240
- package/dist/content/prompts/escalabilidade/analise-performance.txt +94 -94
- package/dist/content/prompts/escalabilidade/caching.md +255 -255
- package/dist/content/prompts/observabilidade/chaos-testing.md +237 -237
- package/dist/content/prompts/observabilidade/estrategia-observabilidade.md +263 -263
- package/dist/content/prompts/observabilidade/estrategia-observabilidade.txt +134 -134
- package/dist/content/prompts/observabilidade/slos.md +215 -215
- package/dist/content/prompts/produto/discovery-inicial.md +203 -203
- package/dist/content/prompts/produto/discovery-inicial.txt +33 -33
- package/dist/content/prompts/requisitos/refinar-requisitos.md +232 -232
- package/dist/content/prompts/requisitos/refinar-requisitos.txt +40 -40
- package/dist/content/prompts/seguranca/analise-seguranca.md +243 -243
- package/dist/content/prompts/seguranca/pentest-checklist.md +333 -333
- package/dist/content/prompts/seguranca/rate-limiting.md +356 -356
- package/dist/content/prompts/seguranca/revisao-lgpd.md +227 -227
- package/dist/content/prompts/seguranca/threat-modeling.md +224 -224
- package/dist/content/prompts/testes/contract-testing.md +340 -340
- package/dist/content/prompts/testes/gerar-testes-unitarios.md +474 -474
- package/dist/content/prompts/testes/testes-e2e.md +460 -460
- package/dist/content/prompts/testes/testes-integracao.md +418 -418
- package/dist/content/prompts/testes/testes-performance.md +458 -458
- package/dist/content/prompts/ux/gerar-ui-stitch.md +151 -151
- package/dist/content/rules/RULES.md +835 -835
- package/dist/content/rules/adapters/copilot.md +10 -10
- package/dist/content/rules/adapters/cursor.md +10 -10
- package/dist/content/rules/adapters/gemini.md +13 -13
- package/dist/content/rules/adapters/windsurf.md +10 -10
- package/dist/content/specialists/Especialista em Acessibilidade.md +266 -266
- package/dist/content/specialists/Especialista em An/303/241lise de Testes.md" +434 -434
- package/dist/content/specialists/Especialista em Arquitetura Avan/303/247ada.md" +358 -358
- package/dist/content/specialists/Especialista em Arquitetura de Software.md +177 -177
- package/dist/content/specialists/Especialista em Banco de Dados.md +260 -260
- package/dist/content/specialists/Especialista em Contrato de API.md +172 -172
- package/dist/content/specialists/Especialista em Dados e Analytics com IA.md +246 -246
- package/dist/content/specialists/Especialista em Debugging e Troubleshooting.md +191 -191
- package/dist/content/specialists/Especialista em Desenvolvimento Frontend.md +477 -477
- package/dist/content/specialists/Especialista em Desenvolvimento Mobile.md +241 -241
- package/dist/content/specialists/Especialista em Desenvolvimento e Vibe Coding Estruturado.md +417 -417
- package/dist/content/specialists/Especialista em DevOps e Infraestrutura.md +294 -294
- package/dist/content/specialists/Especialista em Documenta/303/247/303/243o T/303/251cnica.md" +227 -227
- package/dist/content/specialists/Especialista em Engenharia de Requisitos com IA.md +299 -299
- package/dist/content/specialists/Especialista em Explora/303/247/303/243o de Codebase.md" +179 -179
- package/dist/content/specialists/Especialista em Gest/303/243o de Produto.md" +179 -179
- package/dist/content/specialists/Especialista em Migra/303/247/303/243o e Moderniza/303/247/303/243o.md" +410 -410
- package/dist/content/specialists/Especialista em Modelagem e Arquitetura de Dom/303/255nio com IA.md" +248 -248
- package/dist/content/specialists/Especialista em Observabilidade.md +415 -415
- package/dist/content/specialists/Especialista em Performance e Escalabilidade.md +373 -373
- package/dist/content/specialists/Especialista em Plano de Execu/303/247/303/243o com IA.md" +341 -341
- package/dist/content/specialists/Especialista em Prototipagem R/303/241pida com Google Stitch.md" +419 -419
- package/dist/content/specialists/Especialista em Seguran/303/247a da Informa/303/247/303/243o.md" +508 -508
- package/dist/content/specialists/Especialista em UX Design.md +453 -453
- package/dist/content/specialists/INDEX.md +43 -43
- package/dist/content/templates/PRD.md +165 -165
- package/dist/content/templates/README.md +65 -65
- package/dist/content/templates/adr.md +103 -103
- package/dist/content/templates/arquitetura.md +279 -279
- package/dist/content/templates/backlog.md +185 -185
- package/dist/content/templates/checklist-seguranca.md +180 -180
- package/dist/content/templates/contexto.md +120 -120
- package/dist/content/templates/criterios-aceite.md +99 -99
- package/dist/content/templates/design-banco.md +270 -270
- package/dist/content/templates/design-doc.md +240 -240
- package/dist/content/templates/feature.md +88 -88
- package/dist/content/templates/historia-backend.md +84 -84
- package/dist/content/templates/historia-frontend.md +75 -75
- package/dist/content/templates/historia-usuario.md +125 -125
- package/dist/content/templates/mapa-navegacao.md +133 -133
- package/dist/content/templates/matriz-rastreabilidade.md +121 -121
- package/dist/content/templates/modelo-dominio.md +219 -219
- package/dist/content/templates/plano-testes.md +199 -199
- package/dist/content/templates/prototipo-stitch.md +138 -138
- package/dist/content/templates/requisitos.md +162 -162
- package/dist/content/templates/slo-sli.md +197 -197
- package/dist/content/workflows/README-MCP.md +363 -363
- package/dist/content/workflows/mcp-debug.md +506 -506
- package/dist/content/workflows/mcp-feature.md +385 -385
- package/dist/content/workflows/mcp-gate.md +413 -413
- package/dist/content/workflows/mcp-next.md +388 -388
- package/dist/content/workflows/mcp-refactor.md +600 -600
- package/dist/content/workflows/mcp-start.md +304 -304
- package/dist/content/workflows/mcp-status.md +400 -400
- package/dist/gates/tiers.test.js +14 -14
- package/dist/index.js +133 -133
- package/dist/resources/index.js +61 -61
- package/dist/stdio.js +39 -32
- package/dist/stdio.js.map +1 -1
- package/dist/tools/analise/performance.js +23 -23
- package/dist/tools/analise/qualidade.js +23 -23
- package/dist/tools/analise/relatorio.js +24 -24
- package/dist/tools/analise/seguranca.js +28 -28
- package/dist/tools/aprovar-gate.js +81 -81
- package/dist/tools/atualizar-codebase.js +18 -18
- package/dist/tools/avaliar-entregavel.js +18 -18
- package/dist/tools/carregar-projeto.d.ts.map +1 -1
- package/dist/tools/carregar-projeto.js +91 -116
- package/dist/tools/carregar-projeto.js.map +1 -1
- package/dist/tools/classificar.js +36 -36
- package/dist/tools/confirmar-classificacao.js +36 -36
- package/dist/tools/confirmar-stitch.js +75 -75
- package/dist/tools/contexto.js +56 -56
- package/dist/tools/fluxos-alternativos.js +98 -98
- package/dist/tools/implementar-historia.js +63 -63
- package/dist/tools/iniciar-projeto.d.ts.map +1 -1
- package/dist/tools/iniciar-projeto.js +139 -224
- package/dist/tools/iniciar-projeto.js.map +1 -1
- package/dist/tools/proximo.d.ts.map +1 -1
- package/dist/tools/proximo.js +224 -252
- package/dist/tools/proximo.js.map +1 -1
- package/dist/tools/salvar.js +59 -59
- package/dist/tools/status.d.ts.map +1 -1
- package/dist/tools/status.js +64 -93
- package/dist/tools/status.js.map +1 -1
- package/dist/tools/validar-gate.js +35 -35
- package/dist/types/response.js +11 -11
- package/dist/utils/instructions.js +48 -48
- package/dist/utils/prompt-mapper.js +16 -16
- package/dist/utils/system-md.js +33 -33
- package/package.json +67 -67
