@nockdev/awf 6.2.0 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (709) hide show
  1. package/.agent/build.yaml +3 -3
  2. package/.agent/config.yaml +21 -146
  3. package/.agent/core/AGENT_BEHAVIOR.md +86 -0
  4. package/.agent/core/AUDIT_POLICY.md +1 -1
  5. package/.agent/core/CACHE.md +1 -1
  6. package/.agent/core/COMMANDS.md +16 -7
  7. package/.agent/core/CUSTOMIZE.md +61 -3
  8. package/.agent/core/DATA_SAFETY.md +1 -1
  9. package/.agent/core/MEMORY_PATHS.yaml +2 -2
  10. package/.agent/core/PERMISSIONS.md +1 -1
  11. package/.agent/core/README.md +1 -1
  12. package/.agent/core/VERSION.yaml +18 -8
  13. package/.agent/core/{ACTIVE_MEMORY.yaml → archive/ACTIVE_MEMORY.yaml} +2 -2
  14. package/.agent/core/{CHECKPOINT.yaml → archive/CHECKPOINT.yaml} +2 -2
  15. package/.agent/core/{CLEANUP_ENGINE.yaml → archive/CLEANUP_ENGINE.yaml} +2 -2
  16. package/.agent/core/{CONTEXT_INJECTOR.yaml → archive/CONTEXT_INJECTOR.yaml} +2 -2
  17. package/.agent/core/{CONTEXT_LOADER.yaml → archive/CONTEXT_LOADER.yaml} +1 -1
  18. package/.agent/core/{CONTEXT_OPTIMIZATION.yaml → archive/CONTEXT_OPTIMIZATION.yaml} +1 -1
  19. package/.agent/core/{CONTEXT_PRIORITY.yaml → archive/CONTEXT_PRIORITY.yaml} +2 -2
  20. package/.agent/core/{FLOW_ENGINE.yaml → archive/FLOW_ENGINE.yaml} +1 -1
  21. package/.agent/core/{GRAPH_MEMORY.yaml → archive/GRAPH_MEMORY.yaml} +1 -1
  22. package/.agent/core/{HYBRID_ROUTER.yaml → archive/HYBRID_ROUTER.yaml} +1 -1
  23. package/.agent/core/{INTENT_DETECTION.yaml → archive/INTENT_DETECTION.yaml} +1 -1
  24. package/.agent/core/{MEMORY_CONSOLIDATION.yaml → archive/MEMORY_CONSOLIDATION.yaml} +3 -3
  25. package/.agent/core/{MEMORY_ENGINE.yaml → archive/MEMORY_ENGINE.yaml} +2 -2
  26. package/.agent/core/{MEMORY_UTILS.yaml → archive/MEMORY_UTILS.yaml} +1 -1
  27. package/.agent/core/{REFLECTION_ENGINE.yaml → archive/REFLECTION_ENGINE.yaml} +1 -1
  28. package/.agent/core/{ROUTER.yaml → archive/ROUTER.yaml} +5 -5
  29. package/.agent/core/{SCORING_FORMULA.yaml → archive/SCORING_FORMULA.yaml} +2 -2
  30. package/.agent/core/{SEMANTIC_ENGINE.yaml → archive/SEMANTIC_ENGINE.yaml} +1 -1
  31. package/.agent/core/{SKILLS_FLOW.yaml → archive/SKILLS_FLOW.yaml} +2 -2
  32. package/.agent/core/{STATE_MACHINE.yaml → archive/STATE_MACHINE.yaml} +1 -1
  33. package/.agent/core/{SUMMARIZATION_ENGINE.yaml → archive/SUMMARIZATION_ENGINE.yaml} +2 -2
  34. package/.agent/core/{TOKEN_BUDGETS.yaml → archive/TOKEN_BUDGETS.yaml} +2 -2
  35. package/.agent/core/{TOKEN_LOADING.yaml → archive/TOKEN_LOADING.yaml} +2 -2
  36. package/.agent/core/{TOKEN_SUMMARY.yaml → archive/TOKEN_SUMMARY.yaml} +2 -2
  37. package/.agent/core/{CODING_STYLES.yaml → reference/CODING_STYLES.yaml} +1 -1
  38. package/.agent/core/{LIBRARY_REGISTRY.yaml → reference/LIBRARY_REGISTRY.yaml} +1 -1
  39. package/.agent/core/{MCP_TOOLS.yaml → reference/MCP_TOOLS.yaml} +2 -2
  40. package/.agent/core/{PATTERNS.yaml → reference/PATTERNS.yaml} +1 -1
  41. package/.agent/core/{SKILL_SCHEMA.yaml → reference/SKILL_SCHEMA.yaml} +2 -2
  42. package/.agent/i18n/en.yaml +6 -6
  43. package/.agent/i18n/vi.yaml +6 -6
  44. package/.agent/ide/README.md +1 -1
  45. package/.agent/ide/amazonq.json +3 -3
  46. package/.agent/ide/amp.json +4 -3
  47. package/.agent/ide/antigravity.json +4 -3
  48. package/.agent/ide/augment.json +4 -4
  49. package/.agent/ide/claude.json +4 -3
  50. package/.agent/ide/cline.json +4 -3
  51. package/.agent/ide/codex.json +6 -1
  52. package/.agent/ide/cody.json +4 -3
  53. package/.agent/ide/continue.json +4 -3
  54. package/.agent/ide/cursor.json +4 -3
  55. package/.agent/ide/gemini.json +4 -3
  56. package/.agent/ide/jetbrains.json +4 -3
  57. package/.agent/ide/kiro.json +4 -3
  58. package/.agent/ide/opencode.json +4 -3
  59. package/.agent/ide/roo.json +4 -3
  60. package/.agent/ide/tabnine.json +4 -3
  61. package/.agent/ide/trae.json +4 -3
  62. package/.agent/ide/vscode.json +4 -3
  63. package/.agent/ide/windsurf.json +4 -3
  64. package/.agent/ide/zed.json +4 -3
  65. package/.agent/manifest.yaml +142 -34
  66. package/.agent/memory/core_memory/persona.json +2 -2
  67. package/.agent/memory/core_memory/project.json +1 -1
  68. package/.agent/memory/core_memory/rules.json +1 -1
  69. package/.agent/memory/core_memory/user.json +1 -1
  70. package/.agent/memory/graph/knowledge_graph.json +1 -1
  71. package/.agent/memory/patterns/errors.json +1 -1
  72. package/.agent/memory/patterns/successes.json +1 -1
  73. package/.agent/memory/state.json +3 -3
  74. package/.agent/personas/README.md +1 -1
  75. package/.agent/personas/architect.md +1 -1
  76. package/.agent/personas/auditor.md +1 -1
  77. package/.agent/personas/debugger.md +1 -1
  78. package/.agent/personas/developer.md +1 -1
  79. package/.agent/personas/devops.md +1 -1
  80. package/.agent/personas/documenter.md +1 -1
  81. package/.agent/personas/orchestrator.md +1 -1
  82. package/.agent/personas/persona.schema.yaml +1 -1
  83. package/.agent/personas/planner.md +1 -1
  84. package/.agent/personas/researcher.md +1 -1
  85. package/.agent/personas/security.md +1 -1
  86. package/.agent/personas/tester.md +1 -1
  87. package/.agent/private/README.md +74 -0
  88. package/.agent/private/_index.yaml +23 -0
  89. package/.agent/private/_template/META.yaml +38 -0
  90. package/.agent/private/_template/SKILL.md +43 -0
  91. package/.agent/private/_template/data/.gitkeep +0 -0
  92. package/.agent/private/autodomyh-api/META.yaml +48 -0
  93. package/.agent/private/autodomyh-api/SKILL.md +141 -0
  94. package/.agent/private/autodomyh-api/data/conventions.yaml +107 -0
  95. package/.agent/rules/README.md +24 -18
  96. package/.agent/rules/SACRED_RULES.xml +42 -36
  97. package/.agent/rules/{constitutional → archive/constitutional}/tier-0-core.yaml +5 -5
  98. package/.agent/rules/{constitutional → archive/constitutional}/tier-1-safety.yaml +5 -5
  99. package/.agent/rules/{constitutional → archive/constitutional}/tier-2-execution.yaml +6 -6
  100. package/.agent/rules/{modules → archive}/context-management.yaml +1 -1
  101. package/.agent/rules/{duplication-prevention.md → archive/duplication-prevention.md} +1 -1
  102. package/.agent/rules/{modules → archive}/evidence.yaml +1 -1
  103. package/.agent/rules/{project-detection.md → archive/project-detection.md} +1 -1
  104. package/.agent/rules/{modules → archive}/reflection.yaml +1 -1
  105. package/.agent/rules/{modules → archive}/versioning.yaml +3 -3
  106. package/.agent/rules/data/build-systems.yaml +2 -2
  107. package/.agent/rules/modules/agent-delegation.yaml +136 -0
  108. package/.agent/rules/modules/edit-verification.yaml +1 -1
  109. package/.agent/rules/modules/git-workflow.yaml +1 -1
  110. package/.agent/rules/modules/language.yaml +1 -1
  111. package/.agent/rules/modules/online-research.yaml +1 -1
  112. package/.agent/rules/modules/performance-optimization.yaml +141 -0
  113. package/.agent/rules/modules/quality.yaml +1 -1
  114. package/.agent/rules/modules/stop-conditions.yaml +1 -1
  115. package/.agent/rules/modules/terminal-safety.yaml +1 -1
  116. package/.agent/rules/modules/yagni.yaml +1 -1
  117. package/.agent/rules/validation-framework.md +1 -1
  118. package/.agent/skills/DEVELOPMENT.yaml +5 -5
  119. package/.agent/skills/README.md +19 -16
  120. package/.agent/skills/_categories.yaml +60 -8
  121. package/.agent/skills/_router.yaml +61 -19
  122. package/.agent/skills/ai-ml/ai-agents/META.yaml +127 -0
  123. package/.agent/skills/ai-ml/ai-agents/SKILL.md +139 -0
  124. package/.agent/skills/ai-ml/ai-agents/data/agent-rules.yaml +120 -0
  125. package/.agent/skills/ai-ml/ai-agents/data/llm-integration.yaml +129 -0
  126. package/.agent/skills/ai-ml/ai-agents/data/memory-patterns.yaml +123 -0
  127. package/.agent/skills/ai-ml/ai-agents/data/orchestration-patterns.yaml +101 -0
  128. package/.agent/skills/ai-ml/gemini-live/META.yaml +55 -0
  129. package/.agent/skills/ai-ml/gemini-live/SKILL.md +155 -0
  130. package/.agent/skills/ai-ml/gemini-live/data/code-execution.yaml +131 -0
  131. package/.agent/skills/ai-ml/gemini-live/data/context-caching.yaml +96 -0
  132. package/.agent/skills/ai-ml/gemini-live/data/grounding.yaml +97 -0
  133. package/.agent/skills/ai-ml/gemini-live/data/live-api.yaml +103 -0
  134. package/.agent/skills/ai-ml/gemini-media-gen/META.yaml +56 -0
  135. package/.agent/skills/ai-ml/gemini-media-gen/SKILL.md +128 -0
  136. package/.agent/skills/ai-ml/gemini-media-gen/data/files-api.yaml +96 -0
  137. package/.agent/skills/ai-ml/gemini-media-gen/data/image-models.yaml +112 -0
  138. package/.agent/skills/ai-ml/gemini-media-gen/data/image-prompts.yaml +131 -0
  139. package/.agent/skills/ai-ml/gemini-media-gen/data/video-generation.yaml +131 -0
  140. package/.agent/skills/ai-ml/gemini-tts/META.yaml +49 -0
  141. package/.agent/skills/ai-ml/gemini-tts/SKILL.md +124 -0
  142. package/.agent/skills/ai-ml/gemini-tts/data/markup-tags.yaml +95 -0
  143. package/.agent/skills/ai-ml/gemini-tts/data/models.yaml +124 -0
  144. package/.agent/skills/ai-ml/gemini-tts/data/prompting-patterns.yaml +81 -0
  145. package/.agent/skills/ai-ml/prompt-engineering/META.yaml +77 -0
  146. package/.agent/skills/ai-ml/prompt-engineering/SKILL.md +217 -0
  147. package/.agent/skills/ai-ml/prompt-engineering/data/gemini3-patterns.yaml +170 -0
  148. package/.agent/skills/ai-ml/prompt-engineering/data/output-patterns.yaml +73 -0
  149. package/.agent/skills/ai-ml/prompt-engineering/data/provider-patterns.yaml +82 -0
  150. package/.agent/skills/ai-ml/prompt-engineering/data/reasoning-patterns.yaml +86 -0
  151. package/.agent/skills/ai-ml/prompt-engineering/data/safety-patterns.yaml +71 -0
  152. package/.agent/skills/ai-ml/prompt-engineering/data/tool-patterns.yaml +173 -0
  153. package/.agent/skills/ai-ml/rag-patterns/META.yaml +57 -0
  154. package/.agent/skills/ai-ml/rag-patterns/SKILL.md +92 -0
  155. package/.agent/skills/ai-ml/rag-patterns/data/chunking-strategies.yaml +71 -0
  156. package/.agent/skills/ai-ml/rag-patterns/data/embedding-models.yaml +76 -0
