@musashishao/agent-kit 1.0.0

package/.agent/skills/red-team-tactics/SKILL.md

@@ -0,0 +1,199 @@
+---
+name: red-team-tactics
+description: Red team tactics principles based on MITRE ATT&CK. Attack phases, detection evasion, reporting.
+allowed-tools: Read, Glob, Grep
+---
+
+# Red Team Tactics
+
+> Adversary simulation principles based on MITRE ATT&CK framework.
+
+---
+
+## 1. MITRE ATT&CK Phases
+
+### Attack Lifecycle
+
+```
+RECONNAISSANCE → INITIAL ACCESS → EXECUTION → PERSISTENCE
+       ↓              ↓              ↓            ↓
+   PRIVILEGE ESC → DEFENSE EVASION → CRED ACCESS → DISCOVERY
+       ↓              ↓              ↓            ↓
+LATERAL MOVEMENT → COLLECTION → C2 → EXFILTRATION → IMPACT
+```
+
+### Phase Objectives
+
+| Phase | Objective |
+|-------|-----------|
+| **Recon** | Map attack surface |
+| **Initial Access** | Get first foothold |
+| **Execution** | Run code on target |
+| **Persistence** | Survive reboots |
+| **Privilege Escalation** | Get admin/root |
+| **Defense Evasion** | Avoid detection |
+| **Credential Access** | Harvest credentials |
+| **Discovery** | Map internal network |
+| **Lateral Movement** | Spread to other systems |
+| **Collection** | Gather target data |
+| **C2** | Maintain command channel |
+| **Exfiltration** | Extract data |
+
+---
+
+## 2. Reconnaissance Principles
+
+### Passive vs Active
+
+| Type | Trade-off |
+|------|-----------|
+| **Passive** | No target contact, limited info |
+| **Active** | Direct contact, more detection risk |
+
+### Information Targets
+
+| Category | Value |
+|----------|-------|
+| Technology stack | Attack vector selection |
+| Employee info | Social engineering |
+| Network ranges | Scanning scope |
+| Third parties | Supply chain attack |
+
+---
+
+## 3. Initial Access Vectors
+
+### Selection Criteria
+
+| Vector | When to Use |
+|--------|-------------|
+| **Phishing** | Human target, email access |
+| **Public exploits** | Vulnerable services exposed |
+| **Valid credentials** | Leaked or cracked |
+| **Supply chain** | Third-party access |
+
+---
+
+## 4. Privilege Escalation Principles
+
+### Windows Targets
+
+| Check | Opportunity |
+|-------|-------------|
+| Unquoted service paths | Write to path |
+| Weak service permissions | Modify service |
+| Token privileges | Abuse SeDebug, etc. |
+| Stored credentials | Harvest |
+
+### Linux Targets
+
+| Check | Opportunity |
+|-------|-------------|
+| SUID binaries | Execute as owner |
+| Sudo misconfiguration | Command execution |
+| Kernel vulnerabilities | Kernel exploits |
+| Cron jobs | Writable scripts |
+
+---
+
+## 5. Defense Evasion Principles
+
+### Key Techniques
+
+| Technique | Purpose |
+|-----------|---------|
+| LOLBins | Use legitimate tools |
+| Obfuscation | Hide malicious code |
+| Timestomping | Hide file modifications |
+| Log clearing | Remove evidence |
+
+### Operational Security
+
+- Work during business hours
+- Mimic legitimate traffic patterns
+- Use encrypted channels
+- Blend with normal behavior
+
+---
+
+## 6. Lateral Movement Principles
+
+### Credential Types
+
+| Type | Use |
+|------|-----|
+| Password | Standard auth |
+| Hash | Pass-the-hash |
+| Ticket | Pass-the-ticket |
+| Certificate | Certificate auth |
+
+### Movement Paths
+
+- Admin shares
+- Remote services (RDP, SSH, WinRM)
+- Exploitation of internal services
+
+---
+
+## 7. Active Directory Attacks
+
+### Attack Categories
+
+| Attack | Target |
+|--------|--------|
+| Kerberoasting | Service account passwords |
+| AS-REP Roasting | Accounts without pre-auth |
+| DCSync | Domain credentials |
+| Golden Ticket | Persistent domain access |
+
+---
+
+## 8. Reporting Principles
+
+### Attack Narrative
+
+Document the full attack chain:
+1. How initial access was gained
+2. What techniques were used
+3. What objectives were achieved
+4. Where detection failed
+
+### Detection Gaps
+
+For each successful technique:
+- What should have detected it?
