@mmerterden/multi-agent-pipeline 8.6.1 → 10.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (928) hide show
  1. package/CHANGELOG.md +544 -2484
  2. package/README.md +117 -138
  3. package/docs/features.md +1 -1
  4. package/index.js +8 -10
  5. package/install/_adapters.mjs +5 -1
  6. package/install/_common.mjs +63 -0
  7. package/install/claude.mjs +14 -14
  8. package/install/copilot.mjs +14 -8
  9. package/install/index.mjs +85 -19
  10. package/install/templates/claude-hooks.json +18 -0
  11. package/install/templates/copilot-instructions.md +3 -3
  12. package/package.json +21 -6
  13. package/pipeline/adapters/_base.mjs +366 -14
  14. package/pipeline/adapters/antigravity.mjs +140 -0
  15. package/pipeline/adapters/codex.mjs +159 -0
  16. package/pipeline/adapters/copilot-chat-orchestration.mjs +148 -0
  17. package/pipeline/adapters/copilot-chat.mjs +34 -68
  18. package/pipeline/adapters/cursor-orchestration.mjs +152 -0
  19. package/pipeline/adapters/cursor.mjs +49 -90
  20. package/pipeline/agents/android-architect.md +5 -5
  21. package/pipeline/agents/backend-architect.md +4 -4
  22. package/pipeline/agents/code-reviewer.md +10 -10
  23. package/pipeline/agents/dev-critic.md +17 -17
  24. package/pipeline/agents/explorer.md +3 -3
  25. package/pipeline/agents/ios-architect.md +4 -4
  26. package/pipeline/agents/security-auditor.md +12 -12
  27. package/pipeline/agents/task-clarifier.md +18 -18
  28. package/pipeline/claude-md-template.md +3 -3
  29. package/pipeline/commands/archive-guard.md +3 -3
  30. package/pipeline/commands/figma-to-swiftui.md +10 -10
  31. package/pipeline/commands/multi-agent/_account-picker.md +13 -9
  32. package/pipeline/commands/multi-agent/_dev-context.md +15 -15
  33. package/pipeline/commands/multi-agent/_input-parser.md +4 -4
  34. package/pipeline/commands/multi-agent/_repo-picker.md +9 -9
  35. package/pipeline/commands/multi-agent/analysis-resolve.md +129 -0
  36. package/pipeline/commands/multi-agent/analysis.md +667 -0
  37. package/pipeline/commands/multi-agent/autopilot.md +22 -22
  38. package/pipeline/commands/multi-agent/build-optimize.md +77 -0
  39. package/pipeline/commands/multi-agent/channels.md +96 -96
  40. package/pipeline/commands/multi-agent/delete.md +19 -17
  41. package/pipeline/commands/multi-agent/dev-autopilot.md +23 -23
  42. package/pipeline/commands/multi-agent/dev-local-autopilot.md +23 -23
  43. package/pipeline/commands/multi-agent/dev-local.md +25 -22
  44. package/pipeline/commands/multi-agent/dev.md +49 -49
  45. package/pipeline/commands/multi-agent/diff-explain.md +4 -4
  46. package/pipeline/commands/multi-agent/garbage-collect.md +58 -0
  47. package/pipeline/commands/multi-agent/help.md +75 -66
  48. package/pipeline/commands/multi-agent/issue.md +3 -3
  49. package/pipeline/commands/multi-agent/jira.md +12 -12
  50. package/pipeline/commands/multi-agent/kill.md +6 -6
  51. package/pipeline/commands/multi-agent/language.md +12 -12
  52. package/pipeline/commands/multi-agent/local-autopilot.md +34 -34
  53. package/pipeline/commands/multi-agent/local.md +24 -25
  54. package/pipeline/commands/multi-agent/log.md +6 -6
  55. package/pipeline/commands/multi-agent/manual-test.md +3 -3
  56. package/pipeline/commands/multi-agent/prune-logs.md +60 -0
  57. package/pipeline/commands/multi-agent/purge.md +10 -7
  58. package/pipeline/commands/multi-agent/refactor.md +9 -9
  59. package/pipeline/commands/multi-agent/refs/analysis-template.md +1062 -0
  60. package/pipeline/commands/multi-agent/refs/android-guide.md +15 -13
  61. package/pipeline/commands/multi-agent/refs/audit-guide.md +20 -20
  62. package/pipeline/commands/multi-agent/refs/backend-guide.md +9 -9
  63. package/pipeline/commands/multi-agent/refs/channels/confluence.md +17 -17
  64. package/pipeline/commands/multi-agent/refs/channels/issue-comment.md +30 -30
  65. package/pipeline/commands/multi-agent/refs/channels/jira.md +15 -15
  66. package/pipeline/commands/multi-agent/refs/channels/pr-review-actions.md +19 -17
  67. package/pipeline/commands/multi-agent/refs/channels/pr.md +22 -22
  68. package/pipeline/commands/multi-agent/refs/channels/wiki.md +19 -19
  69. package/pipeline/commands/multi-agent/refs/component-dispatch.md +11 -11
  70. package/pipeline/commands/multi-agent/refs/conventions-defaults.md +179 -0
  71. package/pipeline/commands/multi-agent/refs/cross-cli-contract.md +35 -33
  72. package/pipeline/commands/multi-agent/refs/features/dev-critic.md +5 -5
  73. package/pipeline/commands/multi-agent/refs/features/external-context-injection.md +6 -6
  74. package/pipeline/commands/multi-agent/refs/features/model-fallback.md +73 -0
  75. package/pipeline/commands/multi-agent/refs/features/plan-todos.md +1 -1
  76. package/pipeline/commands/multi-agent/refs/features/prior-fix-detection.md +4 -4
  77. package/pipeline/commands/multi-agent/refs/features/repo-map.md +6 -6
  78. package/pipeline/commands/multi-agent/refs/features/shadow-git.md +2 -2
  79. package/pipeline/commands/multi-agent/refs/frontend-guide.md +16 -16
  80. package/pipeline/commands/multi-agent/refs/issue-jira-triad.md +18 -18
  81. package/pipeline/commands/multi-agent/refs/keychain.md +18 -8
  82. package/pipeline/commands/multi-agent/refs/knowledge.md +9 -9
  83. package/pipeline/commands/multi-agent/refs/multi-repo-integration-build.md +19 -19
  84. package/pipeline/commands/multi-agent/refs/phases/log-format.md +29 -9
  85. package/pipeline/commands/multi-agent/refs/phases/modes.md +33 -33
  86. package/pipeline/commands/multi-agent/refs/phases/operations.md +11 -11
  87. package/pipeline/commands/multi-agent/refs/phases/phase-0-init.md +93 -57
  88. package/pipeline/commands/multi-agent/refs/phases/phase-1-analysis.md +59 -28
  89. package/pipeline/commands/multi-agent/refs/phases/phase-2-planning.md +115 -63
  90. package/pipeline/commands/multi-agent/refs/phases/phase-3-dev.md +99 -36
  91. package/pipeline/commands/multi-agent/refs/phases/phase-4-review.md +160 -63
  92. package/pipeline/commands/multi-agent/refs/phases/phase-5-test.md +33 -18
  93. package/pipeline/commands/multi-agent/refs/phases/phase-6-commit.md +45 -43
  94. package/pipeline/commands/multi-agent/refs/phases/phase-7-report.md +54 -28
  95. package/pipeline/commands/multi-agent/refs/phases.md +17 -17
  96. package/pipeline/commands/multi-agent/refs/picker-contract.md +65 -0
  97. package/pipeline/commands/multi-agent/refs/progress-contract.md +37 -21
  98. package/pipeline/commands/multi-agent/refs/rules.md +83 -25
  99. package/pipeline/commands/multi-agent/refs/swiftui-guide.md +32 -30
  100. package/pipeline/commands/multi-agent/refs/tracker-contract.md +54 -30
  101. package/pipeline/commands/multi-agent/refs/wiki-capture.md +36 -33
  102. package/pipeline/commands/multi-agent/resume.md +9 -9
  103. package/pipeline/commands/multi-agent/review.md +24 -24
  104. package/pipeline/commands/multi-agent/scan.md +10 -10
  105. package/pipeline/commands/multi-agent/search.md +8 -8
  106. package/pipeline/commands/multi-agent/setup.md +111 -84
  107. package/pipeline/commands/multi-agent/stack.md +5 -5
  108. package/pipeline/commands/multi-agent/status.md +5 -5
  109. package/pipeline/commands/multi-agent/sync.md +123 -111
  110. package/pipeline/commands/multi-agent/test.md +6 -6
  111. package/pipeline/commands/multi-agent/update.md +1 -1
  112. package/pipeline/commands/multi-agent.md +66 -60
  113. package/pipeline/commands/sim-test.md +14 -14
  114. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-1-analysis.json +1 -1
  115. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-review.json +2 -2
  116. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/expected/phase-4-triage.json +2 -2
  117. package/pipeline/eval/golden-tasks/01-ios-bugfix-darkmode/metadata.json +1 -1
  118. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-1-analysis.json +2 -2
  119. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-review.json +3 -3
  120. package/pipeline/eval/golden-tasks/02-android-feature-compose/expected/phase-4-triage.json +4 -4
  121. package/pipeline/eval/golden-tasks/02-android-feature-compose/metadata.json +1 -1
  122. package/pipeline/eval/golden-tasks/02-android-feature-compose/task.json +1 -1
  123. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-1-analysis.json +29 -0
  124. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-2-plan.json +42 -0
  125. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-4-review.json +20 -0
  126. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/expected/phase-4-triage.json +15 -0
  127. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/metadata.json +14 -0
  128. package/pipeline/eval/golden-tasks/03-backend-python-ratelimit/task.json +12 -0
  129. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-1-analysis.json +29 -0
  130. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-2-plan.json +40 -0
  131. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-4-review.json +20 -0
  132. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/expected/phase-4-triage.json +15 -0
  133. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/metadata.json +14 -0
  134. package/pipeline/eval/golden-tasks/04-frontend-next-hydration/task.json +12 -0
  135. package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-1-analysis.json +29 -0
  136. package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-2-plan.json +42 -0
  137. package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-4-review.json +28 -0
  138. package/pipeline/eval/golden-tasks/05-ios-security-keychain/expected/phase-4-triage.json +27 -0
  139. package/pipeline/eval/golden-tasks/05-ios-security-keychain/metadata.json +14 -0
  140. package/pipeline/eval/golden-tasks/05-ios-security-keychain/task.json +12 -0
  141. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-1-analysis.json +29 -0
  142. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-2-plan.json +41 -0
  143. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-4-review.json +12 -0
  144. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/expected/phase-4-triage.json +6 -0
  145. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/metadata.json +14 -0
  146. package/pipeline/eval/golden-tasks/06-android-refactor-usecase/task.json +12 -0
  147. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-1-analysis.json +29 -0
  148. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-2-plan.json +42 -0
  149. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-4-review.json +28 -0
  150. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/expected/phase-4-triage.json +27 -0
  151. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/metadata.json +14 -0
  152. package/pipeline/eval/golden-tasks/07-backend-node-idempotency/task.json +12 -0
  153. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-1-analysis.json +25 -0
  154. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-2-plan.json +31 -0
  155. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-4-review.json +12 -0
  156. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/expected/phase-4-triage.json +18 -0
  157. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/metadata.json +14 -0
  158. package/pipeline/eval/golden-tasks/08-ios-auth-consensus-unverified/task.json +12 -0
  159. package/pipeline/eval/golden-tasks/README.md +14 -14
  160. package/pipeline/eval/intent-cases.json +40 -0
  161. package/pipeline/eval/run-metrics-fixture.json +46 -0
  162. package/pipeline/eval/triage/01-empty-findings/notes.md +1 -1
  163. package/pipeline/eval/triage/02-real-blocker/notes.md +2 -2
  164. package/pipeline/eval/triage/03-out-of-scope-defer/notes.md +1 -1
  165. package/pipeline/eval/triage/04-false-positive-reject/notes.md +1 -1
  166. package/pipeline/eval/triage/05-mixed-classification/notes.md +2 -2
  167. package/pipeline/eval/triage/06-severity-mismatch/notes.md +2 -2
  168. package/pipeline/eval/triage/07-duplicate-reviewers/notes.md +1 -1
  169. package/pipeline/eval/triage/08-style-misclassified/notes.md +1 -1
  170. package/pipeline/eval/triage/09-cascading-finding/notes.md +2 -2
  171. package/pipeline/eval/triage/10-deferred-crossref/notes.md +2 -2
  172. package/pipeline/eval/triage/11-vercel-token-leak-blocker/expected.json +3 -3
  173. package/pipeline/eval/triage/11-vercel-token-leak-blocker/input.json +2 -2
  174. package/pipeline/eval/triage/11-vercel-token-leak-blocker/notes.md +5 -5
  175. package/pipeline/eval/triage/README.md +4 -4
  176. package/pipeline/lib/account-resolver.sh +3 -3
  177. package/pipeline/lib/ask-choice.sh +98 -0
  178. package/pipeline/lib/channels-multi-repo.sh +3 -3
  179. package/pipeline/lib/classify-intent.sh +110 -0
  180. package/pipeline/lib/context-link-extractor.sh +3 -3
  181. package/pipeline/lib/credential-store-resolver.sh +3 -3
  182. package/pipeline/lib/credential-store.sh +9 -5
  183. package/pipeline/lib/extract-conventions.sh +1034 -0
  184. package/pipeline/lib/fetch-confluence.sh +3 -3
  185. package/pipeline/lib/fetch-crashlytics.sh +5 -5
  186. package/pipeline/lib/fetch-fortify.sh +5 -21
  187. package/pipeline/lib/fetch-swagger.sh +5 -5
  188. package/pipeline/lib/figma-screenshot.sh +536 -0
  189. package/pipeline/lib/issue-fetcher.sh +46 -20
  190. package/pipeline/lib/md2confluence-v3.py +1076 -0
  191. package/pipeline/lib/multi-repo-pipeline.sh +13 -22
  192. package/pipeline/lib/plan-todos.sh +7 -7
  193. package/pipeline/lib/post-pr-review.sh +53 -21
  194. package/pipeline/lib/repo-cache.sh +5 -5
  195. package/pipeline/lib/review-watch.sh +17 -13
  196. package/pipeline/lib/shadow-git.sh +7 -7
  197. package/pipeline/lib/submodule-detector.sh +3 -3
  198. package/pipeline/lib/vercel-deploy.sh +28 -15
  199. package/pipeline/preferences-template.json +21 -4
  200. package/pipeline/rules/app-store-guidelines.md +2 -2
  201. package/pipeline/rules/code-style.md +6 -6
  202. package/pipeline/rules/figma-pipeline.md +100 -2
  203. package/pipeline/rules/kotlin-android.md +8 -8
  204. package/pipeline/rules/security.md +4 -4
  205. package/pipeline/rules/tdd.md +1 -1
  206. package/pipeline/rules/testing.md +5 -5
  207. package/pipeline/schemas/agent-state.schema.json +55 -20
  208. package/pipeline/schemas/analysis-output.schema.json +7 -2
  209. package/pipeline/schemas/analysis-spec.schema.json +484 -0
  210. package/pipeline/schemas/clarify-output.schema.json +5 -5
  211. package/pipeline/schemas/conventions-output.schema.json +70 -0
  212. package/pipeline/schemas/dev-critic-output.schema.json +2 -2
  213. package/pipeline/schemas/diff-risk.schema.json +3 -3
  214. package/pipeline/schemas/figma-project-config.schema.json +3 -3
  215. package/pipeline/schemas/learnings-ledger.schema.json +39 -0
  216. package/pipeline/schemas/migrations/README.md +2 -2
  217. package/pipeline/schemas/migrations/figma-config-1.0.0-to-2.0.0.mjs +5 -5
  218. package/pipeline/schemas/migrations/prefs-2.0.0-to-2.1.0.mjs +3 -3