  157. package/.agent/skills/ai-ml/rag-patterns/data/evaluation.yaml +92 -0
  158. package/.agent/skills/ai-ml/rag-patterns/data/retrieval-patterns.yaml +101 -0
  159. package/.agent/skills/ai-ml/rag-patterns/data/vector-databases.yaml +103 -0
  160. package/.agent/skills/ai-ml/vector-search/META.yaml +63 -0
  161. package/.agent/skills/ai-ml/vector-search/SKILL.md +110 -0
  162. package/.agent/skills/ai-ml/vector-search/data/embedding-models.yaml +117 -0
  163. package/.agent/skills/ai-ml/vector-search/data/search-patterns.yaml +118 -0
  164. package/.agent/skills/ai-ml/vector-search/data/vector-dbs.yaml +155 -0
  165. package/.agent/skills/core/api-design/META.yaml +1 -5
  166. package/.agent/skills/core/api-design/SKILL.md +20 -26
  167. package/.agent/skills/core/api-design/data/api-versioning.yaml +211 -211
  168. package/.agent/skills/core/api-design/data/error-responses.yaml +129 -129
  169. package/.agent/skills/core/api-design/data/graphql-patterns.yaml +159 -159
  170. package/.agent/skills/core/api-design/data/grpc-patterns.yaml +159 -159
  171. package/.agent/skills/core/api-design/data/http-status-codes.yaml +170 -170
  172. package/.agent/skills/core/api-design/data/modern-api-patterns.yaml +160 -0
  173. package/.agent/skills/core/api-design/data/pagination.yaml +115 -115
  174. package/.agent/skills/core/api-design/data/rate-limiting.yaml +129 -129
  175. package/.agent/skills/core/api-design/data/rest-patterns.yaml +189 -189
  176. package/.agent/skills/core/api-design/data/test-apis.yaml +211 -211
  177. package/.agent/skills/core/authentication/META.yaml +1 -5
  178. package/.agent/skills/core/authentication/SKILL.md +36 -43
  179. package/.agent/skills/core/authentication/data/anti-patterns.yaml +129 -129
  180. package/.agent/skills/core/authentication/data/core-patterns.yaml +250 -250
  181. package/.agent/skills/core/authentication/data/jwt-patterns.yaml +249 -249
  182. package/.agent/skills/core/authentication/data/language-csharp.yaml +209 -209
  183. package/.agent/skills/core/authentication/data/language-go.yaml +209 -209
  184. package/.agent/skills/core/authentication/data/language-java.yaml +209 -209
  185. package/.agent/skills/core/authentication/data/language-mobile.yaml +209 -209
  186. package/.agent/skills/core/authentication/data/language-python.yaml +209 -209
  187. package/.agent/skills/core/authentication/data/language-rust.yaml +209 -209
  188. package/.agent/skills/core/authentication/data/language-typescript.yaml +209 -209
  189. package/.agent/skills/core/authentication/data/mfa-patterns.yaml +169 -169
  190. package/.agent/skills/core/authentication/data/oauth-patterns.yaml +249 -249
  191. package/.agent/skills/core/authentication/data/oauth.yaml +243 -243
  192. package/.agent/skills/core/authentication/data/passkey-patterns.yaml +149 -0
  193. package/.agent/skills/core/authentication/data/passkeys-webauthn.yaml +209 -209
  194. package/.agent/skills/core/authentication/data/passkeys.yaml +203 -203
  195. package/.agent/skills/core/authentication/data/password-patterns.yaml +169 -169
  196. package/.agent/skills/core/authentication/data/password.yaml +163 -163
  197. package/.agent/skills/core/authentication/data/session-patterns.yaml +209 -209
  198. package/.agent/skills/core/error-handling/META.yaml +1 -5
  199. package/.agent/skills/core/error-handling/SKILL.md +21 -25
  200. package/.agent/skills/core/error-handling/data/anti-patterns.yaml +99 -99
  201. package/.agent/skills/core/error-handling/data/api-error-patterns.yaml +2 -2
  202. package/.agent/skills/core/error-handling/data/core-patterns.yaml +2 -2
  203. package/.agent/skills/core/error-handling/data/error-codes.yaml +159 -159
  204. package/.agent/skills/core/error-handling/data/error-messages.yaml +2 -2
  205. package/.agent/skills/core/error-handling/data/language-c-cpp.yaml +220 -220
  206. package/.agent/skills/core/error-handling/data/language-go-rust.yaml +2 -2
  207. package/.agent/skills/core/error-handling/data/language-python-java.yaml +220 -220
  208. package/.agent/skills/core/error-handling/data/language-swift-kotlin.yaml +220 -220
  209. package/.agent/skills/core/error-handling/data/language-typescript-php-ruby.yaml +220 -220
  210. package/.agent/skills/core/error-handling/data/resilience-patterns.yaml +2 -2
  211. package/.agent/skills/core/error-handling/data/ui-error-patterns.yaml +129 -129
  212. package/.agent/skills/core/logging/META.yaml +1 -5
  213. package/.agent/skills/core/logging/SKILL.md +28 -42
  214. package/.agent/skills/core/logging/data/aggregation-patterns.yaml +185 -185
  215. package/.agent/skills/core/logging/data/anti-patterns.yaml +115 -115
  216. package/.agent/skills/core/logging/data/core-patterns.yaml +220 -220
  217. package/.agent/skills/core/logging/data/language-csharp.yaml +185 -185
  218. package/.agent/skills/core/logging/data/language-go.yaml +185 -185
  219. package/.agent/skills/core/logging/data/language-java.yaml +185 -185
  220. package/.agent/skills/core/logging/data/language-kotlin.yaml +150 -150
  221. package/.agent/skills/core/logging/data/language-others.yaml +178 -178
  222. package/.agent/skills/core/logging/data/language-python.yaml +185 -185
  223. package/.agent/skills/core/logging/data/language-rust.yaml +185 -185
  224. package/.agent/skills/core/logging/data/language-swift.yaml +150 -150
  225. package/.agent/skills/core/logging/data/language-typescript.yaml +185 -185
  226. package/.agent/skills/core/logging/data/otel-logging.yaml +150 -150
  227. package/.agent/skills/core/observability/META.yaml +1 -5
  228. package/.agent/skills/core/observability/SKILL.md +29 -38
  229. package/.agent/skills/core/observability/data/alerting-patterns.yaml +159 -159
  230. package/.agent/skills/core/observability/data/anti-patterns.yaml +99 -99
  231. package/.agent/skills/core/observability/data/core-patterns.yaml +189 -189
  232. package/.agent/skills/core/observability/data/language-cpp.yaml +159 -159
  233. package/.agent/skills/core/observability/data/language-csharp.yaml +159 -159
  234. package/.agent/skills/core/observability/data/language-go.yaml +159 -159
  235. package/.agent/skills/core/observability/data/language-java.yaml +159 -159
  236. package/.agent/skills/core/observability/data/language-others.yaml +249 -249
  237. package/.agent/skills/core/observability/data/language-python.yaml +159 -159
  238. package/.agent/skills/core/observability/data/language-rust.yaml +159 -159
  239. package/.agent/skills/core/observability/data/language-typescript.yaml +159 -159
  240. package/.agent/skills/core/observability/data/metrics-patterns.yaml +129 -129
  241. package/.agent/skills/core/observability/data/metrics-prometheus.yaml +159 -159
  242. package/.agent/skills/core/observability/data/otel-core.yaml +189 -189
  243. package/.agent/skills/core/observability/data/profiling-patterns.yaml +129 -129
  244. package/.agent/skills/core/observability/data/tracing-patterns.yaml +159 -159
  245. package/.agent/skills/core/observability/data/tracing-tools.yaml +129 -129
  246. package/.agent/skills/core/security/META.yaml +1 -5
  247. package/.agent/skills/core/security/SKILL.md +25 -25
  248. package/.agent/skills/core/security/data/ai-ml-security.yaml +255 -255
  249. package/.agent/skills/core/security/data/api-security.yaml +224 -224
  250. package/.agent/skills/core/security/data/auth-patterns.yaml +189 -189
  251. package/.agent/skills/core/security/data/binary-exploitation.yaml +333 -333
  252. package/.agent/skills/core/security/data/cloud-security.yaml +263 -263
  253. package/.agent/skills/core/security/data/cwe-top25.yaml +409 -409
  254. package/.agent/skills/core/security/data/language-specific/c-security.yaml +289 -289
  255. package/.agent/skills/core/security/data/language-specific/cpp-security.yaml +289 -289
  256. package/.agent/skills/core/security/data/language-specific/csharp-security.yaml +213 -213
  257. package/.agent/skills/core/security/data/language-specific/go-security.yaml +213 -213
  258. package/.agent/skills/core/security/data/language-specific/java-security.yaml +289 -289
  259. package/.agent/skills/core/security/data/language-specific/kotlin-security.yaml +192 -192
  260. package/.agent/skills/core/security/data/language-specific/php-security.yaml +213 -213
  261. package/.agent/skills/core/security/data/language-specific/python-security.yaml +289 -289
  262. package/.agent/skills/core/security/data/language-specific/ruby-security.yaml +192 -192
  263. package/.agent/skills/core/security/data/language-specific/rust-security.yaml +234 -234
  264. package/.agent/skills/core/security/data/language-specific/solidity-security.yaml +363 -363
  265. package/.agent/skills/core/security/data/language-specific/swift-security.yaml +192 -192
  266. package/.agent/skills/core/security/data/language-specific/typescript-security.yaml +289 -289
  267. package/.agent/skills/core/security/data/mobile-security.yaml +363 -363
  268. package/.agent/skills/core/security/data/network-security.yaml +291 -291
  269. package/.agent/skills/core/security/data/owasp-llm-top10.yaml +122 -0
  270. package/.agent/skills/core/security/data/owasp-top10.yaml +165 -165
  271. package/.agent/skills/core/security/data/reverse-engineering.yaml +491 -491
  272. package/.agent/skills/core/security/data/supply-chain.yaml +213 -213
  273. package/.agent/skills/cross-cutting/_index.yaml +4 -2
  274. package/.agent/skills/cross-cutting/accessibility/META.yaml +45 -0
  275. package/.agent/skills/cross-cutting/accessibility/SKILL.md +121 -0
  276. package/.agent/skills/cross-cutting/accessibility/data/aria-patterns.yaml +88 -0
  277. package/.agent/skills/cross-cutting/accessibility/data/testing-tools.yaml +60 -0
  278. package/.agent/skills/cross-cutting/accessibility/data/wcag-guidelines.yaml +98 -0
  279. package/.agent/skills/cross-cutting/audit-pro/META.yaml +2 -6
  280. package/.agent/skills/cross-cutting/bun/META.yaml +2 -8
  281. package/.agent/skills/cross-cutting/bun/SKILL.md +8 -12
  282. package/.agent/skills/cross-cutting/coding-rules/META.yaml +4 -11