+- Why didn't detection work?
+- How to improve detection
+
+---
+
+## 9. Ethical Boundaries
+
+### Always
+
+- Stay within scope
+- Minimize impact
+- Report immediately if real threat found
+- Document all actions
+
+### Never
+
+- Destroy production data
+- Cause denial of service (unless scoped)
+- Access beyond proof of concept
+- Retain sensitive data
+
+---
+
+## 10. Anti-Patterns
+
+| ❌ Don't | ✅ Do |
+|----------|-------|
+| Rush to exploitation | Follow methodology |
+| Cause damage | Minimize impact |
+| Skip reporting | Document everything |
+| Ignore scope | Stay within boundaries |
+
+---
+
+> **Remember:** Red team simulates attackers to improve defenses, not to cause harm.

package/.agent/skills/seo-fundamentals/SKILL.md

@@ -0,0 +1,129 @@
+---
+name: seo-fundamentals
+description: SEO fundamentals, E-E-A-T, Core Web Vitals, and Google algorithm principles.
+allowed-tools: Read, Glob, Grep
+---
+
+# SEO Fundamentals
+
+> Principles for search engine visibility.
+
+---
+
+## 1. E-E-A-T Framework
+
+| Principle | Signals |
+|-----------|---------|
+| **Experience** | First-hand knowledge, real examples |
+| **Expertise** | Credentials, depth of knowledge |
+| **Authoritativeness** | Backlinks, mentions, industry recognition |
+| **Trustworthiness** | HTTPS, transparency, accurate info |
+
+---
+
+## 2. Core Web Vitals
+
+| Metric | Target | Measures |
+|--------|--------|----------|
+| **LCP** | < 2.5s | Loading performance |
+| **INP** | < 200ms | Interactivity |
+| **CLS** | < 0.1 | Visual stability |
+
+---
+
+## 3. Technical SEO Principles
+
+### Site Structure
+
+| Element | Purpose |
+|---------|---------|
+| XML sitemap | Help crawling |
+| robots.txt | Control access |
+| Canonical tags | Prevent duplicates |
+| HTTPS | Security signal |
+
+### Performance
+
+| Factor | Impact |
+|--------|--------|
+| Page speed | Core Web Vital |
+| Mobile-friendly | Ranking factor |
+| Clean URLs | Crawlability |
+
+---
+
+## 4. Content SEO Principles
+
+### Page Elements
+
+| Element | Best Practice |
+|---------|---------------|
+| Title tag | 50-60 chars, keyword front |
+| Meta description | 150-160 chars, compelling |
+| H1 | One per page, main keyword |
+| H2-H6 | Logical hierarchy |
+| Alt text | Descriptive, not stuffed |
+
+### Content Quality
+
+| Factor | Importance |
+|--------|------------|
+| Depth | Comprehensive coverage |
+| Freshness | Regular updates |
+| Uniqueness | Original value |
+| Readability | Clear writing |
+
+---
+
+## 5. Schema Markup Types
+
+| Type | Use |
+|------|-----|
+| Article | Blog posts, news |
+| Organization | Company info |
+| Person | Author profiles |
+| FAQPage | Q&A content |
+| Product | E-commerce |
+| Review | Ratings |
+| BreadcrumbList | Navigation |
+
+---
+
+## 6. AI Content Guidelines
+
+### What Google Looks For
+
+| ✅ Do | ❌ Don't |
+|-------|----------|
+| AI draft + human edit | Publish raw AI content |
+| Add original insights | Copy without value |
+| Expert review | Skip fact-checking |
+| Follow E-E-A-T | Keyword stuffing |
+
+---
+
+## 7. Ranking Factors (Prioritized)
+
+| Priority | Factor |
+|----------|--------|
+| 1 | Quality, relevant content |
+| 2 | Backlinks from authority sites |
+| 3 | Page experience (Core Web Vitals) |
+| 4 | Mobile optimization |
+| 5 | Technical SEO fundamentals |
+
+---
+
+## 8. Measurement
+
+| Metric | Tool |
+|--------|------|
+| Rankings | Search Console, Ahrefs |
+| Traffic | Analytics |
+| Core Web Vitals | PageSpeed Insights |
+| Indexing | Search Console |
+| Backlinks | Ahrefs, Semrush |
+
+---
+
+> **Remember:** SEO is a long-term game. Quality content + technical excellence + patience = results.