  219. package/pipeline/schemas/migrations/prefs-2.1.0-to-2.2.0.mjs +4 -4
  220. package/pipeline/schemas/migrations/prefs-2.2.0-to-2.3.0.mjs +5 -5
  221. package/pipeline/schemas/migrations/state-2.0.0-to-2.1.0.mjs +3 -3
  222. package/pipeline/schemas/plan-todos.schema.json +4 -4
  223. package/pipeline/schemas/planning-output.schema.json +3 -3
  224. package/pipeline/schemas/prefs.schema.json +97 -13
  225. package/pipeline/schemas/reviewer-output.schema.json +7 -3
  226. package/pipeline/schemas/test-gap.schema.json +1 -1
  227. package/pipeline/schemas/token-budget.json +8 -8
  228. package/pipeline/schemas/triage-corpus.schema.json +1 -1
  229. package/pipeline/schemas/triage-output.schema.json +44 -6
  230. package/pipeline/scripts/README.md +64 -64
  231. package/pipeline/scripts/aggregate-metrics.mjs +55 -16
  232. package/pipeline/scripts/audit-log-rotate.sh +3 -3
  233. package/pipeline/scripts/audit-log.sh +20 -7
  234. package/pipeline/scripts/benchmark-phase-0.sh +6 -6
  235. package/pipeline/scripts/build-skills-index.mjs +15 -15
  236. package/pipeline/scripts/check-md-links.mjs +59 -0
  237. package/pipeline/scripts/classify-plan-safety.mjs +24 -18
  238. package/pipeline/scripts/cost-budget-check.mjs +160 -0
  239. package/pipeline/scripts/cost-table.json +23 -13
  240. package/pipeline/scripts/diff-explain.mjs +12 -12
  241. package/pipeline/scripts/diff-risk-score.mjs +18 -17
  242. package/pipeline/scripts/eval-golden-tasks-live.mjs +13 -10
  243. package/pipeline/scripts/eval-golden-tasks.mjs +3 -14
  244. package/pipeline/scripts/eval-intent.mjs +103 -0
  245. package/pipeline/scripts/eval-triage.mjs +3 -3
  246. package/pipeline/scripts/evidence-gate.mjs +155 -0
  247. package/pipeline/scripts/fixtures/install-layout.tsv +9 -9
  248. package/pipeline/scripts/gc-tmp.sh +102 -0
  249. package/pipeline/scripts/gen-mode-dispatch.mjs +27 -21
  250. package/pipeline/scripts/gen-skills-index.mjs +6 -6
  251. package/pipeline/scripts/github-ssh-setup.sh +1 -1
  252. package/pipeline/scripts/keychain-save.sh +1 -1
  253. package/pipeline/scripts/keychain.py +6 -6
  254. package/pipeline/scripts/learnings-ledger.mjs +284 -0
  255. package/pipeline/scripts/lint-skills.mjs +80 -0
  256. package/pipeline/scripts/log-metric.sh +18 -9
  257. package/pipeline/scripts/match-skills.mjs +13 -8
  258. package/pipeline/scripts/memory-load.sh +3 -3
  259. package/pipeline/scripts/memory-save.sh +5 -5
  260. package/pipeline/scripts/migrate-prefs.mjs +17 -17
  261. package/pipeline/scripts/migrate-state.mjs +12 -12
  262. package/pipeline/scripts/output-quality-check.sh +7 -7
  263. package/pipeline/scripts/phase-banner.sh +5 -5
  264. package/pipeline/scripts/phase-tracker.sh +90 -53
  265. package/pipeline/scripts/pre-commit-check.sh +45 -5
  266. package/pipeline/scripts/pre-push-check.sh +7 -7
  267. package/pipeline/scripts/prune-logs.sh +118 -0
  268. package/pipeline/scripts/render-agent-log-cost.sh +55 -18
  269. package/pipeline/scripts/render-cost-summary.sh +9 -9
  270. package/pipeline/scripts/render-work-summary.sh +4 -4
  271. package/pipeline/scripts/repo-map.mjs +9 -9
  272. package/pipeline/scripts/run-aggregator.mjs +7 -6
  273. package/pipeline/scripts/run-metrics.mjs +129 -0
  274. package/pipeline/scripts/run-smokes.mjs +76 -0
  275. package/pipeline/scripts/scan-skills.sh +11 -11
  276. package/pipeline/scripts/search-logs.sh +8 -8
  277. package/pipeline/scripts/sign-skills.sh +2 -2
  278. package/pipeline/scripts/smoke-adapters.sh +79 -10
  279. package/pipeline/scripts/smoke-add-detail.sh +5 -5
  280. package/pipeline/scripts/smoke-agent-log-cost.sh +85 -6
  281. package/pipeline/scripts/smoke-agent-model-routing.sh +3 -3
  282. package/pipeline/scripts/smoke-ask-choice.sh +42 -0
  283. package/pipeline/scripts/smoke-bitbucket-contract.sh +19 -3
  284. package/pipeline/scripts/smoke-changelog-version.sh +47 -0
  285. package/pipeline/scripts/smoke-channels-flow.sh +1 -1
  286. package/pipeline/scripts/smoke-ci-workflows.sh +5 -5
  287. package/pipeline/scripts/smoke-clarify.sh +3 -3
  288. package/pipeline/scripts/smoke-commands-skills-parity.sh +4 -4
  289. package/pipeline/scripts/smoke-community-gates.sh +75 -0
  290. package/pipeline/scripts/smoke-compliance-skills.sh +5 -5
  291. package/pipeline/scripts/smoke-cost-budget.sh +70 -0
  292. package/pipeline/scripts/smoke-cost-summary.sh +4 -4
  293. package/pipeline/scripts/smoke-cross-cli-behavior.sh +50 -9
  294. package/pipeline/scripts/smoke-cross-phase-cohesion.sh +5 -5
  295. package/pipeline/scripts/smoke-delete-flow.sh +5 -5
  296. package/pipeline/scripts/smoke-dev-critic.sh +2 -2
  297. package/pipeline/scripts/smoke-diff-explain.sh +22 -3
  298. package/pipeline/scripts/smoke-diff-risk.sh +1 -1
  299. package/pipeline/scripts/smoke-dynamic-skill-loading.sh +1 -1
  300. package/pipeline/scripts/smoke-eval-live.sh +4 -4
  301. package/pipeline/scripts/smoke-evidence-gate.sh +93 -0
  302. package/pipeline/scripts/smoke-existing-discovery-gate.sh +1 -1
  303. package/pipeline/scripts/smoke-extract-conventions.sh +163 -0
  304. package/pipeline/scripts/smoke-figma-android-parity.sh +1 -1
  305. package/pipeline/scripts/smoke-figma-credential-store.sh +3 -3
  306. package/pipeline/scripts/smoke-figma-cross-cli-inventory.sh +12 -12
  307. package/pipeline/scripts/smoke-figma-dispatch.sh +5 -5
  308. package/pipeline/scripts/smoke-figma-sync.sh +1 -1
  309. package/pipeline/scripts/smoke-gate-hooks.sh +56 -0
  310. package/pipeline/scripts/smoke-gc-tmp.sh +84 -0
  311. package/pipeline/scripts/smoke-identity-isolation.sh +7 -7
  312. package/pipeline/scripts/smoke-install-layout.sh +10 -10
  313. package/pipeline/scripts/smoke-intent-guard.sh +86 -0
  314. package/pipeline/scripts/smoke-issue-comment-template.sh +3 -3
  315. package/pipeline/scripts/smoke-issue-jira-triad.sh +1 -1
  316. package/pipeline/scripts/smoke-keychain.sh +6 -6
  317. package/pipeline/scripts/smoke-language-axis.sh +2 -2
  318. package/pipeline/scripts/smoke-learnings-ledger.sh +86 -0
  319. package/pipeline/scripts/smoke-lib-scripts.sh +2 -2
  320. package/pipeline/scripts/smoke-mcp-gate.sh +68 -0
  321. package/pipeline/scripts/smoke-md-links.sh +8 -0
  322. package/pipeline/scripts/smoke-md2confluence.sh +126 -0
  323. package/pipeline/scripts/smoke-metrics-cache-ratio.sh +72 -0
  324. package/pipeline/scripts/smoke-migrate-state.sh +10 -10
  325. package/pipeline/scripts/smoke-mode-dispatch-drift.sh +7 -4
  326. package/pipeline/scripts/smoke-model-fallback.sh +80 -0
  327. package/pipeline/scripts/smoke-multi-repo-integration.sh +3 -3
  328. package/pipeline/scripts/smoke-multi-repo-worktree.sh +1 -1
  329. package/pipeline/scripts/smoke-no-mcp-in-dev-phases.sh +115 -0
  330. package/pipeline/scripts/smoke-no-token-prompt.sh +31 -15
  331. package/pipeline/scripts/smoke-pat-audit.sh +26 -5
  332. package/pipeline/scripts/smoke-per-repo-memory.sh +1 -1
  333. package/pipeline/scripts/smoke-phase-0-multi-repo.sh +1 -1
  334. package/pipeline/scripts/smoke-phase-6-multi.sh +2 -2
  335. package/pipeline/scripts/smoke-phase-banner.sh +1 -1
  336. package/pipeline/scripts/smoke-phase-tracker.sh +1 -1
  337. package/pipeline/scripts/smoke-phase0-bridge-contract.sh +4 -4
  338. package/pipeline/scripts/smoke-phase4-triage.sh +94 -7
  339. package/pipeline/scripts/smoke-plan-approval-gate.sh +3 -3
  340. package/pipeline/scripts/smoke-plan-safety.sh +1 -1
  341. package/pipeline/scripts/smoke-plan-todos.sh +7 -4
  342. package/pipeline/scripts/smoke-pr-review-actions.sh +2 -2
  343. package/pipeline/scripts/smoke-pre-commit.sh +34 -2
  344. package/pipeline/scripts/smoke-pref-migration.sh +1 -1
  345. package/pipeline/scripts/smoke-prefs-language.sh +5 -5
  346. package/pipeline/scripts/smoke-progress-contract.sh +3 -3
  347. package/pipeline/scripts/smoke-prune-logs.sh +87 -0
  348. package/pipeline/scripts/smoke-push-retry.sh +1 -1
  349. package/pipeline/scripts/smoke-readme-counts.sh +1 -1
  350. package/pipeline/scripts/smoke-repo-map.sh +9 -9
  351. package/pipeline/scripts/smoke-review-watch.sh +12 -0
  352. package/pipeline/scripts/smoke-run-aggregator.sh +7 -7
  353. package/pipeline/scripts/smoke-run-metrics.sh +50 -0
  354. package/pipeline/scripts/smoke-schema-validation.sh +18 -11
  355. package/pipeline/scripts/smoke-search.sh +5 -5
  356. package/pipeline/scripts/smoke-shared-runtime.sh +108 -0
  357. package/pipeline/scripts/smoke-skill-authoring.sh +13 -13
  358. package/pipeline/scripts/smoke-skill-language.sh +4 -4
  359. package/pipeline/scripts/smoke-skill-manifest.sh +2 -2
  360. package/pipeline/scripts/smoke-skill-scan.sh +2 -2
  361. package/pipeline/scripts/smoke-stack-swap.sh +2 -2
  362. package/pipeline/scripts/smoke-subagent-validators.sh +8 -5
  363. package/pipeline/scripts/smoke-sync-adapters.sh +1 -1
  364. package/pipeline/scripts/smoke-sync-delegation.sh +7 -7
  365. package/pipeline/scripts/smoke-sync-parity.sh +1 -1
  366. package/pipeline/scripts/smoke-tasklist-ordering.sh +7 -7
  367. package/pipeline/scripts/smoke-telemetry.sh +1 -1
  368. package/pipeline/scripts/smoke-test-gap.sh +5 -5
  369. package/pipeline/scripts/smoke-token-budget.sh +1 -1
  370. package/pipeline/scripts/smoke-tracker-contract.sh +6 -6
  371. package/pipeline/scripts/smoke-tracker-tokens-invocation.sh +9 -1
  372. package/pipeline/scripts/smoke-triage-memory.sh +2 -2
  373. package/pipeline/scripts/smoke-url-enrichment.sh +2 -2
  374. package/pipeline/scripts/smoke-validator-contradiction.sh +1 -1
  375. package/pipeline/scripts/smoke-validator-gates.sh +164 -0
  376. package/pipeline/scripts/smoke-vercel-deploy-redact.sh +11 -11
  377. package/pipeline/scripts/smoke-wiki-integration.sh +2 -2
  378. package/pipeline/scripts/smoke-work-summary.sh +3 -3
  379. package/pipeline/scripts/smoke-worktree-path-convention.sh +4 -4
  380. package/pipeline/scripts/smoke-write-state.sh +2 -2
  381. package/pipeline/scripts/stack-swap.sh +3 -3
  382. package/pipeline/scripts/sync-adapters.mjs +37 -10
  383. package/pipeline/scripts/sync-parity-check.sh +6 -6
  384. package/pipeline/scripts/test-gap-scan.mjs +11 -13
  385. package/pipeline/scripts/token-budget-report.mjs +4 -4
  386. package/pipeline/scripts/triage-memory.mjs +6 -6
  387. package/pipeline/scripts/uninstall.mjs +42 -4
  388. package/pipeline/scripts/update-issue-progress.sh +2 -2
  389. package/pipeline/scripts/validate-analysis.mjs +19 -21
  390. package/pipeline/scripts/validate-diff-risk.mjs +4 -4
  391. package/pipeline/scripts/validate-planning.mjs +3 -3
  392. package/pipeline/scripts/validate-reviewer.mjs +4 -4
  393. package/pipeline/scripts/validate-schemas.mjs +4 -4
  394. package/pipeline/scripts/validate-test-gap.mjs +4 -4
  395. package/pipeline/scripts/validate-triage.mjs +68 -9
  396. package/pipeline/scripts/verify-skills.sh +7 -7
  397. package/pipeline/scripts/write-state.mjs +49 -11
  398. package/pipeline/skills/.skill-manifest.json +245 -149
  399. package/pipeline/skills/.skills-index.json +236 -47
  400. package/pipeline/skills/figma-android/README.md +5 -5
  401. package/pipeline/skills/figma-android/figma-component-code-connect/SKILL.md +3 -3
  402. package/pipeline/skills/figma-android/figma-component-implement/SKILL.md +8 -8
  403. package/pipeline/skills/figma-android/figma-component-test/SKILL.md +4 -4
  404. package/pipeline/skills/figma-android/figma-component-wiki/SKILL.md +5 -5
  405. package/pipeline/skills/figma-android/figma-to-component/SKILL.md +14 -14
  406. package/pipeline/skills/figma-common/README.md +29 -29
  407. package/pipeline/skills/figma-common/figma-cli-iterate/SKILL.md +20 -15
  408. package/pipeline/skills/figma-common/figma-cli-iterate-mend/SKILL.md +35 -30
  409. package/pipeline/skills/figma-common/figma-cli-lean-iterate/SKILL.md +35 -30
  410. package/pipeline/skills/figma-common/figma-cli-skip/SKILL.md +20 -20
  411. package/pipeline/skills/figma-common/figma-commit/COMMON_REBASE.md +32 -32
  412. package/pipeline/skills/figma-common/figma-commit/REVIEW.md +9 -9
  413. package/pipeline/skills/figma-common/figma-commit/SKILL.md +25 -20
  414. package/pipeline/skills/figma-common/figma-component-confluence-sync/SKILL.md +11 -6
  415. package/pipeline/skills/figma-common/figma-component-start/SKILL.md +30 -25
  416. package/pipeline/skills/figma-common/figma-component-status-update/SKILL.md +9 -4
  417. package/pipeline/skills/figma-common/figma-fix/SKILL.md +27 -22
  418. package/pipeline/skills/figma-common/figma-form-integration/SKILL.md +38 -38
  419. package/pipeline/skills/figma-common/figma-issue/SKILL.md +39 -34
  420. package/pipeline/skills/figma-common/figma-iterate/SKILL.md +20 -15
  421. package/pipeline/skills/figma-common/figma-iteration-commit/SKILL.md +44 -39
  422. package/pipeline/skills/figma-common/figma-mend/SKILL.md +6 -6
  423. package/pipeline/skills/figma-common/figma-price-integration/SKILL.md +30 -30
  424. package/pipeline/skills/figma-common/figma-remote-mcp-auth/SKILL.md +1 -1
  425. package/pipeline/skills/figma-common/figma-review/SKILL.md +31 -26
  426. package/pipeline/skills/figma-common/figma-setup/SKILL.md +11 -11
  427. package/pipeline/skills/figma-common/figma-setup/scripts/fetch-mcp-token.py +5 -5
  428. package/pipeline/skills/figma-common/figma-skip/SKILL.md +6 -6
  429. package/pipeline/skills/figma-common/figma-ui-patterns/SKILL.md +12 -12
  430. package/pipeline/skills/figma-common/figma-utility/SKILL.md +4 -4
  431. package/pipeline/skills/figma-common/figma-utility/scripts/figma-utility.py +1 -1
  432. package/pipeline/skills/figma-common/figma-validate/SKILL.md +48 -48
  433. package/pipeline/skills/figma-common/performance-iteration-commit-all/SKILL.md +42 -37
  434. package/pipeline/skills/figma-common/performance-review-next/SKILL.md +23 -18
  435. package/pipeline/skills/figma-common/performance-start/SKILL.md +52 -47
  436. package/pipeline/skills/figma-common/performance-swiftui/SKILL.md +68 -68
  437. package/pipeline/skills/figma-common/performance-tour/SKILL.md +42 -37
  438. package/pipeline/skills/figma-ios/REVIEW_CHECKLIST.md +16 -16
  439. package/pipeline/skills/figma-ios/figma-component-code-connect/SKILL.md +15 -15
  440. package/pipeline/skills/figma-ios/figma-component-implement/SKILL.md +9 -9
  441. package/pipeline/skills/figma-ios/figma-component-test/SKILL.md +15 -15
  442. package/pipeline/skills/figma-ios/figma-component-wiki/SKILL.md +18 -18
  443. package/pipeline/skills/figma-ios/figma-to-component/SKILL.md +38 -38
  444. package/pipeline/skills/figma-ios/figma-to-component/halt-return-protocol.md +2 -2
  445. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-0-init.md +12 -12
  446. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1-gathering.md +5 -5
  447. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-1.5-existing-discovery.md +19 -19
  448. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2-orchestrator.md +25 -25
  449. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2a-testing-identifiers.md +7 -7