- package/dist/content/content/design-system/README.md +0 -231
- package/dist/content/content/design-system/data/charts.csv +0 -26
- package/dist/content/content/design-system/data/colors.csv +0 -97
- package/dist/content/content/design-system/data/icons.csv +0 -101
- package/dist/content/content/design-system/data/landing.csv +0 -31
- package/dist/content/content/design-system/data/products.csv +0 -97
- package/dist/content/content/design-system/data/prompts.csv +0 -24
- package/dist/content/content/design-system/data/react-performance.csv +0 -45
- package/dist/content/content/design-system/data/styles.csv +0 -59
- package/dist/content/content/design-system/data/typography.csv +0 -58
- package/dist/content/content/design-system/data/ui-reasoning.csv +0 -101
- package/dist/content/content/design-system/data/ux-guidelines.csv +0 -100
- package/dist/content/content/design-system/data/web-interface.csv +0 -31
- package/dist/content/content/design-system/indexes/README.md +0 -211
- package/dist/content/content/design-system/indexes/colors-index.md +0 -156
- package/dist/content/content/design-system/indexes/quick-search.md +0 -111
- package/dist/content/content/design-system/indexes/stacks-index.md +0 -341
- package/dist/content/content/design-system/stacks/flutter.csv +0 -53
- package/dist/content/content/design-system/stacks/html-tailwind.csv +0 -56
- package/dist/content/content/design-system/stacks/jetpack-compose.csv +0 -53
- package/dist/content/content/design-system/stacks/nextjs.csv +0 -53
- package/dist/content/content/design-system/stacks/nuxt-ui.csv +0 -51
- package/dist/content/content/design-system/stacks/nuxtjs.csv +0 -59
- package/dist/content/content/design-system/stacks/react-native.csv +0 -52
- package/dist/content/content/design-system/stacks/react.csv +0 -54
- package/dist/content/content/design-system/stacks/shadcn.csv +0 -61
- package/dist/content/content/design-system/stacks/svelte.csv +0 -54
- package/dist/content/content/design-system/stacks/swiftui.csv +0 -51
- package/dist/content/content/design-system/stacks/vue.csv +0 -50
- package/dist/content/content/examples/Exemplo de Fluxo Completo com Java e Spring Boot.md +0 -250
- package/dist/content/content/examples/Exemplo de Fluxo Completo com Laravel e Filament.md +0 -278
- package/dist/content/content/examples/Exemplo de Fluxo Completo com Laravel e Livewire.md +0 -261
- package/dist/content/content/examples/Exemplo de Fluxo Completo com Node e NestJS.md +0 -258
- package/dist/content/content/guides/Cat/303/241logo de Stacks para Cloud Moderna.md" +0 -119
- package/dist/content/content/guides/Cat/303/241logo de Stacks para Hospedagem Compartilhada.md" +0 -147
- package/dist/content/content/guides/Checklist Mestre de Entrega.md +0 -68
- package/dist/content/content/guides/Gates de Qualidade.md +0 -209
- package/dist/content/content/guides/Guia de Adi/303/247/303/243o de Novas Funcionalidades.md" +0 -355
- package/dist/content/content/guides/Guia de Chaos Engineering.md +0 -267
- package/dist/content/content/guides/Guia de Debugging com IA.md +0 -135
- package/dist/content/content/guides/Guia de Estrat/303/251gias de Cache.md" +0 -352
- package/dist/content/content/guides/Guia de Migrations Zero-Downtime.md +0 -311
- package/dist/content/content/guides/Guia de Multi-tenancy.md +0 -368
- package/dist/content/content/guides/Guia de Otimiza/303/247/303/243o de Custos Cloud.md" +0 -195
- package/dist/content/content/guides/Guia de Refatora/303/247/303/243o de C/303/263digo Legado com IA.md" +0 -162
- package/dist/content/content/guides/Guia de SLOs e Error Budgets.md +0 -315
- package/dist/content/content/guides/M/303/251tricas de Efici/303/252ncia do Desenvolvimento com IA.md" +0 -93
- package/dist/content/content/guides/Rules base.md +0 -90
- package/dist/content/content/playbook/Playbook de Desenvolvimento com IA.md +0 -364
- package/dist/content/content/prompts/README.md +0 -203
- package/dist/content/content/prompts/acessibilidade/analise-acessibilidade.md +0 -257
- package/dist/content/content/prompts/apis/design-api-rest.md +0 -303
- package/dist/content/content/prompts/apis/idempotencia.md +0 -254
- package/dist/content/content/prompts/apis/versionamento.md +0 -313
- package/dist/content/content/prompts/arquitetura/arquitetura-c4-completo.md +0 -190
- package/dist/content/content/prompts/arquitetura/clean-architecture.md +0 -151
- package/dist/content/content/prompts/arquitetura/ddd-bounded-contexts.md +0 -183
- package/dist/content/content/prompts/arquitetura/ddd-cqrs.md +0 -176
- package/dist/content/content/prompts/arquitetura/modelo-dominio.md +0 -207
- package/dist/content/content/prompts/arquitetura/multi-tenancy.md +0 -235
- package/dist/content/content/prompts/database/migrations-zero-downtime.md +0 -192
- package/dist/content/content/prompts/database/otimizacao-queries.md +0 -296
- package/dist/content/content/prompts/desenvolvimento/code-review.md +0 -301
- package/dist/content/content/prompts/desenvolvimento/gerar-servico.md +0 -271
- package/dist/content/content/prompts/devops/docker-compose.md +0 -336
- package/dist/content/content/prompts/devops/feature-flags.md +0 -374
- package/dist/content/content/prompts/devops/kubernetes-deploy.md +0 -460
- package/dist/content/content/prompts/devops/pipeline-cicd.md +0 -358
- package/dist/content/content/prompts/devops/terraform-iac.md +0 -502
- package/dist/content/content/prompts/escalabilidade/analise-performance.md +0 -240
- package/dist/content/content/prompts/escalabilidade/analise-performance.txt +0 -94
- package/dist/content/content/prompts/escalabilidade/caching.md +0 -255
- package/dist/content/content/prompts/observabilidade/chaos-testing.md +0 -237
- package/dist/content/content/prompts/observabilidade/estrategia-observabilidade.md +0 -263
- package/dist/content/content/prompts/observabilidade/estrategia-observabilidade.txt +0 -134
- package/dist/content/content/prompts/observabilidade/slos.md +0 -215
- package/dist/content/content/prompts/produto/discovery-inicial.md +0 -203
- package/dist/content/content/prompts/produto/discovery-inicial.txt +0 -33
- package/dist/content/content/prompts/requisitos/refinar-requisitos.md +0 -232
- package/dist/content/content/prompts/requisitos/refinar-requisitos.txt +0 -40
- package/dist/content/content/prompts/seguranca/analise-seguranca.md +0 -243
- package/dist/content/content/prompts/seguranca/pentest-checklist.md +0 -333
- package/dist/content/content/prompts/seguranca/rate-limiting.md +0 -356
- package/dist/content/content/prompts/seguranca/revisao-lgpd.md +0 -227
- package/dist/content/content/prompts/seguranca/threat-modeling.md +0 -224
- package/dist/content/content/prompts/testes/contract-testing.md +0 -340
- package/dist/content/content/prompts/testes/gerar-testes-unitarios.md +0 -474
- package/dist/content/content/prompts/testes/testes-e2e.md +0 -460
- package/dist/content/content/prompts/testes/testes-integracao.md +0 -418
- package/dist/content/content/prompts/testes/testes-performance.md +0 -458
- package/dist/content/content/prompts/ux/gerar-ui-stitch.md +0 -151
- package/dist/content/content/rules/GEMINI.md +0 -841
- package/dist/content/content/rules/RULES.md +0 -835
- package/dist/content/content/rules/adapters/copilot.md +0 -10
- package/dist/content/content/rules/adapters/cursor.md +0 -10
- package/dist/content/content/rules/adapters/gemini.md +0 -13
