@neyugn/agent-kits 0.5.1 → 0.5.4

package/kits/coder/skills/github-actions/SKILL.md

@@ -8,19 +8,27 @@ priority: HIGH
 
 # GitHub Actions - CI/CD Automation
 
-> **Philosophy:** CI/CD should be **fast, reliable, and secure**. Every push should trigger automated validation. Every deploy should be reproducible.
+## ⚡ Quick Reference
+
+- **Triggers**: `on: push/pull_request/workflow_dispatch` · Use `branches: [main]` not `*`
+- **Order**: Lint → Test → Build → Security scan → Deploy (staging) → Deploy (prod)
+- **Jobs**: `needs: [test]` for dependencies · `if: github.ref == 'refs/heads/main'` for prod
+- **Secrets**: `${{ secrets.MY_SECRET }}` never hardcode · `environment:` for scoped secrets
+- **Caching**: `actions/cache` for node_modules · `pnpm/action-setup` + `--frozen-lockfile`
+- **Security**: `permissions: contents: read` minimal · Pin action versions with SHA
+
+---
+
 
 ---
 
 ## Core Principles
 
-| Principle         | Rule                                                  |
-| ----------------- | ----------------------------------------------------- |
-| **Automate**      | If it can be automated, automate it                   |
-| **Fast feedback** | Tests should run in minutes, not hours                |
-| **Reproducible**  | Same commit = same result, always                     |
-| **Secure**        | Secrets in vault, least privilege, scan dependencies  |
-| **Fail fast**     | Stop pipeline on first failure, don't waste resources |
+- **Automate**: If it can be automated, automate it
+- **Fast feedback**: Tests should run in minutes, not hours
+- **Reproducible**: Same commit = same result, always
+- **Secure**: Secrets in vault, least privilege, scan dependencies
+- **Fail fast**: Stop pipeline on first failure, don't waste resources
 
 ---
 
@@ -155,12 +163,10 @@ jobs:
 
 ## Caching Strategies
 
-| Package Manager | Cache Action                   |
-| --------------- | ------------------------------ |
-| **pnpm**        | `cache: 'pnpm'` in setup-node  |
-| **npm**         | `cache: 'npm'` in setup-node   |
-| **pip**         | `cache: 'pip'` in setup-python |
-| **Docker**      | `cache-from/to: type=gha`      |
+- **pnpm**: `cache: 'pnpm'` in setup-node
+- **npm**: `cache: 'npm'` in setup-node
+- **pip**: `cache: 'pip'` in setup-python
+- **Docker**: `cache-from/to: type=gha`
 
 ### Custom Cache
 
@@ -244,13 +250,11 @@ jobs:
 
 ## Security Best Practices
 
-| Practice                        | Implementation                 |
-| ------------------------------- | ------------------------------ |
-| **Pin action versions**         | `@v4` not `@latest` or `@main` |
-| **Least privilege permissions** | Set `permissions:` explicitly  |
-| **Use secrets**                 | `${{ secrets.MY_SECRET }}`     |
-| **Scan dependencies**           | Trivy, Snyk, Dependabot        |
-| **Review third-party actions**  | Check source before using      |
+- **Pin action versions**: `@v4` not `@latest` or `@main`
+- **Least privilege permissions**: Set `permissions:` explicitly
+- **Use secrets**: `${{ secrets.MY_SECRET }}`
+- **Scan dependencies**: Trivy, Snyk, Dependabot
+- **Review third-party actions**: Check source before using
 
 ### Security Scanning Job
 
@@ -297,16 +301,14 @@ Need to test multiple versions/platforms?
 
 ## Anti-Patterns (DON'T)
 
-| ❌ Anti-Pattern                      | ✅ Correct Approach                  |
-| ------------------------------------ | ------------------------------------ |
-| `@latest` or `@main` for actions     | Pin specific version `@v4`           |
-| No caching                           | Cache dependencies and builds        |
-| Secrets in workflow files            | Use repository/environment secrets   |
-| Single job does everything           | Split into focused jobs              |
-| No `permissions:` block              | Explicit least-privilege permissions |
-| Hardcoded versions                   | Use matrix or variables              |
-| Skip tests on main branch            | Always test, especially on main      |
-| `continue-on-error: true` everywhere | Only where truly necessary           |
+- `@latest` or `@main` for actions: Pin specific version `@v4`
+- No caching: Cache dependencies and builds
+- Secrets in workflow files: Use repository/environment secrets
+- Single job does everything: Split into focused jobs
+- No `permissions:` block: Explicit least-privilege permissions
+- Hardcoded versions: Use matrix or variables
+- Skip tests on main branch: Always test, especially on main
+- `continue-on-error: true` everywhere: Only where truly necessary
 
 ---
 
@@ -324,25 +326,21 @@ Need to test multiple versions/platforms?
 