package/.agent/skills/seo-fundamentals/scripts/seo_checker.py

@@ -0,0 +1,219 @@
+#!/usr/bin/env python3
+"""
+SEO Checker - Search Engine Optimization Audit
+Checks HTML/JSX/TSX pages for SEO best practices.
+
+PURPOSE:
+    - Verify meta tags, titles, descriptions
+    - Check Open Graph tags for social sharing
+    - Validate heading hierarchy
+    - Check image accessibility (alt attributes)
+
+WHAT IT CHECKS:
+    - HTML files (actual web pages)
+    - JSX/TSX files (React page components)
+    - Only files that are likely PUBLIC pages
+
+Usage:
+    python seo_checker.py <project_path>
+"""
+import sys
+import json
+import re
+from pathlib import Path
+from datetime import datetime
+
+# Fix Windows console encoding
+try:
+    sys.stdout.reconfigure(encoding='utf-8', errors='replace')
+except:
+    pass
+
+
+# Directories to skip
+SKIP_DIRS = {
+    'node_modules', '.next', 'dist', 'build', '.git', '.github',
+    '__pycache__', '.vscode', '.idea', 'coverage', 'test', 'tests',
+    '__tests__', 'spec', 'docs', 'documentation', 'examples'
+}
+
+# Files to skip (not pages)
+SKIP_PATTERNS = [
+    'config', 'setup', 'util', 'helper', 'hook', 'context', 'store',
+    'service', 'api', 'lib', 'constant', 'type', 'interface', 'mock',
+    '.test.', '.spec.', '_test.', '_spec.'
+]
+
+
+def is_page_file(file_path: Path) -> bool:
+    """Check if this file is likely a public-facing page."""
+    name = file_path.name.lower()
+    stem = file_path.stem.lower()
+    
+    # Skip utility/config files
+    if any(skip in name for skip in SKIP_PATTERNS):
+        return False
+    
+    # Check path - pages in specific directories are likely pages
+    parts = [p.lower() for p in file_path.parts]
+    page_dirs = ['pages', 'app', 'routes', 'views', 'screens']
+    
+    if any(d in parts for d in page_dirs):
+        return True
+    
+    # Filename indicators for pages
+    page_names = ['page', 'index', 'home', 'about', 'contact', 'blog', 
+                  'post', 'article', 'product', 'landing', 'layout']
+    
+    if any(p in stem for p in page_names):
+        return True
+    
+    # HTML files are usually pages
+    if file_path.suffix.lower() in ['.html', '.htm']:
+        return True
+    
+    return False
+
+
+def find_pages(project_path: Path) -> list:
+    """Find page files to check."""
+    patterns = ['**/*.html', '**/*.htm', '**/*.jsx', '**/*.tsx']
+    
+    files = []
+    for pattern in patterns:
+        for f in project_path.glob(pattern):
+            # Skip excluded directories
+            if any(skip in f.parts for skip in SKIP_DIRS):
+                continue
+            
+            # Check if it's likely a page
+            if is_page_file(f):
+                files.append(f)
+    
+    return files[:50]  # Limit to 50 files
+
+
+def check_page(file_path: Path) -> dict:
+    """Check a single page for SEO issues."""
