@neyugn/agent-kits 0.5.1 → 0.5.4

package/kits/coder/skills/react-patterns/SKILL.md

@@ -6,17 +6,25 @@ allowed-tools: Read, Write, Edit, Glob, Grep
 
 # React Patterns
 
-> **Philosophy:** Measure first, optimize second. React is about composition - build small, combine thoughtfully.
+## ⚡ Quick Reference
+
+- **State**: Local → useState · Shared → Context/Zustand · Server → React Query · avoid Redux for new projects
+- **Performance**: `memo` for expensive renders · `useMemo` for costly computations · `useCallback` for stable refs
+- **Hooks rules**: Top-level only · No conditionals · Custom hooks extract logic not UI
+- **Keys**: Stable unique IDs not array index · Missing keys = bugs in list reorder
+- **Async**: React Query for server state · `useEffect` with cleanup for subscriptions · no fire-and-forget
+- **Avoid**: Prop drilling > 2 levels (use context) · useEffect for derived state (useMemo) · `any` in TypeScript
+
+---
+
 
 ---
 
 ## 📑 Content Map
 
-| File                            | When to Read                  |
-| ------------------------------- | ----------------------------- |
-| `references/hook-patterns.md`   | Advanced custom hooks         |
-| `references/performance.md`     | Deep performance optimization |
-| `references/nextjs-patterns.md` | Next.js App Router specific   |
+- `references/hook-patterns.md`: Advanced custom hooks
+- `references/performance.md`: Deep performance optimization
+- `references/nextjs-patterns.md`: Next.js App Router specific
 
 ---
 
@@ -33,12 +41,10 @@ allowed-tools: Read, Write, Edit, Glob, Grep
 
 ### Design Rules
 
-| Rule                         | Rationale                        |
-| ---------------------------- | -------------------------------- |
-| One responsibility           | Easier testing, reuse            |
-| Props down, events up        | Predictable data flow            |
-| Composition over inheritance | Flexibility, avoid prop drilling |
-| Small, focused components    | Better tree shaking, readability |
+- One responsibility: Easier testing, reuse
+- Props down, events up: Predictable data flow
+- Composition over inheritance: Flexibility, avoid prop drilling
+- Small, focused components: Better tree shaking, readability
 
 ---
 
@@ -46,23 +52,19 @@ allowed-tools: Read, Write, Edit, Glob, Grep
 
 ### When to Extract Custom Hooks
 
-| Pattern           | Extract When                           |
-| ----------------- | -------------------------------------- |
-| `useLocalStorage` | Same storage logic needed              |
-| `useDebounce`     | Multiple debounced values              |
-| `useFetch`        | Repeated fetch patterns                |
-| `useForm`         | Complex form state                     |
-| `useClickOutside` | Multiple modal/dropdown components     |
-| `usePrevious`     | Need previous value in multiple places |
+- `useLocalStorage`: Same storage logic needed
+- `useDebounce`: Multiple debounced values
+- `useFetch`: Repeated fetch patterns
+- `useForm`: Complex form state
+- `useClickOutside`: Multiple modal/dropdown components
+- `usePrevious`: Need previous value in multiple places
 
 ### Hook Rules (CRITICAL)
 
-| Rule                    | Violation Consequence            |
-| ----------------------- | -------------------------------- |
-| Top level only          | Inconsistent state               |
-| Same order every render | React loses track of state       |
-| Prefix with "use"       | Lint error, convention violation |
-| Clean up effects        | Memory leaks, stale closures     |
+- Top level only: Inconsistent state
+- Same order every render: React loses track of state
+- Prefix with "use": Lint error, convention violation
+- Clean up effects: Memory leaks, stale closures
 
 ### React 19 New Hooks
 
@@ -182,12 +184,10 @@ State scope?
 
 ### Recovery Pattern
 
-| Step | Action                         |
-| ---- | ------------------------------ |
-| 1    | Show fallback UI               |
-| 2    | Log error (Sentry, DataDog)    |
-| 3    | Offer retry option             |
-| 4    | Preserve user data if possible |
+- 1: Show fallback UI
+- 2: Log error (Sentry, DataDog)
+- 3: Offer retry option
+- 4: Preserve user data if possible
 
 ---
 
@@ -203,12 +203,10 @@ State scope?
 
 ### Essential Types
 
-| Need          | Type                     |
-| ------------- | ------------------------ |
-| Children      | `ReactNode`              |
-| Event handler | `MouseEventHandler<T>`   |
-| Ref           | `RefObject<Element>`     |
-| Component ref | `ComponentRef<typeof X>` |
+- Children: `ReactNode`
+- Event handler: `MouseEventHandler<T>`
+- Ref: `RefObject<Element>`
+- Component ref: `ComponentRef<typeof X>`
 
 ---
 
@@ -261,13 +259,11 @@ Does component need...?
 