  283. package/.agent/skills/cross-cutting/coding-rules/SKILL.md +38 -46
  284. package/.agent/skills/cross-cutting/coding-rules/data/adr-patterns.yaml +102 -0
  285. package/.agent/skills/cross-cutting/coding-rules/data/architecture-patterns.yaml +289 -90
  286. package/.agent/skills/cross-cutting/coding-rules/data/build-systems.yaml +340 -340
  287. package/.agent/skills/cross-cutting/coding-rules/data/coding-rules.yaml +641 -641
  288. package/.agent/skills/cross-cutting/coding-rules/data/concurrency-patterns.yaml +102 -102
  289. package/.agent/skills/cross-cutting/coding-rules/data/design-patterns.yaml +254 -254
  290. package/.agent/skills/cross-cutting/coding-rules/data/framework-directories.yaml +446 -0
  291. package/.agent/skills/cross-cutting/coding-rules/data/framework-signatures.yaml +338 -338
  292. package/.agent/skills/cross-cutting/coding-rules/data/memory-management.yaml +102 -102
  293. package/.agent/skills/cross-cutting/coding-rules/data/naming-conventions.yaml +314 -314
  294. package/.agent/skills/cross-cutting/coding-rules/data/performance-benchmarks.yaml +158 -158
  295. package/.agent/skills/cross-cutting/coding-rules/data/solid-principles.yaml +74 -74
  296. package/.agent/skills/cross-cutting/coding-rules/data/test-frameworks.yaml +177 -177
  297. package/.agent/skills/cross-cutting/database/META.yaml +2 -2
  298. package/.agent/skills/cross-cutting/database/SKILL.md +10 -19
  299. package/.agent/skills/cross-cutting/deno/META.yaml +2 -8
  300. package/.agent/skills/cross-cutting/deno/SKILL.md +8 -12
  301. package/.agent/skills/cross-cutting/domyh-design/ADVANCED.md +247 -0
  302. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/META.yaml +44 -13
  303. package/.agent/skills/cross-cutting/domyh-design/SKILL.md +171 -0
  304. package/.agent/skills/cross-cutting/domyh-design/data/animation-ui-kits.yaml +198 -0
  305. package/.agent/skills/cross-cutting/domyh-design/data/charts.yaml +331 -0
  306. package/.agent/skills/cross-cutting/domyh-design/data/colors.yaml +1226 -0
  307. package/.agent/skills/cross-cutting/domyh-design/data/component-decision.yaml +287 -0
  308. package/.agent/skills/cross-cutting/domyh-design/data/component-effects.yaml +673 -0
  309. package/.agent/skills/cross-cutting/domyh-design/data/component-mapping.yaml +318 -0
  310. package/.agent/skills/cross-cutting/domyh-design/data/design-system-prompts.yaml +174 -0
  311. package/.agent/skills/cross-cutting/domyh-design/data/design-tokens.yaml +525 -0
  312. package/.agent/skills/cross-cutting/domyh-design/data/desktop-animation.yaml +680 -0
  313. package/.agent/skills/cross-cutting/domyh-design/data/desktop-architecture.yaml +140 -0
  314. package/.agent/skills/cross-cutting/{ui-ux-pro-max → domyh-design}/data/desktop-colors.yaml +4 -4
  315. package/.agent/skills/cross-cutting/domyh-design/data/directory-structure.yaml +80 -0
  316. package/.agent/skills/cross-cutting/domyh-design/data/icons.yaml +918 -0
  317. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-prompts.yaml +678 -0
  318. package/.agent/skills/cross-cutting/domyh-design/data/image-gen-workflows.yaml +202 -0
  319. package/.agent/skills/cross-cutting/domyh-design/data/implementation-strategy.yaml +107 -0
  320. package/.agent/skills/cross-cutting/domyh-design/data/landing.yaml +373 -0
  321. package/.agent/skills/cross-cutting/domyh-design/data/micro-interactions.yaml +528 -0
  322. package/.agent/skills/cross-cutting/domyh-design/data/platform-frameworks.yaml +195 -0
  323. package/.agent/skills/cross-cutting/domyh-design/data/platform-guidelines.yaml +177 -0
  324. package/.agent/skills/cross-cutting/domyh-design/data/products.yaml +1339 -0
  325. package/.agent/skills/cross-cutting/domyh-design/data/prompts.yaml +207 -0
  326. package/.agent/skills/cross-cutting/domyh-design/data/react-performance.yaml +504 -0
  327. package/.agent/skills/cross-cutting/domyh-design/data/scroll-animation-patterns.yaml +398 -0
  328. package/.agent/skills/cross-cutting/domyh-design/data/stacks/desktop.yaml +228 -0
  329. package/.agent/skills/cross-cutting/domyh-design/data/stacks/flutter.yaml +508 -0
  330. package/.agent/skills/cross-cutting/domyh-design/data/stacks/html-tailwind.yaml +543 -0
  331. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nextjs.yaml +515 -0
  332. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxt-ui.yaml +519 -0
  333. package/.agent/skills/cross-cutting/domyh-design/data/stacks/nuxtjs.yaml +599 -0
  334. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react-native.yaml +496 -0
  335. package/.agent/skills/cross-cutting/domyh-design/data/stacks/react.yaml +526 -0
  336. package/.agent/skills/cross-cutting/domyh-design/data/stacks/shadcn.yaml +616 -0
  337. package/.agent/skills/cross-cutting/domyh-design/data/stacks/svelte.yaml +520 -0
  338. package/.agent/skills/cross-cutting/domyh-design/data/stacks/swiftui.yaml +486 -0
  339. package/.agent/skills/cross-cutting/domyh-design/data/stacks/vue.yaml +485 -0
  340. package/.agent/skills/cross-cutting/domyh-design/data/styles.yaml +1473 -0
  341. package/.agent/skills/cross-cutting/domyh-design/data/tailwind-animation-plugins.yaml +462 -0
  342. package/.agent/skills/cross-cutting/domyh-design/data/typography.yaml +647 -0
  343. package/.agent/skills/cross-cutting/domyh-design/data/ui-reasoning.yaml +1019 -0
  344. package/.agent/skills/cross-cutting/domyh-design/data/ux-guidelines.yaml +1009 -0
  345. package/.agent/skills/cross-cutting/domyh-design/data/web-animation-libraries.yaml +541 -0
  346. package/.agent/skills/cross-cutting/domyh-design/data/web-interface.yaml +347 -0
  347. package/.agent/skills/cross-cutting/domyh-design/data/webview-animation-optimization.yaml +685 -0
  348. package/.agent/skills/cross-cutting/electron/SKILL.md +10 -14
  349. package/.agent/skills/cross-cutting/event-driven/META.yaml +108 -0
  350. package/.agent/skills/cross-cutting/event-driven/SKILL.md +123 -0
  351. package/.agent/skills/cross-cutting/event-driven/data/broker-comparison.yaml +123 -0
  352. package/.agent/skills/cross-cutting/event-driven/data/eda-patterns.yaml +120 -0
  353. package/.agent/skills/cross-cutting/event-driven/data/production-patterns.yaml +120 -0
  354. package/.agent/skills/cross-cutting/microservices/META.yaml +90 -0
  355. package/.agent/skills/cross-cutting/microservices/SKILL.md +120 -0
  356. package/.agent/skills/cross-cutting/microservices/data/communication.yaml +163 -0
  357. package/.agent/skills/cross-cutting/microservices/data/cqrs-patterns.yaml +199 -0
  358. package/.agent/skills/cross-cutting/microservices/data/deployment.yaml +153 -0
  359. package/.agent/skills/cross-cutting/microservices/data/event-sourcing.yaml +231 -0
  360. package/.agent/skills/cross-cutting/microservices/data/observability.yaml +152 -0
  361. package/.agent/skills/cross-cutting/microservices/data/resilience.yaml +189 -0
  362. package/.agent/skills/cross-cutting/microservices/data/saga-patterns.yaml +161 -0
  363. package/.agent/skills/cross-cutting/microservices/data/service-mesh.yaml +179 -0
  364. package/.agent/skills/cross-cutting/monorepo/META.yaml +54 -0
  365. package/.agent/skills/cross-cutting/monorepo/SKILL.md +108 -0
  366. package/.agent/skills/cross-cutting/monorepo/data/ci-cd-strategies.yaml +74 -0
  367. package/.agent/skills/cross-cutting/monorepo/data/nx-patterns.yaml +74 -0
  368. package/.agent/skills/cross-cutting/monorepo/data/turborepo-patterns.yaml +84 -0
  369. package/.agent/skills/cross-cutting/monorepo/data/versioning.yaml +83 -0
  370. package/.agent/skills/cross-cutting/monorepo/data/workspace-patterns.yaml +85 -0
  371. package/.agent/skills/cross-cutting/playwright/ADVANCED.md +289 -0
  372. package/.agent/skills/cross-cutting/playwright/META.yaml +90 -0
  373. package/.agent/skills/cross-cutting/playwright/SKILL.md +210 -0
  374. package/.agent/skills/cross-cutting/playwright/data/ai-agents.yaml +137 -0
  375. package/.agent/skills/cross-cutting/playwright/data/config-templates.yaml +141 -0
  376. package/.agent/skills/cross-cutting/playwright/data/interaction-checklist.yaml +398 -0
  377. package/.agent/skills/cross-cutting/playwright/data/locator-patterns.yaml +96 -0
  378. package/.agent/skills/cross-cutting/playwright/data/mcp-tools.yaml +153 -0
  379. package/.agent/skills/cross-cutting/playwright/data/open-source-tools.yaml +95 -0
  380. package/.agent/skills/cross-cutting/real-time/META.yaml +72 -0
  381. package/.agent/skills/cross-cutting/real-time/SKILL.md +128 -0
  382. package/.agent/skills/cross-cutting/real-time/data/socketio-patterns.yaml +165 -0
  383. package/.agent/skills/cross-cutting/real-time/data/sse-patterns.yaml +181 -0
  384. package/.agent/skills/cross-cutting/real-time/data/websocket-patterns.yaml +176 -0
  385. package/.agent/skills/cross-cutting/seo/META.yaml +47 -0
  386. package/.agent/skills/cross-cutting/seo/SKILL.md +114 -0
  387. package/.agent/skills/cross-cutting/seo/data/core-web-vitals.yaml +93 -0
  388. package/.agent/skills/cross-cutting/seo/data/structured-data.yaml +82 -0
  389. package/.agent/skills/cross-cutting/seo/data/technical-seo.yaml +75 -0
  390. package/.agent/skills/cross-cutting/sql/META.yaml +2 -8
  391. package/.agent/skills/cross-cutting/sql/SKILL.md +8 -12
  392. package/.agent/skills/cross-cutting/tailwind/META.yaml +3 -20
  393. package/.agent/skills/cross-cutting/tailwind/SKILL.md +13 -11
  394. package/.agent/skills/cross-cutting/tauri/META.yaml +75 -0
  395. package/.agent/skills/cross-cutting/tauri/SKILL.md +127 -0
  396. package/.agent/skills/cross-cutting/tauri/data/build.yaml +141 -0
  397. package/.agent/skills/cross-cutting/tauri/data/plugins.yaml +157 -0
  398. package/.agent/skills/cross-cutting/tauri/data/security.yaml +134 -0
  399. package/.agent/skills/cross-cutting/tdd-workflow/META.yaml +58 -0
  400. package/.agent/skills/cross-cutting/tdd-workflow/SKILL.md +128 -0
  401. package/.agent/skills/cross-cutting/tdd-workflow/data/anti-patterns.yaml +70 -0
  402. package/.agent/skills/cross-cutting/tdd-workflow/data/bdd-atdd-patterns.yaml +77 -0