  450. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2b-localization.md +6 -6
  451. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2c-accessibility.md +38 -38
  452. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-2d-analytics.md +3 -3
  453. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3-orchestrator.md +29 -29
  454. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3a-location.md +6 -6
  455. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3b-tokens.md +3 -3
  456. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3c-nested.md +12 -12
  457. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3d-patterns.md +57 -57
  458. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3e-assets.md +5 -5
  459. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3f-utilities.md +6 -6
  460. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3g-property-coverage.md +10 -10
  461. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-3h-variant-config.md +16 -16
  462. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4-orchestrator.md +23 -23
  463. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4a-configuration.md +26 -26
  464. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4b-view.md +43 -43
  465. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4c-documentation.md +17 -17
  466. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4d-preview.md +19 -19
  467. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-4e-modifiers.md +15 -15
  468. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5-orchestrator.md +39 -39
  469. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5a-viewinspector.md +7 -7
  470. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5b-snapshot.md +29 -29
  471. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-5c-unit.md +9 -9
  472. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-6-code-connect.md +31 -31
  473. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7-wiki.md +5 -5
  474. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-confluence-generate.md +18 -18
  475. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-7a-wiki-generate.md +16 -16
  476. package/pipeline/skills/figma-ios/figma-to-component/phases/phase-8-cleanup.md +2 -2
  477. package/pipeline/skills/figma-ios/figma-to-component/reference/accessibility.md +1 -1
  478. package/pipeline/skills/figma-ios/figma-to-component/reference/code-connect.md +49 -49
  479. package/pipeline/skills/figma-ios/figma-to-component/reference/figma-to-swiftui-effects.md +8 -8
  480. package/pipeline/skills/figma-ios/figma-to-component/reference/halt-return-protocol.md +2 -2
  481. package/pipeline/skills/figma-ios/figma-to-component/reference/macros.md +9 -9
  482. package/pipeline/skills/figma-ios/figma-to-component/reference/missing-tokens.md +4 -4
  483. package/pipeline/skills/figma-ios/figma-to-component/reference/orchestrator-discipline.md +10 -10
  484. package/pipeline/skills/figma-ios/figma-to-component/reference/remote-mcp-script.md +5 -5
  485. package/pipeline/skills/figma-ios/figma-to-component/reference/rest-api-script.md +11 -11
  486. package/pipeline/skills/figma-ios/figma-to-component/reference/scripts-inventory.md +14 -14
  487. package/pipeline/skills/figma-ios/figma-to-component/reference/snapshot-testing.md +2 -2
  488. package/pipeline/skills/figma-ios/figma-to-component/reference/subcomponent-graph.md +4 -4
  489. package/pipeline/skills/figma-ios/figma-to-component/reference/testing-identifiers-naming.md +6 -6
  490. package/pipeline/skills/figma-ios/figma-to-component/reference/tools.md +9 -9
  491. package/pipeline/skills/figma-ios/figma-to-component/reference/viewinspector.md +1 -1
  492. package/pipeline/skills/figma-ios/figma-to-component/reference/wiki-to-confluence-mapping.md +1 -1
  493. package/pipeline/skills/figma-ios/figma-to-component/scripts/apply-author-login-map.py +5 -5
  494. package/pipeline/skills/figma-ios/figma-to-component/scripts/backfill-status.py +18 -18
  495. package/pipeline/skills/figma-ios/figma-to-component/scripts/build-author-registry.py +4 -4
  496. package/pipeline/skills/figma-ios/figma-to-component/scripts/bulk-sync-issues.py +4 -4
  497. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-data-gather.py +1 -1
  498. package/pipeline/skills/figma-ios/figma-to-component/scripts/code-connect-publish.sh +3 -3
  499. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status-upload.py +18 -18
  500. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-component-status.py +4 -4
  501. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-data-gather.py +5 -5
  502. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.example.json +9 -0
  503. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-publish.py +3 -3
  504. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-subcomponent-graph.py +1 -1
  505. package/pipeline/skills/figma-ios/figma-to-component/scripts/figma-update.py +5 -5
  506. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/issue_sync_propagate.py +1 -1
  507. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/registry_writer.py +4 -4
  508. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_figma_update.py +1 -1
  509. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_registry_writer.py +3 -3
  510. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_skill_figma_issue.py +1 -1
  511. package/pipeline/skills/figma-ios/figma-to-component/scripts/lib/test_update_issue_gh.py +1 -1
  512. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase1-gather.py +12 -12
  513. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase2-finalize.py +3 -3
  514. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase3-scripts.py +26 -26
  515. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase4-finalize.py +4 -4
  516. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase5-finalize.py +4 -4
  517. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase6-finalize.py +5 -5
  518. package/pipeline/skills/figma-ios/figma-to-component/scripts/phase7-finalize.py +4 -4
  519. package/pipeline/skills/figma-ios/figma-to-component/scripts/register-icons-codeconnect.py +4 -4
  520. package/pipeline/skills/figma-ios/figma-to-component/scripts/remote-mcp-fetch.py +5 -5
  521. package/pipeline/skills/figma-ios/figma-to-component/scripts/resolve-author-logins.py +2 -2
  522. package/pipeline/skills/figma-ios/figma-to-component/scripts/run-uicomponents-tests.sh +1 -1
  523. package/pipeline/skills/figma-ios/figma-to-component/scripts/sidebar-generator.py +5 -5
  524. package/pipeline/skills/figma-ios/figma-to-component/scripts/update-issue-from-registry.py +41 -41
  525. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase4.sh +8 -8
  526. package/pipeline/skills/figma-ios/figma-to-component/scripts/validate-phase6.sh +7 -7
  527. package/pipeline/skills/shared/README.md +62 -41
  528. package/pipeline/skills/shared/core/apple-archive-compliance/SKILL.md +39 -39
  529. package/pipeline/skills/shared/core/google-play-compliance/SKILL.md +44 -44
  530. package/pipeline/skills/shared/core/multi-agent/SKILL.md +182 -176
  531. package/pipeline/skills/shared/core/multi-agent-analysis/SKILL.md +55 -0
  532. package/pipeline/skills/shared/core/multi-agent-analysis-resolve/SKILL.md +48 -0
  533. package/pipeline/skills/shared/core/multi-agent-autopilot/SKILL.md +16 -16
  534. package/pipeline/skills/shared/core/multi-agent-build-optimize/SKILL.md +48 -0
  535. package/pipeline/skills/shared/core/multi-agent-channels/SKILL.md +40 -40
  536. package/pipeline/skills/shared/core/multi-agent-delete/SKILL.md +33 -30
  537. package/pipeline/skills/shared/core/multi-agent-dev/SKILL.md +26 -26
  538. package/pipeline/skills/shared/core/multi-agent-dev-autopilot/SKILL.md +22 -22
  539. package/pipeline/skills/shared/core/multi-agent-dev-local/SKILL.md +6 -6
  540. package/pipeline/skills/shared/core/multi-agent-dev-local-autopilot/SKILL.md +12 -12
  541. package/pipeline/skills/shared/core/multi-agent-diff-explain/SKILL.md +20 -20
  542. package/pipeline/skills/shared/core/multi-agent-garbage-collect/SKILL.md +61 -0
  543. package/pipeline/skills/shared/core/multi-agent-help/SKILL.md +22 -22
  544. package/pipeline/skills/shared/core/multi-agent-issue/SKILL.md +15 -15
  545. package/pipeline/skills/shared/core/multi-agent-jira/SKILL.md +12 -12
  546. package/pipeline/skills/shared/core/multi-agent-kill/SKILL.md +14 -14
  547. package/pipeline/skills/shared/core/multi-agent-language/SKILL.md +12 -12
  548. package/pipeline/skills/shared/core/multi-agent-local/SKILL.md +10 -10
  549. package/pipeline/skills/shared/core/multi-agent-local-autopilot/SKILL.md +18 -18
  550. package/pipeline/skills/shared/core/multi-agent-log/SKILL.md +9 -9
  551. package/pipeline/skills/shared/core/multi-agent-manual-test/SKILL.md +20 -20
  552. package/pipeline/skills/shared/core/multi-agent-prune-logs/SKILL.md +63 -0
  553. package/pipeline/skills/shared/core/multi-agent-purge/SKILL.md +16 -13
  554. package/pipeline/skills/shared/core/multi-agent-refactor/SKILL.md +110 -110
  555. package/pipeline/skills/shared/core/multi-agent-resume/SKILL.md +13 -13
  556. package/pipeline/skills/shared/core/multi-agent-review/SKILL.md +22 -22
  557. package/pipeline/skills/shared/core/multi-agent-scan/SKILL.md +18 -18
  558. package/pipeline/skills/shared/core/multi-agent-search/SKILL.md +13 -13
  559. package/pipeline/skills/shared/core/multi-agent-setup/SKILL.md +33 -30
  560. package/pipeline/skills/shared/core/multi-agent-stack/SKILL.md +14 -14
  561. package/pipeline/skills/shared/core/multi-agent-status/SKILL.md +9 -9
  562. package/pipeline/skills/shared/core/multi-agent-sync/SKILL.md +79 -79
  563. package/pipeline/skills/shared/core/multi-agent-test/SKILL.md +5 -5
  564. package/pipeline/skills/shared/core/multi-agent-update/SKILL.md +10 -10
  565. package/pipeline/skills/shared/external/NOTICE-swift-ios-skills.md +41 -0
  566. package/pipeline/skills/shared/external/NOTICE-xcode-build-skills.md +53 -0
  567. package/pipeline/skills/shared/external/agentflow/SKILL.md +9 -9
  568. package/pipeline/skills/shared/external/alarmkit/SKILL.md +113 -52
  569. package/pipeline/skills/shared/external/alarmkit/evals/evals.json +41 -0
  570. package/pipeline/skills/shared/external/alarmkit/references/alarmkit-patterns.md +23 -16
  571. package/pipeline/skills/shared/external/app-clips/SKILL.md +85 -354
  572. package/pipeline/skills/shared/external/app-clips/evals/evals.json +50 -0
  573. package/pipeline/skills/shared/external/app-clips/references/data-handoff-notifications-location.md +135 -0
  574. package/pipeline/skills/shared/external/app-clips/references/routing-and-experiences.md +125 -0
  575. package/pipeline/skills/shared/external/app-clips/references/size-capabilities-and-promotion.md +113 -0
  576. package/pipeline/skills/shared/external/app-intents/SKILL.md +152 -59
  577. package/pipeline/skills/shared/external/app-intents/evals/evals.json +47 -0
  578. package/pipeline/skills/shared/external/app-intents/references/appintents-advanced.md +161 -118
  579. package/pipeline/skills/shared/external/app-store-optimization/SKILL.md +289 -392
  580. package/pipeline/skills/shared/external/app-store-optimization/evals/evals.json +46 -0
  581. package/pipeline/skills/shared/external/app-store-optimization/references/keyword-research-methodology.md +174 -0
  582. package/pipeline/skills/shared/external/app-store-optimization/references/product-page-variants.md +191 -0
  583. package/pipeline/skills/shared/external/app-store-review/SKILL.md +57 -107
  584. package/pipeline/skills/shared/external/app-store-review/evals/evals.json +44 -0
  585. package/pipeline/skills/shared/external/app-store-review/references/privacy-manifest.md +35 -12
  586. package/pipeline/skills/shared/external/app-store-review/references/review-checklists.md +28 -26
  587. package/pipeline/skills/shared/external/apple-on-device-ai/SKILL.md +53 -62
  588. package/pipeline/skills/shared/external/apple-on-device-ai/evals/evals.json +47 -0
  589. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-conversion.md +7 -1
  590. package/pipeline/skills/shared/external/apple-on-device-ai/references/coreml-optimization.md +4 -1
  591. package/pipeline/skills/shared/external/apple-on-device-ai/references/foundation-models.md +32 -12
  592. package/pipeline/skills/shared/external/apple-on-device-ai/references/mlx-swift.md +34 -30
  593. package/pipeline/skills/shared/external/authentication/SKILL.md +134 -138
  594. package/pipeline/skills/shared/external/authentication/evals/evals.json +48 -0
  595. package/pipeline/skills/shared/external/authentication/references/keychain-biometric.md +56 -29
  596. package/pipeline/skills/shared/external/authentication/references/passkeys.md +183 -0
  597. package/pipeline/skills/shared/external/avkit/SKILL.md +497 -0
  598. package/pipeline/skills/shared/external/avkit/evals/evals.json +55 -0
  599. package/pipeline/skills/shared/external/avkit/references/avkit-patterns.md +668 -0
  600. package/pipeline/skills/shared/external/background-processing/SKILL.md +29 -29
  601. package/pipeline/skills/shared/external/background-processing/evals/evals.json +44 -0
  602. package/pipeline/skills/shared/external/background-processing/references/background-task-patterns.md +44 -19
  603. package/pipeline/skills/shared/external/callkit-voip/SKILL.md +136 -99
  604. package/pipeline/skills/shared/external/callkit-voip/evals/evals.json +47 -0
  605. package/pipeline/skills/shared/external/callkit-voip/references/callkit-patterns.md +27 -8
  606. package/pipeline/skills/shared/external/ci-cd-pipelines/SKILL.md +7 -6
  607. package/pipeline/skills/shared/external/clean-code/SKILL.md +2 -2
  608. package/pipeline/skills/shared/external/cloudkit-sync/SKILL.md +63 -56
  609. package/pipeline/skills/shared/external/cloudkit-sync/evals/evals.json +47 -0
  610. package/pipeline/skills/shared/external/cloudkit-sync/references/cloudkit-patterns.md +7 -4
  611. package/pipeline/skills/shared/external/contacts-framework/SKILL.md +31 -11
  612. package/pipeline/skills/shared/external/contacts-framework/evals/evals.json +41 -0
  613. package/pipeline/skills/shared/external/contacts-framework/references/contacts-patterns.md +51 -51
  614. package/pipeline/skills/shared/external/core-bluetooth/SKILL.md +70 -65
  615. package/pipeline/skills/shared/external/core-bluetooth/evals/evals.json +44 -0
  616. package/pipeline/skills/shared/external/core-bluetooth/references/ble-patterns.md +25 -1
  617. package/pipeline/skills/shared/external/core-data/SKILL.md +496 -0
  618. package/pipeline/skills/shared/external/core-data/evals/evals.json +44 -0
  619. package/pipeline/skills/shared/external/core-motion/SKILL.md +47 -14
  620. package/pipeline/skills/shared/external/core-motion/evals/evals.json +49 -0
  621. package/pipeline/skills/shared/external/core-motion/references/motion-patterns.md +47 -16