- package/dist/content/content/rules/adapters/windsurf.md +0 -10
- package/dist/content/content/skills/api-patterns/SKILL.md +0 -81
- package/dist/content/content/skills/api-patterns/api-style.md +0 -42
- package/dist/content/content/skills/api-patterns/auth.md +0 -24
- package/dist/content/content/skills/api-patterns/documentation.md +0 -26
- package/dist/content/content/skills/api-patterns/graphql.md +0 -41
- package/dist/content/content/skills/api-patterns/rate-limiting.md +0 -31
- package/dist/content/content/skills/api-patterns/response.md +0 -37
- package/dist/content/content/skills/api-patterns/rest.md +0 -40
- package/dist/content/content/skills/api-patterns/scripts/api_validator.py +0 -211
- package/dist/content/content/skills/api-patterns/security-testing.md +0 -122
- package/dist/content/content/skills/api-patterns/trpc.md +0 -41
- package/dist/content/content/skills/api-patterns/versioning.md +0 -22
- package/dist/content/content/skills/app-builder/SKILL.md +0 -75
- package/dist/content/content/skills/app-builder/agent-coordination.md +0 -71
- package/dist/content/content/skills/app-builder/feature-building.md +0 -53
- package/dist/content/content/skills/app-builder/project-detection.md +0 -34
- package/dist/content/content/skills/app-builder/scaffolding.md +0 -118
- package/dist/content/content/skills/app-builder/tech-stack.md +0 -40
- package/dist/content/content/skills/app-builder/templates/SKILL.md +0 -39
- package/dist/content/content/skills/app-builder/templates/astro-static/TEMPLATE.md +0 -76
- package/dist/content/content/skills/app-builder/templates/chrome-extension/TEMPLATE.md +0 -92
- package/dist/content/content/skills/app-builder/templates/cli-tool/TEMPLATE.md +0 -88
- package/dist/content/content/skills/app-builder/templates/electron-desktop/TEMPLATE.md +0 -88
- package/dist/content/content/skills/app-builder/templates/express-api/TEMPLATE.md +0 -83
- package/dist/content/content/skills/app-builder/templates/flutter-app/TEMPLATE.md +0 -90
- package/dist/content/content/skills/app-builder/templates/monorepo-turborepo/TEMPLATE.md +0 -90
- package/dist/content/content/skills/app-builder/templates/nextjs-fullstack/TEMPLATE.md +0 -82
- package/dist/content/content/skills/app-builder/templates/nextjs-saas/TEMPLATE.md +0 -100
- package/dist/content/content/skills/app-builder/templates/nextjs-static/TEMPLATE.md +0 -106
- package/dist/content/content/skills/app-builder/templates/nuxt-app/TEMPLATE.md +0 -101
- package/dist/content/content/skills/app-builder/templates/python-fastapi/TEMPLATE.md +0 -83
- package/dist/content/content/skills/app-builder/templates/react-native-app/TEMPLATE.md +0 -93
- package/dist/content/content/skills/architecture/SKILL.md +0 -55
- package/dist/content/content/skills/architecture/context-discovery.md +0 -43
- package/dist/content/content/skills/architecture/examples.md +0 -94
- package/dist/content/content/skills/architecture/pattern-selection.md +0 -68
- package/dist/content/content/skills/architecture/patterns-reference.md +0 -50
- package/dist/content/content/skills/architecture/trade-off-analysis.md +0 -77
- package/dist/content/content/skills/bash-linux/SKILL.md +0 -199
- package/dist/content/content/skills/behavioral-modes/SKILL.md +0 -242
- package/dist/content/content/skills/brainstorming/SKILL.md +0 -163
- package/dist/content/content/skills/brainstorming/dynamic-questioning.md +0 -350
- package/dist/content/content/skills/clean-code/SKILL.md +0 -201
- package/dist/content/content/skills/code-review-checklist/SKILL.md +0 -109
- package/dist/content/content/skills/database-design/SKILL.md +0 -52
- package/dist/content/content/skills/database-design/database-selection.md +0 -43
- package/dist/content/content/skills/database-design/indexing.md +0 -39
- package/dist/content/content/skills/database-design/migrations.md +0 -48
- package/dist/content/content/skills/database-design/optimization.md +0 -36
- package/dist/content/content/skills/database-design/orm-selection.md +0 -30
- package/dist/content/content/skills/database-design/schema-design.md +0 -56
- package/dist/content/content/skills/database-design/scripts/schema_validator.py +0 -172
- package/dist/content/content/skills/deployment-procedures/SKILL.md +0 -241
- package/dist/content/content/skills/doc.md +0 -177
- package/dist/content/content/skills/documentation-templates/SKILL.md +0 -194
- package/dist/content/content/skills/frontend-design/SKILL.md +0 -396
- package/dist/content/content/skills/frontend-design/animation-guide.md +0 -331
- package/dist/content/content/skills/frontend-design/color-system.md +0 -311
- package/dist/content/content/skills/frontend-design/decision-trees.md +0 -418
- package/dist/content/content/skills/frontend-design/motion-graphics.md +0 -306
- package/dist/content/content/skills/frontend-design/scripts/accessibility_checker.py +0 -183
- package/dist/content/content/skills/frontend-design/scripts/ux_audit.py +0 -722
- package/dist/content/content/skills/frontend-design/typography-system.md +0 -345
- package/dist/content/content/skills/frontend-design/ux-psychology.md +0 -541
- package/dist/content/content/skills/frontend-design/visual-effects.md +0 -383
- package/dist/content/content/skills/game-development/2d-games/SKILL.md +0 -119
- package/dist/content/content/skills/game-development/3d-games/SKILL.md +0 -135
- package/dist/content/content/skills/game-development/SKILL.md +0 -167
- package/dist/content/content/skills/game-development/game-art/SKILL.md +0 -185
- package/dist/content/content/skills/game-development/game-audio/SKILL.md +0 -190
- package/dist/content/content/skills/game-development/game-design/SKILL.md +0 -129
- package/dist/content/content/skills/game-development/mobile-games/SKILL.md +0 -108
- package/dist/content/content/skills/game-development/multiplayer/SKILL.md +0 -132
- package/dist/content/content/skills/game-development/pc-games/SKILL.md +0 -144
- package/dist/content/content/skills/game-development/vr-ar/SKILL.md +0 -123
- package/dist/content/content/skills/game-development/web-games/SKILL.md +0 -150
- package/dist/content/content/skills/geo-fundamentals/SKILL.md +0 -156
- package/dist/content/content/skills/geo-fundamentals/scripts/geo_checker.py +0 -289
- package/dist/content/content/skills/i18n-localization/SKILL.md +0 -154
- package/dist/content/content/skills/i18n-localization/scripts/i18n_checker.py +0 -241
- package/dist/content/content/skills/intelligent-routing/SKILL.md +0 -334
- package/dist/content/content/skills/lint-and-validate/SKILL.md +0 -45
- package/dist/content/content/skills/lint-and-validate/scripts/lint_runner.py +0 -172
- package/dist/content/content/skills/lint-and-validate/scripts/type_coverage.py +0 -173
- package/dist/content/content/skills/mcp-builder/SKILL.md +0 -176
- package/dist/content/content/skills/mobile-design/SKILL.md +0 -394
- package/dist/content/content/skills/mobile-design/decision-trees.md +0 -516
- package/dist/content/content/skills/mobile-design/mobile-backend.md +0 -491
- package/dist/content/content/skills/mobile-design/mobile-color-system.md +0 -420
- package/dist/content/content/skills/mobile-design/mobile-debugging.md +0 -122
- package/dist/content/content/skills/mobile-design/mobile-design-thinking.md +0 -357
- package/dist/content/content/skills/mobile-design/mobile-navigation.md +0 -458
- package/dist/content/content/skills/mobile-design/mobile-performance.md +0 -767