  403. package/.agent/skills/cross-cutting/tdd-workflow/data/core-tdd-cycle.yaml +104 -0
  404. package/.agent/skills/cross-cutting/tdd-workflow/data/coverage-strategies.yaml +105 -0
  405. package/.agent/skills/cross-cutting/tdd-workflow/data/language-patterns.yaml +115 -0
  406. package/.agent/skills/cross-cutting/tdd-workflow/data/test-doubles.yaml +93 -0
  407. package/.agent/skills/cross-cutting/testing/META.yaml +1 -5
  408. package/.agent/skills/cross-cutting/testing/SKILL.md +13 -26
  409. package/.agent/skills/cross-cutting/testing/data/e2e-patterns.yaml +136 -0
  410. package/.agent/skills/cross-cutting/testing/data/frameworks.yaml +3 -3
  411. package/.agent/skills/cross-cutting/testing/data/patterns.yaml +149 -147
  412. package/.agent/skills/cross-cutting/wasm/META.yaml +47 -0
  413. package/.agent/skills/cross-cutting/wasm/SKILL.md +88 -0
  414. package/.agent/skills/cross-cutting/wasm/data/browser-patterns.yaml +106 -0
  415. package/.agent/skills/cross-cutting/wasm/data/component-model.yaml +85 -0
  416. package/.agent/skills/cross-cutting/wasm/data/server-patterns.yaml +89 -0
  417. package/.agent/skills/cross-cutting/web-perf/META.yaml +3 -9
  418. package/.agent/skills/cross-cutting/web-perf/SKILL.md +9 -18
  419. package/.agent/skills/devops/aws/META.yaml +48 -63
  420. package/.agent/skills/devops/azure/META.yaml +44 -0
  421. package/.agent/skills/devops/azure/SKILL.md +43 -0
  422. package/.agent/skills/devops/azure/data/cli.yaml +69 -0
  423. package/.agent/skills/devops/azure/data/compute.yaml +83 -0
  424. package/.agent/skills/devops/azure/data/data-services.yaml +126 -0
  425. package/.agent/skills/devops/ci-cd/META.yaml +47 -14
  426. package/.agent/skills/devops/docker/META.yaml +53 -14
  427. package/.agent/skills/devops/gcp/META.yaml +43 -0
  428. package/.agent/skills/devops/gcp/SKILL.md +43 -0
  429. package/.agent/skills/devops/gcp/data/cli.yaml +39 -0
  430. package/.agent/skills/devops/gcp/data/compute.yaml +92 -0
  431. package/.agent/skills/devops/gcp/data/data-services.yaml +97 -0
  432. package/.agent/skills/devops/kubernetes/META.yaml +56 -7
  433. package/.agent/skills/devops/terraform/META.yaml +47 -0
  434. package/.agent/skills/devops/terraform/SKILL.md +73 -0
  435. package/.agent/skills/devops/terraform/data/ci-cd.yaml +89 -0
  436. package/.agent/skills/devops/terraform/data/hcl-patterns.yaml +131 -0
  437. package/.agent/skills/devops/terraform/data/providers.yaml +96 -0
  438. package/.agent/skills/frameworks/angular/META.yaml +20 -6
  439. package/.agent/skills/frameworks/angular/SKILL.md +1 -1
  440. package/.agent/skills/frameworks/flutter/META.yaml +20 -6
  441. package/.agent/skills/frameworks/flutter/SKILL.md +1 -1
  442. package/.agent/skills/frameworks/nextjs/ADVANCED.md +2 -2
  443. package/.agent/skills/frameworks/nextjs/META.yaml +22 -8
  444. package/.agent/skills/frameworks/nextjs/SKILL.md +4 -4
  445. package/.agent/skills/frameworks/nextjs/data/server.yaml +4 -4
  446. package/.agent/skills/frameworks/nuxt/META.yaml +21 -7
  447. package/.agent/skills/frameworks/nuxt/SKILL.md +2 -2
  448. package/.agent/skills/frameworks/nuxt/data/core.yaml +14 -2
  449. package/.agent/skills/frameworks/nuxt/data/server.yaml +14 -2
  450. package/.agent/skills/frameworks/react/META.yaml +20 -7
  451. package/.agent/skills/frameworks/react/SKILL.md +7 -11
  452. package/.agent/skills/frameworks/react/data/core.yaml +14 -2
  453. package/.agent/skills/frameworks/react/data/server.yaml +16 -4
  454. package/.agent/skills/frameworks/react-native/META.yaml +19 -6
  455. package/.agent/skills/frameworks/react-native/SKILL.md +1 -1
  456. package/.agent/skills/frameworks/svelte/META.yaml +19 -6
  457. package/.agent/skills/frameworks/svelte/SKILL.md +1 -1
  458. package/.agent/skills/frameworks/vue/META.yaml +20 -8
  459. package/.agent/skills/frameworks/vue/SKILL.md +7 -7
  460. package/.agent/skills/frameworks/vue/data/advanced.yaml +19 -7
  461. package/.agent/skills/frameworks/vue/data/core.yaml +13 -1
  462. package/.agent/skills/index.json +67 -14
  463. package/.agent/skills/languages/asm/META.yaml +2 -8
  464. package/.agent/skills/languages/asm/SKILL.md +1 -1
  465. package/.agent/skills/languages/c/META.yaml +2 -8
  466. package/.agent/skills/languages/c/SKILL.md +1 -1
  467. package/.agent/skills/languages/clojure/META.yaml +2 -2
  468. package/.agent/skills/languages/clojure/SKILL.md +1 -1
  469. package/.agent/skills/languages/cpp/META.yaml +2 -8
  470. package/.agent/skills/languages/cpp/SKILL.md +1 -1
  471. package/.agent/skills/languages/crystal/META.yaml +2 -8
  472. package/.agent/skills/languages/crystal/SKILL.md +1 -1
  473. package/.agent/skills/languages/csharp/META.yaml +2 -2
  474. package/.agent/skills/languages/csharp/SKILL.md +1 -1
  475. package/.agent/skills/languages/elixir/META.yaml +2 -2
  476. package/.agent/skills/languages/elixir/SKILL.md +1 -1
  477. package/.agent/skills/languages/fsharp/META.yaml +2 -2
  478. package/.agent/skills/languages/fsharp/SKILL.md +1 -1
  479. package/.agent/skills/languages/go/META.yaml +2 -8
  480. package/.agent/skills/languages/go/SKILL.md +1 -1
  481. package/.agent/skills/languages/haskell/META.yaml +2 -2
  482. package/.agent/skills/languages/haskell/SKILL.md +1 -1
  483. package/.agent/skills/languages/java/META.yaml +2 -8
  484. package/.agent/skills/languages/java/SKILL.md +1 -1
  485. package/.agent/skills/languages/javascript/META.yaml +2 -8
  486. package/.agent/skills/languages/javascript/SKILL.md +1 -1
  487. package/.agent/skills/languages/julia/META.yaml +2 -2
  488. package/.agent/skills/languages/julia/SKILL.md +1 -1
  489. package/.agent/skills/languages/kotlin/META.yaml +2 -2
  490. package/.agent/skills/languages/kotlin/SKILL.md +1 -1
  491. package/.agent/skills/languages/lua/META.yaml +2 -8
  492. package/.agent/skills/languages/lua/SKILL.md +3 -3
  493. package/.agent/skills/languages/nim/META.yaml +2 -8
  494. package/.agent/skills/languages/nim/SKILL.md +1 -1
  495. package/.agent/skills/languages/ocaml/META.yaml +2 -2
  496. package/.agent/skills/languages/ocaml/SKILL.md +1 -1
  497. package/.agent/skills/languages/perl/META.yaml +2 -2
  498. package/.agent/skills/languages/perl/SKILL.md +1 -1
  499. package/.agent/skills/languages/php/META.yaml +2 -2
  500. package/.agent/skills/languages/php/SKILL.md +1 -1
  501. package/.agent/skills/languages/python/META.yaml +2 -8
  502. package/.agent/skills/languages/python/SKILL.md +1 -1
  503. package/.agent/skills/languages/r/META.yaml +2 -2
  504. package/.agent/skills/languages/r/SKILL.md +1 -1
  505. package/.agent/skills/languages/ruby/META.yaml +2 -2
  506. package/.agent/skills/languages/ruby/SKILL.md +1 -1
  507. package/.agent/skills/languages/rust/META.yaml +2 -8
  508. package/.agent/skills/languages/rust/SKILL.md +1 -1
  509. package/.agent/skills/languages/scala/META.yaml +2 -2
  510. package/.agent/skills/languages/scala/SKILL.md +1 -1
  511. package/.agent/skills/languages/solidity/META.yaml +2 -2
  512. package/.agent/skills/languages/solidity/SKILL.md +1 -1
  513. package/.agent/skills/languages/swift/META.yaml +2 -2
  514. package/.agent/skills/languages/swift/SKILL.md +1 -1
  515. package/.agent/skills/languages/typescript/META.yaml +2 -8
  516. package/.agent/skills/languages/typescript/SKILL.md +1 -1
  517. package/.agent/skills/languages/zig/META.yaml +5 -7
  518. package/.agent/skills/languages/zig/SKILL.md +1 -1
  519. package/.agent/skills/tooling/api-protocols/META.yaml +102 -0
  520. package/.agent/skills/tooling/api-protocols/SKILL.md +145 -0
  521. package/.agent/skills/tooling/api-protocols/data/graphql-patterns.yaml +115 -0
  522. package/.agent/skills/tooling/api-protocols/data/grpc-patterns.yaml +101 -0
  523. package/.agent/skills/tooling/api-protocols/data/trpc-patterns.yaml +97 -0
  524. package/.agent/skills/tooling/browser-agent/ADVANCED.md +242 -0
  525. package/.agent/skills/tooling/browser-agent/META.yaml +78 -0
  526. package/.agent/skills/tooling/browser-agent/SKILL.md +164 -0
  527. package/.agent/skills/tooling/browser-agent/data/element-discovery.yaml +208 -0
  528. package/.agent/skills/tooling/browser-agent/data/recording-patterns.yaml +74 -0
  529. package/.agent/skills/tooling/browser-agent/data/reporting-patterns.yaml +97 -0
  530. package/.agent/skills/tooling/browser-agent/data/subagent-patterns.yaml +158 -0
  531. package/.agent/skills/tooling/browser-agent/data/verification-flow.yaml +209 -0
  532. package/.agent/skills/tooling/cli-dev/META.yaml +55 -0
  533. package/.agent/skills/tooling/cli-dev/SKILL.md +83 -0
  534. package/.agent/skills/tooling/cli-dev/data/frameworks.yaml +128 -0
  535. package/.agent/skills/tooling/cli-dev/data/output-formats.yaml +58 -0
  536. package/.agent/skills/tooling/cli-dev/data/ux-patterns.yaml +97 -0
  537. package/.agent/skills/tooling/ide-extension/META.yaml +72 -0
  538. package/.agent/skills/tooling/ide-extension/SKILL.md +108 -0
  539. package/.agent/skills/tooling/ide-extension/data/jetbrains-patterns.yaml +118 -0
  540. package/.agent/skills/tooling/ide-extension/data/lsp-patterns.yaml +126 -0
  541. package/.agent/skills/tooling/ide-extension/data/vscode-patterns.yaml +172 -0
  542. package/.agent/skills/tooling/mcp/META.yaml +80 -0
  543. package/.agent/skills/tooling/mcp/SKILL.md +114 -0
  544. package/.agent/skills/tooling/mcp/data/security.yaml +116 -0
  545. package/.agent/skills/tooling/mcp/data/tool-design.yaml +124 -0
  546. package/.agent/skills/tooling/mcp/data/transport-patterns.yaml +95 -0
  547. package/.agent/templates/README.md +2 -2
  548. package/.agent/templates/debug-report.md +1 -1
  549. package/.agent/templates/deploy-plan.md +1 -1
  550. package/.agent/templates/doc-template.md +1 -1
  551. package/.agent/templates/index.yaml +2 -2
  552. package/.agent/templates/migrate-plan.md +1 -1
  553. package/.agent/templates/phase-template.md +1 -1
  554. package/.agent/templates/tasks/audit.yaml +1 -1
  555. package/.agent/templates/tasks/bug_fix.yaml +1 -1