  622. package/pipeline/skills/shared/external/core-nfc/SKILL.md +43 -54
  623. package/pipeline/skills/shared/external/core-nfc/evals/evals.json +49 -0
  624. package/pipeline/skills/shared/external/core-nfc/references/nfc-patterns.md +32 -2
  625. package/pipeline/skills/shared/external/coreml/SKILL.md +89 -48
  626. package/pipeline/skills/shared/external/coreml/evals/evals.json +44 -0
  627. package/pipeline/skills/shared/external/coreml/references/coreml-swift-integration.md +82 -37
  628. package/pipeline/skills/shared/external/cryptokit/SKILL.md +493 -0
  629. package/pipeline/skills/shared/external/cryptokit/evals/evals.json +44 -0
  630. package/pipeline/skills/shared/external/cryptokit/references/cryptokit-patterns.md +602 -0
  631. package/pipeline/skills/shared/external/css-modern/SKILL.md +3 -2
  632. package/pipeline/skills/shared/external/database-patterns/SKILL.md +6 -5
  633. package/pipeline/skills/shared/external/debugging-instruments/SKILL.md +77 -47
  634. package/pipeline/skills/shared/external/debugging-instruments/evals/evals.json +47 -0
  635. package/pipeline/skills/shared/external/debugging-instruments/references/instruments-guide.md +42 -34
  636. package/pipeline/skills/shared/external/debugging-instruments/references/lldb-patterns.md +2 -2
  637. package/pipeline/skills/shared/external/device-integrity/SKILL.md +136 -176
  638. package/pipeline/skills/shared/external/device-integrity/evals/evals.json +45 -0
  639. package/pipeline/skills/shared/external/device-integrity/references/device-integrity-patterns.md +240 -0
  640. package/pipeline/skills/shared/external/energykit/SKILL.md +73 -34
  641. package/pipeline/skills/shared/external/energykit/evals/evals.json +45 -0
  642. package/pipeline/skills/shared/external/energykit/references/energykit-patterns.md +80 -38
  643. package/pipeline/skills/shared/external/eventkit-calendar/SKILL.md +67 -53
  644. package/pipeline/skills/shared/external/eventkit-calendar/evals/evals.json +44 -0
  645. package/pipeline/skills/shared/external/eventkit-calendar/references/eventkit-patterns.md +53 -3
  646. package/pipeline/skills/shared/external/healthkit/SKILL.md +57 -124
  647. package/pipeline/skills/shared/external/healthkit/evals/evals.json +46 -0
  648. package/pipeline/skills/shared/external/healthkit/references/healthkit-patterns.md +82 -1
  649. package/pipeline/skills/shared/external/homekit-matter/SKILL.md +43 -41
  650. package/pipeline/skills/shared/external/homekit-matter/evals/evals.json +45 -0
  651. package/pipeline/skills/shared/external/homekit-matter/references/matter-commissioning.md +13 -8
  652. package/pipeline/skills/shared/external/html-semantic/SKILL.md +5 -4
  653. package/pipeline/skills/shared/external/humanizer/SKILL.md +4 -4
  654. package/pipeline/skills/shared/external/ios-accessibility/SKILL.md +174 -18
  655. package/pipeline/skills/shared/external/ios-accessibility/evals/evals.json +49 -0
  656. package/pipeline/skills/shared/external/ios-accessibility/references/a11y-patterns.md +262 -4
  657. package/pipeline/skills/shared/external/ios-accessibility/references/media-accessibility.md +117 -0
  658. package/pipeline/skills/shared/external/ios-accessibility/references/nutrition-labels.md +141 -0
  659. package/pipeline/skills/shared/external/ios-localization/SKILL.md +67 -14
  660. package/pipeline/skills/shared/external/ios-localization/evals/evals.json +49 -0
  661. package/pipeline/skills/shared/external/ios-localization/references/formatstyle-locale.md +20 -3
  662. package/pipeline/skills/shared/external/ios-localization/references/string-catalogs.md +131 -22
  663. package/pipeline/skills/shared/external/ios-networking/SKILL.md +69 -22
  664. package/pipeline/skills/shared/external/ios-networking/evals/evals.json +50 -0
  665. package/pipeline/skills/shared/external/ios-networking/references/background-websocket.md +28 -16
  666. package/pipeline/skills/shared/external/ios-networking/references/file-storage-patterns.md +354 -0
  667. package/pipeline/skills/shared/external/ios-networking/references/network-framework.md +69 -44
  668. package/pipeline/skills/shared/external/ios-networking/references/urlsession-patterns.md +35 -69
  669. package/pipeline/skills/shared/external/ios-security/references/file-storage-patterns.md +8 -8
  670. package/pipeline/skills/shared/external/ios-simulator/SKILL.md +485 -0
  671. package/pipeline/skills/shared/external/ios-simulator/evals/evals.json +44 -0
  672. package/pipeline/skills/shared/external/ios-simulator/references/simctl-commands.md +316 -0
  673. package/pipeline/skills/shared/external/live-activities/SKILL.md +120 -131
  674. package/pipeline/skills/shared/external/live-activities/evals/evals.json +44 -0
  675. package/pipeline/skills/shared/external/live-activities/references/{live-activity-patterns.md → activitykit-patterns.md} +148 -63
  676. package/pipeline/skills/shared/external/mapkit-location/SKILL.md +40 -21
  677. package/pipeline/skills/shared/external/mapkit-location/evals/evals.json +47 -0
  678. package/pipeline/skills/shared/external/mapkit-location/references/{corelocation-patterns.md → mapkit-corelocation-patterns.md} +88 -41
  679. package/pipeline/skills/shared/external/mapkit-location/references/mapkit-patterns.md +27 -24
  680. package/pipeline/skills/shared/external/metrickit-diagnostics/SKILL.md +129 -172
  681. package/pipeline/skills/shared/external/metrickit-diagnostics/evals/evals.json +46 -0
  682. package/pipeline/skills/shared/external/metrickit-diagnostics/references/metrickit-patterns.md +180 -0
  683. package/pipeline/skills/shared/external/musickit-audio/SKILL.md +45 -18
  684. package/pipeline/skills/shared/external/musickit-audio/evals/evals.json +44 -0
  685. package/pipeline/skills/shared/external/musickit-audio/references/musickit-patterns.md +26 -6
  686. package/pipeline/skills/shared/external/natural-language/SKILL.md +48 -18
  687. package/pipeline/skills/shared/external/natural-language/evals/evals.json +47 -0
  688. package/pipeline/skills/shared/external/natural-language/references/translation-patterns.md +20 -7
  689. package/pipeline/skills/shared/external/nextjs-app-router/SKILL.md +4 -3
  690. package/pipeline/skills/shared/external/passkit-wallet/SKILL.md +156 -66
  691. package/pipeline/skills/shared/external/passkit-wallet/evals/evals.json +51 -0
  692. package/pipeline/skills/shared/external/passkit-wallet/references/wallet-passes.md +69 -19
  693. package/pipeline/skills/shared/external/pdfkit/SKILL.md +499 -0
  694. package/pipeline/skills/shared/external/pdfkit/evals/evals.json +42 -0
  695. package/pipeline/skills/shared/external/pdfkit/references/pdfkit-patterns.md +844 -0
  696. package/pipeline/skills/shared/external/pencilkit-drawing/SKILL.md +122 -28
  697. package/pipeline/skills/shared/external/pencilkit-drawing/evals/evals.json +44 -0
  698. package/pipeline/skills/shared/external/pencilkit-drawing/references/pencilkit-patterns.md +49 -18
  699. package/pipeline/skills/shared/external/permissionkit/SKILL.md +100 -51
  700. package/pipeline/skills/shared/external/permissionkit/evals/evals.json +47 -0
  701. package/pipeline/skills/shared/external/permissionkit/references/permissionkit-patterns.md +48 -8
  702. package/pipeline/skills/shared/external/photos-camera-media/SKILL.md +13 -15
  703. package/pipeline/skills/shared/external/photos-camera-media/references/camera-capture.md +4 -4
  704. package/pipeline/skills/shared/external/photos-camera-media/references/image-loading-caching.md +2 -2
  705. package/pipeline/skills/shared/external/photos-camera-media/references/{photospicker-patterns.md → photokit-patterns.md} +3 -3
  706. package/pipeline/skills/shared/external/push-notifications/SKILL.md +45 -48
  707. package/pipeline/skills/shared/external/push-notifications/evals/evals.json +46 -0
  708. package/pipeline/skills/shared/external/push-notifications/references/notification-patterns.md +22 -33
  709. package/pipeline/skills/shared/external/push-notifications/references/rich-notifications.md +56 -37
  710. package/pipeline/skills/shared/external/python-patterns/SKILL.md +4 -3
  711. package/pipeline/skills/shared/external/react-best-practices/SKILL.md +1 -0
  712. package/pipeline/skills/shared/external/realitykit-ar/SKILL.md +74 -53
  713. package/pipeline/skills/shared/external/realitykit-ar/evals/evals.json +47 -0
  714. package/pipeline/skills/shared/external/realitykit-ar/references/realitykit-patterns.md +10 -10
  715. package/pipeline/skills/shared/external/rest-api-design/SKILL.md +21 -20
  716. package/pipeline/skills/shared/external/shareplay-activities/SKILL.md +81 -64
  717. package/pipeline/skills/shared/external/shareplay-activities/evals/evals.json +47 -0
  718. package/pipeline/skills/shared/external/shareplay-activities/references/shareplay-patterns.md +48 -9
  719. package/pipeline/skills/shared/external/speech-recognition/SKILL.md +118 -104
  720. package/pipeline/skills/shared/external/speech-recognition/evals/evals.json +49 -0
  721. package/pipeline/skills/shared/external/speech-recognition/references/speechanalyzer-patterns.md +171 -0
  722. package/pipeline/skills/shared/external/spm-build-analysis/SKILL.md +93 -0
  723. package/pipeline/skills/shared/external/spm-build-analysis/references/build-optimization-sources.md +155 -0
  724. package/pipeline/skills/shared/external/spm-build-analysis/references/recommendation-format.md +85 -0
  725. package/pipeline/skills/shared/external/spm-build-analysis/references/spm-analysis-checks.md +105 -0
  726. package/pipeline/skills/shared/external/spm-build-analysis/scripts/check_spm_pins.py +118 -0
  727. package/pipeline/skills/shared/external/storekit/SKILL.md +110 -44
  728. package/pipeline/skills/shared/external/storekit/evals/evals.json +44 -0
  729. package/pipeline/skills/shared/external/storekit/references/app-review-guidelines.md +94 -43
  730. package/pipeline/skills/shared/external/storekit/references/storekit-advanced.md +82 -33
  731. package/pipeline/skills/shared/external/swift-api-design-guidelines/SKILL.md +449 -0
  732. package/pipeline/skills/shared/external/swift-api-design-guidelines/evals/evals.json +50 -0
  733. package/pipeline/skills/shared/external/swift-api-design-guidelines/references/argument-labels-and-parameters.md +164 -0
  734. package/pipeline/skills/shared/external/swift-api-design-guidelines/references/conventions-and-special-rules.md +219 -0
  735. package/pipeline/skills/shared/external/swift-api-design-guidelines/references/naming-and-clarity.md +184 -0
  736. package/pipeline/skills/shared/external/swift-api-design-guidelines/references/side-effects-and-mutating-pairs.md +158 -0
  737. package/pipeline/skills/shared/external/swift-architecture/SKILL.md +499 -0
  738. package/pipeline/skills/shared/external/swift-architecture/evals/evals.json +45 -0
  739. package/pipeline/skills/shared/external/swift-charts/SKILL.md +52 -40
  740. package/pipeline/skills/shared/external/swift-charts/evals/evals.json +47 -0
  741. package/pipeline/skills/shared/external/swift-charts/references/charts-patterns.md +92 -11
  742. package/pipeline/skills/shared/external/swift-codable/SKILL.md +43 -16
  743. package/pipeline/skills/shared/external/swift-codable/evals/evals.json +43 -0
  744. package/pipeline/skills/shared/external/swift-concurrency/SKILL.md +50 -30
  745. package/pipeline/skills/shared/external/swift-concurrency/evals/evals.json +44 -0
  746. package/pipeline/skills/shared/external/swift-concurrency/references/approachable-concurrency.md +11 -4
  747. package/pipeline/skills/shared/external/swift-concurrency/references/async-algorithms.md +113 -0
  748. package/pipeline/skills/shared/external/swift-concurrency/references/bridging-interop.md +150 -0
  749. package/pipeline/skills/shared/external/swift-concurrency/references/{swift-6-2-concurrency.md → concurrency-patterns.md} +22 -11
  750. package/pipeline/skills/shared/external/swift-concurrency/references/diagnostics.md +52 -0
  751. package/pipeline/skills/shared/external/swift-concurrency/references/swiftui-concurrency.md +2 -2
  752. package/pipeline/skills/shared/external/swift-concurrency/references/synchronization-primitives.md +21 -15
  753. package/pipeline/skills/shared/external/swift-concurrency-expert/SKILL.md +3 -3
  754. package/pipeline/skills/shared/external/swift-concurrency-pro/SKILL.md +2 -2
  755. package/pipeline/skills/shared/external/swift-concurrency-pro/references/actors.md +3 -3
  756. package/pipeline/skills/shared/external/swift-concurrency-pro/references/async-streams.md +1 -1
  757. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bridging.md +3 -3
  758. package/pipeline/skills/shared/external/swift-concurrency-pro/references/bug-patterns.md +3 -3
  759. package/pipeline/skills/shared/external/swift-concurrency-pro/references/cancellation.md +8 -8
  760. package/pipeline/skills/shared/external/swift-concurrency-pro/references/diagnostics.md +1 -1
  761. package/pipeline/skills/shared/external/swift-concurrency-pro/references/hotspots.md +2 -2
  762. package/pipeline/skills/shared/external/swift-concurrency-pro/references/interop.md +4 -4
  763. package/pipeline/skills/shared/external/swift-concurrency-pro/references/new-features.md +1 -1
  764. package/pipeline/skills/shared/external/swift-concurrency-pro/references/structured.md +2 -2
  765. package/pipeline/skills/shared/external/swift-concurrency-pro/references/testing.md +2 -2
  766. package/pipeline/skills/shared/external/swift-concurrency-pro/references/unstructured.md +3 -3
  767. package/pipeline/skills/shared/external/swift-formatstyle/SKILL.md +339 -0
  768. package/pipeline/skills/shared/external/swift-language/SKILL.md +33 -34
  769. package/pipeline/skills/shared/external/swift-language/evals/evals.json +47 -0
  770. package/pipeline/skills/shared/external/swift-language/references/swift-attributes-interop.md +97 -0
  771. package/pipeline/skills/shared/external/swift-language/references/swift-patterns-extended.md +19 -6
  772. package/pipeline/skills/shared/external/swift-security/SKILL.md +195 -0
  773. package/pipeline/skills/shared/external/swift-security/evals/evals.json +48 -0
  774. package/pipeline/skills/shared/external/swift-security/references/biometric-authentication.md +595 -0
  775. package/pipeline/skills/shared/external/swift-security/references/certificate-trust.md +611 -0
  776. package/pipeline/skills/shared/external/swift-security/references/common-anti-patterns.md +708 -0
  777. package/pipeline/skills/shared/external/swift-security/references/compliance-owasp-mapping.md +573 -0
  778. package/pipeline/skills/shared/external/swift-security/references/credential-storage-patterns.md +752 -0
  779. package/pipeline/skills/shared/external/swift-security/references/cryptokit-public-key.md +538 -0
  780. package/pipeline/skills/shared/external/swift-security/references/cryptokit-symmetric.md +530 -0
  781. package/pipeline/skills/shared/external/swift-security/references/keychain-access-control.md +543 -0