 ### File Conventions
 
-| File            | Purpose          |
-| --------------- | ---------------- |
-| `page.tsx`      | Route UI         |
-| `layout.tsx`    | Shared layout    |
-| `loading.tsx`   | Loading skeleton |
-| `error.tsx`     | Error boundary   |
-| `not-found.tsx` | 404 page         |
+- `page.tsx`: Route UI
+- `layout.tsx`: Shared layout
+- `loading.tsx`: Loading skeleton
+- `error.tsx`: Error boundary
+- `not-found.tsx`: 404 page
 
 ### Caching Strategy
 
@@ -306,13 +302,11 @@ Simple local? → useState
 
 ## Related Skills
 
-| Need                  | Skill                   |
-| --------------------- | ----------------------- |
-| Styling               | `tailwind-patterns`     |
-| Testing               | `testing-patterns`      |
-| API integration       | `api-patterns`          |
-| TypeScript advanced   | `typescript-patterns`   |
-| Performance deep-dive | `performance-profiling` |
+- Styling: `tailwind-patterns`
+- Testing: `testing-patterns`
+- API integration: `api-patterns`
+- TypeScript advanced: `typescript-patterns`
+- Performance deep-dive: `performance-profiling`
 
 ---
 

package/kits/coder/skills/realtime-patterns/SKILL.md

@@ -6,7 +6,17 @@ allowed-tools: Read, Write, Edit, Bash
 
 # Realtime Patterns - Event-Driven Communication Architecture
 
-> **Philosophy:** Real-time isn't just fast—it's instantaneous perceived response. Design for resilience, not just speed.
+## ⚡ Quick Reference
+
+- **Protocol selection**: Chat/games → WebSocket · News/notifications → SSE · Simple push → Long-polling
+- **Reconnection**: Exponential backoff (1s → 2s → 4s max 30s) · Client-side always handles reconnect
+- **Rooms/channels**: `socket.join(roomId)` · `io.to(room).emit()` · Clean up on disconnect
+- **Auth**: JWT in handshake query/header (not cookie for WS) · Validate on every connection
+- **Scaling**: Redis adapter for Socket.IO multi-instance · Sticky sessions OR pub/sub architecture
+- **State sync**: Send missed events on reconnect · Event sequence numbers · Client-side reconciliation
+
+---
+
 