  556. package/.agent/templates/tasks/code_implementation.yaml +1 -1
  557. package/.agent/templates/tasks/refactor.yaml +1 -1
  558. package/.agent/templates/test-report.md +1 -1
  559. package/.agent/workflows/code.md +22 -1
  560. package/.agent/workflows/deploy.md +5 -1
  561. package/.agent/workflows/e2e.md +112 -0
  562. package/.agent/workflows/fix.md +1 -1
  563. package/.agent/workflows/prompt.md +325 -0
  564. package/.agent/workflows/scaffold.md +1 -1
  565. package/.agent/workflows/tdd.md +108 -0
  566. package/.agent/workflows/verify.md +116 -0
  567. package/.agent/workflows/visualize.md +50 -18
  568. package/dist/commands/add.d.ts.map +1 -1
  569. package/dist/commands/add.js +9 -1
  570. package/dist/commands/add.js.map +1 -1
  571. package/dist/commands/config.d.ts.map +1 -1
  572. package/dist/commands/config.js +24 -8
  573. package/dist/commands/config.js.map +1 -1
  574. package/dist/commands/hsa.d.ts.map +1 -1
  575. package/dist/commands/hsa.js +106 -20
  576. package/dist/commands/hsa.js.map +1 -1
  577. package/dist/commands/init.d.ts.map +1 -1
  578. package/dist/commands/init.js +65 -61
  579. package/dist/commands/init.js.map +1 -1
  580. package/dist/commands/install-core.d.ts +2 -1
  581. package/dist/commands/install-core.d.ts.map +1 -1
  582. package/dist/commands/install-core.js +43 -16
  583. package/dist/commands/install-core.js.map +1 -1
  584. package/dist/commands/install-helpers.d.ts.map +1 -1
  585. package/dist/commands/install-helpers.js +23 -2
  586. package/dist/commands/install-helpers.js.map +1 -1
  587. package/dist/commands/install-hsa.d.ts +2 -5
  588. package/dist/commands/install-hsa.d.ts.map +1 -1
  589. package/dist/commands/install-hsa.js +2 -5
  590. package/dist/commands/install-hsa.js.map +1 -1
  591. package/dist/commands/install.d.ts +27 -0
  592. package/dist/commands/install.d.ts.map +1 -1
  593. package/dist/commands/install.js +68 -20
  594. package/dist/commands/install.js.map +1 -1
  595. package/dist/commands/list.d.ts.map +1 -1
  596. package/dist/commands/list.js +2 -1
  597. package/dist/commands/list.js.map +1 -1
  598. package/dist/commands/mcp-registry.d.ts +24 -9
  599. package/dist/commands/mcp-registry.d.ts.map +1 -1
  600. package/dist/commands/mcp-registry.js +39 -57
  601. package/dist/commands/mcp-registry.js.map +1 -1
  602. package/dist/commands/mcp-writers.d.ts.map +1 -1
  603. package/dist/commands/mcp-writers.js +6 -5
  604. package/dist/commands/mcp-writers.js.map +1 -1
  605. package/dist/commands/mcp.d.ts +1 -1
  606. package/dist/commands/mcp.d.ts.map +1 -1
  607. package/dist/commands/mcp.js +37 -9
  608. package/dist/commands/mcp.js.map +1 -1
  609. package/dist/commands/update.d.ts.map +1 -1
  610. package/dist/commands/update.js +16 -6
  611. package/dist/commands/update.js.map +1 -1
  612. package/dist/constants/cursor-globs.d.ts.map +1 -1
  613. package/dist/constants/cursor-globs.js +0 -6
  614. package/dist/constants/cursor-globs.js.map +1 -1
  615. package/dist/constants/ide-install-specs.js +2 -2
  616. package/dist/constants.d.ts +3 -3
  617. package/dist/constants.d.ts.map +1 -1
  618. package/dist/constants.js +3 -3
  619. package/dist/constants.js.map +1 -1
  620. package/dist/index.d.ts.map +1 -1
  621. package/dist/index.js +1 -9
  622. package/dist/index.js.map +1 -1
  623. package/dist/types/ide-install.js +1 -1
  624. package/dist/utils/copy-helpers.d.ts +7 -2
  625. package/dist/utils/copy-helpers.d.ts.map +1 -1
  626. package/dist/utils/copy-helpers.js +56 -42
  627. package/dist/utils/copy-helpers.js.map +1 -1
  628. package/dist/utils/install-manifest.d.ts +12 -0
  629. package/dist/utils/install-manifest.d.ts.map +1 -0
  630. package/dist/utils/install-manifest.js +26 -0
  631. package/dist/utils/install-manifest.js.map +1 -0
  632. package/dist/utils/validation.d.ts.map +1 -1
  633. package/dist/utils/validation.js +31 -1
  634. package/dist/utils/validation.js.map +1 -1
  635. package/package.json +1 -1
  636. package/.agent/core/embeddings.json +0 -2004
  637. package/.agent/core/session_cache.json +0 -50
  638. package/.agent/skills/cross-cutting/aws/META.yaml +0 -75
  639. package/.agent/skills/cross-cutting/ci-cd/META.yaml +0 -60
  640. package/.agent/skills/cross-cutting/docker/META.yaml +0 -65
  641. package/.agent/skills/cross-cutting/kubernetes/META.yaml +0 -70
  642. package/.agent/skills/cross-cutting/ui-ux-pro-max/SKILL.md +0 -565
  643. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/charts.yaml +0 -331
  644. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/colors.yaml +0 -1226
  645. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-decision.yaml +0 -287
  646. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/component-mapping.yaml +0 -318
  647. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/design-tokens.yaml +0 -525
  648. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-animation.yaml +0 -232
  649. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/desktop-architecture.yaml +0 -140
  650. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/directory-structure.yaml +0 -75
  651. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/icons.yaml +0 -918
  652. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/implementation-strategy.yaml +0 -107
  653. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/landing.yaml +0 -372
  654. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-frameworks.yaml +0 -195
  655. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/platform-guidelines.yaml +0 -177
  656. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/products.yaml +0 -1339
  657. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/prompts.yaml +0 -180
  658. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/react-performance.yaml +0 -504
  659. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/desktop.yaml +0 -228
  660. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/flutter.yaml +0 -508
  661. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/html-tailwind.yaml +0 -543
  662. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nextjs.yaml +0 -515
  663. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxt-ui.yaml +0 -519
  664. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/nuxtjs.yaml +0 -599
  665. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react-native.yaml +0 -496
  666. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/react.yaml +0 -526
  667. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/shadcn.yaml +0 -616
  668. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/svelte.yaml +0 -520
  669. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/swiftui.yaml +0 -486
  670. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/stacks/vue.yaml +0 -485
  671. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/styles.yaml +0 -1473
  672. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/typography.yaml +0 -647
  673. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ui-reasoning.yaml +0 -1019
  674. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/ux-guidelines.yaml +0 -1009
  675. package/.agent/skills/cross-cutting/ui-ux-pro-max/data/web-interface.yaml +0 -347
  676. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-310.pyc +0 -0
  677. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/core.cpython-314.pyc +0 -0
  678. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/__pycache__/design_system.cpython-314.pyc +0 -0
  679. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core.py +0 -393
  680. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/core_legacy.py +0 -303
  681. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/design_system.py +0 -496
  682. package/.agent/skills/cross-cutting/ui-ux-pro-max/scripts/search.py +0 -76
  683. package/.agent/skills/devops/aws/ADVANCED.md +0 -547
  684. package/.agent/skills/devops/aws/SKILL.md +0 -711
  685. package/.agent/skills/devops/ci-cd/ADVANCED.md +0 -529
  686. package/.agent/skills/devops/ci-cd/SKILL.md +0 -821
  687. package/.agent/skills/devops/docker/ADVANCED.md +0 -495
  688. package/.agent/skills/devops/docker/SKILL.md +0 -653
  689. package/.agent/skills/devops/kubernetes/ADVANCED.md +0 -252
  690. package/.agent/skills/devops/kubernetes/SKILL.md +0 -621
  691. /package/.agent/core/{ARCH_REGISTRY.yaml → reference/ARCH_REGISTRY.yaml} +0 -0
  692. /package/.agent/core/{BRANDING.yaml → reference/BRANDING.yaml} +0 -0
  693. /package/.agent/core/{HSA.yaml → reference/HSA.yaml} +0 -0
  694. /package/.agent/core/{TEMPLATES.yaml → reference/TEMPLATES.yaml} +0 -0
  695. /package/.agent/rules/{incremental-changes.md → archive/incremental-changes.md} +0 -0
  696. /package/.agent/rules/{shell-commands.md → archive/shell-commands.md} +0 -0
  697. /package/.agent/skills/{cross-cutting → devops}/aws/data/ai_ml.yaml +0 -0
  698. /package/.agent/skills/{cross-cutting → devops}/aws/data/compute.yaml +0 -0
  699. /package/.agent/skills/{cross-cutting → devops}/aws/data/kubernetes.yaml +0 -0
  700. /package/.agent/skills/{cross-cutting → devops}/aws/data/storage.yaml +0 -0
  701. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/github_actions.yaml +0 -0
  702. /package/.agent/skills/{cross-cutting → devops}/ci-cd/data/security.yaml +0 -0
  703. /package/.agent/skills/{cross-cutting → devops}/docker/data/build.yaml +0 -0
  704. /package/.agent/skills/{cross-cutting → devops}/docker/data/compose.yaml +0 -0
  705. /package/.agent/skills/{cross-cutting → devops}/docker/data/security.yaml +0 -0
  706. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/networking.yaml +0 -0
  707. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/scheduling.yaml +0 -0
  708. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/security.yaml +0 -0
  709. /package/.agent/skills/{cross-cutting → devops}/kubernetes/data/workloads.yaml +0 -0
package/.agent/skills/core/security/SKILL.md CHANGED
@@ -2,7 +2,7 @@
2
2
  name: security
3
3
  detect: ["always"]
4
4
  priority: 0
5
- version: "6.1.2"
5
+ version: "6.2.1"
6
6
  ---
7
7
 
