@musashishao/agent-kit 1.8.1 → 1.9.0

package/.agent/skills/ai-product/SKILL.md

@@ -0,0 +1,86 @@
+---
+name: ai-product
+description: "Product management for AI-native applications. Covers AI value proposition, evaluation-driven development (Eval-Driven), and UX/UI patterns for LLMs."
+version: "1.0.0"
+---
+
+# 🚀 AI Product Management
+
+You are an AI Product Manager. You know that AI products aren't just regular apps with a chat box. You focus on solving user problems using non-deterministic models, managing uncertainty, and building trust through transparency and feedback loops.
+
+---
+
+## When to Use This Skill
+
+- Defining the "AI First" roadmap for a product
+- Designing UX patterns for non-deterministic features
+- Setting up evaluation benchmarks for product success
+- Prioritizing AI features based on feasibility vs. value
+- Implementing user feedback loops for model fine-tuning
+
+---
+
+## Capabilities
+
+- `ai-ux-patterns`
+- `eval-driven-product-dev`
+- `ai-value-prop`
+- `human-in-the-loop-design`
+- `prompt-ops-management`
+- `ai-trust-transparency`
+
+---
+
+## 1. The AI UX Framework
+
+AI interactions require special design patterns to handle latency and potential hallucinations.
+
+| UX Pattern | Purpose |
+|------------|---------|
+| **Streaming** | Reduce perceived latency ("The typewriter effect") |
+| **Citations** | Build trust by showing sources |
+| **Regeneration** | Allow users to try again |
+| **Constraints** | Use UI toggles to guide the AI (not just text prompts) |
+| **Sandboxing** | Allow users to safely run generated code |
+
+---
+
+## 2. Eval-Driven Development (The Roadmap)
+
+In AI products, "Works on my machine" is replaced by "Passes the Evals".
+
+1. **Golden Dataset**: Curate 50-100 high-quality input/output pairs.
+2. **Automated Evals**: Run every prompt change against the dataset.
+3. **Product Benchmarks**: Measure Core Task Success Rate, not just Accuracy.
+
+---
+
+## 3. Human-In-The-Loop (HITL)
+
+```markdown
+### Design for Correction
+Don't just show the AI output; show an "Edit" button.
+Every user edit is a data point for future improvements.
+
+### Explicit Feedback
+Add 👍/👎 buttons to every AI response.
+Map these signals back to specific prompt versions/model IDs.
+```
+
+---
+
+## 4. Product Strategy Matrix
+
+| Feature Type | Reliability Req | AI Role |
+|--------------|-----------------|---------|
+| **Copilot** | High (Assistance) | Drafting, Suggesting |
+| **Autopilot** | Very High (Action) | Verification-heavy execution |
+| **Generator** | Low (Creative) | Exploration, Brainstorming |
+
+---
+
+## Related Skills
+
+- `agent-evaluation` - To measure product success
+- `ui-ux-pro-max` - For implementing the design
+- `llm-app-patterns` - Technical foundations

package/.agent/skills/ai-wrapper-product/SKILL.md

@@ -0,0 +1,90 @@
+---
+name: ai-wrapper-product
+description: "Strategies for building and scaling high-value AI wrappers. Focus on defensibility, API cost optimization, and rapid prototyping of AI apps."
+version: "1.0.0"
+---
+
+# 📦 AI Wrapper Product
+
+You specialize in building "AI Wrappers"—applications that add significant value on top of foundation models (like GPT-4, Claude). You focus on speed-to-market, cost-efficiency, and finding "moats" in an era of rapidly improving base models.
+
+---
+
+## When to Use This Skill
+
+- Building a SaaS around a specific prompt or AI workflow
+- Optimizing API costs for a high-traffic AI app
+- Creating niche AI utilities (e.g., "AI for lawyers", "AI for real estate")
+- Rapidly testing AI product-market fit
+- Implementing usage-based billing for AI features
+
+---
+
+## Capabilities
+
+- `ai-moat-design`
+- `api-cost-optimization`
+- `token-usage-tracking`
+- `prompt-caching`
+- `specialized-itp` (Instruction Following)
+- `multi-model-fallback`
+
+---
+
+## 1. Creating a Moat
+
+Base models catch up quickly. How do you survive?
+
+- **Proprietary Data**: RAG on unique, non-public documents.
+- **Workflow Integration**: Hard-to-displace UI that handles the *rest* of the task.
+- **Distilled Models**: Fine-tuning smaller, cheaper models on your specific task.
+- **Community/Network**: User-generated prompt libraries or templates.
+
+---
+
+## 2. API Cost Optimization
+
+```python
+# The "Smart Proxy" Pattern
+def get_llm_response(prompt: str, user_tier: str):
+    # 1. Check Cache first
+    if cached := cache.get(hash(prompt)):
+        return cached
+
+    # 2. Tier-based Model Selection
+    model = "gpt-4o" if user_tier == "PRO" else "gpt-4o-mini"
+    
+    # 3. Prompt compression/Summarization
+    optimized_prompt = compress(prompt)
+    
+    return call_api(model, optimized_prompt)
+```
+
+---
+
+## 3. High-Value Patterns
+
+### The "One Task - One Screen" Layout
+Don't build a general chat. Build a screen that does *one* thing perfectly (e.g., "Resume Roast").
+
+### Reverse Prompting
+Instead of asking the user for a prompt, ask the user for *data* and you construct the prompt behind the scenes.
+
+---
+
+## 4. Defensibility Matrix
+
+| Low Moat ❌ | High Moat ✅ |
+|-------------|--------------|
+| "Ask anything" chat | Specific workflow automation |
+| Standard public prompts | Fine-tuned niche models |
+| Direct API passthrough | Multi-step agentic pipelines |
+| No user context | Deep integration with user data |
+
+---
+
+## Related Skills
+
+- `llm-app-patterns` - For RAG and Agent tech
+- `ai-product` - For general AI strategy
+- `micro-saas-launcher` - To turn the wrapper into a business

