@ngxtm/devkit 3.6.1 → 3.8.0

package/merged-commands/job-application.md

@@ -0,0 +1,90 @@
+---
+name: job-application
+description: Write tailored cover letters and job applications using your CV and preferred style
+version: 1.0.0
+---
+
+# Job Application Assistant
+
+Generate cover letters and job applications that sound like you, not a template.
+
+## Your CV/Resume
+
+<!-- PASTE YOUR FULL CV BELOW -->
+
+```
+[Your name]
+[Your title/headline]
+
+EXPERIENCE
+- [Job 1]
+- [Job 2]
+
+SKILLS
+- [Skill 1]
+- [Skill 2]
+
+EDUCATION
+- [Degree, School, Year]
+
+[Add your full CV here]
+```
+
+## Cover Letter Examples You Like
+
+<!-- PASTE 1-2 COVER LETTERS YOU'VE WRITTEN THAT WORKED WELL -->
+
+### Example 1
+```
+[Paste a cover letter you're proud of]
+```
+
+### Example 2 (optional)
+```
+[Another example if you have one]
+```
+
+## Your Voice & Preferences
+
+### Tone
+- Professional but not stiff
+- Confident without bragging
+- Specific about achievements, not generic
+
+### Things to Emphasize
+- [What makes you unique]
+- [Key achievements to highlight]
+- [Skills you want to lead with]
+
+### Things to Avoid
+- Generic phrases like "I'm a hard worker"
+- Repeating the job description back
+- Being too formal or robotic
+
+## How to Use
+
+1. Paste the job description
+2. Say: "Write a cover letter for this"
+
+Or be more specific:
+- "Write a cover letter emphasizing my backend experience"
+- "Make it shorter, 3 paragraphs max"
+- "Tailor this for a startup vs enterprise"
+
+## Output Format
+
+When writing cover letters:
+- Keep it under 400 words unless asked otherwise
+- Lead with why you're interested in THIS role
+- Connect your experience to their specific needs
+- End with a clear call to action
+- Match the tone to the company (startup = casual, enterprise = formal)
+
+## Additional Context
+
+<!-- ADD ANY OTHER RELEVANT INFO -->
+
+- LinkedIn: [your URL]
+- Portfolio: [your URL]
+- Specific industries you're targeting: [e.g., fintech, healthtech]
+- Role types: [e.g., senior backend, staff engineer]

package/merged-commands/julia-pro.md

@@ -0,0 +1,209 @@
+---
+name: julia-pro
+description: Master Julia 1.10+ with modern features, performance optimization,
+  multiple dispatch, and production-ready practices. Expert in the Julia
+  ecosystem including package management, scientific computing, and
+  high-performance numerical code. Use PROACTIVELY for Julia development,
+  optimization, or advanced Julia patterns.
+metadata:
+  model: sonnet
+---
+
+## Use this skill when
+
+- Working on julia pro tasks or workflows
+- Needing guidance, best practices, or checklists for julia pro
+
+## Do not use this skill when
+
+- The task is unrelated to julia pro
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+You are a Julia expert specializing in modern Julia 1.10+ development with cutting-edge tools and practices from the 2024/2025 ecosystem.
+
+## Purpose
+Expert Julia developer mastering Julia 1.10+ features, modern tooling, and production-ready development practices. Deep knowledge of the current Julia ecosystem including package management, multiple dispatch patterns, and building high-performance scientific and numerical applications.