- package/dist/content/content/skills/mobile-design/mobile-testing.md +0 -356
- package/dist/content/content/skills/mobile-design/mobile-typography.md +0 -433
- package/dist/content/content/skills/mobile-design/platform-android.md +0 -666
- package/dist/content/content/skills/mobile-design/platform-ios.md +0 -561
- package/dist/content/content/skills/mobile-design/scripts/mobile_audit.py +0 -670
- package/dist/content/content/skills/mobile-design/touch-psychology.md +0 -537
- package/dist/content/content/skills/nextjs-best-practices/SKILL.md +0 -203
- package/dist/content/content/skills/nodejs-best-practices/SKILL.md +0 -333
- package/dist/content/content/skills/parallel-agents/SKILL.md +0 -175
- package/dist/content/content/skills/performance-profiling/SKILL.md +0 -143
- package/dist/content/content/skills/performance-profiling/scripts/lighthouse_audit.py +0 -76
- package/dist/content/content/skills/plan-writing/SKILL.md +0 -152
- package/dist/content/content/skills/powershell-windows/SKILL.md +0 -167
- package/dist/content/content/skills/python-patterns/SKILL.md +0 -441
- package/dist/content/content/skills/react-patterns/SKILL.md +0 -198
- package/dist/content/content/skills/red-team-tactics/SKILL.md +0 -199
- package/dist/content/content/skills/seo-fundamentals/SKILL.md +0 -129
- package/dist/content/content/skills/seo-fundamentals/scripts/seo_checker.py +0 -219
- package/dist/content/content/skills/server-management/SKILL.md +0 -161
- package/dist/content/content/skills/systematic-debugging/SKILL.md +0 -109
- package/dist/content/content/skills/tailwind-patterns/SKILL.md +0 -269
- package/dist/content/content/skills/tdd-workflow/SKILL.md +0 -149
- package/dist/content/content/skills/testing-patterns/SKILL.md +0 -178
- package/dist/content/content/skills/testing-patterns/scripts/test_runner.py +0 -219
- package/dist/content/content/skills/vulnerability-scanner/SKILL.md +0 -276
- package/dist/content/content/skills/vulnerability-scanner/checklists.md +0 -121
- package/dist/content/content/skills/vulnerability-scanner/scripts/security_scan.py +0 -458
- package/dist/content/content/skills/webapp-testing/SKILL.md +0 -187
- package/dist/content/content/skills/webapp-testing/scripts/playwright_runner.py +0 -173
- package/dist/content/content/specialists/Especialista em Acessibilidade.md +0 -266
- package/dist/content/content/specialists/Especialista em An/303/241lise de Testes.md" +0 -434
- package/dist/content/content/specialists/Especialista em Arquitetura Avan/303/247ada.md" +0 -358
- package/dist/content/content/specialists/Especialista em Arquitetura de Software.md +0 -177
- package/dist/content/content/specialists/Especialista em Banco de Dados.md +0 -260
- package/dist/content/content/specialists/Especialista em Contrato de API.md +0 -172
- package/dist/content/content/specialists/Especialista em Dados e Analytics com IA.md +0 -246
- package/dist/content/content/specialists/Especialista em Debugging e Troubleshooting.md +0 -191
- package/dist/content/content/specialists/Especialista em Desenvolvimento Frontend.md +0 -477
- package/dist/content/content/specialists/Especialista em Desenvolvimento Mobile.md +0 -241
- package/dist/content/content/specialists/Especialista em Desenvolvimento e Vibe Coding Estruturado.md +0 -417
- package/dist/content/content/specialists/Especialista em DevOps e Infraestrutura.md +0 -294
- package/dist/content/content/specialists/Especialista em Documenta/303/247/303/243o T/303/251cnica.md" +0 -227
- package/dist/content/content/specialists/Especialista em Engenharia de Requisitos com IA.md +0 -299
- package/dist/content/content/specialists/Especialista em Explora/303/247/303/243o de Codebase.md" +0 -179
- package/dist/content/content/specialists/Especialista em Gest/303/243o de Produto.md" +0 -179
- package/dist/content/content/specialists/Especialista em Migra/303/247/303/243o e Moderniza/303/247/303/243o.md" +0 -410
- package/dist/content/content/specialists/Especialista em Modelagem e Arquitetura de Dom/303/255nio com IA.md" +0 -248
- package/dist/content/content/specialists/Especialista em Observabilidade.md +0 -415
- package/dist/content/content/specialists/Especialista em Performance e Escalabilidade.md +0 -373
- package/dist/content/content/specialists/Especialista em Plano de Execu/303/247/303/243o com IA.md" +0 -341
- package/dist/content/content/specialists/Especialista em Prototipagem R/303/241pida com Google Stitch.md" +0 -419
- package/dist/content/content/specialists/Especialista em Seguran/303/247a da Informa/303/247/303/243o.md" +0 -508
- package/dist/content/content/specialists/Especialista em UX Design.md +0 -453
- package/dist/content/content/specialists/INDEX.md +0 -43
- package/dist/content/content/templates/PRD.md +0 -165
- package/dist/content/content/templates/README.md +0 -65
- package/dist/content/content/templates/adr.md +0 -103
- package/dist/content/content/templates/arquitetura.md +0 -279
- package/dist/content/content/templates/backlog.md +0 -185
- package/dist/content/content/templates/checklist-seguranca.md +0 -180
- package/dist/content/content/templates/contexto.md +0 -120
- package/dist/content/content/templates/criterios-aceite.md +0 -99
- package/dist/content/content/templates/design-banco.md +0 -270
- package/dist/content/content/templates/design-doc.md +0 -240
- package/dist/content/content/templates/feature.md +0 -88
- package/dist/content/content/templates/historia-backend.md +0 -84
- package/dist/content/content/templates/historia-frontend.md +0 -75
- package/dist/content/content/templates/historia-usuario.md +0 -125
- package/dist/content/content/templates/mapa-navegacao.md +0 -133
- package/dist/content/content/templates/matriz-rastreabilidade.md +0 -121
- package/dist/content/content/templates/modelo-dominio.md +0 -219
- package/dist/content/content/templates/plano-testes.md +0 -199
- package/dist/content/content/templates/prototipo-stitch.md +0 -138
- package/dist/content/content/templates/requisitos.md +0 -162
- package/dist/content/content/templates/slo-sli.md +0 -197
- package/dist/content/content/workflows/README-MCP.md +0 -363
- package/dist/content/content/workflows/brainstorm.md +0 -113
- package/dist/content/content/workflows/create.md +0 -59
- package/dist/content/content/workflows/debug.md +0 -103
- package/dist/content/content/workflows/deploy.md +0 -176
- package/dist/content/content/workflows/enhance.md +0 -63
- package/dist/content/content/workflows/mcp-debug.md +0 -506
- package/dist/content/content/workflows/mcp-feature.md +0 -385
- package/dist/content/content/workflows/mcp-gate.md +0 -413
- package/dist/content/content/workflows/mcp-next.md +0 -388
- package/dist/content/content/workflows/mcp-refactor.md +0 -600
- package/dist/content/content/workflows/mcp-start.md +0 -304
- package/dist/content/content/workflows/mcp-status.md +0 -400
- package/dist/content/content/workflows/orchestrate.md +0 -237
- package/dist/content/content/workflows/plan.md +0 -89
- package/dist/content/content/workflows/preview.md +0 -81
- package/dist/content/content/workflows/status.md +0 -86
- package/dist/content/content/workflows/test.md +0 -144
- package/dist/content/content/workflows/ui-ux-pro-max.md +0 -296
|
@@ -1,219 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env python3
|
|
2
|
-
"""
|
|
3
|
-
Test Runner - Unified test execution and coverage reporting
|
|
4
|
-
Runs tests and generates coverage report based on project type.