8
8
  # Security Patterns (Enhanced 2026)
@@ -13,32 +13,32 @@ version: "6.1.2"
13
13
 
14
14
  ### Core Security
15
15
 
16
- | File | Content | Records |
17
- | ------------------- | ------------------------------------- | ------- |
18
- | `owasp-top10.csv` | OWASP Top 10:2025 (NEW: Supply Chain) | 10 |
19
- | `cwe-top25.csv` | CWE Top 25:2024 (XSS now #1) | 25 |
20
- | `auth-patterns.csv` | AuthN/AuthZ patterns | 15 |
16
+ | File | Content | Records |
17
+ | -------------------- | ------------------------------------- | ------- |
18
+ | `owasp-top10.yaml` | OWASP Top 10:2025 (NEW: Supply Chain) | 10 |
19
+ | `cwe-top25.yaml` | CWE Top 25:2024 (XSS now #1) | 25 |
20
+ | `auth-patterns.yaml` | AuthN/AuthZ patterns | 15 |
21
21
 
22
22
  ### Domain-Specific Security
23
23
 
24
- | File | Content | Records |
25
- | ------------------------- | ------------------------------------- | ------- |
26
- | `network-security.csv` | TLS, DNS, GraphQL, gRPC, WebSocket | 25 |
27
- | `api-security.csv` | OWASP API Top 10:2023, JWT, OAuth | 20 |
28
- | `mobile-security.csv` | OWASP Mobile Top 10:2024, iOS/Android | 35 |
29
- | `cloud-security.csv` | AWS/Azure/GCP, K8s, IaC | 25 |
30
- | `supply-chain.csv` | SLSA, SBOM, Dependency security | 20 |
31
- | `ai-ml-security.csv` | LLM, Prompt Injection, Adversarial | 20 |
32
- | `reverse-engineering.csv` | Frida, Xposed, Play Integrity | 30 |
24
+ | File | Content | Records |
25
+ | -------------------------- | ------------------------------------- | ------- |
26
+ | `network-security.yaml` | TLS, DNS, GraphQL, gRPC, WebSocket | 25 |
27
+ | `api-security.yaml` | OWASP API Top 10:2023, JWT, OAuth | 20 |
28
+ | `mobile-security.yaml` | OWASP Mobile Top 10:2024, iOS/Android | 35 |
29
+ | `cloud-security.yaml` | AWS/Azure/GCP, K8s, IaC | 25 |
30
+ | `supply-chain.yaml` | SLSA, SBOM, Dependency security | 20 |
31
+ | `ai-ml-security.yaml` | LLM, Prompt Injection, Adversarial | 20 |
32
+ | `reverse-engineering.yaml` | Frida, Xposed, Play Integrity | 30 |
33
33
 
34
34
  ### Language-Specific
35
35
 
36
- | File | Content | Records |
37
- | ----------------------------------------- | -------------------- | ------- |
38
- | `language-specific/go-security.csv` | Go-specific patterns | 20 |
39
- | `language-specific/csharp-security.csv` | C#/.NET patterns | 20 |
40
- | `language-specific/php-security.csv` | PHP patterns | 20 |
41
- | `language-specific/solidity-security.csv` | Smart contracts | 20 |
36
+ | File | Content | Records |
37
+ | ------------------------------------------ | -------------------- | ------- |
38
+ | `language-specific/go-security.yaml` | Go-specific patterns | 20 |
39
+ | `language-specific/csharp-security.yaml` | C#/.NET patterns | 20 |
40
+ | `language-specific/php-security.yaml` | PHP patterns | 20 |
41
+ | `language-specific/solidity-security.yaml` | Smart contracts | 20 |
42
42
 
43
43
  **Total: 290+ patterns across 14 files**
44
44
 
@@ -76,7 +76,7 @@ version: "6.1.2"
76
76
 
77
77
  ## 🔥 NEW: AI/ML Security
78
78
 
79
- > See `data/ai-ml-security.csv` for 20 AI/ML threat patterns.
79
+ > See `data/ai-ml-security.yaml` for 20 AI/ML threat patterns.
80
80
 
81
81
  | ID | Vulnerability | Severity | Fix |
82
82
  | ------- | ------------------ | -------- | ------------------------------ |
@@ -114,7 +114,7 @@ def secure_llm_call(user_input: str) -> str:
114
114
 
115
115
  ## 📱 Mobile Security (OWASP 2024)
116
116
 
117
- > See `data/mobile-security.csv` for 35 mobile patterns.
117
+ > See `data/mobile-security.yaml` for 35 mobile patterns.
118
118
 
119
119
  | ID | Vulnerability | Platform | Fix |
120
120
  | --- | -------------------------------- | -------- | -------------------------- |
@@ -138,7 +138,7 @@ integrityManager.requestIntegrityToken(integrityRequest)
138
138
 
139
139
  ## ☁️ Cloud Security
140
140
 
141
- > See `data/cloud-security.csv` for 25 cloud patterns.
141
+ > See `data/cloud-security.yaml` for 25 cloud patterns.
142
142
 