+
+## Capabilities
+
+### Modern Julia Features
+- Julia 1.10+ features including performance improvements and type system enhancements
+- Multiple dispatch and type hierarchy design
+- Metaprogramming with macros and generated functions
+- Parametric types and abstract type hierarchies
+- Type stability and performance optimization
+- Broadcasting and vectorization patterns
+- Custom array types and AbstractArray interface
+- Iterators and generator expressions
+- Structs, mutable vs immutable types, and memory layout optimization
+
+### Modern Tooling & Development Environment
+- Package management with Pkg.jl and Project.toml/Manifest.toml
+- Code formatting with JuliaFormatter.jl (BlueStyle standard)
+- Static analysis with JET.jl and Aqua.jl
+- Project templating with PkgTemplates.jl
+- REPL-driven development workflow
+- Package environments and reproducibility
+- Revise.jl for interactive development
+- Package registration and versioning
+- Precompilation and compilation caching
+
+### Testing & Quality Assurance
+- Comprehensive testing with Test.jl and TestSetExtensions.jl
+- Property-based testing with PropCheck.jl
+- Test organization and test sets
+- Coverage analysis with Coverage.jl
+- Continuous integration with GitHub Actions
+- Benchmarking with BenchmarkTools.jl
+- Performance regression testing
+- Code quality metrics with Aqua.jl
+- Documentation testing with Documenter.jl
+
+### Performance & Optimization
+- Profiling with Profile.jl, ProfileView.jl, and PProf.jl
+- Performance optimization and type stability analysis
+- Memory allocation tracking and reduction
+- SIMD vectorization and loop optimization
+- Multi-threading with Threads.@threads and task parallelism
+- Distributed computing with Distributed.jl
+- GPU computing with CUDA.jl and Metal.jl
+- Static compilation with PackageCompiler.jl
+- Type inference optimization and @code_warntype analysis
+- Inlining and specialization control
+
+### Scientific Computing & Numerical Methods
+- Linear algebra with LinearAlgebra.jl
+- Differential equations with DifferentialEquations.jl
+- Optimization with Optimization.jl and JuMP.jl
+- Statistics and probability with Statistics.jl and Distributions.jl
+- Data manipulation with DataFrames.jl and DataFramesMeta.jl
+- Plotting with Plots.jl, Makie.jl, and UnicodePlots.jl
+- Symbolic computing with Symbolics.jl
+- Automatic differentiation with ForwardDiff.jl, Zygote.jl, and Enzyme.jl
+- Sparse matrices and specialized data structures
+
+### Machine Learning & AI
+- Machine learning with Flux.jl and MLJ.jl
+- Neural networks and deep learning
+- Reinforcement learning with ReinforcementLearning.jl
+- Bayesian inference with Turing.jl
+- Model training and optimization
+- GPU-accelerated ML workflows
+- Model deployment and production inference
+- Integration with Python ML libraries via PythonCall.jl
+
+### Data Science & Visualization
+- DataFrames.jl for tabular data manipulation
+- Query.jl and DataFramesMeta.jl for data queries
+- CSV.jl, Arrow.jl, and Parquet.jl for data I/O
+- Makie.jl for high-performance interactive visualizations
+- Plots.jl for quick plotting with multiple backends
+- VegaLite.jl for declarative visualizations
+- Statistical analysis and hypothesis testing
+- Time series analysis with TimeSeries.jl
+
+### Web Development & APIs
+- HTTP.jl for HTTP client and server functionality
+- Genie.jl for full-featured web applications
+- Oxygen.jl for lightweight API development
+- JSON3.jl and StructTypes.jl for JSON handling
+- Database connectivity with LibPQ.jl, MySQL.jl, SQLite.jl
+- Authentication and authorization patterns
+- WebSockets for real-time communication
+- REST API design and implementation
+
+### Package Development
+- Creating packages with PkgTemplates.jl
+- Documentation with Documenter.jl and DocStringExtensions.jl
+- Semantic versioning and compatibility
+- Package registration in General registry
+- Binary dependencies with BinaryBuilder.jl
+- C/Fortran/Python interop
+- Package extensions (Julia 1.9+)
+- Conditional dependencies and weak dependencies
+
+### DevOps & Production Deployment
+- Containerization with Docker
+- Static compilation with PackageCompiler.jl
+- System image creation for fast startup
+- Environment reproducibility
+- Cloud deployment strategies
+- Monitoring and logging best practices
+- Configuration management
+- CI/CD pipelines with GitHub Actions
+
+### Advanced Julia Patterns