 ## 🔴 Self-Check Before Completing
 
-| Check                   | Question                              |
-| ----------------------- | ------------------------------------- |
-| ✅ **Actions pinned?**  | Using `@v4` not `@latest`?            |
-| ✅ **Caching enabled?** | Dependencies and builds cached?       |
-| ✅ **Secrets secure?**  | Using `secrets.X`, not hardcoded?     |
-| ✅ **Permissions set?** | Explicit `permissions:` block?        |
-| ✅ **Tests run?**       | Critical paths tested in CI?          |
-| ✅ **Paths filtered?**  | Skipping runs for irrelevant changes? |
+- ✅ **Actions pinned?**: Using `@v4` not `@latest`?
+- ✅ **Caching enabled?**: Dependencies and builds cached?
+- ✅ **Secrets secure?**: Using `secrets.X`, not hardcoded?
+- ✅ **Permissions set?**: Explicit `permissions:` block?
+- ✅ **Tests run?**: Critical paths tested in CI?
+- ✅ **Paths filtered?**: Skipping runs for irrelevant changes?
 
 ---
 
 ## Related Skills
 
-| Need                 | Skill                   |
-| -------------------- | ----------------------- |
-| Docker builds        | `docker-patterns`       |
-| Kubernetes deploy    | `kubernetes-patterns`   |
-| Security scanning    | `security-fundamentals` |
-| Deployment workflows | `deployment-procedures` |
+- Docker builds: `docker-patterns`
+- Kubernetes deploy: `kubernetes-patterns`
+- Security scanning: `security-fundamentals`
+- Deployment workflows: `deployment-procedures`
 
 ---
 

package/kits/coder/skills/gitlab-ci-patterns/SKILL.md

@@ -8,19 +8,27 @@ priority: HIGH
 
 # GitLab CI - CI/CD Automation
 
-> **Philosophy:** Pipelines should be **fast, reliable, and reproducible**. Every merge request should trigger automated validation. Every deployment should be traceable and reversible.
+## ⚡ Quick Reference
+
+- **Stages**: `stages: [lint, test, build, security, deploy]` · Jobs run in stage order
+- **Cache**: `key: $CI_COMMIT_REF_SLUG` · `pull-push` policy · Cache `node_modules/.cache`
+- **Rules**: `rules: - if: $CI_COMMIT_BRANCH == "main"` · avoid deprecated `only/except`
+- **Secrets**: GitLab CI/CD Variables (masked+protected) · Never in `.gitlab-ci.yml`
+- **Docker**: `services: - docker:dind` · `DOCKER_TLS_CERTDIR: "/certs"` · Login before push
+- **Artifacts**: `expire_in: 1 hour` for temp · `reports:` for test/coverage reports
+
+---
+
 
 ---
 
 ## Core Principles
 
-| Principle         | Rule                                                 |
-| ----------------- | ---------------------------------------------------- |
-| **DRY**           | Use templates, includes, and extends to avoid repeat |
-| **Fast Feedback** | Tests should run in minutes, not hours               |
-| **Stage Order**   | Build → Test → Security → Deploy                     |
-| **Fail Fast**     | Stop pipeline on first failure, save resources       |
-| **Cache Smart**   | Cache dependencies, not build outputs                |
+- **DRY**: Use templates, includes, and extends to avoid repeat
+- **Fast Feedback**: Tests should run in minutes, not hours
+- **Stage Order**: Build → Test → Security → Deploy
+- **Fail Fast**: Stop pipeline on first failure, save resources
+- **Cache Smart**: Cache dependencies, not build outputs
 
 ---
 
@@ -398,16 +406,14 @@ Are jobs independent within a stage?
 