 ---
 
@@ -84,12 +94,10 @@ interface ConnectionState {
 
 ### Keep-Alive (Heartbeat)
 
-| Aspect           | Recommendation                            |
-| ---------------- | ----------------------------------------- |
-| **Interval**     | 25-30 seconds (under typical 60s timeout) |
-| **Pong Timeout** | 5-10 seconds after ping sent              |
-| **On Timeout**   | Trigger reconnection                      |
-| **Payload**      | Minimal (empty or timestamp only)         |
+- **Interval**: 25-30 seconds (under typical 60s timeout)
+- **Pong Timeout**: 5-10 seconds after ping sent
+- **On Timeout**: Trigger reconnection
+- **Payload**: Minimal (empty or timestamp only)
 
 ```typescript
 // Heartbeat pattern
@@ -313,13 +321,11 @@ io.adapter(createAdapter(pubClient, subClient));
 
 ### Scaling Considerations
 
-| Challenge             | Solution                                  |
-| --------------------- | ----------------------------------------- |
-| **Sticky Sessions**   | Use consistent hashing or client IP-based |
-| **Cross-Server Emit** | Redis Pub/Sub adapter                     |
-| **Connection State**  | Store in Redis, not in-memory             |
-| **N-Squared Problem** | Sharded Redis adapter (Redis 7.0+)        |
-| **Message Order**     | Use sequence numbers or timestamps        |
+- **Sticky Sessions**: Use consistent hashing or client IP-based
+- **Cross-Server Emit**: Redis Pub/Sub adapter
+- **Connection State**: Store in Redis, not in-memory
+- **N-Squared Problem**: Sharded Redis adapter (Redis 7.0+)
+- **Message Order**: Use sequence numbers or timestamps
 
 ---
 
@@ -350,14 +356,12 @@ io.use(async (socket, next) => {
 
 ### Security Checklist
 
-| Concern                | Mitigation                              |
-| ---------------------- | --------------------------------------- |
-| **Authentication**     | Validate token before accepting socket  |
-| **Authorization**      | Check permissions before joining rooms  |
-| **Rate Limiting**      | Limit events per second per client      |
-| **Payload Validation** | Validate and sanitize all incoming data |
-| **Message Size**       | Limit max payload size                  |
-| **Origin Check**       | Configure CORS properly                 |
+- **Authentication**: Validate token before accepting socket
+- **Authorization**: Check permissions before joining rooms
+- **Rate Limiting**: Limit events per second per client
+- **Payload Validation**: Validate and sanitize all incoming data
+- **Message Size**: Limit max payload size
+- **Origin Check**: Configure CORS properly
 
 ---
 
@@ -399,14 +403,12 @@ socket.on("error", (error) => {
 
 ### Key Metrics
 
-| Metric                 | What It Tells You             |
-| ---------------------- | ----------------------------- |
-| **Active Connections** | Current load, scaling needs   |
-| **Connection Rate**    | Traffic patterns, spikes      |
-| **Reconnection Rate**  | Connection stability issues   |
-| **Message Latency**    | System responsiveness         |
-| **Messages/Second**    | Throughput, capacity planning |
-| **Error Rate**         | System health                 |
+- **Active Connections**: Current load, scaling needs
+- **Connection Rate**: Traffic patterns, spikes
+- **Reconnection Rate**: Connection stability issues
+- **Message Latency**: System responsiveness
+- **Messages/Second**: Throughput, capacity planning
+- **Error Rate**: System health
 
 ### Debugging Tips
 
@@ -433,16 +435,14 @@ socket.io.on("reconnect_error", (error) => {
 
 ## 🚨 Anti-Patterns
 
-| ❌ Don't                            | ✅ Do                               |
-| ----------------------------------- | ----------------------------------- |
-| Send large objects over socket      | Send IDs, fetch data via HTTP       |
-| Block in event handlers             | Process async, return quickly       |
-| Trust client-sent room names        | Validate and authorize room access  |
-| Reconnect immediately on failure    | Use exponential backoff with jitter |
-| Store state in single server memory | Use Redis for cross-server state    |
-| Ignore connection state             | Track and display to user           |
-| Send sensitive data in events       | Encrypt or use HTTPS/WSS only       |
-| Process without validation          | Validate all incoming payloads      |
+- Send large objects over socket: Send IDs, fetch data via HTTP
+- Block in event handlers: Process async, return quickly
+- Trust client-sent room names: Validate and authorize room access
+- Reconnect immediately on failure: Use exponential backoff with jitter
+- Store state in single server memory: Use Redis for cross-server state
+- Ignore connection state: Track and display to user
+- Send sensitive data in events: Encrypt or use HTTPS/WSS only
+- Process without validation: Validate all incoming payloads
 
 ---
 
@@ -494,12 +494,10 @@ socket.io.on("reconnect_error", (error) => {
 
 ## 🔗 Related Skills
 
-| Need                      | Skill                   |
-| ------------------------- | ----------------------- |
-| API design for HTTP calls | `api-patterns`          |
-| Performance optimization  | `performance-profiling` |
-| Queue/worker patterns     | `queue-patterns`        |