+    issues = []
+    
+    try:
+        content = file_path.read_text(encoding='utf-8', errors='ignore')
+    except Exception as e:
+        return {"file": str(file_path.name), "issues": [f"Error: {e}"]}
+    
+    # Detect if this is a layout/template file (has Head component)
+    is_layout = 'Head>' in content or '<head' in content.lower()
+    
+    # 1. Title tag
+    has_title = '<title' in content.lower() or 'title=' in content or 'Head>' in content
+    if not has_title and is_layout:
+        issues.append("Missing <title> tag")
+    
+    # 2. Meta description
+    has_description = 'name="description"' in content.lower() or 'name=\'description\'' in content.lower()
+    if not has_description and is_layout:
+        issues.append("Missing meta description")
+    
+    # 3. Open Graph tags
+    has_og = 'og:' in content or 'property="og:' in content.lower()
+    if not has_og and is_layout:
+        issues.append("Missing Open Graph tags")
+    
+    # 4. Heading hierarchy - multiple H1s
+    h1_matches = re.findall(r'<h1[^>]*>', content, re.I)
+    if len(h1_matches) > 1:
+        issues.append(f"Multiple H1 tags ({len(h1_matches)})")
+    
+    # 5. Images without alt
+    img_pattern = r'<img[^>]+>'
+    imgs = re.findall(img_pattern, content, re.I)
+    for img in imgs:
+        if 'alt=' not in img.lower():
+            issues.append("Image missing alt attribute")
+            break
+        if 'alt=""' in img or "alt=''" in img:
+            issues.append("Image has empty alt attribute")
+            break
+    
+    # 6. Check for canonical link (nice to have)
+    # has_canonical = 'rel="canonical"' in content.lower()
+    
+    return {
+        "file": str(file_path.name),
+        "issues": issues
+    }
+
+
+def main():
+    project_path = Path(sys.argv[1] if len(sys.argv) > 1 else ".").resolve()
+    
+    print(f"\n{'='*60}")
+    print(f"  SEO CHECKER - Search Engine Optimization Audit")
+    print(f"{'='*60}")
+    print(f"Project: {project_path}")
+    print(f"Time: {datetime.now().strftime('%Y-%m-%d %H:%M:%S')}")
+    print("-"*60)
+    
+    # Find pages
+    pages = find_pages(project_path)
+    
+    if not pages:
+        print("\n[!] No page files found.")
+        print("    Looking for: HTML, JSX, TSX in pages/app/routes directories")
+        output = {"script": "seo_checker", "files_checked": 0, "passed": True}
+        print("\n" + json.dumps(output, indent=2))
+        sys.exit(0)
+    
+    print(f"Found {len(pages)} page files to analyze\n")
+    
+    # Check each page
+    all_issues = []
+    for f in pages:
+        result = check_page(f)
+        if result["issues"]:
+            all_issues.append(result)
+    
+    # Summary
+    print("=" * 60)
+    print("SEO ANALYSIS RESULTS")
+    print("=" * 60)
+    
+    if all_issues:
+        # Group by issue type
+        issue_counts = {}
+        for item in all_issues:
+            for issue in item["issues"]:
+                issue_counts[issue] = issue_counts.get(issue, 0) + 1
+        
+        print("\nIssue Summary:")
+        for issue, count in sorted(issue_counts.items(), key=lambda x: -x[1]):
+            print(f"  [{count}] {issue}")
+        
+        print(f"\nAffected files ({len(all_issues)}):")
+        for item in all_issues[:5]:
+            print(f"  - {item['file']}")
+        if len(all_issues) > 5:
+            print(f"  ... and {len(all_issues) - 5} more")
+    else:
+        print("\n[OK] No SEO issues found!")
+    
+    total_issues = sum(len(item["issues"]) for item in all_issues)
+    passed = total_issues == 0
+    
+    output = {
+        "script": "seo_checker",
+        "project": str(project_path),
+        "files_checked": len(pages),
+        "files_with_issues": len(all_issues),
+        "issues_found": total_issues,
+        "passed": passed
+    }
+    
+    print("\n" + json.dumps(output, indent=2))
+    
+    sys.exit(0 if passed else 1)
+
+
+if __name__ == "__main__":
+    main()

package/.agent/skills/server-management/SKILL.md

@@ -0,0 +1,161 @@
+---
+name: server-management
+description: Server management principles and decision-making. Process management, monitoring strategy, and scaling decisions. Teaches thinking, not commands.