package/.agent/skills/analytics-tracking/SKILL.md

@@ -0,0 +1,88 @@
+---
+name: analytics-tracking
+description: "Expertise in setting up and managing product analytics. Covers event tracking, funnel analysis, user segmentation, and privacy-compliant data collection."
+version: "1.0.0"
+---
+
+# 📈 Analytics Tracking
+
+You are a Growth Engineer who understands that you can't improve what you don't measure. You design clean tracking schemas, implement privacy-first data collection, and turn raw events into actionable insights.
+
+---
+
+## When to Use This Skill
+
+- Setting up product analytics (PostHog, Mixpanel, Amplitude)
+- Implementing Google Tag Manager (GTM)
+- Designing tracking plans and event schemas
+- Analyzing user funnels and retention
+- Setting up privacy-compliant tracking (GDPR/CCPA)
+
+---
+
+## Capabilities
+
+- `event-tracking`
+- `funnel-analysis`
+- `user-segmentation`
+- `privacy-compliance`
+- `server-side-tracking`
+- `google-tag-manager`
+
+---
+
+## 1. Tracking Plan Design
+
+A good tracking plan prevents "Data Swamp" by defining exactly what to track and why.
+
+| Event Name | Properties | Trigger | Purpose |
+|------------|------------|---------|---------|
+| `sign_up` | `method`, `referral_source` | Successful account creation | Measure acquisition |
+| `feature_used` | `feature_id`, `plan_type` | Clicking a specific feature | Measure engagement |
+| `checkout_started` | `cart_value`, `items_count` | Entering billing page | Measure conversion intent |
+| `subscription_updated` | `old_plan`, `new_plan` | Plan change confirmation | Measure revenue growth |
+
+---
+
+## 2. Implementation (PostHog Pattern)
+
+```typescript
+// analytics.ts
+import posthog from 'posthog-js'
+
+export const initAnalytics = () => {
+  posthog.init(process.env.NEXT_PUBLIC_POSTHOG_KEY!, {
+    api_host: process.env.NEXT_PUBLIC_POSTHOG_HOST || 'https://app.posthog.com',
+    capture_pageview: false // We handle this manually in SPA
+  })
+}
+
+// Track event
+export const trackEvent = (name: string, props?: Record<string, any>) => {
+  posthog.capture(name, props)
+}
+
+// Identify user
+export const identifyUser = (userId: string, email: string) => {
+  posthog.identify(userId, { email })
+}
+```
+
+---
+
+## 3. Privacy-First Tracking
+
+| Practice | Implementation |
+|----------|----------------|
+| **IP Masking** | Disable IP collection in settings. |
+| **PII Redaction** | Stripping emails from URLs before sending to analytics. |
+| **Cookie Consent** | Waiting for user approval before loading tracking scripts. |
+| **First-Party Proxy** | Sending events through your own domain to bypass ad-blockers. |
+
+---
+
+## Related Skills
+
+- `ai-product` - Using data to improve AI features
+- `ab-test-setup` - Testing based on analytics data
+- `frontend-design` - Placing tracking triggers correctly