|
|
5
|
-
|
|
6
|
-
Usage:
|
|
7
|
-
python test_runner.py <project_path> [--coverage]
|
|
8
|
-
|
|
9
|
-
Supports:
|
|
10
|
-
- Node.js: npm test, jest, vitest
|
|
11
|
-
- Python: pytest, unittest
|
|
12
|
-
"""
|
|
13
|
-
|
|
14
|
-
import subprocess
|
|
15
|
-
import sys
|
|
16
|
-
import json
|
|
17
|
-
from pathlib import Path
|
|
18
|
-
from datetime import datetime
|
|
19
|
-
|
|
20
|
-
# Fix Windows console encoding
|
|
21
|
-
try:
|
|
22
|
-
sys.stdout.reconfigure(encoding='utf-8', errors='replace')
|
|
23
|
-
except:
|
|
24
|
-
pass
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
def detect_test_framework(project_path: Path) -> dict:
|
|
28
|
-
"""Detect test framework and commands."""
|
|
29
|
-
result = {
|
|
30
|
-
"type": "unknown",
|
|
31
|
-
"framework": None,
|
|
32
|
-
"cmd": None,
|
|
33
|
-
"coverage_cmd": None
|
|
34
|
-
}
|
|
35
|
-
|
|
36
|
-
# Node.js project
|
|
37
|
-
package_json = project_path / "package.json"
|
|
38
|
-
if package_json.exists():
|
|
39
|
-
result["type"] = "node"
|
|
40
|
-
try:
|
|
41
|
-
pkg = json.loads(package_json.read_text(encoding='utf-8'))
|
|
42
|
-
scripts = pkg.get("scripts", {})
|
|
43
|
-
deps = {**pkg.get("dependencies", {}), **pkg.get("devDependencies", {})}
|
|
44
|
-
|
|
45
|
-
# Check for test script
|
|
46
|
-
if "test" in scripts:
|
|
47
|
-
result["framework"] = "npm test"
|
|
48
|
-
result["cmd"] = ["npm", "test"]
|
|
49
|
-
|
|
50
|
-
# Try to detect specific framework for coverage
|
|
51
|
-
if "vitest" in deps:
|
|
52
|
-
result["framework"] = "vitest"
|
|
53
|
-
result["coverage_cmd"] = ["npx", "vitest", "run", "--coverage"]
|
|
54
|
-
elif "jest" in deps:
|
|
55
|
-
result["framework"] = "jest"
|
|
56
|
-
result["coverage_cmd"] = ["npx", "jest", "--coverage"]
|
|
57
|
-
elif "vitest" in deps:
|
|
58
|
-
result["framework"] = "vitest"
|
|
59
|
-
result["cmd"] = ["npx", "vitest", "run"]
|
|
60
|
-
result["coverage_cmd"] = ["npx", "vitest", "run", "--coverage"]
|
|
61
|
-
elif "jest" in deps:
|
|
62
|
-
result["framework"] = "jest"
|
|
63
|
-
result["cmd"] = ["npx", "jest"]
|
|
64
|
-
result["coverage_cmd"] = ["npx", "jest", "--coverage"]
|
|
65
|
-
|
|
66
|
-
except:
|
|
67
|
-
pass
|
|
68
|
-
|
|
69
|
-
# Python project
|
|
70
|
-
if (project_path / "pyproject.toml").exists() or (project_path / "requirements.txt").exists():
|
|
71
|
-
result["type"] = "python"
|
|
72
|
-
result["framework"] = "pytest"
|
|
73
|
-
result["cmd"] = ["python", "-m", "pytest", "-v"]
|
|
74
|
-
result["coverage_cmd"] = ["python", "-m", "pytest", "--cov", "--cov-report=term-missing"]
|
|
75
|
-
|
|
76
|
-
return result
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
def run_tests(cmd: list, cwd: Path) -> dict:
|
|
80
|
-
"""Run tests and return results."""
|
|
81
|
-
result = {
|
|
82
|
-
"passed": False,
|
|
83
|
-
"output": "",
|
|
84
|
-
"error": "",
|
|
85
|
-
"tests_run": 0,
|
|
86
|
-
"tests_passed": 0,
|
|
87
|
-
"tests_failed": 0
|
|
88
|
-
}
|
|
89
|
-
|
|
90
|
-
try:
|
|
91
|
-
proc = subprocess.run(
|
|
92
|
-
cmd,
|
|
93
|
-
cwd=str(cwd),
|
|
94
|
-
capture_output=True,
|
|
95
|
-
text=True,
|
|
96
|
-
encoding='utf-8',
|
|
97
|
-
errors='replace',
|
|
98
|
-
timeout=300 # 5 min timeout for tests
|
|
99
|
-
)
|
|
100
|
-
|
|
101
|
-
result["output"] = proc.stdout[:3000] if proc.stdout else ""
|
|
102
|
-
result["error"] = proc.stderr[:500] if proc.stderr else ""
|
|
103
|
-
result["passed"] = proc.returncode == 0
|
|
104
|
-
|
|
105
|
-
# Try to parse test counts from output
|
|
106
|
-
output = proc.stdout or ""
|
|
107
|
-
|
|
108
|
-
# Jest/Vitest pattern: "Tests: X passed, Y failed, Z total"
|
|
109
|
-
if "passed" in output.lower() and "failed" in output.lower():
|
|
110
|
-
import re
|
|
111
|
-
match = re.search(r'(\d+)\s+passed', output, re.IGNORECASE)
|
|
112
|
-
if match:
|
|
113
|
-
result["tests_passed"] = int(match.group(1))
|
|
114
|
-
match = re.search(r'(\d+)\s+failed', output, re.IGNORECASE)
|
|
115
|
-
if match:
|
|
116
|
-
result["tests_failed"] = int(match.group(1))
|
|
117
|
-
result["tests_run"] = result["tests_passed"] + result["tests_failed"]
|
|
118
|
-
|
|
119
|
-
# Pytest pattern: "X passed, Y failed"
|
|
120
|
-
if "pytest" in str(cmd):
|
|
121
|
-
import re
|
|
122
|
-
match = re.search(r'(\d+)\s+passed', output)
|
|
123
|
-
if match:
|
|
124
|
-
result["tests_passed"] = int(match.group(1))
|
|
125
|
-
match = re.search(r'(\d+)\s+failed', output)
|
|
126
|
-
if match:
|
|
127
|
-
result["tests_failed"] = int(match.group(1))
|
|
128
|
-
result["tests_run"] = result["tests_passed"] + result["tests_failed"]
|
|
129
|
-
|
|
130
|
-
except FileNotFoundError:
|
|
131
|
-
result["error"] = f"Command not found: {cmd[0]}"
|
|
132
|
-
except subprocess.TimeoutExpired:
|
|
133
|
-
result["error"] = "Timeout after 300s"
|
|
134
|
-
except Exception as e:
|
|
135
|
-
result["error"] = str(e)
|
|
136
|
-
|
|
137
|
-
return result
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
def main():
|
|
141
|
-
project_path = Path(sys.argv[1] if len(sys.argv) > 1 else ".").resolve()
|
|
142
|
-
with_coverage = "--coverage" in sys.argv
|
|
143
|
-
|
|
144
|
-
print(f"\n{'='*60}")
|
|
145
|
-
print(f"[TEST RUNNER] Unified Test Execution")
|
|
146
|
-
print(f"{'='*60}")
|
|
147
|
-
print(f"Project: {project_path}")
|
|
148
|
-
print(f"Coverage: {'enabled' if with_coverage else 'disabled'}")
|
|
149
|
-
print(f"Time: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
|
|
150
|
-
|
|
151
|
-
# Detect test framework
|
|
152
|
-
test_info = detect_test_framework(project_path)
|
|
153
|
-
print(f"Type: {test_info['type']}")
|
|
154
|
-
print(f"Framework: {test_info['framework']}")
|
|
155
|
-
print("-"*60)
|
|
156
|
-
|
|
157
|
-
if not test_info["cmd"]:
|
|
158
|
-
print("No test framework found for this project.")