-| Database for state        | `database-design`       |
+- API design for HTTP calls: `api-patterns`
+- Performance optimization: `performance-profiling`
+- Queue/worker patterns: `queue-patterns`
+- Database for state: `database-design`
 
 ---
 

package/kits/coder/skills/redis-patterns/SKILL.md

@@ -7,21 +7,29 @@ version: 2.0
 
 # Redis Patterns - Caching & Real-Time
 
-> **Philosophy:** Redis is not just a cache—it's a data structure server. Use the right structure for the right problem.
+## ⚡ Quick Reference
+
+- **Structures**: String (simple cache) · Hash (objects) · List (queues/history) · Set (unique items) · Sorted Set (leaderboards/priority)
+- **Expiry**: Always set TTL · `SET key val EX 3600` · no orphaned keys
+- **Key naming**: `tenant:{id}:user:{id}` prefix convention · colon separator · descriptive
+- **Caching**: Cache-aside pattern · Invalidate on write · Short TTL for volatile data
+- **Concurrency**: `INCR` for atomic counters · Lua scripts for multi-key atomicity · `SETNX` for locks
+- **Persistence**: AOF for production · RDB for dev only · `maxmemory-policy allkeys-lru` for cache use
+
+---
+
 
 ---
 
 ## When to Use This Skill
 
-| ✅ Use                 | ❌ Don't Use                 |
-| ---------------------- | ---------------------------- |
-| Caching strategies     | Primary database design      |
-| Session management     | Complex querying             |
-| Rate limiting          | Relational data              |
-| Pub/Sub messaging      | Durable storage requirements |
-| Distributed locking    | ACID transactions            |
-| Real-time leaderboards | Large document storage       |
-| Queue/Job patterns     | Complex aggregations         |
+- Caching strategies: Primary database design
+- Session management: Complex querying
+- Rate limiting: Relational data
+- Pub/Sub messaging: Durable storage requirements
+- Distributed locking: ACID transactions
+- Real-time leaderboards: Large document storage
+- Queue/Job patterns: Complex aggregations
 
 ---
 
@@ -391,13 +399,11 @@ await redis.expire("leaderboard:weekly", 604800); // 7 days
 
 ### Eviction Policies
 
-| Policy           | Use Case                      |
-| ---------------- | ----------------------------- |
-| `noeviction`     | Fail writes when memory full  |
-| `allkeys-lru`    | General caching (recommended) |
-| `volatile-lru`   | Only evict keys with TTL      |
-| `allkeys-lfu`    | Frequency-based eviction      |
-| `allkeys-random` | Random eviction               |
+- `noeviction`: Fail writes when memory full
+- `allkeys-lru`: General caching (recommended)
+- `volatile-lru`: Only evict keys with TTL
+- `allkeys-lfu`: Frequency-based eviction
+- `allkeys-random`: Random eviction
 
 ### Memory Optimization
 
@@ -442,16 +448,14 @@ Examples:
 
 ## Anti-Patterns
 
-| ❌ Don't                        | ✅ Do                                 |
-| ------------------------------- | ------------------------------------- |
-| Store without TTL               | Always set expiration                 |
-| Use KEYS in production          | Use SCAN for iteration                |
-| Large values (>1MB)             | Split or use different storage        |
-| Create connection per request   | Use connection pooling                |
-| Use as primary database         | Use as cache/session/queue layer      |
-| Block with BLPOP in main thread | Dedicated subscriber connections      |
-| Store complex relational data   | Use proper database for relations     |
-| Ignore memory limits            | Configure maxmemory + eviction policy |
+- Store without TTL: Always set expiration
+- Use KEYS in production: Use SCAN for iteration
+- Large values (>1MB): Split or use different storage
+- Create connection per request: Use connection pooling
+- Use as primary database: Use as cache/session/queue layer
+- Block with BLPOP in main thread: Dedicated subscriber connections
+- Store complex relational data: Use proper database for relations
+- Ignore memory limits: Configure maxmemory + eviction policy
 
 ---
 
@@ -472,12 +476,10 @@ Before deployment:
 
 ## Related Skills
 
-| Need                  | Skill                   |
-| --------------------- | ----------------------- |
-| Message queues        | `queue-patterns`        |
-| Database caching      | `database-design`       |
-| Real-time patterns    | `realtime-patterns`     |
-| Performance profiling | `performance-profiling` |
+- Message queues: `queue-patterns`
+- Database caching: `database-design`
+- Real-time patterns: `realtime-patterns`
+- Performance profiling: `performance-profiling`
 
 ---
 

package/kits/coder/skills/security-fundamentals/SKILL.md

@@ -6,7 +6,16 @@ allowed-tools: Read, Edit, Glob, Grep
 
 # Security Fundamentals - Thinking Like an Attacker
 
-> **Philosophy:** Security is a mindset, not a checklist. Every line of code should assume input is hostile.
+## ⚡ Quick Reference
+
+- **Zero Trust**: Validate all inputs · No trust by location · Fail secure (deny on error)
+- **OWASP Top 10**: Access Control · Security Misconfig · Supply Chain · Crypto Failures · Injection · Auth Failures
+- **Input**: Validate type+length+format · Parameterized queries (no string concat) · Sanitize HTML output