  782. package/pipeline/skills/shared/external/swift-security/references/keychain-fundamentals.md +620 -0
  783. package/pipeline/skills/shared/external/swift-security/references/keychain-item-classes.md +515 -0
  784. package/pipeline/skills/shared/external/swift-security/references/keychain-sharing.md +496 -0
  785. package/pipeline/skills/shared/external/swift-security/references/migration-legacy-stores.md +747 -0
  786. package/pipeline/skills/shared/external/swift-security/references/secure-enclave.md +566 -0
  787. package/pipeline/skills/shared/external/swift-security/references/testing-security-code.md +813 -0
  788. package/pipeline/skills/shared/external/swift-testing/SKILL.md +97 -297
  789. package/pipeline/skills/shared/external/swift-testing/evals/evals.json +44 -0
  790. package/pipeline/skills/shared/external/swift-testing/references/testing-advanced.md +123 -0
  791. package/pipeline/skills/shared/external/swift-testing/references/testing-patterns.md +162 -34
  792. package/pipeline/skills/shared/external/swift-testing-pro/SKILL.md +2 -2
  793. package/pipeline/skills/shared/external/swift-testing-pro/references/async-tests.md +3 -3
  794. package/pipeline/skills/shared/external/swift-testing-pro/references/core-rules.md +2 -2
  795. package/pipeline/skills/shared/external/swift-testing-pro/references/migrating-from-xctest.md +5 -5
  796. package/pipeline/skills/shared/external/swift-testing-pro/references/new-features.md +3 -3
  797. package/pipeline/skills/shared/external/swift-testing-pro/references/writing-better-tests.md +5 -5
  798. package/pipeline/skills/shared/external/swiftdata/SKILL.md +44 -23
  799. package/pipeline/skills/shared/external/swiftdata/evals/evals.json +47 -0
  800. package/pipeline/skills/shared/external/swiftdata/references/core-data-coexistence.md +3 -3
  801. package/pipeline/skills/shared/external/swiftdata/references/indexing.md +75 -0
  802. package/pipeline/skills/shared/external/swiftdata/references/predicate-pitfalls.md +54 -0
  803. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-advanced.md +14 -10
  804. package/pipeline/skills/shared/external/swiftdata/references/swiftdata-queries.md +5 -5
  805. package/pipeline/skills/shared/external/swiftdata-pro/SKILL.md +2 -2
  806. package/pipeline/skills/shared/external/swiftdata-pro/references/class-inheritance.md +2 -2
  807. package/pipeline/skills/shared/external/swiftdata-pro/references/cloudkit.md +1 -1
  808. package/pipeline/skills/shared/external/swiftdata-pro/references/core-rules.md +6 -6
  809. package/pipeline/skills/shared/external/swiftlint/SKILL.md +337 -0
  810. package/pipeline/skills/shared/external/swiftlint/references/adoption-and-configuration.md +297 -0
  811. package/pipeline/skills/shared/external/swiftlint/references/custom-rules-and-analyze.md +170 -0
  812. package/pipeline/skills/shared/external/swiftlint/references/plugins-run-scripts-and-integrations.md +307 -0
  813. package/pipeline/skills/shared/external/swiftlint/references/rule-reference.md +35 -0
  814. package/pipeline/skills/shared/external/swiftlint/references/rules-suppressions-and-baselines.md +306 -0
  815. package/pipeline/skills/shared/external/swiftui-animation/SKILL.md +56 -65
  816. package/pipeline/skills/shared/external/swiftui-animation/references/animation-advanced.md +48 -44
  817. package/pipeline/skills/shared/external/swiftui-animation/references/core-animation-bridge.md +6 -6
  818. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts-accessibility.md +13 -13
  819. package/pipeline/skills/shared/external/swiftui-expert-skill/references/charts.md +3 -3
  820. package/pipeline/skills/shared/external/swiftui-expert-skill/references/image-optimization.md +1 -1
  821. package/pipeline/skills/shared/external/swiftui-expert-skill/references/latest-apis.md +4 -4
  822. package/pipeline/skills/shared/external/swiftui-expert-skill/references/layout-best-practices.md +2 -2
  823. package/pipeline/skills/shared/external/swiftui-expert-skill/references/list-patterns.md +1 -1
  824. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-scenes.md +16 -16
  825. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-views.md +11 -11
  826. package/pipeline/skills/shared/external/swiftui-expert-skill/references/macos-window-styling.md +7 -7
  827. package/pipeline/skills/shared/external/swiftui-expert-skill/references/state-management.md +5 -5
  828. package/pipeline/skills/shared/external/swiftui-expert-skill/references/view-structure.md +6 -6
  829. package/pipeline/skills/shared/external/swiftui-gestures/SKILL.md +38 -16
  830. package/pipeline/skills/shared/external/swiftui-gestures/references/gesture-patterns.md +13 -3
  831. package/pipeline/skills/shared/external/swiftui-layout-components/SKILL.md +32 -28
  832. package/pipeline/skills/shared/external/swiftui-layout-components/references/form.md +1 -1
  833. package/pipeline/skills/shared/external/swiftui-layout-components/references/grids.md +202 -41
  834. package/pipeline/skills/shared/external/swiftui-layout-components/references/list.md +16 -25
  835. package/pipeline/skills/shared/external/swiftui-layout-components/references/scrollview.md +71 -26
  836. package/pipeline/skills/shared/external/swiftui-liquid-glass/SKILL.md +284 -65
  837. package/pipeline/skills/shared/external/swiftui-liquid-glass/references/liquid-glass.md +387 -0
  838. package/pipeline/skills/shared/external/swiftui-navigation/SKILL.md +10 -10
  839. package/pipeline/skills/shared/external/swiftui-navigation/references/deeplinks.md +15 -3
  840. package/pipeline/skills/shared/external/swiftui-navigation/references/navigationstack.md +2 -2
  841. package/pipeline/skills/shared/external/swiftui-navigation/references/tabview.md +1 -1
  842. package/pipeline/skills/shared/external/swiftui-patterns/SKILL.md +51 -25
  843. package/pipeline/skills/shared/external/swiftui-patterns/references/architecture-patterns.md +78 -6
  844. package/pipeline/skills/shared/external/swiftui-patterns/references/deprecated-migration.md +161 -16
  845. package/pipeline/skills/shared/external/swiftui-patterns/references/design-polish.md +85 -27
  846. package/pipeline/skills/shared/external/swiftui-patterns/references/platform-and-sharing.md +37 -33
  847. package/pipeline/skills/shared/external/swiftui-performance/SKILL.md +39 -51
  848. package/pipeline/skills/shared/external/swiftui-performance/references/demystify-swiftui-performance-wwdc23.md +204 -30
  849. package/pipeline/skills/shared/external/swiftui-performance/references/optimizing-swiftui-performance-instruments.md +226 -21
  850. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-hangs-in-your-app.md +220 -20
  851. package/pipeline/skills/shared/external/swiftui-performance/references/understanding-improving-swiftui-performance.md +159 -34
  852. package/pipeline/skills/shared/external/swiftui-performance/references/wwdc-session-sources.md +27 -0
  853. package/pipeline/skills/shared/external/swiftui-pro/SKILL.md +2 -2
  854. package/pipeline/skills/shared/external/swiftui-pro/references/accessibility.md +4 -4
  855. package/pipeline/skills/shared/external/swiftui-pro/references/api.md +1 -1
  856. package/pipeline/skills/shared/external/swiftui-pro/references/data.md +2 -2
  857. package/pipeline/skills/shared/external/swiftui-pro/references/design.md +4 -4
  858. package/pipeline/skills/shared/external/swiftui-pro/references/hygiene.md +2 -2
  859. package/pipeline/skills/shared/external/swiftui-pro/references/navigation.md +1 -1
  860. package/pipeline/skills/shared/external/swiftui-pro/references/performance.md +1 -1
  861. package/pipeline/skills/shared/external/swiftui-pro/references/swift.md +2 -2
  862. package/pipeline/skills/shared/external/swiftui-pro/references/views.md +2 -2
  863. package/pipeline/skills/shared/external/swiftui-ui-patterns/SKILL.md +1 -1
  864. package/pipeline/skills/shared/external/swiftui-uikit-interop/SKILL.md +12 -12
  865. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/hosting-migration.md +3 -3
  866. package/pipeline/skills/shared/external/swiftui-uikit-interop/references/representable-recipes.md +1 -1
  867. package/pipeline/skills/shared/external/swiftui-webkit/SKILL.md +11 -11
  868. package/pipeline/skills/shared/external/swiftui-webkit/references/migration-and-fallbacks.md +124 -10
  869. package/pipeline/skills/shared/external/tailwind-css/SKILL.md +3 -2
  870. package/pipeline/skills/shared/external/testing-backend/SKILL.md +2 -1
  871. package/pipeline/skills/shared/external/tipkit/SKILL.md +3 -3
  872. package/pipeline/skills/shared/external/tipkit/references/tipkit-patterns.md +9 -9
  873. package/pipeline/skills/shared/external/typescript-patterns/SKILL.md +17 -16
  874. package/pipeline/skills/shared/external/vision-framework/SKILL.md +11 -11
  875. package/pipeline/skills/shared/external/vision-framework/references/vision-requests.md +1 -1
  876. package/pipeline/skills/shared/external/vision-framework/references/visionkit-scanner.md +5 -5
  877. package/pipeline/skills/shared/external/vue-composition/SKILL.md +7 -6
  878. package/pipeline/skills/shared/external/weatherkit/SKILL.md +3 -3
  879. package/pipeline/skills/shared/external/weatherkit/references/weatherkit-patterns.md +9 -9
  880. package/pipeline/skills/shared/external/web-accessibility/SKILL.md +1 -0
  881. package/pipeline/skills/shared/external/web-performance/SKILL.md +8 -7
  882. package/pipeline/skills/shared/external/web-testing/SKILL.md +7 -6
  883. package/pipeline/skills/shared/external/widgetkit/SKILL.md +23 -17
  884. package/pipeline/skills/shared/external/widgetkit/references/widgetkit-advanced.md +99 -0
  885. package/pipeline/skills/shared/external/xcode-build-benchmark/SKILL.md +89 -0
  886. package/pipeline/skills/shared/external/xcode-build-benchmark/references/benchmark-artifacts.md +94 -0
  887. package/pipeline/skills/shared/external/xcode-build-benchmark/references/benchmarking-workflow.md +67 -0
  888. package/pipeline/skills/shared/external/xcode-build-benchmark/schemas/build-benchmark.schema.json +230 -0
  889. package/pipeline/skills/shared/external/xcode-build-benchmark/scripts/benchmark_builds.py +308 -0
  890. package/pipeline/skills/shared/external/xcode-build-fixer/SKILL.md +219 -0
  891. package/pipeline/skills/shared/external/xcode-build-fixer/references/build-settings-best-practices.md +216 -0
  892. package/pipeline/skills/shared/external/xcode-build-fixer/references/fix-patterns.md +290 -0
  893. package/pipeline/skills/shared/external/xcode-build-fixer/references/recommendation-format.md +85 -0
  894. package/pipeline/skills/shared/external/xcode-build-fixer/scripts/benchmark_builds.py +308 -0
  895. package/pipeline/skills/shared/external/xcode-build-orchestrator/SKILL.md +157 -0
  896. package/pipeline/skills/shared/external/xcode-build-orchestrator/references/benchmark-artifacts.md +94 -0
  897. package/pipeline/skills/shared/external/xcode-build-orchestrator/references/build-settings-best-practices.md +216 -0
  898. package/pipeline/skills/shared/external/xcode-build-orchestrator/references/orchestration-report-template.md +143 -0
  899. package/pipeline/skills/shared/external/xcode-build-orchestrator/references/recommendation-format.md +85 -0
  900. package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/benchmark_builds.py +308 -0
  901. package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/diagnose_compilation.py +273 -0
  902. package/pipeline/skills/shared/external/xcode-build-orchestrator/scripts/generate_optimization_report.py +533 -0
  903. package/pipeline/skills/shared/external/xcode-compilation-analyzer/SKILL.md +90 -0
  904. package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/build-optimization-sources.md +155 -0
  905. package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/code-compilation-checks.md +106 -0
  906. package/pipeline/skills/shared/external/xcode-compilation-analyzer/references/recommendation-format.md +85 -0
  907. package/pipeline/skills/shared/external/xcode-compilation-analyzer/scripts/diagnose_compilation.py +273 -0
  908. package/pipeline/skills/shared/external/xcode-project-analyzer/SKILL.md +77 -0
  909. package/pipeline/skills/shared/external/xcode-project-analyzer/references/build-optimization-sources.md +155 -0
  910. package/pipeline/skills/shared/external/xcode-project-analyzer/references/build-settings-best-practices.md +216 -0
  911. package/pipeline/skills/shared/external/xcode-project-analyzer/references/project-audit-checks.md +101 -0
  912. package/pipeline/skills/shared/external/xcode-project-analyzer/references/recommendation-format.md +85 -0
  913. package/pipeline/skills/skills-index.md +213 -192
  914. package/docs/GENERICITY-REVIEW.md +0 -277
  915. package/docs/STABILITY-FIX-PLAN.md +0 -168
  916. package/pipeline/scripts/.last-figma-sync-plan.json +0 -23
  917. package/pipeline/scripts/README-figma-smokes.md +0 -34
  918. package/pipeline/scripts/figma-placeholder-map.json +0 -191
  919. package/pipeline/scripts/import-figma-skills.sh +0 -253
  920. package/pipeline/scripts/smoke-figma-config-schema.sh +0 -144
  921. package/pipeline/scripts/smoke-figma-skill-import.sh +0 -174
  922. package/pipeline/scripts/smoke-install-leak-gate.sh +0 -125
  923. package/pipeline/scripts/smoke-personal-data.sh +0 -82
  924. package/pipeline/scripts/sync-figma-source.sh +0 -228
  925. package/pipeline/skills/figma-ios/figma-to-component/scripts/confluence-page-ids.json +0 -94
  926. package/pipeline/skills/shared/external/app-store-review/references/code-signing.md +0 -259
  927. package/pipeline/skills/shared/external/app-store-review/references/rejection-patterns.md +0 -152
  928. package/pipeline/skills/shared/external/pencilkit-drawing/references/paperkit-integration.md +0 -376
@@ -1,13 +1,13 @@
1
1
  ---
2
2
  name: authentication
3
- description: "Implement iOS authentication patterns including Sign in with Apple (ASAuthorizationAppleIDProvider, ASAuthorizationController, ASAuthorizationAppleIDCredential), credential state checking, identity token validation, ASWebAuthenticationSession for OAuth and third-party auth flows, ASAuthorizationPasswordProvider for AutoFill credential suggestions, and biometric authentication with LAContext. Use when implementing Sign in with Apple, handling Apple ID credentials, building OAuth login flows, integrating Password AutoFill, checking credential revocation state, or validating identity tokens server-side."
3
+ description: "Implement iOS authentication flows with AuthenticationServices and LocalAuthentication. Use when building Sign in with Apple, passkey/WebAuthn registration or sign-in with ASAuthorizationPlatformPublicKeyCredentialProvider, ASAuthorizationController credential state and revocation handling, ASWebAuthenticationSession OAuth or third-party login, Password AutoFill, identity-token server validation, or local biometric re-authentication with LAContext."
4
4
  ---
5
5
 