|
|
159
|
-
output = {
|
|
160
|
-
"script": "test_runner",
|
|
161
|
-
"project": str(project_path),
|
|
162
|
-
"type": test_info["type"],
|
|
163
|
-
"framework": None,
|
|
164
|
-
"passed": True,
|
|
165
|
-
"message": "No tests configured"
|
|
166
|
-
}
|
|
167
|
-
print(json.dumps(output, indent=2))
|
|
168
|
-
sys.exit(0)
|
|
169
|
-
|
|
170
|
-
# Choose command
|
|
171
|
-
cmd = test_info["coverage_cmd"] if with_coverage and test_info["coverage_cmd"] else test_info["cmd"]
|
|
172
|
-
|
|
173
|
-
print(f"Running: {' '.join(cmd)}")
|
|
174
|
-
print("-"*60)
|
|
175
|
-
|
|
176
|
-
# Run tests
|
|
177
|
-
result = run_tests(cmd, project_path)
|
|
178
|
-
|
|
179
|
-
# Print output (truncated)
|
|
180
|
-
if result["output"]:
|
|
181
|
-
lines = result["output"].split("\n")
|
|
182
|
-
for line in lines[:30]:
|
|
183
|
-
print(line)
|
|
184
|
-
if len(lines) > 30:
|
|
185
|
-
print(f"... ({len(lines) - 30} more lines)")
|
|
186
|
-
|
|
187
|
-
# Summary
|
|
188
|
-
print("\n" + "="*60)
|
|
189
|
-
print("SUMMARY")
|
|
190
|
-
print("="*60)
|
|
191
|
-
|
|
192
|
-
if result["passed"]:
|
|
193
|
-
print("[PASS] All tests passed")
|
|
194
|
-
else:
|
|
195
|
-
print("[FAIL] Some tests failed")
|
|
196
|
-
if result["error"]:
|
|
197
|
-
print(f"Error: {result['error'][:200]}")
|
|
198
|
-
|
|
199
|
-
if result["tests_run"] > 0:
|
|
200
|
-
print(f"Tests: {result['tests_run']} total, {result['tests_passed']} passed, {result['tests_failed']} failed")
|
|
201
|
-
|
|
202
|
-
output = {
|
|
203
|
-
"script": "test_runner",
|
|
204
|
-
"project": str(project_path),
|
|
205
|
-
"type": test_info["type"],
|
|
206
|
-
"framework": test_info["framework"],
|
|
207
|
-
"tests_run": result["tests_run"],
|
|
208
|
-
"tests_passed": result["tests_passed"],
|
|
209
|
-
"tests_failed": result["tests_failed"],
|
|
210
|
-
"passed": result["passed"]
|
|
211
|
-
}
|
|
212
|
-
|
|
213
|
-
print("\n" + json.dumps(output, indent=2))
|
|
214
|
-
|
|
215
|
-
sys.exit(0 if result["passed"] else 1)
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
if __name__ == "__main__":
|
|
219
|
-
main()
|
|
@@ -1,276 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: vulnerability-scanner
|
|
3
|
-
description: Advanced vulnerability analysis principles. OWASP 2025, Supply Chain Security, attack surface mapping, risk prioritization.
|
|
4
|
-
allowed-tools: Read, Glob, Grep, Bash
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
# Vulnerability Scanner
|
|
8
|
-
|
|
9
|
-
> Think like an attacker, defend like an expert. 2025 threat landscape awareness.
|
|
10
|
-
|
|
11
|
-
## 🔧 Runtime Scripts
|
|
12
|
-
|
|
13
|
-
**Execute for automated validation:**
|
|
14
|
-
|
|
15
|
-
| Script | Purpose | Usage |
|
|
16
|
-
|--------|---------|-------|
|
|
17
|
-
| `scripts/security_scan.py` | Validate security principles applied | `python scripts/security_scan.py <project_path>` |
|
|
18
|
-
|
|
19
|
-
## 📋 Reference Files
|
|
20
|
-
|
|
21
|
-
| File | Purpose |
|
|
22
|
-
|------|---------|
|
|
23
|
-
| [checklists.md](checklists.md) | OWASP Top 10, Auth, API, Data protection checklists |
|
|
24
|
-
|
|
25
|
-
---
|
|
26
|
-
|
|
27
|
-
## 1. Security Expert Mindset
|
|
28
|
-
|
|
29
|
-
### Core Principles
|
|
30
|
-
|
|
31
|
-
| Principle | Application |
|
|
32
|
-
|-----------|-------------|
|
|
33
|
-
| **Assume Breach** | Design as if attacker already inside |
|
|
34
|
-
| **Zero Trust** | Never trust, always verify |
|
|
35
|
-
| **Defense in Depth** | Multiple layers, no single point |
|
|
36
|
-
| **Least Privilege** | Minimum required access only |
|
|
37
|
-
| **Fail Secure** | On error, deny access |
|
|
38
|
-
|
|
39
|
-
### Threat Modeling Questions
|
|
40
|
-
|
|
41
|
-
Before scanning, ask:
|
|
42
|
-
1. What are we protecting? (Assets)
|
|
43
|
-
2. Who would attack? (Threat actors)
|
|
44
|
-
3. How would they attack? (Attack vectors)
|
|
45
|
-
4. What's the impact? (Business risk)
|
|
46
|
-
|
|
47
|
-
---
|
|
48
|
-
|
|
49
|
-
## 2. OWASP Top 10:2025
|
|
50
|
-
|
|
51
|
-
### Risk Categories
|
|
52
|
-
|
|
53
|
-
| Rank | Category | Think About |
|
|
54
|
-
|------|----------|-------------|
|
|
55
|
-
| **A01** | Broken Access Control | Who can access what? IDOR, SSRF |
|
|
56
|
-
| **A02** | Security Misconfiguration | Defaults, headers, exposed services |
|
|
57
|
-
| **A03** | Software Supply Chain 🆕 | Dependencies, CI/CD, build integrity |
|
|
58
|
-
| **A04** | Cryptographic Failures | Weak crypto, exposed secrets |
|
|
59
|
-
| **A05** | Injection | User input → system commands |
|
|
60
|
-
| **A06** | Insecure Design | Flawed architecture |
|
|
61
|
-
| **A07** | Authentication Failures | Session, credential management |
|
|
62
|
-
| **A08** | Integrity Failures | Unsigned updates, tampered data |
|
|
63
|
-
| **A09** | Logging & Alerting | Blind spots, no monitoring |
|
|
64
|
-
| **A10** | Exceptional Conditions 🆕 | Error handling, fail-open states |
|
|
65
|
-
|
|
66
|
-
### 2025 Key Changes
|
|
67
|
-
|
|
68
|
-
```
|
|
69
|
-
2021 → 2025 Shifts:
|
|
70
|
-
├── SSRF merged into A01 (Access Control)
|
|
71
|
-
├── A02 elevated (Cloud/Container configs)
|
|
72
|
-
├── A03 NEW: Supply Chain (major focus)
|
|
73
|
-
├── A10 NEW: Exceptional Conditions
|
|
74
|
-
└── Focus shift: Root causes > Symptoms
|
|
75
|
-
```
|
|
76
|
-
|
|
77
|
-
---
|
|
78
|
-
|
|
79
|
-
## 3. Supply Chain Security (A03)
|
|
80
|
-
|
|
81
|
-
### Attack Surface
|
|
82
|
-
|
|
83
|
-