+allowed-tools: Read, Write, Edit, Glob, Grep, Bash
+---
+
+# Server Management
+
+> Server management principles for production operations.
+> **Learn to THINK, not memorize commands.**
+
+---
+
+## 1. Process Management Principles
+
+### Tool Selection
+
+| Scenario | Tool |
+|----------|------|
+| **Node.js app** | PM2 (clustering, reload) |
+| **Any app** | systemd (Linux native) |
+| **Containers** | Docker/Podman |
+| **Orchestration** | Kubernetes, Docker Swarm |
+
+### Process Management Goals
+
+| Goal | What It Means |
+|------|---------------|
+| **Restart on crash** | Auto-recovery |
+| **Zero-downtime reload** | No service interruption |
+| **Clustering** | Use all CPU cores |
+| **Persistence** | Survive server reboot |
+
+---
+
+## 2. Monitoring Principles
+
+### What to Monitor
+
+| Category | Key Metrics |
+|----------|-------------|
+| **Availability** | Uptime, health checks |
+| **Performance** | Response time, throughput |
+| **Errors** | Error rate, types |
+| **Resources** | CPU, memory, disk |
+
+### Alert Severity Strategy
+
+| Level | Response |
+|-------|----------|
+| **Critical** | Immediate action |
+| **Warning** | Investigate soon |
+| **Info** | Review daily |
+
+### Monitoring Tool Selection
+
+| Need | Options |
+|------|---------|
+| Simple/Free | PM2 metrics, htop |
+| Full observability | Grafana, Datadog |
+| Error tracking | Sentry |
+| Uptime | UptimeRobot, Pingdom |
+
+---
+
+## 3. Log Management Principles
+
+### Log Strategy
+
+| Log Type | Purpose |
+|----------|---------|
+| **Application logs** | Debug, audit |
+| **Access logs** | Traffic analysis |
+| **Error logs** | Issue detection |
+
+### Log Principles
+
+1. **Rotate logs** to prevent disk fill
+2. **Structured logging** (JSON) for parsing
+3. **Appropriate levels** (error/warn/info/debug)
+4. **No sensitive data** in logs
+
+---
+
+## 4. Scaling Decisions
+
+### When to Scale
+
+| Symptom | Solution |
+|---------|----------|
+| High CPU | Add instances (horizontal) |
+| High memory | Increase RAM or fix leak |
+| Slow response | Profile first, then scale |
+| Traffic spikes | Auto-scaling |
+
+### Scaling Strategy
+
+| Type | When to Use |
+|------|-------------|
+| **Vertical** | Quick fix, single instance |
+| **Horizontal** | Sustainable, distributed |
+| **Auto** | Variable traffic |
+
+---
+
+## 5. Health Check Principles
+
+### What Constitutes Healthy
+
+| Check | Meaning |
+|-------|---------|
+| **HTTP 200** | Service responding |
+| **Database connected** | Data accessible |
+| **Dependencies OK** | External services reachable |
+| **Resources OK** | CPU/memory not exhausted |
+
+### Health Check Implementation
+
+- Simple: Just return 200
+- Deep: Check all dependencies
+- Choose based on load balancer needs
+
+---
+
+## 6. Security Principles
+
+| Area | Principle |
+|------|-----------|
+| **Access** | SSH keys only, no passwords |
+| **Firewall** | Only needed ports open |
+| **Updates** | Regular security patches |
+| **Secrets** | Environment vars, not files |
+| **Audit** | Log access and changes |
+
+---
+
+## 7. Troubleshooting Priority
+
+When something's wrong:
+
+1. **Check if running** (process status)
+2. **Check logs** (error messages)
+3. **Check resources** (disk, memory, CPU)
+4. **Check network** (ports, DNS)
+5. **Check dependencies** (database, APIs)
+
+---
+
+## 8. Anti-Patterns
+
+| ❌ Don't | ✅ Do |
+|----------|-------|
+| Run as root | Use non-root user |
+| Ignore logs | Set up log rotation |
+| Skip monitoring | Monitor from day one |
+| Manual restarts | Auto-restart config |
+| No backups | Regular backup schedule |
+
+---
+
+> **Remember:** A well-managed server is boring. That's the goal.