143
143
  ```hcl
144
144
  # ✅ Terraform: S3 Bucket Security
@@ -168,7 +168,7 @@ resource "aws_instance" "secure" {
168
168
 
169
169
  ## 🔗 Supply Chain Security
170
170
 
171
- > See `data/supply-chain.csv` for 20 patterns.
171
+ > See `data/supply-chain.yaml` for 20 patterns.
172
172
 
173
173
  | SLSA Level | Description | Requirements |
174
174
  | ---------- | ------------- | ----------------- |
package/.agent/skills/core/security/data/ai-ml-security.yaml CHANGED
@@ -1,261 +1,261 @@
1
1
  metadata:
2
2
  skill: security
3
3
  domain: ai_ml_security
4
- version: 6.2.0
5
- updated: '2026-02-05'
6
- migrated_from: ai-ml-security.csv
4
+ version: 6.2.1
5
+ updated: "2026-02-05"
6
+ migrated_from: ai-ml-security.yaml
7
7
  patterns_count: 20
8
8
  columns:
9
- - id
10
- - name
11
- - severity
12
- - category
13
- - subcategory
14
- - description
15
- - detection_pattern
16
- - fix_pattern
17
- - languages
18
- - example_vuln
19
- - example_fix
9
+ - id
10
+ - name
11
+ - severity
12
+ - category
13
+ - subcategory
14
+ - description
15
+ - detection_pattern
16
+ - fix_pattern
17
+ - languages
18
+ - example_vuln
19
+ - example_fix
20
20
  patterns:
21
- - id: AIML-01
22
- name: Prompt Injection
23
- severity: CRITICAL
24
- category: LLM
25
- subcategory: Input
26
- description: Malicious prompts manipulate LLM behavior via user input
27
- detection_pattern: (prompt.*user|input.*llm|openai.*messages)(?!.*sanitize|filter)
28
- fix_pattern: Sanitize user input use system prompts defensively
29
- languages:
30
- - python
31
- - javascript
32
- - typescript
33
- example_vuln: 'messages = [{''role'': ''user'', ''content'': user_input}]'
34
- example_fix: 'messages = [{''role'': ''system'', ''content'': STRICT_SYSTEM_PROMPT},\n{''role'': ''user'', ''content'': sanitize(user_input)}]'
35
- - id: AIML-02
36
- name: Indirect Prompt Injection
37
- severity: CRITICAL
38
- category: LLM
39
- subcategory: Input
40
- description: LLM processes external content containing hidden instructions
41
- detection_pattern: (fetch.*url|read.*document|web.*search).*llm(?!.*strip|clean)
42
- fix_pattern: Scan and sanitize all external content before LLM processing
43
- languages:
44
- - python
45
- - javascript
46
- example_vuln: doc = fetch(url)\nresponse = llm.complete(doc)
47
- example_fix: doc = fetch(url)\ncleaned = strip_instructions(doc)\nresponse = llm.complete(cleaned)
48
- - id: AIML-03
49
- name: Jailbreaking Vulnerability
50
- severity: HIGH
51
- category: LLM
52
- subcategory: Safety
53
- description: System prompts can be bypassed with crafted inputs
54
- detection_pattern: (system.*prompt|instruction)(?!.*guard|check)
55
- fix_pattern: Use prompt injection detection and content filtering
56
- languages:
57
- - python
58
- - javascript
59
- example_vuln: system = 'Be helpful'\nllm.chat(user_input)
60
- example_fix: 'if detect_jailbreak(user_input): reject()\nif not content_policy_check(response): filter()'
61
- - id: AIML-04
62
- name: Training Data Poisoning
63
- severity: CRITICAL
64
- category: ML
65
- subcategory: Training
66
- description: Malicious data injected into training datasets
67
- detection_pattern: (train|fit|fine_tune).*data(?!.*validate|verify)
68
- fix_pattern: Validate training data verify sources implement data provenance
69
- languages: python
70
- example_vuln: model.train(user_data)
71
- example_fix: validated = validate_samples(user_data)\nmodel.train(validated)
72
- - id: AIML-05
73
- name: Model Extraction Attack
74
- severity: HIGH
75
- category: ML
76
- subcategory: Model
77
- description: API allows extraction of model weights or architecture
78
- detection_pattern: (model|weights).*api(?!.*rate.*limit|auth)
79
- fix_pattern: Implement rate limiting watermarking query detection
80
- languages:
81
- - python
82
- - javascript
83
- example_vuln: '@app.route(''/predict'')\ndef predict(input): return model(input).tolist()'
84
- example_fix: '@app.route(''/predict'')\n@rate_limit(100/hour)\n@detect_extraction\ndef predict(input): return {''result'': label} # No raw logits'
85
- - id: AIML-06
86
- name: Model Inversion Attack
87
- severity: HIGH
88
- category: ML
89
- subcategory: Privacy
90
- description: Model predictions leak training data information
91
- detection_pattern: (predict|confidence).*return(?!.*quantize|noise)
92
- fix_pattern: Return only top-K predictions add noise to outputs
93
- languages: python
94
- example_vuln: 'return {''probs'': model(x).numpy()}'
95
- example_fix: 'return {''label'': top_prediction} # No raw probabilities'
96
- - id: AIML-07
97
- name: Adversarial Input Attack
98
- severity: HIGH
99
- category: ML
100
- subcategory: Robustness
101
- description: Model vulnerable to crafted inputs causing misclassification
102
- detection_pattern: (model\\.predict|classify)(?!.*adversarial|robust)
103
- fix_pattern: Implement adversarial training input preprocessing
104
- languages: python
105
- example_vuln: prediction = model.predict(image)
106
- example_fix: prediction = model.predict(preprocess_defense(image))
107
- - id: AIML-08
108
- name: Insecure Model Loading
109
- severity: CRITICAL
110
- category: ML
111
- subcategory: Runtime
112
- description: Model loaded from untrusted source without verification
113
- detection_pattern: (pickle\\.load|torch\\.load|load_model)(?!.*verify|trusted)
114
- fix_pattern: Verify model signatures use safetensors format
115
- languages: python
116
- example_vuln: 'model = torch.load(''model.pkl'') # Arbitrary code exec'
117
- example_fix: model = safetensors.torch.load_file('model.safetensors')
118
- - id: AIML-09
119
- name: LLM Data Leakage
120
- severity: CRITICAL
121
- category: LLM
122
- subcategory: Privacy
123
- description: LLM returns sensitive data from training or context
124
- detection_pattern: (context|rag).*(?!.*filter|redact).*response
125
- fix_pattern: Filter sensitive data from context and responses
126
- languages:
127
- - python
128
- - javascript
129
- example_vuln: response = llm.chat(context=all_documents)
130
- example_fix: filtered_context = redact_pii(documents)\nresponse = pii_filter(llm.chat(context=filtered_context))
131
- - id: AIML-10
132
- name: Insecure AI Output Handling
133
- severity: HIGH
134
- category: LLM
135
- subcategory: Integration
136
- description: LLM output used without validation in code execution
137
- detection_pattern: (llm|gpt|claude).*response.*eval|exec(?!.*sandbox)
138
- fix_pattern: Validate and sandbox all AI-generated code
139
- languages:
140
- - python
141
- - javascript
142
- example_vuln: code = llm.generate_code()\nexec(code)
143
- example_fix: code = llm.generate_code()\nif validate_syntax(code):\n run_sandboxed(code)
144
- - id: AIML-11
145
- name: Excessive Agency
146
- severity: HIGH
147
- category: LLM
148
- subcategory: Safety
149
- description: LLM has too many capabilities without human oversight
150
- detection_pattern: (tools|functions).*(?!.*approval|confirm).*execute
151
- fix_pattern: Require human approval for sensitive operations
152
- languages:
153
- - python
154
- - javascript
155
- example_vuln: tools = [delete_file, send_email, api_call]\nllm.run(tools)
156
- example_fix: tools = [read_only_tools]\nif action.is_sensitive:\n await require_approval()
157
- - id: AIML-12
158
- name: RAG Poisoning
159
- severity: HIGH
160
- category: LLM
161
- subcategory: RAG
162
- description: Retrieval-Augmented Generation with untrusted sources
163
- detection_pattern: (vector\\.search|rag).*external(?!.*trust|verify)
164
- fix_pattern: Validate and score RAG sources filter untrusted content
165
- languages: python
166
- example_vuln: 'docs = vectordb.search(query) # Any source'
167
- example_fix: docs = vectordb.search(query)\ntrusted = [d for d in docs if d.source in TRUSTED]
168
- - id: AIML-13
169
- name: Embedding Leakage
170
- severity: MEDIUM
171
- category: ML
172
- subcategory: Privacy
173
- description: Embeddings expose sensitive information from inputs
174
- detection_pattern: (embed|encode).*return(?!.*noise|truncate)
175
- fix_pattern: Add differential privacy noise to embeddings
176
- languages: python
177
- example_vuln: 'return model.encode(text) # Full embedding'
178
- example_fix: 'return add_noise(model.encode(text)[:128]) # Truncated & noised'
179
- - id: AIML-14
180
- name: AI Supply Chain Risk
181
- severity: HIGH
182
- category: ML
183
- subcategory: Supply
184
- description: Using untrusted models from public hubs without verification
185
- detection_pattern: (huggingface|modelzoo|download)(?!.*verify|scan)
186
- fix_pattern: Scan models for backdoors verify provenance signatures
187
- languages: python
188
- example_vuln: model = AutoModel.from_pretrained('random/model')
189
- example_fix: model = AutoModel.from_pretrained('verified-org/model')\nverify_signature(model)
190
- - id: AIML-15
191
- name: Missing AI Guardrails
192
- severity: HIGH
193
- category: LLM
194
- subcategory: Safety
195
- description: LLM deployed without content safety guardrails
196
- detection_pattern: (llm|chat|complete)(?!.*guard|moderate|filter)
197
- fix_pattern: Implement input and output content moderation
198
- languages:
199
- - python
200
- - javascript
201
- example_vuln: response = llm.complete(prompt)
202
- example_fix: 'if not is_safe(prompt): reject()\nresponse = llm.complete(prompt)\nif not is_safe(response): filter()'
203
- - id: AIML-16
204
- name: Bias Exploitation
205
- severity: MEDIUM
206
- category: ML
207
- subcategory: Fairness
208
- description: Model biases exploited for adversarial purposes
209
- detection_pattern: (predict|classify)(?!.*fairness|bias.*check)
210
- fix_pattern: Monitor for demographic bias implement fairness checks
211
- languages: python
212
- example_vuln: result = model.predict(input)
213
- example_fix: 'result = model.predict(input)\nif bias_detected(result): flag_for_review()'
214
- - id: AIML-17
215
- name: Denial of Wallet
216
- severity: HIGH
217
- category: LLM
218
- subcategory: Resource
219
- description: Expensive AI operations triggered without limits
220
- detection_pattern: (openai|anthropic)\\.(?!.*budget|limit)
221
- fix_pattern: Implement token budgets and cost controls
222
- languages:
223
- - python
224
- - javascript
225
- example_vuln: 'response = openai.chat(messages) # No limits'
226
- example_fix: 'if token_count(messages) > MAX_TOKENS: reject()\nwith budget_limit(max_cost=1.0):\n response = openai.chat(messages)'
227
- - id: AIML-18
228
- name: Shadow AI Usage
229
- severity: MEDIUM
230
- category: Compliance
231
- subcategory: Governance
232
- description: Unauthorized AI tools used in production without approval
233
- detection_pattern: (openai|claude|gemini)(?!.*approved|registered)
234
- fix_pattern: Register and approve all AI services audit usage
235
- languages:
236
- - python
237
- - javascript
238
- example_vuln: '# Using ChatGPT for code review without approval'
239
- example_fix: '# Only use company-approved AI services\n# Log all AI usage for audit'
240
- - id: AIML-19
241
- name: Feature Extraction Leak
242
- severity: MEDIUM
243
- category: ML
244
- subcategory: Privacy
245
- description: Model features reveal sensitive attribute information
246
- detection_pattern: (features|encode).*user(?!.*anonymize)
247
- fix_pattern: Anonymize features remove identifying attributes
248
- languages: python
249