| Vector | Risk | Question to Ask |
|
|
84
|
-
|--------|------|-----------------|
|
|
85
|
-
| **Dependencies** | Malicious packages | Do we audit new deps? |
|
|
86
|
-
| **Lock files** | Integrity attacks | Are they committed? |
|
|
87
|
-
| **Build pipeline** | CI/CD compromise | Who can modify? |
|
|
88
|
-
| **Registry** | Typosquatting | Verified sources? |
|
|
89
|
-
|
|
90
|
-
### Defense Principles
|
|
91
|
-
|
|
92
|
-
- Verify package integrity (checksums)
|
|
93
|
-
- Pin versions, audit updates
|
|
94
|
-
- Use private registries for critical deps
|
|
95
|
-
- Sign and verify artifacts
|
|
96
|
-
|
|
97
|
-
---
|
|
98
|
-
|
|
99
|
-
## 4. Attack Surface Mapping
|
|
100
|
-
|
|
101
|
-
### What to Map
|
|
102
|
-
|
|
103
|
-
| Category | Elements |
|
|
104
|
-
|----------|----------|
|
|
105
|
-
| **Entry Points** | APIs, forms, file uploads |
|
|
106
|
-
| **Data Flows** | Input → Process → Output |
|
|
107
|
-
| **Trust Boundaries** | Where auth/authz checked |
|
|
108
|
-
| **Assets** | Secrets, PII, business data |
|
|
109
|
-
|
|
110
|
-
### Prioritization Matrix
|
|
111
|
-
|
|
112
|
-
```
|
|
113
|
-
Risk = Likelihood × Impact
|
|
114
|
-
|
|
115
|
-
High Impact + High Likelihood → CRITICAL
|
|
116
|
-
High Impact + Low Likelihood → HIGH
|
|
117
|
-
Low Impact + High Likelihood → MEDIUM
|
|
118
|
-
Low Impact + Low Likelihood → LOW
|
|
119
|
-
```
|
|
120
|
-
|
|
121
|
-
---
|
|
122
|
-
|
|
123
|
-
## 5. Risk Prioritization
|
|
124
|
-
|
|
125
|
-
### CVSS + Context
|
|
126
|
-
|
|
127
|
-
| Factor | Weight | Question |
|
|
128
|
-
|--------|--------|----------|
|
|
129
|
-
| **CVSS Score** | Base severity | How severe is the vuln? |
|
|
130
|
-
| **EPSS Score** | Exploit likelihood | Is it being exploited? |
|
|
131
|
-
| **Asset Value** | Business context | What's at risk? |
|
|
132
|
-
| **Exposure** | Attack surface | Internet-facing? |
|
|
133
|
-
|
|
134
|
-
### Prioritization Decision Tree
|
|
135
|
-
|
|
136
|
-
```
|
|
137
|
-
Is it actively exploited (EPSS >0.5)?
|
|
138
|
-
├── YES → CRITICAL: Immediate action
|
|
139
|
-
└── NO → Check CVSS
|
|
140
|
-
├── CVSS ≥9.0 → HIGH
|
|
141
|
-
├── CVSS 7.0-8.9 → Consider asset value
|
|
142
|
-
└── CVSS <7.0 → Schedule for later
|
|
143
|
-
```
|
|
144
|
-
|
|
145
|
-
---
|
|
146
|
-
|
|
147
|
-
## 6. Exceptional Conditions (A10 - New)
|
|
148
|
-
|
|
149
|
-
### Fail-Open vs Fail-Closed
|
|
150
|
-
|
|
151
|
-
| Scenario | Fail-Open (BAD) | Fail-Closed (GOOD) |
|
|
152
|
-
|----------|-----------------|---------------------|
|
|
153
|
-
| Auth error | Allow access | Deny access |
|
|
154
|
-
| Parsing fails | Accept input | Reject input |
|
|
155
|
-
| Timeout | Retry forever | Limit + abort |
|
|
156
|
-
|
|
157
|
-
### What to Check
|
|
158
|
-
|
|
159
|
-
- Exception handlers that catch-all and ignore
|
|
160
|
-
- Missing error handling on security operations
|
|
161
|
-
- Race conditions in auth/authz
|
|
162
|
-
- Resource exhaustion scenarios
|
|
163
|
-
|
|
164
|
-
---
|
|
165
|
-
|
|
166
|
-
## 7. Scanning Methodology
|
|
167
|
-
|
|
168
|
-
### Phase-Based Approach
|
|
169
|
-
|
|
170
|
-
```
|
|
171
|
-
1. RECONNAISSANCE
|
|
172
|
-
└── Understand the target
|
|
173
|
-
├── Technology stack
|
|
174
|
-
├── Entry points
|
|
175
|
-
└── Data flows
|
|
176
|
-
|
|
177
|
-
2. DISCOVERY
|
|
178
|
-
└── Identify potential issues
|
|
179
|
-
├── Configuration review
|
|
180
|
-
├── Dependency analysis
|
|
181
|
-
└── Code pattern search
|
|
182
|
-
|
|
183
|
-
3. ANALYSIS
|
|
184
|
-
└── Validate and prioritize
|
|
185
|
-
├── False positive elimination
|
|
186
|
-
├── Risk scoring
|
|
187
|
-
└── Attack chain mapping
|
|
188
|
-
|
|
189
|
-
4. REPORTING
|
|
190
|
-
└── Actionable findings
|
|
191
|
-
├── Clear reproduction steps
|
|
192
|
-
├── Business impact
|
|
193
|
-
└── Remediation guidance
|
|
194
|
-
```
|
|
195
|
-
|
|
196
|
-
---
|
|
197
|
-
|
|
198
|
-
## 8. Code Pattern Analysis
|
|
199
|
-
|
|
200
|
-
### High-Risk Patterns
|
|
201
|
-
|
|
202
|
-
| Pattern | Risk | Look For |
|
|
203
|
-
|---------|------|----------|
|
|
204
|
-
| **String concat in queries** | Injection | `"SELECT * FROM " + user_input` |
|
|
205
|
-
| **Dynamic code execution** | RCE | `eval()`, `exec()`, `Function()` |
|
|
206
|
-
| **Unsafe deserialization** | RCE | `pickle.loads()`, `unserialize()` |
|
|
207
|
-
| **Path manipulation** | Traversal | User input in file paths |
|
|
208
|
-
| **Disabled security** | Various | `verify=False`, `--insecure` |
|
|
209
|
-
|
|
210
|
-
### Secret Patterns
|
|
211
|
-
|
|
212
|
-
| Type | Indicators |
|
|
213
|
-
|------|-----------|
|
|
214
|
-
| API Keys | `api_key`, `apikey`, high entropy |
|
|
215
|
-
| Tokens | `token`, `bearer`, `jwt` |
|
|
216
|
-
| Credentials | `password`, `secret`, `key` |
|
|
217
|
-
| Cloud | `AWS_`, `AZURE_`, `GCP_` prefixes |
|
|
218
|
-
|
|
219
|
-
---
|
|
220
|
-
|
|
221
|
-
## 9. Cloud Security Considerations
|
|
222
|
-
|
|
223
|
-
### Shared Responsibility
|
|
224
|
-
|
|
225
|
-
| Layer | You Own | Provider Owns |
|
|
226
|
-
|-------|---------|---------------|
|
|
227
|
-
| Data | ✅ | ❌ |
|
|
228
|
-
| Application | ✅ | ❌ |
|
|
229
|
-
| OS/Runtime | Depends | Depends |
|
|
230
|
-
| Infrastructure | ❌ | ✅ |
|
|
231
|
-
|
|
232
|
-
### Cloud-Specific Checks
|
|
233
|
-
|
|
234
|
-
- IAM: Least privilege applied?
|
|
235
|
-
- Storage: Public buckets?
|
|
236
|
-
- Network: Security groups tightened?
|
|
237
|
-
- Secrets: Using secrets manager?