 ## Anti-Patterns (DON'T)
 
-| ❌ Anti-Pattern                    | ✅ Correct Approach                 |
-| ---------------------------------- | ----------------------------------- |
-| `image: node:latest`               | Pin version: `node:20-alpine`       |
-| No caching                         | Cache `node_modules`, `.cache` dirs |
-| Secrets in `.gitlab-ci.yml`        | Use CI/CD variables (masked)        |
-| Single job does everything         | Split into stages                   |
-| No `expire_in` for artifacts       | Set expiration to save storage      |
-| `allow_failure: true` everywhere   | Only for non-critical jobs          |
-| Hardcoded URLs/versions            | Use variables                       |
-| `only` without `except` or `rules` | Prefer `rules:` for clarity         |
+- `image: node:latest`: Pin version: `node:20-alpine`
+- No caching: Cache `node_modules`, `.cache` dirs
+- Secrets in `.gitlab-ci.yml`: Use CI/CD variables (masked)
+- Single job does everything: Split into stages
+- No `expire_in` for artifacts: Set expiration to save storage
+- `allow_failure: true` everywhere: Only for non-critical jobs
+- Hardcoded URLs/versions: Use variables
+- `only` without `except` or `rules`: Prefer `rules:` for clarity
 
 ---
 
@@ -425,26 +431,22 @@ Are jobs independent within a stage?
 
 ## 🔴 Self-Check Before Completing
 
-| Check                    | Question                                 |
-| ------------------------ | ---------------------------------------- |
-| ✅ **Images pinned?**    | Using specific versions, not `:latest`?  |
-| ✅ **Cache configured?** | Dependencies cached with correct policy? |
-| ✅ **Secrets secure?**   | Using CI/CD variables, not hardcoded?    |
-| ✅ **Artifacts expire?** | `expire_in` set to reasonable duration?  |
-| ✅ **Security scans?**   | SAST/Dependency scanning enabled?        |
-| ✅ **Rules clear?**      | Using `rules:` instead of `only/except`? |
+- ✅ **Images pinned?**: Using specific versions, not `:latest`?
+- ✅ **Cache configured?**: Dependencies cached with correct policy?
+- ✅ **Secrets secure?**: Using CI/CD variables, not hardcoded?
+- ✅ **Artifacts expire?**: `expire_in` set to reasonable duration?
+- ✅ **Security scans?**: SAST/Dependency scanning enabled?
+- ✅ **Rules clear?**: Using `rules:` instead of `only/except`?
 
 ---
 
 ## Related Skills
 
-| Need              | Skill                   |
-| ----------------- | ----------------------- |
-| GitHub Actions    | `github-actions`        |
-| Docker builds     | `docker-patterns`       |
-| Kubernetes deploy | `kubernetes-patterns`   |
-| Security scanning | `security-fundamentals` |
-| Terraform in CI   | `terraform-patterns`    |
+- GitHub Actions: `github-actions`
+- Docker builds: `docker-patterns`
+- Kubernetes deploy: `kubernetes-patterns`
+- Security scanning: `security-fundamentals`
+- Terraform in CI: `terraform-patterns`
 
 ---
 

package/kits/coder/skills/graphql-patterns/SKILL.md

@@ -7,20 +7,28 @@ version: 2.0
 
 # GraphQL Patterns - API Design & Performance
 
-> **Philosophy:** GraphQL is a contract, not just an API. The schema IS documentation. Design it carefully.
+## ⚡ Quick Reference
+
+- **Schema first**: Define schema before implementation · Schema = contract for all clients
+- **N+1 problem**: Always use DataLoader for nested resolvers · Batch + deduplicate DB calls
+- **Pagination**: Cursor-based (edges/nodes) not offset · `first/after` convention
+- **Mutations**: Return the modified type · Use input types · Clear error messages
+- **Security**: Depth limiting · Complexity limits · Rate limit by complexity score · Disable introspection in prod
+- **Performance**: Persisted queries · Apollo Client cache normalization · `@defer` for slow fields
+
+---
+
 