6
6
  # Authentication
7
7
 
8
8
  Implement authentication flows on iOS using the AuthenticationServices
9
- framework, including Sign in with Apple, OAuth/third-party web auth,
10
- Password AutoFill, and biometric authentication.
9
+ framework, including Sign in with Apple, passkeys, OAuth/third-party web
10
+ auth, Password AutoFill, and biometric re-authentication.
11
11
 
12
12
  ## Contents
13
13
 
@@ -16,9 +16,11 @@ Password AutoFill, and biometric authentication.
16
16
  - [Credential State Checking](#credential-state-checking)
17
17
  - [Token Validation](#token-validation)
18
18
  - [Existing Account Setup Flows](#existing-account-setup-flows)
19
+ - [Passkeys](#passkeys)
19
20
  - [ASWebAuthenticationSession (OAuth)](#aswebauthenticationsession-oauth)
20
21
  - [Password AutoFill Credentials](#password-autofill-credentials)
21
22
  - [Biometric Authentication](#biometric-authentication)
23
+ - [Security Boundaries](#security-boundaries)
22
24
  - [SwiftUI SignInWithAppleButton](#swiftui-signinwithapplebutton)
23
25
  - [Common Mistakes](#common-mistakes)
24
26
  - [Review Checklist](#review-checklist)
@@ -110,9 +112,9 @@ extension LoginViewController: ASAuthorizationControllerDelegate {
110
112
  | `user` | `String` | Always | Always |
111
113
  | `email` | `String?` | Provided if requested | `nil` |
112
114
  | `fullName` | `PersonNameComponents?` | Provided if requested | `nil` |
113
- | `identityToken` | `Data?` | JWT (Base64) | JWT (Base64) |
115
+ | `identityToken` | `Data?` | JWT encoded as UTF-8 data | JWT encoded as UTF-8 data |
114
116
  | `authorizationCode` | `Data?` | Short-lived code | Short-lived code |
115
- | `realUserStatus` | `ASUserDetectionStatus` | `.likelyReal` / `.unknown` | `.unknown` |
117
+ | `realUserStatus` | `ASUserDetectionStatus` | Fraud-prevention signal | Do not rely on later attempts |
116
118
 
117
119
  **Critical:** `email` and `fullName` are provided ONLY on the first
118
120
  authorization. Cache them immediately during the initial sign-up flow. If the
@@ -140,33 +142,31 @@ Check credential state on every app launch. The user may revoke access at
140
142
  any time via Settings > Apple Account > Sign-In & Security.
141
143
 