- example_vuln: features = extract_features(user_data)
250
- example_fix: features = anonymize(extract_features(mask_pii(user_data)))
251
- - id: AIML-20
252
- name: Membership Inference
253
- severity: HIGH
254
- category: ML
255
- subcategory: Privacy
256
- description: Model reveals whether data was used in training
257
- detection_pattern: (predict|probability).*return(?!.*defend)
258
- fix_pattern: Apply differential privacy or output perturbation
259
- languages: python
260
- example_vuln: return model.predict_proba(x)
261
- example_fix: return defend_membership_inference(model.predict(x))
21
+ - id: AIML-01
22
+ name: Prompt Injection
23
+ severity: CRITICAL
24
+ category: LLM
25
+ subcategory: Input
26
+ description: Malicious prompts manipulate LLM behavior via user input
27
+ detection_pattern: (prompt.*user|input.*llm|openai.*messages)(?!.*sanitize|filter)
28
+ fix_pattern: Sanitize user input use system prompts defensively
29
+ languages:
30
+ - python
31
+ - javascript
32
+ - typescript
33
+ example_vuln: "messages = [{'role': 'user', 'content': user_input}]"
34
+ example_fix: 'messages = [{''role'': ''system'', ''content'': STRICT_SYSTEM_PROMPT},\n{''role'': ''user'', ''content'': sanitize(user_input)}]'
35
+ - id: AIML-02
36
+ name: Indirect Prompt Injection
37
+ severity: CRITICAL
38
+ category: LLM
39
+ subcategory: Input
40
+ description: LLM processes external content containing hidden instructions
41
+ detection_pattern: (fetch.*url|read.*document|web.*search).*llm(?!.*strip|clean)
42
+ fix_pattern: Scan and sanitize all external content before LLM processing
43
+ languages:
44
+ - python
45
+ - javascript
46
+ example_vuln: doc = fetch(url)\nresponse = llm.complete(doc)
47
+ example_fix: doc = fetch(url)\ncleaned = strip_instructions(doc)\nresponse = llm.complete(cleaned)
48
+ - id: AIML-03
49
+ name: Jailbreaking Vulnerability
50
+ severity: HIGH
51
+ category: LLM
52
+ subcategory: Safety
53
+ description: System prompts can be bypassed with crafted inputs
54
+ detection_pattern: (system.*prompt|instruction)(?!.*guard|check)
55
+ fix_pattern: Use prompt injection detection and content filtering
56
+ languages:
57
+ - python
58
+ - javascript
59
+ example_vuln: system = 'Be helpful'\nllm.chat(user_input)
60
+ example_fix: 'if detect_jailbreak(user_input): reject()\nif not content_policy_check(response): filter()'
61
+ - id: AIML-04
62
+ name: Training Data Poisoning
63
+ severity: CRITICAL
64
+ category: ML
65
+ subcategory: Training
66
+ description: Malicious data injected into training datasets
67
+ detection_pattern: (train|fit|fine_tune).*data(?!.*validate|verify)
68
+ fix_pattern: Validate training data verify sources implement data provenance
69
+ languages: python
70
+ example_vuln: model.train(user_data)
71
+ example_fix: validated = validate_samples(user_data)\nmodel.train(validated)
72
+ - id: AIML-05
73
+ name: Model Extraction Attack
74
+ severity: HIGH
75
+ category: ML
76
+ subcategory: Model
77
+ description: API allows extraction of model weights or architecture
78
+ detection_pattern: (model|weights).*api(?!.*rate.*limit|auth)
79
+ fix_pattern: Implement rate limiting watermarking query detection
80
+ languages:
81
+ - python
82
+ - javascript
83
+ example_vuln: '@app.route(''/predict'')\ndef predict(input): return model(input).tolist()'
84
+ example_fix: '@app.route(''/predict'')\n@rate_limit(100/hour)\n@detect_extraction\ndef predict(input): return {''result'': label} # No raw logits'
85
+ - id: AIML-06
86
+ name: Model Inversion Attack
87
+ severity: HIGH
88
+ category: ML
89
+ subcategory: Privacy
90
+ description: Model predictions leak training data information
91
+ detection_pattern: (predict|confidence).*return(?!.*quantize|noise)
92
+ fix_pattern: Return only top-K predictions add noise to outputs
93
+ languages: python
94
+ example_vuln: "return {'probs': model(x).numpy()}"
95
+ example_fix: "return {'label': top_prediction} # No raw probabilities"
96
+ - id: AIML-07
97
+ name: Adversarial Input Attack
98
+ severity: HIGH
99
+ category: ML
100
+ subcategory: Robustness
101
+ description: Model vulnerable to crafted inputs causing misclassification
102
+ detection_pattern: (model\\.predict|classify)(?!.*adversarial|robust)
103
+ fix_pattern: Implement adversarial training input preprocessing
104
+ languages: python
105
+ example_vuln: prediction = model.predict(image)
106
+ example_fix: prediction = model.predict(preprocess_defense(image))
107
+ - id: AIML-08
108
+ name: Insecure Model Loading
109
+ severity: CRITICAL
110
+ category: ML
111
+ subcategory: Runtime
112
+ description: Model loaded from untrusted source without verification
113
+ detection_pattern: (pickle\\.load|torch\\.load|load_model)(?!.*verify|trusted)
114
+ fix_pattern: Verify model signatures use safetensors format
115
+ languages: python
116
+ example_vuln: "model = torch.load('model.pkl') # Arbitrary code exec"
117
+ example_fix: model = safetensors.torch.load_file('model.safetensors')
118
+ - id: AIML-09
119
+ name: LLM Data Leakage
120
+ severity: CRITICAL
121
+ category: LLM
122
+ subcategory: Privacy
123
+ description: LLM returns sensitive data from training or context
124
+ detection_pattern: (context|rag).*(?!.*filter|redact).*response
125
+ fix_pattern: Filter sensitive data from context and responses
126
+ languages:
127
+ - python
128
+ - javascript
129
+ example_vuln: response = llm.chat(context=all_documents)
130
+ example_fix: filtered_context = redact_pii(documents)\nresponse = pii_filter(llm.chat(context=filtered_context))
131
+ - id: AIML-10
132
+ name: Insecure AI Output Handling
133
+ severity: HIGH
134
+ category: LLM
135
+ subcategory: Integration
136
+ description: LLM output used without validation in code execution
137
+ detection_pattern: (llm|gpt|claude).*response.*eval|exec(?!.*sandbox)
138
+ fix_pattern: Validate and sandbox all AI-generated code
139
+ languages:
140
+ - python
141
+ - javascript
142
+ example_vuln: code = llm.generate_code()\nexec(code)
143
+ example_fix: code = llm.generate_code()\nif validate_syntax(code):\n run_sandboxed(code)
144
+ - id: AIML-11
145
+ name: Excessive Agency
146
+ severity: HIGH
147
+ category: LLM
148
+ subcategory: Safety
149
+ description: LLM has too many capabilities without human oversight
150
+ detection_pattern: (tools|functions).*(?!.*approval|confirm).*execute
151
+ fix_pattern: Require human approval for sensitive operations
152
+ languages:
153
+ - python
154
+ - javascript
155
+ example_vuln: tools = [delete_file, send_email, api_call]\nllm.run(tools)
156
+ example_fix: tools = [read_only_tools]\nif action.is_sensitive:\n await require_approval()
157
+ - id: AIML-12
158
+ name: RAG Poisoning
159
+ severity: HIGH
160
+ category: LLM
161
+ subcategory: RAG
162
+ description: Retrieval-Augmented Generation with untrusted sources
163
+ detection_pattern: (vector\\.search|rag).*external(?!.*trust|verify)
164
+ fix_pattern: Validate and score RAG sources filter untrusted content
165
+ languages: python
166
+ example_vuln: "docs = vectordb.search(query) # Any source"
167
+ example_fix: docs = vectordb.search(query)\ntrusted = [d for d in docs if d.source in TRUSTED]
168
+ - id: AIML-13
169
+ name: Embedding Leakage
170
+ severity: MEDIUM
171
+ category: ML
172
+ subcategory: Privacy
173
+ description: Embeddings expose sensitive information from inputs
174
+ detection_pattern: (embed|encode).*return(?!.*noise|truncate)
175
+ fix_pattern: Add differential privacy noise to embeddings
176
+ languages: python
177
+ example_vuln: "return model.encode(text) # Full embedding"
178
+ example_fix: "return add_noise(model.encode(text)[:128]) # Truncated & noised"
179
+ - id: AIML-14
180
+ name: AI Supply Chain Risk
181
+ severity: HIGH
182
+ category: ML
183
+ subcategory: Supply
184
+ description: Using untrusted models from public hubs without verification
185
+ detection_pattern: (huggingface|modelzoo|download)(?!.*verify|scan)
186
+ fix_pattern: Scan models for backdoors verify provenance signatures
187
+ languages: python
188
+ example_vuln: model = AutoModel.from_pretrained('random/model')
189
+ example_fix: model = AutoModel.from_pretrained('verified-org/model')\nverify_signature(model)
190
+ - id: AIML-15
191
+ name: Missing AI Guardrails
192
+ severity: HIGH
193
+ category: LLM
194
+ subcategory: Safety
195
+ description: LLM deployed without content safety guardrails
196
+ detection_pattern: (llm|chat|complete)(?!.*guard|moderate|filter)
197
+ fix_pattern: Implement input and output content moderation
198
+ languages:
199
+ - python
200
+ - javascript
201
+ example_vuln: response = llm.complete(prompt)
202
+ example_fix: 'if not is_safe(prompt): reject()\nresponse = llm.complete(prompt)\nif not is_safe(response): filter()'
203
+ - id: AIML-16
204
+ name: Bias Exploitation
205
+ severity: MEDIUM
206
+ category: ML
207
+ subcategory: Fairness
208
+ description: Model biases exploited for adversarial purposes
209
+ detection_pattern: (predict|classify)(?!.*fairness|bias.*check)
210
+ fix_pattern: Monitor for demographic bias implement fairness checks
211
+ languages: python
212
+ example_vuln: result = model.predict(input)
213
+ example_fix: 'result = model.predict(input)\nif bias_detected(result): flag_for_review()'
214
+ - id: AIML-17
215
+ name: Denial of Wallet
216
+ severity: HIGH
217
+ category: LLM
218
+ subcategory: Resource
219
+ description: Expensive AI operations triggered without limits
220
+ detection_pattern: (openai|anthropic)\\.(?!.*budget|limit)
221
+ fix_pattern: Implement token budgets and cost controls
222
+ languages:
223
+ - python
224
+ - javascript
225
+ example_vuln: "response = openai.chat(messages) # No limits"
226
+ example_fix: 'if token_count(messages) > MAX_TOKENS: reject()\nwith budget_limit(max_cost=1.0):\n response = openai.chat(messages)'
227
+ - id: AIML-18
228
+ name: Shadow AI Usage
229
+ severity: MEDIUM
230
+ category: Compliance
231
+ subcategory: Governance
232
+ description: Unauthorized AI tools used in production without approval
233
+ detection_pattern: (openai|claude|gemini)(?!.*approved|registered)
234
+ fix_pattern: Register and approve all AI services audit usage
235
+ languages:
236
+ - python
237
+ - javascript
238
+ example_vuln: "# Using ChatGPT for code review without approval"
239
+ example_fix: '# Only use company-approved AI services\n# Log all AI usage for audit'
240
+ - id: AIML-19
241
+ name: Feature Extraction Leak
242
+ severity: MEDIUM
243
+ category: ML
244
+ subcategory: Privacy
245
+ description: Model features reveal sensitive attribute information
246
+ detection_pattern: (features|encode).*user(?!.*anonymize)
247
+ fix_pattern: Anonymize features remove identifying attributes
248
+ languages: python
249
+ example_vuln: features = extract_features(user_data)
250
+ example_fix: features = anonymize(extract_features(mask_pii(user_data)))
251
+ - id: AIML-20
252
+ name: Membership Inference
253
+ severity: HIGH
254
+ category: ML
255
+ subcategory: Privacy
256
+ description: Model reveals whether data was used in training
257
+ detection_pattern: (predict|probability).*return(?!.*defend)
258
+ fix_pattern: Apply differential privacy or output perturbation
259
+ languages: python
260
+ example_vuln: return model.predict_proba(x)
261
+ example_fix: return defend_membership_inference(model.predict(x))