 ---
 
 ## When to Use This Skill
 
-| ✅ Use                      | ❌ Don't Use                     |
-| --------------------------- | -------------------------------- |
-| Schema design               | REST API design                  |
-| Resolver implementation     | Database queries (use ORM)       |
-| N+1 prevention (DataLoader) | Client-side caching (use Apollo) |
-| Federation architecture     | Simple CRUD APIs                 |
-| Real-time subscriptions     | File uploads as primary use      |
-| Query optimization          | Rate limiting (use middleware)   |
+- Schema design: REST API design
+- Resolver implementation: Database queries (use ORM)
+- N+1 prevention (DataLoader): Client-side caching (use Apollo)
+- Federation architecture: Simple CRUD APIs
+- Real-time subscriptions: File uploads as primary use
+- Query optimization: Rate limiting (use middleware)
 
 ➡️ For REST patterns, see `api-patterns` skill.
 
@@ -67,14 +75,12 @@ input UpdateUserInput {
 
 ### Nullability Strategy
 
-| Pattern      | Meaning                             |
-| ------------ | ----------------------------------- |
-| `String`     | May be null (optional field)        |
-| `String!`    | Never null (required)               |
-| `[String]`   | List may be null, items may be null |
-| `[String]!`  | List never null, items may be null  |
-| `[String!]`  | List may be null, items never null  |
-| `[String!]!` | List never null, items never null   |
+- `String`: May be null (optional field)
+- `String!`: Never null (required)
+- `[String]`: List may be null, items may be null
+- `[String]!`: List never null, items may be null
+- `[String!]`: List may be null, items never null
+- `[String!]!`: List never null, items never null
 
 **Recommendation:** Use `[Type!]!` for lists (empty list over null).
 
@@ -516,16 +522,14 @@ const server = new ApolloServer({
 
 ## Anti-Patterns
 
-| ❌ Don't                              | ✅ Do                                       |
-| ------------------------------------- | ------------------------------------------- |
-| Resolver makes DB call without loader | Use DataLoader for all DB access            |
-| All fields nullable                   | Design nullability intentionally            |
-| Auth only in directives               | Auth in resolvers, directives as supplement |
-| Introspection in production           | Disable introspection                       |
-| Deep unlimited queries                | Depth limiting + complexity analysis        |
-| Return all errors as same type        | Use union types for error variants          |
-| Create DataLoader once globally       | Create per-request                          |
-| Subscription without auth check       | Check auth in subscribe function            |
+- Resolver makes DB call without loader: Use DataLoader for all DB access
+- All fields nullable: Design nullability intentionally
+- Auth only in directives: Auth in resolvers, directives as supplement
+- Introspection in production: Disable introspection
+- Deep unlimited queries: Depth limiting + complexity analysis
+- Return all errors as same type: Use union types for error variants
+- Create DataLoader once globally: Create per-request
+- Subscription without auth check: Check auth in subscribe function
 
 ---
 
@@ -546,12 +550,10 @@ Before production:
 
 ## Related Skills
 
-| Need                   | Skill                 |
-| ---------------------- | --------------------- |
-| REST API design        | `api-patterns`        |
-| Database queries       | `database-design`     |
-| Real-time patterns     | `realtime-patterns`   |
-| TypeScript integration | `typescript-patterns` |
+- REST API design: `api-patterns`
+- Database queries: `database-design`
+- Real-time patterns: `realtime-patterns`
+- TypeScript integration: `typescript-patterns`
 
 ---
 

package/kits/coder/skills/i18n-localization/SKILL.md

@@ -6,6 +6,18 @@ allowed-tools: Read, Write, Edit, Glob, Grep, Bash
 
 # i18n & Localization Patterns
 
+## ⚡ Quick Reference
+
+- **Keys**: `component.element.state` format · `user.profile.title` not `profileTitle` · never translate keys
+- **Interpolation**: `t('greeting', { name })` not string concat · ICU format for plurals
+- **RTL**: CSS logical properties (`margin-inline-start` not `margin-left`) · `dir="rtl"` on root
+- **Dates/Numbers**: Always use `Intl.DateTimeFormat` and `Intl.NumberFormat` · Never hardcode locale
+- **Currency**: Store in minor units (cents) · Format with `Intl.NumberFormat(locale, { style: 'currency' })`
+- **Missing keys**: Fallback to default locale · Never show key ID to user · Log missing keys
+
+---
+
+
 > Make software work beautifully in every language and culture.
 