142
144
  ```swift
143
- func checkCredentialState() async {
145
+ func checkCredentialState() {
144
146
  let provider = ASAuthorizationAppleIDProvider()
145
147
  guard let userID = loadSavedUserID() else {
146
148
  showLoginScreen()
147
149
  return
148
150
  }
149
151
 
150
- do {
151
- let state = try await provider.credentialState(forUserID: userID)
152
- switch state {
153
- case .authorized:
154
- proceedToMainApp()
155
- case .revoked:
156
- // User revoked -- sign out and clear local data
157
- signOut()
158
- showLoginScreen()
159
- case .notFound:
160
- showLoginScreen()
161
- case .transferred:
162
- // App transferred to new team -- migrate user identifier
163
- migrateUser()
164
- @unknown default:
165
- showLoginScreen()
152
+ provider.getCredentialState(forUserID: userID) { state, _ in
153
+ DispatchQueue.main.async {
154
+ switch state {
155
+ case .authorized:
156
+ proceedToMainApp()
157
+ case .revoked:
158
+ // User revoked -- sign out and clear local data
159
+ signOut()
160
+ showLoginScreen()
161
+ case .notFound:
162
+ showLoginScreen()
163
+ case .transferred:
164
+ // App transferred to new team -- migrate user identifier
165
+ migrateUser()
166
+ @unknown default:
167
+ showLoginScreen()
168
+ }
166
169
  }
167
- } catch {
168
- // Network error -- allow offline access or retry
169
- proceedToMainApp()
170
170
  }
171
171
  }
172
172
  ```
@@ -244,6 +244,58 @@ Call this in `viewDidAppear` or on app launch. If no existing credentials
244
244
  are found, the delegate receives a `.notInteractive` error -- handle it
245
245
  silently and show your normal login UI.
246
246
 
247
+ ## Passkeys
248
+
249
+ Use passkeys for passwordless WebAuthn-style registration and sign-in. The
250
+ app must have an Associated Domains entitlement for the relying party domain
251
+ using the `webcredentials:` service; passkey requests fail for services the app
252
+ has not configured as associated domains.
253
+
254
+ For platform passkeys synced through iCloud Keychain, request a server-provided
255
+ challenge and create requests with `ASAuthorizationPlatformPublicKeyCredentialProvider`:
256
+
257
+ ```swift
258
+ let challenge: Data = try await server.registrationChallenge()
259
+ let userID: Data = try await server.passkeyUserID()
260
+ let provider = ASAuthorizationPlatformPublicKeyCredentialProvider(
261
+ relyingPartyIdentifier: "example.com"
262
+ )
263
+ let request = provider.createCredentialRegistrationRequest(
264
+ challenge: challenge,
265
+ name: username,
266
+ userID: userID
267
+ )
268
+
269
+ let controller = ASAuthorizationController(authorizationRequests: [request])
270
+ controller.delegate = self
271
+ controller.presentationContextProvider = self
272
+ controller.performRequests()
273
+ ```
274
+
275
+ For sign-in, use `createCredentialAssertionRequest(challenge:)` with a fresh
276
+ server challenge, then send the resulting registration or assertion object to
277
+ the relying-party server for verification:
278
+
279
+ ```swift
280
+ let request = provider.createCredentialAssertionRequest(challenge: challenge)
281
+
282
+ switch authorization.credential {
283
+ case let registration as ASAuthorizationPlatformPublicKeyCredentialRegistration:
284
+ try await server.finishPasskeyRegistration(registration)
285
+ case let assertion as ASAuthorizationPlatformPublicKeyCredentialAssertion:
286
+ try await server.finishPasskeySignIn(assertion)
287
+ default:
288
+ break
289
+ }
290
+ ```
291
+
292
+ For inline passkey suggestions, set the username field's `textContentType` to
293
+ `.username`, include the passkey assertion request in the controller, and call
294
+ `performAutoFillAssistedRequests()`. Use `ASAuthorizationSecurityKeyPublicKeyCredentialProvider`
295
+ only when the user must authenticate with a physical security key. See
296
+ [references/passkeys.md](references/passkeys.md) for complete registration,
297
+ assertion, AutoFill, and security-key patterns.
298
+
247
299
  ## ASWebAuthenticationSession (OAuth)
248
300
 
249
301
  Use `ASWebAuthenticationSession` for OAuth and third-party authentication
@@ -253,6 +305,12 @@ Use `ASWebAuthenticationSession` for OAuth and third-party authentication
253
305
  import AuthenticationServices
254
306
 
255
307
  final class OAuthController: NSObject, ASWebAuthenticationPresentationContextProviding {
308
+ private weak var presentationAnchor: ASPresentationAnchor?
309
+
310
+ init(presentationAnchor: ASPresentationAnchor) {
311
+ self.presentationAnchor = presentationAnchor
312
+ }
313
+
256
314
  func startOAuthFlow() {
257
315
  let authURL = URL(string:
258
316
  "https://provider.com/oauth/authorize?client_id=YOUR_ID&redirect_uri=myapp://callback&response_type=code"
@@ -271,33 +329,18 @@ final class OAuthController: NSObject, ASWebAuthenticationPresentationContextPro
271
329
  }
272
330
 
273
331
  func presentationAnchor(for session: ASWebAuthenticationSession) -> ASPresentationAnchor {
274
- ASPresentationAnchor()
275
- }
276
- }
277
- ```
278
-
279
- ### SwiftUI WebAuthenticationSession
280
-
281
- ```swift
282
- struct OAuthLoginView: View {
283
- @Environment(\.webAuthenticationSession) private var webAuthSession
284
-
285
- var body: some View {
286
- Button("Sign in with Provider") {
287
- Task {
288
- let url = URL(string: "https://provider.com/oauth/authorize?client_id=YOUR_ID")!
289
- let callbackURL = try await webAuthSession.authenticate(
290
- using: url, callback: .customScheme("myapp")
291
- )
292
- // Extract authorization code from callbackURL
293
- }
332
+ guard let presentationAnchor else {
333
+ fatalError("ASWebAuthenticationSession needs the active window")
294
334
  }
335
+ return presentationAnchor
295
336
  }
296
337
  }
297
338
  ```
298
339
 
299
- Callback types: `.customScheme("myapp")` for URL scheme redirects;
300
- `.https(host:path:)` for universal link redirects (preferred).
340
+ In SwiftUI, use `@Environment(\.webAuthenticationSession)` and call
341
+ `authenticate(using:callback:preferredBrowserSession:additionalHeaderFields:)`
342
+ with `.customScheme("myapp")` or `.https(host:path:)`; prefer `.ephemeral`
343
+ only when the provider flow should avoid shared browser cookies.
301
344
 
302
345
  ## Password AutoFill Credentials
303
346
 
@@ -348,10 +391,11 @@ passwordField.textContentType = .password
348
391
 
349
392
  ## Biometric Authentication
350
393
 
351
- Use `LAContext` from LocalAuthentication for Face ID / Touch ID as a
352
- sign-in or re-authentication mechanism. For protecting Keychain items
353
- with biometric access control (`SecAccessControl`, `.biometryCurrentSet`),
354
- see the `ios-security` skill.
394
+ Use `LAContext` from LocalAuthentication for local re-authentication before
395
+ showing account settings or starting sensitive actions. Do not treat a returned
396
+ `Bool` as proof to unlock a stored secret; protect secrets with Keychain access
397
+ control instead. See [references/keychain-biometric.md](references/keychain-biometric.md)
398
+ for `SecAccessControl` and `.biometryCurrentSet` patterns.
355
399
 
356
400
  ```swift
357
401
  import LocalAuthentication
@@ -376,102 +420,48 @@ func authenticateWithBiometrics() async throws -> Bool {
376
420
  **Required:** Add `NSFaceIDUsageDescription` to Info.plist. Missing this
377
421
  key crashes on Face ID devices.
378
422
 
379
- ## SwiftUI SignInWithAppleButton
380
-
381
- ```swift
382
- import AuthenticationServices
383
-
384
- struct AppleSignInView: View {
385
- @Environment(\.colorScheme) var colorScheme
386
-
387
- var body: some View {
388
- SignInWithAppleButton(.signIn) { request in
389
- request.requestedScopes = [.fullName, .email]
390
- } onCompletion: { result in
391
- switch result {
392
- case .success(let authorization):
393
- guard let credential = authorization.credential
394
- as? ASAuthorizationAppleIDCredential else { return }
395
- handleCredential(credential)
396
- case .failure(let error):
397
- handleError(error)
398
- }
399
- }
400
- .signInWithAppleButtonStyle(
401
- colorScheme == .dark ? .white : .black
402
- )
403
- .frame(height: 50)
404
- }
405
- }
406
- ```
407
-
408
- ## Common Mistakes
409
-
410
- ### 1. Not checking credential state on app launch
411
-
412
- ```swift
413
- // DON'T: Assume the user is still authorized
414
- func appDidLaunch() {
415
- if UserDefaults.standard.bool(forKey: "isLoggedIn") {
416
- showMainApp() // User may have revoked access!
417
- }
418
- }
419
-
420
- // DO: Check credential state every launch
421
- func appDidLaunch() async {
422
- await checkCredentialState() // See "Credential State Checking" above
423
- }
424
- ```
425
-
426
- ### 2. Not performing existing account setup flows
427
-
428
- ```swift
429
- // DON'T: Always show a full login screen on launch
430
- // DO: Call performExistingAccountSetupFlows() first;
431
- // show login UI only if .notInteractive error received
432
- ```
423
+ ## Security Boundaries
433
424
 
434
- ### 3. Assuming email/name are always provided
425
+ This skill owns user-facing account authentication: Sign in with Apple,
426
+ passkeys, Password AutoFill, ASAuthorizationController, OAuth session
427
+ presentation, credential state, and local biometric re-authentication. Route
428
+ deep security work to `swift-security`: Keychain architecture/migration,
429
+ CryptoKit, Secure Enclave, certificate pinning/trust, keychain sharing, storage
430
+ hardening, and OWASP MASVS/MASTG. Keep only the storage minimum here: tokens and
431
+ secrets belong in Keychain; `LAContext.evaluatePolicy` alone must not release
432
+ protected secrets.
435
433
 
436
- ```swift
437
- // DON'T: Force-unwrap email or fullName
438
- let email = credential.email! // Crashes on subsequent logins
439
-
440
- // DO: Handle nil gracefully -- only available on first authorization
441
- if let email = credential.email {
442
- saveEmail(email) // Persist immediately
443
- }
444
- ```
445
-
446
- ### 4. Not implementing ASAuthorizationControllerPresentationContextProviding
447
-
448
- ```swift
449
- // DON'T: Skip the presentation context provider
450
- controller.delegate = self
451
- controller.performRequests() // May not display UI correctly
452
-
453
- // DO: Always set the presentation context provider
454
- controller.delegate = self
455
- controller.presentationContextProvider = self // Required for proper UI
456
- controller.performRequests()
457
- ```
434
+ ## SwiftUI SignInWithAppleButton
458
435
 
459
- ### 5. Storing identityToken in UserDefaults
436
+ Use `SignInWithAppleButton` in SwiftUI views when the login surface is SwiftUI.
437
+ Request `.fullName` and `.email`, handle `.success` and `.failure`, downcast to
438
+ `ASAuthorizationAppleIDCredential`, and send the credential through the same
439
+ server-validation flow as UIKit. Style with `.signInWithAppleButtonStyle(...)`.
460
440
 
461
- ```swift
462
- // DON'T: Store tokens in UserDefaults
463
- UserDefaults.standard.set(tokenString, forKey: "identityToken")
441
+ ## Common Mistakes
464
442
 
465
- // DO: Store in Keychain
466
- // See references/keychain-biometric.md for Keychain patterns
467
- try KeychainHelper.save(tokenData, forKey: "identityToken")
468
- ```
443
+ - Assuming a saved local session means the Apple ID credential is still valid.
444
+ Check credential state at launch and handle revocation notifications.
445
+ - Showing a full login screen before trying existing account setup flows.
446
+ Treat `.notInteractive` as the normal "no local credential" path.
447
+ - Force-unwrapping `email` or `fullName`. Cache them on first authorization and
448
+ handle `nil` later.
449
+ - Creating an `ASAuthorizationController` without a presentation context
450
+ provider. Authorization UI needs the active presentation anchor.
451
+ - Storing identity tokens, authorization codes, access tokens, passwords, or
452
+ passkey server state in `UserDefaults`, files, or Core Data. Store secrets in
453
+ Keychain and keep relying-party passkey verification server-side.
454
+ - Adding passkey requests without `webcredentials:` Associated Domains for the
455
+ relying-party domain, or trying to use app-native passkeys for unrelated
456
+ websites.
457
+ - Expanding authentication work into CryptoKit, Secure Enclave, certificate
458
+ pinning, or OWASP MASVS. Route those to `swift-security`.
469
459
 
470
460
  ## Review Checklist
471
461
 
472
462
  - [ ] "Sign in with Apple" capability added in Xcode project
473
463
  - [ ] `ASAuthorizationControllerPresentationContextProviding` implemented
474
- - [ ] Credential state checked on every app launch (`credentialState(forUserID:)`)
464
+ - [ ] Credential state checked on every app launch (`getCredentialState(forUserID:completion:)`)
475
465
  - [ ] `credentialRevokedNotification` observer registered; sign-out handled
476
466
  - [ ] `email` and `fullName` cached on first authorization (not assumed available later)
477
467
  - [ ] `identityToken` sent to server for validation, not trusted client-side only
@@ -482,15 +472,21 @@ try KeychainHelper.save(tokenData, forKey: "identityToken")
482
472
  - [ ] `ASWebAuthenticationSession` used for OAuth (not `WKWebView`)
483
473
  - [ ] `prefersEphemeralWebBrowserSession` set for OAuth when appropriate
484
474
  - [ ] `textContentType` set on username/password fields for AutoFill
475
+ - [ ] Passkey relying party has `webcredentials:` Associated Domains configured
476
+ - [ ] Passkey registration/assertion challenges come from the server and are verified server-side
477
+ - [ ] Deep Keychain, CryptoKit, Secure Enclave, certificate pinning, and MASVS work routed to `swift-security`
485
478
 