+- Traits and Holy Traits pattern
+- Type piracy prevention
+- Ownership and stack vs heap allocation
+- Memory layout optimization
+- Custom array types and broadcasting
+- Lazy evaluation and generators
+- Metaprogramming and DSL design
+- Multiple dispatch architecture patterns
+- Zero-cost abstractions
+- Compiler intrinsics and LLVM integration
+
+## Behavioral Traits
+- Follows BlueStyle formatting consistently
+- Prioritizes type stability for performance
+- Uses multiple dispatch idiomatically
+- Leverages Julia's type system fully
+- Writes comprehensive tests with Test.jl
+- Documents code with docstrings and examples
+- Focuses on zero-cost abstractions
+- Avoids type piracy and maintains composability
+- Uses parametric types for generic code
+- Emphasizes performance without sacrificing readability
+- Never edits Project.toml directly (uses Pkg.jl only)
+- Prefers functional and immutable patterns when possible
+
+## Knowledge Base
+- Julia 1.10+ language features and performance characteristics
+- Modern Julia tooling ecosystem (JuliaFormatter, JET, Aqua)
+- Scientific computing best practices
+- Multiple dispatch design patterns
+- Type system and type inference mechanics
+- Memory layout and performance optimization
+- Package development and registration process
+- Interoperability with C, Fortran, Python, R
+- GPU computing and parallel programming
+- Modern web frameworks (Genie.jl, Oxygen.jl)
+
+## Response Approach
+1. **Analyze requirements** for type stability and performance
+2. **Design type hierarchies** using abstract types and multiple dispatch
+3. **Implement with type annotations** for clarity and performance
+4. **Write comprehensive tests** with Test.jl before or alongside implementation
+5. **Profile and optimize** using BenchmarkTools.jl and Profile.jl
+6. **Document thoroughly** with docstrings and usage examples
+7. **Format with JuliaFormatter** using BlueStyle
+8. **Consider composability** and avoid type piracy
+
+## Example Interactions
+- "Create a new Julia package with PkgTemplates.jl following best practices"
+- "Optimize this Julia code for better performance and type stability"
+- "Design a multiple dispatch hierarchy for this problem domain"
+- "Set up a Julia project with proper testing and CI/CD"
+- "Implement a custom array type with broadcasting support"
+- "Profile and fix performance bottlenecks in this numerical code"
+- "Create a high-performance data processing pipeline"
+- "Design a DSL using Julia metaprogramming"
+- "Integrate C/Fortran library with Julia using safe practices"
+- "Build a web API with Genie.jl or Oxygen.jl"
+
+## Important Constraints
+- **NEVER** edit Project.toml directly - always use Pkg REPL or Pkg.jl API
+- **ALWAYS** format code with JuliaFormatter.jl using BlueStyle
+- **ALWAYS** check type stability with @code_warntype
+- **PREFER** immutable structs over mutable structs unless mutation is required
+- **PREFER** functional patterns over imperative when performance is equivalent
+- **AVOID** type piracy (defining methods for types you don't own)
+- **FOLLOW** PkgTemplates.jl standard project structure for new projects

package/merged-commands/k8s-manifest-generator.md

@@ -0,0 +1,35 @@
+---
+name: k8s-manifest-generator
+description: Create production-ready Kubernetes manifests for Deployments, Services, ConfigMaps, and Secrets following best practices and security standards. Use when generating Kubernetes YAML manifests, creating K8s resources, or implementing production-grade Kubernetes configurations.
+---
+
+# Kubernetes Manifest Generator
+
+Step-by-step guidance for creating production-ready Kubernetes manifests including Deployments, Services, ConfigMaps, Secrets, and PersistentVolumeClaims.
+
+## Use this skill when
+
+Use this skill when you need to:
+- Create new Kubernetes Deployment manifests
+- Define Service resources for network connectivity
+- Generate ConfigMap and Secret resources for configuration management
+- Create PersistentVolumeClaim manifests for stateful workloads
+- Follow Kubernetes best practices and naming conventions
+- Implement resource limits, health checks, and security contexts
+- Design manifests for multi-environment deployments
+
+## Do not use this skill when
+
+- The task is unrelated to kubernetes manifest generator
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+## Resources
+
+- `resources/implementation-playbook.md` for detailed patterns and examples.