 ---
@@ -63,12 +75,10 @@ locales/
 
 ### Namespace Strategy
 
-| Namespace   | Contents                    |
-| ----------- | --------------------------- |
-| `common`    | Shared: buttons, labels     |
-| `auth`      | Login, register, password   |
-| `errors`    | Error messages, validations |
-| `[feature]` | Feature-specific strings    |
+- `common`: Shared: buttons, labels
+- `auth`: Login, register, password
+- `errors`: Error messages, validations
+- `[feature]`: Feature-specific strings
 
 ---
 
@@ -95,12 +105,10 @@ locales/
 
 ### Naming Rules
 
-| Rule                  | Example                      |
-| --------------------- | ---------------------------- |
-| **camelCase keys**    | `forgotPassword`             |
-| **Nested by feature** | `auth.login.title`           |
-| **Semantic naming**   | `submitButton` not `button1` |
-| **No hardcoded text** | Even for "OK" or "Cancel"    |
+- **camelCase keys**: `forgotPassword`
+- **Nested by feature**: `auth.login.title`
+- **Semantic naming**: `submitButton` not `button1`
+- **No hardcoded text**: Even for "OK" or "Cancel"
 
 ---
 
@@ -217,15 +225,13 @@ const pseudoLocalize = (str: string) => {
 
 ### Logical Properties Mapping
 
-| Physical           | Logical               |
-| ------------------ | --------------------- |
-| `left`             | `inline-start`        |
-| `right`            | `inline-end`          |
-| `top`              | `block-start`         |
-| `bottom`           | `block-end`           |
-| `margin-left`      | `margin-inline-start` |
-| `padding-right`    | `padding-inline-end`  |
-| `text-align: left` | `text-align: start`   |
+- `left`: `inline-start`
+- `right`: `inline-end`
+- `top`: `block-start`
+- `bottom`: `block-end`
+- `margin-left`: `margin-inline-start`
+- `padding-right`: `padding-inline-end`
+- `text-align: left`: `text-align: start`
 
 ### HTML Direction
 
@@ -320,25 +326,21 @@ const formatRelative = (date: Date, locale: string) => {
 
 ## ❌ Anti-Patterns
 
-| ❌ Don't                          | ✅ Do                                      |
-| --------------------------------- | ------------------------------------------ |
-| Concatenate strings for sentences | Use ICU message format                     |
-| Hardcode "OK", "Cancel", etc.     | Externalize ALL strings                    |
-| Use physical CSS properties       | Use logical properties for RTL             |
-| Assume text length stays same     | Design for 30-50% expansion                |
-| Store locale in localStorage only | Support URL-based locale switching         |
-| Use images with embedded text     | Separate text layer or generate per-locale |
+- Concatenate strings for sentences: Use ICU message format
+- Hardcode "OK", "Cancel", etc.: Externalize ALL strings
+- Use physical CSS properties: Use logical properties for RTL
+- Assume text length stays same: Design for 30-50% expansion
+- Store locale in localStorage only: Support URL-based locale switching
+- Use images with embedded text: Separate text layer or generate per-locale
 
 ---
 
 ## 🔗 Related Skills
 
-| Need           | Skill                    |
-| -------------- | ------------------------ |
-| React patterns | `react-patterns`         |
-| API design     | `api-patterns`           |
-| Accessibility  | `accessibility-patterns` |
-| Testing        | `testing-patterns`       |
+- React patterns: `react-patterns`
+- API design: `api-patterns`
+- Accessibility: `accessibility-patterns`
+- Testing: `testing-patterns`
 
 ---
 

package/kits/coder/skills/kubernetes-patterns/SKILL.md

@@ -8,19 +8,27 @@ priority: HIGH
 
 # Kubernetes Patterns - Cloud-Native Orchestration
 
-> **Philosophy:** Kubernetes is infrastructure as code. Declare what you want, let the system reconcile. **GitOps everything.**
+## ⚡ Quick Reference
+
+- **Core resources**: Deployment (stateless) · StatefulSet (stateful) · Service · ConfigMap · Secret · Ingress
+- **Health**: Always `livenessProbe` + `readinessProbe` · `/health` and `/ready` endpoints required
+- **Resources**: Always set `requests` (scheduling) and `limits` (capping) · No unbounded containers
+- **Security**: Non-root user · `readOnlyRootFilesystem` · No `privileged: true` · NetworkPolicy
+- **Config**: ConfigMap for non-sensitive config · Secret for credentials (base64 not encryption!) · Use external-secrets for prod
+- **GitOps**: All manifests in git · ArgoCD/FluxCD for sync · Never `kubectl apply` manually in prod
+
+---
+
 