|
|
238
|
-
|
|
239
|
-
---
|
|
240
|
-
|
|
241
|
-
## 10. Anti-Patterns
|
|
242
|
-
|
|
243
|
-
| ❌ Don't | ✅ Do |
|
|
244
|
-
|----------|-------|
|
|
245
|
-
| Scan without understanding | Map attack surface first |
|
|
246
|
-
| Alert on every CVE | Prioritize by exploitability + asset |
|
|
247
|
-
| Ignore false positives | Maintain verified baseline |
|
|
248
|
-
| Fix symptoms only | Address root causes |
|
|
249
|
-
| Scan once before deploy | Continuous scanning |
|
|
250
|
-
| Trust third-party deps blindly | Verify integrity, audit code |
|
|
251
|
-
|
|
252
|
-
---
|
|
253
|
-
|
|
254
|
-
## 11. Reporting Principles
|
|
255
|
-
|
|
256
|
-
### Finding Structure
|
|
257
|
-
|
|
258
|
-
Each finding should answer:
|
|
259
|
-
1. **What?** - Clear vulnerability description
|
|
260
|
-
2. **Where?** - Exact location (file, line, endpoint)
|
|
261
|
-
3. **Why?** - Root cause explanation
|
|
262
|
-
4. **Impact?** - Business consequence
|
|
263
|
-
5. **How to fix?** - Specific remediation
|
|
264
|
-
|
|
265
|
-
### Severity Classification
|
|
266
|
-
|
|
267
|
-
| Severity | Criteria |
|
|
268
|
-
|----------|----------|
|
|
269
|
-
| **Critical** | RCE, auth bypass, mass data exposure |
|
|
270
|
-
| **High** | Data exposure, privilege escalation |
|
|
271
|
-
| **Medium** | Limited scope, requires conditions |
|
|
272
|
-
| **Low** | Informational, best practice |
|
|
273
|
-
|
|
274
|
-
---
|
|
275
|
-
|
|
276
|
-
> **Remember:** Vulnerability scanning finds issues. Expert thinking prioritizes what matters. Always ask: "What would an attacker do with this?"
|
|
@@ -1,121 +0,0 @@
|
|
|
1
|
-
# Security Checklists
|
|
2
|
-
|
|
3
|
-
> Quick reference checklists for security audits. Use alongside vulnerability-scanner principles.
|
|
4
|
-
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## OWASP Top 10 Audit Checklist
|
|
8
|
-
|
|
9
|
-
### A01: Broken Access Control
|
|
10
|
-
- [ ] Authorization on all protected routes
|
|
11
|
-
- [ ] Deny by default
|
|
12
|
-
- [ ] Rate limiting implemented
|
|
13
|
-
- [ ] CORS properly configured
|
|
14
|
-
|
|
15
|
-
### A02: Cryptographic Failures
|
|
16
|
-
- [ ] Passwords hashed (bcrypt/argon2, cost 12+)
|
|
17
|
-
- [ ] Sensitive data encrypted at rest
|
|
18
|
-
- [ ] TLS 1.2+ for all connections
|
|
19
|
-
- [ ] No secrets in code/logs
|
|
20
|
-
|
|
21
|
-
### A03: Injection
|
|
22
|
-
- [ ] Parameterized queries
|
|
23
|
-
- [ ] Input validation on all user data
|
|
24
|
-
- [ ] Output encoding for XSS
|
|
25
|
-
- [ ] No eval() or dynamic code execution
|
|
26
|
-
|
|
27
|
-
### A04: Insecure Design
|
|
28
|
-
- [ ] Threat modeling done
|
|
29
|
-
- [ ] Security requirements defined
|
|
30
|
-
- [ ] Business logic validated
|
|
31
|
-
|
|
32
|
-
### A05: Security Misconfiguration
|
|
33
|
-
- [ ] Unnecessary features disabled
|
|
34
|
-
- [ ] Error messages sanitized
|
|
35
|
-
- [ ] Security headers configured
|
|
36
|
-
- [ ] Default credentials changed
|
|
37
|
-
|
|
38
|
-
### A06: Vulnerable Components
|
|
39
|
-
- [ ] Dependencies up to date
|
|
40
|
-
- [ ] No known vulnerabilities
|
|
41
|
-
- [ ] Unused dependencies removed
|
|
42
|
-
|
|
43
|
-
### A07: Authentication Failures
|
|
44
|
-
- [ ] MFA available
|
|
45
|
-
- [ ] Session invalidation on logout
|
|
46
|
-
- [ ] Session timeout implemented
|
|
47
|
-
- [ ] Brute force protection
|
|
48
|
-
|
|
49
|
-
### A08: Integrity Failures
|
|
50
|
-
- [ ] Dependency integrity verified
|
|
51
|
-
- [ ] CI/CD pipeline secured
|
|
52
|
-
- [ ] Update mechanism secured
|
|
53
|
-
|
|
54
|
-
### A09: Logging Failures
|
|
55
|
-
- [ ] Security events logged
|
|
56
|
-
- [ ] Logs protected
|
|
57
|
-
- [ ] No sensitive data in logs
|
|
58
|
-
- [ ] Alerting configured
|
|
59
|
-
|
|
60
|
-
### A10: SSRF
|
|
61
|
-
- [ ] URL validation implemented
|
|
62
|
-
- [ ] Allow-list for external calls
|
|
63
|
-
- [ ] Network segmentation
|
|
64
|
-
|
|
65
|
-
---
|
|
66
|
-
|
|
67
|
-
## Authentication Checklist
|
|
68
|
-
|
|
69
|
-
- [ ] Strong password policy
|
|
70
|
-
- [ ] Account lockout
|
|
71
|
-
- [ ] Secure password reset
|
|
72
|
-
- [ ] Session management
|
|
73
|
-
- [ ] Token expiration
|
|
74
|
-
- [ ] Logout invalidation
|
|
75
|
-
|
|
76
|
-
---
|
|
77
|
-
|
|
78
|
-
## API Security Checklist
|
|
79
|
-
|
|
80
|
-
- [ ] Authentication required
|
|
81
|
-
- [ ] Authorization per endpoint
|
|
82
|
-
- [ ] Input validation
|
|
83
|
-
- [ ] Rate limiting
|
|
84
|
-
- [ ] Output sanitization
|
|
85
|
-
- [ ] Error handling
|
|
86
|
-
|
|
87
|
-
---
|
|
88
|
-
|
|
89
|
-
## Data Protection Checklist
|
|
90
|
-
|
|
91
|
-
- [ ] Encryption at rest
|
|
92
|
-
- [ ] Encryption in transit
|
|
93
|
-
- [ ] Key management
|
|
94
|
-
- [ ] Data minimization
|
|
95
|
-
- [ ] Secure deletion
|
|
96
|
-
|
|
97
|
-
---
|
|
98
|
-
|
|
99
|
-
## Security Headers
|
|
100
|
-
|
|
101
|
-
| Header | Purpose |
|
|
102
|
-
|--------|---------|
|
|
103
|
-
| **Content-Security-Policy** | XSS prevention |
|
|
104
|
-
| **X-Content-Type-Options** | MIME sniffing |
|
|
105
|
-
| **X-Frame-Options** | Clickjacking |
|
|
106
|
-
| **Strict-Transport-Security** | Force HTTPS |
|
|
107
|
-
| **Referrer-Policy** | Referrer control |
|
|
108
|
-
|
|
109
|
-
---
|
|
110
|
-
|
|
111
|
-
## Quick Audit Commands
|
|
112
|
-
|
|
113
|
-
| Check | What to Look For |
|
|
114
|
-
|-------|------------------|
|
|
115
|
-
| Secrets in code | password, api_key, secret |
|
|
116
|
-
| Dangerous patterns | eval, innerHTML, SQL concat |
|
|
117
|
-
| Dependency issues | npm audit, snyk |
|
|
118
|
-
|
|
119
|
-
---
|
|
120
|
-
|
|
121
|
-
> **Usage:** Copy relevant checklists into your PLAN.md or security report.
|