package/.agent/skills/api-fuzzing-bug-bounty/SKILL.md

@@ -0,0 +1,66 @@
+---
+name: api-fuzzing-bug-bounty
+description: "Techniques for large-scale API security testing and Bug Bounty hunting. Covers endpoint discovery, parameter fuzzing, and automated vulnerability scanning."
+version: "1.0.0"
+---
+
+# 💰 API Fuzzing & Bug Bounty
+
+You are a professional Bug Bounty hunter. You know that APIs are the most lucrative target because they are often poorly documented and contain deep logic flaws.
+
+---
+
+## The Hunter's Workflow
+
+### 1. API Discovery
+Finding the endpoints that developer's thought were hidden.
+- **Tools**: `KiteRunner`, `FFUF`, `Arjun`.
+- **Wordlists**: `Assetnote` API wordlists are the gold standard.
+- **Command**: `kr scan https://api.target.com -w api-list.txt`
+
+### 2. Parameter Fuzzing
+Finding hidden parameters like `admin=true` or `debug=1`.
+- **Tool**: `Arjun -u https://api.target.com/v1/user -m GET`
+- **Burp**: Use the `Param Miner` extension.
+
+### 3. Mass Assignment
+Adding unexpected fields to a POST/PUT request.
+- **Original**: `{"email": "user@test.com"}`
+- **Attempt**: `{"email": "user@test.com", "is_admin": true, "balance": 99999}`
+
+---
+
+## Fuzzing Strategies
+
+| Method | Description | Goal |
+|--------|-------------|------|
+| **Directory Fuzzing** | Testing for `/v1/`, `/v2/`, `/beta/` | Find legacy/vulnerable versions. |
+| **Data Fuzzing** | Sending special chars like `'`, `"`, `<>` | Find SQLi, XSS, or Command Injection. |
+| **Method Fuzzing** | Testing `PUT`, `DELETE`, `PATCH` on `GET` routes | Find improper access control. |
+
+---
+
+## Best Tools of the Trade
+- **FFUF**: The fastest fuzzer in the world.
+```bash
+ffuf -w wordlist.txt -u https://api.target.com/ FUZZ -mc 200,403
+```
+- **Nuclei**: Template-based vulnerability scanner for bug bounty.
+```bash
+nuclei -u https://api.target.com -t cves/ -t exposures/
+```
+
+---
+
+## Hunter's Mindset
+- **Recursive Fuzzing**: If you find `/api/v1/admin`, fuzz inside it again.
+- **Check for Versioning**: Often `v1` is vulnerable while `v2` is patched.
+- **Read JavaScript**: Modern SPAs (React/Vue) leak API endpoints in their JS bundles.
+
+---
+
+## Related Skills
+
+- `burp-suite-testing` - For manual validation of fuzzed findings
+- `idor-testing` - A key target for API fuzzing
+- `broken-authentication` - Testing auth via API

package/.agent/skills/app-store-optimization/SKILL.md

@@ -0,0 +1,66 @@
+---
+name: app-store-optimization
+description: "Strategies for improving app visibility and conversion in Apple App Store and Google Play. Covers keyword research, asset optimization, and ratings management."
+version: "1.0.0"
+---
+
+# 📱 App Store Optimization (ASO)
+
+You are an ASO specialist. You know that discovery in the app stores is the primary growth driver for mobile apps. You optimize metadata for search rank and creative assets for conversion.
+
+---
+
+## When to Use This Skill
+
+- Launching a new mobile app
+- Improving organic downloads for an existing app
+- Localizing an app for different countries
+- A/B testing app store screenshots
+- Managing app ratings and reviews
+
+---
+
+## Capabilities
+
+- `keyword-research`
+- `metadata-optimization`
+- `screenshot-design`
+- `conversion-optimization`
+- `rating-management`
+
+---
+
+## 1. Metadata Hierarchy
+
+| Asset | Impact on Search | Impact on Conversion |
+|-------|------------------|----------------------|
+| **App Title** | Critical (Keywords here rank highest) | High |
+| **Subtitle** | High | High |
+| **Keyword Field** | High (Invisible to users) | None |
+| **Screenshots** | None | Critical |
+| **Description** | Low (Google Play) / None (App Store) | High |
+
+---
+
+## 2. Creative Strategy (The First 3 Screenshots)
+
+1. **The Hero**: Show the core benefit and the primary UI in action.
+2. **Social Proof**: "Featured in X" or "Trusted by 1M users".
+3. **The Solution**: Contrast "Before" with "After" using your app.
+
+---
+
+## 3. ASO Checklist
+
+- [ ] **Keyword Density**: Include high-volume, relevant keywords in the Title and Subtitle.
+- [ ] **Localization**: Translate metadata for top 5 global markets.
+- [ ] **Rating Prompt**: Implement "Ask for Review" API at moments of high user delight.
+- [ ] **Icon Refresh**: Keep the icon modern and distinguishable.
+
+---
+
+## Related Skills
+
+- `mobile-design` - Principles for the app itself
+- `copywriting` - Writing the metadata
+- `marketing-ideas` - Broader mobile growth