@musashishao/agent-kit 1.8.1 → 1.9.0

package/.agent/skills/bun-development/SKILL.md

@@ -0,0 +1,386 @@
+---
+name: bun-development
+description: "Bun runtime patterns for fast JavaScript/TypeScript development. Covers package management, bundling, testing, and runtime APIs."
+version: "1.0.0"
+---
+
+# ⚡ Bun Development
+
+You are a Bun expert who understands the all-in-one JavaScript runtime. Bun is a drop-in replacement for Node.js with native TypeScript support, a fast package manager, bundler, and test runner.
+
+---
+
+## When to Use This Skill
+
+- Fast JavaScript/TypeScript execution
+- Quick package installation
+- Built-in bundler needs
+- Fast test execution
+- SQLite database needs
+- Native TypeScript without compilation
+
+---
+
+## Capabilities
+
+- `bun-runtime`
+- `bun-package-manager`
+- `bun-bundler`
+- `bun-test`
+- `bun-sqlite`
+- `bun-http`
+
+---
+
+## 1. Getting Started
+
+```bash
+# Install Bun
+curl -fsSL https://bun.sh/install | bash
+
+# Initialize project
+bun init
+
+# Install dependencies
+bun install
+
+# Run TypeScript directly
+bun run index.ts
+
+# Run with watch mode
+bun --watch run index.ts
+```
+
+---
+
+## 2. HTTP Server
+
+### Basic Server
+
+```typescript
+// server.ts
+const server = Bun.serve({
+  port: 3000,
+  fetch(request) {
+    const url = new URL(request.url);
+    
+    if (url.pathname === "/") {
+      return new Response("Hello, Bun!");
+    }
+    
+    if (url.pathname === "/api/users") {
+      return Response.json([
+        { id: 1, name: "Alice" },
+        { id: 2, name: "Bob" }
+      ]);
+    }
+    
+    return new Response("Not Found", { status: 404 });
+  },
+});
+
+console.log(`Listening on http://localhost:${server.port}`);
+```
+
+### With Routes and Middleware
+
+```typescript
+// server.ts
+type RequestHandler = (req: Request) => Response | Promise<Response>;
+
+const routes: Map<string, RequestHandler> = new Map([
+  ['GET /', () => new Response('Home')],
+  ['GET /api/users', getUsers],
+  ['POST /api/users', createUser],
+]);
+
+// Middleware
+function cors(handler: RequestHandler): RequestHandler {
+  return (req) => {
+    const response = handler(req);
+    if (response instanceof Response) {
+      response.headers.set('Access-Control-Allow-Origin', '*');
+    }
+    return response;
+  };
+}
+
+function logger(handler: RequestHandler): RequestHandler {
+  return (req) => {
+    console.log(`${req.method} ${new URL(req.url).pathname}`);
+    return handler(req);
+  };
+}
+
+const server = Bun.serve({
+  port: 3000,
+  fetch: logger(cors(async (req) => {
+    const method = req.method;
+    const path = new URL(req.url).pathname;
+    const key = `${method} ${path}`;
+    
+    const handler = routes.get(key);
+    if (handler) {
+      return handler(req);
+    }
+    
+    return new Response('Not Found', { status: 404 });
+  })),
+});
+```
+
+---
+
+## 3. File Operations
+
+```typescript
+// Read file
+const file = Bun.file("./data.json");
+const content = await file.text();
+const json = await file.json();
+
+// Write file
+await Bun.write("output.txt", "Hello, World!");
+await Bun.write("data.json", JSON.stringify({ name: "Bun" }));
+
+// Stream large files
+const writer = Bun.file("large.txt").writer();
+for (let i = 0; i < 1000000; i++) {
+  writer.write(`Line ${i}\n`);
+}
+await writer.end();
+
+// Read directory
+import { readdir } from "fs/promises";
+const files = await readdir("./src");
+```
+
+---
+
+## 4. SQLite (Built-in)
+
+```typescript
+import { Database } from "bun:sqlite";
+
+const db = new Database("mydb.sqlite");
+
+// Create table
+db.run(`
+  CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name TEXT NOT NULL,
+    email TEXT UNIQUE,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+  )
+`);
+
+// Insert
+const insert = db.prepare("INSERT INTO users (name, email) VALUES (?, ?)");
+insert.run("Alice", "alice@example.com");
+
+// Query
+const query = db.prepare("SELECT * FROM users WHERE name = ?");
+const user = query.get("Alice");
+
+// Query all
+const allUsers = db.prepare("SELECT * FROM users").all();
+
+// Transaction
+const insertMany = db.transaction((users: { name: string; email: string }[]) => {
+  for (const user of users) {
+    insert.run(user.name, user.email);
+  }
+});
+
+insertMany([
+  { name: "Bob", email: "bob@example.com" },
+  { name: "Charlie", email: "charlie@example.com" },
+]);
+```
+
+---
+
+## 5. Testing
+
+```typescript
+// math.test.ts
+import { describe, expect, test, beforeAll, mock } from "bun:test";
+
+describe("Math operations", () => {
+  test("addition", () => {
+    expect(1 + 1).toBe(2);
+  });
+  
+  test("async operation", async () => {
+    const result = await Promise.resolve(42);
+    expect(result).toBe(42);
+  });
+});
+
+// Mocking
+const mockFn = mock(() => "mocked");
+expect(mockFn()).toBe("mocked");
+expect(mockFn).toHaveBeenCalled();
+
+// Mock module
+mock.module("./api", () => ({
+  fetchUsers: () => Promise.resolve([{ id: 1, name: "Test" }]),
+}));
+
+// Run tests
+// bun test
+// bun test --watch
+// bun test --coverage
+```
+
+---
+
+## 6. Bundler
+
+```typescript
+// Build script
+const result = await Bun.build({
+  entrypoints: ['./src/index.ts'],
+  outdir: './dist',
+  target: 'browser', // 'bun' | 'node' | 'browser'
+  minify: true,
+  splitting: true,
+  sourcemap: 'external',
+  naming: {
+    entry: '[name].[hash].js',
+    chunk: 'chunks/[name].[hash].js',
+    asset: 'assets/[name].[hash][ext]',
+  },
+  define: {
+    'process.env.NODE_ENV': '"production"',
+  },
+  external: ['react', 'react-dom'],
+  plugins: [
+    // Custom plugin
+    {
+      name: 'my-plugin',
+      setup(build) {
+        build.onLoad({ filter: /\.txt$/ }, async (args) => {
+          const text = await Bun.file(args.path).text();
+          return {
+            contents: `export default ${JSON.stringify(text)}`,
+            loader: 'js',
+          };
+        });
+      },
+    },
+  ],
+});
+
+if (!result.success) {
+  console.error('Build failed:', result.logs);
+}
+```
+
+---
+
+## 7. Package Management
+
+```bash
+# Install packages (faster than npm)
+bun install
+
+# Add dependency
+bun add react
+
+# Add dev dependency
+bun add -d typescript
+
+# Remove package
+bun remove lodash
+
+# Update packages
+bun update
+
+# Run script
+bun run build
+
+# Link local package
+bun link
+
+# Create lockfile from scratch
+bun install --force
+```
+
+### Workspaces
+
+```json
+// package.json
+{
+  "workspaces": [
+    "packages/*"
+  ]
+}
+```
+
+---
+
+## 8. Environment Variables
+
+```typescript
+// .env is loaded automatically
+console.log(Bun.env.DATABASE_URL);
+console.log(Bun.env.API_KEY);
+
+// Or use process.env (Node.js compatible)
+console.log(process.env.DATABASE_URL);
+
+// Type-safe env
+const config = {
+  port: Number(Bun.env.PORT) || 3000,
+  dbUrl: Bun.env.DATABASE_URL || 'sqlite://local.db',
+};
+```
+
+---
+
+## 9. Comparison with Node.js
+
+| Feature | Node.js | Bun |
+|---------|---------|-----|
+| Package manager | npm/yarn/pnpm | `bun install` (faster) |
+| TypeScript | Needs compilation | Native |
+| Test runner | Jest/Vitest | Built-in |
+| Bundler | Webpack/esbuild | Built-in |
+| HTTP server | Express/Fastify | `Bun.serve()` |
+| SQLite | node-sqlite3 | Built-in |
+| File I/O | fs.readFile | `Bun.file()` |
+
+---
+
+## 10. Anti-Patterns
+
+### ❌ Using Node.js APIs When Bun Has Better
+
+```typescript
+// WRONG: Node.js style
+import { readFile } from 'fs/promises';
+const content = await readFile('file.txt', 'utf-8');
+
+// CORRECT: Bun style (faster)
+const file = Bun.file('file.txt');
+const content = await file.text();
+```
+
+### ❌ Not Using Native SQLite
+
+```typescript
+// WRONG: External SQLite package
+import sqlite3 from 'better-sqlite3';
+
+// CORRECT: Bun's built-in SQLite
+import { Database } from 'bun:sqlite';
+```
+
+---
+
+## Related Skills
+
+- `nodejs-best-practices` - Node.js patterns
+- `typescript-expert` - TypeScript patterns
+- `testing-patterns` - Testing strategies