+- **Auth**: bcrypt/Argon2 for passwords · JWT 15min expiry · httpOnly cookies for refresh · Rate limit login
+- **Secrets**: Never in code/logs · `.env` for local · Vault/SecretsManager for prod · Rotate regularly
+- **HTTPS**: TLS 1.2+ only · HSTS header · CSP header · No mixed content
+
+---
 
 ---
 
@@ -150,18 +159,16 @@ function createUser(input: unknown) {
 
 ### Common Validation Rules
 
-| Field Type | Validation Rules                           |
-| ---------- | ------------------------------------------ |
-| Username   | ^[a-zA-Z0-9_]{3,20}$                       |
-| Email      | RFC 5322 regex + domain check              |
-| Password   | Min 12 chars, complexity rules             |
-| Phone      | Digits only, length 10-15                  |
-| UUID       | ^[0-9a-f]{8}-... pattern                   |
-| URL        | Scheme allowlist (https), domain allowlist |
-| File       | Extension allowlist, magic bytes, max size |
-| Date       | ISO 8601, reasonable range                 |
-| Number     | Min/max bounds, integer vs float           |
-| Free text  | Max length, no control chars               |
+- Username: ^[a-zA-Z0-9_]{3,20}$
+- Email: RFC 5322 regex + domain check
+- Password: Min 12 chars, complexity rules
+- Phone: Digits only, length 10-15
+- UUID: ^[0-9a-f]{8}-... pattern
+- URL: Scheme allowlist (https), domain allowlist
+- File: Extension allowlist, magic bytes, max size
+- Date: ISO 8601, reasonable range
+- Number: Min/max bounds, integer vs float
+- Free text: Max length, no control chars
 
 ---
 
@@ -199,14 +206,12 @@ const cleanHTML = DOMPurify.sanitize(dirtyHTML, {
 
 ### Output Encoding
 
-| Context           | Encoding                          |
-| ----------------- | --------------------------------- |
-| HTML body         | HTML entity encode (`<` → `&lt;`) |
-| HTML attribute    | Attribute encode + quote          |
-| JavaScript string | JS escape + avoid eval            |
-| CSS value         | CSS escape, avoid `url()`         |
-| URL parameter     | URL encode (`%20`)                |
-| JSON              | JSON.stringify (auto-escapes)     |
+- HTML body: HTML entity encode (`<` → `&lt;`)
+- HTML attribute: Attribute encode + quote
+- JavaScript string: JS escape + avoid eval
+- CSS value: CSS escape, avoid `url()`
+- URL parameter: URL encode (`%20`)
+- JSON: JSON.stringify (auto-escapes)
 
 ---
 
@@ -223,13 +228,11 @@ Cost factor: ~100ms per hash (adjust for hardware)
 
 ### Session Security
 
-| Aspect       | Requirement                         |
-| ------------ | ----------------------------------- |
-| Session ID   | Cryptographically random, 128+ bits |
-| Storage      | HttpOnly cookie (not localStorage)  |
-| Transmission | Secure flag (HTTPS only)            |
-| Expiration   | Reasonable timeout, absolute + idle |
-| Rotation     | New ID after privilege change       |
+- Session ID: Cryptographically random, 128+ bits
+- Storage: HttpOnly cookie (not localStorage)
+- Transmission: Secure flag (HTTPS only)
+- Expiration: Reasonable timeout, absolute + idle
+- Rotation: New ID after privilege change
 
 ### JWT Security
 
@@ -292,18 +295,16 @@ const securityHeaders = {
 
 ## 🚨 Anti-Patterns
 
-| ❌ Don't                                | ✅ Do                              |
-| --------------------------------------- | ---------------------------------- |
-| Store passwords in plain text           | Use bcrypt/Argon2 with proper cost |
-| Concatenate SQL strings                 | Use parameterized queries          |
-| Disable SSL verification                | Fix certificate issues properly    |
-| Log sensitive data                      | Mask/redact before logging         |
-| Use `eval()` with user input            | Find alternative approach          |
-| Trust client-side validation            | Always validate server-side        |
-| Commit secrets to repo                  | Use environment variables          |
-| Use `*` for CORS origin                 | Explicit domain allowlist          |
-| Disable security features "temporarily" | Never—find proper solution         |
-| Roll your own crypto                    | Use established libraries          |
+- Store passwords in plain text: Use bcrypt/Argon2 with proper cost
+- Concatenate SQL strings: Use parameterized queries
+- Disable SSL verification: Fix certificate issues properly
+- Log sensitive data: Mask/redact before logging
+- Use `eval()` with user input: Find alternative approach
+- Trust client-side validation: Always validate server-side
+- Commit secrets to repo: Use environment variables
+- Use `*` for CORS origin: Explicit domain allowlist
+- Disable security features "temporarily": Never—find proper solution
+- Roll your own crypto: Use established libraries
 
 ---
 
@@ -343,12 +344,10 @@ const securityHeaders = {
 
 ## 🔗 Related Skills
 
-| Need                  | Skill              |
-| --------------------- | ------------------ |
-| API design patterns   | `api-patterns`     |
-| Database security     | `database-design`  |
-| Testing for security  | `testing-patterns` |
-| Clean code principles | `clean-code`       |
+- API design patterns: `api-patterns`
+- Database security: `database-design`
+- Testing for security: `testing-patterns`
+- Clean code principles: `clean-code`
 
 ---