486
479
  ## References
487
480
 
488
- - Keychain & biometric patterns: `references/keychain-biometric.md`
481
+ - Keychain & biometric patterns: [references/keychain-biometric.md](references/keychain-biometric.md)
482
+ - Passkey patterns: [references/passkeys.md](references/passkeys.md)
489
483
  - [AuthenticationServices](https://sosumi.ai/documentation/authenticationservices)
490
484
  - [ASAuthorizationAppleIDProvider](https://sosumi.ai/documentation/authenticationservices/asauthorizationappleidprovider)
491
485
  - [ASAuthorizationAppleIDCredential](https://sosumi.ai/documentation/authenticationservices/asauthorizationappleidcredential)
492
486
  - [ASAuthorizationController](https://sosumi.ai/documentation/authenticationservices/asauthorizationcontroller)
493
487
  - [ASWebAuthenticationSession](https://sosumi.ai/documentation/authenticationservices/aswebauthenticationsession)
488
+ - [Supporting passkeys](https://sosumi.ai/documentation/authenticationservices/supporting-passkeys)
489
+ - [ASAuthorizationPlatformPublicKeyCredentialProvider](https://sosumi.ai/documentation/authenticationservices/asauthorizationplatformpublickeycredentialprovider)
494
490
  - [ASAuthorizationPasswordProvider](https://sosumi.ai/documentation/authenticationservices/asauthorizationpasswordprovider)
495
491
  - [SignInWithAppleButton](https://sosumi.ai/documentation/authenticationservices/signinwithapplebutton)
496
492
  - [Implementing User Authentication with Sign in with Apple](https://sosumi.ai/documentation/authenticationservices/implementing-user-authentication-with-sign-in-with-apple)
@@ -0,0 +1,48 @@
1
+ {
2
+ "skill_name": "authentication",
3
+ "evals": [
4
+ {
5
+ "id": 0,
6
+ "name": "passkey-registration-and-signin",
7
+ "prompt": "We're adding passwordless sign-in to our iOS app for accounts on example.com. The server can mint WebAuthn challenges, and product wants passkeys first, a physical security key fallback, and inline suggestions in the username field. What should the implementation checklist and core AuthenticationServices flow look like?",
8
+ "expected_output": "A passkey implementation checklist that covers associated domains, platform passkey registration/assertion, AutoFill-assisted requests, physical security key boundaries, and server-side verification.",
9
+ "files": [],
10
+ "expectations": [
11
+ "Names the Associated Domains requirement with the `webcredentials:` service for the relying-party domain.",
12
+ "Uses `ASAuthorizationPlatformPublicKeyCredentialProvider(relyingPartyIdentifier:)` for platform passkeys and distinguishes registration from assertion requests.",
13
+ "States that registration and assertion challenges come from the relying-party server and that passkey results must be verified server-side before issuing a session.",
14
+ "Mentions `performAutoFillAssistedRequests()` with a username text field using `.username` for inline passkey suggestions.",
15
+ "Uses `ASAuthorizationSecurityKeyPublicKeyCredentialProvider` only for physical security key fallback, not as the default platform passkey provider."
16
+ ]
17
+ },
18
+ {
19
+ "id": 1,
20
+ "name": "sign-in-with-apple-oauth-review",
21
+ "prompt": "Review this iOS login plan before implementation: Sign in with Apple for new accounts, saved password suggestions for returning users, GitHub OAuth, cached account profile data, local Face ID re-auth before account deletion, and token storage. What are the must-have AuthenticationServices and LocalAuthentication checks?",
22
+ "expected_output": "A review checklist that covers Sign in with Apple setup, credential handling, existing account flows, OAuth session presentation, biometric re-auth boundaries, and secure token storage.",
23
+ "files": [],
24
+ "expectations": [
25
+ "Requires the Sign in with Apple capability plus `ASAuthorizationControllerPresentationContextProviding` for authorization UI.",
26
+ "Explains that `email` and `fullName` must be cached during first authorization and handled as optional later.",
27
+ "Requires Apple ID credential state checks with `getCredentialState(forUserID:completion:)` and handling credential revocation notifications.",
28
+ "Sends `identityToken` and `authorizationCode` to the server for validation instead of trusting them only on device.",
29
+ "Uses `ASWebAuthenticationSession` for GitHub OAuth, avoids `WKWebView`, and returns a real active presentation anchor.",
30
+ "Stores secrets in Keychain and treats `LAContext.evaluatePolicy` as local re-authentication rather than standalone proof for releasing stored secrets."
31
+ ]
32
+ },
33
+ {
34
+ "id": 2,
35
+ "name": "security-boundary-routing",
36
+ "prompt": "A team asks the authentication skill to design the whole account security layer: Sign in with Apple, passkeys, refresh-token storage, CryptoKit encryption, certificate pinning, biometric unlock, and OWASP MASVS mapping. Give a concise scope review that says what this skill should cover and what belongs in sibling security work.",
37
+ "expected_output": "A boundary-aware scope review that keeps AuthenticationServices auth flows in scope while routing deep Keychain, CryptoKit, certificate trust, and compliance work to the security skill.",
38
+ "files": [],
39
+ "expectations": [
40
+ "Keeps Sign in with Apple, passkeys, Password AutoFill, ASAuthorizationController flows, ASWebAuthenticationSession OAuth, and local biometric re-authentication in the authentication skill scope.",
41
+ "Routes detailed Keychain architecture, CryptoKit encryption, Secure Enclave, certificate pinning, and OWASP MASVS mapping to the sibling security skill instead of expanding the authentication answer into those domains.",
42
+ "Still states that auth tokens and secrets should be stored in Keychain, not UserDefaults, files, or Core Data.",
43
+ "Warns that `LAContext.evaluatePolicy` alone should not release stored secrets and that Keychain access control is the right handoff for protected token/key reads.",
44
+ "Does not claim that the authentication skill owns backend WebAuthn relying-party implementation beyond requiring server challenges and server verification."
45
+ ]
46
+ }
47
+ ]
48
+ }
@@ -1,19 +1,25 @@
1
1
  # Keychain Token Storage & Biometric Authentication
2
2
 
3
3
  Self-contained reference for storing authentication tokens in Keychain and
4
- protecting them with biometric authentication (Face ID / Touch ID). Covers
5
- the patterns most commonly needed alongside Sign in with Apple and OAuth flows.
4
+ protecting them with Keychain-bound biometric authentication (Face ID /
5
+ Touch ID). Covers the patterns most commonly needed alongside Sign in with
6
+ Apple, passkey, and OAuth flows.
7
+
8
+ This is an authentication-adjacent quick reference, not a full security
9
+ architecture guide. Route Keychain migration, access-control policy design,
10
+ CryptoKit encryption, Secure Enclave keys, certificate pinning, keychain
11
+ sharing, storage-hardening strategy, and OWASP MASVS/MASTG mapping to
12
+ `swift-security`.
6
13
 
7
14
  ## Contents
8
15
 
9
16
  - [Storing Tokens in Keychain](#storing-tokens-in-keychain)
10
17
  - [Reading Tokens from Keychain](#reading-tokens-from-keychain)
11
18
  - [Deleting Tokens from Keychain](#deleting-tokens-from-keychain)
12
- - [kSecAttrAccessible Values](#ksecattracccessible-values)
13
19
  - [Biometric Authentication with LAContext](#biometric-authentication-with-lacontext)
14
20
  - [Biometric-Protected Keychain Items](#biometric-protected-keychain-items)
15
- - [SecAccessControl Flags](#secaccesscontrol-flags)
16
21
  - [Keychain Error Handling](#keychain-error-handling)
22
+ - [References](#references)
17
23
 
18
24
  ## Storing Tokens in Keychain
19
25
 
@@ -88,26 +94,23 @@ func deleteFromKeychain(account: String, service: String) throws {
88
94
  }
89
95
  ```
90
96
 
91
- ## kSecAttrAccessible Values
97
+ Use a `ThisDeviceOnly` accessibility class for sensitive app credentials unless
98
+ the product explicitly requires restore or sharing behavior. Choose broader
99
+ Keychain accessibility, migration, or sharing strategy in `swift-security`, not
100
+ in this authentication skill.
92
101
 
93
- | Value | When Available | Device-Only | Use For |
94
- |---|---|---|---|
95
- | `kSecAttrAccessibleWhenUnlocked` | Device unlocked | No | General credentials |
96
- | `kSecAttrAccessibleWhenUnlockedThisDeviceOnly` | Device unlocked | Yes | Sensitive credentials |
97
- | `kSecAttrAccessibleAfterFirstUnlock` | After first unlock | No | Background-accessible tokens |
98
- | `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly` | After first unlock | Yes | Background tokens, no backup |
99
- | `kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly` | Passcode set + unlocked | Yes | Highest security |
102
+ Do not use `kSecAttrAccessibleAlways` for app credentials; Apple marks it as not
103
+ recommended for application use because items remain accessible regardless of
104
+ lock state.
100
105
 
101
- Rules:
102
- - Use `ThisDeviceOnly` variants for sensitive data. Prevents backup/restore to other devices.
103
- - Use `AfterFirstUnlock` for tokens needed by background operations.
104
- - Use `WhenPasscodeSetThisDeviceOnly` for most sensitive data. Item is deleted if passcode is removed.
105
- - NEVER use `kSecAttrAccessibleAlways` (deprecated and insecure).
106
106
 
107
107
  ## Biometric Authentication with LAContext
108
108
 
109
109
  Use `LAContext` from LocalAuthentication for Face ID / Touch ID prompts before
110
- accessing sensitive data or performing protected actions.
110
+ showing sensitive screens or performing protected actions. This is a local
111
+ interaction gate, not proof that a stored secret is safe to release. For tokens,
112
+ private keys, or high-value credentials, bind access to the Keychain item with
113
+ `SecAccessControl` and let `SecItemCopyMatching` perform the authentication.
111
114
 
112
115
  ```swift
113
116
  import LocalAuthentication
@@ -172,22 +175,36 @@ let query: [String: Any] = [
172
175
  kSecClass as String: kSecClassGenericPassword,
173
176
  kSecAttrAccount as String: "auth-token",
174
177
  kSecValueData as String: tokenData,
175
- kSecAttrAccessControl as String: access,
176
- kSecUseAuthenticationContext as String: LAContext()
178
+ kSecAttrAccessControl as String: access
177
179
  ]
178
180
  ```
179
181
 
180
- ## SecAccessControl Flags
182
+ Read the protected item with an authentication context so Keychain, not app
183
+ logic, controls release of the secret:
184
+
185
+ ```swift
186
+ let context = LAContext()
187
+ context.localizedReason = "Authenticate to access your account"
188
+
189
+ let query: [String: Any] = [
190
+ kSecClass as String: kSecClassGenericPassword,
191
+ kSecAttrAccount as String: "auth-token",
192
+ kSecReturnData as String: true,
193
+ kSecMatchLimit as String: kSecMatchLimitOne,
194
+ kSecUseAuthenticationContext as String: context
195
+ ]
196
+
197
+ var result: AnyObject?
198
+ let status = SecItemCopyMatching(query as CFDictionary, &result)
199
+ guard status == errSecSuccess, let tokenData = result as? Data else {
200
+ throw KeychainError.readFailed(status)
201
+ }
202
+ ```
181
203
 
182
- | Flag | Behavior |
183
- |------|----------|
184
- | `.biometryCurrentSet` | Requires biometry, invalidated if enrollment changes. Most secure. |
185
- | `.biometryAny` | Requires biometry, survives enrollment changes. |
186
- | `.userPresence` | Biometry or passcode. Most flexible. |
204
+ Use `.biometryCurrentSet` when an auth token must be invalidated after biometric
205
+ enrollment changes. Route broader SecAccessControl flag selection and policy
206
+ tradeoffs to `swift-security`.
187
207
 
188
- Use `.biometryCurrentSet` for high-security items (tokens, keys). Use
189
- `.userPresence` when you want to allow passcode fallback without a separate
190
- `LAContext` evaluation.
191
208
 
192
209
  ## Keychain Error Handling
193
210
 
@@ -209,3 +226,13 @@ enum KeychainError: Error {
209
226
  }
210
227
  }
211
228
  ```
229
+
230
+ ## References
231
+
232
+ - [Restricting keychain item accessibility](https://sosumi.ai/documentation/security/restricting-keychain-item-accessibility)
233
+ - [Accessing Keychain Items with Face ID or Touch ID](https://sosumi.ai/documentation/localauthentication/accessing-keychain-items-with-face-id-or-touch-id)
234
+ - [LAContext](https://sosumi.ai/documentation/localauthentication/lacontext)
235
+ - [NSFaceIDUsageDescription](https://sosumi.ai/documentation/bundleresources/information-property-list/nsfaceidusagedescription)
236
+ - [kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly](https://sosumi.ai/documentation/security/ksecattraccessiblewhenpasscodesetthisdeviceonly)
237
+ - [SecAccessControlCreateFlags.userPresence](https://sosumi.ai/documentation/security/secaccesscontrolcreateflags/userpresence)
238
+ - [SecAccessControlCreateFlags.biometryCurrentSet](https://sosumi.ai/documentation/security/secaccesscontrolcreateflags/biometrycurrentset)