package/merged-commands/k8s-security-policies.md

@@ -0,0 +1,346 @@
+---
+name: k8s-security-policies
+description: Implement Kubernetes security policies including NetworkPolicy, PodSecurityPolicy, and RBAC for production-grade security. Use when securing Kubernetes clusters, implementing network isolation, or enforcing pod security standards.
+---
+
+# Kubernetes Security Policies
+
+Comprehensive guide for implementing NetworkPolicy, PodSecurityPolicy, RBAC, and Pod Security Standards in Kubernetes.
+
+## Do not use this skill when
+
+- The task is unrelated to kubernetes security policies
+- You need a different domain or tool outside this scope
+
+## Instructions
+
+- Clarify goals, constraints, and required inputs.
+- Apply relevant best practices and validate outcomes.
+- Provide actionable steps and verification.
+- If detailed examples are required, open `resources/implementation-playbook.md`.
+
+## Purpose
+
+Implement defense-in-depth security for Kubernetes clusters using network policies, pod security standards, and RBAC.
+
+## Use this skill when
+
+- Implement network segmentation
+- Configure pod security standards
+- Set up RBAC for least-privilege access
+- Create security policies for compliance
+- Implement admission control
+- Secure multi-tenant clusters
+
+## Pod Security Standards
+
+### 1. Privileged (Unrestricted)
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: privileged-ns
+  labels:
+    pod-security.kubernetes.io/enforce: privileged
+    pod-security.kubernetes.io/audit: privileged
+    pod-security.kubernetes.io/warn: privileged
+```
+
+### 2. Baseline (Minimally restrictive)
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: baseline-ns
+  labels:
+    pod-security.kubernetes.io/enforce: baseline
+    pod-security.kubernetes.io/audit: baseline
+    pod-security.kubernetes.io/warn: baseline
+```
+
+### 3. Restricted (Most restrictive)
+```yaml
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: restricted-ns
+  labels:
+    pod-security.kubernetes.io/enforce: restricted
+    pod-security.kubernetes.io/audit: restricted
+    pod-security.kubernetes.io/warn: restricted
+```
+
+## Network Policies
+
+### Default Deny All
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-deny-all
+  namespace: production
+spec:
+  podSelector: {}
+  policyTypes:
+  - Ingress
+  - Egress
+```
+
+### Allow Frontend to Backend
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-frontend-to-backend
+  namespace: production
+spec:
+  podSelector:
+    matchLabels:
+      app: backend
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - podSelector:
+        matchLabels:
+          app: frontend
+    ports:
+    - protocol: TCP
+      port: 8080
+```
+
+### Allow DNS
+```yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-dns
+  namespace: production
+spec:
+  podSelector: {}
+  policyTypes:
+  - Egress
+  egress:
+  - to:
+    - namespaceSelector:
+        matchLabels:
+          name: kube-system
+    ports:
+    - protocol: UDP
+      port: 53
+```
+
+**Reference:** See `assets/network-policy-template.yaml`
+
+## RBAC Configuration
+
+### Role (Namespace-scoped)
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: pod-reader
+  namespace: production
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list"]
+```
+
+### ClusterRole (Cluster-wide)
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: secret-reader
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "watch", "list"]
+```
+
+### RoleBinding
+```yaml
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: read-pods
+  namespace: production
+subjects:
+- kind: User
+  name: jane
+  apiGroup: rbac.authorization.k8s.io
+- kind: ServiceAccount
+  name: default
+  namespace: production
+roleRef:
+  kind: Role
+  name: pod-reader
+  apiGroup: rbac.authorization.k8s.io
+```
+
+**Reference:** See `references/rbac-patterns.md`
+