package/.agent/skills/burp-suite-testing/SKILL.md

@@ -0,0 +1,60 @@
+---
+name: burp-suite-testing
+description: "Expertise in using Burp Suite Professional for web application security testing. Covers Proxy, Repeater, Intruder, Sequencer, and specialized extensions."
+version: "1.0.0"
+---
+
+# 🕸️ Burp Suite Testing
+
+You are a web security specialist who lives in Burp Suite. You know how to intercept, manipulate, and replay HTTP traffic to find vulnerabilities that automated scanners miss.
+
+---
+
+## Core Components
+
+### 1. Proxy
+The heart of Burp. Intercept and modify traffic between the browser and the server.
+- **Pro Tip**: Use "Match and Replace" rules to automatically bypass client-side checks or add custom headers like `X-Forwarded-For`.
+
+### 2. Repeater
+Manually modify and re-send individual HTTP requests. 
+- **Use Case**: Testing for IDOR by changing an `id` parameter and seeing if the response changes.
+
+### 3. Intruder
+Automate customized attacks (fuzzing).
+- **Sniper**: One payload, one position.
+- **Battering Ram**: One payload, multiple positions.
+- **Pitchfork**: Different payloads, synchronized positions.
+- **Cluster Bomb**: Every combination of multiple payloads (heavy!).
+
+---
+
+## Common Workflows
+
+### Finding IDOR
+1. Intercept a "Get Profile" request in **Proxy**.
+2. Send to **Repeater**.
+3. Change `user_id=101` to `user_id=102`.
+4. If you see user 102's private data, you found an IDOR.
+
+### Testing for SQLi (Time-based)
+1. Send an search request to **Intruder**.
+2. Mark the search term as a position.
+3. Load a list of time-based payloads: `' OR SLEEP(5)--`.
+4. Sort by "Response Received Time" to find successful delays.
+
+---
+
+## Essential Extensions (BApp Store)
+- **Turbo Intruder**: For high-speed fuzzing.
+- **Logger++**: More detailed session logs.
+- **AuthMatrix**: For complex authorization testing.
+- **Param Miner**: Finding hidden parameters.
+
+---
+
+## Related Skills
+
+- `ethical-hacking-methodology` - Context
+- `idor-testing` - Specialized application
+- `api-fuzzing-bug-bounty` - Automation with Burp