 ---
 
 ## Core Principles
 
-| Principle           | Rule                                                 |
-| ------------------- | ---------------------------------------------------- |
-| **Declarative**     | Define desired state, not imperative steps           |
-| **Immutable**       | Never modify running resources - redeploy instead    |
-| **GitOps**          | Git is the source of truth for all manifests         |
-| **Least Privilege** | RBAC with minimal permissions, pod security policies |
-| **Observable**      | Probes, metrics, logs for every workload             |
+- **Declarative**: Define desired state, not imperative steps
+- **Immutable**: Never modify running resources - redeploy instead
+- **GitOps**: Git is the source of truth for all manifests
+- **Least Privilege**: RBAC with minimal permissions, pod security policies
+- **Observable**: Probes, metrics, logs for every workload
 
 ---
 
@@ -316,41 +324,35 @@ spec:
 
 ## Anti-Patterns (DON'T)
 
-| ❌ Anti-Pattern              | ✅ Correct Approach                     |
-| ---------------------------- | --------------------------------------- |
-| `kubectl apply` from laptop  | GitOps - apply from Git repo            |
-| `latest` image tag           | Specific versioned tags                 |
-| No resource requests/limits  | Always set requests, usually set limits |
-| Running as root              | `runAsNonRoot: true`                    |
-| Secrets in ConfigMap         | Use Secrets or External Secrets         |
-| No health probes             | livenessProbe + readinessProbe          |
-| Single replica in prod       | Minimum 2-3 replicas with PDB           |
-| `kubectl edit` in production | Edit in Git, apply via GitOps           |
+- `kubectl apply` from laptop: GitOps - apply from Git repo
+- `latest` image tag: Specific versioned tags
+- No resource requests/limits: Always set requests, usually set limits
+- Running as root: `runAsNonRoot: true`
+- Secrets in ConfigMap: Use Secrets or External Secrets
+- No health probes: livenessProbe + readinessProbe
+- Single replica in prod: Minimum 2-3 replicas with PDB
+- `kubectl edit` in production: Edit in Git, apply via GitOps
 
 ---
 
 ## 🔴 Self-Check Before Deploying
 
-| Check                     | Question                              |
-| ------------------------- | ------------------------------------- |
-| ✅ **Resources set?**     | requests and limits configured?       |
-| ✅ **Probes configured?** | liveness + readiness probes?          |
-| ✅ **Non-root?**          | Pod runs as non-root user?            |
-| ✅ **Image pinned?**      | Specific tag, not `latest`?           |
-| ✅ **Secrets external?**  | No hardcoded secrets in manifests?    |
-| ✅ **Replicas > 1?**      | At least 2 replicas for HA?           |
-| ✅ **PDB defined?**       | PodDisruptionBudget for availability? |
+- ✅ **Resources set?**: requests and limits configured?
+- ✅ **Probes configured?**: liveness + readiness probes?
+- ✅ **Non-root?**: Pod runs as non-root user?
+- ✅ **Image pinned?**: Specific tag, not `latest`?
+- ✅ **Secrets external?**: No hardcoded secrets in manifests?
+- ✅ **Replicas > 1?**: At least 2 replicas for HA?
+- ✅ **PDB defined?**: PodDisruptionBudget for availability?
 
 ---
 
 ## Related Skills
 
-| Need                 | Skill                     |
-| -------------------- | ------------------------- |
-| Container images     | `docker-patterns`         |
-| CI/CD pipelines      | `github-actions` (future) |
-| Server management    | `server-management`       |
-| Deployment workflows | `deployment-procedures`   |
+- Container images: `docker-patterns`
+- CI/CD pipelines: `github-actions` (future)
+- Server management: `server-management`
+- Deployment workflows: `deployment-procedures`
 
 ---