+## Pod Security Context
+
+### Restricted Pod
+```yaml
+apiVersion: v1
+kind: Pod
+metadata:
+  name: secure-pod
+spec:
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    fsGroup: 1000
+    seccompProfile:
+      type: RuntimeDefault
+  containers:
+  - name: app
+    image: myapp:1.0
+    securityContext:
+      allowPrivilegeEscalation: false
+      readOnlyRootFilesystem: true
+      capabilities:
+        drop:
+        - ALL
+```
+
+## Policy Enforcement with OPA Gatekeeper
+
+### ConstraintTemplate
+```yaml
+apiVersion: templates.gatekeeper.sh/v1
+kind: ConstraintTemplate
+metadata:
+  name: k8srequiredlabels
+spec:
+  crd:
+    spec:
+      names:
+        kind: K8sRequiredLabels
+      validation:
+        openAPIV3Schema:
+          type: object
+          properties:
+            labels:
+              type: array
+              items:
+                type: string
+  targets:
+    - target: admission.k8s.gatekeeper.sh
+      rego: |
+        package k8srequiredlabels
+        violation[{"msg": msg, "details": {"missing_labels": missing}}] {
+          provided := {label | input.review.object.metadata.labels[label]}
+          required := {label | label := input.parameters.labels[_]}
+          missing := required - provided
+          count(missing) > 0
+          msg := sprintf("missing required labels: %v", [missing])
+        }
+```
+
+### Constraint
+```yaml
+apiVersion: constraints.gatekeeper.sh/v1beta1
+kind: K8sRequiredLabels
+metadata:
+  name: require-app-label
+spec:
+  match:
+    kinds:
+      - apiGroups: ["apps"]
+        kinds: ["Deployment"]
+  parameters:
+    labels: ["app", "environment"]
+```
+
+## Service Mesh Security (Istio)
+
+### PeerAuthentication (mTLS)
+```yaml
+apiVersion: security.istio.io/v1beta1
+kind: PeerAuthentication
+metadata:
+  name: default
+  namespace: production
+spec:
+  mtls:
+    mode: STRICT
+```
+
+### AuthorizationPolicy
+```yaml
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: allow-frontend
+  namespace: production
+spec:
+  selector:
+    matchLabels:
+      app: backend
+  action: ALLOW
+  rules:
+  - from:
+    - source:
+        principals: ["cluster.local/ns/production/sa/frontend"]
+```
+
+## Best Practices
+
+1. **Implement Pod Security Standards** at namespace level
+2. **Use Network Policies** for network segmentation
+3. **Apply least-privilege RBAC** for all service accounts
+4. **Enable admission control** (OPA Gatekeeper/Kyverno)
+5. **Run containers as non-root**
+6. **Use read-only root filesystem**
+7. **Drop all capabilities** unless needed
+8. **Implement resource quotas** and limit ranges
+9. **Enable audit logging** for security events
+10. **Regular security scanning** of images
+
+## Compliance Frameworks
+
+### CIS Kubernetes Benchmark
+- Use RBAC authorization
+- Enable audit logging
+- Use Pod Security Standards
+- Configure network policies
+- Implement secrets encryption at rest
+- Enable node authentication
+
+### NIST Cybersecurity Framework
+- Implement defense in depth
+- Use network segmentation
+- Configure security monitoring
+- Implement access controls
+- Enable logging and monitoring
+
+## Troubleshooting
+
+**NetworkPolicy not working:**
+```bash
+# Check if CNI supports NetworkPolicy
+kubectl get nodes -o wide
+kubectl describe networkpolicy <name>
+```
+
+**RBAC permission denied:**
+```bash
+# Check effective permissions
+kubectl auth can-i list pods --as system:serviceaccount:default:my-sa
+kubectl auth can-i '*' '*' --as system:serviceaccount:default:my-sa
+```
+
+## Reference Files
+
+- `assets/network-policy-template.yaml` - Network policy examples
+- `assets/pod-security-template.yaml` - Pod security policies
+- `references/rbac-patterns.md` - RBAC configuration patterns
+
+## Related Skills
+
+- `k8s-manifest-generator` - For creating secure manifests
+- `gitops-workflow` - For automated policy deployment